From 6ab73e5f420e89e19b52e39dab28fa4c94e00197 Mon Sep 17 00:00:00 2001
From: Gaurav Kumar Garg <garg.gaurav52@gmail.com>
Date: Tue, 10 Jan 2017 15:25:13 +0100
Subject: [PATCH] rbd: bench-write should return error if io-size >= 4G

Currently if user perform bench-write with io-size > 4G
then its crashing because currently during memory allocation
bufferptr taking size of buffer as a unsigned and io-size > 4G
will overflow with unsigned. so during memset operation it will
try to set io_size size of memory area pointed by bufferptr,
(bufferptr area is:  (4G - io_size)), so it will cause
segmentation fault.

Fix is to return error if io-size >= 4G

Fixes: http://tracker.ceph.com/issues/18422

Reported-by:  Jason Dillaman <dillaman@redhat.com>
Signed-off-by: Gaurav Kumar Garg <garg.gaurav52@gmail.com>
---
 src/tools/rbd/action/Bench.cc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/tools/rbd/action/Bench.cc b/src/tools/rbd/action/Bench.cc
index 3df08c9bde1ed..757b9f477f210 100644
--- a/src/tools/rbd/action/Bench.cc
+++ b/src/tools/rbd/action/Bench.cc
@@ -196,6 +196,11 @@ int do_bench(librbd::Image& image, io_type_t io_type,
     return -EINVAL;
   }
 
+  if (io_size > std::numeric_limits<uint32_t>::max()) {
+    std::cerr << "rbd: io-size should be less than 4G" << std::endl;
+    return -EINVAL;
+  }
+
   rbd_bencher b(&image, io_type, io_size);
 
   std::cout << "bench "