Message ID | 20110406182834.GA471@lst.de |
---|---|
State | New |
Headers | show |
On Wed, Apr 06, 2011 at 08:28:34PM +0200, Christoph Hellwig wrote: > Like all block drivers virtio-blk should not allow small than block size > granularity access. But given that the protocol specifies a > byte unit length field we currently accept such requests, which cause > qemu to abort() in lower layers. Add checks to the main read and > write handlers to catch them early. > > Reported-by: Conor Murphy <conor_murphy_virt@hotmail.com> > Tested-by: Conor Murphy <conor_murphy_virt@hotmail.com> > Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Am 06.04.2011 20:28, schrieb Christoph Hellwig: > Like all block drivers virtio-blk should not allow small than block size > granularity access. But given that the protocol specifies a > byte unit length field we currently accept such requests, which cause > qemu to abort() in lower layers. Add checks to the main read and > write handlers to catch them early. > > Reported-by: Conor Murphy <conor_murphy_virt@hotmail.com> > Tested-by: Conor Murphy <conor_murphy_virt@hotmail.com> > Signed-off-by: Christoph Hellwig <hch@lst.de> Thanks, applied to the block branch. Kevin
Index: qemu/hw/virtio-blk.c =================================================================== --- qemu.orig/hw/virtio-blk.c 2011-03-30 11:46:10.268665534 -0700 +++ qemu/hw/virtio-blk.c 2011-03-30 11:49:45.655247322 -0700 @@ -290,6 +290,10 @@ static void virtio_blk_handle_write(Virt virtio_blk_rw_complete(req, -EIO); return; } + if (req->qiov.size % req->dev->conf->logical_block_size) { + virtio_blk_rw_complete(req, -EIO); + return; + } if (mrb->num_writes == 32) { virtio_submit_multiwrite(req->dev->bs, mrb); @@ -317,6 +321,10 @@ static void virtio_blk_handle_read(VirtI virtio_blk_rw_complete(req, -EIO); return; } + if (req->qiov.size % req->dev->conf->logical_block_size) { + virtio_blk_rw_complete(req, -EIO); + return; + } acb = bdrv_aio_readv(req->dev->bs, sector, &req->qiov, req->qiov.size / BDRV_SECTOR_SIZE,