On 10/14/2016 02:23 PM, Eric Blake wrote:

>>  static void socket_read(CLIENT* client, void *buf, size_t len) {
>> +    void *tmp = NULL;
>> +    if (!buf) {
>> +            /* FIXME: Enforce maximum bound on client-provided len? */
>> +            tmp = buf = malloc(len);
>> +    }
>>      g_assert(client->socket_read != NULL);

> Since we are malloc'ing a scratch buffer to hold a client-specified
> length, I do NOT want us to be casually allowing the client to tell us
> to make a 2G allocation.  Maybe when reading off dead length, it's
> better to write a loop that does a loop into a max-size buffer for as
> many loop iterations as needed, rather than allocating a single buffer
> that will just be thrown away; but such complexity doesn't belong on the
> hot-path of normal reads.  Still, even if I cap maximum allocation by
> reading in a loop, there's a question of how much time we allow to
> processing dead reads, vs. cutting our losses and disconnecting the
> client as ill-behaved.

And had I read a bit further in the source, I see we already have
consume() that does the very loop I'm talking about.

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Nbd-general mailing list

Reply via email to