Re: [PATCH for-5.2 10/10] block/export: port virtio-blk read/write range

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-5.2 10/10] block/export: port virtio-blk read/write range

From:	Max Reitz
Subject:	Re: [PATCH for-5.2 10/10] block/export: port virtio-blk read/write range check
Date:	Thu, 12 Nov 2020 16:51:29 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0

On 11.11.20 13:43, Stefan Hajnoczi wrote:

Check that the sector number and byte count are valid.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
  block/export/vhost-user-blk-server.c | 14 ++++++++++++++
  1 file changed, 14 insertions(+)

diff --git a/block/export/vhost-user-blk-server.c 
b/block/export/vhost-user-blk-server.c
index d88e41714d..6d7fd0fec3 100644
--- a/block/export/vhost-user-blk-server.c
+++ b/block/export/vhost-user-blk-server.c
@@ -214,9 +214,23 @@ static void coroutine_fn vu_blk_virtio_process_req(void 
*opaque)
          QEMUIOVector qiov;
          if (is_write) {
              qemu_iovec_init_external(&qiov, out_iov, out_num);
+
+            if (unlikely(!vu_blk_sect_range_ok(vexp, req->sector_num,
+                                               qiov.size))) {
+                req->in->status = VIRTIO_BLK_S_IOERR;
+                break;
+            }
+
              ret = blk_co_pwritev(blk, offset, qiov.size, &qiov, 0);
          } else {
              qemu_iovec_init_external(&qiov, in_iov, in_num);
+
+            if (unlikely(!vu_blk_sect_range_ok(vexp, req->sector_num,
+                                               qiov.size))) {
+                req->in->status = VIRTIO_BLK_S_IOERR;
+                break;
+            }
+
              ret = blk_co_preadv(blk, offset, qiov.size, &qiov, 0);
          }
          if (ret >= 0) {

req->sector_num is not a block layer sector, though (i.e. not a 512-bytesector); it references sectors of size vexp->blk_size (which I presumearen’t necessarily 512 bytes in length).

Second, I now understand why vu_blk_sect_range_ok() takes a byte length;but with an arbitrary length as given here, it must also round that downwhen converting that length to block layer sectors. (Or just comparethe byte length against the result of bdrv_getlength().)

Max

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH for-5.2 04/10] vhost-user-blk-test: rename destroy_drive() to destroy_file(), (continued)
- [PATCH for-5.2 05/10] vhost-user-blk-test: close fork child file descriptors, Stefan Hajnoczi, 2020/11/11
  - Re: [PATCH for-5.2 05/10] vhost-user-blk-test: close fork child file descriptors, Coiby Xu, 2020/11/24
- [PATCH for-5.2 06/10] vhost-user-blk-test: drop unused return value, Stefan Hajnoczi, 2020/11/11
- [PATCH for-5.2 07/10] vhost-user-blk-test: fix races by using fd passing, Stefan Hajnoczi, 2020/11/11
- [PATCH for-5.2 08/10] block/export: port virtio-blk discard/write zeroes input validation, Stefan Hajnoczi, 2020/11/11
  - Re: [PATCH for-5.2 08/10] block/export: port virtio-blk discard/write zeroes input validation, Max Reitz, 2020/11/12
- [PATCH for-5.2 09/10] vhost-user-blk-test: test discard/write zeroes invalid inputs, Stefan Hajnoczi, 2020/11/11
  - Re: [PATCH for-5.2 09/10] vhost-user-blk-test: test discard/write zeroes invalid inputs, Max Reitz, 2020/11/12
- [PATCH for-5.2 10/10] block/export: port virtio-blk read/write range check, Stefan Hajnoczi, 2020/11/11
  - Re: [PATCH for-5.2 10/10] block/export: port virtio-blk read/write range check, Max Reitz <=
- Re: [PATCH for-5.2 00/10] block/export: vhost-user-blk server tests and input validation, Michael S. Tsirkin, 2020/11/17

Prev by Date: Re: [PATCH v2 1/1] register: Remove unnecessary NULL check
Next by Date: Re: [PATCH] target/i386: avoid theoretical leak on MCE injection
Previous by thread: [PATCH for-5.2 10/10] block/export: port virtio-blk read/write range check
Next by thread: Re: [PATCH for-5.2 00/10] block/export: vhost-user-blk server tests and input validation
Index(es):
- Date
- Thread