* [PATCH v2] qemu-img: fix offset calculation in bench
@ 2025-05-06 14:13 gerben
2025-05-20 10:04 ` Kevin Wolf
0 siblings, 1 reply; 2+ messages in thread
From: gerben @ 2025-05-06 14:13 UTC (permalink / raw)
To: qemu-block, kwolf, hreitz; +Cc: qemu-devel, sdl.qemu
From: Denis Rastyogin <gerben@altlinux.org>
This error was discovered by fuzzing qemu-img.
The current offset calculation leads to an EIO error
in block/block-backend.c: blk_check_byte_request():
if (offset > len || len - offset < bytes) {
return -EIO;
}
This triggers the error message:
"qemu-img: Failed request: Input/output error".
Example of the issue:
offset: 260076
len: 260096
bytes: 4096
This fix ensures that offset remains within a valid range.
Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
---
qemu-img.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/qemu-img.c b/qemu-img.c
index 76ac5d3028..e64acfafb3 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -4488,10 +4488,10 @@ static void bench_cb(void *opaque, int ret)
*/
b->in_flight++;
b->offset += b->step;
- if (b->image_size == 0) {
+ if (b->image_size - b->bufsize <= 0) {
b->offset = 0;
} else {
- b->offset %= b->image_size;
+ b->offset %= b->image_size - b->bufsize;
}
if (b->write) {
acb = blk_aio_pwritev(b->blk, offset, b->qiov, 0, bench_cb, b);
--
2.42.2
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH v2] qemu-img: fix offset calculation in bench
2025-05-06 14:13 [PATCH v2] qemu-img: fix offset calculation in bench gerben
@ 2025-05-20 10:04 ` Kevin Wolf
0 siblings, 0 replies; 2+ messages in thread
From: Kevin Wolf @ 2025-05-20 10:04 UTC (permalink / raw)
To: gerben; +Cc: qemu-block, hreitz, qemu-devel, sdl.qemu
Am 06.05.2025 um 16:13 hat gerben@altlinux.org geschrieben:
> From: Denis Rastyogin <gerben@altlinux.org>
>
> This error was discovered by fuzzing qemu-img.
>
> The current offset calculation leads to an EIO error
> in block/block-backend.c: blk_check_byte_request():
>
> if (offset > len || len - offset < bytes) {
> return -EIO;
> }
>
> This triggers the error message:
> "qemu-img: Failed request: Input/output error".
>
> Example of the issue:
> offset: 260076
> len: 260096
> bytes: 4096
>
> This fix ensures that offset remains within a valid range.
>
> Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
> ---
> qemu-img.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/qemu-img.c b/qemu-img.c
> index 76ac5d3028..e64acfafb3 100644
> --- a/qemu-img.c
> +++ b/qemu-img.c
> @@ -4488,10 +4488,10 @@ static void bench_cb(void *opaque, int ret)
> */
> b->in_flight++;
> b->offset += b->step;
> - if (b->image_size == 0) {
> + if (b->image_size - b->bufsize <= 0) {
The result of b->image_size - b->bufsize is unsigned, so this doesn't do
what it looks like. I'm replacing it with b->image_size <= b->bufsize.
> b->offset = 0;
> } else {
> - b->offset %= b->image_size;
> + b->offset %= b->image_size - b->bufsize;
> }
> if (b->write) {
> acb = blk_aio_pwritev(b->blk, offset, b->qiov, 0, bench_cb, b);
Thanks, applied to the block branch.
Kevin
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-05-20 10:05 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-06 14:13 [PATCH v2] qemu-img: fix offset calculation in bench gerben
2025-05-20 10:04 ` Kevin Wolf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.