From: Stefan Hajnoczi <stefanha@redhat.com>
To: Sam Li <faithilikerun@gmail.com>
Cc: qemu-devel@nongnu.org, dlemoal@kernel.org,
dmitry.fomichev@wdc.com, hare@suse.de, qemu-block@nongnu.org,
Hanna Reitz <hreitz@redhat.com>, Kevin Wolf <kwolf@redhat.com>
Subject: Re: [PATCH 2/2] block/file-posix: fix wps checking in raw_co_prw
Date: Wed, 7 Jun 2023 12:08:42 -0400 [thread overview]
Message-ID: <20230607160842.GE2138915@fedora> (raw)
In-Reply-To: <20230604061658.49004-2-faithilikerun@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2292 bytes --]
On Sun, Jun 04, 2023 at 02:16:58PM +0800, Sam Li wrote:
> If the write operation fails and the wps is NULL, then accessing it will
> lead to data corruption.
>
> Solving the issue by adding a nullptr checking in get_zones_wp() where
> the wps is used.
>
> This issue is found by Peter Maydell using the Coverity Tool (CID
> 1512459).
>
> Signed-off-by: Sam Li <faithilikerun@gmail.com>
> ---
> block/file-posix.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/block/file-posix.c b/block/file-posix.c
> index 0d9d179a35..620942bf40 100644
> --- a/block/file-posix.c
> +++ b/block/file-posix.c
> @@ -1340,6 +1340,10 @@ static int get_zones_wp(BlockDriverState *bs, int fd, int64_t offset,
> rep_size = sizeof(struct blk_zone_report) + nrz * sizeof(struct blk_zone);
> g_autofree struct blk_zone_report *rep = NULL;
>
> + if (!wps) {
> + return -1;
> + }
An error will be printed every time this happens on a non-zoned device:
static void update_zones_wp(BlockDriverState *bs, int fd, int64_t offset,
unsigned int nrz)
{
if (get_zones_wp(bs, fd, offset, nrz, 0) < 0) {
error_report("update zone wp failed");
Please change the following code to avoid the call to update_zones_wp():
#if defined(CONFIG_BLKZONED)
{
BlockZoneWps *wps = bs->wps;
if (ret == 0) {
if ((type & (QEMU_AIO_WRITE | QEMU_AIO_ZONE_APPEND))
&& wps && bs->bl.zone_size) {
uint64_t *wp = &wps->wp[offset / bs->bl.zone_size];
if (!BDRV_ZT_IS_CONV(*wp)) {
if (type & QEMU_AIO_ZONE_APPEND) {
*s->offset = *wp;
trace_zbd_zone_append_complete(bs, *s->offset
>> BDRV_SECTOR_BITS);
}
/* Advance the wp if needed */
if (offset + bytes > *wp) {
*wp = offset + bytes;
}
}
}
} else {
- if (type & (QEMU_AIO_WRITE | QEMU_AIO_ZONE_APPEND)) {
+ if (wps && (type & (QEMU_AIO_WRITE | QEMU_AIO_ZONE_APPEND))) {
update_zones_wp(bs, s->fd, 0, 1);
}
}
Stefan
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2023-06-07 18:20 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-04 6:16 [PATCH 1/2] block/file-posix: fix g_file_get_contents return path Sam Li
2023-06-04 6:16 ` [PATCH 2/2] block/file-posix: fix wps checking in raw_co_prw Sam Li
2023-06-07 16:08 ` Stefan Hajnoczi [this message]
2023-06-07 13:51 ` [PATCH 1/2] block/file-posix: fix g_file_get_contents return path Matthew Rosato
2023-06-07 16:04 ` Stefan Hajnoczi
2023-07-05 14:54 ` Matthew Rosato
2023-07-27 11:46 ` Matthew Rosato
2023-07-27 11:51 ` Sam Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230607160842.GE2138915@fedora \
--to=stefanha@redhat.com \
--cc=dlemoal@kernel.org \
--cc=dmitry.fomichev@wdc.com \
--cc=faithilikerun@gmail.com \
--cc=hare@suse.de \
--cc=hreitz@redhat.com \
--cc=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.