From patchwork Tue Mar 31 14:06:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 1264778 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=N5un7EZx; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48sB6F0n3dz9sPJ for ; Wed, 1 Apr 2020 01:09:41 +1100 (AEDT) Received: from localhost ([::1]:38642 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jJHaE-0006Vx-W7 for incoming@patchwork.ozlabs.org; Tue, 31 Mar 2020 10:09:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47957) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jJHXq-0002kP-Pa for qemu-devel@nongnu.org; Tue, 31 Mar 2020 10:07:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jJHXp-0007vg-D5 for qemu-devel@nongnu.org; Tue, 31 Mar 2020 10:07:10 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:41174 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jJHXp-0007vP-98 for qemu-devel@nongnu.org; Tue, 31 Mar 2020 10:07:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585663628; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vwF8hbu4xZl3dLIjwlZr2OJsZXfk81SSvzv3n2GE69A=; b=N5un7EZxfCnCmvkdPNBEeqQpDH8ELtd/SqcLkq9lgLGhNOKyxMr5fo0jaOwOpcVKXu9r7K LjTZbokGdXB540rKNYLTwMVakwA0WZZfYlLJtMD939hL/pqG+eRPFBfg2wTh3DgsR07vQt CmmHRNX+lI0xAokiI1PDh6JC9Rf2VzY= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-176-wvkI5LplMMGxw4HoJo6vWQ-1; Tue, 31 Mar 2020 10:07:05 -0400 X-MC-Unique: wvkI5LplMMGxw4HoJo6vWQ-1 Received: by mail-wr1-f70.google.com with SMTP id u16so10054393wrp.14 for ; Tue, 31 Mar 2020 07:07:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=uUPU6s8/wt1p8Ho/mqxi5+dJOTfJbsMKE80XrqhvBkk=; b=EstnNdOyoJNTg8snJkFV/pfGK8UV6M+T8BQxDNjPXE0H41Krbbs3cN61BCpImjjFgu 1+Lgs2iTkc/7wE54t61Bwh4/uImCKRflaiFu/4Mxscvarp/BLmPuMKEEAQPK5z1glLsZ SaR1t0RUDJpWqXNd9Kup1f1dKrSylXPtOF4soY2fpXtibt1OyyKRvg42jJ8aQVRdbk6/ IjY+iZeQe1z3YMJA3Wc7XRmow2zxfGZ8fESrDK6keRNx5EIU90gBc6KQBgwFxBKO9nNC XOU/94c3JZdTkXSuD2gBNv7aKUfQWnG0DREV9Vla3gVlUZKHX0AVU1bitokyWn9n3Ml7 lfKQ== X-Gm-Message-State: ANhLgQ2ILdfpPZX6k0cxN1GbFWOeq1uwNJGuPsk5fs6NcinHYjzLgBmf E0IjO+/aDXGWcboJ3BGSGFbejpd0W+S4gpoLcQ97Dg4t9agVdC3eXuK+fsRAE6nUpp3IU+3ggMy 192Z5JPqktgKkrgQ= X-Received: by 2002:a1c:770a:: with SMTP id t10mr3713745wmi.150.1585663624108; Tue, 31 Mar 2020 07:07:04 -0700 (PDT) X-Google-Smtp-Source: ADFU+vtbpUO9Uac5SNE5Kfxg/r7yRyX6u8wlwnp7lMRIowj1RzZs7ifjSR9Pt457xYJa1SrxSNtcNA== X-Received: by 2002:a1c:770a:: with SMTP id t10mr3713725wmi.150.1585663623866; Tue, 31 Mar 2020 07:07:03 -0700 (PDT) Received: from localhost.localdomain (116.red-83-42-57.dynamicip.rima-tde.net. [83.42.57.116]) by smtp.gmail.com with ESMTPSA id m19sm3916474wml.48.2020.03.31.07.07.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 31 Mar 2020 07:07:03 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH-for-5.0 v2 4/4] qga: Restrict guest-file-read count to 10 MB to avoid crashes Date: Tue, 31 Mar 2020 16:06:38 +0200 Message-Id: <20200331140638.16464-5-philmd@redhat.com> X-Mailer: git-send-email 2.21.1 In-Reply-To: <20200331140638.16464-1-philmd@redhat.com> References: <20200331140638.16464-1-philmd@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 205.139.110.120 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Markus Armbruster , Michael Roth , Fakhri Zulkifli , "Dr . David Alan Gilbert" , Sameeh Jubran , Basil Salman , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?b?w6k=?= , Dietmar Maurer Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" On https://www.mail-archive.com/qemu-devel@nongnu.org/msg693176.html Daniel Berrangé commented: The QEMU guest agent protocol is not sensible way to access huge files inside the guest. It requires the inefficient process of reading the entire data into memory than duplicating it again in base64 format, and then copying it again in the JSON serializer / monitor code. For arbitrary general purpose file access, especially for large files, use a real file transfer program or use a network block device, not the QEMU guest agent. To avoid bug reports as BZ#1594054, follow his suggestion to put a low, hard limit on "count" in the guest agent QAPI schema, and don't allow count to be larger than 10 MB. Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1594054 Reported-by: Fakhri Zulkifli Suggested-by: Daniel P. Berrangé Signed-off-by: Philippe Mathieu-Daudé --- qga/qapi-schema.json | 6 ++++-- qga/commands.c | 6 +++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json index f6fcb59f34..7758d9daf8 100644 --- a/qga/qapi-schema.json +++ b/qga/qapi-schema.json @@ -266,11 +266,13 @@ ## # @guest-file-read: # -# Read from an open file in the guest. Data will be base64-encoded +# Read from an open file in the guest. Data will be base64-encoded. +# As this command is just for limited, ad-hoc debugging, such as log +# file access, the number of bytes to read is limited to 10 MB. # # @handle: filehandle returned by guest-file-open # -# @count: maximum number of bytes to read (default is 4KB) +# @count: maximum number of bytes to read (default is 4KB, maximum is 10MB) # # Returns: @GuestFileRead on success. # diff --git a/qga/commands.c b/qga/commands.c index 8ee1244ebb..c130d1b0f5 100644 --- a/qga/commands.c +++ b/qga/commands.c @@ -11,6 +11,7 @@ */ #include "qemu/osdep.h" +#include "qemu/units.h" #include "guest-agent-core.h" #include "qga-qapi-commands.h" #include "qapi/error.h" @@ -18,11 +19,14 @@ #include "qemu/base64.h" #include "qemu/cutils.h" #include "qemu/atomic.h" +#include "commands-common.h" /* Maximum captured guest-exec out_data/err_data - 16MB */ #define GUEST_EXEC_MAX_OUTPUT (16*1024*1024) /* Allocation and I/O buffer for reading guest-exec out_data/err_data - 4KB */ #define GUEST_EXEC_IO_SIZE (4*1024) +/* Maximum file size to read - 10MB */ +#define GUEST_FILE_READ_COUNT_MAX (10 * MiB) /* Note: in some situations, like with the fsfreeze, logging may be * temporarilly disabled. if it is necessary that a command be able @@ -559,7 +563,7 @@ GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count, } if (!has_count) { count = QGA_READ_COUNT_DEFAULT; - } else if (count < 0 || count >= UINT32_MAX) { + } else if (count < 0 || count > GUEST_FILE_READ_COUNT_MAX) { error_setg(errp, "value '%" PRId64 "' is invalid for argument count", count); return NULL;