From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:33036)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <graalfs@linux.vnet.ibm.com>) id 1TiQHK-0001bV-BA
	for qemu-devel@nongnu.org; Tue, 11 Dec 2012 08:53:51 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <graalfs@linux.vnet.ibm.com>) id 1TiQHJ-00060m-0b
	for qemu-devel@nongnu.org; Tue, 11 Dec 2012 08:53:46 -0500
Received: from e37.co.us.ibm.com ([32.97.110.158]:51210)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <graalfs@linux.vnet.ibm.com>) id 1TiQHI-00060f-QV
	for qemu-devel@nongnu.org; Tue, 11 Dec 2012 08:53:44 -0500
Received: from /spool/local
	by e37.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <graalfs@linux.vnet.ibm.com>;
	Tue, 11 Dec 2012 06:53:43 -0700
Received: from d03relay04.boulder.ibm.com (d03relay04.boulder.ibm.com
	[9.17.195.106])
	by d03dlp03.boulder.ibm.com (Postfix) with ESMTP id 70C9719D8053
	for <qemu-devel@nongnu.org>; Tue, 11 Dec 2012 06:53:40 -0700 (MST)
Received: from d03av03.boulder.ibm.com (d03av03.boulder.ibm.com [9.17.195.169])
	by d03relay04.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	qBBDrcVu236452
	for <qemu-devel@nongnu.org>; Tue, 11 Dec 2012 06:53:39 -0700
Received: from d03av03.boulder.ibm.com (loopback [127.0.0.1])
	by d03av03.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP
	id qBBDrcmG013310
	for <qemu-devel@nongnu.org>; Tue, 11 Dec 2012 06:53:38 -0700
Message-ID: <1355234017.4245.23.camel@br8hfpp0.de.ibm.com>
From: Heinz Graalfs <graalfs@linux.vnet.ibm.com>
Date: Tue, 11 Dec 2012 14:53:37 +0100
In-Reply-To: <50C70B4D.1000505@redhat.com>
References: <1353488287-47077-1-git-send-email-borntraeger@de.ibm.com>
	<50AC9B96.9070908@redhat.com>
	<1354911963.3635.4.camel@br8hfpp0.de.ibm.com>
	<50C5A37F.9020300@redhat.com>
	<1355219892.4245.14.camel@br8hfpp0.de.ibm.com>
	<50C70B4D.1000505@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH/RFC] block: Ensure that block size
 constraints are considered
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Kevin Wolf <kwolf@redhat.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>, jfrei@linux.vnet.ibm.com, qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>, agraf@suse.de

On Tue, 2012-12-11 at 11:30 +0100, Kevin Wolf wrote:
> Am 11.12.2012 10:58, schrieb Heinz Graalfs:
> > Hi Kevin,
> > 
> > I'm using the bdrv_pread() function during boot partition detection ...
> > 
> > In detail: 
> > bdrv_pread() is called to read 32 bytes from a 2048 bytes formatted
> > disk. This results in setting up a read of 512 bytes (1 sector
> > multiplied by 512 current code in paio_submit()), which is wrong for a
> > O_DIRECT opened file, and produces the error.
> 
> So this sounds like the real problem: bdrv_pread/pwrite assume 512 byte
> sectors. May it's better to fix it there instead of just fixing one code
> path in one backend.
> 
> In any case this patch as submitted is wrong as it overflows the buffer
> passed to paio_submit. Test it with this patch:
> 
> --- a/qemu-io.c
> +++ b/qemu-io.c
> @@ -1718,6 +1718,8 @@ static int openfile(char *name, int flags, int
> growable)
>              bs = NULL;
>              return 1;
>          }
> +
> +        bdrv_set_buffer_alignment(bs, 4096);
>      }
> 
>      return 0;
> 
> 
> $ ./qemu-io -n -c 'read -p 0 512' /tmp/foo
> read 512/512 bytes at offset 0
> 512 bytes, 1 ops; 0.0001 sec (3.727 MiB/sec and 7633.5878 ops/sec)
> *** glibc detected *** ./qemu-io: double free or corruption (out):
> 0x00007fa22349b000 ***
> 
> Kevin
> 

Kevin, I tried your fix and it solves the free error...

Here is what I get:

# lsdasd
Bus-ID     Status      Name      Device  Type  BlkSz  Size      Blocks
==============================================================================
0.0.37a1   active      dasdb     94:4    ECKD  2048   6162MB    3155355
0.0.37a0   active      dasdc     94:8    ECKD  512    3594MB    7362495

# ./qemu-io  -c 'read -p 0 512' /dev/disk/by-path/ccw-0.0.37a0
read 512/512 bytes at offset 0
512 bytes, 1 ops; 0.0000 sec (7.512 MiB/sec and 15384.6154 ops/sec)

# ./qemu-io -n  -c 'read -p 0 512' /dev/disk/by-path/ccw-0.0.37a0
read 512/512 bytes at offset 0
512 bytes, 1 ops; 0.0005 sec (904.159 KiB/sec and 1808.3183 ops/sec)


# ./qemu-io   -c 'read -p 0 512' /dev/disk/by-path/ccw-0.0.37a1
read 512/512 bytes at offset 0
512 bytes, 1 ops; 0.0000 sec (7.288 MiB/sec and 14925.3731 ops/sec)

# ./qemu-io -n  -c 'read -p 0 512' /dev/disk/by-path/ccw-0.0.37a1
read failed: Invalid argument
# 

Are you going to fix the rest in bdrv_pread/pwrite too?

Heinz