Message ID | 20220609152744.3891847-7-afaria@redhat.com |
---|---|
State | New |
Headers | show |
Series | Implement bdrv_{pread, pwrite, pwrite_sync, pwrite_zeroes}() using generated_co_wrapper | expand |
On Thu, Jun 09, 2022 at 04:27:40PM +0100, Alberto Faria wrote: > For consistency with other I/O functions, and in preparation to > implement bdrv_{pread,pwrite}() using generated_co_wrapper. > > unsigned int fits in int64_t, so all callers remain correct. > > bdrv_check_request32() is called further down the stack and causes -EIO > to be returned if 'bytes' is negative or greater than > BDRV_REQUEST_MAX_BYTES, which in turns never exceeds SIZE_MAX. > > Signed-off-by: Alberto Faria <afaria@redhat.com> > --- > block/coroutines.h | 4 ++-- > include/block/block_int-io.h | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) > Reviewed-by: Eric Blake <eblake@redhat.com>
On 09.06.22 17:27, Alberto Faria wrote: > For consistency with other I/O functions, and in preparation to > implement bdrv_{pread,pwrite}() using generated_co_wrapper. > > unsigned int fits in int64_t, so all callers remain correct. > > bdrv_check_request32() is called further down the stack and causes -EIO > to be returned if 'bytes' is negative or greater than > BDRV_REQUEST_MAX_BYTES, which in turns never exceeds SIZE_MAX. I’m not a huge fan of that reasoning alone. I don’t like generating an object that will be invalid if `bytes > SIZE_MAX`, and then rely on some later check in a different context verifying that `bytes <= SIZE_MAX`. In theory, if the latter check is removed, we might forget caring for the former. (In practice, such a case (where I/O vectors remain using size_t, but we allow for larger overall requests) is difficult to imagine, though.) However, bdrv_check_request32() also calls bdrv_check_qiov_request(), which verifies the integrity of qiov by checking that `bytes` will not exceed `qiov->size - qiov_offset`. So if we had any overflow when casting `bytes` to `size_t`, it’ll be seen there directly (and I don’t see why we’d remove that specific check). Given that, and given that there’s precedent (e.g. bdrv_pread()), I’m OK with the change. Reviewed-by: Hanna Reitz <hreitz@redhat.com>
diff --git a/block/coroutines.h b/block/coroutines.h index 830ecaa733..3f41238b33 100644 --- a/block/coroutines.h +++ b/block/coroutines.h @@ -91,11 +91,11 @@ int coroutine_fn blk_co_do_flush(BlockBackend *blk); */ int generated_co_wrapper -bdrv_preadv(BdrvChild *child, int64_t offset, unsigned int bytes, +bdrv_preadv(BdrvChild *child, int64_t offset, int64_t bytes, QEMUIOVector *qiov, BdrvRequestFlags flags); int generated_co_wrapper -bdrv_pwritev(BdrvChild *child, int64_t offset, unsigned int bytes, +bdrv_pwritev(BdrvChild *child, int64_t offset, int64_t bytes, QEMUIOVector *qiov, BdrvRequestFlags flags); int generated_co_wrapper diff --git a/include/block/block_int-io.h b/include/block/block_int-io.h index d4d3bed783..d1a6970dc6 100644 --- a/include/block/block_int-io.h +++ b/include/block/block_int-io.h @@ -56,7 +56,7 @@ int coroutine_fn bdrv_co_pwritev_part(BdrvChild *child, QEMUIOVector *qiov, size_t qiov_offset, BdrvRequestFlags flags); static inline int coroutine_fn bdrv_co_pread(BdrvChild *child, - int64_t offset, unsigned int bytes, void *buf, BdrvRequestFlags flags) + int64_t offset, int64_t bytes, void *buf, BdrvRequestFlags flags) { QEMUIOVector qiov = QEMU_IOVEC_INIT_BUF(qiov, buf, bytes); IO_CODE(); @@ -65,7 +65,7 @@ static inline int coroutine_fn bdrv_co_pread(BdrvChild *child, } static inline int coroutine_fn bdrv_co_pwrite(BdrvChild *child, - int64_t offset, unsigned int bytes, const void *buf, BdrvRequestFlags flags) + int64_t offset, int64_t bytes, const void *buf, BdrvRequestFlags flags) { QEMUIOVector qiov = QEMU_IOVEC_INIT_BUF(qiov, buf, bytes); IO_CODE();
For consistency with other I/O functions, and in preparation to implement bdrv_{pread,pwrite}() using generated_co_wrapper. unsigned int fits in int64_t, so all callers remain correct. bdrv_check_request32() is called further down the stack and causes -EIO to be returned if 'bytes' is negative or greater than BDRV_REQUEST_MAX_BYTES, which in turns never exceeds SIZE_MAX. Signed-off-by: Alberto Faria <afaria@redhat.com> --- block/coroutines.h | 4 ++-- include/block/block_int-io.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-)