| Message ID | 1422901789-21027-3-git-send-email-den@openvz.org |
|---|---|
| State | New |
| Headers | show |
Am 02.02.2015 um 19:29 schrieb Denis V. Lunev: > nbd_co_discard calls nbd_client_session_co_discard which uses uint32_t > as the length in bytes of the data to discard due to the following > definition: > > struct nbd_request { > uint32_t magic; > uint32_t type; > uint64_t handle; > uint64_t from; > uint32_t len; <-- the length of data to be discarded, in bytes > } QEMU_PACKED; > > Thus we should limit bl_max_discard to UINT32_MAX >> BDRV_SECTOR_BITS to > avoid overflow. > > Signed-off-by: Denis V. Lunev <den@openvz.org> > CC: Kevin Wolf <kwolf@redhat.com> > CC: Peter Lieven <pl@kamp.de> > --- > block/nbd.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/block/nbd.c b/block/nbd.c > index 04cc845..99af713 100644 > --- a/block/nbd.c > +++ b/block/nbd.c > @@ -301,6 +301,11 @@ static int nbd_co_flush(BlockDriverState *bs) > return nbd_client_session_co_flush(&s->client); > } > > +static void nbd_refresh_limits(BlockDriverState *bs, Error **errp) > +{ > + bs->bl.max_discard = UINT32_MAX >> BDRV_SECTOR_BITS; > +} > + > static int nbd_co_discard(BlockDriverState *bs, int64_t sector_num, > int nb_sectors) > { > @@ -396,6 +401,7 @@ static BlockDriver bdrv_nbd = { > .bdrv_close = nbd_close, > .bdrv_co_flush_to_os = nbd_co_flush, > .bdrv_co_discard = nbd_co_discard, > + .bdrv_refresh_limits = nbd_refresh_limits, > .bdrv_getlength = nbd_getlength, > .bdrv_detach_aio_context = nbd_detach_aio_context, > .bdrv_attach_aio_context = nbd_attach_aio_context, > @@ -413,6 +419,7 @@ static BlockDriver bdrv_nbd_tcp = { > .bdrv_close = nbd_close, > .bdrv_co_flush_to_os = nbd_co_flush, > .bdrv_co_discard = nbd_co_discard, > + .bdrv_refresh_limits = nbd_refresh_limits, > .bdrv_getlength = nbd_getlength, > .bdrv_detach_aio_context = nbd_detach_aio_context, > .bdrv_attach_aio_context = nbd_attach_aio_context, > @@ -430,6 +437,7 @@ static BlockDriver bdrv_nbd_unix = { > .bdrv_close = nbd_close, > .bdrv_co_flush_to_os = nbd_co_flush, > .bdrv_co_discard = nbd_co_discard, > + .bdrv_refresh_limits = nbd_refresh_limits, > .bdrv_getlength = nbd_getlength, > .bdrv_detach_aio_context = nbd_detach_aio_context, > .bdrv_attach_aio_context = nbd_attach_aio_context, Reviewed-by: Peter Lieven <pl@kamp.de>
diff --git a/block/nbd.c b/block/nbd.c index 04cc845..99af713 100644 --- a/block/nbd.c +++ b/block/nbd.c @@ -301,6 +301,11 @@ static int nbd_co_flush(BlockDriverState *bs) return nbd_client_session_co_flush(&s->client); } +static void nbd_refresh_limits(BlockDriverState *bs, Error **errp) +{ + bs->bl.max_discard = UINT32_MAX >> BDRV_SECTOR_BITS; +} + static int nbd_co_discard(BlockDriverState *bs, int64_t sector_num, int nb_sectors) { @@ -396,6 +401,7 @@ static BlockDriver bdrv_nbd = { .bdrv_close = nbd_close, .bdrv_co_flush_to_os = nbd_co_flush, .bdrv_co_discard = nbd_co_discard, + .bdrv_refresh_limits = nbd_refresh_limits, .bdrv_getlength = nbd_getlength, .bdrv_detach_aio_context = nbd_detach_aio_context, .bdrv_attach_aio_context = nbd_attach_aio_context, @@ -413,6 +419,7 @@ static BlockDriver bdrv_nbd_tcp = { .bdrv_close = nbd_close, .bdrv_co_flush_to_os = nbd_co_flush, .bdrv_co_discard = nbd_co_discard, + .bdrv_refresh_limits = nbd_refresh_limits, .bdrv_getlength = nbd_getlength, .bdrv_detach_aio_context = nbd_detach_aio_context, .bdrv_attach_aio_context = nbd_attach_aio_context, @@ -430,6 +437,7 @@ static BlockDriver bdrv_nbd_unix = { .bdrv_close = nbd_close, .bdrv_co_flush_to_os = nbd_co_flush, .bdrv_co_discard = nbd_co_discard, + .bdrv_refresh_limits = nbd_refresh_limits, .bdrv_getlength = nbd_getlength, .bdrv_detach_aio_context = nbd_detach_aio_context, .bdrv_attach_aio_context = nbd_attach_aio_context,
nbd_co_discard calls nbd_client_session_co_discard which uses uint32_t as the length in bytes of the data to discard due to the following definition: struct nbd_request { uint32_t magic; uint32_t type; uint64_t handle; uint64_t from; uint32_t len; <-- the length of data to be discarded, in bytes } QEMU_PACKED; Thus we should limit bl_max_discard to UINT32_MAX >> BDRV_SECTOR_BITS to avoid overflow. Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Kevin Wolf <kwolf@redhat.com> CC: Peter Lieven <pl@kamp.de> --- block/nbd.c | 8 ++++++++ 1 file changed, 8 insertions(+)