[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH for-2.6?] nbd: Don't mishandle unaligned client
|
From: |
Peter Maydell |
|
Subject: |
Re: [Qemu-devel] [PATCH for-2.6?] nbd: Don't mishandle unaligned client requests |
|
Date: |
Thu, 21 Apr 2016 17:28:17 +0100 |
On 21 April 2016 at 15:42, Eric Blake <address@hidden> wrote:
> The NBD protocol does not (yet) force any alignment constraints
> on clients. Even though qemu NBD clients always send requests
> that are aligned to 512 bytes, we must be prepared for non-qemu
> clients that don't care about alignment (even if it means they
> are less efficient). Our use of blk_read() and blk_write() was
> silently operating on the wrong file offsets when the client
> made an unaligned request, corrupting the client's data (but
> as the client already has control over the file we are serving,
> I don't think it is a security hole, per se, just a data
> corruption bug).
>
> Note that in the case of NBD_CMD_READ, an unaligned length could
> cause us to return up to 511 bytes of uninitialized trailing
> garbage from blk_try_blockalign() - hopefully nothing sensitive
> from the heap's prior usage is ever leaked in that manner.
>
> Signed-off-by: Eric Blake <address@hidden>
> ---
>
> It's late for 2.6, but as a data corruption bug fix, I think
> it's worth having if there is still time.
I want to tag rc3 today, but since it looks like there's going to
be an rc4 for the virtio handler bug this can probably go into rc4
if it gets review.
thanks
-- PMM
Re: [Qemu-devel] [PATCH for-2.6?] nbd: Don't mishandle unaligned client requests, Fam Zheng, 2016/04/22