From: Eric Blake <eblake@redhat.com>
To: qemu-devel@nongnu.org, no-reply@patchew.org, vsementsov@virtuozzo.com
Cc: kwolf@redhat.com, famz@redhat.com, qemu-block@nongnu.org,
mreitz@redhat.com, den@openvz.org, pbonzini@redhat.com
Subject: Re: [Qemu-devel] [PATCH v2 0/8] nbd block status base:allocation
Date: Tue, 13 Mar 2018 15:16:35 -0500 [thread overview]
Message-ID: <f63c2e9a-a52f-e028-8bd7-50ea9d3310f9@redhat.com> (raw)
In-Reply-To: <2ccc79fb-1454-85db-5e31-c18a67a32b7c@redhat.com>
On 03/12/2018 10:11 PM, Eric Blake wrote:
>>
>
>> CC block/nbd-client.o
>> CC block/sheepdog.o
>> /var/tmp/patchew-tester-tmp-erqpie2w/src/block/nbd-client.c: In
>> function ‘nbd_client_co_block_status’:
>> /var/tmp/patchew-tester-tmp-erqpie2w/src/block/nbd-client.c:890:15:
>> error: ‘extent.flags’ may be used uninitialized in this function
>> [-Werror=maybe-uninitialized]
>> NBDExtent extent;
>> ^~~~~~
>> /var/tmp/patchew-tester-tmp-erqpie2w/src/block/nbd-client.c:925:19:
>> error: ‘extent.length’ may be used uninitialized in this function
>> [-Werror=maybe-uninitialized]
>> *pnum = extent.length;
>> ~~~~~~^~~~~~~
>
> May be a false positive where the compiler merely can't see through the
> logic, or it might be a real bug; but I suspect either way that the
> solution is to initialize this (I'm guessing patch 5), as in:
>
> NBDExtent extent = { 0 };
Not a sufficient fix - it's probably a real bug in that extent is never
initialized if the NBD_FOREACH_REPLY_CHUNK() loop in
nbd_co_receive_blockstatus_reply() never encounters an
NBD_REPLY_TYPE_BLOCK_STATUS chunk. A malicious server could just reply
with NBD_REPLY_TYPE_NONE (no status reported after all), but the block
layer contract requires us to make progress or return an error. So, if
the server didn't give us any extents, we need to turn it into an error
even if the server did not.
>
> Will squash that in when I get to that part of the review.
>
And I forgot to do it before the pull request v1, oops. Here's what I'm
squashing in for v2:
diff --git i/block/nbd-client.c w/block/nbd-client.c
index be160052cb1..486d73f1c63 100644
--- i/block/nbd-client.c
+++ w/block/nbd-client.c
@@ -694,6 +694,7 @@ static int
nbd_co_receive_blockstatus_reply(NBDClientSession *s,
Error *local_err = NULL;
bool received = false;
+ extent->length = 0;
NBD_FOREACH_REPLY_CHUNK(s, iter, handle, s->info.structured_reply,
NULL, &reply, &payload)
{
@@ -734,6 +735,13 @@ static int
nbd_co_receive_blockstatus_reply(NBDClientSession *s,
payload = NULL;
}
+ if (!extent->length && !iter.err) {
+ error_setg(&iter.err,
+ "Server did not reply with any status extents");
+ if (!iter.ret) {
+ iter.ret = -EIO;
+ }
+ }
error_propagate(errp, iter.err);
return iter.ret;
}
@@ -919,6 +927,7 @@ int coroutine_fn
nbd_client_co_block_status(BlockDriverState *bs,
return ret;
}
+ assert(extent.length);
*pnum = extent.length;
return (extent.flags & NBD_STATE_HOLE ? 0 : BDRV_BLOCK_DATA) |
(extent.flags & NBD_STATE_ZERO ? BDRV_BLOCK_ZERO : 0);
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
next prev parent reply other threads:[~2018-03-13 20:17 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-12 15:21 [Qemu-devel] [PATCH v2 0/8] nbd block status base:allocation Vladimir Sementsov-Ogievskiy
2018-03-12 15:21 ` [Qemu-devel] [PATCH v2 1/8] nbd/server: add nbd_opt_invalid helper Vladimir Sementsov-Ogievskiy
2018-03-13 2:20 ` Eric Blake
2018-03-12 15:21 ` [Qemu-devel] [PATCH v2 2/8] nbd/server: add nbd_read_opt_name helper Vladimir Sementsov-Ogievskiy
2018-03-13 2:31 ` Eric Blake
2018-03-12 15:21 ` [Qemu-devel] [PATCH v2 3/8] nbd: BLOCK_STATUS for standard get_block_status function: server part Vladimir Sementsov-Ogievskiy
2018-03-13 13:47 ` Eric Blake
2018-03-13 13:56 ` Eric Blake
2018-03-12 15:21 ` [Qemu-devel] [PATCH v2 4/8] block/nbd-client: save first fatal error in nbd_iter_error Vladimir Sementsov-Ogievskiy
2018-03-12 15:21 ` [Qemu-devel] [PATCH v2 5/8] nbd: BLOCK_STATUS for standard get_block_status function: client part Vladimir Sementsov-Ogievskiy
2018-03-13 15:38 ` Eric Blake
2018-04-27 12:50 ` Peter Maydell
2018-04-27 13:22 ` Vladimir Sementsov-Ogievskiy
2018-03-12 15:21 ` [Qemu-devel] [PATCH v2 6/8] iotests.py: tiny refactor: move system imports up Vladimir Sementsov-Ogievskiy
2018-03-12 15:21 ` [Qemu-devel] [PATCH v2 7/8] iotests: add file_path helper Vladimir Sementsov-Ogievskiy
2018-03-13 15:43 ` Eric Blake
2018-03-12 15:21 ` [Qemu-devel] [PATCH v2 8/8] iotests: new test 209 for NBD BLOCK_STATUS Vladimir Sementsov-Ogievskiy
2018-03-13 15:50 ` Eric Blake
2018-03-12 15:28 ` [Qemu-devel] [PATCH v2 0/8] nbd block status base:allocation Vladimir Sementsov-Ogievskiy
2018-03-13 1:58 ` Eric Blake
2018-03-13 2:06 ` no-reply
2018-03-13 3:11 ` Eric Blake
2018-03-13 20:16 ` Eric Blake [this message]
2018-03-13 7:55 ` no-reply
2018-03-13 15:55 ` Eric Blake
2018-03-13 16:15 ` Vladimir Sementsov-Ogievskiy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f63c2e9a-a52f-e028-8bd7-50ea9d3310f9@redhat.com \
--to=eblake@redhat.com \
--cc=den@openvz.org \
--cc=famz@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=no-reply@patchew.org \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=vsementsov@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).