qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 05/17] block/io: support int64_t bytes in bdrv_co_do_pwrit

From: Eric Blake
Subject: Re: [PATCH v3 05/17] block/io: support int64_t bytes in bdrv_co_do_pwrite_zeroes()
Date: Tue, 23 Jun 2020 11:37:42 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 
On 6/23/20 5:20 AM, Vladimir Sementsov-Ogievskiy wrote:

11.05.2020 21:34, Eric Blake wrote:

On 5/11/20 12:17 PM, Alberto Garcia wrote:

On Thu 30 Apr 2020 01:10:21 PM CEST, Vladimir Sementsov-Ogievskiy wrote:

     compute 'int tail' via % 'int alignment' - safe


     tail = (offset + bytes) % alignment;

both are int64_t, no chance of overflow here?
Good question - I know several places check that offset+bytes does not overflow, but did not specifically audit if this one does.  Adding an assert() in this function may be easier than trying to prove all callers pass in safe values.
Hm, it's preexisting, as int64_t + int may overflow as well. Strange, but I don't see overflow check neither in blk_check_byte_request nor in bdrv_check_byte_request. Only discard, which recently dropped call of bdrv_check_byte_request() has this check.
In fact, iotest 197 (see commit 461743390) is an instance of testing for a bug where we overflowed INT_MAX due to rounding up to cluster size, even with a transaction request smaller than limits.
I can add a patch for overflow check in blk_check_byte_request and bdrv_check_byte_request.. But what about alignment? There may be requests, for which bytes + offset doesn't overflow, but do overflow after aligning up. Refactor bdrv_pad_request() to return an error if we can't pad request due to overflow?
The only cases where int64_t + int can overflow due to rounding up for alignment are when the file size is extremely close to 2^63 bytes already. The easiest fix is to reject opening a file that reports a size that would overflow when rounded up to alignment (that is, if size > INT64_MAX - alignment, we should refuse to proceed). Such images will never occur for actual disk images (because that is really a LOT of storage), but are possible over things like NBD (in fact, nbdkit has intentionally made it easy to provoke boundary testing near 2^63 bytes, and is already aware that anything larger than 2^63-512 is problematic in qemu). 

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org
reply via email to
[Prev in Thread] Current Thread [Next in Thread]