From: Eric Blake <eblake@redhat.com>
To: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>,
qemu-devel@nongnu.org, qemu-block@nongnu.org
Cc: pbonzini@redhat.com, jsnow@redhat.com, famz@redhat.com,
mreitz@redhat.com, kwolf@redhat.com, jcody@redhat.com,
den@openvz.org
Subject: Re: [Qemu-devel] [PATCH 1/6] dirty-bitmap: improve bdrv_dirty_bitmap_next_zero
Date: Fri, 3 Aug 2018 13:32:35 -0500 [thread overview]
Message-ID: <a5b4b099-de03-58e8-a9f7-59dd4a38b52b@redhat.com> (raw)
In-Reply-To: <20180803174654.278336-2-vsementsov@virtuozzo.com>
On 08/03/2018 12:46 PM, Vladimir Sementsov-Ogievskiy wrote:
> Add bytes parameter to the function, to limit searched range.
>
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> ---
> include/block/dirty-bitmap.h | 3 ++-
> include/qemu/hbitmap.h | 7 +++++--
> block/backup.c | 2 +-
> block/dirty-bitmap.c | 5 +++--
> nbd/server.c | 2 +-
> util/hbitmap.c | 13 ++++++++++---
> 6 files changed, 22 insertions(+), 10 deletions(-)
>
> +++ b/include/qemu/hbitmap.h
> @@ -295,10 +295,13 @@ unsigned long hbitmap_iter_skip_words(HBitmapIter *hbi);
> /* hbitmap_next_zero:
> * @hb: The HBitmap to operate on
> * @start: The bit to start from.
> + * @bytes: Range length to search in. If @bytes is zero, search up to the bitmap
> + * end.
> *
> - * Find next not dirty bit.
> + * Find next not dirty bit within range [@start, @start + @bytes), or from
> + * @start to the bitmap end if @bytes is zero.
Can @bytes (or rather, @start + @bytes) exceed the remaining bitmap
length (in which case it is silently truncated to the remaining length)?
> +++ b/util/hbitmap.c
> @@ -192,16 +192,23 @@ void hbitmap_iter_init(HBitmapIter *hbi, const HBitmap *hb, uint64_t first)
> }
> }
>
> -int64_t hbitmap_next_zero(const HBitmap *hb, uint64_t start)
> +int64_t hbitmap_next_zero(const HBitmap *hb, uint64_t start, uint64_t bytes)
> {
> size_t pos = (start >> hb->granularity) >> BITS_PER_LEVEL;
> unsigned long *last_lev = hb->levels[HBITMAP_LEVELS - 1];
> - uint64_t sz = hb->sizes[HBITMAP_LEVELS - 1];
> + uint64_t end_bit =
> + bytes ? ((start + bytes - 1) >> hb->granularity) + 1 : hb->size;
This computation can overflow if bytes is too large...
> + uint64_t sz = (end_bit + BITS_PER_LONG - 1) >> BITS_PER_LEVEL;
> unsigned long cur = last_lev[pos];
> unsigned start_bit_offset =
> (start >> hb->granularity) & (BITS_PER_LONG - 1);
> int64_t res;
>
> + assert(!bytes || start + bytes <= (hb->size << hb->granularity));
and only now are you asserting that bytes was in range. You should at
least document that bytes must be in range, and while I don't see any
memory dereferences dependent on a potentially bogus end_bit value, it
may also be worth hoisting the assert sooner in the function.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
next prev parent reply other threads:[~2018-08-03 18:32 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-03 17:46 [Qemu-devel] [PATCH 0/6] dirty-bitmap: rewrite bdrv_dirty_iter_next_area Vladimir Sementsov-Ogievskiy
2018-08-03 17:46 ` [Qemu-devel] [PATCH 1/6] dirty-bitmap: improve bdrv_dirty_bitmap_next_zero Vladimir Sementsov-Ogievskiy
2018-08-03 18:32 ` Eric Blake [this message]
2018-08-03 17:46 ` [Qemu-devel] [PATCH 2/6] dirty-bitmap: add bdrv_dirty_bitmap_next_dirty_area Vladimir Sementsov-Ogievskiy
2018-08-03 18:03 ` Vladimir Sementsov-Ogievskiy
2018-08-03 17:46 ` [Qemu-devel] [PATCH 3/6] block/mirror: fix and improve do_sync_target_write Vladimir Sementsov-Ogievskiy
2018-08-03 17:46 ` [Qemu-devel] [PATCH 4/6] Revert "block/dirty-bitmap: Add bdrv_dirty_iter_next_area" Vladimir Sementsov-Ogievskiy
2018-08-03 17:46 ` [Qemu-devel] [PATCH 5/6] Revert "test-hbitmap: Add non-advancing iter_next tests" Vladimir Sementsov-Ogievskiy
2018-08-03 17:46 ` [Qemu-devel] [PATCH 6/6] Revert "hbitmap: Add @advance param to hbitmap_iter_next()" Vladimir Sementsov-Ogievskiy
2018-08-03 19:08 ` [Qemu-devel] [PATCH 0/6] dirty-bitmap: rewrite bdrv_dirty_iter_next_area no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a5b4b099-de03-58e8-a9f7-59dd4a38b52b@redhat.com \
--to=eblake@redhat.com \
--cc=den@openvz.org \
--cc=famz@redhat.com \
--cc=jcody@redhat.com \
--cc=jsnow@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=vsementsov@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).