mirror of
https://gitlab.com/qemu-project/qemu.git
synced 2024-11-05 05:52:15 +03:00
qemu-io: don't allow I/O operations larger than BDRV_REQUEST_MAX_BYTES
Passing a request size larger than BDRV_REQUEST_MAX_BYTES to any of the I/O commands results in an error. While 'read' and 'write' handle the error correctly, 'aio_read' and 'aio_write' hit an assertion: blk_aio_read_entry: Assertion `rwco->qiov->size == acb->bytes' failed. The reason is that the QEMU I/O code cannot handle request sizes larger than BDRV_REQUEST_MAX_BYTES, so this patch makes qemu-io check that all values are within range. Signed-off-by: Alberto Garcia <berto@igalia.com> Message-id: 79f66648c685929a144396bda24d13a207131dcf.1485878688.git.berto@igalia.com [mreitz: Use BDRV_REQUEST_MAX_BYTES instead of INT_MAX] Signed-off-by: Max Reitz <mreitz@redhat.com>
This commit is contained in:
parent
7061a07898
commit
3026c4688c
@ -388,9 +388,15 @@ create_iovec(BlockBackend *blk, QEMUIOVector *qiov, char **argv, int nr_iov,
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (len > SIZE_MAX) {
|
||||
printf("Argument '%s' exceeds maximum size %llu\n", arg,
|
||||
(unsigned long long)SIZE_MAX);
|
||||
if (len > BDRV_REQUEST_MAX_BYTES) {
|
||||
printf("Argument '%s' exceeds maximum size %" PRIu64 "\n", arg,
|
||||
(uint64_t)BDRV_REQUEST_MAX_BYTES);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (count > BDRV_REQUEST_MAX_BYTES - len) {
|
||||
printf("The total number of bytes exceed the maximum size %" PRIu64
|
||||
"\n", (uint64_t)BDRV_REQUEST_MAX_BYTES);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
@ -682,9 +688,9 @@ static int read_f(BlockBackend *blk, int argc, char **argv)
|
||||
if (count < 0) {
|
||||
print_cvtnum_err(count, argv[optind]);
|
||||
return 0;
|
||||
} else if (count > SIZE_MAX) {
|
||||
} else if (count > BDRV_REQUEST_MAX_BYTES) {
|
||||
printf("length cannot exceed %" PRIu64 ", given %s\n",
|
||||
(uint64_t) SIZE_MAX, argv[optind]);
|
||||
(uint64_t)BDRV_REQUEST_MAX_BYTES, argv[optind]);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1004,9 +1010,9 @@ static int write_f(BlockBackend *blk, int argc, char **argv)
|
||||
if (count < 0) {
|
||||
print_cvtnum_err(count, argv[optind]);
|
||||
return 0;
|
||||
} else if (count > SIZE_MAX) {
|
||||
} else if (count > BDRV_REQUEST_MAX_BYTES) {
|
||||
printf("length cannot exceed %" PRIu64 ", given %s\n",
|
||||
(uint64_t) SIZE_MAX, argv[optind]);
|
||||
(uint64_t)BDRV_REQUEST_MAX_BYTES, argv[optind]);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user