From: Eric Blake <eblake@redhat.com>
To: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>,
Alberto Garcia <berto@igalia.com>,
qemu-block@nongnu.org
Cc: kwolf@redhat.com, fam@euphon.net, integration@gluster.org,
sheepdog@lists.wpkg.org, pavel.dovgaluk@ispras.ru,
dillaman@redhat.com, qemu-devel@nongnu.org, sw@weilnetz.de,
pl@kamp.de, ronniesahlberg@gmail.com, mreitz@redhat.com,
den@openvz.org, stefanha@redhat.com, namei.unix@gmail.com,
pbonzini@redhat.com, jsnow@redhat.com, ari@tuxera.com
Subject: Re: [PATCH v3 05/17] block/io: support int64_t bytes in bdrv_co_do_pwrite_zeroes()
Date: Tue, 23 Jun 2020 11:37:42 -0500 [thread overview]
Message-ID: <11646943-c9ee-04cb-3648-323740536291@redhat.com> (raw)
In-Reply-To: <58dd9502-9356-3fa1-e37d-b9ce8b646b3b@virtuozzo.com>
On 6/23/20 5:20 AM, Vladimir Sementsov-Ogievskiy wrote:
> 11.05.2020 21:34, Eric Blake wrote:
>> On 5/11/20 12:17 PM, Alberto Garcia wrote:
>>> On Thu 30 Apr 2020 01:10:21 PM CEST, Vladimir Sementsov-Ogievskiy wrote:
>>>> compute 'int tail' via % 'int alignment' - safe
>>>
>>> tail = (offset + bytes) % alignment;
>>>
>>> both are int64_t, no chance of overflow here?
>>
>> Good question - I know several places check that offset+bytes does not
>> overflow, but did not specifically audit if this one does. Adding an
>> assert() in this function may be easier than trying to prove all
>> callers pass in safe values.
>>
>
> Hm, it's preexisting, as int64_t + int may overflow as well. Strange,
> but I don't see overflow check neither in blk_check_byte_request nor in
> bdrv_check_byte_request. Only discard, which recently dropped call of
> bdrv_check_byte_request() has this check.
In fact, iotest 197 (see commit 461743390) is an instance of testing for
a bug where we overflowed INT_MAX due to rounding up to cluster size,
even with a transaction request smaller than limits.
>
> I can add a patch for overflow check in blk_check_byte_request and
> bdrv_check_byte_request.. But what about alignment? There may be
> requests, for which bytes + offset doesn't overflow, but do overflow
> after aligning up. Refactor bdrv_pad_request() to return an error if we
> can't pad request due to overflow?
The only cases where int64_t + int can overflow due to rounding up for
alignment are when the file size is extremely close to 2^63 bytes
already. The easiest fix is to reject opening a file that reports a
size that would overflow when rounded up to alignment (that is, if size
> INT64_MAX - alignment, we should refuse to proceed). Such images
will never occur for actual disk images (because that is really a LOT of
storage), but are possible over things like NBD (in fact, nbdkit has
intentionally made it easy to provoke boundary testing near 2^63 bytes,
and is already aware that anything larger than 2^63-512 is problematic
in qemu).
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
next prev parent reply other threads:[~2020-06-23 16:38 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-30 11:10 [PATCH v3 00/17] 64bit block-layer Vladimir Sementsov-Ogievskiy
2020-04-30 11:10 ` [PATCH v3 01/17] block/throttle-groups: throttle_group_co_io_limits_intercept(): 64bit bytes Vladimir Sementsov-Ogievskiy
2020-05-11 15:28 ` Alberto Garcia
2020-04-30 11:10 ` [PATCH v3 02/17] block: use int64_t as bytes type in tracked requests Vladimir Sementsov-Ogievskiy
2020-05-11 15:32 ` Alberto Garcia
2020-05-22 19:09 ` Eric Blake
2020-04-30 11:10 ` [PATCH v3 03/17] block/io: use int64_t bytes parameter in bdrv_check_byte_request() Vladimir Sementsov-Ogievskiy
2020-05-11 15:57 ` Alberto Garcia
2020-04-30 11:10 ` [PATCH v3 04/17] block/io: use int64_t bytes in driver wrappers Vladimir Sementsov-Ogievskiy
2020-05-11 16:30 ` Alberto Garcia
2020-04-30 11:10 ` [PATCH v3 05/17] block/io: support int64_t bytes in bdrv_co_do_pwrite_zeroes() Vladimir Sementsov-Ogievskiy
2020-05-08 18:20 ` Eric Blake
2020-05-11 17:17 ` Alberto Garcia
2020-05-11 18:34 ` Eric Blake
2020-06-23 10:20 ` Vladimir Sementsov-Ogievskiy
2020-06-23 16:37 ` Eric Blake [this message]
2020-04-30 11:10 ` [PATCH v3 06/17] block/io: support int64_t bytes in bdrv_aligned_pwritev() Vladimir Sementsov-Ogievskiy
2020-05-08 20:38 ` Eric Blake
2020-06-18 14:29 ` Alberto Garcia
2020-04-30 11:10 ` [PATCH v3 07/17] block/io: support int64_t bytes in bdrv_co_do_copy_on_readv() Vladimir Sementsov-Ogievskiy
2020-05-21 22:29 ` Eric Blake
2020-05-22 6:30 ` Vladimir Sementsov-Ogievskiy
2020-04-30 11:10 ` [PATCH v3 08/17] block/io: support int64_t bytes in bdrv_aligned_preadv() Vladimir Sementsov-Ogievskiy
2020-05-22 15:14 ` Eric Blake
2020-06-18 14:35 ` Alberto Garcia
2020-06-18 14:47 ` Eric Blake
2020-04-30 11:10 ` [PATCH v3 09/17] block/io: support int64_t bytes in bdrv_co_p{read, write}v_part() Vladimir Sementsov-Ogievskiy
2020-05-22 19:34 ` [PATCH v3 09/17] block/io: support int64_t bytes in bdrv_co_p{read,write}v_part() Eric Blake
2020-04-30 11:10 ` [PATCH v3 10/17] block/io: support int64_t bytes in read/write wrappers Vladimir Sementsov-Ogievskiy
2020-04-30 11:10 ` [PATCH v3 11/17] block/io: use int64_t bytes in copy_range Vladimir Sementsov-Ogievskiy
2020-04-30 11:10 ` [PATCH v3 12/17] block/block-backend: convert blk io path to use int64_t parameters Vladimir Sementsov-Ogievskiy
2020-06-23 22:11 ` Eric Blake
2020-04-30 11:10 ` [PATCH v3 13/17] block: use int64_t instead of uint64_t in driver read handlers Vladimir Sementsov-Ogievskiy
2020-04-30 11:10 ` [PATCH v3 14/17] block: use int64_t instead of uint64_t in driver write handlers Vladimir Sementsov-Ogievskiy
2020-04-30 11:10 ` [PATCH v3 15/17] block: use int64_t instead of uint64_t in copy_range driver handlers Vladimir Sementsov-Ogievskiy
2020-04-30 11:10 ` [PATCH v3 16/17] block: use int64_t instead of int in driver write_zeroes handlers Vladimir Sementsov-Ogievskiy
2020-04-30 11:10 ` [PATCH v3 17/17] block: use int64_t instead of int in driver discard handlers Vladimir Sementsov-Ogievskiy
2020-05-06 6:40 ` Vladimir Sementsov-Ogievskiy
2020-04-30 20:51 ` [PATCH v3 00/17] 64bit block-layer no-reply
2020-05-06 6:39 ` Vladimir Sementsov-Ogievskiy
2020-04-30 20:57 ` no-reply
2020-12-01 16:07 ` Vladimir Sementsov-Ogievskiy
2020-12-01 16:56 ` Vladimir Sementsov-Ogievskiy
2020-12-01 21:50 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=11646943-c9ee-04cb-3648-323740536291@redhat.com \
--to=eblake@redhat.com \
--cc=ari@tuxera.com \
--cc=berto@igalia.com \
--cc=den@openvz.org \
--cc=dillaman@redhat.com \
--cc=fam@euphon.net \
--cc=integration@gluster.org \
--cc=jsnow@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=namei.unix@gmail.com \
--cc=pavel.dovgaluk@ispras.ru \
--cc=pbonzini@redhat.com \
--cc=pl@kamp.de \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=ronniesahlberg@gmail.com \
--cc=sheepdog@lists.wpkg.org \
--cc=stefanha@redhat.com \
--cc=sw@weilnetz.de \
--cc=vsementsov@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).