From patchwork Thu Apr 12 12:01:04 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paolo Bonzini <pbonzini@redhat.com>
X-Patchwork-Id: 152047
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 7E972B70E9
	for <incoming@patchwork.ozlabs.org>;
	Thu, 12 Apr 2012 22:22:29 +1000 (EST)
Received: from localhost ([::1]:37129 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1SIIk7-0006kC-U4
	for incoming@patchwork.ozlabs.org; Thu, 12 Apr 2012 08:03:15 -0400
Received: from eggs.gnu.org ([208.118.235.92]:51139)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1SIIjO-0005e4-QE
	for qemu-devel@nongnu.org; Thu, 12 Apr 2012 08:02:32 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1SIIjM-0005xR-T0
	for qemu-devel@nongnu.org; Thu, 12 Apr 2012 08:02:30 -0400
Received: from mail-pb0-f45.google.com ([209.85.160.45]:65466)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1SIIjM-0005p8-KG
	for qemu-devel@nongnu.org; Thu, 12 Apr 2012 08:02:28 -0400
Received: by mail-pb0-f45.google.com with SMTP id uo5so2694743pbc.4
	for <qemu-devel@nongnu.org>; Thu, 12 Apr 2012 05:02:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=sender:from:to:cc:subject:date:message-id:x-mailer:in-reply-to
	:references; bh=gqYEydoHfLRD23vXvQ4NrmZUris48zHPJqHrDtCcyMM=;
	b=07vrUu46KOJrzvnRFcbS8AvOV8QEZZVLKQ9MhJxoH7N0p07+sbvj9173AKy7zsmzkW
	TwTTVWm9dIX4rDM+VvN9oqRuXqBw1sRDlX1ZDhgvMiccapYOZbtabvtsmNPyLHap/jK/
	K1+4RrR66Mmq+3596GFDVrYbaibsAHqwaEz94KqCidNJ3RB5+bBCCgUr6KlceMr9p+ys
	fmaV7Teg4asQDBrloxFwawl+WAk+Q+VMtfjgFTItYdLbDE6w2UQU0hR1dQYge7ibof8R
	kSUjYst2ZUa0OwkhLulWZqevZ//LgTZEb7NoS+NLmZaLRAYAupY2ryhHNv3ebE2FL98Z
	TJ9w==
Received: by 10.68.220.2 with SMTP id ps2mr2552071pbc.109.1334232147733;
	Thu, 12 Apr 2012 05:02:27 -0700 (PDT)
Received: from yakj.usersys.redhat.com (93-34-182-16.ip50.fastwebnet.it.
	[93.34.182.16]) by mx.google.com with ESMTPS id
	qu5sm5515368pbc.45.2012.04.12.05.02.24
	(version=TLSv1/SSLv3 cipher=OTHER);
	Thu, 12 Apr 2012 05:02:26 -0700 (PDT)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Date: Thu, 12 Apr 2012 14:01:04 +0200
Message-Id: <1334232076-19018-15-git-send-email-pbonzini@redhat.com>
X-Mailer: git-send-email 1.7.9.3
In-Reply-To: <1334232076-19018-1-git-send-email-pbonzini@redhat.com>
References: <1334232076-19018-1-git-send-email-pbonzini@redhat.com>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 209.85.160.45
Cc: kwolf@redhat.com, stefanha@linux.vnet.ibm.com
Subject: [Qemu-devel] [PATCH 14/26] block: fix allocation size for dirty
	bitmap
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Also reuse elsewhere the new constant for sizeof(unsigned long) * 8.

The dirty bitmap is allocated in bits but declared as unsigned long.
Thus, its memory block is accessed beyond its end unless the image
is a multiple of 64 chunks (i.e. a multiple of 64 MB).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 block.c |   12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/block.c b/block.c
index e84a0a9..9dcfee3 100644
--- a/block.c
+++ b/block.c
@@ -1551,6 +1551,8 @@ int bdrv_read(BlockDriverState *bs, int64_t sector_num,
     return bdrv_rw_co(bs, sector_num, buf, nb_sectors, false);
 }
 
+#define BITS_PER_LONG  (sizeof(unsigned long) * 8)
+
 static void set_dirty_bitmap(BlockDriverState *bs, int64_t sector_num,
                              int nb_sectors, int dirty)
 {
@@ -1561,8 +1563,8 @@ static void set_dirty_bitmap(BlockDriverState *bs, int64_t sector_num,
     end = (sector_num + nb_sectors - 1) / BDRV_SECTORS_PER_DIRTY_CHUNK;
 
     for (; start <= end; start++) {
-        idx = start / (sizeof(unsigned long) * 8);
-        bit = start % (sizeof(unsigned long) * 8);
+        idx = start / BITS_PER_LONG;
+        bit = start % BITS_PER_LONG;
         val = bs->dirty_bitmap[idx];
         if (dirty) {
             if (!(val & (1UL << bit))) {
@@ -3861,10 +3863,10 @@ void bdrv_set_dirty_tracking(BlockDriverState *bs, int enable)
     if (enable) {
         if (!bs->dirty_bitmap) {
             bitmap_size = (bdrv_getlength(bs) >> BDRV_SECTOR_BITS) +
-                    BDRV_SECTORS_PER_DIRTY_CHUNK * 8 - 1;
-            bitmap_size /= BDRV_SECTORS_PER_DIRTY_CHUNK * 8;
+                    BDRV_SECTORS_PER_DIRTY_CHUNK * BITS_PER_LONG - 1;
+            bitmap_size /= BDRV_SECTORS_PER_DIRTY_CHUNK * BITS_PER_LONG;
 
-            bs->dirty_bitmap = g_malloc0(bitmap_size);
+            bs->dirty_bitmap = g_new0(unsigned long, bitmap_size);
         }
     } else {
         if (bs->dirty_bitmap) {