diff options
| author | Kevin Wolf <kwolf@redhat.com> | 2014-07-01 16:52:21 +0200 |
|---|---|---|
| committer | Stefan Hajnoczi <stefanha@redhat.com> | 2014-07-07 09:15:29 +0200 |
| commit | 5a0f6fd5c84573387056e0464a7fc0c6fb70b2dc (patch) | |
| tree | 21b36dcf76f149c0bc3272c2a571ee0825db6647 | |
| parent | bc3a7f90ff44037bbe898708081db23a08fa7189 (diff) | |
| download | qemu-5a0f6fd5c84573387056e0464a7fc0c6fb70b2dc.tar.gz | |
mirror: Fix qiov size for short requests
When mirroring an image of a size that is not a multiple of the
mirror job granularity, the last request would have the right nb_sectors
argument, but a qiov that is rounded up to the next multiple of the
granularity. Don't do this.
This fixes a segfault that is caused by raw-posix being confused by this
and allocating a buffer with request length, but operating on it with
qiov length.
[s/Driver/Drive/ in qemu-iotests 041 as suggested by Eric
--Stefan]
Reported-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Tested-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| -rw-r--r-- | block/mirror.c | 4 | ||||
| -rwxr-xr-x | tests/qemu-iotests/041 | 5 | ||||
| -rw-r--r-- | tests/qemu-iotests/041.out | 4 |
3 files changed, 10 insertions, 3 deletions
diff --git a/block/mirror.c b/block/mirror.c index 6c3ee7041c..c7a655fc58 100644 --- a/block/mirror.c +++ b/block/mirror.c @@ -265,9 +265,11 @@ static uint64_t coroutine_fn mirror_iteration(MirrorBlockJob *s) next_sector = sector_num; while (nb_chunks-- > 0) { MirrorBuffer *buf = QSIMPLEQ_FIRST(&s->buf_free); + size_t remaining = (nb_sectors * BDRV_SECTOR_SIZE) - op->qiov.size; + QSIMPLEQ_REMOVE_HEAD(&s->buf_free, next); s->buf_free_count--; - qemu_iovec_add(&op->qiov, buf, s->granularity); + qemu_iovec_add(&op->qiov, buf, MIN(s->granularity, remaining)); /* Advance the HBitmapIter in parallel, so that we do not examine * the same sector twice. diff --git a/tests/qemu-iotests/041 b/tests/qemu-iotests/041 index 0815e19274..005090ecc2 100755 --- a/tests/qemu-iotests/041 +++ b/tests/qemu-iotests/041 @@ -217,6 +217,11 @@ class TestSingleDriveZeroLength(TestSingleDrive): test_small_buffer2 = None test_large_cluster = None +class TestSingleDriveUnalignedLength(TestSingleDrive): + image_len = 1025 * 1024 + test_small_buffer2 = None + test_large_cluster = None + class TestMirrorNoBacking(ImageMirroringTestCase): image_len = 2 * 1024 * 1024 # MB diff --git a/tests/qemu-iotests/041.out b/tests/qemu-iotests/041.out index 42147c0b58..24093bc631 100644 --- a/tests/qemu-iotests/041.out +++ b/tests/qemu-iotests/041.out @@ -1,5 +1,5 @@ -.............................................. +...................................................... ---------------------------------------------------------------------- -Ran 46 tests +Ran 54 tests OK |