* [Qemu-devel] virtio-blk.c handling of i/o which is not a 512 multiple
@ 2011-03-30 8:48 Conor Murphy
2011-03-30 18:55 ` Christoph Hellwig
0 siblings, 1 reply; 3+ messages in thread
From: Conor Murphy @ 2011-03-30 8:48 UTC (permalink / raw)
To: qemu-devel
Hi,
I'm trying to write a virtio-blk driver for Solaris. I've gotten it to the point
where Solaris can see the device and create a ZFS file system on it.
However when I try and create a UFS filesystem on the device, the VM crashed
with the error
*** glibc detected *** /usr/bin/qemu-kvm: double free or corruption (!prev):
0x00007f2d38000a00 ***
I can reproduce the problem with a simple dd, i.e.
dd if=/dev/zero of=/dev/rdsk/c2d10p0 bs=5000 count=1
My driver will create a virtio-blk request with two elements in the sg list, one
for the first 4096 byes and the other for the remaining 904.
>From stepping through with gdb, virtio_blk_handle_write will sets n_sectors to 9
(5000 / 512). Later on the code, n_sectors is used the calculate the size of the
buffer required but 9 * 512 is too small and so when the request is process it
ends up writing past the end of the buffer and I guest this triggers the glibc
error.
Is there a requirement for virtio-blk guest drivers that all i/o requests are
sized in multiples of 512 bytes?
Thanks,
Conor
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] virtio-blk.c handling of i/o which is not a 512 multiple
2011-03-30 8:48 [Qemu-devel] virtio-blk.c handling of i/o which is not a 512 multiple Conor Murphy
@ 2011-03-30 18:55 ` Christoph Hellwig
2011-03-31 7:52 ` [Qemu-devel] " Conor Murphy
0 siblings, 1 reply; 3+ messages in thread
From: Christoph Hellwig @ 2011-03-30 18:55 UTC (permalink / raw)
To: Conor Murphy; +Cc: qemu-devel
On Wed, Mar 30, 2011 at 08:48:18AM +0000, Conor Murphy wrote:
> Is there a requirement for virtio-blk guest drivers that all i/o requests are
> sized in multiples of 512 bytes?
Yes, like for any other block driver. Of course this should not actually
crash qemu, but rather fail the request.
Does the patch below give you a correct error report?
Index: qemu/hw/virtio-blk.c
===================================================================
--- qemu.orig/hw/virtio-blk.c 2011-03-30 20:46:10.268665534 +0200
+++ qemu/hw/virtio-blk.c 2011-03-30 20:49:45.655247322 +0200
@@ -290,6 +290,10 @@ static void virtio_blk_handle_write(Virt
virtio_blk_rw_complete(req, -EIO);
return;
}
+ if (req->qiov.size % req->dev->conf->logical_block_size) {
+ virtio_blk_rw_complete(req, -EIO);
+ return;
+ }
if (mrb->num_writes == 32) {
virtio_submit_multiwrite(req->dev->bs, mrb);
@@ -317,6 +321,10 @@ static void virtio_blk_handle_read(VirtI
virtio_blk_rw_complete(req, -EIO);
return;
}
+ if (req->qiov.size % req->dev->conf->logical_block_size) {
+ virtio_blk_rw_complete(req, -EIO);
+ return;
+ }
acb = bdrv_aio_readv(req->dev->bs, sector, &req->qiov,
req->qiov.size / BDRV_SECTOR_SIZE,
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Qemu-devel] Re: virtio-blk.c handling of i/o which is not a 512 multiple
2011-03-30 18:55 ` Christoph Hellwig
@ 2011-03-31 7:52 ` Conor Murphy
0 siblings, 0 replies; 3+ messages in thread
From: Conor Murphy @ 2011-03-31 7:52 UTC (permalink / raw)
To: qemu-devel
Hi Christoph,
I had already updated my driver to reject non 512 multiple sized requests. I
rolled back this update and applied your patch and I now get a non-zero status
response and no qemu crash!
Thanks for your help,
Conor
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-03-31 7:52 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-03-30 8:48 [Qemu-devel] virtio-blk.c handling of i/o which is not a 512 multiple Conor Murphy
2011-03-30 18:55 ` Christoph Hellwig
2011-03-31 7:52 ` [Qemu-devel] " Conor Murphy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).