From patchwork Mon Jul 19 04:45:42 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>
X-Patchwork-Id: 59179
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [199.232.76.165])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 4BEA1B6EF3
	for <incoming@patchwork.ozlabs.org>;
	Mon, 19 Jul 2010 14:51:10 +1000 (EST)
Received: from localhost ([127.0.0.1]:48116 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1OaiHp-000597-4i
	for incoming@patchwork.ozlabs.org; Mon, 19 Jul 2010 00:49:05 -0400
Received: from [140.186.70.92] (port=33182 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1OaiGK-0004mz-O9
	for qemu-devel@nongnu.org; Mon, 19 Jul 2010 00:47:34 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <tamura.yoshiaki@lab.ntt.co.jp>) id 1OaiGJ-0007OP-Cp
	for qemu-devel@nongnu.org; Mon, 19 Jul 2010 00:47:32 -0400
Received: from sh.osrg.net ([192.16.179.4]:50425)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <tamura.yoshiaki@lab.ntt.co.jp>) id 1OaiGI-0007Nt-TJ
	for qemu-devel@nongnu.org; Mon, 19 Jul 2010 00:47:31 -0400
Received: from fs.osrg.net (postfix@fs.osrg.net [10.0.0.12])
	by sh.osrg.net (8.14.3/8.14.3/OSRG-NET) with ESMTP id o6J4lNh7013847;
	Mon, 19 Jul 2010 13:47:23 +0900
Received: from localhost (hype-nh0.osrg.net [10.72.1.48])
	by fs.osrg.net (Postfix) with ESMTP id F17213E020E;
	Mon, 19 Jul 2010 13:47:22 +0900 (JST)
From: Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>
To: qemu-devel@nongnu.org
Date: Mon, 19 Jul 2010 13:45:42 +0900
Message-Id: <1279514742-6941-1-git-send-email-tamura.yoshiaki@lab.ntt.co.jp>
X-Mailer: git-send-email 1.7.1.1
X-Dispatcher: imput version 20070423(IM149)
Lines: 34
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0
	(sh.osrg.net [192.16.179.4]); Mon, 19 Jul 2010 13:47:24 +0900 (JST)
X-Virus-Scanned: clamav-milter 0.96.1 at sh
X-Virus-Status: Clean
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2)
Cc: aliguori@us.ibm.com, armbru@redhat.com,
	Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>
Subject: [Qemu-devel] [PATCH] block migraton: check sectors before shift
	operation.
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit d246673dcb9911218ff555bcdf28b250e38fa46c has expanded the types
of block drive that can be initialized for block migration.  Although
bdrv_getlength() may return < 0, current code shifts it without
checking.  This makes block migration initialization invalid and
results in abort() due to calling qemu_malloc() with 0 size at
bdrv_set_dirty_tracking().  This patch checks the return value of
bdrv_getlength() by masking with BDRV_SECTOR_MASK.

Signed-off-by: Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>
---
 block-migration.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/block-migration.c b/block-migration.c
index 7db6f02..2e02a4a 100644
--- a/block-migration.c
+++ b/block-migration.c
@@ -237,10 +237,11 @@ static void init_blk_migration_it(void *opaque, BlockDriverState *bs)
     int64_t sectors;
 
     if (!bdrv_is_read_only(bs)) {
-        sectors = bdrv_getlength(bs) >> BDRV_SECTOR_BITS;
-        if (sectors == 0) {
+        sectors = bdrv_getlength(bs) & BDRV_SECTOR_MASK;
+        if (sectors <= 0) {
             return;
         }
+        sectors >>= BDRV_SECTOR_BITS;
 
         bmds = qemu_mallocz(sizeof(BlkMigDevState));
         bmds->bs = bs;