Blame SOURCES/kvm-block-make-vdi-bounds-check-match-upstream.patch

958e1b
From 2f5fb1498fa48ea25f2d4155c9730001931bdef7 Mon Sep 17 00:00:00 2001
958e1b
From: Jeffrey Cody <jcody@redhat.com>
958e1b
Date: Tue, 16 Sep 2014 20:11:41 +0200
958e1b
Subject: [PATCH 03/20] block: make vdi bounds check match upstream
958e1b
958e1b
Message-id: <0935a62fcd0e3cce1ed66aa79fc460804ed938c7.1410897407.git.jcody@redhat.com>
958e1b
Patchwork-id: 61207
958e1b
O-Subject: [PATCH qemu-kvm-rhel RHEL7.1 02/15] block: make vdi bounds check match upstream
958e1b
Bugzilla: 1098086
958e1b
RH-Acked-by: Fam Zheng <famz@redhat.com>
958e1b
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
958e1b
RH-Acked-by: Max Reitz <mreitz@redhat.com>
958e1b
958e1b
There is a slight discrepancy between downstream, and upstream,
958e1b
in a patch done for CVE-2014-0144.  There is no difference in
958e1b
functionality - the (earlier) downstream patch contained a redundant
958e1b
'#define' that was removed upstream, and some upstream added error
958e1b
messages and different error returns.
958e1b
958e1b
Changing this to match upstream will make subsequent backports
958e1b
easier.
958e1b
958e1b
Downstream-only.
958e1b
958e1b
Signed-off-by: Jeff Cody <jcody@redhat.com>
958e1b
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
958e1b
---
958e1b
 block/vdi.c |   15 ++++++++++-----
958e1b
 1 files changed, 10 insertions(+), 5 deletions(-)
958e1b
958e1b
diff --git a/block/vdi.c b/block/vdi.c
958e1b
index 0457298..5e2fad5 100644
958e1b
--- a/block/vdi.c
958e1b
+++ b/block/vdi.c
958e1b
@@ -120,11 +120,10 @@ typedef unsigned char uuid_t[16];
958e1b
 
958e1b
 #define VDI_IS_ALLOCATED(X) ((X) < VDI_DISCARDED)
958e1b
 
958e1b
-#define VDI_BLOCK_SIZE           (1 * MiB)
958e1b
 /* max blocks in image is (0xffffffff / 4) */
958e1b
 #define VDI_BLOCKS_IN_IMAGE_MAX  0x3fffffff
958e1b
 #define VDI_DISK_SIZE_MAX        ((uint64_t)VDI_BLOCKS_IN_IMAGE_MAX * \
958e1b
-                                  (uint64_t)VDI_BLOCK_SIZE)
958e1b
+                                  (uint64_t)DEFAULT_CLUSTER_SIZE)
958e1b
 
958e1b
 #if !defined(CONFIG_UUID)
958e1b
 static inline void uuid_generate(uuid_t out)
958e1b
@@ -392,7 +391,10 @@ static int vdi_open(BlockDriverState *bs, QDict *options, int flags,
958e1b
 #endif
958e1b
 
958e1b
     if (header.disk_size > VDI_DISK_SIZE_MAX) {
958e1b
-        ret = -EINVAL;
958e1b
+        error_setg(errp, "Unsupported VDI image size (size is 0x%" PRIx64
958e1b
+                         ", max supported is 0x%" PRIx64 ")",
958e1b
+                          header.disk_size, VDI_DISK_SIZE_MAX);
958e1b
+        ret = -ENOTSUP;
958e1b
         goto fail;
958e1b
     }
958e1b
 
958e1b
@@ -428,7 +430,7 @@ static int vdi_open(BlockDriverState *bs, QDict *options, int flags,
958e1b
         logout("unsupported sector size %u B\n", header.sector_size);
958e1b
         ret = -ENOTSUP;
958e1b
         goto fail;
958e1b
-    } else if (header.block_size != VDI_BLOCK_SIZE) {
958e1b
+    } else if (header.block_size != DEFAULT_CLUSTER_SIZE) {
958e1b
         logout("unsupported block size %u B\n", header.block_size);
958e1b
         ret = -ENOTSUP;
958e1b
         goto fail;
958e1b
@@ -698,7 +700,10 @@ static int vdi_create(const char *filename, QEMUOptionParameter *options,
958e1b
     }
958e1b
 
958e1b
     if (bytes > VDI_DISK_SIZE_MAX) {
958e1b
-        result = -EINVAL;
958e1b
+        result = -ENOTSUP;
958e1b
+        error_setg(errp, "Unsupported VDI image size (size is 0x%" PRIx64
958e1b
+                         ", max supported is 0x%" PRIx64 ")",
958e1b
+                          bytes, VDI_DISK_SIZE_MAX);
958e1b
         goto exit;
958e1b
     }
958e1b
 
958e1b
-- 
958e1b
1.7.1
958e1b