Re: [Qemu-block] [PATCH 1/2] qemu-io: don't allow I/O operations larger

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-block] [PATCH 1/2] qemu-io: don't allow I/O operations larger

From:	Max Reitz
Subject:	Re: [Qemu-block] [PATCH 1/2] qemu-io: don't allow I/O operations larger than INT_MAX
Date:	Wed, 1 Feb 2017 22:36:20 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0

On 31.01.2017 17:09, Alberto Garcia wrote:
> Passing a request size larger than INT_MAX to any of the I/O commands
> results in an error. While 'read' and 'write' handle the error
> correctly, 'aio_read' and 'aio_write' hit an assertion:
> 
> blk_aio_read_entry: Assertion `rwco->qiov->size == acb->bytes' failed.
> 
> The reason is that the QEMU I/O code cannot handle request sizes
> larger than INT_MAX, so this patch makes qemu-io check that all values
> are within range.
> 
> Signed-off-by: Alberto Garcia <address@hidden>
> ---
>  qemu-io-cmds.c | 21 ++++++++++++---------
>  1 file changed, 12 insertions(+), 9 deletions(-)
> 
> diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
> index 95bcde1d88..d806a83076 100644
> --- a/qemu-io-cmds.c
> +++ b/qemu-io-cmds.c
> @@ -388,9 +388,14 @@ create_iovec(BlockBackend *blk, QEMUIOVector *qiov, char 
> **argv, int nr_iov,
>              goto fail;
>          }
>  
> -        if (len > SIZE_MAX) {
> -            printf("Argument '%s' exceeds maximum size %llu\n", arg,
> -                   (unsigned long long)SIZE_MAX);
> +        if (len > INT_MAX) {
> +            printf("Argument '%s' exceeds maximum size %d\n", arg, INT_MAX);
> +            goto fail;
> +        }
> +
> +        if (count > INT_MAX - len) {

How about using BDRV_REQUEST_MAX_BYTES instead?

(not yet in master, just in my block branch)

Max

> +            printf("The total number of bytes exceed the maximum size %d\n",
> +                   INT_MAX);
>              goto fail;
>          }
>  
> @@ -682,9 +687,8 @@ static int read_f(BlockBackend *blk, int argc, char 
> **argv)
>      if (count < 0) {
>          print_cvtnum_err(count, argv[optind]);
>          return 0;
> -    } else if (count > SIZE_MAX) {
> -        printf("length cannot exceed %" PRIu64 ", given %s\n",
> -               (uint64_t) SIZE_MAX, argv[optind]);
> +    } else if (count > INT_MAX) {
> +        printf("length cannot exceed %d, given %s\n", INT_MAX, argv[optind]);
>          return 0;
>      }
>  
> @@ -1004,9 +1008,8 @@ static int write_f(BlockBackend *blk, int argc, char 
> **argv)
>      if (count < 0) {
>          print_cvtnum_err(count, argv[optind]);
>          return 0;
> -    } else if (count > SIZE_MAX) {
> -        printf("length cannot exceed %" PRIu64 ", given %s\n",
> -               (uint64_t) SIZE_MAX, argv[optind]);
> +    } else if (count > INT_MAX) {
> +        printf("length cannot exceed %d, given %s\n", INT_MAX, argv[optind]);
>          return 0;
>      }
>  
>

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-block] [PATCH 1/2] qemu-io: don't allow I/O operations larger than INT_MAX, Max Reitz <=
- Re: [Qemu-block] [PATCH 1/2] qemu-io: don't allow I/O operations larger than INT_MAX, Alberto Garcia, 2017/02/01
- Re: [Qemu-block] [PATCH 1/2] qemu-io: don't allow I/O operations larger than INT_MAX, Max Reitz, 2017/02/01
  - Re: [Qemu-block] [PATCH 1/2] qemu-io: don't allow I/O operations larger than INT_MAX, Alberto Garcia, 2017/02/02
    - Re: [Qemu-block] [PATCH 1/2] qemu-io: don't allow I/O operations larger than INT_MAX, Max Reitz, 2017/02/03

Prev by Date: Re: [Qemu-block] [PATCH v2] qcow2: Optimize the refcount-block overlap check
Next by Date: Re: [Qemu-block] [PATCH 1/2] qemu-io: don't allow I/O operations larger than INT_MAX
Previous by thread: Re: [Qemu-block] [Qemu-devel] [PATCH v5 0/3] Fix qemu-io return value on failure
Next by thread: Re: [Qemu-block] [PATCH 1/2] qemu-io: don't allow I/O operations larger than INT_MAX
Index(es):
- Date
- Thread