[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH for-2.6?] nbd: Don't mishandle unaligned client
Re: [Qemu-devel] [PATCH for-2.6?] nbd: Don't mishandle unaligned client requests
Fri, 22 Apr 2016 09:03:25 +0200
Am 21.04.2016 um 18:28 hat Peter Maydell geschrieben:
> On 21 April 2016 at 15:42, Eric Blake <address@hidden> wrote:
> > The NBD protocol does not (yet) force any alignment constraints
> > on clients. Even though qemu NBD clients always send requests
> > that are aligned to 512 bytes, we must be prepared for non-qemu
> > clients that don't care about alignment (even if it means they
> > are less efficient). Our use of blk_read() and blk_write() was
> > silently operating on the wrong file offsets when the client
> > made an unaligned request, corrupting the client's data (but
> > as the client already has control over the file we are serving,
> > I don't think it is a security hole, per se, just a data
> > corruption bug).
> > Note that in the case of NBD_CMD_READ, an unaligned length could
> > cause us to return up to 511 bytes of uninitialized trailing
> > garbage from blk_try_blockalign() - hopefully nothing sensitive
> > from the heap's prior usage is ever leaked in that manner.
> > Signed-off-by: Eric Blake <address@hidden>
> > ---
> > It's late for 2.6, but as a data corruption bug fix, I think
> > it's worth having if there is still time.
> I want to tag rc3 today, but since it looks like there's going to
> be an rc4 for the virtio handler bug this can probably go into rc4
> if it gets review.
Reviewed-by: Kevin Wolf <address@hidden>
Peter, do you want a pull request (which I would have to do because
Paolo is away) or are you going to apply the patch directly?
Also adding Cc: qemu-stable, because this is an old bug that has existed
ever since qemu-nbd was added.
Re: [Qemu-devel] [PATCH for-2.6?] nbd: Don't mishandle unaligned client requests, Fam Zheng, 2016/04/22