[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PULL v3 06/28] block/export: vhost-user block device backend server
|
From: |
Peter Maydell |
|
Subject: |
Re: [PULL v3 06/28] block/export: vhost-user block device backend server |
|
Date: |
Mon, 2 Nov 2020 17:55:38 +0000 |
On Fri, 23 Oct 2020 at 16:22, Stefan Hajnoczi <stefanha@redhat.com> wrote:
>
> From: Coiby Xu <coiby.xu@gmail.com>
>
> By making use of libvhost-user, block device drive can be shared to
> the connected vhost-user client. Only one client can connect to the
> server one time.
>
> Since vhost-user-server needs a block drive to be created first, delay
> the creation of this object.
Hi; Coverity points out a possible bug in this function
(CID 1435956):
> +static int coroutine_fn
> +vu_block_discard_write_zeroes(VuBlockReq *req, struct iovec *iov,
> + uint32_t iovcnt, uint32_t type)
> +{
> + struct virtio_blk_discard_write_zeroes desc;
> + ssize_t size = iov_to_buf(iov, iovcnt, 0, &desc, sizeof(desc));
> + if (unlikely(size != sizeof(desc))) {
> + error_report("Invalid size %zd, expect %zu", size, sizeof(desc));
> + return -EINVAL;
> + }
> +
> + VuBlockDev *vdev_blk = get_vu_block_device_by_server(req->server);
> + uint64_t range[2] = { le64_to_cpu(desc.sector) << 9,
> + le32_to_cpu(desc.num_sectors) << 9 };
Here we get a 32-bit integer from desc.num_sectors, and then the
shift left might make it overflow the 32-bit value before it gets
put into a uint64_t in the range array. Should this be
(uint64_t)le32_to_cpu(desc.num_sectors) << 9
?
thanks
-- PMM
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [PULL v3 06/28] block/export: vhost-user block device backend server,
Peter Maydell <=