Patchwork qcow2: fix 028 iotest

login
register
mail settings
Submitter Frediano Ziglio
Date Sept. 23, 2011, 11:25 a.m.
Message ID <1316777156-21477-1-git-send-email-freddy77@gmail.com>
Download mbox | patch
Permalink /patch/116042/
State New
Headers show

Comments

Frediano Ziglio - Sept. 23, 2011, 11:25 a.m.
This fix bound check bug accessing last cluster if image size is not
cluster aligned caused by "Unlock during COW" patch.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
---
 block/qcow2-cluster.c |    8 ++++++--
 block/qcow2.c         |    2 +-
 block/qcow2.h         |    2 ++
 3 files changed, 9 insertions(+), 3 deletions(-)
Kevin Wolf - Sept. 23, 2011, 12:31 p.m.
Am 23.09.2011 13:25, schrieb Frediano Ziglio:
> This fix bound check bug accessing last cluster if image size is not
> cluster aligned caused by "Unlock during COW" patch.
> 
> Signed-off-by: Frediano Ziglio <freddy77@gmail.com>

I'm considering a solution like this, but I'm not completely happy with
it. Maybe the more correct thing would be to restrict the request to the
allowed size in copy_sectors.

Anyway, if I decide that this is the way to go, I'll merge this fix into
my patch along with a notice in the commit log (better than two
independent commits in terms of bisectablity).

Kevin

Patch

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index c9a1b1c..78e1b49 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -295,16 +295,20 @@  static int copy_sectors(BlockDriverState *bs, uint64_t start_sect,
     BDRVQcowState *s = bs->opaque;
     int n, ret;
     void *buf;
+    QEMUIOVector qiov;
+    struct iovec iov;
 
     n = n_end - n_start;
     if (n <= 0) {
         return 0;
     }
 
-    buf = qemu_blockalign(bs, n * BDRV_SECTOR_SIZE);
+    iov.iov_base = buf = qemu_blockalign(bs, n * BDRV_SECTOR_SIZE);
+    iov.iov_len = n * BDRV_SECTOR_SIZE;
+    qemu_iovec_init_external(&qiov, &iov, 1);
 
     BLKDBG_EVENT(bs->file, BLKDBG_COW_READ);
-    ret = bdrv_read(bs, start_sect + n_start, buf, n);
+    ret = qcow2_co_readv(bs, start_sect + n_start, n, &qiov);
     if (ret < 0) {
         goto out;
     }
diff --git a/block/qcow2.c b/block/qcow2.c
index 510ff68..fd90881 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -376,7 +376,7 @@  int qcow2_backing_read1(BlockDriverState *bs, QEMUIOVector *qiov,
     return n1;
 }
 
-static int qcow2_co_readv(BlockDriverState *bs, int64_t sector_num,
+int qcow2_co_readv(BlockDriverState *bs, int64_t sector_num,
                           int remaining_sectors, QEMUIOVector *qiov)
 {
     BDRVQcowState *s = bs->opaque;
diff --git a/block/qcow2.h b/block/qcow2.h
index 531af39..7f5ff42 100644
--- a/block/qcow2.h
+++ b/block/qcow2.h
@@ -176,6 +176,8 @@  static inline int64_t align_offset(int64_t offset, int n)
 /* qcow2.c functions */
 int qcow2_backing_read1(BlockDriverState *bs, QEMUIOVector *qiov,
                   int64_t sector_num, int nb_sectors);
+int qcow2_co_readv(BlockDriverState *bs, int64_t sector_num,
+    int remaining_sectors, QEMUIOVector *qiov);
 
 /* qcow2-refcount.c functions */
 int qcow2_refcount_init(BlockDriverState *bs);