From: Peter Maydell <peter.maydell@linaro.org>
To: Stefan Hajnoczi <stefanha@redhat.com>
Cc: "Kevin Wolf" <kwolf@redhat.com>, "Fam Zheng" <fam@euphon.net>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Eduardo Habkost" <ehabkost@redhat.com>,
Qemu-block <qemu-block@nongnu.org>,
"Markus Armbruster" <armbru@redhat.com>,
"Coiby Xu" <Coiby.Xu@gmail.com>,
"QEMU Developers" <qemu-devel@nongnu.org>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Max Reitz" <mreitz@redhat.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Subject: Re: [PULL v3 06/28] block/export: vhost-user block device backend server
Date: Mon, 2 Nov 2020 17:55:38 +0000 [thread overview]
Message-ID: <CAFEAcA9uLPuLr9vn8--b=MBo_wCztKbF_Oi2v0st7Qu1aFQtAw@mail.gmail.com> (raw)
In-Reply-To: <20201023152147.1016281-7-stefanha@redhat.com>
On Fri, 23 Oct 2020 at 16:22, Stefan Hajnoczi <stefanha@redhat.com> wrote:
>
> From: Coiby Xu <coiby.xu@gmail.com>
>
> By making use of libvhost-user, block device drive can be shared to
> the connected vhost-user client. Only one client can connect to the
> server one time.
>
> Since vhost-user-server needs a block drive to be created first, delay
> the creation of this object.
Hi; Coverity points out a possible bug in this function
(CID 1435956):
> +static int coroutine_fn
> +vu_block_discard_write_zeroes(VuBlockReq *req, struct iovec *iov,
> + uint32_t iovcnt, uint32_t type)
> +{
> + struct virtio_blk_discard_write_zeroes desc;
> + ssize_t size = iov_to_buf(iov, iovcnt, 0, &desc, sizeof(desc));
> + if (unlikely(size != sizeof(desc))) {
> + error_report("Invalid size %zd, expect %zu", size, sizeof(desc));
> + return -EINVAL;
> + }
> +
> + VuBlockDev *vdev_blk = get_vu_block_device_by_server(req->server);
> + uint64_t range[2] = { le64_to_cpu(desc.sector) << 9,
> + le32_to_cpu(desc.num_sectors) << 9 };
Here we get a 32-bit integer from desc.num_sectors, and then the
shift left might make it overflow the 32-bit value before it gets
put into a uint64_t in the range array. Should this be
(uint64_t)le32_to_cpu(desc.num_sectors) << 9
?
thanks
-- PMM
next prev parent reply other threads:[~2020-11-02 17:56 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-23 15:21 [PULL v3 00/28] Block patches Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 01/28] block/nvme: Add driver statistics for access alignment and hw errors Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 02/28] libvhost-user: Allow vu_message_read to be replaced Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 03/28] libvhost-user: remove watch for kick_fd when de-initialize vu-dev Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 04/28] util/vhost-user-server: generic vhost user server Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 05/28] block: move logical block size check function to a common utility function Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 06/28] block/export: vhost-user block device backend server Stefan Hajnoczi
2020-11-02 17:55 ` Peter Maydell [this message]
2020-10-23 15:21 ` [PULL v3 07/28] MAINTAINERS: Add vhost-user block device backend server maintainer Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 08/28] util/vhost-user-server: s/fileds/fields/ typo fix Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 09/28] util/vhost-user-server: drop unnecessary QOM cast Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 10/28] util/vhost-user-server: drop unnecessary watch deletion Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 11/28] block/export: consolidate request structs into VuBlockReq Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 12/28] util/vhost-user-server: drop unused DevicePanicNotifier Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 13/28] util/vhost-user-server: fix memory leak in vu_message_read() Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 14/28] util/vhost-user-server: check EOF when reading payload Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 15/28] util/vhost-user-server: rework vu_client_trip() coroutine lifecycle Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 16/28] block/export: report flush errors Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 17/28] block/export: convert vhost-user-blk server to block export API Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 18/28] util/vhost-user-server: move header to include/ Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 19/28] util/vhost-user-server: use static library in meson.build Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 20/28] qemu-storage-daemon: avoid compiling blockdev_ss twice Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 21/28] block: move block exports to libblockdev Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 22/28] block/export: add iothread and fixed-iothread options Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 23/28] block/export: add vhost-user-blk multi-queue support Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 24/28] block/io: fix bdrv_co_block_status_above Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 25/28] block/io: bdrv_common_block_status_above: support include_base Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 26/28] block/io: bdrv_common_block_status_above: support bs == base Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 27/28] block/io: fix bdrv_is_allocated_above Stefan Hajnoczi
2020-10-23 15:21 ` [PULL v3 28/28] iotests: add commit top->base cases to 274 Stefan Hajnoczi
2020-10-23 16:03 ` [PULL v3 00/28] Block patches no-reply
2020-10-26 11:27 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFEAcA9uLPuLr9vn8--b=MBo_wCztKbF_Oi2v0st7Qu1aFQtAw@mail.gmail.com' \
--to=peter.maydell@linaro.org \
--cc=Coiby.Xu@gmail.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=dgilbert@redhat.com \
--cc=ehabkost@redhat.com \
--cc=fam@euphon.net \
--cc=kwolf@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=mreitz@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).