Tree - rpms/qemu-kvm - CentOS Git server

cryptospore / rpms / qemu-kvm

Forked from rpms/qemu-kvm 2 years ago

Source
Stats

Blame SOURCES/kvm-iscsi-Avoid-potential-for-get_status-overflow.patch

Blob History Raw

Pablo Greco	e6a3ae	`From 242abde4b0152142787bd3200de5cc35863da59a Mon Sep 17 00:00:00 2001`
Pablo Greco	e6a3ae	`From: jmaloy <jmaloy@redhat.com>`
Pablo Greco	e6a3ae	`Date: Wed, 29 Jan 2020 21:41:14 +0000`
Pablo Greco	e6a3ae	`Subject: [PATCH 1/6] iscsi: Avoid potential for get_status overflow`
Pablo Greco	e6a3ae	`MIME-Version: 1.0`
Pablo Greco	e6a3ae	`Content-Type: text/plain; charset=UTF-8`
Pablo Greco	e6a3ae	`Content-Transfer-Encoding: 8bit`
Pablo Greco	e6a3ae
Pablo Greco	e6a3ae	`RH-Author: jmaloy <jmaloy@redhat.com>`
Pablo Greco	e6a3ae	`Message-id: <20200129214115.19979-2-jmaloy@redhat.com>`
Pablo Greco	e6a3ae	`Patchwork-id: 93587`
Pablo Greco	e6a3ae	`O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 1/2] iscsi: Avoid potential for get_status overflow`
Pablo Greco	e6a3ae	`Bugzilla: 1794501`
Pablo Greco	e6a3ae	`RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>`
Pablo Greco	e6a3ae	`RH-Acked-by: Kevin Wolf <kwolf@redhat.com>`
Pablo Greco	e6a3ae	`RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>`
Pablo Greco	e6a3ae
Pablo Greco	e6a3ae	`From: Eric Blake <eblake@redhat.com>`
Pablo Greco	e6a3ae
Pablo Greco	e6a3ae	`Detected by Coverity: Multiplying two 32-bit int and assigning`
Pablo Greco	e6a3ae	`the result to a 64-bit number is a risk of overflow. Prior to`
Pablo Greco	e6a3ae	`the conversion to byte-based interfaces, the block layer took`
Pablo Greco	e6a3ae	`care of ensuring that a status request never exceeded 2G in`
Pablo Greco	e6a3ae	`the driver; but after that conversion, the block layer expects`
Pablo Greco	e6a3ae	`drivers to deal with any size request (the driver can always`
Pablo Greco	e6a3ae	`truncate the request size back down, as long as it makes`
Pablo Greco	e6a3ae	`progress). So, in the off-chance that someone makes a large`
Pablo Greco	e6a3ae	`request, we are at the mercy of whether iscsi_get_lba_status_task()`
Pablo Greco	e6a3ae	`will cap things to at most INT_MAX / iscsilun->block_size when`
Pablo Greco	e6a3ae	`it populates lbasd->num_blocks; since I could not easily audit`
Pablo Greco	e6a3ae	`that, it's better to be safe than sorry by just forcing a 64-bit`
Pablo Greco	e6a3ae	`multiply.`
Pablo Greco	e6a3ae
Pablo Greco	e6a3ae	`Fixes: 92809c36`
Pablo Greco	e6a3ae	`CC: qemu-stable@nongnu.org`
Pablo Greco	e6a3ae	`Signed-off-by: Eric Blake <eblake@redhat.com>`
Pablo Greco	e6a3ae	`Message-Id: <20180508212718.1482663-1-eblake@redhat.com>`
Pablo Greco	e6a3ae	`Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>`
Pablo Greco	e6a3ae	`(cherry picked from commit 8ee1cef4593a7bda076891470c0620e79333c0d0)`
Pablo Greco	e6a3ae	`Signed-off-by: Jon Maloy <jmaloy@redhat.com>`
Pablo Greco	e6a3ae	`Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>`
Pablo Greco	e6a3ae	`---`
Pablo Greco	e6a3ae	`block/iscsi.c \| 2 +-`
Pablo Greco	e6a3ae	`1 file changed, 1 insertion(+), 1 deletion(-)`
Pablo Greco	e6a3ae
Pablo Greco	e6a3ae	`diff --git a/block/iscsi.c b/block/iscsi.c`
Pablo Greco	e6a3ae	`index c412b12..336ce49 100644`
Pablo Greco	e6a3ae	`--- a/block/iscsi.c`
Pablo Greco	e6a3ae	`+++ b/block/iscsi.c`
Pablo Greco	e6a3ae	`@@ -734,7 +734,7 @@ retry:`
Pablo Greco	e6a3ae	`goto out_unlock;`
Pablo Greco	e6a3ae	`}`
Pablo Greco	e6a3ae
Pablo Greco	e6a3ae	`- pnum = lbasd->num_blocks iscsilun->block_size;`
Pablo Greco	e6a3ae	`+ pnum = (int64_t) lbasd->num_blocks iscsilun->block_size;`
Pablo Greco	e6a3ae
Pablo Greco	e6a3ae	`if (lbasd->provisioning == SCSI_PROVISIONING_TYPE_DEALLOCATED \|\|`
Pablo Greco	e6a3ae	`lbasd->provisioning == SCSI_PROVISIONING_TYPE_ANCHORED) {`
Pablo Greco	e6a3ae	`--`
Pablo Greco	e6a3ae	`1.8.3.1`
Pablo Greco	e6a3ae

cryptospore / rpms / qemu-kvm

Source Code

Blame SOURCES/kvm-iscsi-Avoid-potential-for-get_status-overflow.patch