From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
Michael Roth <mdroth@linux.vnet.ibm.com>,
qemu-stable@nongnu.org, Max Reitz <mreitz@redhat.com>
Subject: [Qemu-devel] [PATCH 18/40] qcow2: Make size_to_clusters() return uint64_t
Date: Wed, 21 Oct 2015 12:51:48 -0500 [thread overview]
Message-ID: <1445449930-23525-19-git-send-email-mdroth@linux.vnet.ibm.com> (raw)
In-Reply-To: <1445449930-23525-1-git-send-email-mdroth@linux.vnet.ibm.com>
From: Max Reitz <mreitz@redhat.com>
Sadly, some images may have more clusters than what can be represented
using a plain int. We should be prepared for that case (in
qcow2_check_refcounts() we actually were trying to catch that case, but
since size_to_clusters() truncated the returned value, that check never
did anything useful).
Cc: qemu-stable <qemu-stable@nongnu.org>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit b6d36def6d9e9fd187327182d0abafc9b7085d8f)
Conflicts:
block/qcow2-cluster.c
block/qcow2.h
* removed context dependency on ff99129a
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
block/qcow2-cluster.c | 28 ++++++++++++++++++----------
block/qcow2-refcount.c | 12 ++++++++----
block/qcow2.h | 6 +++---
3 files changed, 29 insertions(+), 17 deletions(-)
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index b43f186..7e94fe7 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -298,7 +298,7 @@ fail:
* as contiguous. (This allows it, for example, to stop at the first compressed
* cluster which may require a different handling)
*/
-static int count_contiguous_clusters(uint64_t nb_clusters, int cluster_size,
+static int count_contiguous_clusters(int nb_clusters, int cluster_size,
uint64_t *l2_table, uint64_t stop_flags)
{
int i;
@@ -321,7 +321,7 @@ static int count_contiguous_clusters(uint64_t nb_clusters, int cluster_size,
return i;
}
-static int count_contiguous_free_clusters(uint64_t nb_clusters, uint64_t *l2_table)
+static int count_contiguous_free_clusters(int nb_clusters, uint64_t *l2_table)
{
int i;
@@ -495,6 +495,7 @@ int qcow2_get_cluster_offset(BlockDriverState *bs, uint64_t offset,
if (nb_needed > nb_available) {
nb_needed = nb_available;
}
+ assert(nb_needed <= INT_MAX);
*cluster_offset = 0;
@@ -530,6 +531,8 @@ int qcow2_get_cluster_offset(BlockDriverState *bs, uint64_t offset,
l2_index = (offset >> s->cluster_bits) & (s->l2_size - 1);
*cluster_offset = be64_to_cpu(l2_table[l2_index]);
+
+ /* nb_needed <= INT_MAX, thus nb_clusters <= INT_MAX, too */
nb_clusters = size_to_clusters(s, nb_needed << 9);
ret = qcow2_get_cluster_type(*cluster_offset);
@@ -960,7 +963,7 @@ static int handle_copied(BlockDriverState *bs, uint64_t guest_offset,
int l2_index;
uint64_t cluster_offset;
uint64_t *l2_table;
- unsigned int nb_clusters;
+ uint64_t nb_clusters;
unsigned int keep_clusters;
int ret;
@@ -979,6 +982,7 @@ static int handle_copied(BlockDriverState *bs, uint64_t guest_offset,
l2_index = offset_to_l2_index(s, guest_offset);
nb_clusters = MIN(nb_clusters, s->l2_size - l2_index);
+ assert(nb_clusters <= INT_MAX);
/* Find L2 entry for the first involved cluster */
ret = get_cluster_table(bs, guest_offset, &l2_table, &l2_index);
@@ -1061,7 +1065,7 @@ out:
* restarted, but the whole request should not be failed.
*/
static int do_alloc_cluster_offset(BlockDriverState *bs, uint64_t guest_offset,
- uint64_t *host_offset, unsigned int *nb_clusters)
+ uint64_t *host_offset, uint64_t *nb_clusters)
{
BDRVQcowState *s = bs->opaque;
@@ -1079,7 +1083,7 @@ static int do_alloc_cluster_offset(BlockDriverState *bs, uint64_t guest_offset,
*host_offset = cluster_offset;
return 0;
} else {
- int ret = qcow2_alloc_clusters_at(bs, *host_offset, *nb_clusters);
+ int64_t ret = qcow2_alloc_clusters_at(bs, *host_offset, *nb_clusters);
if (ret < 0) {
return ret;
}
@@ -1115,7 +1119,7 @@ static int handle_alloc(BlockDriverState *bs, uint64_t guest_offset,
int l2_index;
uint64_t *l2_table;
uint64_t entry;
- unsigned int nb_clusters;
+ uint64_t nb_clusters;
int ret;
uint64_t alloc_cluster_offset;
@@ -1133,6 +1137,7 @@ static int handle_alloc(BlockDriverState *bs, uint64_t guest_offset,
l2_index = offset_to_l2_index(s, guest_offset);
nb_clusters = MIN(nb_clusters, s->l2_size - l2_index);
+ assert(nb_clusters <= INT_MAX);
/* Find L2 entry for the first involved cluster */
ret = get_cluster_table(bs, guest_offset, &l2_table, &l2_index);
@@ -1426,7 +1431,8 @@ int qcow2_decompress_cluster(BlockDriverState *bs, uint64_t cluster_offset)
* clusters.
*/
static int discard_single_l2(BlockDriverState *bs, uint64_t offset,
- unsigned int nb_clusters, enum qcow2_discard_type type, bool full_discard)
+ uint64_t nb_clusters, enum qcow2_discard_type type,
+ bool full_discard)
{
BDRVQcowState *s = bs->opaque;
uint64_t *l2_table;
@@ -1441,6 +1447,7 @@ static int discard_single_l2(BlockDriverState *bs, uint64_t offset,
/* Limit nb_clusters to one L2 table */
nb_clusters = MIN(nb_clusters, s->l2_size - l2_index);
+ assert(nb_clusters <= INT_MAX);
for (i = 0; i < nb_clusters; i++) {
uint64_t old_l2_entry;
@@ -1503,7 +1510,7 @@ int qcow2_discard_clusters(BlockDriverState *bs, uint64_t offset,
{
BDRVQcowState *s = bs->opaque;
uint64_t end_offset;
- unsigned int nb_clusters;
+ uint64_t nb_clusters;
int ret;
end_offset = offset + (nb_sectors << BDRV_SECTOR_BITS);
@@ -1545,7 +1552,7 @@ fail:
* clusters.
*/
static int zero_single_l2(BlockDriverState *bs, uint64_t offset,
- unsigned int nb_clusters)
+ uint64_t nb_clusters)
{
BDRVQcowState *s = bs->opaque;
uint64_t *l2_table;
@@ -1560,6 +1567,7 @@ static int zero_single_l2(BlockDriverState *bs, uint64_t offset,
/* Limit nb_clusters to one L2 table */
nb_clusters = MIN(nb_clusters, s->l2_size - l2_index);
+ assert(nb_clusters <= INT_MAX);
for (i = 0; i < nb_clusters; i++) {
uint64_t old_offset;
@@ -1584,7 +1592,7 @@ static int zero_single_l2(BlockDriverState *bs, uint64_t offset,
int qcow2_zero_clusters(BlockDriverState *bs, uint64_t offset, int nb_sectors)
{
BDRVQcowState *s = bs->opaque;
- unsigned int nb_clusters;
+ uint64_t nb_clusters;
int ret;
/* The zero flag is only supported by version 3 and newer */
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index b0ee42d..0b6c302 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -875,8 +875,8 @@ int64_t qcow2_alloc_clusters(BlockDriverState *bs, uint64_t size)
return offset;
}
-int qcow2_alloc_clusters_at(BlockDriverState *bs, uint64_t offset,
- int nb_clusters)
+int64_t qcow2_alloc_clusters_at(BlockDriverState *bs, uint64_t offset,
+ int64_t nb_clusters)
{
BDRVQcowState *s = bs->opaque;
uint64_t cluster_index, refcount;
@@ -1259,7 +1259,7 @@ static size_t refcount_array_byte_size(BDRVQcowState *s, uint64_t entries)
static int realloc_refcount_array(BDRVQcowState *s, void **array,
int64_t *size, int64_t new_size)
{
- size_t old_byte_size, new_byte_size;
+ int64_t old_byte_size, new_byte_size;
void *new_ptr;
/* Round to clusters so the array can be directly written to disk */
@@ -1275,13 +1275,17 @@ static int realloc_refcount_array(BDRVQcowState *s, void **array,
assert(new_byte_size > 0);
+ if (new_byte_size > SIZE_MAX) {
+ return -ENOMEM;
+ }
+
new_ptr = g_try_realloc(*array, new_byte_size);
if (!new_ptr) {
return -ENOMEM;
}
if (new_byte_size > old_byte_size) {
- memset((void *)((uintptr_t)new_ptr + old_byte_size), 0,
+ memset((char *)new_ptr + old_byte_size, 0,
new_byte_size - old_byte_size);
}
diff --git a/block/qcow2.h b/block/qcow2.h
index 72e1328..4b5a6af 100644
--- a/block/qcow2.h
+++ b/block/qcow2.h
@@ -412,7 +412,7 @@ static inline int64_t offset_into_cluster(BDRVQcowState *s, int64_t offset)
return offset & (s->cluster_size - 1);
}
-static inline int size_to_clusters(BDRVQcowState *s, int64_t size)
+static inline uint64_t size_to_clusters(BDRVQcowState *s, uint64_t size)
{
return (size + (s->cluster_size - 1)) >> s->cluster_bits;
}
@@ -506,8 +506,8 @@ int qcow2_update_cluster_refcount(BlockDriverState *bs, int64_t cluster_index,
enum qcow2_discard_type type);
int64_t qcow2_alloc_clusters(BlockDriverState *bs, uint64_t size);
-int qcow2_alloc_clusters_at(BlockDriverState *bs, uint64_t offset,
- int nb_clusters);
+int64_t qcow2_alloc_clusters_at(BlockDriverState *bs, uint64_t offset,
+ int64_t nb_clusters);
int64_t qcow2_alloc_bytes(BlockDriverState *bs, int size);
void qcow2_free_clusters(BlockDriverState *bs,
int64_t offset, int64_t size,
--
1.9.1
next prev parent reply other threads:[~2015-10-21 17:54 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-21 17:51 [Qemu-devel] [PATCH 00/40] Patch Round-up for stable 2.4.1, freeze on 2015-10-29 Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 01/40] scsi-disk: Fix assertion failure on WRITE SAME Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 02/40] mirror: Fix coroutine reentrance Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 03/40] target-arm/arm-semi.c: Fix broken SYS_WRITE0 via gdb Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 04/40] block/iscsi: validate block size returned from target Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 05/40] exec-all: Translate TCI return addresses backwards too Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 06/40] block/nfs: fix calculation of allocated file size Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 07/40] qemu-img: Fix crash in amend invocation Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 08/40] mac_dbdma: always clear FLUSH bit once DBDMA channel flush is complete Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 09/40] vhost-scsi: fix wrong vhost-scsi firmware path Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 10/40] scripts/dump-guest-memory.py: fix after RAMBlock change Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 11/40] PPC: E500: Update u-boot to commit 79c884d7e4 Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 12/40] s390x/css: start with cleared cstat/dstat Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 13/40] rtl8139: Fix receive buffer overflow check Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 14/40] rtl8139: Do not consume the packet during overflow in standard mode Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 15/40] cpus.c: qemu_mutex_lock_iothread fix race condition at cpu thread init Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 16/40] virtio dataplane: adapt dataplane for virtio Version 1 Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 17/40] target-arm: Share all common TCG temporaries Michael Roth
2015-10-21 17:51 ` Michael Roth [this message]
2015-10-21 17:51 ` [Qemu-devel] [PATCH 19/40] ide: fix ATAPI command permissions Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 20/40] gtk: use setlocale() for LC_MESSAGES only Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 21/40] spapr_pci: fix device tree props for MSI/MSI-X Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 22/40] nbd: release exp->blk after all clients are closed Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 23/40] slirp: Fix non blocking connect for w32 Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 24/40] ide: unify io_buffer_offset increments Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 25/40] qom: Do not reuse errp after a possible error Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 26/40] qom: Fix invalid error check in property_get_str() Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 27/40] tcg/mips: Fix clobbering of qemu_ld inputs Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 28/40] target-ppc: fix vcipher, vcipherlast, vncipherlast and vpermxor Michael Roth
2015-10-21 17:51 ` [Qemu-devel] [PATCH 29/40] target-ppc: fix xscmpodp and xscmpudp decoding Michael Roth
2015-10-21 17:52 ` [Qemu-devel] [PATCH 30/40] virtio: avoid leading underscores for helpers Michael Roth
2015-10-21 17:52 ` [Qemu-devel] [PATCH 31/40] virtio-net: unbreak self announcement and guest offloads after migration Michael Roth
2015-10-21 17:52 ` [Qemu-devel] [PATCH 32/40] vmxnet3: Drop net_vmxnet3_info.can_receive Michael Roth
2015-10-21 17:52 ` [Qemu-devel] [PATCH 33/40] qmp: Fix device-list-properties not to crash for abstract device Michael Roth
2015-10-21 17:52 ` [Qemu-devel] [PATCH 34/40] qdev: Protect device-list-properties against broken devices Michael Roth
2015-10-21 17:52 ` [Qemu-devel] [PATCH 35/40] Revert "qdev: Use qdev_get_device_class() for -device <type>, help" Michael Roth
2015-10-21 17:52 ` [Qemu-devel] [PATCH 36/40] misc: zynq_slcr: Fix MMIO writes Michael Roth
2015-10-21 17:52 ` [Qemu-devel] [PATCH 37/40] s390x/kvm: Fix vector validity bit in device machine checks Michael Roth
2015-10-21 17:52 ` [Qemu-devel] [PATCH 38/40] util/qemu-config: fix missing machine command line options Michael Roth
2015-10-21 17:52 ` [Qemu-devel] [PATCH 39/40] Migration: Generate the completed event only when we complete Michael Roth
2015-10-21 17:52 ` [Qemu-devel] [PATCH 40/40] virtio-input: ignore events until the guest driver is ready Michael Roth
2015-10-21 18:05 ` [Qemu-devel] [PATCH 00/40] Patch Round-up for stable 2.4.1, freeze on 2015-10-29 Cole Robinson
2015-10-21 18:43 ` Michael Roth
2015-10-22 17:36 ` Cole Robinson
2015-10-22 8:01 ` Markus Armbruster
2015-10-29 19:19 ` Michael Roth
2015-10-29 20:53 ` Denis V. Lunev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1445449930-23525-19-git-send-email-mdroth@linux.vnet.ibm.com \
--to=mdroth@linux.vnet.ibm.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).