david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Block layer patches for 2.4.0-rc3

Browse Source 
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJVtkv1AAoJEH8JsnLIjy/W4cYP/1Q5aPFpf9uNW46cVCSsRXm6
 9QFOHuIfhpJSLttzFaE59giRITKsgjC3Vkb2/TTYY9szPIdpmKfl1Taxwx7HOZ7s
 1S8Io2jQqVnCKH9ZtK8lUHYBum5Aqc9PjkiYbTaRhVZx2QjBSY6N2qx8Du4wUXmb
 /rcc7i+8XTlbbT+AHGt7U0VfuGit0iV+T2DBwTtY+KrtYYQXZUpd5+ikWOMqn3l6
 nuoulk7EOFSZrBQraqDmB3XqwDzKvnXAubZDJrHBjgBuzhIEgE3q2X5/LkmPxWaR
 XViWOTnWsJIpT7Xl1whnLuRTlzLFImj+om1vgPEihE0LM7GIVYv9puS9EezS7cO9
 tIPQII/jq035tAxWsNIsFK0ElxlW2t9DYQQEcdJpaZXjRbOokfXn0BfURtIupqXT
 54gN98opRbtx0W/FmrhYECh4WVVBrD/iR2/QylGiHD2IAu2pMi9vyWp3pjUf7rr+
 iQZz0pnLxwtWcdHFs57nqBNN9BJqwx8A8b8tX48u1b3zOqJjJefzI7LnP24HNcpd
 7Ejc7192cRdOqH5emfJ/y7DGr9wSiNLwXW949z1s8YnSac3dQal+7X2dE4XX50kt
 wokEuU+FVTl4fOzfJJiZFb2gd9XzLwIRVh2qsX9+1wIk/Qb82rfdE+IHEtEkqvEw
 6hgYnyruHmRWHbMUDQOs
 =CVEk
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches for 2.4.0-rc3

# gpg: Signature made Mon Jul 27 16:19:17 2015 BST using RSA key ID C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"

* remotes/kevin/tags/for-upstream:
  block: qemu-iotests - add check for multiplication overflow in vpc
  block: vpc - prevent overflow if max_table_entries >= 0x40000000

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell 2015-07-28 09:11:48 +01:00
commit 84a29c7efd
5 changed files with 74 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
block/vpc.c
View File

@ -168,6 +168,7 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags,
uint8_t buf[HEADER_SIZE]; uint8_t buf[HEADER_SIZE];
uint32_t checksum; uint32_t checksum;
uint64_t computed_size; uint64_t computed_size;
uint64_t pagetable_size;
int disk_type = VHD_DYNAMIC; int disk_type = VHD_DYNAMIC;
int ret; int ret;
@ -269,7 +270,17 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags,
goto fail; goto fail;
} }
s->pagetable = qemu_try_blockalign(bs->file, s->max_table_entries * 4); if (s->max_table_entries > SIZE_MAX / 4 ||
s->max_table_entries > (int) INT_MAX / 4) {
error_setg(errp, "Max Table Entries too large (%" PRId32 ")",
s->max_table_entries);
ret = -EINVAL;
goto fail;
}
pagetable_size = (uint64_t) s->max_table_entries * 4;
s->pagetable = qemu_try_blockalign(bs->file, pagetable_size);
if (s->pagetable == NULL) { if (s->pagetable == NULL) {
ret = -ENOMEM; ret = -ENOMEM;
goto fail; goto fail;
@ -277,14 +288,13 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags,
s->bat_offset = be64_to_cpu(dyndisk_header->table_offset); s->bat_offset = be64_to_cpu(dyndisk_header->table_offset);
ret = bdrv_pread(bs->file, s->bat_offset, s->pagetable, ret = bdrv_pread(bs->file, s->bat_offset, s->pagetable, pagetable_size);
s->max_table_entries * 4);
if (ret < 0) { if (ret < 0) {
goto fail; goto fail;
} }
s->free_data_block_offset = s->free_data_block_offset =
(s->bat_offset + (s->max_table_entries * 4) + 511) & ~511; ROUND_UP(s->bat_offset + pagetable_size, 512);
for (i = 0; i < s->max_table_entries; i++) { for (i = 0; i < s->max_table_entries; i++) {
be32_to_cpus(&s->pagetable[i]); be32_to_cpus(&s->pagetable[i]);

54
tests/qemu-iotests/135 Executable file
View File

@ -0,0 +1,54 @@
#!/bin/bash
#
# Test VPC open of image with large Max Table Entries value.
#
# Copyright (C) 2015 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# creator
owner=jcody@redhat.com
seq=`basename $0`
echo "QA output created by $seq"
here=`pwd`
tmp=/tmp/$$
status=1 # failure is the default!
_cleanup()
{
_cleanup_test_img
}
trap "_cleanup; exit \$status" 0 1 2 3 15
# get standard environment, filters and checks
. ./common.rc
. ./common.filter
_supported_fmt vpc
_supported_proto generic
_supported_os Linux
_use_sample_img afl5.img.bz2
echo
echo "=== Verify image open and failure ===="
$QEMU_IMG info "$TEST_IMG" 2>&1| _filter_testdir
# success, all done
echo "*** done"
rm -f $seq.full
status=0

5
tests/qemu-iotests/135.out Normal file
View File

@ -0,0 +1,5 @@
QA output created by 135
=== Verify image open and failure ====
qemu-img: Could not open 'TEST_DIR/afl5.img': Max Table Entries too large (1073741825)
*** done

1
tests/qemu-iotests/group
View File

@ -133,3 +133,4 @@
131 rw auto quick 131 rw auto quick
132 rw auto quick 132 rw auto quick
134 rw auto quick 134 rw auto quick
135 rw auto

BIN
tests/qemu-iotests/sample_images/afl5.img.bz2 Normal file
View File

Binary file not shown.