From 67335a4558d3cad2173aac0ce13b6c096b077c41 Mon Sep 17 00:00:00 2001 From: Alberto Garcia Date: Thu, 24 Aug 2017 16:24:48 +0300 Subject: throttle: Make burst_length 64bit and add range checks LeakyBucket.burst_length is defined as an unsigned integer but the code never checks for overflows and it only makes sure that the value is not 0. In practice this means that the user can set something like throttling.iops-total-max-length=4294967300 despite being larger than UINT_MAX and the final value after casting to unsigned int will be 4. This patch changes the data type to uint64_t. This does not increase the storage size of LeakyBucket, and allows us to assign the value directly from qemu_opt_get_number() or BlockIOThrottle and then do the checks directly in throttle_is_valid(). The value of burst_length does not have a specific upper limit, but since the bucket size is defined by max * burst_length we have to prevent overflows. Instead of going for UINT64_MAX or something similar this patch reuses THROTTLE_VALUE_MAX, which allows I/O bursts of 1 GiB/s for 10 days in a row. Signed-off-by: Alberto Garcia Message-id: 1b2e3049803f71cafb2e1fa1be4fb47147a0d398.1503580370.git.berto@igalia.com Signed-off-by: Stefan Hajnoczi --- util/throttle.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'util') diff --git a/util/throttle.c b/util/throttle.c index 80660ffd2c..b8c524336c 100644 --- a/util/throttle.c +++ b/util/throttle.c @@ -354,6 +354,11 @@ bool throttle_is_valid(ThrottleConfig *cfg, Error **errp) return false; } + if (bkt->max && bkt->burst_length > THROTTLE_VALUE_MAX / bkt->max) { + error_setg(errp, "burst length too high for this burst rate"); + return false; + } + if (bkt->max && !bkt->avg) { error_setg(errp, "bps_max/iops_max require corresponding" " bps/iops values"); -- cgit v1.2.3-55-g7522