|
 |
958e1b |
From 2f5fb1498fa48ea25f2d4155c9730001931bdef7 Mon Sep 17 00:00:00 2001
|
|
|
958e1b |
From: Jeffrey Cody <jcody@redhat.com>
|
|
|
958e1b |
Date: Tue, 16 Sep 2014 20:11:41 +0200
|
|
|
958e1b |
Subject: [PATCH 03/20] block: make vdi bounds check match upstream
|
|
|
958e1b |
|
|
|
958e1b |
Message-id: <0935a62fcd0e3cce1ed66aa79fc460804ed938c7.1410897407.git.jcody@redhat.com>
|
|
|
958e1b |
Patchwork-id: 61207
|
|
|
958e1b |
O-Subject: [PATCH qemu-kvm-rhel RHEL7.1 02/15] block: make vdi bounds check match upstream
|
|
|
958e1b |
Bugzilla: 1098086
|
|
|
958e1b |
RH-Acked-by: Fam Zheng <famz@redhat.com>
|
|
|
958e1b |
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
|
958e1b |
RH-Acked-by: Max Reitz <mreitz@redhat.com>
|
|
|
958e1b |
|
|
|
958e1b |
There is a slight discrepancy between downstream, and upstream,
|
|
|
958e1b |
in a patch done for CVE-2014-0144. There is no difference in
|
|
|
958e1b |
functionality - the (earlier) downstream patch contained a redundant
|
|
|
958e1b |
'#define' that was removed upstream, and some upstream added error
|
|
|
958e1b |
messages and different error returns.
|
|
|
958e1b |
|
|
|
958e1b |
Changing this to match upstream will make subsequent backports
|
|
|
958e1b |
easier.
|
|
|
958e1b |
|
|
|
958e1b |
Downstream-only.
|
|
|
958e1b |
|
|
|
958e1b |
Signed-off-by: Jeff Cody <jcody@redhat.com>
|
|
|
958e1b |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
958e1b |
---
|
|
|
958e1b |
block/vdi.c | 15 ++++++++++-----
|
|
|
958e1b |
1 files changed, 10 insertions(+), 5 deletions(-)
|
|
|
958e1b |
|
|
|
958e1b |
diff --git a/block/vdi.c b/block/vdi.c
|
|
|
958e1b |
index 0457298..5e2fad5 100644
|
|
|
958e1b |
--- a/block/vdi.c
|
|
|
958e1b |
+++ b/block/vdi.c
|
|
|
958e1b |
@@ -120,11 +120,10 @@ typedef unsigned char uuid_t[16];
|
|
|
958e1b |
|
|
|
958e1b |
#define VDI_IS_ALLOCATED(X) ((X) < VDI_DISCARDED)
|
|
|
958e1b |
|
|
|
958e1b |
-#define VDI_BLOCK_SIZE (1 * MiB)
|
|
|
958e1b |
/* max blocks in image is (0xffffffff / 4) */
|
|
|
958e1b |
#define VDI_BLOCKS_IN_IMAGE_MAX 0x3fffffff
|
|
|
958e1b |
#define VDI_DISK_SIZE_MAX ((uint64_t)VDI_BLOCKS_IN_IMAGE_MAX * \
|
|
|
958e1b |
- (uint64_t)VDI_BLOCK_SIZE)
|
|
|
958e1b |
+ (uint64_t)DEFAULT_CLUSTER_SIZE)
|
|
|
958e1b |
|
|
|
958e1b |
#if !defined(CONFIG_UUID)
|
|
|
958e1b |
static inline void uuid_generate(uuid_t out)
|
|
|
958e1b |
@@ -392,7 +391,10 @@ static int vdi_open(BlockDriverState *bs, QDict *options, int flags,
|
|
|
958e1b |
#endif
|
|
|
958e1b |
|
|
|
958e1b |
if (header.disk_size > VDI_DISK_SIZE_MAX) {
|
|
|
958e1b |
- ret = -EINVAL;
|
|
|
958e1b |
+ error_setg(errp, "Unsupported VDI image size (size is 0x%" PRIx64
|
|
|
958e1b |
+ ", max supported is 0x%" PRIx64 ")",
|
|
|
958e1b |
+ header.disk_size, VDI_DISK_SIZE_MAX);
|
|
|
958e1b |
+ ret = -ENOTSUP;
|
|
|
958e1b |
goto fail;
|
|
|
958e1b |
}
|
|
|
958e1b |
|
|
|
958e1b |
@@ -428,7 +430,7 @@ static int vdi_open(BlockDriverState *bs, QDict *options, int flags,
|
|
|
958e1b |
logout("unsupported sector size %u B\n", header.sector_size);
|
|
|
958e1b |
ret = -ENOTSUP;
|
|
|
958e1b |
goto fail;
|
|
|
958e1b |
- } else if (header.block_size != VDI_BLOCK_SIZE) {
|
|
|
958e1b |
+ } else if (header.block_size != DEFAULT_CLUSTER_SIZE) {
|
|
|
958e1b |
logout("unsupported block size %u B\n", header.block_size);
|
|
|
958e1b |
ret = -ENOTSUP;
|
|
|
958e1b |
goto fail;
|
|
|
958e1b |
@@ -698,7 +700,10 @@ static int vdi_create(const char *filename, QEMUOptionParameter *options,
|
|
|
958e1b |
}
|
|
|
958e1b |
|
|
|
958e1b |
if (bytes > VDI_DISK_SIZE_MAX) {
|
|
|
958e1b |
- result = -EINVAL;
|
|
|
958e1b |
+ result = -ENOTSUP;
|
|
|
958e1b |
+ error_setg(errp, "Unsupported VDI image size (size is 0x%" PRIx64
|
|
|
958e1b |
+ ", max supported is 0x%" PRIx64 ")",
|
|
|
958e1b |
+ bytes, VDI_DISK_SIZE_MAX);
|
|
|
958e1b |
goto exit;
|
|
|
958e1b |
}
|
|
|
958e1b |
|
|
|
958e1b |
--
|
|
|
958e1b |
1.7.1
|
|
|
958e1b |
|