Google Git
Sign in
qemu / qemu / da15ee5134f715adb07e3688a1c6e8b42cb6ac94
commitda15ee5134f715adb07e3688a1c6e8b42cb6ac94[log] [tgz]
authorKevin Wolf <kwolf@redhat.com>Mon Apr 14 15:39:36 2014 +0200
committerKevin Wolf <kwolf@redhat.com>Tue Apr 22 11:57:02 2014 +0200
tree5f33a291e25b374e131f2c4f375a3524183accf3
parent1dd3a44753f10970ded50950d28353c00bfcaf91 [diff]
block: Catch integer overflow in bdrv_rw_co()

Insanely large requests could cause an integer overflow in
bdrv_rw_co() while converting sectors to bytes. This patch catches the
problem and returns an error (if we hadn't overflown the integer here,
bdrv_check_byte_request() would have rejected the request, so we're not
breaking anything that was supposed to work before).

We actually do have a test case that triggers behaviour where we
accidentally let such a request pass, so that it would return success,
but read 0 bytes instead of the requested 4 GB. It fails now like it
should.

If the vdi block driver wants to be able to deal with huge images, it
can't read the whole block bitmap at once into memory like it does
today, but needs to use a metadata cache like qcow2 does.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2 files changed
tree: 5f33a291e25b374e131f2c4f375a3524183accf3
  1. audio/
  2. backends/
  3. block/
  4. bsd-user/
  5. default-configs/
  6. disas/
  7. docs/
  8. fpu/
  9. fsdev/
  10. gdb-xml/
  11. hw/
  12. include/
  13. libcacard/
  14. linux-headers/
  15. linux-user/
  16. net/
  17. pc-bios/
  18. po/
  19. qapi/
  20. qga/
  21. qobject/
  22. qom/
  23. roms/
  24. scripts/
  25. slirp/
  26. stubs/
  27. sysconfigs/
  28. target-alpha/
  29. target-arm/
  30. target-cris/
  31. target-i386/
  32. target-lm32/
  33. target-m68k/
  34. target-microblaze/
  35. target-mips/
  36. target-moxie/
  37. target-openrisc/
  38. target-ppc/
  39. target-s390x/
  40. target-sh4/
  41. target-sparc/
  42. target-unicore32/
  43. target-xtensa/
  44. tcg/
  45. tests/
  46. trace/
  47. ui/
  48. util/
  49. dtc
  50. pixman
  51. .exrc
  52. .gitignore
  53. .gitmodules
  54. .mailmap
  55. .travis.yml
  56. aio-posix.c
  57. aio-win32.c
  58. arch_init.c
  59. async.c
  60. balloon.c
  61. block-migration.c
  62. block.c
  63. blockdev-nbd.c
  64. blockdev.c
  65. blockjob.c
  66. bt-host.c
  67. bt-vhci.c
  68. Changelog
  69. CODING_STYLE
  70. configure
  71. COPYING
  72. COPYING.LIB
  73. coroutine-gthread.c
  74. coroutine-sigaltstack.c
  75. coroutine-ucontext.c
  76. coroutine-win32.c
  77. cpu-exec.c
  78. cpus.c
  79. cputlb.c
  80. device-hotplug.c
  81. device_tree.c
  82. disas.c
  83. dma-helpers.c
  84. dump.c
  85. exec.c
  86. gdbstub.c
  87. HACKING
  88. hmp-commands.hx
  89. hmp.c
  90. hmp.h
  91. iohandler.c
  92. ioport.c
  93. iothread.c
  94. kvm-all.c
  95. kvm-stub.c
  96. LICENSE
  97. main-loop.c
  98. MAINTAINERS
  99. Makefile
  100. Makefile.objs
  101. Makefile.target
  102. memory.c
  103. memory_mapping.c
  104. migration-exec.c
  105. migration-fd.c
  106. migration-rdma.c
  107. migration-tcp.c
  108. migration-unix.c
  109. migration.c
  110. module-common.c
  111. monitor.c
  112. nbd.c
  113. os-posix.c
  114. os-win32.c
  115. page_cache.c
  116. qapi-schema.json
  117. qdev-monitor.c
  118. qdict-test-data.txt
  119. qemu-bridge-helper.c
  120. qemu-char.c
  121. qemu-coroutine-io.c
  122. qemu-coroutine-lock.c
  123. qemu-coroutine-sleep.c
  124. qemu-coroutine.c
  125. qemu-doc.texi
  126. qemu-file.c
  127. qemu-img-cmds.hx
  128. qemu-img.c
  129. qemu-img.texi
  130. qemu-io-cmds.c
  131. qemu-io.c
  132. qemu-log.c
  133. qemu-nbd.c
  134. qemu-nbd.texi
  135. qemu-options-wrapper.h
  136. qemu-options.h
  137. qemu-options.hx
  138. qemu-seccomp.c
  139. qemu-tech.texi
  140. qemu-timer.c
  141. qemu.nsi
  142. qemu.sasl
  143. qmp-commands.hx
  144. qmp.c
  145. qtest.c
  146. README
  147. rules.mak
  148. savevm.c
  149. spice-qemu-char.c
  150. tcg-runtime.c
  151. tci.c
  152. thread-pool.c
  153. thunk.c
  154. tpm.c
  155. trace-events
  156. translate-all.c
  157. translate-all.h
  158. user-exec.c
  159. VERSION
  160. version.rc
  161. vl.c
  162. vmstate.c
  163. xbzrle.c
  164. xen-all.c
  165. xen-mapcache.c
  166. xen-stub.c