write range check

Stefan Hajnoczi Wed, 11 Nov 2020 04:50:58 -0800

Check that the sector number and byte count are valid.

Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com>
---
 block/export/vhost-user-blk-server.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)


diff --git a/block/export/vhost-user-blk-server.c 
b/block/export/vhost-user-blk-server.c
index d88e41714d..6d7fd0fec3 100644
--- a/block/export/vhost-user-blk-server.c
+++ b/block/export/vhost-user-blk-server.c
@@ -214,9 +214,23 @@ static void coroutine_fn vu_blk_virtio_process_req(void 
*opaque)
         QEMUIOVector qiov;
         if (is_write) {
             qemu_iovec_init_external(&qiov, out_iov, out_num);
+
+            if (unlikely(!vu_blk_sect_range_ok(vexp, req->sector_num,
+                                               qiov.size))) {
+                req->in->status = VIRTIO_BLK_S_IOERR;
+                break;
+            }
+
             ret = blk_co_pwritev(blk, offset, qiov.size, &qiov, 0);
         } else {
             qemu_iovec_init_external(&qiov, in_iov, in_num);
+
+            if (unlikely(!vu_blk_sect_range_ok(vexp, req->sector_num,
+                                               qiov.size))) {
+                req->in->status = VIRTIO_BLK_S_IOERR;
+                break;
+            }
+
             ret = blk_co_preadv(blk, offset, qiov.size, &qiov, 0);
         }
         if (ret >= 0) {
-- 
2.28.0

[PATCH for-5.2 10/10] block/export: port virtio-blk read/write range check

Reply via email to