From mboxrd@z Thu Jan  1 00:00:00 1970
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: Re: [PATCH] linux-2.6.18/blkback: don't fail empty
	barrier requests
Date: Thu, 26 May 2011 08:41:55 -0400
Message-ID: <20110526124154.GC3386@dumpdata.com>
References: <4DDE3DEE0200007800043A39@vpn.id2.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <xen-devel-bounces@lists.xensource.com>
Content-Disposition: inline
In-Reply-To: <4DDE3DEE0200007800043A39@vpn.id2.novell.com>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Jan Beulich <JBeulich@novell.com>
Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
List-Id: xen-devel@lists.xenproject.org

On Thu, May 26, 2011 at 10:47:58AM +0100, Jan Beulich wrote:
> The sector number on empty barrier requests may (will?) be
> uninitialized (neither bio_init() nor rq_init() set the respective
> fields), which allows for exceeding the actual (virtual) disk's size.
> 
> Inspired by Konrad's "When writting barriers set the sector number to
> zero...", but instead of zapping the sector number (which is wrong for
> non-empty ones) just ignore the sector number when the sector count is
> zero.
> 
> While at it also add overflow checking to the math in vbd_translate().
> 
> Signed-off-by: Jan Beulich <jbeulich@novell.com>
> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

Acked-by.
> 
> --- a/drivers/xen/blkback/vbd.c
> +++ b/drivers/xen/blkback/vbd.c
> @@ -108,8 +108,14 @@ int vbd_translate(struct phys_req *req, 
>  	if ((operation != READ) && vbd->readonly)
>  		goto out;
>  
> -	if (unlikely((req->sector_number + req->nr_sects) > vbd_sz(vbd)))
> -		goto out;
> +	if (likely(req->nr_sects)) {
> +		blkif_sector_t end = req->sector_number + req->nr_sects;
> +
> +		if (unlikely(end < req->sector_number))
> +			goto out;
> +		if (unlikely(end > vbd_sz(vbd)))
> +			goto out;
> +	}
>  
>  	req->dev  = vbd->pdevice;
>  	req->bdev = vbd->bdev;
> 
> 
> 

> Subject: xen/blkback: don't fail empty barrier requests
> 
> The sector number on empty barrier requests may (will?) be
> uninitialized (neither bio_init() nor rq_init() set the respective
> fields), which allows for exceeding the actual (virtual) disk's size.
> 
> Inspired by Konrad's "When writting barriers set the sector number to
> zero...", but instead of zapping the sector number (which is wrong for
> non-empty ones) just ignore the sector number when the sector count is
> zero.
> 
> While at it also add overflow checking to the math in vbd_translate().
> 
> Signed-off-by: Jan Beulich <jbeulich@novell.com>
> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> 
> --- a/drivers/xen/blkback/vbd.c
> +++ b/drivers/xen/blkback/vbd.c
> @@ -108,8 +108,14 @@ int vbd_translate(struct phys_req *req, 
>  	if ((operation != READ) && vbd->readonly)
>  		goto out;
>  
> -	if (unlikely((req->sector_number + req->nr_sects) > vbd_sz(vbd)))
> -		goto out;
> +	if (likely(req->nr_sects)) {
> +		blkif_sector_t end = req->sector_number + req->nr_sects;
> +
> +		if (unlikely(end < req->sector_number))
> +			goto out;
> +		if (unlikely(end > vbd_sz(vbd)))
> +			goto out;
> +	}
>  
>  	req->dev  = vbd->pdevice;
>  	req->bdev = vbd->bdev;

> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel