From patchwork Tue Jan 31 16:09:54 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alberto Garcia X-Patchwork-Id: 9547685 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B540760415 for ; Tue, 31 Jan 2017 16:23:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9C7E62815E for ; Tue, 31 Jan 2017 16:23:59 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 90F5928210; Tue, 31 Jan 2017 16:23:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E4E922815E for ; Tue, 31 Jan 2017 16:23:58 +0000 (UTC) Received: from localhost ([::1]:39326 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cYbDp-0001Bo-OI for patchwork-qemu-devel@patchwork.kernel.org; Tue, 31 Jan 2017 11:23:57 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43104) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cYb0i-0006Qj-E5 for qemu-devel@nongnu.org; Tue, 31 Jan 2017 11:10:25 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cYb0f-0006lL-M4 for qemu-devel@nongnu.org; Tue, 31 Jan 2017 11:10:24 -0500 Received: from smtp3.mundo-r.com ([212.51.32.191]:64698 helo=smtp4.mundo-r.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cYb0f-0006l7-8E; Tue, 31 Jan 2017 11:10:21 -0500 IronPort-PHdr: =?us-ascii?q?9a23=3A1jyRLB1fF1kK27PbsmDT+DRfVm0co7zxezQtwd8Z?= =?us-ascii?q?sesWKfzxwZ3uMQTl6Ol3ixeRBMOAuq4C1bed4/2ocFdDyK7JiGoFfp1IWk1Nou?= =?us-ascii?q?QttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZr?= =?us-ascii?q?KeTpAI7SiNm82/yv95HJbQhFgDWwbalzIRi2ognctckbipZ+J6gszRfEvmFGcP?= =?us-ascii?q?lMy2NyIlKTkRf85sOu85Nm7i9dpfEv+dNeXKvjZ6g3QqBWAzogM2Au+c3krgLD?= =?us-ascii?q?QheV5nsdSWoZjBxFCBXY4R7gX5fxtiz6tvdh2CSfIMb7Q6w4VSik4qx2UxLjlj?= =?us-ascii?q?sJOCAl/2HWksxwjbxUoBS9pxxk3oXYZJiZOOdicq/BeN8XQ21OUNpRWSFfG4+w?= =?us-ascii?q?dokBAPcbPepBsof9ukAOrQOgCgawGOPj0ztIhnj43KYn1+gsEQTK0QonENwSsH?= =?us-ascii?q?rZssz5OL4QX++o1qnE1CjNb+5N2Tfl9ofHbgwhquyIUb5ubcbdzE8iHB7HgFqN?= =?us-ascii?q?s4zoJzOb2PoQvWaV7ORuUuCgi2AlpAF/uTWj2tsgh5PVio8P1lzI6SN0y5s1K9?= =?us-ascii?q?2iT057ZMapHYdUty6BKYR2WN8iQ2Z1syg70LIGo4K0fCkQx586wBPQcOKIc5KU?= =?us-ascii?q?4hLkT+uRIDh4i2hheLK+nRm+61Svyur5VsSt1ltBsylLksHUu30JyhDf8NWLRu?= =?us-ascii?q?Z/80u73TuC0xrf5vxELE00jabWL4MtzqQtmpcTvknPBDL6lUX2gaOMaEko5+ql?= =?us-ascii?q?5uL6abv8vJCcLZV7igTmP6QrncywHPo3PxAVX2ie5eS8zLrj/VDlQLlSjv05jK?= =?us-ascii?q?3ZsJfCKMQVvKG5BQ5U0ocl6xmhFTum0dsYkmMDLFJEYh2LlZTmO1bLIPzgDPe/?= =?us-ascii?q?hUqjkCtzyv3CI7HtGIjBImXBnbv7ebtw71RQxBczwN1f/55UD6sOIPP3Wk//rt?= =?us-ascii?q?zYCRo5PhSvzOn5EtV9yoQeVHmOAq+WKqzStV6I6fg1L+aQY48VvS7xK+I56P72?= =?us-ascii?q?kX85hVgdcLGw3ZQJbXC4A+1qLFiHbnrynNgBFXwHvgw5TOzsh12CVyNTa2y1X6?= =?us-ascii?q?Im6TExEJimApvbRoCxnLyB2z+2HoRIaWBDF1CACGznd4GDW/gQayKfOclhkjsC?= =?us-ascii?q?VbiuTY8hyAuitAjgy7poNuDU4DEXtYr/1Nhp4O3ejRIy9DJzD8SZ3WGAVHt0kX?= =?us-ascii?q?0VSD82xq9/vVZxxUuE0ah9m/ZYD8Bc5+tVUgcmMp7R1+l6C8rsVQLAYteISU2r?= =?us-ascii?q?Qs+4Dj4sTtI+2cMOb1xhFNWlixCQlxatVqYYkqHOCJEq/6b02X/3KMBgjXHc2/?= =?us-ascii?q?oPlV4jF+JLP2C8mqk32AHJDI/A2xGTmry2cowd0yfJ9W7Fxm2L6hILGDVsWLnI?= =?us-ascii?q?CChMLnDdqs70swadErI=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2DVCQD8tZBY/5tjdVtdHAEBBAEBCgEBF?= =?us-ascii?q?wEBBAEBCgEBgygngUOOUY9qAQEBBQGBAhsBkyeEHBqGCAKCMkMUAQEBAQEBAQE?= =?us-ascii?q?BAQFhKIIzG4IcBidSED8SPBsZiWERAa1sOosyAQEIKIYHglGHeoUZBYh8h36KX?= =?us-ascii?q?ZF+gXmIYoYdSJI3NiGBGxMIFRWEdB+BY3OIKgEBAQ?= X-IPAS-Result: =?us-ascii?q?A2DVCQD8tZBY/5tjdVtdHAEBBAEBCgEBFwEBBAEBCgEBgyg?= =?us-ascii?q?ngUOOUY9qAQEBBQGBAhsBkyeEHBqGCAKCMkMUAQEBAQEBAQEBAQFhKIIzG4IcB?= =?us-ascii?q?idSED8SPBsZiWERAa1sOosyAQEIKIYHglGHeoUZBYh8h36KXZF+gXmIYoYdSJI?= =?us-ascii?q?3NiGBGxMIFRWEdB+BY3OIKgEBAQ?= X-IronPort-AV: E=Sophos;i="5.33,315,1477954800"; d="scan'208";a="234632009" Received: from fanzine.igalia.com ([91.117.99.155]) by smtp4.mundo-r.com with ESMTP; 31 Jan 2017 17:10:16 +0100 Received: from a91-154-155-217.elisa-laajakaista.fi ([91.154.155.217] helo=perseus.local) by fanzine.igalia.com with esmtpsa (Cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim) id 1cYb0a-0008Jz-4b; Tue, 31 Jan 2017 17:10:16 +0100 Received: from berto by perseus.local with local (Exim 4.88) (envelope-from ) id 1cYb0M-00088a-El; Tue, 31 Jan 2017 18:10:02 +0200 From: Alberto Garcia To: qemu-devel@nongnu.org Date: Tue, 31 Jan 2017 18:09:54 +0200 Message-Id: <79f66648c685929a144396bda24d13a207131dcf.1485878688.git.berto@igalia.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: References: In-Reply-To: References: X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 212.51.32.191 Subject: [Qemu-devel] [PATCH 1/2] qemu-io: don't allow I/O operations larger than INT_MAX X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Passing a request size larger than INT_MAX to any of the I/O commands results in an error. While 'read' and 'write' handle the error correctly, 'aio_read' and 'aio_write' hit an assertion: blk_aio_read_entry: Assertion `rwco->qiov->size == acb->bytes' failed. The reason is that the QEMU I/O code cannot handle request sizes larger than INT_MAX, so this patch makes qemu-io check that all values are within range. Signed-off-by: Alberto Garcia Reviewed-by: Eric Blake --- qemu-io-cmds.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c index 95bcde1d88..d806a83076 100644 --- a/qemu-io-cmds.c +++ b/qemu-io-cmds.c @@ -388,9 +388,14 @@ create_iovec(BlockBackend *blk, QEMUIOVector *qiov, char **argv, int nr_iov, goto fail; } - if (len > SIZE_MAX) { - printf("Argument '%s' exceeds maximum size %llu\n", arg, - (unsigned long long)SIZE_MAX); + if (len > INT_MAX) { + printf("Argument '%s' exceeds maximum size %d\n", arg, INT_MAX); + goto fail; + } + + if (count > INT_MAX - len) { + printf("The total number of bytes exceed the maximum size %d\n", + INT_MAX); goto fail; } @@ -682,9 +687,8 @@ static int read_f(BlockBackend *blk, int argc, char **argv) if (count < 0) { print_cvtnum_err(count, argv[optind]); return 0; - } else if (count > SIZE_MAX) { - printf("length cannot exceed %" PRIu64 ", given %s\n", - (uint64_t) SIZE_MAX, argv[optind]); + } else if (count > INT_MAX) { + printf("length cannot exceed %d, given %s\n", INT_MAX, argv[optind]); return 0; } @@ -1004,9 +1008,8 @@ static int write_f(BlockBackend *blk, int argc, char **argv) if (count < 0) { print_cvtnum_err(count, argv[optind]); return 0; - } else if (count > SIZE_MAX) { - printf("length cannot exceed %" PRIu64 ", given %s\n", - (uint64_t) SIZE_MAX, argv[optind]); + } else if (count > INT_MAX) { + printf("length cannot exceed %d, given %s\n", INT_MAX, argv[optind]); return 0; }