diff mbox series

[v2] block: Fix pad_request's request restriction

Message ID 20230714085938.202730-1-hreitz@redhat.com (mailing list archive)
State New, archived
Headers show
Series [v2] block: Fix pad_request's request restriction | expand

Commit Message

Hanna Czenczek July 14, 2023, 8:59 a.m. UTC
bdrv_pad_request() relies on requests' lengths not to exceed SIZE_MAX,
which bdrv_check_qiov_request() does not guarantee.

bdrv_check_request32() however will guarantee this, and both of
bdrv_pad_request()'s callers (bdrv_co_preadv_part() and
bdrv_co_pwritev_part()) already run it before calling
bdrv_pad_request().  Therefore, bdrv_pad_request() can safely call
bdrv_check_request32() without expecting error, too.

In effect, this patch will not change guest-visible behavior.  It is a
clean-up to tighten a condition to match what is guaranteed by our
callers, and which exists purely to show clearly why the subsequent
assertion (`assert(*bytes <= SIZE_MAX)`) is always true.

Note there is a difference between the interfaces of
bdrv_check_qiov_request() and bdrv_check_request32(): The former takes
an errp, the latter does not, so we can no longer just pass
&error_abort.  Instead, we need to check the returned value.  While we
do expect success (because the callers have already run this function),
an assert(ret == 0) is not much simpler than just to return an error if
it occurs, so let us handle errors by returning them up the stack now.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Fixes: 18743311b829cafc1737a5f20bc3248d5f91ee2a
       ("block: Collapse padded I/O vecs exceeding IOV_MAX")
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
---
v2:
- Added paragraph to the commit message to express explicitly that this
  patch will not change guest-visible behavior
- (No code changes)
---
 block/io.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Comments

Stefan Hajnoczi July 17, 2023, 8:32 p.m. UTC | #1
On Fri, Jul 14, 2023 at 10:59:38AM +0200, Hanna Czenczek wrote:
> bdrv_pad_request() relies on requests' lengths not to exceed SIZE_MAX,
> which bdrv_check_qiov_request() does not guarantee.
> 
> bdrv_check_request32() however will guarantee this, and both of
> bdrv_pad_request()'s callers (bdrv_co_preadv_part() and
> bdrv_co_pwritev_part()) already run it before calling
> bdrv_pad_request().  Therefore, bdrv_pad_request() can safely call
> bdrv_check_request32() without expecting error, too.
> 
> In effect, this patch will not change guest-visible behavior.  It is a
> clean-up to tighten a condition to match what is guaranteed by our
> callers, and which exists purely to show clearly why the subsequent
> assertion (`assert(*bytes <= SIZE_MAX)`) is always true.
> 
> Note there is a difference between the interfaces of
> bdrv_check_qiov_request() and bdrv_check_request32(): The former takes
> an errp, the latter does not, so we can no longer just pass
> &error_abort.  Instead, we need to check the returned value.  While we
> do expect success (because the callers have already run this function),
> an assert(ret == 0) is not much simpler than just to return an error if
> it occurs, so let us handle errors by returning them up the stack now.
> 
> Reported-by: Peter Maydell <peter.maydell@linaro.org>
> Fixes: 18743311b829cafc1737a5f20bc3248d5f91ee2a
>        ("block: Collapse padded I/O vecs exceeding IOV_MAX")
> Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
> ---
> v2:
> - Added paragraph to the commit message to express explicitly that this
>   patch will not change guest-visible behavior
> - (No code changes)
> ---
>  block/io.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)

Thanks, applied to my block-next tree:
https://gitlab.com/stefanha/qemu/commits/block-next

Stefan
diff mbox series

Patch

diff --git a/block/io.c b/block/io.c
index e8293d6b26..055fcf7438 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1710,7 +1710,11 @@  static int bdrv_pad_request(BlockDriverState *bs,
     int sliced_niov;
     size_t sliced_head, sliced_tail;
 
-    bdrv_check_qiov_request(*offset, *bytes, *qiov, *qiov_offset, &error_abort);
+    /* Should have been checked by the caller already */
+    ret = bdrv_check_request32(*offset, *bytes, *qiov, *qiov_offset);
+    if (ret < 0) {
+        return ret;
+    }
 
     if (!bdrv_init_padding(bs, *offset, *bytes, write, pad)) {
         if (padded) {
@@ -1723,7 +1727,7 @@  static int bdrv_pad_request(BlockDriverState *bs,
                                   &sliced_head, &sliced_tail,
                                   &sliced_niov);
 
-    /* Guaranteed by bdrv_check_qiov_request() */
+    /* Guaranteed by bdrv_check_request32() */
     assert(*bytes <= SIZE_MAX);
     ret = bdrv_create_padded_qiov(bs, pad, sliced_iov, sliced_niov,
                                   sliced_head, *bytes);