[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 94/99] iscsi: Avoid potential for get_status overfl
|
From: |
Michael Roth |
|
Subject: |
[Qemu-stable] [PATCH 94/99] iscsi: Avoid potential for get_status overflow |
|
Date: |
Mon, 23 Jul 2018 15:17:43 -0500 |
From: Eric Blake <address@hidden>
Detected by Coverity: Multiplying two 32-bit int and assigning
the result to a 64-bit number is a risk of overflow. Prior to
the conversion to byte-based interfaces, the block layer took
care of ensuring that a status request never exceeded 2G in
the driver; but after that conversion, the block layer expects
drivers to deal with any size request (the driver can always
truncate the request size back down, as long as it makes
progress). So, in the off-chance that someone makes a large
request, we are at the mercy of whether iscsi_get_lba_status_task()
will cap things to at most INT_MAX / iscsilun->block_size when
it populates lbasd->num_blocks; since I could not easily audit
that, it's better to be safe than sorry by just forcing a 64-bit
multiply.
Fixes: 92809c36
CC: address@hidden
Signed-off-by: Eric Blake <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
(cherry picked from commit 8ee1cef4593a7bda076891470c0620e79333c0d0)
Signed-off-by: Michael Roth <address@hidden>
---
block/iscsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/iscsi.c b/block/iscsi.c
index f5aecfc883..871947feae 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -732,7 +732,7 @@ retry:
goto out_unlock;
}
- *pnum = lbasd->num_blocks * iscsilun->block_size;
+ *pnum = (int64_t) lbasd->num_blocks * iscsilun->block_size;
if (lbasd->provisioning == SCSI_PROVISIONING_TYPE_DEALLOCATED ||
lbasd->provisioning == SCSI_PROVISIONING_TYPE_ANCHORED) {
--
2.17.1
- [Qemu-stable] [PATCH 84/99] target/arm: Implement FMOV (immediate) for fp16, (continued)
- [Qemu-stable] [PATCH 84/99] target/arm: Implement FMOV (immediate) for fp16, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 85/99] target/arm: Fix sqrt_f16 exception raising, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 86/99] hw/isa/superio: Fix inconsistent use of Chardev->be, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 87/99] mux: fix ctrl-a b again, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 88/99] nfs: Remove processed options from QDict, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 89/99] replace functions which are only available in glib-2.24, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 90/99] vfio/pci: Default display option to "off", Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 91/99] migration/block-dirty-bitmap: fix dirty_bitmap_load, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 08/99] target/ppc: always set PPC_MEM_TLBIE in pre 2.8 migration hack, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 92/99] tcg: Reduce max TB opcode count, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 94/99] iscsi: Avoid potential for get_status overflow,
Michael Roth <=
- [Qemu-stable] [PATCH 93/99] nbd/server: Reject 0-length block status request, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 95/99] virtio-rng: process pending requests on DRIVER_OK, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 96/99] target/ppc: set is_jmp on ppc_tr_breakpoint_check, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 97/99] tap: fix memory leak on success to create a tap device, Michael Roth, 2018/07/23
- [Qemu-stable] [PATCH 98/99] qemu-img: avoid overflow of min_sparse parameter, Michael Roth, 2018/07/23