From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=51704 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Q50OE-0004Ci-Tv
	for qemu-devel@nongnu.org; Wed, 30 Mar 2011 14:45:12 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <gceq-qemu-devel@m.gmane.org>) id 1Q50OC-0002s0-EG
	for qemu-devel@nongnu.org; Wed, 30 Mar 2011 14:45:09 -0400
Received: from lo.gmane.org ([80.91.229.12]:35241)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <gceq-qemu-devel@m.gmane.org>) id 1Q50OC-0002rv-8g
	for qemu-devel@nongnu.org; Wed, 30 Mar 2011 14:45:08 -0400
Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <gceq-qemu-devel@m.gmane.org>) id 1Q50O9-0006Uo-Ha
	for qemu-devel@nongnu.org; Wed, 30 Mar 2011 20:45:05 +0200
Received: from 95.45.199.134 ([95.45.199.134])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <qemu-devel@nongnu.org>; Wed, 30 Mar 2011 20:45:05 +0200
Received: from conor_murphy_virt by 95.45.199.134 with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <qemu-devel@nongnu.org>; Wed, 30 Mar 2011 20:45:05 +0200
From: Conor Murphy <conor_murphy_virt@hotmail.com>
Date: Wed, 30 Mar 2011 08:48:18 +0000 (UTC)
Message-ID: <loom.20110330T104712-100@post.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] virtio-blk.c handling of i/o which is not a 512
	multiple
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Hi,

I'm trying to write a virtio-blk driver for Solaris. I've gotten it to the point
where Solaris can see the device and create a ZFS file system on it.

However when I try and create a UFS filesystem on the device, the VM crashed
with the error
*** glibc detected *** /usr/bin/qemu-kvm: double free or corruption (!prev):
0x00007f2d38000a00 ***

I can reproduce the problem with a simple dd, i.e.
dd if=/dev/zero of=/dev/rdsk/c2d10p0 bs=5000 count=1

My driver will create a virtio-blk request with two elements in the sg list, one
for the first 4096 byes and the other for the remaining 904.

>>From stepping through with gdb, virtio_blk_handle_write will sets n_sectors to 9
(5000 / 512). Later on the code, n_sectors is used the calculate the size of the
buffer required but 9 * 512 is too small and so when the request is process it
ends up writing past the end of the buffer and I guest this triggers the glibc
error.

Is there a requirement for virtio-blk guest drivers that all i/o requests are
sized in multiples of 512 bytes?

Thanks,
Conor