Re: [PULL 4/4] qemu-img: improve queue depth validation in img

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PULL 4/4] qemu-img: improve queue depth validation in img_bench

From:	Michael Tokarev
Subject:	Re: [PULL 4/4] qemu-img: improve queue depth validation in img_bench
Date:	Wed, 14 May 2025 12:28:56 +0300
User-agent:	Mozilla Thunderbird

On 13.05.2025 18:06, Kevin Wolf wrote:

Am 28.04.2025 um 15:58 hat Michael Tokarev geschrieben:

28.04.2025 16:54, Michael Tokarev пишет:

25.04.2025 20:52, Kevin Wolf wrote:

From: Denis Rastyogin <gerben@altlinux.org>

This error was discovered by fuzzing qemu-img.

Currently, running `qemu-img bench -d 0` in img_bench is allowed,
which is a pointless operation and causes qemu-img to hang.

Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
Message-ID: <20250327162423.25154-5-gerben@altlinux.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
   qemu-img.c | 2 +-
   1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/qemu-img.c b/qemu-img.c
index 2044c22a4c..76ac5d3028 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -4571,7 +4571,7 @@ static int img_bench(int argc, char **argv)
           {
               unsigned long res;
-            if (qemu_strtoul(optarg, NULL, 0, &res) < 0 || res > INT_MAX) {
+            if (qemu_strtoul(optarg, NULL, 0, &res) <= 0 || res > INT_MAX) {
                   error_report("Invalid queue depth specified");
                   return 1;
               }


FWIW, it's been covered by my qemu-img options patches for way over a year.


In particular:

https://lore.kernel.org/qemu-devel/20240927061121.573271-28-mjt@tls.msk.ru/

I'm still waiting for some feedback from these patches - heard neither ACK
nor NACK for this rather large work.


Oops, seems I never continued review after patch 5. I'll get back to it.

However, I don't see the above hunk in that series. Am I missing it or
is there another series of yours waiting for review?


This one:

@@ -4791,27 +4788,17 @@ static int img_bench(const img_cmd_t *ccmd, intargc, char **argv)

 );
             break;
         case 'c':
-        {
-            unsigned long res;
-
-            if (qemu_strtoul(optarg, NULL, 0, &res) < 0 || res > INT_MAX) {
-                error_report("Invalid request count specified");

+ count = cvtnum_full("request count", optarg, false, 1,INT_MAX);

+            if (count < 0) {
                 return 1;
             }

Thanks,

/mjt

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PULL 4/4] qemu-img: improve queue depth validation in img_bench, Kevin Wolf, 2025/05/13
- Re: [PULL 4/4] qemu-img: improve queue depth validation in img_bench, Michael Tokarev <=
  - Re: [PULL 4/4] qemu-img: improve queue depth validation in img_bench, Michael Tokarev, 2025/05/14

Prev by Date: Re: [PATCH 1/1] vhost: do not reset used_memslots when destroying vhost dev
Next by Date: Re: [PULL 4/4] qemu-img: improve queue depth validation in img_bench
Previous by thread: Re: [PULL 4/4] qemu-img: improve queue depth validation in img_bench
Next by thread: Re: [PULL 4/4] qemu-img: improve queue depth validation in img_bench
Index(es):
- Date
- Thread