From nobody Sun Oct 5 21:14:38 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (209.51.188.17 [209.51.188.17]) by mx.zohomail.com with SMTPS id 1548111453122431.40517963510706; Mon, 21 Jan 2019 14:57:33 -0800 (PST) Received: from localhost ([127.0.0.1]:35499 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gliVS-0007cK-M1 for importer@patchew.org; Mon, 21 Jan 2019 17:57:26 -0500 Received: from eggs.gnu.org ([209.51.188.92]:39930) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gliNp-0001FZ-VN for qemu-devel@nongnu.org; Mon, 21 Jan 2019 17:49:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gliNn-00054V-PR for qemu-devel@nongnu.org; Mon, 21 Jan 2019 17:49:32 -0500 Received: from mx1.redhat.com ([209.132.183.28]:33724) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gliNf-0004wj-GK; Mon, 21 Jan 2019 17:49:26 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7E65E7F6C7; Mon, 21 Jan 2019 22:49:18 +0000 (UTC) Received: from blue.redhat.com (ovpn-117-44.phx2.redhat.com [10.3.117.44]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0551760123; Mon, 21 Jan 2019 22:49:17 +0000 (UTC) From: Eric Blake To: qemu-devel@nongnu.org Date: Mon, 21 Jan 2019 16:48:51 -0600 Message-Id: <20190121224907.26634-6-eblake@redhat.com> In-Reply-To: <20190121224907.26634-1-eblake@redhat.com> References: <20190121224907.26634-1-eblake@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Mon, 21 Jan 2019 22:49:18 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 05/21] nbd/server: Hoist length check to qmp_nbd_server_add X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Vladimir Sementsov-Ogievskiy , "open list:Block layer core" , Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" We only had two callers to nbd_export_new; qemu-nbd.c always passed a valid offset/length pair (because it already checked the file length, to ensure that offset was in bounds), while blockdev-nbd.c always passed 0/-1. Then nbd_export_new reduces the size to a multiple of BDRV_SECTOR_SIZE (can only happen when offset is not sector-aligned, since bdrv_getlength() currently rounds up) (someday, it would be nice to have byte-accurate lengths - but not today). However, I'm finding it easier to work with the code if we are consistent on having both callers pass in a valid length, and just assert that things are sane in nbd_export_new, meaning that no negative values were passed, and that offset+size does not exceed 63 bits (as that really is a fundamental limit to later operations, whether we use off_t or uint64_t). Signed-off-by: Eric Blake Message-Id: <20190117193658.16413-6-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy --- blockdev-nbd.c | 10 +++++++++- nbd/server.c | 10 +++------- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/blockdev-nbd.c b/blockdev-nbd.c index c76d5416b90..d73ac1b026a 100644 --- a/blockdev-nbd.c +++ b/blockdev-nbd.c @@ -146,6 +146,7 @@ void qmp_nbd_server_add(const char *device, bool has_na= me, const char *name, BlockDriverState *bs =3D NULL; BlockBackend *on_eject_blk; NBDExport *exp; + int64_t len; if (!nbd_server) { error_setg(errp, "NBD server not running"); @@ -168,6 +169,13 @@ void qmp_nbd_server_add(const char *device, bool has_n= ame, const char *name, return; } + len =3D bdrv_getlength(bs); + if (len < 0) { + error_setg_errno(errp, -len, + "Failed to determine the NBD export's length"); + return; + } + if (!has_writable) { writable =3D false; } @@ -175,7 +183,7 @@ void qmp_nbd_server_add(const char *device, bool has_na= me, const char *name, writable =3D false; } - exp =3D nbd_export_new(bs, 0, -1, name, NULL, bitmap, + exp =3D nbd_export_new(bs, 0, len, name, NULL, bitmap, writable ? 0 : NBD_FLAG_READ_ONLY, NULL, false, on_eject_blk, errp); if (!exp) { diff --git a/nbd/server.c b/nbd/server.c index 6b136019f82..51ee8094e02 100644 --- a/nbd/server.c +++ b/nbd/server.c @@ -1495,17 +1495,13 @@ NBDExport *nbd_export_new(BlockDriverState *bs, off= _t dev_offset, off_t size, exp->refcount =3D 1; QTAILQ_INIT(&exp->clients); exp->blk =3D blk; + assert(dev_offset >=3D 0 && dev_offset <=3D INT64_MAX); exp->dev_offset =3D dev_offset; exp->name =3D g_strdup(name); exp->description =3D g_strdup(description); exp->nbdflags =3D nbdflags; - exp->size =3D size < 0 ? blk_getlength(blk) : size; - if (exp->size < 0) { - error_setg_errno(errp, -exp->size, - "Failed to determine the NBD export's length"); - goto fail; - } - exp->size -=3D exp->size % BDRV_SECTOR_SIZE; + assert(size >=3D 0 && size <=3D INT64_MAX - dev_offset); + exp->size =3D QEMU_ALIGN_DOWN(size, BDRV_SECTOR_SIZE); if (bitmap) { BdrvDirtyBitmap *bm =3D NULL; --=20 2.20.1