From: Kevin Wolf <kwolf@redhat.com>
To: Jeff Cody <jcody@redhat.com>
Cc: qemu-stable@nongnu.org, stefanha@redhat.com,
qemu-devel@nongnu.org, qemu-block@nongnu.org, mreitz@redhat.com
Subject: Re: [Qemu-devel] [PATCH v3 0/2] block: vpc - prevent overflow
Date: Fri, 24 Jul 2015 17:59:49 +0200 [thread overview]
Message-ID: <20150724155949.GC3913@noname.redhat.com> (raw)
In-Reply-To: <cover.1437747831.git.jcody@redhat.com>
Am 24.07.2015 um 16:26 hat Jeff Cody geschrieben:
> Changes:
>
> v3: check for INT_MAX / 4 as well, and use ROUND_UP (Thanks Max)
>
> v2 now also checks that Max Table Entries is < SIZE_MAX / 4 (Thanks Stefan)
>
> This series fixes a bug found by Richard Jones.
>
> When we allocate the pagetable based on max_table_entries, we multiply
> the max table entry value by 4 to accomodate a table of 32-bit integers.
> However, max_table_entries is a uint32_t, and the VPC driver accepts
> ranges for that entry over 0x40000000. So during this allocation:
>
> s->pagetable = qemu_try_blockalign(bs->file, s->max_table_entries * 4);
>
> The size arg overflows, allocating significantly less memory than
> expected.
>
> Since qemu_try_blockalign() size argument is size_t, cast the
> multiplication correctly to prevent overflow.
>
> The value of "max_table_entries * 4" is used elsewhere in the code as
> well, so store the correct value for use in all those cases.
Thanks, applied to my block branch for 2.4.
When posting patches that are meant for qemu-stable, it's best to not
only copy the mailing list for the emails, but to have an explicit
"Cc: qemu-stable@nongnu.org" in the commit message. I added the tag
for this series while applying.
Kevin
prev parent reply other threads:[~2015-07-24 16:00 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-24 14:26 [Qemu-devel] [PATCH v3 0/2] block: vpc - prevent overflow Jeff Cody
2015-07-24 14:26 ` [Qemu-devel] [PATCH v3 1/2] block: vpc - prevent overflow if max_table_entries >= 0x40000000 Jeff Cody
2015-07-24 14:26 ` [Qemu-devel] [PATCH v3 2/2] block: qemu-iotests - add check for multiplication overflow in vpc Jeff Cody
2015-07-24 15:59 ` Kevin Wolf [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150724155949.GC3913@noname.redhat.com \
--to=kwolf@redhat.com \
--cc=jcody@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.