From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 3/5] qcow2: Fix sector calculation in qcow2_measure()
Date: Mon, 24 Jul 2017 16:32:08 +0200 [thread overview]
Message-ID: <1500906730-26467-4-git-send-email-kwolf@redhat.com> (raw)
In-Reply-To: <1500906730-26467-1-git-send-email-kwolf@redhat.com>
From: Eric Blake <eblake@redhat.com>
We used MAX() instead of the intended MIN() when computing how many
sectors to view in the current loop iteration of qcow2_measure(),
and passed in a value of INT_MAX sectors instead of our more usual
limit of BDRV_REQUEST_MAX_SECTORS (the latter avoids 32-bit overflow
on conversion to bytes). For small files, the bug is harmless:
bdrv_get_block_status_above() clamps its *pnum answer to the BDS
size, regardless of any insanely larger input request. However, for
any file at least 2T in size, we can very easily end up going into an
infinite loop (the maximum of 0x100000000 sectors and INT_MAX is a
64-bit quantity, which becomes 0 when assigned to int; once nb_sectors
is 0, we never make progress).
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/qcow2.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/block/qcow2.c b/block/qcow2.c
index d5790af..90efa44 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -3669,8 +3669,8 @@ static BlockMeasureInfo *qcow2_measure(QemuOpts *opts, BlockDriverState *in_bs,
for (sector_num = 0;
sector_num < ssize / BDRV_SECTOR_SIZE;
sector_num += pnum) {
- int nb_sectors = MAX(ssize / BDRV_SECTOR_SIZE - sector_num,
- INT_MAX);
+ int nb_sectors = MIN(ssize / BDRV_SECTOR_SIZE - sector_num,
+ BDRV_REQUEST_MAX_SECTORS);
BlockDriverState *file;
int64_t ret;
--
1.8.3.1
next prev parent reply other threads:[~2017-07-24 14:32 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-24 14:32 [Qemu-devel] [PULL 0/5] Block layer patches for 2.10.0-rc0 Kevin Wolf
2017-07-24 14:32 ` [Qemu-devel] [PULL 1/5] iotests: Remove a few tests from 'quick' group Kevin Wolf
2017-07-24 14:32 ` [Qemu-devel] [PULL 2/5] dirty-bitmap: Report BlockDirtyInfo.count in bytes, as documented Kevin Wolf
2017-07-24 14:32 ` Kevin Wolf [this message]
2017-07-24 14:32 ` [Qemu-devel] [PULL 4/5] block: Skip implicit nodes in query-block/blockstats Kevin Wolf
2017-07-28 19:12 ` Peter Maydell
2017-07-24 14:32 ` [Qemu-devel] [PULL 5/5] qemu-iotests: Avoid unnecessary sleeps Kevin Wolf
2017-07-24 17:06 ` [Qemu-devel] [PULL 0/5] Block layer patches for 2.10.0-rc0 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1500906730-26467-4-git-send-email-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.