From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49825)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1XLags-0007tV-H7
	for qemu-devel@nongnu.org; Sun, 24 Aug 2014 12:30:59 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1XLagh-0006OX-8i
	for qemu-devel@nongnu.org; Sun, 24 Aug 2014 12:30:50 -0400
Received: from mail-qg0-x230.google.com ([2607:f8b0:400d:c04::230]:40672)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1XLagh-0006O9-44
	for qemu-devel@nongnu.org; Sun, 24 Aug 2014 12:30:39 -0400
Received: by mail-qg0-f48.google.com with SMTP id i50so12400885qgf.35
	for <qemu-devel@nongnu.org>; Sun, 24 Aug 2014 09:30:38 -0700 (PDT)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <53FA1327.5020808@redhat.com>
Date: Sun, 24 Aug 2014 18:30:31 +0200
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <00c425bd67fc66567dc683205f8f60f7.squirrel@ssl.dlhnet.de>
	<53F6F3DD.2090804@kamp.de>
	<20140822084246.GA32377@noname.redhat.com>
In-Reply-To: <20140822084246.GA32377@noname.redhat.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Subject: Re: [Qemu-devel] [Fwd: [PATCH v4 07/21] iscsi: Handle failure for
 potentially large allocations]
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Kevin Wolf <kwolf@redhat.com>, Peter Lieven <pl@kamp.de>
Cc: benoit.canet@irqsave.net, maxa@catit.be, qemu-devel@nongnu.org, stefanha@redhat.com

Il 22/08/2014 10:42, Kevin Wolf ha scritto:
> > Unfortunately, I missed that one. The zeroblock is typicalls 512 Byte or 4K depending
> > on the blocksize.
> 
> I don't remember the details, but I think when I went through all
> drivers, I couldn't convince myself that a reasonable block size is
> enforced somewhere. So I just went ahead and converted the call to be on
> the safe side. It can never hurt anyway.

Yeah, a malicious iSCSI target could have unreasonable block sizes.

This means the minimum transfer size for SCSI devices could be on the
order of half a GiB, and that could cause other unbounded allocations in
the read-modify-write code.  Are those protected too?

Paolo