From: Stefan Hajnoczi <stefanha@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
Klim Kireev <proffk@virtuozzo.mipt.ru>,
"Denis V . Lunev" <den@openvz.org>,
Stefan Hajnoczi <stefanha@redhat.com>
Subject: [Qemu-devel] [PULL for-2.7 1/5] block/parallels: check new image size
Date: Fri, 5 Aug 2016 10:24:38 +0100 [thread overview]
Message-ID: <1470389082-15298-2-git-send-email-stefanha@redhat.com> (raw)
In-Reply-To: <1470389082-15298-1-git-send-email-stefanha@redhat.com>
From: Klim Kireev <proffk@virtuozzo.mipt.ru>
Before this patch incorrect image could be created via qemu-img
(Example: qemu-img create -f parallels -o size=4096T hack.img),
incorrect images cannot be used due to overflow in main image structure.
This patch add check of size in image creation.
After reading size it compare it with UINT32_MAX * cluster_size.
Signed-off-by: Klim Kireev <proffk@virtuozzo.mipt.ru>
Signed-off-by: Denis V. Lunev <den@openvz.org>
Message-id: 1469639300-12155-1-git-send-email-den@openvz.org
CC: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
block/parallels.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/block/parallels.c b/block/parallels.c
index 807a801..2ccefa7 100644
--- a/block/parallels.c
+++ b/block/parallels.c
@@ -43,6 +43,7 @@
#define HEADER_MAGIC2 "WithouFreSpacExt"
#define HEADER_VERSION 2
#define HEADER_INUSE_MAGIC (0x746F6E59)
+#define MAX_PARALLELS_IMAGE_FACTOR (1ull << 32)
#define DEFAULT_CLUSTER_SIZE 1048576 /* 1 MiB */
@@ -475,6 +476,10 @@ static int parallels_create(const char *filename, QemuOpts *opts, Error **errp)
BDRV_SECTOR_SIZE);
cl_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_CLUSTER_SIZE,
DEFAULT_CLUSTER_SIZE), BDRV_SECTOR_SIZE);
+ if (total_size >= MAX_PARALLELS_IMAGE_FACTOR * cl_size) {
+ error_propagate(errp, local_err);
+ return -E2BIG;
+ }
ret = bdrv_create_file(filename, opts, &local_err);
if (ret < 0) {
--
2.7.4
next prev parent reply other threads:[~2016-08-05 9:24 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-05 9:24 [Qemu-devel] [PULL for-2.7 0/5] Block patches Stefan Hajnoczi
2016-08-05 9:24 ` Stefan Hajnoczi [this message]
2016-08-05 9:24 ` [Qemu-devel] [PULL for-2.7 2/5] throttle: Don't allow burst limits to be lower than the normal limits Stefan Hajnoczi
2016-08-05 9:24 ` [Qemu-devel] [PULL for-2.7 3/5] throttle: Test burst limits " Stefan Hajnoczi
2016-08-05 9:24 ` [Qemu-devel] [PULL for-2.7 4/5] virtio-blk: Release s->rq queue at system_reset Stefan Hajnoczi
2016-08-05 9:24 ` [Qemu-devel] [PULL for-2.7 5/5] virtio-blk: Remove stale comment about draining Stefan Hajnoczi
2016-08-05 12:05 ` [Qemu-devel] [PULL for-2.7 0/5] Block patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1470389082-15298-2-git-send-email-stefanha@redhat.com \
--to=stefanha@redhat.com \
--cc=den@openvz.org \
--cc=peter.maydell@linaro.org \
--cc=proffk@virtuozzo.mipt.ru \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).