[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 29/47] virtio-blk: Fix and clean up the in_sg and out
|
From: |
Kevin Wolf |
|
Subject: |
[Qemu-devel] [PULL 29/47] virtio-blk: Fix and clean up the in_sg and out_sg check |
|
Date: |
Fri, 27 Jun 2014 21:08:48 +0200 |
From: Fam Zheng <address@hidden>
out_sg is checked by iov_to_buf below, so it can be dropped.
Add assert and iov_discard_back around in_sg, as the in_sg is handled in
dataplane code.
Signed-off-by: Fam Zheng <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
hw/block/virtio-blk.c | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index 0561095..4b1aeab 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -345,7 +345,9 @@ static void virtio_blk_handle_request(VirtIOBlockReq *req,
MultiReqBuffer *mrb)
{
uint32_t type;
+ struct iovec *in_iov = req->elem->in_sg;
struct iovec *iov = req->elem->out_sg;
+ unsigned in_num = req->elem->in_num;
unsigned out_num = req->elem->out_num;
if (req->elem->out_num < 1 || req->elem->in_num < 1) {
@@ -353,19 +355,24 @@ static void virtio_blk_handle_request(VirtIOBlockReq *req,
exit(1);
}
- if (req->elem->out_sg[0].iov_len < sizeof(req->out) ||
- req->elem->in_sg[req->elem->in_num - 1].iov_len < sizeof(*req->in)) {
- error_report("virtio-blk header not in correct element");
- exit(1);
- }
-
if (unlikely(iov_to_buf(iov, out_num, 0, &req->out,
sizeof(req->out)) != sizeof(req->out))) {
error_report("virtio-blk request outhdr too short");
exit(1);
}
+
iov_discard_front(&iov, &out_num, sizeof(req->out));
- req->in = (void *)req->elem->in_sg[req->elem->in_num - 1].iov_base;
+
+ if (in_num < 1 ||
+ in_iov[in_num - 1].iov_len < sizeof(struct virtio_blk_inhdr)) {
+ error_report("virtio-blk request inhdr too short");
+ exit(1);
+ }
+
+ req->in = (void *)in_iov[in_num - 1].iov_base
+ + in_iov[in_num - 1].iov_len
+ - sizeof(struct virtio_blk_inhdr);
+ iov_discard_back(in_iov, &in_num, sizeof(struct virtio_blk_inhdr));
type = ldl_p(&req->out.type);
--
1.8.3.1
- [Qemu-devel] [PULL 44/47] iotests: Source common.env, (continued)
- [Qemu-devel] [PULL 44/47] iotests: Source common.env, Kevin Wolf, 2014/06/27
- [Qemu-devel] [PULL 47/47] iotests: Fix 083 for out-of-tree builds, Kevin Wolf, 2014/06/27
- [Qemu-devel] [PULL 46/47] iotests: Drop Python version from 065's Shebang, Kevin Wolf, 2014/06/27
- [Qemu-devel] [PULL 21/47] virtio-blk: Move VirtIOBlockReq to header, Kevin Wolf, 2014/06/27
- [Qemu-devel] [PULL 37/47] blockjob: Fix recent BLOCK_JOB_READY regression, Kevin Wolf, 2014/06/27
- [Qemu-devel] [PULL 38/47] blockjob: Fix recent BLOCK_JOB_ERROR regression, Kevin Wolf, 2014/06/27
- [Qemu-devel] [PULL 36/47] virtio-blk: Rename complete_request_early to complete_request_vring, Kevin Wolf, 2014/06/27
- [Qemu-devel] [PULL 35/47] virtio-blk: Unify {non-, }dataplane's request handlings, Kevin Wolf, 2014/06/27
- [Qemu-devel] [PULL 28/47] virtio-blk: Fill in VirtIOBlockReq.out in dataplane code, Kevin Wolf, 2014/06/27
- [Qemu-devel] [PULL 27/47] virtio-blk: Convert VirtIOBlockReq.out to structrue, Kevin Wolf, 2014/06/27
- [Qemu-devel] [PULL 29/47] virtio-blk: Fix and clean up the in_sg and out_sg check,
Kevin Wolf <=
- [Qemu-devel] [PULL 39/47] block: Add replaces argument to drive-mirror, Kevin Wolf, 2014/06/27
- Re: [Qemu-devel] [PULL 00/47] Block patches for 2.1.0-rc0, Peter Maydell, 2014/06/29