mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2025-02-11 04:26:38 +00:00
5329be3634
As reported by the Firecracker team, the block device model doesn't check if an I/O request starts before the end of the disk but extends beyond it. For writes to disks backed by raw files, this could end up unintentionally extending the size of the disk. Add bounds checks to the request execution path to catch these out-of-bounds I/Os and fail them. While we're here, fix a few other minor issues: only seek for read and write requests (the 'sector' field of the request should be ignored for flush, write zeroes, and discard), and check for overflow when performing the shifts to convert from sectors to bytes. BUG=chromium:927393 TEST=cargo test -p devices block Change-Id: I0dd19299d03a4f0716093091f173a5c507529963 Signed-off-by: Daniel Verkamp <dverkamp@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1448852 Tested-by: kokoro <noreply+kokoro@google.com> Reviewed-by: Dylan Reid <dgreid@chromium.org> |
||
|---|---|---|
| .. | ||
| src | ||
| Cargo.toml | ||