[Qemu-devel] [PATCH v3 00/21] block: Handle failure for potentially larg

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH v3 00/21] block: Handle failure for potentially larg

From:	Kevin Wolf
Subject:	[Qemu-devel] [PATCH v3 00/21] block: Handle failure for potentially large allocations
Date:	Tue, 3 Jun 2014 15:10:41 +0200

A not too small part of the recent CVEs were DoS scenarios by letting
qemu abort with too large memory allocations. We generally "fixed" these
cases by setting some limits on values read from image files that
influence the size of allocations.

Because we still need to allow reading large images, this works only to
a certain degree and we still can get fairly large allocations, which
are not unthinkable to fail on some machines.

This series converts potentially large allocations to g_try_malloc() and
friends and handles failure gracefully e.g. by returning -ENOMEM. This
may cause hot-plug of a new disk or individual requests to fail, but the
VM as a whole can keep running.

v3:
- Changed qemu_try_blockalign() to only return NULL on failure. size = 0
  results in a small allocation now (size of the alignment) [Benoît]
- Patch 8 (nfs): Check for size != 0 before failing [Benoît]
- Patch 11 (qcow2):
  * Fix memory leak in alloc_refcount_block() [Max]
  * Report internal error for -ENOMEM in qcow2_check() [Max]
- Patch 15 (rbd): Build fix [Markus]

v2:
- Some more places check for size = 0 before they treat NULL as an error
- Patch 2 (block.c): Added missing NULL return check for
  qemu_try_blockalign() [Stefan]
- Patch 7 (iscsi): Fixed acb->task memory leak [Stefan]
- For conversions from g_malloc() to qemu_try_blockalign(), made sure to
  be consistent about pairing the latter with qemu_vfree() [Stefan]

Kevin Wolf (20):
  block: Introduce qemu_try_blockalign()
  block: Handle failure for potentially large allocations
  bochs: Handle failure for potentially large allocations
  cloop: Handle failure for potentially large allocations
  curl: Handle failure for potentially large allocations
  dmg: Handle failure for potentially large allocations
  iscsi: Handle failure for potentially large allocations
  nfs: Handle failure for potentially large allocations
  parallels: Handle failure for potentially large allocations
  qcow1: Handle failure for potentially large allocations
  qcow2: Handle failure for potentially large allocations
  qed: Handle failure for potentially large allocations
  raw-posix: Handle failure for potentially large allocations
  raw-win32: Handle failure for potentially large allocations
  rbd: Handle failure for potentially large allocations
  vdi: Handle failure for potentially large allocations
  vhdx: Handle failure for potentially large allocations
  vmdk: Handle failure for potentially large allocations
  vpc: Handle failure for potentially large allocations
  mirror: Handle failure for potentially large allocations

Max Reitz (1):
  qcow2: Return useful error code in refcount_init()

 block.c                | 47 ++++++++++++++++++++++++++++++++++++-------
 block/bochs.c          |  6 +++++-
 block/cloop.c          | 23 ++++++++++++++++++---
 block/curl.c           |  8 +++++++-
 block/dmg.c            | 19 ++++++++++++------
 block/iscsi.c          | 17 +++++++++++++---
 block/mirror.c         |  7 ++++++-
 block/nfs.c            |  6 +++++-
 block/parallels.c      |  6 +++++-
 block/qcow.c           | 33 +++++++++++++++++++++++-------
 block/qcow2-cache.c    | 12 ++++++++++-
 block/qcow2-cluster.c  | 35 ++++++++++++++++++++++++--------
 block/qcow2-refcount.c | 54 +++++++++++++++++++++++++++++++++++++++-----------
 block/qcow2-snapshot.c | 22 +++++++++++++++-----
 block/qcow2.c          | 41 ++++++++++++++++++++++++++++++--------
 block/qed-check.c      |  7 +++++--
 block/qed.c            |  6 +++++-
 block/raw-posix.c      |  6 +++++-
 block/rbd.c            |  7 +++++--
 block/vdi.c            | 24 +++++++++++++++++-----
 block/vhdx-log.c       |  6 +++++-
 block/vhdx.c           | 12 +++++++++--
 block/vmdk.c           | 12 +++++++++--
 block/vpc.c            |  6 +++++-
 block/win32-aio.c      |  6 +++++-
 include/block/block.h  |  1 +
 include/qemu/osdep.h   |  1 +
 util/oslib-posix.c     | 16 +++++++++------
 util/oslib-win32.c     |  9 +++++++--
 29 files changed, 364 insertions(+), 91 deletions(-)

-- 
1.8.3.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v3 00/21] block: Handle failure for potentially large allocations, Kevin Wolf <=
- [Qemu-devel] [PATCH v3 03/21] bochs: Handle failure for potentially large allocations, Kevin Wolf, 2014/06/03
- [Qemu-devel] [PATCH v3 01/21] block: Introduce qemu_try_blockalign(), Kevin Wolf, 2014/06/03
  - Re: [Qemu-devel] [PATCH v3 01/21] block: Introduce qemu_try_blockalign(), Eric Blake, 2014/06/03
  - Re: [Qemu-devel] [PATCH v3 01/21] block: Introduce qemu_try_blockalign(), Benoît Canet, 2014/06/03
- [Qemu-devel] [PATCH v3 02/21] block: Handle failure for potentially large allocations, Kevin Wolf, 2014/06/03
- [Qemu-devel] [PATCH v3 04/21] cloop: Handle failure for potentially large allocations, Kevin Wolf, 2014/06/03
- [Qemu-devel] [PATCH v3 05/21] curl: Handle failure for potentially large allocations, Kevin Wolf, 2014/06/03
- [Qemu-devel] [PATCH v3 06/21] dmg: Handle failure for potentially large allocations, Kevin Wolf, 2014/06/03
- [Qemu-devel] [PATCH v3 07/21] iscsi: Handle failure for potentially large allocations, Kevin Wolf, 2014/06/03
- [Qemu-devel] [PATCH v3 09/21] parallels: Handle failure for potentially large allocations, Kevin Wolf, 2014/06/03

Prev by Date: Re: [Qemu-devel] [PATCH 3/3] tcg: Remove TCG_TARGET_HAS_new_ldst
Next by Date: [Qemu-devel] [PATCH v3 03/21] bochs: Handle failure for potentially large allocations
Previous by thread: Re: [Qemu-devel] [PATCH 3/3] tcg: Remove TCG_TARGET_HAS_new_ldst
Next by thread: [Qemu-devel] [PATCH v3 03/21] bochs: Handle failure for potentially large allocations
Index(es):
- Date
- Thread