On 22 April 2016 at 08:03, Kevin Wolf <kw...@redhat.com> wrote: > Am 21.04.2016 um 18:28 hat Peter Maydell geschrieben: >> On 21 April 2016 at 15:42, Eric Blake <ebl...@redhat.com> wrote: >> > The NBD protocol does not (yet) force any alignment constraints >> > on clients. Even though qemu NBD clients always send requests >> > that are aligned to 512 bytes, we must be prepared for non-qemu >> > clients that don't care about alignment (even if it means they >> > are less efficient). Our use of blk_read() and blk_write() was >> > silently operating on the wrong file offsets when the client >> > made an unaligned request, corrupting the client's data (but >> > as the client already has control over the file we are serving, >> > I don't think it is a security hole, per se, just a data >> > corruption bug). >> > >> > Note that in the case of NBD_CMD_READ, an unaligned length could >> > cause us to return up to 511 bytes of uninitialized trailing >> > garbage from blk_try_blockalign() - hopefully nothing sensitive >> > from the heap's prior usage is ever leaked in that manner. >> > >> > Signed-off-by: Eric Blake <ebl...@redhat.com> >> > --- >> > >> > It's late for 2.6, but as a data corruption bug fix, I think >> > it's worth having if there is still time. >> >> I want to tag rc3 today, but since it looks like there's going to >> be an rc4 for the virtio handler bug this can probably go into rc4 >> if it gets review. > > Reviewed-by: Kevin Wolf <kw...@redhat.com> > > Peter, do you want a pull request (which I would have to do because > Paolo is away) or are you going to apply the patch directly?
If you're happy on the review and testing front I can apply it to master directly (I won't be able to do any testing beyond running "make check".) thanks -- PMM
