[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 19/21] qemu-io: don't allow I/O operations larger tha
|
From: |
Max Reitz |
|
Subject: |
[Qemu-devel] [PULL 19/21] qemu-io: don't allow I/O operations larger than BDRV_REQUEST_MAX_BYTES |
|
Date: |
Sun, 12 Feb 2017 02:39:27 +0100 |
From: Alberto Garcia <address@hidden>
Passing a request size larger than BDRV_REQUEST_MAX_BYTES to any of the
I/O commands results in an error. While 'read' and 'write' handle the
error correctly, 'aio_read' and 'aio_write' hit an assertion:
blk_aio_read_entry: Assertion `rwco->qiov->size == acb->bytes' failed.
The reason is that the QEMU I/O code cannot handle request sizes
larger than BDRV_REQUEST_MAX_BYTES, so this patch makes qemu-io check
that all values are within range.
Signed-off-by: Alberto Garcia <address@hidden>
Message-id: address@hidden
[mreitz: Use BDRV_REQUEST_MAX_BYTES instead of INT_MAX]
Signed-off-by: Max Reitz <address@hidden>
---
qemu-io-cmds.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
index 95bcde1d88..e415b03cd0 100644
--- a/qemu-io-cmds.c
+++ b/qemu-io-cmds.c
@@ -388,9 +388,15 @@ create_iovec(BlockBackend *blk, QEMUIOVector *qiov, char
**argv, int nr_iov,
goto fail;
}
- if (len > SIZE_MAX) {
- printf("Argument '%s' exceeds maximum size %llu\n", arg,
- (unsigned long long)SIZE_MAX);
+ if (len > BDRV_REQUEST_MAX_BYTES) {
+ printf("Argument '%s' exceeds maximum size %" PRIu64 "\n", arg,
+ (uint64_t)BDRV_REQUEST_MAX_BYTES);
+ goto fail;
+ }
+
+ if (count > BDRV_REQUEST_MAX_BYTES - len) {
+ printf("The total number of bytes exceed the maximum size %" PRIu64
+ "\n", (uint64_t)BDRV_REQUEST_MAX_BYTES);
goto fail;
}
@@ -682,9 +688,9 @@ static int read_f(BlockBackend *blk, int argc, char **argv)
if (count < 0) {
print_cvtnum_err(count, argv[optind]);
return 0;
- } else if (count > SIZE_MAX) {
+ } else if (count > BDRV_REQUEST_MAX_BYTES) {
printf("length cannot exceed %" PRIu64 ", given %s\n",
- (uint64_t) SIZE_MAX, argv[optind]);
+ (uint64_t)BDRV_REQUEST_MAX_BYTES, argv[optind]);
return 0;
}
@@ -1004,9 +1010,9 @@ static int write_f(BlockBackend *blk, int argc, char
**argv)
if (count < 0) {
print_cvtnum_err(count, argv[optind]);
return 0;
- } else if (count > SIZE_MAX) {
+ } else if (count > BDRV_REQUEST_MAX_BYTES) {
printf("length cannot exceed %" PRIu64 ", given %s\n",
- (uint64_t) SIZE_MAX, argv[optind]);
+ (uint64_t)BDRV_REQUEST_MAX_BYTES, argv[optind]);
return 0;
}
--
2.11.0
- [Qemu-devel] [PULL 09/21] qemu-iotest: test to lookup protocol-based image with relative backing, (continued)
- [Qemu-devel] [PULL 10/21] block/qapi: reduce the coupling between the bdrv_query_stats and bdrv_query_bds_stats, Max Reitz, 2017/02/11
- [Qemu-devel] [PULL 11/21] block/qapi: reduce the execution time of qmp_query_blockstats, Max Reitz, 2017/02/11
- [Qemu-devel] [PULL 12/21] block: bdrv_invalidate_cache: invalidate children first, Max Reitz, 2017/02/11
- [Qemu-devel] [PULL 13/21] block/nfs: fix NULL pointer dereference in URI parsing, Max Reitz, 2017/02/11
- [Qemu-devel] [PULL 14/21] block/nfs: fix naming of runtime opts, Max Reitz, 2017/02/11
- [Qemu-devel] [PULL 16/21] qemu-iotests: Add _unsupported_fmt helper, Max Reitz, 2017/02/11
- [Qemu-devel] [PULL 15/21] qemu-io: Return non-zero exit code on failure, Max Reitz, 2017/02/11
- [Qemu-devel] [PULL 17/21] qemu-io: Add failure regression tests, Max Reitz, 2017/02/11
- [Qemu-devel] [PULL 18/21] qcow2: Optimize the refcount-block overlap check, Max Reitz, 2017/02/11
- [Qemu-devel] [PULL 19/21] qemu-io: don't allow I/O operations larger than BDRV_REQUEST_MAX_BYTES,
Max Reitz <=
- [Qemu-devel] [PULL 20/21] qemu-img: Use qemu_strtoul() rather than raw strtoul(), Max Reitz, 2017/02/11
- [Qemu-devel] [PULL 21/21] qemu-img: Avoid setting ret to unused value in img_convert(), Max Reitz, 2017/02/11
- Re: [Qemu-devel] [PULL 00/21] Block patches, Peter Maydell, 2017/02/13