yeahuh / rpms / qemu-kvm

Forked from rpms/qemu-kvm 2 years ago
Clone
958e1b
From 55767ddb818ef53eee50777bd276cbf7e7813bfb Mon Sep 17 00:00:00 2001
958e1b
From: Markus Armbruster <armbru@redhat.com>
958e1b
Date: Fri, 31 Oct 2014 16:29:54 +0100
958e1b
Subject: [PATCH 17/19] virtio-blk: Treat read/write beyond end as invalid
958e1b
958e1b
Message-id: <1414772996-17272-4-git-send-email-armbru@redhat.com>
958e1b
Patchwork-id: 62019
958e1b
O-Subject: [PATCH RHEL-7.1 qemu-kvm 3/5] virtio-blk: Treat read/write beyond end as invalid
958e1b
Bugzilla: 1085232
958e1b
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
958e1b
RH-Acked-by: Fam Zheng <famz@redhat.com>
958e1b
958e1b
The block layer fails such reads and writes just fine.  However, they
958e1b
then get treated like valid operations that fail: the error action
958e1b
gets executed.  Unwanted; reporting the error to the guest is the only
958e1b
sensible action.
958e1b
958e1b
Reject them before passing them to the block layer.  This bypasses the
958e1b
error action and I/O accounting.
958e1b
958e1b
Signed-off-by: Markus Armbruster <armbru@redhat.com>
958e1b
Reviewed-by: Fam Zheng <famz@redhat.com>
958e1b
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
958e1b
(cherry picked from commit 3c2daac0b98952a858277878cb11294256b39e43)
958e1b
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
958e1b
---
958e1b
 hw/block/virtio-blk.c | 7 +++++++
958e1b
 1 file changed, 7 insertions(+)
958e1b
958e1b
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
958e1b
index ffb311c..4f6aa22 100644
958e1b
--- a/hw/block/virtio-blk.c
958e1b
+++ b/hw/block/virtio-blk.c
958e1b
@@ -284,12 +284,19 @@ static void virtio_blk_handle_flush(VirtIOBlockReq *req, MultiReqBuffer *mrb)
958e1b
 static bool virtio_blk_sect_range_ok(VirtIOBlock *dev,
958e1b
                                      uint64_t sector, size_t size)
958e1b
 {
958e1b
+    uint64_t nb_sectors = size >> BDRV_SECTOR_BITS;
958e1b
+    uint64_t total_sectors;
958e1b
+
958e1b
     if (sector & dev->sector_mask) {
958e1b
         return false;
958e1b
     }
958e1b
     if (size % dev->conf->logical_block_size) {
958e1b
         return false;
958e1b
     }
958e1b
+    bdrv_get_geometry(dev->bs, &total_sectors);
958e1b
+    if (sector > total_sectors || nb_sectors > total_sectors - sector) {
958e1b
+        return false;
958e1b
+    }
958e1b
     return true;
958e1b
 }
958e1b
 
958e1b
-- 
958e1b
1.8.3.1
958e1b