* [PATCH 0/2] block: avoid integer overflow of `max-workers` and assert `max_busy_tasks`
@ 2021-10-05 16:11 Stefano Garzarella
2021-10-05 16:11 ` [PATCH 1/2] block/backup: avoid integer overflow of `max-workers` Stefano Garzarella
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Stefano Garzarella @ 2021-10-05 16:11 UTC (permalink / raw)
To: qemu-devel
Cc: Kevin Wolf, Hanna Reitz, Vladimir Sementsov-Ogievskiy, John Snow,
qemu-block
This series contains a patch that avoids an integer overflow of
`max-workers` (struct BackupPerf) by adding a check and a patch
that asserts this condition where the problem occurs.
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2009310
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Stefano Garzarella (2):
block/backup: avoid integer overflow of `max-workers`
block/aio_task: assert `max_busy_tasks` is greater than 0
block/aio_task.c | 2 ++
block/backup.c | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)
--
2.31.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/2] block/backup: avoid integer overflow of `max-workers`
2021-10-05 16:11 [PATCH 0/2] block: avoid integer overflow of `max-workers` and assert `max_busy_tasks` Stefano Garzarella
@ 2021-10-05 16:11 ` Stefano Garzarella
2021-10-05 16:25 ` Vladimir Sementsov-Ogievskiy
2021-10-05 16:11 ` [PATCH 2/2] block/aio_task: assert `max_busy_tasks` is greater than 0 Stefano Garzarella
2021-10-05 16:38 ` [PATCH 0/2] block: avoid integer overflow of `max-workers` and assert `max_busy_tasks` Vladimir Sementsov-Ogievskiy
2 siblings, 1 reply; 6+ messages in thread
From: Stefano Garzarella @ 2021-10-05 16:11 UTC (permalink / raw)
To: qemu-devel
Cc: Kevin Wolf, Hanna Reitz, Vladimir Sementsov-Ogievskiy, John Snow,
qemu-block
QAPI generates `struct BackupPerf` where `max-workers` value is stored
in an `int64_t` variable.
But block_copy_async(), and the underlying code, uses an `int` parameter.
At the end that variable is used to initialize `max_busy_tasks` in
block/aio_task.c causing the following assertion failure if a value
greater than INT_MAX(2147483647) is used:
../block/aio_task.c:63: aio_task_pool_wait_one: Assertion `pool->busy_tasks > 0' failed.
Let's check that `max-workers` doesn't exceed INT_MAX and print an
error in that case.
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2009310
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
block/backup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/block/backup.c b/block/backup.c
index 687d2882bc..8b072db5d9 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -407,8 +407,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
return NULL;
}
- if (perf->max_workers < 1) {
- error_setg(errp, "max-workers must be greater than zero");
+ if (perf->max_workers < 1 || perf->max_workers > INT_MAX) {
+ error_setg(errp, "max-workers must be between 1 and %d", INT_MAX);
return NULL;
}
--
2.31.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/2] block/aio_task: assert `max_busy_tasks` is greater than 0
2021-10-05 16:11 [PATCH 0/2] block: avoid integer overflow of `max-workers` and assert `max_busy_tasks` Stefano Garzarella
2021-10-05 16:11 ` [PATCH 1/2] block/backup: avoid integer overflow of `max-workers` Stefano Garzarella
@ 2021-10-05 16:11 ` Stefano Garzarella
2021-10-05 16:28 ` Vladimir Sementsov-Ogievskiy
2021-10-05 16:38 ` [PATCH 0/2] block: avoid integer overflow of `max-workers` and assert `max_busy_tasks` Vladimir Sementsov-Ogievskiy
2 siblings, 1 reply; 6+ messages in thread
From: Stefano Garzarella @ 2021-10-05 16:11 UTC (permalink / raw)
To: qemu-devel
Cc: Kevin Wolf, Hanna Reitz, Vladimir Sementsov-Ogievskiy, John Snow,
qemu-block
All code in block/aio_task.c expects `max_busy_tasks` to always
be greater than 0.
Assert this condition during the AioTaskPool creation where
`max_busy_tasks` is set.
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
block/aio_task.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/block/aio_task.c b/block/aio_task.c
index 88989fa248..9bd17ea2c1 100644
--- a/block/aio_task.c
+++ b/block/aio_task.c
@@ -98,6 +98,8 @@ AioTaskPool *coroutine_fn aio_task_pool_new(int max_busy_tasks)
{
AioTaskPool *pool = g_new0(AioTaskPool, 1);
+ assert(max_busy_tasks > 0);
+
pool->main_co = qemu_coroutine_self();
pool->max_busy_tasks = max_busy_tasks;
--
2.31.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] block/backup: avoid integer overflow of `max-workers`
2021-10-05 16:11 ` [PATCH 1/2] block/backup: avoid integer overflow of `max-workers` Stefano Garzarella
@ 2021-10-05 16:25 ` Vladimir Sementsov-Ogievskiy
0 siblings, 0 replies; 6+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-10-05 16:25 UTC (permalink / raw)
To: Stefano Garzarella, qemu-devel
Cc: Hanna Reitz, qemu-block, John Snow, Kevin Wolf
10/5/21 19:11, Stefano Garzarella wrote:
> QAPI generates `struct BackupPerf` where `max-workers` value is stored
> in an `int64_t` variable.
> But block_copy_async(), and the underlying code, uses an `int` parameter.
>
> At the end that variable is used to initialize `max_busy_tasks` in
> block/aio_task.c causing the following assertion failure if a value
> greater than INT_MAX(2147483647) is used:
>
> ../block/aio_task.c:63: aio_task_pool_wait_one: Assertion `pool->busy_tasks > 0' failed.
>
> Let's check that `max-workers` doesn't exceed INT_MAX and print an
> error in that case.
>
> Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2009310
I glad to see that someone experiments with my experimental API :)
> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> ---
> block/backup.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/block/backup.c b/block/backup.c
> index 687d2882bc..8b072db5d9 100644
> --- a/block/backup.c
> +++ b/block/backup.c
> @@ -407,8 +407,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
> return NULL;
> }
>
> - if (perf->max_workers < 1) {
> - error_setg(errp, "max-workers must be greater than zero");
> + if (perf->max_workers < 1 || perf->max_workers > INT_MAX) {
> + error_setg(errp, "max-workers must be between 1 and %d", INT_MAX);
> return NULL;
> }
>
>
--
Best regards,
Vladimir
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] block/aio_task: assert `max_busy_tasks` is greater than 0
2021-10-05 16:11 ` [PATCH 2/2] block/aio_task: assert `max_busy_tasks` is greater than 0 Stefano Garzarella
@ 2021-10-05 16:28 ` Vladimir Sementsov-Ogievskiy
0 siblings, 0 replies; 6+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-10-05 16:28 UTC (permalink / raw)
To: Stefano Garzarella, qemu-devel
Cc: Hanna Reitz, qemu-block, John Snow, Kevin Wolf
10/5/21 19:11, Stefano Garzarella wrote:
> All code in block/aio_task.c expects `max_busy_tasks` to always
> be greater than 0.
>
> Assert this condition during the AioTaskPool creation where
> `max_busy_tasks` is set.
>
> Signed-off-by: Stefano Garzarella<sgarzare@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
--
Best regards,
Vladimir
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 0/2] block: avoid integer overflow of `max-workers` and assert `max_busy_tasks`
2021-10-05 16:11 [PATCH 0/2] block: avoid integer overflow of `max-workers` and assert `max_busy_tasks` Stefano Garzarella
2021-10-05 16:11 ` [PATCH 1/2] block/backup: avoid integer overflow of `max-workers` Stefano Garzarella
2021-10-05 16:11 ` [PATCH 2/2] block/aio_task: assert `max_busy_tasks` is greater than 0 Stefano Garzarella
@ 2021-10-05 16:38 ` Vladimir Sementsov-Ogievskiy
2 siblings, 0 replies; 6+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2021-10-05 16:38 UTC (permalink / raw)
To: Stefano Garzarella, qemu-devel
Cc: Hanna Reitz, qemu-block, John Snow, Kevin Wolf
10/5/21 19:11, Stefano Garzarella wrote:
> This series contains a patch that avoids an integer overflow of
> `max-workers` (struct BackupPerf) by adding a check and a patch
> that asserts this condition where the problem occurs.
>
> Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2009310
> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
>
> Stefano Garzarella (2):
> block/backup: avoid integer overflow of `max-workers`
> block/aio_task: assert `max_busy_tasks` is greater than 0
>
> block/aio_task.c | 2 ++
> block/backup.c | 4 ++--
> 2 files changed, 4 insertions(+), 2 deletions(-)
>
Thanks for fixing, I'm applying it to my jobs branch.
--
Best regards,
Vladimir
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-10-05 18:02 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-05 16:11 [PATCH 0/2] block: avoid integer overflow of `max-workers` and assert `max_busy_tasks` Stefano Garzarella
2021-10-05 16:11 ` [PATCH 1/2] block/backup: avoid integer overflow of `max-workers` Stefano Garzarella
2021-10-05 16:25 ` Vladimir Sementsov-Ogievskiy
2021-10-05 16:11 ` [PATCH 2/2] block/aio_task: assert `max_busy_tasks` is greater than 0 Stefano Garzarella
2021-10-05 16:28 ` Vladimir Sementsov-Ogievskiy
2021-10-05 16:38 ` [PATCH 0/2] block: avoid integer overflow of `max-workers` and assert `max_busy_tasks` Vladimir Sementsov-Ogievskiy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.