diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2020-04-15 17:03:50 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2020-04-15 17:03:51 +0100 |
| commit | 6329df5b53a3307f289451137c9910da0f09adc6 (patch) | |
| tree | e2f2360f075a9666d68546a5bd01f4534072b91e /qga/commands.c | |
| parent | 73995d15557a3cf2328cc6b7982264897c65cf65 (diff) | |
| parent | 1329651fb4d4c5068ad12fd86aff7e52f9e18c34 (diff) | |
| download | focaccia-qemu-6329df5b53a3307f289451137c9910da0f09adc6.tar.gz focaccia-qemu-6329df5b53a3307f289451137c9910da0f09adc6.zip | |
Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2020-04-15-tag' into staging
qemu-ga patch queue for hard-freeze * enforce 48MB limit for guest-file-read to avoid memory allocation failures # gpg: Signature made Wed 15 Apr 2020 15:23:48 BST # gpg: using RSA key CEACC9E15534EBABB82D3FA03353C9CEF108B584 # gpg: issuer "mdroth@linux.vnet.ibm.com" # gpg: Good signature from "Michael Roth <flukshun@gmail.com>" [full] # gpg: aka "Michael Roth <mdroth@utexas.edu>" [full] # gpg: aka "Michael Roth <mdroth@linux.vnet.ibm.com>" [full] # Primary key fingerprint: CEAC C9E1 5534 EBAB B82D 3FA0 3353 C9CE F108 B584 * remotes/mdroth/tags/qga-pull-2020-04-15-tag: qga: Restrict guest-file-read count to 48 MB to avoid crashes qga: Extract qmp_guest_file_read() to common commands.c qga: Extract guest_file_handle_find() to commands-common.h Revert "prevent crash when executing guest-file-read with large count" Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'qga/commands.c')
| -rw-r--r-- | qga/commands.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/qga/commands.c b/qga/commands.c index 4471a9f08d..efc8b90281 100644 --- a/qga/commands.c +++ b/qga/commands.c @@ -11,6 +11,7 @@ */ #include "qemu/osdep.h" +#include "qemu/units.h" #include "guest-agent-core.h" #include "qga-qapi-commands.h" #include "qapi/error.h" @@ -18,11 +19,18 @@ #include "qemu/base64.h" #include "qemu/cutils.h" #include "qemu/atomic.h" +#include "commands-common.h" /* Maximum captured guest-exec out_data/err_data - 16MB */ #define GUEST_EXEC_MAX_OUTPUT (16*1024*1024) /* Allocation and I/O buffer for reading guest-exec out_data/err_data - 4KB */ #define GUEST_EXEC_IO_SIZE (4*1024) +/* + * Maximum file size to read - 48MB + * + * (48MB + Base64 3:4 overhead = JSON parser 64 MB limit) + */ +#define GUEST_FILE_READ_COUNT_MAX (48 * MiB) /* Note: in some situations, like with the fsfreeze, logging may be * temporarilly disabled. if it is necessary that a command be able @@ -547,3 +555,28 @@ error: g_free(info); return NULL; } + +GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count, + int64_t count, Error **errp) +{ + GuestFileHandle *gfh = guest_file_handle_find(handle, errp); + GuestFileRead *read_data; + + if (!gfh) { + return NULL; + } + if (!has_count) { + count = QGA_READ_COUNT_DEFAULT; + } else if (count < 0 || count > GUEST_FILE_READ_COUNT_MAX) { + error_setg(errp, "value '%" PRId64 "' is invalid for argument count", + count); + return NULL; + } + + read_data = guest_file_read_unsafe(gfh, count, errp); + if (!read_data) { + slog("guest-file-write failed, handle: %" PRId64, handle); + } + + return read_data; +} |