[Qemu-devel] [PULL v2 0/5] Block patches

[Qemu-devel] [PULL v2 0/5] Block patches

[Stefan Hajnoczi]

The following changes since commit b37686f7e84b22cfaf7fd01ac5133f2617cc3027:

  Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging (2015-10-09 12:18:14 +0100)

are available in the git repository at:

  git://github.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to 9201bb9a8c7cd3ba2382b7db5b2e40f603e61528:

  sdhci.c: Limit the maximum block size (2015-10-12 11:17:45 +0100)

----------------------------------------------------------------
Pull request

v2:
 * Fix virtio 16lx -> HWADDR_PRIx format specifier [Peter]

----------------------------------------------------------------

Alistair Francis (1):
  sdhci.c: Limit the maximum block size

Kevin O'Connor (1):
  sdhci: Pass drive parameter to sdhci-pci via qdev property

Paolo Bonzini (1):
  block: switch from g_slice allocator to malloc

Pierre Morel (1):
  virtio dataplane: adapt dataplane for virtio Version 1

Stefan Hajnoczi (1):
  virtio-blk: use blk_io_plug/unplug for Linux AIO batching

 block/io.c                          |  4 +--
 block/mirror.c                      |  4 +--
 block/raw-posix.c                   |  8 ++---
 block/raw-win32.c                   |  4 +--
 hw/block/virtio-blk.c               |  8 +++--
 hw/sd/sd.c                          |  4 ++-
 hw/sd/sdhci.c                       | 42 ++++++++++++++++--------
 hw/sd/sdhci.h                       |  2 ++
 hw/virtio/dataplane/vring.c         | 65 ++++++++++++++++++++++++++++++-------
 include/hw/virtio/dataplane/vring.h |  4 ++-
 10 files changed, 106 insertions(+), 39 deletions(-)

-- 
2.4.3

[Qemu-devel] [PULL v2 1/5] sdhci: Pass drive parameter to sdhci-pci via qdev property

[Stefan Hajnoczi]

From: Kevin O'Connor <kevin@koconnor.net>

Commit 19109131 disabled the sdhci-pci support because it used
drive_get_next().  This patch reenables sdhci-pci and changes it to
pass the drive via a qdev property - for example:
 -device sdhci-pci,drive=drive0 -drive id=drive0,if=sd,file=myimage

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 hw/sd/sd.c    |  4 +++-
 hw/sd/sdhci.c | 32 +++++++++++++++++++-------------
 hw/sd/sdhci.h |  2 ++
 3 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/hw/sd/sd.c b/hw/sd/sd.c
index 3e2a451..393a75c 100644
--- a/hw/sd/sd.c
+++ b/hw/sd/sd.c
@@ -492,7 +492,9 @@ SDState *sd_init(BlockBackend *blk, bool is_spi)
     sd->blk = blk;
     sd_reset(sd);
     if (sd->blk) {
-        blk_attach_dev_nofail(sd->blk, sd);
+        /* Attach dev if not already attached.  (This call ignores an
+         * error return code if sd->blk is already attached.) */
+        blk_attach_dev(sd->blk, sd);
         blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
     }
     vmstate_register(NULL, -1, &sd_vmstate, sd);
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index 8b0f9f0..7f9d814 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -1145,13 +1145,9 @@ static inline unsigned int sdhci_get_fifolen(SDHCIState *s)
     }
 }
 
-static void sdhci_initfn(SDHCIState *s)
+static void sdhci_initfn(SDHCIState *s, BlockBackend *blk)
 {
-    DriveInfo *di;
-
-    /* FIXME use a qdev drive property instead of drive_get_next() */
-    di = drive_get_next(IF_SD);
-    s->card = sd_init(di ? blk_by_legacy_dinfo(di) : NULL, false);
+    s->card = sd_init(blk, false);
     if (s->card == NULL) {
         exit(1);
     }
@@ -1215,7 +1211,8 @@ const VMStateDescription sdhci_vmstate = {
 
 /* Capabilities registers provide information on supported features of this
  * specific host controller implementation */
-static Property sdhci_properties[] = {
+static Property sdhci_pci_properties[] = {
+    DEFINE_BLOCK_PROPERTIES(SDHCIState, conf),
     DEFINE_PROP_UINT32("capareg", SDHCIState, capareg,
             SDHC_CAPAB_REG_DEFAULT),
     DEFINE_PROP_UINT32("maxcurr", SDHCIState, maxcurr, 0),
@@ -1227,7 +1224,7 @@ static void sdhci_pci_realize(PCIDevice *dev, Error **errp)
     SDHCIState *s = PCI_SDHCI(dev);
     dev->config[PCI_CLASS_PROG] = 0x01; /* Standard Host supported DMA */
     dev->config[PCI_INTERRUPT_PIN] = 0x01; /* interrupt pin A */
-    sdhci_initfn(s);
+    sdhci_initfn(s, s->conf.blk);
     s->buf_maxsz = sdhci_get_fifolen(s);
     s->fifo_buffer = g_malloc0(s->buf_maxsz);
     s->irq = pci_allocate_irq(dev);
@@ -1254,9 +1251,7 @@ static void sdhci_pci_class_init(ObjectClass *klass, void *data)
     k->class_id = PCI_CLASS_SYSTEM_SDHCI;
     set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
     dc->vmsd = &sdhci_vmstate;
-    dc->props = sdhci_properties;
-    /* Reason: realize() method uses drive_get_next() */
-    dc->cannot_instantiate_with_device_add_yet = true;
+    dc->props = sdhci_pci_properties;
 }
 
 static const TypeInfo sdhci_pci_info = {
@@ -1266,10 +1261,21 @@ static const TypeInfo sdhci_pci_info = {
     .class_init = sdhci_pci_class_init,
 };
 
+static Property sdhci_sysbus_properties[] = {
+    DEFINE_PROP_UINT32("capareg", SDHCIState, capareg,
+            SDHC_CAPAB_REG_DEFAULT),
+    DEFINE_PROP_UINT32("maxcurr", SDHCIState, maxcurr, 0),
+    DEFINE_PROP_END_OF_LIST(),
+};
+
 static void sdhci_sysbus_init(Object *obj)
 {
     SDHCIState *s = SYSBUS_SDHCI(obj);
-    sdhci_initfn(s);
+    DriveInfo *di;
+
+    /* FIXME use a qdev drive property instead of drive_get_next() */
+    di = drive_get_next(IF_SD);
+    sdhci_initfn(s, di ? blk_by_legacy_dinfo(di) : NULL);
 }
 
 static void sdhci_sysbus_finalize(Object *obj)
@@ -1296,7 +1302,7 @@ static void sdhci_sysbus_class_init(ObjectClass *klass, void *data)
     DeviceClass *dc = DEVICE_CLASS(klass);
 
     dc->vmsd = &sdhci_vmstate;
-    dc->props = sdhci_properties;
+    dc->props = sdhci_sysbus_properties;
     dc->realize = sdhci_sysbus_realize;
     /* Reason: instance_init() method uses drive_get_next() */
     dc->cannot_instantiate_with_device_add_yet = true;
diff --git a/hw/sd/sdhci.h b/hw/sd/sdhci.h
index 3352d23..e2de92d 100644
--- a/hw/sd/sdhci.h
+++ b/hw/sd/sdhci.h
@@ -26,6 +26,7 @@
 #define SDHCI_H
 
 #include "qemu-common.h"
+#include "hw/block/block.h"
 #include "hw/pci/pci.h"
 #include "hw/sysbus.h"
 #include "hw/sd.h"
@@ -239,6 +240,7 @@ typedef struct SDHCIState {
     };
     SDState *card;
     MemoryRegion iomem;
+    BlockConf conf;
 
     QEMUTimer *insert_timer;       /* timer for 'changing' sd card. */
     QEMUTimer *transfer_timer;
-- 
2.4.3

[Qemu-devel] [PULL v2 2/5] virtio-blk: use blk_io_plug/unplug for Linux AIO batching

[Stefan Hajnoczi]

The raw-posix block driver implements Linux AIO batching so multiple
requests can be submitted with a single io_submit(2) system call.
Batching is currently only used by virtio-scsi and
virtio-blk-data-plane.

Enable batching for regular virtio-blk so the number of io_submit(2)
system calls is reduced for workloads with queue depth > 1.

In 4KB random read performance tests with queue depth 32, the CPU
utilization on the host is reduced by 9.4%.  The fio job is as follows:

  [global]
  bs=4k
  ioengine=libaio
  iodepth=32
  direct=1
  sync=0
  time_based=1
  runtime=30
  clocksource=gettimeofday
  ramp_time=5

  [job1]
  rw=randread
  filename=/dev/vdb
  size=4096M
  write_bw_log=fio
  write_iops_log=fio
  write_lat_log=fio
  log_avg_msec=1000

This benchmark was run on an raw image on LVM.  The disk was an SSD
drive and -drive cache=none,aio=native was used.

Tested-by: Pradeep Surisetty <psuriset@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
---
 hw/block/virtio-blk.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index f9301ae..76d27f9 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -600,6 +600,8 @@ static void virtio_blk_handle_output(VirtIODevice *vdev, VirtQueue *vq)
         return;
     }
 
+    blk_io_plug(s->blk);
+
     while ((req = virtio_blk_get_request(s))) {
         virtio_blk_handle_request(req, &mrb);
     }
@@ -607,6 +609,8 @@ static void virtio_blk_handle_output(VirtIODevice *vdev, VirtQueue *vq)
     if (mrb.num_reqs) {
         virtio_blk_submit_multireq(s->blk, &mrb);
     }
+
+    blk_io_unplug(s->blk);
 }
 
 static void virtio_blk_dma_restart_bh(void *opaque)
-- 
2.4.3

[Qemu-devel] [PULL v2 3/5] virtio dataplane: adapt dataplane for virtio Version 1

[Stefan Hajnoczi]

From: Pierre Morel <pmorel@linux.vnet.ibm.com>

Let dataplane allocate different region for the desc/avail/used
ring regions.
Take VIRTIO_RING_F_EVENT_IDX into account to increase the used/avail
rings accordingly.

[Fix 32-bit builds by changing 16lx format specifier to HWADDR_PRIx.
--Stefan]

Signed-off-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Tested-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Message-id: 1441625636-23773-1-git-send-email-pmorel@linux.vnet.ibm.com
(changed __virtio16 into uint16_t,
 map descriptor table and available ring read-only)
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 hw/virtio/dataplane/vring.c         | 65 ++++++++++++++++++++++++++++++-------
 include/hw/virtio/dataplane/vring.h |  4 ++-
 2 files changed, 56 insertions(+), 13 deletions(-)

diff --git a/hw/virtio/dataplane/vring.c b/hw/virtio/dataplane/vring.c
index fece83a..68f1994 100644
--- a/hw/virtio/dataplane/vring.c
+++ b/hw/virtio/dataplane/vring.c
@@ -67,22 +67,53 @@ static void vring_unmap(void *buffer, bool is_write)
 /* Map the guest's vring to host memory */
 bool vring_setup(Vring *vring, VirtIODevice *vdev, int n)
 {
-    hwaddr vring_addr = virtio_queue_get_ring_addr(vdev, n);
-    hwaddr vring_size = virtio_queue_get_ring_size(vdev, n);
-    void *vring_ptr;
+    struct vring *vr = &vring->vr;
+    hwaddr addr;
+    hwaddr size;
+    void *ptr;
 
     vring->broken = false;
+    vr->num = virtio_queue_get_num(vdev, n);
 
-    vring_ptr = vring_map(&vring->mr, vring_addr, vring_size, true);
-    if (!vring_ptr) {
-        error_report("Failed to map vring "
-                     "addr %#" HWADDR_PRIx " size %" HWADDR_PRIu,
-                     vring_addr, vring_size);
-        vring->broken = true;
-        return false;
+    addr = virtio_queue_get_desc_addr(vdev, n);
+    size = virtio_queue_get_desc_size(vdev, n);
+    /* Map the descriptor area as read only */
+    ptr = vring_map(&vring->mr_desc, addr, size, false);
+    if (!ptr) {
+        error_report("Failed to map 0x%" HWADDR_PRIx " byte for vring desc "
+                     "at 0x%" HWADDR_PRIx,
+                      size, addr);
+        goto out_err_desc;
     }
+    vr->desc = ptr;
 
-    vring_init(&vring->vr, virtio_queue_get_num(vdev, n), vring_ptr, 4096);
+    addr = virtio_queue_get_avail_addr(vdev, n);
+    size = virtio_queue_get_avail_size(vdev, n);
+    /* Add the size of the used_event_idx */
+    size += sizeof(uint16_t);
+    /* Map the driver area as read only */
+    ptr = vring_map(&vring->mr_avail, addr, size, false);
+    if (!ptr) {
+        error_report("Failed to map 0x%" HWADDR_PRIx " byte for vring avail "
+                     "at 0x%" HWADDR_PRIx,
+                      size, addr);
+        goto out_err_avail;
+    }
+    vr->avail = ptr;
+
+    addr = virtio_queue_get_used_addr(vdev, n);
+    size = virtio_queue_get_used_size(vdev, n);
+    /* Add the size of the avail_event_idx */
+    size += sizeof(uint16_t);
+    /* Map the device area as read-write */
+    ptr = vring_map(&vring->mr_used, addr, size, true);
+    if (!ptr) {
+        error_report("Failed to map 0x%" HWADDR_PRIx " byte for vring used "
+                     "at 0x%" HWADDR_PRIx,
+                      size, addr);
+        goto out_err_used;
+    }
+    vr->used = ptr;
 
     vring->last_avail_idx = virtio_queue_get_last_avail_idx(vdev, n);
     vring->last_used_idx = vring_get_used_idx(vdev, vring);
@@ -92,6 +123,14 @@ bool vring_setup(Vring *vring, VirtIODevice *vdev, int n)
     trace_vring_setup(virtio_queue_get_ring_addr(vdev, n),
                       vring->vr.desc, vring->vr.avail, vring->vr.used);
     return true;
+
+out_err_used:
+    memory_region_unref(vring->mr_avail);
+out_err_avail:
+    memory_region_unref(vring->mr_desc);
+out_err_desc:
+    vring->broken = true;
+    return false;
 }
 
 void vring_teardown(Vring *vring, VirtIODevice *vdev, int n)
@@ -99,7 +138,9 @@ void vring_teardown(Vring *vring, VirtIODevice *vdev, int n)
     virtio_queue_set_last_avail_idx(vdev, n, vring->last_avail_idx);
     virtio_queue_invalidate_signalled_used(vdev, n);
 
-    memory_region_unref(vring->mr);
+    memory_region_unref(vring->mr_desc);
+    memory_region_unref(vring->mr_avail);
+    memory_region_unref(vring->mr_used);
 }
 
 /* Disable guest->host notifies */
diff --git a/include/hw/virtio/dataplane/vring.h b/include/hw/virtio/dataplane/vring.h
index 8d97db9..a596e4c 100644
--- a/include/hw/virtio/dataplane/vring.h
+++ b/include/hw/virtio/dataplane/vring.h
@@ -22,7 +22,9 @@
 #include "hw/virtio/virtio.h"
 
 typedef struct {
-    MemoryRegion *mr;               /* memory region containing the vring */
+    MemoryRegion *mr_desc;          /* memory region for the vring desc */
+    MemoryRegion *mr_avail;         /* memory region for the vring avail */
+    MemoryRegion *mr_used;          /* memory region for the vring used */
     struct vring vr;                /* virtqueue vring mapped to host memory */
     uint16_t last_avail_idx;        /* last processed avail ring index */
     uint16_t last_used_idx;         /* last processed used ring index */
-- 
2.4.3

[Qemu-devel] [PULL v2 4/5] block: switch from g_slice allocator to malloc

[Stefan Hajnoczi]

From: Paolo Bonzini <pbonzini@redhat.com>

Simplify memory allocation by sticking with a single API.  GSlice
is not that fast anyway (tcmalloc/jemalloc are better).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 block/io.c            | 4 ++--
 block/mirror.c        | 4 ++--
 block/raw-posix.c     | 8 ++++----
 block/raw-win32.c     | 4 ++--
 hw/block/virtio-blk.c | 4 ++--
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/block/io.c b/block/io.c
index 94e18e6..17293c3 100644
--- a/block/io.c
+++ b/block/io.c
@@ -2218,7 +2218,7 @@ void *qemu_aio_get(const AIOCBInfo *aiocb_info, BlockDriverState *bs,
 {
     BlockAIOCB *acb;
 
-    acb = g_slice_alloc(aiocb_info->aiocb_size);
+    acb = g_malloc(aiocb_info->aiocb_size);
     acb->aiocb_info = aiocb_info;
     acb->bs = bs;
     acb->cb = cb;
@@ -2238,7 +2238,7 @@ void qemu_aio_unref(void *p)
     BlockAIOCB *acb = p;
     assert(acb->refcnt > 0);
     if (--acb->refcnt == 0) {
-        g_slice_free1(acb->aiocb_info->aiocb_size, acb);
+        g_free(acb);
     }
 }
 
diff --git a/block/mirror.c b/block/mirror.c
index 87928ab..1ca4aa0 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -113,7 +113,7 @@ static void mirror_iteration_done(MirrorOp *op, int ret)
     }
 
     qemu_iovec_destroy(&op->qiov);
-    g_slice_free(MirrorOp, op);
+    g_free(op);
 
     if (s->waiting_for_io) {
         qemu_coroutine_enter(s->common.co, NULL);
@@ -264,7 +264,7 @@ static uint64_t coroutine_fn mirror_iteration(MirrorBlockJob *s)
     } while (delay_ns == 0 && next_sector < end);
 
     /* Allocate a MirrorOp that is used as an AIO callback.  */
-    op = g_slice_new(MirrorOp);
+    op = g_new(MirrorOp, 1);
     op->s = s;
     op->sector_num = sector_num;
     op->nb_sectors = nb_sectors;
diff --git a/block/raw-posix.c b/block/raw-posix.c
index 86f8562..cc1b874 100644
--- a/block/raw-posix.c
+++ b/block/raw-posix.c
@@ -1259,7 +1259,7 @@ static int aio_worker(void *arg)
         break;
     }
 
-    g_slice_free(RawPosixAIOData, aiocb);
+    g_free(aiocb);
     return ret;
 }
 
@@ -1267,7 +1267,7 @@ static int paio_submit_co(BlockDriverState *bs, int fd,
         int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
         int type)
 {
-    RawPosixAIOData *acb = g_slice_new(RawPosixAIOData);
+    RawPosixAIOData *acb = g_new(RawPosixAIOData, 1);
     ThreadPool *pool;
 
     acb->bs = bs;
@@ -1292,7 +1292,7 @@ static BlockAIOCB *paio_submit(BlockDriverState *bs, int fd,
         int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
         BlockCompletionFunc *cb, void *opaque, int type)
 {
-    RawPosixAIOData *acb = g_slice_new(RawPosixAIOData);
+    RawPosixAIOData *acb = g_new(RawPosixAIOData, 1);
     ThreadPool *pool;
 
     acb->bs = bs;
@@ -2237,7 +2237,7 @@ static BlockAIOCB *hdev_aio_ioctl(BlockDriverState *bs,
     if (fd_open(bs) < 0)
         return NULL;
 
-    acb = g_slice_new(RawPosixAIOData);
+    acb = g_new(RawPosixAIOData, 1);
     acb->bs = bs;
     acb->aio_type = QEMU_AIO_IOCTL;
     acb->aio_fildes = s->fd;
diff --git a/block/raw-win32.c b/block/raw-win32.c
index b562c94..2d0907a 100644
--- a/block/raw-win32.c
+++ b/block/raw-win32.c
@@ -135,7 +135,7 @@ static int aio_worker(void *arg)
         break;
     }
 
-    g_slice_free(RawWin32AIOData, aiocb);
+    g_free(aiocb);
     return ret;
 }
 
@@ -143,7 +143,7 @@ static BlockAIOCB *paio_submit(BlockDriverState *bs, HANDLE hfile,
         int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
         BlockCompletionFunc *cb, void *opaque, int type)
 {
-    RawWin32AIOData *acb = g_slice_new(RawWin32AIOData);
+    RawWin32AIOData *acb = g_new(RawWin32AIOData, 1);
     ThreadPool *pool;
 
     acb->bs = bs;
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index 76d27f9..8beb26b 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -30,7 +30,7 @@
 
 VirtIOBlockReq *virtio_blk_alloc_request(VirtIOBlock *s)
 {
-    VirtIOBlockReq *req = g_slice_new(VirtIOBlockReq);
+    VirtIOBlockReq *req = g_new(VirtIOBlockReq, 1);
     req->dev = s;
     req->qiov.size = 0;
     req->in_len = 0;
@@ -42,7 +42,7 @@ VirtIOBlockReq *virtio_blk_alloc_request(VirtIOBlock *s)
 void virtio_blk_free_request(VirtIOBlockReq *req)
 {
     if (req) {
-        g_slice_free(VirtIOBlockReq, req);
+        g_free(req);
     }
 }
 
-- 
2.4.3

[Qemu-devel] [PULL v2 5/5] sdhci.c: Limit the maximum block size

[Stefan Hajnoczi]

From: Alistair Francis <alistair.francis@xilinx.com>

It is possible for the guest to set an invalid block
size which is larger then the fifo_buffer[] array. This
could cause a buffer overflow.

To avoid this limit the maximum size of the blksize variable.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reported-by: Intel Security ATR <secure@intel.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: abe4c51f513290bbb85d1ee271cb1a3d463d7561.1444067470.git.alistair.francis@xilinx.com
Suggested-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Reported-by: Intel Security ATR <secure@intel.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 hw/sd/sdhci.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index 7f9d814..7f73527 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -1009,6 +1009,16 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size)
             MASKED_WRITE(s->blksize, mask, value);
             MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16);
         }
+
+        /* Limit block size to the maximum buffer size */
+        if (extract32(s->blksize, 0, 12) > s->buf_maxsz) {
+            qemu_log_mask(LOG_GUEST_ERROR, "%s: Size 0x%x is larger than " \
+                          "the maximum buffer 0x%x", __func__, s->blksize,
+                          s->buf_maxsz);
+
+            s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz);
+        }
+
         break;
     case SDHC_ARGUMENT:
         MASKED_WRITE(s->argument, mask, value);
-- 
2.4.3

Re: [Qemu-devel] [PULL v2 0/5] Block patches

[Peter Maydell]

On 12 October 2015 at 11:23, Stefan Hajnoczi <stefanha@redhat.com> wrote:
> The following changes since commit b37686f7e84b22cfaf7fd01ac5133f2617cc3027:
>
>   Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' into staging (2015-10-09 12:18:14 +0100)
>
> are available in the git repository at:
>
>   git://github.com/stefanha/qemu.git tags/block-pull-request
>
> for you to fetch changes up to 9201bb9a8c7cd3ba2382b7db5b2e40f603e61528:
>
>   sdhci.c: Limit the maximum block size (2015-10-12 11:17:45 +0100)
>
> ----------------------------------------------------------------
> Pull request
>
> v2:
>  * Fix virtio 16lx -> HWADDR_PRIx format specifier [Peter]
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM