ia64/xen-unstable

changeset 17093:e3c722d483f5

ioemu: Do proper block device extent checks.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Wed Feb 20 17:46:10 2008 +0000 (2008-02-20)
parents 511ab2b89ced
children 6e096456b3e1
files tools/ioemu/block.c
line diff
     1.1 --- a/tools/ioemu/block.c	Wed Feb 20 17:42:12 2008 +0000
     1.2 +++ b/tools/ioemu/block.c	Wed Feb 20 17:46:10 2008 +0000
     1.3 @@ -120,6 +120,24 @@ void path_combine(char *dest, int dest_s
     1.4      }
     1.5  }
     1.6  
     1.7 +static int bdrv_rw_badreq_sectors(BlockDriverState *bs,
     1.8 +				int64_t sector_num, int nb_sectors)
     1.9 +{
    1.10 +    return
    1.11 +	nb_sectors < 0 ||
    1.12 +	nb_sectors > bs->total_sectors ||
    1.13 +	sector_num > bs->total_sectors - nb_sectors;
    1.14 +}
    1.15 +
    1.16 +static int bdrv_rw_badreq_bytes(BlockDriverState *bs,
    1.17 +				  int64_t offset, int count)
    1.18 +{
    1.19 +    int64_t size = bs->total_sectors << SECTOR_BITS;
    1.20 +    return
    1.21 +	count < 0 ||
    1.22 +	count > size ||
    1.23 +	offset > size - count;
    1.24 +}
    1.25  
    1.26  void bdrv_register(BlockDriver *bdrv)
    1.27  {
    1.28 @@ -372,6 +390,7 @@ int bdrv_open2(BlockDriverState *bs, con
    1.29      }
    1.30      bs->drv = drv;
    1.31      bs->opaque = qemu_mallocz(drv->instance_size);
    1.32 +    bs->total_sectors = 0; /* driver will set if it does not do getlength */
    1.33      if (bs->opaque == NULL && drv->instance_size > 0)
    1.34          return -1;
    1.35      /* Note: for compatibility, we open disk image files as RDWR, and
    1.36 @@ -437,6 +456,7 @@ void bdrv_close(BlockDriverState *bs)
    1.37          bs->drv = NULL;
    1.38  
    1.39          /* call the change callback */
    1.40 +	bs->total_sectors = 0;
    1.41          bs->media_changed = 1;
    1.42          if (bs->change_cb)
    1.43              bs->change_cb(bs->change_opaque);
    1.44 @@ -502,9 +522,8 @@ int bdrv_read(BlockDriverState *bs, int6
    1.45      if (!drv)
    1.46          return -ENOMEDIUM;
    1.47  
    1.48 -    if (sector_num < 0)
    1.49 -	return -EINVAL;
    1.50 -
    1.51 +    if (bdrv_rw_badreq_sectors(bs, sector_num, nb_sectors))
    1.52 +	return -EDOM;
    1.53      if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) {
    1.54              memcpy(buf, bs->boot_sector_data, 512);
    1.55          sector_num++;
    1.56 @@ -542,8 +561,8 @@ int bdrv_write(BlockDriverState *bs, int
    1.57          return -ENOMEDIUM;
    1.58      if (bs->read_only)
    1.59          return -EACCES;
    1.60 -    if (sector_num < 0)
    1.61 -	return -EINVAL;
    1.62 +    if (bdrv_rw_badreq_sectors(bs, sector_num, nb_sectors))
    1.63 +	return -EDOM;
    1.64      if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) {
    1.65          memcpy(bs->boot_sector_data, buf, 512);   
    1.66      }
    1.67 @@ -666,6 +685,8 @@ int bdrv_pread(BlockDriverState *bs, int
    1.68          return -ENOMEDIUM;
    1.69      if (!drv->bdrv_pread)
    1.70          return bdrv_pread_em(bs, offset, buf1, count1);
    1.71 +    if (bdrv_rw_badreq_bytes(bs, offset, count1))
    1.72 +	return -EDOM;
    1.73      return drv->bdrv_pread(bs, offset, buf1, count1);
    1.74  }
    1.75  
    1.76 @@ -681,6 +702,8 @@ int bdrv_pwrite(BlockDriverState *bs, in
    1.77          return -ENOMEDIUM;
    1.78      if (!drv->bdrv_pwrite)
    1.79          return bdrv_pwrite_em(bs, offset, buf1, count1);
    1.80 +    if (bdrv_rw_badreq_bytes(bs, offset, count1))
    1.81 +	return -EDOM;
    1.82      return drv->bdrv_pwrite(bs, offset, buf1, count1);
    1.83  }
    1.84  
    1.85 @@ -922,6 +945,8 @@ int bdrv_write_compressed(BlockDriverSta
    1.86          return -ENOMEDIUM;
    1.87      if (!drv->bdrv_write_compressed)
    1.88          return -ENOTSUP;
    1.89 +    if (bdrv_rw_badreq_sectors(bs, sector_num, nb_sectors))
    1.90 +	return -EDOM;
    1.91      return drv->bdrv_write_compressed(bs, sector_num, buf, nb_sectors);
    1.92  }
    1.93      
    1.94 @@ -1067,7 +1092,9 @@ BlockDriverAIOCB *bdrv_aio_read(BlockDri
    1.95  
    1.96      if (!drv)
    1.97          return NULL;
    1.98 -    
    1.99 +    if (bdrv_rw_badreq_sectors(bs, sector_num, nb_sectors))
   1.100 +	return NULL;
   1.101 +
   1.102      /* XXX: we assume that nb_sectors == 0 is suppored by the async read */
   1.103      if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) {
   1.104          memcpy(buf, bs->boot_sector_data, 512);
   1.105 @@ -1089,6 +1116,8 @@ BlockDriverAIOCB *bdrv_aio_write(BlockDr
   1.106          return NULL;
   1.107      if (bs->read_only)
   1.108          return NULL;
   1.109 +    if (bdrv_rw_badreq_sectors(bs, sector_num, nb_sectors))
   1.110 +	return NULL;
   1.111      if (sector_num == 0 && bs->boot_sector_enabled && nb_sectors > 0) {
   1.112          memcpy(bs->boot_sector_data, buf, 512);   
   1.113      }