[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 08/20] block/io: improve bdrv_check_request: check qiov too
From: |
Eric Blake |
Subject: |
[PULL 08/20] block/io: improve bdrv_check_request: check qiov too |
Date: |
Tue, 2 Feb 2021 16:45:17 -0600 |
From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Operations with qiov add more restrictions on bytes, let's cover it.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20201211183934.169161-8-vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
---
block/io.c | 46 +++++++++++++++++++++++++++++++++++++++-------
1 file changed, 39 insertions(+), 7 deletions(-)
diff --git a/block/io.c b/block/io.c
index 39d943c33a39..b56db913da30 100644
--- a/block/io.c
+++ b/block/io.c
@@ -920,8 +920,14 @@ bool coroutine_fn
bdrv_make_request_serialising(BdrvTrackedRequest *req,
return waited;
}
-int bdrv_check_request(int64_t offset, int64_t bytes, Error **errp)
+static int bdrv_check_qiov_request(int64_t offset, int64_t bytes,
+ QEMUIOVector *qiov, size_t qiov_offset,
+ Error **errp)
{
+ /*
+ * Check generic offset/bytes correctness
+ */
+
if (offset < 0) {
error_setg(errp, "offset is negative: %" PRIi64, offset);
return -EIO;
@@ -951,12 +957,38 @@ int bdrv_check_request(int64_t offset, int64_t bytes,
Error **errp)
return -EIO;
}
+ if (!qiov) {
+ return 0;
+ }
+
+ /*
+ * Check qiov and qiov_offset
+ */
+
+ if (qiov_offset > qiov->size) {
+ error_setg(errp, "qiov_offset(%zu) overflow io vector size(%zu)",
+ qiov_offset, qiov->size);
+ return -EIO;
+ }
+
+ if (bytes > qiov->size - qiov_offset) {
+ error_setg(errp, "bytes(%" PRIi64 ") + qiov_offset(%zu) overflow io "
+ "vector size(%zu)", bytes, qiov_offset, qiov->size);
+ return -EIO;
+ }
+
return 0;
}
-static int bdrv_check_request32(int64_t offset, int64_t bytes)
+int bdrv_check_request(int64_t offset, int64_t bytes, Error **errp)
{
- int ret = bdrv_check_request(offset, bytes, NULL);
+ return bdrv_check_qiov_request(offset, bytes, NULL, 0, errp);
+}
+
+static int bdrv_check_request32(int64_t offset, int64_t bytes,
+ QEMUIOVector *qiov, size_t qiov_offset)
+{
+ int ret = bdrv_check_qiov_request(offset, bytes, qiov, qiov_offset, NULL);
if (ret < 0) {
return ret;
}
@@ -1736,7 +1768,7 @@ int coroutine_fn bdrv_co_preadv_part(BdrvChild *child,
return -ENOMEDIUM;
}
- ret = bdrv_check_request32(offset, bytes);
+ ret = bdrv_check_request32(offset, bytes, qiov, qiov_offset);
if (ret < 0) {
return ret;
}
@@ -2157,7 +2189,7 @@ int coroutine_fn bdrv_co_pwritev_part(BdrvChild *child,
return -ENOMEDIUM;
}
- ret = bdrv_check_request32(offset, bytes);
+ ret = bdrv_check_request32(offset, bytes, qiov, qiov_offset);
if (ret < 0) {
return ret;
}
@@ -3163,7 +3195,7 @@ static int coroutine_fn bdrv_co_copy_range_internal(
if (!dst || !dst->bs || !bdrv_is_inserted(dst->bs)) {
return -ENOMEDIUM;
}
- ret = bdrv_check_request32(dst_offset, bytes);
+ ret = bdrv_check_request32(dst_offset, bytes, NULL, 0);
if (ret) {
return ret;
}
@@ -3174,7 +3206,7 @@ static int coroutine_fn bdrv_co_copy_range_internal(
if (!src || !src->bs || !bdrv_is_inserted(src->bs)) {
return -ENOMEDIUM;
}
- ret = bdrv_check_request32(src_offset, bytes);
+ ret = bdrv_check_request32(src_offset, bytes, NULL, 0);
if (ret) {
return ret;
}
--
2.30.0
- [PULL 00/20] NBD patches for 2021-02-02, Eric Blake, 2021/02/02
- [PULL 01/20] iotests: Fix expected whitespace for 185, Eric Blake, 2021/02/02
- [PULL 03/20] util/iov: make qemu_iovec_init_extended() honest, Eric Blake, 2021/02/02
- [PULL 04/20] block: fix theoretical overflow in bdrv_init_padding(), Eric Blake, 2021/02/02
- [PULL 02/20] block: refactor bdrv_check_request: add errp, Eric Blake, 2021/02/02
- [PULL 07/20] block/throttle-groups: throttle_group_co_io_limits_intercept(): 64bit bytes, Eric Blake, 2021/02/02
- [PULL 05/20] block/io: refactor bdrv_pad_request(): move bdrv_pad_request() up, Eric Blake, 2021/02/02
- [PULL 08/20] block/io: improve bdrv_check_request: check qiov too,
Eric Blake <=
- [PULL 06/20] block/io: bdrv_pad_request(): support qemu_iovec_init_extended failure, Eric Blake, 2021/02/02
- [PULL 09/20] block: use int64_t as bytes type in tracked requests, Eric Blake, 2021/02/02
- [PULL 10/20] block/io: use int64_t bytes in driver wrappers, Eric Blake, 2021/02/02
- [PULL 11/20] block/io: support int64_t bytes in bdrv_co_do_pwrite_zeroes(), Eric Blake, 2021/02/02
- [PULL 12/20] block/io: support int64_t bytes in bdrv_aligned_pwritev(), Eric Blake, 2021/02/02
- [PULL 16/20] block/io: support int64_t bytes in read/write wrappers, Eric Blake, 2021/02/02
- [PULL 17/20] block/io: use int64_t bytes in copy_range, Eric Blake, 2021/02/02
- [PULL 15/20] block/io: support int64_t bytes in bdrv_co_p{read, write}v_part(), Eric Blake, 2021/02/02
- [PULL 19/20] block/nbd: only enter connection coroutine if it's present, Eric Blake, 2021/02/02
- [PULL 20/20] nbd: make nbd_read* return -EIO on error, Eric Blake, 2021/02/02