[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 37/53] block/nfs: limit maximum readahead size to 1M
|
From: |
Michael Roth |
|
Subject: |
[Qemu-devel] [PATCH 37/53] block/nfs: limit maximum readahead size to 1MB |
|
Date: |
Thu, 30 Jul 2015 06:32:52 -0500 |
From: Peter Lieven <address@hidden>
a malicious caller could otherwise specify a very
large value via the URI and force libnfs to allocate
a large amount of memory for the readahead buffer.
Cc: address@hidden
Signed-off-by: Peter Lieven <address@hidden>
Message-id: address@hidden
Signed-off-by: Stefan Hajnoczi <address@hidden>
(cherry picked from commit 29c838cdc96c4d117f00c75bbcb941e1be9590fb)
Signed-off-by: Michael Roth <address@hidden>
---
block/nfs.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/block/nfs.c b/block/nfs.c
index ca9e24e..c026ff6 100644
--- a/block/nfs.c
+++ b/block/nfs.c
@@ -35,6 +35,8 @@
#include "sysemu/sysemu.h"
#include <nfsc/libnfs.h>
+#define QEMU_NFS_MAX_READAHEAD_SIZE 1048576
+
typedef struct NFSClient {
struct nfs_context *context;
struct nfsfh *fh;
@@ -327,6 +329,11 @@ static int64_t nfs_client_open(NFSClient *client, const
char *filename,
nfs_set_tcp_syncnt(client->context, val);
#ifdef LIBNFS_FEATURE_READAHEAD
} else if (!strcmp(qp->p[i].name, "readahead")) {
+ if (val > QEMU_NFS_MAX_READAHEAD_SIZE) {
+ error_report("NFS Warning: Truncating NFS readahead"
+ " size to %d", QEMU_NFS_MAX_READAHEAD_SIZE);
+ val = QEMU_NFS_MAX_READAHEAD_SIZE;
+ }
nfs_set_readahead(client->context, val);
#endif
} else {
--
1.9.1
- [Qemu-devel] [PATCH 27/53] vhost: correctly pass error to caller in vhost_dev_enable_notifiers(), (continued)
- [Qemu-devel] [PATCH 27/53] vhost: correctly pass error to caller in vhost_dev_enable_notifiers(), Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 28/53] virtio-ccw: complete handling of guest-initiated resets, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 29/53] block: Add bdrv_get_block_status_above, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 32/53] block: Fix dirty bitmap in bdrv_co_discard, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 34/53] qemu-iotests: Add test case for mirror with unmap, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 31/53] mirror: Do zero write on target if sectors not allocated, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 33/53] qemu-iotests: Make block job methods common, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 30/53] qmp: Add optional bool "unmap" to drive-mirror, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 36/53] iotests: add QMP event waiting queue, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 35/53] iotests: Use event_wait in wait_ready, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 37/53] block/nfs: limit maximum readahead size to 1MB,
Michael Roth <=
- [Qemu-devel] [PATCH 38/53] s390x/ipl: Fix boot if no bootindex was specified, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 03/53] Strip brackets from vnc host, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 39/53] spapr_vty: lookup should only return valid VTY objects, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 42/53] block: Initialize local_err in bdrv_append_temp_snapshot, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 43/53] mips/kvm: Fix Big endian 32-bit register access, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 02/53] block/iscsi: do not forget to logout from target, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 45/53] vfio/pci: Fix RTL8168 NIC quirks, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 46/53] virtio-net: unbreak any layout, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 44/53] mips/kvm: Sign extend registers written to KVM, Michael Roth, 2015/07/30
- [Qemu-devel] [PATCH 40/53] target-ppc: fix hugepage support when using memory-backend-file, Michael Roth, 2015/07/30