From patchwork Thu Nov 15 02:03:27 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Blake <eblake@redhat.com>
X-Patchwork-Id: 10683445
Return-Path: 
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A1A1414E2
	for <patchwork-qemu-devel@patchwork.kernel.org>;
 Thu, 15 Nov 2018 02:08:54 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8B3902C0BE
	for <patchwork-qemu-devel@patchwork.kernel.org>;
 Thu, 15 Nov 2018 02:08:54 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 7E9F82C0EB; Thu, 15 Nov 2018 02:08:54 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1ABD82C0BE
	for <patchwork-qemu-devel@patchwork.kernel.org>;
 Thu, 15 Nov 2018 02:08:54 +0000 (UTC)
Received: from localhost ([::1]:35630 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>)
	id 1gN75R-0006SD-9Z
	for patchwork-qemu-devel@patchwork.kernel.org;
 Wed, 14 Nov 2018 21:08:53 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53686)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1gN70p-0002N2-Lg
	for qemu-devel@nongnu.org; Wed, 14 Nov 2018 21:04:09 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1gN70n-0005it-Nv
	for qemu-devel@nongnu.org; Wed, 14 Nov 2018 21:04:07 -0500
Received: from mx1.redhat.com ([209.132.183.28]:58532)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <eblake@redhat.com>)
	id 1gN70i-0005e3-17; Wed, 14 Nov 2018 21:04:00 -0500
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
	[10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 5E08036807;
	Thu, 15 Nov 2018 02:03:56 +0000 (UTC)
Received: from red.redhat.com (ovpn-123-32.rdu2.redhat.com [10.10.123.32])
	by smtp.corp.redhat.com (Postfix) with ESMTP id D752A60BF6;
	Thu, 15 Nov 2018 02:03:54 +0000 (UTC)
From: Eric Blake <eblake@redhat.com>
To: qemu-devel@nongnu.org
Date: Wed, 14 Nov 2018 20:03:27 -0600
Message-Id: <20181115020334.1189829-7-eblake@redhat.com>
In-Reply-To: <20181115020334.1189829-1-eblake@redhat.com>
References: <20181115020334.1189829-1-eblake@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.5.110.30]);
	Thu, 15 Nov 2018 02:03:56 +0000 (UTC)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 209.132.183.28
Subject: [Qemu-devel] [PATCH v2 06/13] blkdebug: Audit for read/write 64-bit
 cleanness
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: kwolf@redhat.com, Markus Armbruster <armbru@redhat.com>,
	qemu-block@nongnu.org, Max Reitz <mreitz@redhat.com>
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Since the block layer is never supposed to hand us an offset + bytes
that would exceed off_t, we can assert this in rule_check(). With
that in place, there is nothing else in the pread, pwrite, or
pwrite_zeroes code paths that can't handle inputs larger than 2G
(even if the block layer currently never hands us something
that large); update the refresh_limits callback to document this
fact, when the user doesn't specify an override.

For a user override, we have to change the QAPI type to 'uint64'
instead of 'int'. At the same time, we can also change 'align'
to 'int32' to match the existing checks in blkdebug_open() that
alignment is always smaller than 2G.

Signed-off-by: Eric Blake <eblake@redhat.com>
---
 qapi/block-core.json |  2 +-
 block/blkdebug.c     | 17 +++++------------
 2 files changed, 6 insertions(+), 13 deletions(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index d4fe710836e..32f0edd189f 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3122,7 +3122,7 @@
 { 'struct': 'BlockdevOptionsBlkdebug',
   'data': { 'image': 'BlockdevRef',
             '*config': 'str',
-            '*align': 'int', '*max-transfer': 'int32',
+            '*align': 'int32', '*max-transfer': 'uint64',
             '*opt-write-zero': 'int32', '*max-write-zero': 'int32',
             '*opt-discard': 'int32', '*max-discard': 'int32',
             '*inject-error': ['BlkdebugInjectErrorOptions'],
diff --git a/block/blkdebug.c b/block/blkdebug.c
index 0759452925b..be4d65f86a0 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -415,9 +415,7 @@ static int blkdebug_open(BlockDriverState *bs, QDict *options, int flags,
     align = MAX(s->align, bs->file->bs->bl.request_alignment);

     s->max_transfer = qemu_opt_get_size(opts, "max-transfer", 0);
-    if (s->max_transfer &&
-        (s->max_transfer >= INT_MAX ||
-         !QEMU_IS_ALIGNED(s->max_transfer, align))) {
+    if (s->max_transfer && !QEMU_IS_ALIGNED(s->max_transfer, align)) {
         error_setg(errp, "Cannot meet constraints with max-transfer %" PRIu64,
                    s->max_transfer);
         goto out;
@@ -477,6 +475,7 @@ static int rule_check(BlockDriverState *bs, uint64_t offset, uint64_t bytes)
     int error;
     bool immediately;

+    assert(offset <= INT64_MAX - bytes);
     QSIMPLEQ_FOREACH(rule, &s->active_rules, active_next) {
         uint64_t inject_offset = rule->options.inject.offset;

@@ -517,9 +516,7 @@ blkdebug_co_preadv(BlockDriverState *bs, uint64_t offset, uint64_t bytes,
     /* Sanity check block layer guarantees */
     assert(QEMU_IS_ALIGNED(offset, bs->bl.request_alignment));
     assert(QEMU_IS_ALIGNED(bytes, bs->bl.request_alignment));
-    if (bs->bl.max_transfer) {
-        assert(bytes <= bs->bl.max_transfer);
-    }
+    assert(bytes <= bs->bl.max_transfer);

     err = rule_check(bs, offset, bytes);
     if (err) {
@@ -538,9 +535,7 @@ blkdebug_co_pwritev(BlockDriverState *bs, uint64_t offset, uint64_t bytes,
     /* Sanity check block layer guarantees */
     assert(QEMU_IS_ALIGNED(offset, bs->bl.request_alignment));
     assert(QEMU_IS_ALIGNED(bytes, bs->bl.request_alignment));
-    if (bs->bl.max_transfer) {
-        assert(bytes <= bs->bl.max_transfer);
-    }
+    assert(bytes <= bs->bl.max_transfer);

     err = rule_check(bs, offset, bytes);
     if (err) {
@@ -865,9 +860,7 @@ static void blkdebug_refresh_limits(BlockDriverState *bs, Error **errp)
     if (s->align) {
         bs->bl.request_alignment = s->align;
     }
-    if (s->max_transfer) {
-        bs->bl.max_transfer = s->max_transfer;
-    }
+    bs->bl.max_transfer = s->max_transfer ?: INT64_MAX;
     if (s->opt_write_zero) {
         bs->bl.pwrite_zeroes_alignment = s->opt_write_zero;
     }