Commit 3026c468 authored by Alberto Garcia's avatar Alberto Garcia Committed by Max Reitz
Browse files

qemu-io: don't allow I/O operations larger than BDRV_REQUEST_MAX_BYTES 



Passing a request size larger than BDRV_REQUEST_MAX_BYTES to any of the
I/O commands results in an error. While 'read' and 'write' handle the
error correctly, 'aio_read' and 'aio_write' hit an assertion:

blk_aio_read_entry: Assertion `rwco->qiov->size == acb->bytes' failed.

The reason is that the QEMU I/O code cannot handle request sizes
larger than BDRV_REQUEST_MAX_BYTES, so this patch makes qemu-io check
that all values are within range.

Signed-off-by: default avatarAlberto Garcia <berto@igalia.com>
Message-id: 79f66648c685929a144396bda24d13a207131dcf.1485878688.git.berto@igalia.com
[mreitz: Use BDRV_REQUEST_MAX_BYTES instead of INT_MAX]
Signed-off-by: default avatarMax Reitz <mreitz@redhat.com>
parent 7061a078

qemu-io-cmds.c

+13 −7
Original line number Diff line number Diff line
@@ -388,9 +388,15 @@ create_iovec(BlockBackend *blk, QEMUIOVector *qiov, char **argv, int nr_iov, 
            goto fail;

        }



        if (len > SIZE_MAX) {

            printf("Argument '%s' exceeds maximum size %llu\n", arg,

                   (unsigned long long)SIZE_MAX);

        if (len > BDRV_REQUEST_MAX_BYTES) {

            printf("Argument '%s' exceeds maximum size %" PRIu64 "\n", arg,

                   (uint64_t)BDRV_REQUEST_MAX_BYTES);

            goto fail;

        }



        if (count > BDRV_REQUEST_MAX_BYTES - len) {

            printf("The total number of bytes exceed the maximum size %" PRIu64

                   "\n", (uint64_t)BDRV_REQUEST_MAX_BYTES);

            goto fail;

        }
@@ -682,9 +688,9 @@ static int read_f(BlockBackend *blk, int argc, char **argv) 
    if (count < 0) {

        print_cvtnum_err(count, argv[optind]);

        return 0;

    } else if (count > SIZE_MAX) {

    } else if (count > BDRV_REQUEST_MAX_BYTES) {

        printf("length cannot exceed %" PRIu64 ", given %s\n",

               (uint64_t) SIZE_MAX, argv[optind]);

               (uint64_t)BDRV_REQUEST_MAX_BYTES, argv[optind]);

        return 0;

    }
@@ -1004,9 +1010,9 @@ static int write_f(BlockBackend *blk, int argc, char **argv) 
    if (count < 0) {

        print_cvtnum_err(count, argv[optind]);

        return 0;

    } else if (count > SIZE_MAX) {

    } else if (count > BDRV_REQUEST_MAX_BYTES) {

        printf("length cannot exceed %" PRIu64 ", given %s\n",

               (uint64_t) SIZE_MAX, argv[optind]);

               (uint64_t)BDRV_REQUEST_MAX_BYTES, argv[optind]);

        return 0;

    }