* [Qemu-devel] [PATCH] qcow2: fix 028 iotest
@ 2011-09-23 11:25 Frediano Ziglio
2011-09-23 12:31 ` Kevin Wolf
0 siblings, 1 reply; 2+ messages in thread
From: Frediano Ziglio @ 2011-09-23 11:25 UTC (permalink / raw)
To: kwolf; +Cc: qemu-devel, Frediano Ziglio
This fix bound check bug accessing last cluster if image size is not
cluster aligned caused by "Unlock during COW" patch.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
---
block/qcow2-cluster.c | 8 ++++++--
block/qcow2.c | 2 +-
block/qcow2.h | 2 ++
3 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index c9a1b1c..78e1b49 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -295,16 +295,20 @@ static int copy_sectors(BlockDriverState *bs, uint64_t start_sect,
BDRVQcowState *s = bs->opaque;
int n, ret;
void *buf;
+ QEMUIOVector qiov;
+ struct iovec iov;
n = n_end - n_start;
if (n <= 0) {
return 0;
}
- buf = qemu_blockalign(bs, n * BDRV_SECTOR_SIZE);
+ iov.iov_base = buf = qemu_blockalign(bs, n * BDRV_SECTOR_SIZE);
+ iov.iov_len = n * BDRV_SECTOR_SIZE;
+ qemu_iovec_init_external(&qiov, &iov, 1);
BLKDBG_EVENT(bs->file, BLKDBG_COW_READ);
- ret = bdrv_read(bs, start_sect + n_start, buf, n);
+ ret = qcow2_co_readv(bs, start_sect + n_start, n, &qiov);
if (ret < 0) {
goto out;
}
diff --git a/block/qcow2.c b/block/qcow2.c
index 510ff68..fd90881 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -376,7 +376,7 @@ int qcow2_backing_read1(BlockDriverState *bs, QEMUIOVector *qiov,
return n1;
}
-static int qcow2_co_readv(BlockDriverState *bs, int64_t sector_num,
+int qcow2_co_readv(BlockDriverState *bs, int64_t sector_num,
int remaining_sectors, QEMUIOVector *qiov)
{
BDRVQcowState *s = bs->opaque;
diff --git a/block/qcow2.h b/block/qcow2.h
index 531af39..7f5ff42 100644
--- a/block/qcow2.h
+++ b/block/qcow2.h
@@ -176,6 +176,8 @@ static inline int64_t align_offset(int64_t offset, int n)
/* qcow2.c functions */
int qcow2_backing_read1(BlockDriverState *bs, QEMUIOVector *qiov,
int64_t sector_num, int nb_sectors);
+int qcow2_co_readv(BlockDriverState *bs, int64_t sector_num,
+ int remaining_sectors, QEMUIOVector *qiov);
/* qcow2-refcount.c functions */
int qcow2_refcount_init(BlockDriverState *bs);
--
1.7.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Qemu-devel] [PATCH] qcow2: fix 028 iotest
2011-09-23 11:25 [Qemu-devel] [PATCH] qcow2: fix 028 iotest Frediano Ziglio
@ 2011-09-23 12:31 ` Kevin Wolf
0 siblings, 0 replies; 2+ messages in thread
From: Kevin Wolf @ 2011-09-23 12:31 UTC (permalink / raw)
To: Frediano Ziglio; +Cc: qemu-devel
Am 23.09.2011 13:25, schrieb Frediano Ziglio:
> This fix bound check bug accessing last cluster if image size is not
> cluster aligned caused by "Unlock during COW" patch.
>
> Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
I'm considering a solution like this, but I'm not completely happy with
it. Maybe the more correct thing would be to restrict the request to the
allowed size in copy_sectors.
Anyway, if I decide that this is the way to go, I'll merge this fix into
my patch along with a notice in the commit log (better than two
independent commits in terms of bisectablity).
Kevin
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-09-23 12:28 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-09-23 11:25 [Qemu-devel] [PATCH] qcow2: fix 028 iotest Frediano Ziglio
2011-09-23 12:31 ` Kevin Wolf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).