[PATCH 0/2] block: avoid integer overflow of `max-workers` and assert `max_busy_tasks`

[PATCH 0/2] block: avoid integer overflow of `max-workers` and assert `max_busy_tasks`

[Stefano Garzarella]

This series contains a patch that avoids an integer overflow of
`max-workers` (struct BackupPerf) by adding a check and a patch
that asserts this condition where the problem occurs.

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2009310
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>

Stefano Garzarella (2):
  block/backup: avoid integer overflow of `max-workers`
  block/aio_task: assert `max_busy_tasks` is greater than 0

 block/aio_task.c | 2 ++
 block/backup.c   | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

-- 
2.31.1

[PATCH 1/2] block/backup: avoid integer overflow of `max-workers`

[Stefano Garzarella]

QAPI generates `struct BackupPerf` where `max-workers` value is stored
in an `int64_t` variable.
But block_copy_async(), and the underlying code, uses an `int` parameter.

At the end that variable is used to initialize `max_busy_tasks` in
block/aio_task.c causing the following assertion failure if a value
greater than INT_MAX(2147483647) is used:

  ../block/aio_task.c:63: aio_task_pool_wait_one: Assertion `pool->busy_tasks > 0' failed.

Let's check that `max-workers` doesn't exceed INT_MAX and print an
error in that case.

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2009310
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
 block/backup.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/block/backup.c b/block/backup.c
index 687d2882bc..8b072db5d9 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -407,8 +407,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
         return NULL;
     }
 
-    if (perf->max_workers < 1) {
-        error_setg(errp, "max-workers must be greater than zero");
+    if (perf->max_workers < 1 || perf->max_workers > INT_MAX) {
+        error_setg(errp, "max-workers must be between 1 and %d", INT_MAX);
         return NULL;
     }
 
-- 
2.31.1

[PATCH 2/2] block/aio_task: assert `max_busy_tasks` is greater than 0

[Stefano Garzarella]

All code in block/aio_task.c expects `max_busy_tasks` to always
be greater than 0.

Assert this condition during the AioTaskPool creation where
`max_busy_tasks` is set.

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
 block/aio_task.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/block/aio_task.c b/block/aio_task.c
index 88989fa248..9bd17ea2c1 100644
--- a/block/aio_task.c
+++ b/block/aio_task.c
@@ -98,6 +98,8 @@ AioTaskPool *coroutine_fn aio_task_pool_new(int max_busy_tasks)
 {
     AioTaskPool *pool = g_new0(AioTaskPool, 1);
 
+    assert(max_busy_tasks > 0);
+
     pool->main_co = qemu_coroutine_self();
     pool->max_busy_tasks = max_busy_tasks;
 
-- 
2.31.1

Re: [PATCH 1/2] block/backup: avoid integer overflow of `max-workers`

[Vladimir Sementsov-Ogievskiy]

10/5/21 19:11, Stefano Garzarella wrote:
> QAPI generates `struct BackupPerf` where `max-workers` value is stored
> in an `int64_t` variable.
> But block_copy_async(), and the underlying code, uses an `int` parameter.
> 
> At the end that variable is used to initialize `max_busy_tasks` in
> block/aio_task.c causing the following assertion failure if a value
> greater than INT_MAX(2147483647) is used:
> 
>    ../block/aio_task.c:63: aio_task_pool_wait_one: Assertion `pool->busy_tasks > 0' failed.
> 
> Let's check that `max-workers` doesn't exceed INT_MAX and print an
> error in that case.
> 
> Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2009310

I glad to see that someone experiments with my experimental API :)

> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>

Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

> ---
>   block/backup.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/block/backup.c b/block/backup.c
> index 687d2882bc..8b072db5d9 100644
> --- a/block/backup.c
> +++ b/block/backup.c
> @@ -407,8 +407,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
>           return NULL;
>       }
>   
> -    if (perf->max_workers < 1) {
> -        error_setg(errp, "max-workers must be greater than zero");
> +    if (perf->max_workers < 1 || perf->max_workers > INT_MAX) {
> +        error_setg(errp, "max-workers must be between 1 and %d", INT_MAX);
>           return NULL;
>       }
>   
> 


-- 
Best regards,
Vladimir

Re: [PATCH 2/2] block/aio_task: assert `max_busy_tasks` is greater than 0

[Vladimir Sementsov-Ogievskiy]

10/5/21 19:11, Stefano Garzarella wrote:
> All code in block/aio_task.c expects `max_busy_tasks` to always
> be greater than 0.
> 
> Assert this condition during the AioTaskPool creation where
> `max_busy_tasks` is set.
> 
> Signed-off-by: Stefano Garzarella<sgarzare@redhat.com>


Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

-- 
Best regards,
Vladimir

Re: [PATCH 0/2] block: avoid integer overflow of `max-workers` and assert `max_busy_tasks`

[Vladimir Sementsov-Ogievskiy]

10/5/21 19:11, Stefano Garzarella wrote:
> This series contains a patch that avoids an integer overflow of
> `max-workers` (struct BackupPerf) by adding a check and a patch
> that asserts this condition where the problem occurs.
> 
> Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2009310
> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
> 
> Stefano Garzarella (2):
>    block/backup: avoid integer overflow of `max-workers`
>    block/aio_task: assert `max_busy_tasks` is greater than 0
> 
>   block/aio_task.c | 2 ++
>   block/backup.c   | 4 ++--
>   2 files changed, 4 insertions(+), 2 deletions(-)
> 

Thanks for fixing, I'm applying it to my jobs branch.

-- 
Best regards,
Vladimir