From patchwork Thu Jul 12 19:08:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Lieven X-Patchwork-Id: 10522205 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 79A5F602C8 for ; Thu, 12 Jul 2018 19:09:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 64EBD29BC1 for ; Thu, 12 Jul 2018 19:09:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 58EF429BF3; Thu, 12 Jul 2018 19:09:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B23C829BD7 for ; Thu, 12 Jul 2018 19:09:55 +0000 (UTC) Received: from localhost ([::1]:33593 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fdgyQ-0006aa-Is for patchwork-qemu-devel@patchwork.kernel.org; Thu, 12 Jul 2018 15:09:54 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:39825) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fdgxe-00064t-0t for qemu-devel@nongnu.org; Thu, 12 Jul 2018 15:09:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fdgxa-0008Jk-0c for qemu-devel@nongnu.org; Thu, 12 Jul 2018 15:09:05 -0400 Received: from mx-v6.kamp.de ([2a02:248:0:51::16]:60209 helo=mx01.kamp.de) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fdgxZ-0008Ht-MQ for qemu-devel@nongnu.org; Thu, 12 Jul 2018 15:09:01 -0400 Received: (qmail 12563 invoked by uid 89); 12 Jul 2018 19:08:58 -0000 Received: from [195.62.97.192] by client-16-kamp (envelope-from , uid 89) with qmail-scanner-2010/03/19-MF (clamdscan: 0.100.1/24746. avast: 1.2.2/17010300. spamassassin: 3.4.1. Clear:RC:1(195.62.97.192):. Processed in 0.056314 secs); 12 Jul 2018 19:08:58 -0000 Received: from kerio.kamp.de ([195.62.97.192]) by mx01.kamp.de with ESMTPS (DHE-RSA-AES256-SHA encrypted); 12 Jul 2018 19:08:57 -0000 X-GL_Whitelist: yes X-Footer: a2FtcC5kZQ== Received: from submission.kamp.de ([195.62.97.28]) by kerio.kamp.de with ESMTPS (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)) for qemu-devel@nongnu.org; Thu, 12 Jul 2018 21:08:55 +0200 Received: (qmail 25479 invoked from network); 12 Jul 2018 19:08:56 -0000 Received: from lieven-vm.kamp-intra.net (HELO lieven-vm-neu) (relay@kamp.de@::ffff:172.21.12.69) by submission.kamp.de with ESMTPS (DHE-RSA-AES256-GCM-SHA384 encrypted) ESMTPA; 12 Jul 2018 19:08:56 -0000 Received: by lieven-vm-neu (Postfix, from userid 1060) id D482220193; Thu, 12 Jul 2018 21:08:56 +0200 (CEST) From: Peter Lieven To: qemu-devel@nongnu.org, qemu-block@nongnu.org Date: Thu, 12 Jul 2018 21:08:49 +0200 Message-Id: <1531422529-30153-1-git-send-email-pl@kamp.de> X-Mailer: git-send-email 1.9.1 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a02:248:0:51::16 Subject: [Qemu-devel] [PATCH] qemu-img: avoid overflow of min_sparse parameter X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kwolf@redhat.com, Peter Lieven , qemu-stable@nongnu.org, mreitz@redhat.com Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP the min_sparse convert parameter can overflow (e.g. -S 1024G) in the conversion from int64_t to int resulting in a negative min_sparse parameter. Avoid this by limiting the valid parameters to sane values. In fact anything exceeding the convert buffer size is also pointless. While at it also forbid values that are non multiple of 512 to avoid undesired behaviour. Values between 1 and 511 were legal, but resulted in full allocation. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Lieven --- qemu-img.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/qemu-img.c b/qemu-img.c index 4a7ce43..2896746 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -2005,6 +2005,8 @@ static int convert_do_copy(ImgConvertState *s) return s->ret; } +#define MAX_BUF_SECTORS 32768 + static int img_convert(int argc, char **argv) { int c, bs_i, flags, src_flags = 0; @@ -2100,8 +2102,12 @@ static int img_convert(int argc, char **argv) int64_t sval; sval = cvtnum(optarg); - if (sval < 0) { - error_report("Invalid minimum zero buffer size for sparse output specified"); + if (sval < 0 || sval & BDRV_SECTOR_BITS || + sval / BDRV_SECTOR_SIZE > MAX_BUF_SECTORS) { + error_report("Invalid buffer size for sparse output specified. " + "Valid sizes are multiples of 512 up to %d. Select " + "0 to disable sparse detection (fully allocates output).", + MAX_BUF_SECTORS * 512); goto fail_getopt; } @@ -2385,9 +2391,9 @@ static int img_convert(int argc, char **argv) } /* increase bufsectors from the default 4096 (2M) if opt_transfer - * or discard_alignment of the out_bs is greater. Limit to 32768 (16MB) - * as maximum. */ - s.buf_sectors = MIN(32768, + * or discard_alignment of the out_bs is greater. Limit to + * MAX_BUF_SECTORS as maximum which is currently 32768 (16MB). */ + s.buf_sectors = MIN(MAX_BUF_SECTORS, MAX(s.buf_sectors, MAX(out_bs->bl.opt_transfer >> BDRV_SECTOR_BITS, out_bs->bl.pdiscard_alignment >>