From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:52821) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Tbdi0-0008VF-To for qemu-devel@nongnu.org; Thu, 22 Nov 2012 15:49:17 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Tbdhz-0002bg-P7 for qemu-devel@nongnu.org; Thu, 22 Nov 2012 15:49:16 -0500 Received: from mail.profihost.ag ([85.158.179.208]:54987) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Tbdhz-0002bZ-FH for qemu-devel@nongnu.org; Thu, 22 Nov 2012 15:49:15 -0500 Message-ID: <50AE8FC8.8060800@profihost.ag> Date: Thu, 22 Nov 2012 21:49:12 +0100 From: Stefan Priebe - Profihost AG MIME-Version: 1.0 References: <1353575275-1343-1-git-send-email-s.priebe@profihost.ag> In-Reply-To: <1353575275-1343-1-git-send-email-s.priebe@profihost.ag> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] overflow of int ret: use ssize_t for ret List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Priebe Cc: peter.maydell@linaro.org, stefanha@gmail.com, qemu-devel@nongnu.org, sw@weilnetz.de, josh.durgin@inktank.com, ceph-devel@vger.kernel.org Signed-off-by: Stefan Priebe Am 22.11.2012 10:07, schrieb Stefan Priebe: > When acb->cmd is WRITE or DISCARD block/rbd stores rcb->size into acb->ret > > Look here: > if (acb->cmd == RBD_AIO_WRITE || > acb->cmd == RBD_AIO_DISCARD) { > if (r< 0) { > acb->ret = r; > acb->error = 1; > } else if (!acb->error) { > acb->ret = rcb->size; > } > > right now acb->ret is just an int and we might get an overflow if size is too big. > For discards rcb->size holds the size of the discard - this might be some TB if you > discard a whole device. > > The steps to reproduce are: > mkfs.xfs -f a whole device bigger than int in bytes. mkfs.xfs sends a discard. Important is that you use scsi-hd and set discard_granularity=512. Otherwise rbd disabled discard support. > --- > block/rbd.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/block/rbd.c b/block/rbd.c > index 5a0f79f..0384c6c 100644 > --- a/block/rbd.c > +++ b/block/rbd.c > @@ -69,7 +69,7 @@ typedef enum { > typedef struct RBDAIOCB { > BlockDriverAIOCB common; > QEMUBH *bh; > - int ret; > + ssize_t ret; > QEMUIOVector *qiov; > char *bounce; > RBDAIOCmd cmd; > @@ -86,7 +86,7 @@ typedef struct RADOSCB { > int done; > int64_t size; > char *buf; > - int ret; > + ssize_t ret; > } RADOSCB; > > #define RBD_FD_READ 0