From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35239)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1Xnxlt-0004hN-GC
	for qemu-devel@nongnu.org; Mon, 10 Nov 2014 17:49:22 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1Xnxlo-0007zg-I0
	for qemu-devel@nongnu.org; Mon, 10 Nov 2014 17:49:17 -0500
Received: from mx1.redhat.com ([209.132.183.28]:51104)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1Xnxlo-0007za-AO
	for qemu-devel@nongnu.org; Mon, 10 Nov 2014 17:49:12 -0500
Message-ID: <546140E1.1010802@redhat.com>
Date: Mon, 10 Nov 2014 15:49:05 -0700
From: Eric Blake <eblake@redhat.com>
MIME-Version: 1.0
References: <1415627159-15941-1-git-send-email-mreitz@redhat.com>
	<1415627159-15941-8-git-send-email-mreitz@redhat.com>
In-Reply-To: <1415627159-15941-8-git-send-email-mreitz@redhat.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="8HHVTDwHt0e4FKnwps3aMcOpwpI28geWu"
Subject: Re: [Qemu-devel] [PATCH 07/21] qcow2: Helper for refcount array
	size calculation
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Max Reitz <mreitz@redhat.com>, qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>, Peter Lieven <pl@kamp.de>, Stefan Hajnoczi <stefanha@redhat.com>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--8HHVTDwHt0e4FKnwps3aMcOpwpI28geWu
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 11/10/2014 06:45 AM, Max Reitz wrote:
> Add a helper function which correctly calculates the byte size of a
> refcount array for any refcount order, and use that function.
>=20
> Signed-off-by: Max Reitz <mreitz@redhat.com>
> ---
>  block/qcow2-refcount.c | 39 ++++++++++++++++++++++++++++-----------
>  1 file changed, 28 insertions(+), 11 deletions(-)
>=20
> diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
> index 16652da..cfb4807 100644
> --- a/block/qcow2-refcount.c
> +++ b/block/qcow2-refcount.c
> @@ -1132,6 +1132,20 @@ fail:
>  /* refcount checking functions */
> =20
> =20
> +static size_t refcount_array_byte_size(BDRVQcowState *s, uint64_t entr=
ies)
> +{
> +    if (s->refcount_order < 3) {
> +        /* sub-byte width */
> +        int shift =3D 3 - s->refcount_order;
> +        return (entries + (1 << shift) - 1) >> shift;
> +    } else if (s->refcount_order =3D=3D 3) {
> +        /* byte width */
> +        return entries;
> +    } else {
> +        /* multiple bytes wide */
> +        return entries << (s->refcount_order - 3);
> +    }

A comment proving why this can't overflow might be nice (if I analyzed
correctly, entries will be computed by file size / clusters, and in the
worst case, the smallest cluster and largest refcount_order results in
'(size >> 9) << (6 - 3)' which is still safe).

> @@ -1161,12 +1175,13 @@ static int inc_refcounts(BlockDriverState *bs,
>          k =3D cluster_offset >> s->cluster_bits;
>          if (k >=3D *refcount_table_size) {
>              int64_t old_refcount_table_size =3D *refcount_table_size;
> +            size_t new_byte_size;
>              void *new_refcount_table;
> =20
>              *refcount_table_size =3D k + 1;
> -            new_refcount_table =3D g_try_realloc(*refcount_table,
> -                                               *refcount_table_size *
> -                                               s->refcount_bits / 8);
> +            new_byte_size =3D refcount_array_byte_size(s, *refcount_ta=
ble_size);
> +
> +            new_refcount_table =3D g_try_realloc(*refcount_table, new_=
byte_size);

Yay - this addresses one of my possible overflow comments on 6/21.

I wonder if the series would have less churn if you rearranged this
patch to come before 6/21.

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--8HHVTDwHt0e4FKnwps3aMcOpwpI28geWu
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg

iQEcBAEBCAAGBQJUYUDhAAoJEKeha0olJ0NqTi4H/iAMZ4V2CT6v3mvYtNPBQ+d6
8O+4Yt4p33Z+NAqX3O6DaE4CbusIJabrkkm4zS8JaqA6/mBbgu8yJq9CG3VZEHAc
bbtTXBkdZe2gFeZ90nu7xBUMuTap9KaBIGynOPIK9R4Io0YoEqn3q+Hi4e04bDpo
UO3FIxtUZTa4gPTncImkAb9aP9hAnwa0Gv8kbp2gIzyyIZuBcz8+/ydcn+XPl+bH
0dKY6n83Fj2mr1IELNnqe7QKJNsnZbSCtVUElEDjxAvdPfLHQps5x6NVve28Cq5t
YixRYArZvg8g34DkmrPuAdCg08d9n0VeCBzD0EwmfaOmiK1n/jAoyld0a9VQgLw=
=kQxO
-----END PGP SIGNATURE-----

--8HHVTDwHt0e4FKnwps3aMcOpwpI28geWu--