Re: [PATCH for-5.2 10/10] block/export: port virtio-blk read/write range check

[Max Reitz]

On 11.11.20 13:43, Stefan Hajnoczi wrote:
> Check that the sector number and byte count are valid.
>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
>   block/export/vhost-user-blk-server.c | 14 ++++++++++++++
>   1 file changed, 14 insertions(+)
>
> diff --git a/block/export/vhost-user-blk-server.c 
> b/block/export/vhost-user-blk-server.c
> index d88e41714d..6d7fd0fec3 100644
> --- a/block/export/vhost-user-blk-server.c
> +++ b/block/export/vhost-user-blk-server.c
> @@ -214,9 +214,23 @@ static void coroutine_fn vu_blk_virtio_process_req(void 
> *opaque)
>           QEMUIOVector qiov;
>           if (is_write) {
>               qemu_iovec_init_external(&qiov, out_iov, out_num);
> +
> +            if (unlikely(!vu_blk_sect_range_ok(vexp, req->sector_num,
> +                                               qiov.size))) {
> +                req->in->status = VIRTIO_BLK_S_IOERR;
> +                break;
> +            }
> +
>               ret = blk_co_pwritev(blk, offset, qiov.size, &qiov, 0);
>           } else {
>               qemu_iovec_init_external(&qiov, in_iov, in_num);
> +
> +            if (unlikely(!vu_blk_sect_range_ok(vexp, req->sector_num,
> +                                               qiov.size))) {
> +                req->in->status = VIRTIO_BLK_S_IOERR;
> +                break;
> +            }
> +
>               ret = blk_co_preadv(blk, offset, qiov.size, &qiov, 0);
>           }
>           if (ret >= 0) {

req->sector_num is not a block layer sector, though (i.e. not a 512-byte 
sector); it references sectors of size vexp->blk_size (which I presume 
aren’t necessarily 512 bytes in length).

Second, I now understand why vu_blk_sect_range_ok() takes a byte length; 
but with an arbitrary length as given here, it must also round that down 
when converting that length to block layer sectors.  (Or just compare 
the byte length against the result of bdrv_getlength().)

Max