[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 15/17] block/export: port virtio-blk read/write range check
|
From: |
Michael S. Tsirkin |
|
Subject: |
[PULL 15/17] block/export: port virtio-blk read/write range check |
|
Date: |
Sun, 15 Nov 2020 17:27:50 -0500 |
From: Stefan Hajnoczi <stefanha@redhat.com>
Check that the sector number and byte count are valid.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20201111124331.1393747-11-stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
block/export/vhost-user-blk-server.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/block/export/vhost-user-blk-server.c
b/block/export/vhost-user-blk-server.c
index d88e41714d..6d7fd0fec3 100644
--- a/block/export/vhost-user-blk-server.c
+++ b/block/export/vhost-user-blk-server.c
@@ -214,9 +214,23 @@ static void coroutine_fn vu_blk_virtio_process_req(void
*opaque)
QEMUIOVector qiov;
if (is_write) {
qemu_iovec_init_external(&qiov, out_iov, out_num);
+
+ if (unlikely(!vu_blk_sect_range_ok(vexp, req->sector_num,
+ qiov.size))) {
+ req->in->status = VIRTIO_BLK_S_IOERR;
+ break;
+ }
+
ret = blk_co_pwritev(blk, offset, qiov.size, &qiov, 0);
} else {
qemu_iovec_init_external(&qiov, in_iov, in_num);
+
+ if (unlikely(!vu_blk_sect_range_ok(vexp, req->sector_num,
+ qiov.size))) {
+ req->in->status = VIRTIO_BLK_S_IOERR;
+ break;
+ }
+
ret = blk_co_preadv(blk, offset, qiov.size, &qiov, 0);
}
if (ret >= 0) {
--
MST
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [PULL 15/17] block/export: port virtio-blk read/write range check,
Michael S. Tsirkin <=