[Qemu-devel] [PATCH] avoid core reading with bdrv

All of lore.kernel.org
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH] avoid core reading with bdrv_read (qemu-io)
@ 2011-07-19  7:33 Frediano Ziglio
  2011-07-19  7:52 ` Kevin Wolf
  0 siblings, 1 reply; 3+ messages in thread
From: Frediano Ziglio @ 2011-07-19  7:33 UTC (permalink / raw)
  To: qemu-devel, Kevin Wolf

This patch apply to kevin coroutine-block branch and avoid code. It
fix "qcow: Use coroutines" patch. Test case:

$ ./qemu-img create -f qcow aaa.img 1G
Formatting 'aaa.img', fmt=qcow size=1073741824 encryption=off
$ ./qemu-io aaa.img
qemu-io> read 1024 1024
Segmentation fault

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
---
 block/qcow.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/block/qcow.c b/block/qcow.c
index 6f7973c..1386e92 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -573,7 +573,8 @@ static int qcow_aio_read_cb(void *opaque)

     if (acb->nb_sectors == 0) {
         /* request completed */
-        qemu_iovec_from_buffer(acb->qiov, acb->orig_buf, acb->qiov->size);
+        if (acb->orig_buf)
+            qemu_iovec_from_buffer(acb->qiov, acb->orig_buf, acb->qiov->size);
         return 0;
     }

@@ -648,6 +649,7 @@ static int qcow_co_readv(BlockDriverState *bs,
int64_t sector_num,

     if (acb->qiov->niov > 1) {
         qemu_vfree(acb->orig_buf);
+        acb->orig_buf = NULL;
     }
     qemu_aio_release(acb);

@@ -729,6 +731,7 @@ static int qcow_co_writev(BlockDriverState *bs,
int64_t sector_num,

     if (acb->qiov->niov > 1) {
         qemu_vfree(acb->orig_buf);
+        acb->orig_buf = NULL;
     }
     qemu_aio_release(acb);

-- 
1.7.1

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [Qemu-devel] [PATCH] avoid core reading with bdrv_read (qemu-io)
  2011-07-19  7:33 [Qemu-devel] [PATCH] avoid core reading with bdrv_read (qemu-io) Frediano Ziglio
@ 2011-07-19  7:52 ` Kevin Wolf
  2011-07-19  8:22   ` Frediano Ziglio
  0 siblings, 1 reply; 3+ messages in thread
From: Kevin Wolf @ 2011-07-19  7:52 UTC (permalink / raw)
  To: Frediano Ziglio; +Cc: qemu-devel

Am 19.07.2011 09:33, schrieb Frediano Ziglio:
> This patch apply to kevin coroutine-block branch and avoid code. It
> fix "qcow: Use coroutines" patch. Test case:
> 
> $ ./qemu-img create -f qcow aaa.img 1G
> Formatting 'aaa.img', fmt=qcow size=1073741824 encryption=off
> $ ./qemu-io aaa.img
> qemu-io> read 1024 1024
> Segmentation fault
> 
> Signed-off-by: Frediano Ziglio <freddy77@gmail.com>

Thanks for the report. I'll update the patch, but in a slightly
different way that matches the old code better:

diff --git a/block/qcow.c b/block/qcow.c
index 6f7973c..6447c2a 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -573,7 +573,6 @@ static int qcow_aio_read_cb(void *opaque)

     if (acb->nb_sectors == 0) {
         /* request completed */
-        qemu_iovec_from_buffer(acb->qiov, acb->orig_buf, acb->qiov->size);
         return 0;
     }

@@ -647,6 +646,7 @@ static int qcow_co_readv(BlockDriverState *bs,
int64_t sector_num,
     qemu_co_mutex_unlock(&s->lock);

     if (acb->qiov->niov > 1) {
+        qemu_iovec_from_buffer(acb->qiov, acb->orig_buf, acb->qiov->size);
         qemu_vfree(acb->orig_buf);
     }
     qemu_aio_release(acb);

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [Qemu-devel] [PATCH] avoid core reading with bdrv_read (qemu-io)
  2011-07-19  7:52 ` Kevin Wolf
@ 2011-07-19  8:22   ` Frediano Ziglio
  0 siblings, 0 replies; 3+ messages in thread
From: Frediano Ziglio @ 2011-07-19  8:22 UTC (permalink / raw)
  To: Kevin Wolf; +Cc: qemu-devel

2011/7/19 Kevin Wolf <kwolf@redhat.com>:
> Am 19.07.2011 09:33, schrieb Frediano Ziglio:
>> This patch apply to kevin coroutine-block branch and avoid code. It
>> fix "qcow: Use coroutines" patch. Test case:
>>
>> $ ./qemu-img create -f qcow aaa.img 1G
>> Formatting 'aaa.img', fmt=qcow size=1073741824 encryption=off
>> $ ./qemu-io aaa.img
>> qemu-io> read 1024 1024
>> Segmentation fault
>>
>> Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
>
> Thanks for the report. I'll update the patch, but in a slightly
> different way that matches the old code better:
>
> diff --git a/block/qcow.c b/block/qcow.c
> index 6f7973c..6447c2a 100644
> --- a/block/qcow.c
> +++ b/block/qcow.c
> @@ -573,7 +573,6 @@ static int qcow_aio_read_cb(void *opaque)
>
>     if (acb->nb_sectors == 0) {
>         /* request completed */
> -        qemu_iovec_from_buffer(acb->qiov, acb->orig_buf, acb->qiov->size);
>         return 0;
>     }
>
> @@ -647,6 +646,7 @@ static int qcow_co_readv(BlockDriverState *bs,
> int64_t sector_num,
>     qemu_co_mutex_unlock(&s->lock);
>
>     if (acb->qiov->niov > 1) {
> +        qemu_iovec_from_buffer(acb->qiov, acb->orig_buf, acb->qiov->size);
>         qemu_vfree(acb->orig_buf);
>     }
>     qemu_aio_release(acb);
>

Yes, my patch also removed some dandling pointer which I don't like
but are not a problem with current code.
In case of ret < 0 (error) your code could copy data that probably are
not initialized. I don't know if data is used in case of failure but
in case memory is shared with guest (I don't know, perhaps using
virtio) this lead to security issues. Also some memory debugger like
valgrind could not like that copy.

Frediano

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2011-07-19  8:22 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-19  7:33 [Qemu-devel] [PATCH] avoid core reading with bdrv_read (qemu-io) Frediano Ziglio
2011-07-19  7:52 ` Kevin Wolf
2011-07-19  8:22   ` Frediano Ziglio

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.