From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Jan Beulich" <JBeulich@novell.com>
Subject: [PATCH] linux-2.6.18/blkback: don't fail empty barrier
	requests
Date: Thu, 26 May 2011 10:47:58 +0100
Message-ID: <4DDE3DEE0200007800043A39@vpn.id2.novell.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=__Part04289ADE.0__="
Return-path: <xen-devel-bounces@lists.xensource.com>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
List-Id: xen-devel@lists.xenproject.org

This is a MIME message. If you are reading this text, you may want to 
consider changing to a mail reader or gateway that understands how to 
properly handle MIME multipart messages.

--=__Part04289ADE.0__=
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

The sector number on empty barrier requests may (will?) be
uninitialized (neither bio_init() nor rq_init() set the respective
fields), which allows for exceeding the actual (virtual) disk's size.

Inspired by Konrad's "When writting barriers set the sector number to
zero...", but instead of zapping the sector number (which is wrong for
non-empty ones) just ignore the sector number when the sector count is
zero.

While at it also add overflow checking to the math in vbd_translate().

Signed-off-by: Jan Beulich <jbeulich@novell.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

--- a/drivers/xen/blkback/vbd.c
+++ b/drivers/xen/blkback/vbd.c
@@ -108,8 +108,14 @@ int vbd_translate(struct phys_req *req,=20
 	if ((operation !=3D READ) && vbd->readonly)
 		goto out;
=20
-	if (unlikely((req->sector_number + req->nr_sects) > vbd_sz(vbd)))
-		goto out;
+	if (likely(req->nr_sects)) {
+		blkif_sector_t end =3D req->sector_number + req->nr_sects;
+
+		if (unlikely(end < req->sector_number))
+			goto out;
+		if (unlikely(end > vbd_sz(vbd)))
+			goto out;
+	}
=20
 	req->dev  =3D vbd->pdevice;
 	req->bdev =3D vbd->bdev;




--=__Part04289ADE.0__=
Content-Type: text/plain; name="xen-blkback-barrier-check.patch"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment; filename="xen-blkback-barrier-check.patch"

Subject: xen/blkback: don't fail empty barrier requests=0A=0AThe sector =
number on empty barrier requests may (will?) be=0Auninitialized (neither =
bio_init() nor rq_init() set the respective=0Afields), which allows for =
exceeding the actual (virtual) disk's size.=0A=0AInspired by Konrad's =
"When writting barriers set the sector number to=0Azero...", but instead =
of zapping the sector number (which is wrong for=0Anon-empty ones) just =
ignore the sector number when the sector count is=0Azero.=0A=0AWhile at it =
also add overflow checking to the math in vbd_translate().=0A=0ASigned-off-=
by: Jan Beulich <jbeulich@novell.com>=0ACc: Konrad Rzeszutek Wilk =
<konrad.wilk@oracle.com>=0A=0A--- a/drivers/xen/blkback/vbd.c=0A+++ =
b/drivers/xen/blkback/vbd.c=0A@@ -108,8 +108,14 @@ int vbd_translate(struct=
 phys_req *req, =0A 	if ((operation !=3D READ) && vbd->readonly)=0A 		=
goto out;=0A =0A-	if (unlikely((req->sector_number + req->nr_sects) =
> vbd_sz(vbd)))=0A-		goto out;=0A+	if (likely(req->nr_sects)) =
{=0A+		blkif_sector_t end =3D req->sector_number + req->nr_sects;=
=0A+=0A+		if (unlikely(end < req->sector_number))=0A+		=
	goto out;=0A+		if (unlikely(end > vbd_sz(vbd)))=0A+		=
	goto out;=0A+	}=0A =0A 	req->dev  =3D vbd->pdevice;=0A 	=
req->bdev =3D vbd->bdev;=0A
--=__Part04289ADE.0__=
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

--=__Part04289ADE.0__=--