[37/53] block/nfs: limit maximum readahead size to 1MB

Message ID	1438255988-10418-38-git-send-email-mdroth@linux.vnet.ibm.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> Gateway: Authorized Use Only! Violators will be prosecuted for <qemu-devel@nongnu.org> from <mdroth@linux.vnet.ibm.com>; Thu, 30 Jul 2015 05:35:34 -0600 Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 30 Jul 2015 05:35:33 -0600 From: Michael Roth <mdroth@linux.vnet.ibm.com> To: qemu-devel@nongnu.org Date: Thu, 30 Jul 2015 06:32:52 -0500 Message-Id: <1438255988-10418-38-git-send-email-mdroth@linux.vnet.ibm.com> In-Reply-To: <1438255988-10418-1-git-send-email-mdroth@linux.vnet.ibm.com> References: <1438255988-10418-1-git-send-email-mdroth@linux.vnet.ibm.com> Cc: Peter Lieven <pl@kamp.de>, qemu-stable@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com> Subject: [Qemu-devel] [PATCH 37/53] block/nfs: limit maximum readahead size to 1MB Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

1438255988-10418-38-git-send-email-mdroth@linux.vnet.ibm.com

State

New

Headers

From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Date: Thu, 30 Jul 2015 06:32:52 -0500
Message-Id: <1438255988-10418-38-git-send-email-mdroth@linux.vnet.ibm.com>
In-Reply-To: <1438255988-10418-1-git-send-email-mdroth@linux.vnet.ibm.com>
References: <1438255988-10418-1-git-send-email-mdroth@linux.vnet.ibm.com>
Cc: Peter Lieven <pl@kamp.de>, qemu-stable@nongnu.org,
	Stefan Hajnoczi <stefanha@redhat.com>
Subject: [Qemu-devel] [PATCH 37/53] block/nfs: limit maximum readahead size
	to 1MB
Precedence: list
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Michael Roth July 30, 2015, 11:32 a.m. UTC

From: Peter Lieven <pl@kamp.de>

a malicious caller could otherwise specify a very
large value via the URI and force libnfs to allocate
a large amount of memory for the readahead buffer.

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Lieven <pl@kamp.de>
Message-id: 1435317241-25585-1-git-send-email-pl@kamp.de
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 29c838cdc96c4d117f00c75bbcb941e1be9590fb)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 block/nfs.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/block/nfs.c b/block/nfs.c
index ca9e24e..c026ff6 100644
--- a/block/nfs.c
+++ b/block/nfs.c
@@ -35,6 +35,8 @@ 
 #include "sysemu/sysemu.h"
 #include <nfsc/libnfs.h>
 
+#define QEMU_NFS_MAX_READAHEAD_SIZE 1048576
+
 typedef struct NFSClient {
     struct nfs_context *context;
     struct nfsfh *fh;
@@ -327,6 +329,11 @@  static int64_t nfs_client_open(NFSClient *client, const char *filename,
             nfs_set_tcp_syncnt(client->context, val);
 #ifdef LIBNFS_FEATURE_READAHEAD
         } else if (!strcmp(qp->p[i].name, "readahead")) {
+            if (val > QEMU_NFS_MAX_READAHEAD_SIZE) {
+                error_report("NFS Warning: Truncating NFS readahead"
+                             " size to %d", QEMU_NFS_MAX_READAHEAD_SIZE);
+                val = QEMU_NFS_MAX_READAHEAD_SIZE;
+            }
             nfs_set_readahead(client->context, val);
 #endif
         } else {

[37/53] block/nfs: limit maximum readahead size to 1MB

Commit Message

Patch