From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 27/28] block/io: bdrv_pdiscard: support int64_t bytes parameter
Date: Mon, 3 Jun 2019 17:02:32 +0200 [thread overview]
Message-ID: <20190603150233.6614-28-kwolf@redhat.com> (raw)
In-Reply-To: <20190603150233.6614-1-kwolf@redhat.com>
From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
This fixes at least one overflow in qcow2_process_discards, which
passes 64bit region length to bdrv_pdiscard where bytes (or sectors in
the past) parameter is int since its introduction in 0b919fae.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
include/block/block.h | 4 ++--
block/io.c | 16 ++++++++--------
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/include/block/block.h b/include/block/block.h
index 13ea050a5b..f9415ed740 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -434,8 +434,8 @@ void bdrv_drain_all(void);
AIO_WAIT_WHILE(bdrv_get_aio_context(bs_), \
cond); })
-int bdrv_pdiscard(BdrvChild *child, int64_t offset, int bytes);
-int bdrv_co_pdiscard(BdrvChild *child, int64_t offset, int bytes);
+int bdrv_pdiscard(BdrvChild *child, int64_t offset, int64_t bytes);
+int bdrv_co_pdiscard(BdrvChild *child, int64_t offset, int64_t bytes);
int bdrv_has_zero_init_1(BlockDriverState *bs);
int bdrv_has_zero_init(BlockDriverState *bs);
bool bdrv_unallocated_blocks_are_zero(BlockDriverState *bs);
diff --git a/block/io.c b/block/io.c
index 0f6ebd001c..9ba1bada36 100644
--- a/block/io.c
+++ b/block/io.c
@@ -2632,7 +2632,7 @@ int bdrv_flush(BlockDriverState *bs)
typedef struct DiscardCo {
BdrvChild *child;
int64_t offset;
- int bytes;
+ int64_t bytes;
int ret;
} DiscardCo;
static void coroutine_fn bdrv_pdiscard_co_entry(void *opaque)
@@ -2643,14 +2643,15 @@ static void coroutine_fn bdrv_pdiscard_co_entry(void *opaque)
aio_wait_kick();
}
-int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, int64_t offset, int bytes)
+int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, int64_t offset,
+ int64_t bytes)
{
BdrvTrackedRequest req;
int max_pdiscard, ret;
int head, tail, align;
BlockDriverState *bs = child->bs;
- if (!bs || !bs->drv) {
+ if (!bs || !bs->drv || !bdrv_is_inserted(bs)) {
return -ENOMEDIUM;
}
@@ -2658,9 +2659,8 @@ int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, int64_t offset, int bytes)
return -EPERM;
}
- ret = bdrv_check_byte_request(bs, offset, bytes);
- if (ret < 0) {
- return ret;
+ if (offset < 0 || bytes < 0 || bytes > INT64_MAX - offset) {
+ return -EIO;
}
/* Do nothing if disabled. */
@@ -2695,7 +2695,7 @@ int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, int64_t offset, int bytes)
assert(max_pdiscard >= bs->bl.request_alignment);
while (bytes > 0) {
- int num = bytes;
+ int64_t num = bytes;
if (head) {
/* Make small requests to get to alignment boundaries. */
@@ -2757,7 +2757,7 @@ out:
return ret;
}
-int bdrv_pdiscard(BdrvChild *child, int64_t offset, int bytes)
+int bdrv_pdiscard(BdrvChild *child, int64_t offset, int64_t bytes)
{
Coroutine *co;
DiscardCo rwco = {
--
2.20.1
next prev parent reply other threads:[~2019-06-03 15:26 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-03 15:02 [Qemu-devel] [PULL 00/28] Block layer patches Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 01/28] block: Drain source node in bdrv_replace_node() Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 02/28] iotests: Test commit job start with concurrent I/O Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 03/28] blockdev: fix missed target unref for drive-backup Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 04/28] tests/perf: Test lseek influence on qcow2 block-status Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 05/28] block: avoid recursive block_status call if possible Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 06/28] block/io: Delay decrementing the quiesce_counter Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 07/28] iotests: Test cancelling a job and closing the VM Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 08/28] block/linux-aio: Drop unused BlockAIOCB submission method Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 09/28] nvme: add Get/Set Feature Timestamp support Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 10/28] test-block-iothread: Check filter node in test_propagate_mirror Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 11/28] nbd-server: Call blk_set_allow_aio_context_change() Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 12/28] block: Add Error to blk_set_aio_context() Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 13/28] block: Add BlockBackend.ctx Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 14/28] block: Add qdev_prop_drive_iothread property type Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 15/28] scsi-disk: Use qdev_prop_drive_iothread Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 16/28] block: Adjust AioContexts when attaching nodes Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 17/28] test-block-iothread: Test adding parent to iothread node Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 18/28] test-block-iothread: BlockBackend AioContext across root node change Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 19/28] block: Move node without parents to main AioContext Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 20/28] blockdev: Use bdrv_try_set_aio_context() for monitor commands Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 21/28] block: Remove wrong bdrv_set_aio_context() calls Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 22/28] virtio-scsi-test: Test attaching new overlay with iothreads Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 23/28] iotests: Attach new devices to node in non-default iothread Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 24/28] test-bdrv-drain: Use bdrv_try_set_aio_context() Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 25/28] block: Remove bdrv_set_aio_context() Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 26/28] block/qcow2-refcount: add trace-point to qcow2_process_discards Kevin Wolf
2019-06-03 15:02 ` Kevin Wolf [this message]
2019-06-03 15:02 ` [Qemu-devel] [PULL 28/28] iotests: Fix duplicated diff output on failure Kevin Wolf
2019-06-03 16:00 ` [Qemu-devel] [PULL 00/28] Block layer patches Peter Maydell
2019-06-03 19:27 ` no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190603150233.6614-28-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).