[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL v2 for-2.1 07/22] block: Make qiov match the request
|
From: |
Kevin Wolf |
|
Subject: |
[Qemu-devel] [PULL v2 for-2.1 07/22] block: Make qiov match the request size until EOF |
|
Date: |
Mon, 14 Jul 2014 13:42:57 +0200 |
If a read request goes across EOF, the block driver sees a shortened
request that stops at EOF (the rest is memsetted in block.c), however
the original qiov was used for this request.
This patch makes the qiov size match the request size, avoiding a
potential buffer overflow in raw-posix.
Signed-off-by: Kevin Wolf <address@hidden>
Reviewed-by: Max Reitz <address@hidden>
---
block.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/block.c b/block.c
index 510430d..0143268 100644
--- a/block.c
+++ b/block.c
@@ -3054,8 +3054,20 @@ static int coroutine_fn
bdrv_aligned_preadv(BlockDriverState *bs,
max_nb_sectors = ROUND_UP(MAX(0, total_sectors - sector_num),
align >> BDRV_SECTOR_BITS);
if (max_nb_sectors > 0) {
- ret = drv->bdrv_co_readv(bs, sector_num,
- MIN(nb_sectors, max_nb_sectors), qiov);
+ QEMUIOVector local_qiov;
+ size_t local_sectors;
+
+ max_nb_sectors = MIN(max_nb_sectors, SIZE_MAX / BDRV_SECTOR_BITS);
+ local_sectors = MIN(max_nb_sectors, nb_sectors);
+
+ qemu_iovec_init(&local_qiov, qiov->niov);
+ qemu_iovec_concat(&local_qiov, qiov, 0,
+ local_sectors * BDRV_SECTOR_SIZE);
+
+ ret = drv->bdrv_co_readv(bs, sector_num, local_sectors,
+ &local_qiov);
+
+ qemu_iovec_destroy(&local_qiov);
} else {
ret = 0;
}
--
1.8.3.1
- [Qemu-devel] [PULL v2 for-2.1 00/22] Block patches for 2.1.0-rc2, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 01/22] block/backup: Fix hang for unaligned image size, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 03/22] block: prefer aio_poll to qemu_aio_wait, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 02/22] block: Fix bdrv_is_allocated() return value, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 04/22] block: drop aio functions that operate on the main AioContext, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 05/22] test-aio: fix GSource-based timer test, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 06/22] AioContext: speed up aio_notify, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 08/22] qcow2: Make qiov match request size until backing file EOF, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 09/22] qed: Make qiov match request size until backing file EOF, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 10/22] block: Assert qiov length matches request length, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 07/22] block: Make qiov match the request size until EOF,
Kevin Wolf <=
- [Qemu-devel] [PULL v2 for-2.1 11/22] virtio-blk: avoid dataplane VirtIOBlockReq early free, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 13/22] virtio-blk: avoid g_slice_new0() for VirtIOBlockReq and VirtQueueElement, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 16/22] tests: Fix unterminated string output visitor enum human string, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 12/22] dataplane: do not free VirtQueueElement in vring_push(), Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 17/22] qtest: fix vhost-user-test compilation with old GLib, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 15/22] AioContext: do not rely on aio_poll(ctx, true) result to end a loop, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 14/22] virtio-blk: embed VirtQueueElement in VirtIOBlockReq, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 18/22] dma-helpers: Fix too long qiov, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 19/22] virtio-blk: Factor common checks out of virtio_blk_handle_read/write(), Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 20/22] virtio-blk: Bypass error action and I/O accounting on invalid r/w, Kevin Wolf, 2014/07/14