From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50563) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1X482V-0003kv-Gr for qemu-devel@nongnu.org; Mon, 07 Jul 2014 08:29:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1X482M-00053N-FM for qemu-devel@nongnu.org; Mon, 07 Jul 2014 08:28:59 -0400 Received: from mx1.redhat.com ([209.132.183.28]:14269) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1X482M-00053J-69 for qemu-devel@nongnu.org; Mon, 07 Jul 2014 08:28:50 -0400 From: Stefan Hajnoczi Date: Mon, 7 Jul 2014 14:28:29 +0200 Message-Id: <1404736118-10078-3-git-send-email-stefanha@redhat.com> In-Reply-To: <1404736118-10078-1-git-send-email-stefanha@redhat.com> References: <1404736118-10078-1-git-send-email-stefanha@redhat.com> Subject: [Qemu-devel] [PULL for-2.1 02/11] mirror: Fix qiov size for short requests List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Kevin Wolf , Peter Maydell , Stefan Hajnoczi From: Kevin Wolf When mirroring an image of a size that is not a multiple of the mirror job granularity, the last request would have the right nb_sectors argument, but a qiov that is rounded up to the next multiple of the granularity. Don't do this. This fixes a segfault that is caused by raw-posix being confused by this and allocating a buffer with request length, but operating on it with qiov length. [s/Driver/Drive/ in qemu-iotests 041 as suggested by Eric --Stefan] Reported-by: Eric Blake Signed-off-by: Kevin Wolf Tested-by: Eric Blake Reviewed-by: Eric Blake Signed-off-by: Stefan Hajnoczi --- block/mirror.c | 4 +++- tests/qemu-iotests/041 | 5 +++++ tests/qemu-iotests/041.out | 4 ++-- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/block/mirror.c b/block/mirror.c index 6c3ee70..c7a655f 100644 --- a/block/mirror.c +++ b/block/mirror.c @@ -265,9 +265,11 @@ static uint64_t coroutine_fn mirror_iteration(MirrorBlockJob *s) next_sector = sector_num; while (nb_chunks-- > 0) { MirrorBuffer *buf = QSIMPLEQ_FIRST(&s->buf_free); + size_t remaining = (nb_sectors * BDRV_SECTOR_SIZE) - op->qiov.size; + QSIMPLEQ_REMOVE_HEAD(&s->buf_free, next); s->buf_free_count--; - qemu_iovec_add(&op->qiov, buf, s->granularity); + qemu_iovec_add(&op->qiov, buf, MIN(s->granularity, remaining)); /* Advance the HBitmapIter in parallel, so that we do not examine * the same sector twice. diff --git a/tests/qemu-iotests/041 b/tests/qemu-iotests/041 index 0815e19..005090e 100755 --- a/tests/qemu-iotests/041 +++ b/tests/qemu-iotests/041 @@ -217,6 +217,11 @@ class TestSingleDriveZeroLength(TestSingleDrive): test_small_buffer2 = None test_large_cluster = None +class TestSingleDriveUnalignedLength(TestSingleDrive): + image_len = 1025 * 1024 + test_small_buffer2 = None + test_large_cluster = None + class TestMirrorNoBacking(ImageMirroringTestCase): image_len = 2 * 1024 * 1024 # MB diff --git a/tests/qemu-iotests/041.out b/tests/qemu-iotests/041.out index 42147c0..24093bc 100644 --- a/tests/qemu-iotests/041.out +++ b/tests/qemu-iotests/041.out @@ -1,5 +1,5 @@ -.............................................. +...................................................... ---------------------------------------------------------------------- -Ran 46 tests +Ran 54 tests OK -- 1.9.3