From: Kevin Wolf <kwolf@redhat.com>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com, stefanha@redhat.com
Subject: [Qemu-devel] [PATCH for-2.1 1/2] mirror: Fix qiov size for short requests
Date: Tue, 1 Jul 2014 16:52:21 +0200 [thread overview]
Message-ID: <1404226342-20174-2-git-send-email-kwolf@redhat.com> (raw)
In-Reply-To: <1404226342-20174-1-git-send-email-kwolf@redhat.com>
When mirroring an image of a size that is not a multiple of the
mirror job granularity, the last request would have the right nb_sectors
argument, but a qiov that is rounded up to the next multiple of the
granularity. Don't do this.
This fixes a segfault that is caused by raw-posix being confused by this
and allocating a buffer with request length, but operating on it with
qiov length.
Reported-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/mirror.c | 4 +++-
tests/qemu-iotests/041 | 5 +++++
tests/qemu-iotests/041.out | 4 ++--
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
index 6c3ee70..c7a655f 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -265,9 +265,11 @@ static uint64_t coroutine_fn mirror_iteration(MirrorBlockJob *s)
next_sector = sector_num;
while (nb_chunks-- > 0) {
MirrorBuffer *buf = QSIMPLEQ_FIRST(&s->buf_free);
+ size_t remaining = (nb_sectors * BDRV_SECTOR_SIZE) - op->qiov.size;
+
QSIMPLEQ_REMOVE_HEAD(&s->buf_free, next);
s->buf_free_count--;
- qemu_iovec_add(&op->qiov, buf, s->granularity);
+ qemu_iovec_add(&op->qiov, buf, MIN(s->granularity, remaining));
/* Advance the HBitmapIter in parallel, so that we do not examine
* the same sector twice.
diff --git a/tests/qemu-iotests/041 b/tests/qemu-iotests/041
index 2b1e8a0..3013a26 100755
--- a/tests/qemu-iotests/041
+++ b/tests/qemu-iotests/041
@@ -219,6 +219,11 @@ class TestSingleDriveZeroLength(TestSingleDrive):
test_small_buffer2 = None
test_large_cluster = None
+class TestSingleDriverUnalignedLength(TestSingleDrive):
+ image_len = 1025 * 1024
+ test_small_buffer2 = None
+ test_large_cluster = None
+
class TestMirrorNoBacking(ImageMirroringTestCase):
image_len = 2 * 1024 * 1024 # MB
diff --git a/tests/qemu-iotests/041.out b/tests/qemu-iotests/041.out
index 42147c0..24093bc 100644
--- a/tests/qemu-iotests/041.out
+++ b/tests/qemu-iotests/041.out
@@ -1,5 +1,5 @@
-..............................................
+......................................................
----------------------------------------------------------------------
-Ran 46 tests
+Ran 54 tests
OK
--
1.8.3.1
next prev parent reply other threads:[~2014-07-01 14:52 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-01 14:52 [Qemu-devel] [PATCH for-2.1 0/2] Fix mirror segfault with unaligned size Kevin Wolf
2014-07-01 14:52 ` Kevin Wolf [this message]
2014-07-01 16:52 ` [Qemu-devel] [PATCH for-2.1 1/2] mirror: Fix qiov size for short requests Eric Blake
2014-07-01 21:31 ` Eric Blake
2014-07-02 8:50 ` Kevin Wolf
2014-07-02 8:13 ` Stefan Hajnoczi
2014-07-01 14:52 ` [Qemu-devel] [PATCH for-2.1 2/2] block: Assert qiov length matches request length Kevin Wolf
2014-07-01 15:16 ` Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1404226342-20174-2-git-send-email-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).