thebeanogamer / rpms / qemu-kvm

Forked from rpms/qemu-kvm 5 months ago
Clone

Blame SOURCES/kvm-nbd-client-Reject-inaccessible-tail-of-inconsistent-.patch

4ec855
From e49b010d5f866b3ee7efbf40398f0a0832ce8801 Mon Sep 17 00:00:00 2001
4ec855
From: Max Reitz <mreitz@redhat.com>
4ec855
Date: Tue, 23 Jul 2019 14:45:43 +0100
4ec855
Subject: [PATCH 05/14] nbd/client: Reject inaccessible tail of inconsistent
4ec855
 server
4ec855
4ec855
RH-Author: Max Reitz <mreitz@redhat.com>
4ec855
Message-id: <20190723144546.23701-5-mreitz@redhat.com>
4ec855
Patchwork-id: 89649
4ec855
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 4/7] nbd/client: Reject inaccessible tail of inconsistent server
4ec855
Bugzilla: 1678979
4ec855
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
4ec855
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
4ec855
RH-Acked-by: John Snow <jsnow@redhat.com>
4ec855
4ec855
From: Eric Blake <eblake@redhat.com>
4ec855
4ec855
The NBD spec suggests that a server should never advertise a size
4ec855
inconsistent with its minimum block alignment, as that tail is
4ec855
effectively inaccessible to a compliant client obeying those block
4ec855
constraints. Since we have a habit of rounding up rather than
4ec855
truncating, to avoid losing the last few bytes of user input, and we
4ec855
cannot access the tail when the server advertises bogus block sizing,
4ec855
abort the connection to alert the server to fix their bug.  And
4ec855
rejecting such servers matches what we already did for a min_block
4ec855
that was not a power of 2 or which was larger than max_block.
4ec855
4ec855
Does not impact either qemu (which always sends properly aligned
4ec855
sizes) or nbdkit (which does not send minimum block requirements yet);
4ec855
so this is mostly aimed at new NBD server implementations, and ensures
4ec855
that the rest of our code can assume the size is aligned.
4ec855
4ec855
Signed-off-by: Eric Blake <eblake@redhat.com>
4ec855
Message-Id: <20190330155704.24191-1-eblake@redhat.com>
4ec855
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
4ec855
(cherry picked from commit 3add3ab78247fd347fd6f377a4b951022ac35d35)
4ec855
Signed-off-by: Max Reitz <mreitz@redhat.com>
4ec855
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
4ec855
---
4ec855
 nbd/client.c | 8 ++++++++
4ec855
 1 file changed, 8 insertions(+)
4ec855
4ec855
diff --git a/nbd/client.c b/nbd/client.c
4ec855
index 25603f2..c828faf 100644
4ec855
--- a/nbd/client.c
4ec855
+++ b/nbd/client.c
4ec855
@@ -416,6 +416,14 @@ static int nbd_opt_go(QIOChannel *ioc, const char *wantname,
4ec855
                 nbd_send_opt_abort(ioc);
4ec855
                 return -1;
4ec855
             }
4ec855
+            if (info->min_block &&
4ec855
+                !QEMU_IS_ALIGNED(info->size, info->min_block)) {
4ec855
+                error_setg(errp, "export size %" PRIu64 "is not multiple of "
4ec855
+                           "minimum block size %" PRIu32, info->size,
4ec855
+                           info->min_block);
4ec855
+                nbd_send_opt_abort(ioc);
4ec855
+                return -1;
4ec855
+            }
4ec855
             be16_to_cpus(&info->flags);
4ec855
             trace_nbd_receive_negotiate_size_flags(info->size, info->flags);
4ec855
             break;
4ec855
-- 
4ec855
1.8.3.1
4ec855