From: Eric Farman <farman@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org, qemu-block@nongnu.org
Cc: kwolf@redhat.com, mreitz@redhat.com, pbonzini@redhat.com,
Eric Farman <farman@linux.vnet.ibm.com>
Subject: [Qemu-devel] [PATCH 2/3] block: Fix target variable of BLKSECTGET ioctl
Date: Mon, 16 Jan 2017 22:12:00 +0100 [thread overview]
Message-ID: <20170116211201.46601-3-farman@linux.vnet.ibm.com> (raw)
In-Reply-To: <20170116211201.46601-1-farman@linux.vnet.ibm.com>
Commit 6f607174 introduced a routine to call the kernel BLKSECTGET
ioctl, which stores the result back to user space. However, the
size of the data returned depends on the routine handling the ioctl.
The (compat_)blkdev_ioctl returns a short, while sg_ioctl returns
an int. Thus, on big-endian systems, we can find ourselves
accidentally shifting the result to a much larger value.
(On s390x, a short is 16 bits while an int is 32 bits.)
Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
---
block/file-posix.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
index 28b47d9..2115155 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -651,12 +651,15 @@ static void raw_reopen_abort(BDRVReopenState *state)
state->opaque = NULL;
}
-static int hdev_get_max_transfer_length(int fd)
+static int hdev_get_max_transfer_length(BlockDriverState *bs, int fd)
{
#ifdef BLKSECTGET
int max_sectors = 0;
- if (ioctl(fd, BLKSECTGET, &max_sectors) == 0) {
+ short max_sectors_short = 0;
+ if (bs->sg && ioctl(fd, BLKSECTGET, &max_sectors) == 0) {
return max_sectors;
+ } else if (!bs->sg && ioctl(fd, BLKSECTGET, &max_sectors_short) == 0) {
+ return max_sectors_short;
} else {
return -errno;
}
@@ -672,7 +675,7 @@ static void raw_refresh_limits(BlockDriverState *bs, Error **errp)
if (!fstat(s->fd, &st)) {
if (S_ISBLK(st.st_mode)) {
- int ret = hdev_get_max_transfer_length(s->fd);
+ int ret = hdev_get_max_transfer_length(bs, s->fd);
if (ret > 0 && ret <= BDRV_REQUEST_MAX_SECTORS) {
bs->bl.max_transfer = pow2floor(ret << BDRV_SECTOR_BITS);
}
--
2.8.4
next prev parent reply other threads:[~2017-01-16 21:12 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-16 21:11 [Qemu-devel] [RFC PATCH 0/3] scsi-generic and BLKSECTGET Eric Farman
2017-01-16 21:11 ` [Qemu-devel] [PATCH 1/3] hw/scsi: Fix debug message of cdb structure in scsi-generic Eric Farman
2017-01-16 21:12 ` Eric Farman [this message]
2017-01-16 21:12 ` [Qemu-devel] [PATCH 3/3] block: get max_transfer limit for char (scsi-generic) devices Eric Farman
2017-01-17 7:04 ` Fam Zheng
2017-01-17 14:49 ` Eric Farman
2017-01-17 7:08 ` [Qemu-devel] [RFC PATCH 0/3] scsi-generic and BLKSECTGET Fam Zheng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170116211201.46601-3-farman@linux.vnet.ibm.com \
--to=farman@linux.vnet.ibm.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).