qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: Stefan Hajnoczi <stefanha@redhat.com>
To: qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
	Laurent Vivier <lvivier@redhat.com>,
	Thomas Huth <thuth@redhat.com>,
	qemu-block@nongnu.org, "Michael S. Tsirkin" <mst@redhat.com>,
	Peter Maydell <peter.maydell@linaro.org>,
	Coiby Xu <coiby.xu@gmail.com>, Max Reitz <mreitz@redhat.com>,
	Stefan Hajnoczi <stefanha@redhat.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Raphael Norwitz <raphael.norwitz@nutanix.com>
Subject: [PATCH v3 12/12] block/export: port virtio-blk read/write range check
Date: Tue, 23 Feb 2021 14:46:53 +0000	[thread overview]
Message-ID: <20210223144653.811468-13-stefanha@redhat.com> (raw)
In-Reply-To: <20210223144653.811468-1-stefanha@redhat.com>

Check that the sector number and byte count are valid.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 block/export/vhost-user-blk-server.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/block/export/vhost-user-blk-server.c b/block/export/vhost-user-blk-server.c
index 04044228d4..cb5d896b7b 100644
--- a/block/export/vhost-user-blk-server.c
+++ b/block/export/vhost-user-blk-server.c
@@ -209,6 +209,8 @@ static void coroutine_fn vu_blk_virtio_process_req(void *opaque)
     switch (type & ~VIRTIO_BLK_T_BARRIER) {
     case VIRTIO_BLK_T_IN:
     case VIRTIO_BLK_T_OUT: {
+        QEMUIOVector qiov;
+        int64_t offset;
         ssize_t ret = 0;
         bool is_write = type & VIRTIO_BLK_T_OUT;
         req->sector_num = le64_to_cpu(req->out.sector);
@@ -218,13 +220,24 @@ static void coroutine_fn vu_blk_virtio_process_req(void *opaque)
             break;
         }
 
-        int64_t offset = req->sector_num << VIRTIO_BLK_SECTOR_BITS;
-        QEMUIOVector qiov;
         if (is_write) {
             qemu_iovec_init_external(&qiov, out_iov, out_num);
-            ret = blk_co_pwritev(blk, offset, qiov.size, &qiov, 0);
         } else {
             qemu_iovec_init_external(&qiov, in_iov, in_num);
+        }
+
+        if (unlikely(!vu_blk_sect_range_ok(vexp,
+                                           req->sector_num,
+                                           qiov.size))) {
+            req->in->status = VIRTIO_BLK_S_IOERR;
+            break;
+        }
+
+        offset = req->sector_num << VIRTIO_BLK_SECTOR_BITS;
+
+        if (is_write) {
+            ret = blk_co_pwritev(blk, offset, qiov.size, &qiov, 0);
+        } else {
             ret = blk_co_preadv(blk, offset, qiov.size, &qiov, 0);
         }
         if (ret >= 0) {
-- 
2.29.2


  parent reply	other threads:[~2021-02-23 14:58 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-23 14:46 [PATCH v3 00/12] block/export: vhost-user-blk server tests and input validation Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 01/12] vhost-user-blk: fix blkcfg->num_queues endianness Stefan Hajnoczi
2021-02-23 16:13   ` Michael S. Tsirkin
2021-02-24 15:12     ` Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 02/12] libqtest: add qtest_socket_server() Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 03/12] libqtest: add qtest_kill_qemu() Stefan Hajnoczi
2021-03-08  6:38   ` Thomas Huth
2021-02-23 14:46 ` [PATCH v3 04/12] libqtest: add qtest_remove_abrt_handler() Stefan Hajnoczi
2021-03-08  6:44   ` Thomas Huth
2021-02-23 14:46 ` [PATCH v3 05/12] test: new qTest case to test the vhost-user-blk-server Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 06/12] tests/qtest: add multi-queue test case to vhost-user-blk-test Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 07/12] block/export: fix blk_size double byteswap Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 08/12] block/export: use VIRTIO_BLK_SECTOR_BITS Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 09/12] block/export: fix vhost-user-blk export sector number calculation Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 10/12] block/export: port virtio-blk discard/write zeroes input validation Stefan Hajnoczi
2021-02-23 14:46 ` [PATCH v3 11/12] vhost-user-blk-test: test discard/write zeroes invalid inputs Stefan Hajnoczi
2021-02-23 14:46 ` Stefan Hajnoczi [this message]
2021-03-03 12:40 ` [PATCH v3 00/12] block/export: vhost-user-blk server tests and input validation Kevin Wolf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210223144653.811468-13-stefanha@redhat.com \
    --to=stefanha@redhat.com \
    --cc=coiby.xu@gmail.com \
    --cc=kwolf@redhat.com \
    --cc=lvivier@redhat.com \
    --cc=mreitz@redhat.com \
    --cc=mst@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    --cc=raphael.norwitz@nutanix.com \
    --cc=thuth@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).