From: Stefan Hajnoczi <stefanha@redhat.com>
To: qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
Laurent Vivier <lvivier@redhat.com>,
Thomas Huth <thuth@redhat.com>,
qemu-block@nongnu.org, "Michael S. Tsirkin" <mst@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>,
Coiby Xu <coiby.xu@gmail.com>, Max Reitz <mreitz@redhat.com>,
Stefan Hajnoczi <stefanha@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Raphael Norwitz <raphael.norwitz@nutanix.com>
Subject: [PATCH v3 12/12] block/export: port virtio-blk read/write range check
Date: Tue, 23 Feb 2021 14:46:53 +0000 [thread overview]
Message-ID: <20210223144653.811468-13-stefanha@redhat.com> (raw)
In-Reply-To: <20210223144653.811468-1-stefanha@redhat.com>
Check that the sector number and byte count are valid.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
block/export/vhost-user-blk-server.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/block/export/vhost-user-blk-server.c b/block/export/vhost-user-blk-server.c
index 04044228d4..cb5d896b7b 100644
--- a/block/export/vhost-user-blk-server.c
+++ b/block/export/vhost-user-blk-server.c
@@ -209,6 +209,8 @@ static void coroutine_fn vu_blk_virtio_process_req(void *opaque)
switch (type & ~VIRTIO_BLK_T_BARRIER) {
case VIRTIO_BLK_T_IN:
case VIRTIO_BLK_T_OUT: {
+ QEMUIOVector qiov;
+ int64_t offset;
ssize_t ret = 0;
bool is_write = type & VIRTIO_BLK_T_OUT;
req->sector_num = le64_to_cpu(req->out.sector);
@@ -218,13 +220,24 @@ static void coroutine_fn vu_blk_virtio_process_req(void *opaque)
break;
}
- int64_t offset = req->sector_num << VIRTIO_BLK_SECTOR_BITS;
- QEMUIOVector qiov;
if (is_write) {
qemu_iovec_init_external(&qiov, out_iov, out_num);
- ret = blk_co_pwritev(blk, offset, qiov.size, &qiov, 0);
} else {
qemu_iovec_init_external(&qiov, in_iov, in_num);
+ }
+
+ if (unlikely(!vu_blk_sect_range_ok(vexp,
+ req->sector_num,
+ qiov.size))) {
+ req->in->status = VIRTIO_BLK_S_IOERR;
+ break;
+ }
+
+ offset = req->sector_num << VIRTIO_BLK_SECTOR_BITS;
+
+ if (is_write) {
+ ret = blk_co_pwritev(blk, offset, qiov.size, &qiov, 0);
+ } else {
ret = blk_co_preadv(blk, offset, qiov.size, &qiov, 0);
}
if (ret >= 0) {
--
2.29.2
next prev parent reply other threads:[~2021-02-23 14:58 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-23 14:46 [PATCH v3 00/12] block/export: vhost-user-blk server tests and input validation Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 01/12] vhost-user-blk: fix blkcfg->num_queues endianness Stefan Hajnoczi
2021-02-23 16:13 ` Michael S. Tsirkin
2021-02-24 15:12 ` Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 02/12] libqtest: add qtest_socket_server() Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 03/12] libqtest: add qtest_kill_qemu() Stefan Hajnoczi
2021-03-08 6:38 ` Thomas Huth
2021-02-23 14:46 ` [PATCH v3 04/12] libqtest: add qtest_remove_abrt_handler() Stefan Hajnoczi
2021-03-08 6:44 ` Thomas Huth
2021-02-23 14:46 ` [PATCH v3 05/12] test: new qTest case to test the vhost-user-blk-server Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 06/12] tests/qtest: add multi-queue test case to vhost-user-blk-test Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 07/12] block/export: fix blk_size double byteswap Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 08/12] block/export: use VIRTIO_BLK_SECTOR_BITS Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 09/12] block/export: fix vhost-user-blk export sector number calculation Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 10/12] block/export: port virtio-blk discard/write zeroes input validation Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 11/12] vhost-user-blk-test: test discard/write zeroes invalid inputs Stefan Hajnoczi
2021-02-23 14:46 ` Stefan Hajnoczi [this message]
2021-03-03 12:40 ` [PATCH v3 00/12] block/export: vhost-user-blk server tests and input validation Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210223144653.811468-13-stefanha@redhat.com \
--to=stefanha@redhat.com \
--cc=coiby.xu@gmail.com \
--cc=kwolf@redhat.com \
--cc=lvivier@redhat.com \
--cc=mreitz@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=raphael.norwitz@nutanix.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.