Message ID | 1279514742-6941-1-git-send-email-tamura.yoshiaki@lab.ntt.co.jp |
---|---|
State | New |
Headers | show |
Am 19.07.2010 06:45, schrieb Yoshiaki Tamura: > Commit d246673dcb9911218ff555bcdf28b250e38fa46c has expanded the types > of block drive that can be initialized for block migration. Although > bdrv_getlength() may return < 0, current code shifts it without > checking. This makes block migration initialization invalid and > results in abort() due to calling qemu_malloc() with 0 size at > bdrv_set_dirty_tracking(). This patch checks the return value of > bdrv_getlength() by masking with BDRV_SECTOR_MASK. > > Signed-off-by: Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp> I applied a similar patch by Shahar Havivi to the block branch a few days ago. Kevin
2010/7/19 Kevin Wolf <kwolf@redhat.com>: > Am 19.07.2010 06:45, schrieb Yoshiaki Tamura: >> Commit d246673dcb9911218ff555bcdf28b250e38fa46c has expanded the types >> of block drive that can be initialized for block migration. Although >> bdrv_getlength() may return < 0, current code shifts it without >> checking. This makes block migration initialization invalid and >> results in abort() due to calling qemu_malloc() with 0 size at >> bdrv_set_dirty_tracking(). This patch checks the return value of >> bdrv_getlength() by masking with BDRV_SECTOR_MASK. >> >> Signed-off-by: Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp> > > I applied a similar patch by Shahar Havivi to the block branch a few > days ago. Oops. Missed that discussion. Yoshi > > Kevin > >
diff --git a/block-migration.c b/block-migration.c index 7db6f02..2e02a4a 100644 --- a/block-migration.c +++ b/block-migration.c @@ -237,10 +237,11 @@ static void init_blk_migration_it(void *opaque, BlockDriverState *bs) int64_t sectors; if (!bdrv_is_read_only(bs)) { - sectors = bdrv_getlength(bs) >> BDRV_SECTOR_BITS; - if (sectors == 0) { + sectors = bdrv_getlength(bs) & BDRV_SECTOR_MASK; + if (sectors <= 0) { return; } + sectors >>= BDRV_SECTOR_BITS; bmds = qemu_mallocz(sizeof(BlkMigDevState)); bmds->bs = bs;
Commit d246673dcb9911218ff555bcdf28b250e38fa46c has expanded the types of block drive that can be initialized for block migration. Although bdrv_getlength() may return < 0, current code shifts it without checking. This makes block migration initialization invalid and results in abort() due to calling qemu_malloc() with 0 size at bdrv_set_dirty_tracking(). This patch checks the return value of bdrv_getlength() by masking with BDRV_SECTOR_MASK. Signed-off-by: Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp> --- block-migration.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-)