summaryrefslogtreecommitdiffstats
path: root/util
diff options
context:
space:
mode:
authorAlberto Garcia2017-08-24 15:24:48 +0200
committerStefan Hajnoczi2017-08-29 17:54:45 +0200
commit67335a4558d3cad2173aac0ce13b6c096b077c41 (patch)
treebc27d1424220718cb66099182d1777bc6ddc04be /util
parentthrottle: Make LeakyBucket.avg and LeakyBucket.max integer types (diff)
downloadqemu-67335a4558d3cad2173aac0ce13b6c096b077c41.tar.gz
qemu-67335a4558d3cad2173aac0ce13b6c096b077c41.tar.xz
qemu-67335a4558d3cad2173aac0ce13b6c096b077c41.zip
throttle: Make burst_length 64bit and add range checks
LeakyBucket.burst_length is defined as an unsigned integer but the code never checks for overflows and it only makes sure that the value is not 0. In practice this means that the user can set something like throttling.iops-total-max-length=4294967300 despite being larger than UINT_MAX and the final value after casting to unsigned int will be 4. This patch changes the data type to uint64_t. This does not increase the storage size of LeakyBucket, and allows us to assign the value directly from qemu_opt_get_number() or BlockIOThrottle and then do the checks directly in throttle_is_valid(). The value of burst_length does not have a specific upper limit, but since the bucket size is defined by max * burst_length we have to prevent overflows. Instead of going for UINT64_MAX or something similar this patch reuses THROTTLE_VALUE_MAX, which allows I/O bursts of 1 GiB/s for 10 days in a row. Signed-off-by: Alberto Garcia <berto@igalia.com> Message-id: 1b2e3049803f71cafb2e1fa1be4fb47147a0d398.1503580370.git.berto@igalia.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Diffstat (limited to 'util')
-rw-r--r--util/throttle.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/util/throttle.c b/util/throttle.c
index 80660ffd2c..b8c524336c 100644
--- a/util/throttle.c
+++ b/util/throttle.c
@@ -354,6 +354,11 @@ bool throttle_is_valid(ThrottleConfig *cfg, Error **errp)
return false;
}
+ if (bkt->max && bkt->burst_length > THROTTLE_VALUE_MAX / bkt->max) {
+ error_setg(errp, "burst length too high for this burst rate");
+ return false;
+ }
+
if (bkt->max && !bkt->avg) {
error_setg(errp, "bps_max/iops_max require corresponding"
" bps/iops values");