From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 27/28] block/io: bdrv_pdiscard: support int64_t bytes parameter
Date: Mon, 3 Jun 2019 17:02:32 +0200 [thread overview]
Message-ID: <20190603150233.6614-28-kwolf@redhat.com> (raw)
In-Reply-To: <20190603150233.6614-1-kwolf@redhat.com>
From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
This fixes at least one overflow in qcow2_process_discards, which
passes 64bit region length to bdrv_pdiscard where bytes (or sectors in
the past) parameter is int since its introduction in 0b919fae.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
include/block/block.h | 4 ++--
block/io.c | 16 ++++++++--------
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/include/block/block.h b/include/block/block.h
index 13ea050a5b..f9415ed740 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -434,8 +434,8 @@ void bdrv_drain_all(void);
AIO_WAIT_WHILE(bdrv_get_aio_context(bs_), \
cond); })
-int bdrv_pdiscard(BdrvChild *child, int64_t offset, int bytes);
-int bdrv_co_pdiscard(BdrvChild *child, int64_t offset, int bytes);
+int bdrv_pdiscard(BdrvChild *child, int64_t offset, int64_t bytes);
+int bdrv_co_pdiscard(BdrvChild *child, int64_t offset, int64_t bytes);
int bdrv_has_zero_init_1(BlockDriverState *bs);
int bdrv_has_zero_init(BlockDriverState *bs);
bool bdrv_unallocated_blocks_are_zero(BlockDriverState *bs);
diff --git a/block/io.c b/block/io.c
index 0f6ebd001c..9ba1bada36 100644
--- a/block/io.c
+++ b/block/io.c
@@ -2632,7 +2632,7 @@ int bdrv_flush(BlockDriverState *bs)
typedef struct DiscardCo {
BdrvChild *child;
int64_t offset;
- int bytes;
+ int64_t bytes;
int ret;
} DiscardCo;
static void coroutine_fn bdrv_pdiscard_co_entry(void *opaque)
@@ -2643,14 +2643,15 @@ static void coroutine_fn bdrv_pdiscard_co_entry(void *opaque)
aio_wait_kick();
}
-int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, int64_t offset, int bytes)
+int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, int64_t offset,
+ int64_t bytes)
{
BdrvTrackedRequest req;
int max_pdiscard, ret;
int head, tail, align;
BlockDriverState *bs = child->bs;
- if (!bs || !bs->drv) {
+ if (!bs || !bs->drv || !bdrv_is_inserted(bs)) {
return -ENOMEDIUM;
}
@@ -2658,9 +2659,8 @@ int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, int64_t offset, int bytes)
return -EPERM;
}
- ret = bdrv_check_byte_request(bs, offset, bytes);
- if (ret < 0) {
- return ret;
+ if (offset < 0 || bytes < 0 || bytes > INT64_MAX - offset) {
+ return -EIO;
}
/* Do nothing if disabled. */
@@ -2695,7 +2695,7 @@ int coroutine_fn bdrv_co_pdiscard(BdrvChild *child, int64_t offset, int bytes)
assert(max_pdiscard >= bs->bl.request_alignment);
while (bytes > 0) {
- int num = bytes;
+ int64_t num = bytes;
if (head) {
/* Make small requests to get to alignment boundaries. */
@@ -2757,7 +2757,7 @@ out:
return ret;
}
-int bdrv_pdiscard(BdrvChild *child, int64_t offset, int bytes)
+int bdrv_pdiscard(BdrvChild *child, int64_t offset, int64_t bytes)
{
Coroutine *co;
DiscardCo rwco = {
--
2.20.1
next prev parent reply other threads:[~2019-06-03 15:26 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-03 15:02 [Qemu-devel] [PULL 00/28] Block layer patches Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 01/28] block: Drain source node in bdrv_replace_node() Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 02/28] iotests: Test commit job start with concurrent I/O Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 03/28] blockdev: fix missed target unref for drive-backup Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 04/28] tests/perf: Test lseek influence on qcow2 block-status Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 05/28] block: avoid recursive block_status call if possible Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 06/28] block/io: Delay decrementing the quiesce_counter Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 07/28] iotests: Test cancelling a job and closing the VM Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 08/28] block/linux-aio: Drop unused BlockAIOCB submission method Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 09/28] nvme: add Get/Set Feature Timestamp support Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 10/28] test-block-iothread: Check filter node in test_propagate_mirror Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 11/28] nbd-server: Call blk_set_allow_aio_context_change() Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 12/28] block: Add Error to blk_set_aio_context() Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 13/28] block: Add BlockBackend.ctx Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 14/28] block: Add qdev_prop_drive_iothread property type Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 15/28] scsi-disk: Use qdev_prop_drive_iothread Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 16/28] block: Adjust AioContexts when attaching nodes Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 17/28] test-block-iothread: Test adding parent to iothread node Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 18/28] test-block-iothread: BlockBackend AioContext across root node change Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 19/28] block: Move node without parents to main AioContext Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 20/28] blockdev: Use bdrv_try_set_aio_context() for monitor commands Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 21/28] block: Remove wrong bdrv_set_aio_context() calls Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 22/28] virtio-scsi-test: Test attaching new overlay with iothreads Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 23/28] iotests: Attach new devices to node in non-default iothread Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 24/28] test-bdrv-drain: Use bdrv_try_set_aio_context() Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 25/28] block: Remove bdrv_set_aio_context() Kevin Wolf
2019-06-03 15:02 ` [Qemu-devel] [PULL 26/28] block/qcow2-refcount: add trace-point to qcow2_process_discards Kevin Wolf
2019-06-03 15:02 ` Kevin Wolf [this message]
2019-06-03 15:02 ` [Qemu-devel] [PULL 28/28] iotests: Fix duplicated diff output on failure Kevin Wolf
2019-06-03 16:00 ` [Qemu-devel] [PULL 00/28] Block layer patches Peter Maydell
2019-06-03 19:27 ` no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190603150233.6614-28-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.