Re: [PATCH 2/2] block/file-posix: fix wps checking in raw_co

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] block/file-posix: fix wps checking in raw_co_prw

From:	Stefan Hajnoczi
Subject:	Re: [PATCH 2/2] block/file-posix: fix wps checking in raw_co_prw
Date:	Wed, 7 Jun 2023 12:08:42 -0400

On Sun, Jun 04, 2023 at 02:16:58PM +0800, Sam Li wrote:
> If the write operation fails and the wps is NULL, then accessing it will
> lead to data corruption.
> 
> Solving the issue by adding a nullptr checking in get_zones_wp() where
> the wps is used.
> 
> This issue is found by Peter Maydell using the Coverity Tool (CID
> 1512459).
> 
> Signed-off-by: Sam Li <faithilikerun@gmail.com>
> ---
>  block/file-posix.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/block/file-posix.c b/block/file-posix.c
> index 0d9d179a35..620942bf40 100644
> --- a/block/file-posix.c
> +++ b/block/file-posix.c
> @@ -1340,6 +1340,10 @@ static int get_zones_wp(BlockDriverState *bs, int fd, 
> int64_t offset,
>      rep_size = sizeof(struct blk_zone_report) + nrz * sizeof(struct 
> blk_zone);
>      g_autofree struct blk_zone_report *rep = NULL;
>  
> +    if (!wps) {
> +        return -1;
> +    }

An error will be printed every time this happens on a non-zoned device:

  static void update_zones_wp(BlockDriverState *bs, int fd, int64_t offset,
                              unsigned int nrz)
  {
      if (get_zones_wp(bs, fd, offset, nrz, 0) < 0) {
          error_report("update zone wp failed");

Please change the following code to avoid the call to update_zones_wp():

  #if defined(CONFIG_BLKZONED)
  {
      BlockZoneWps *wps = bs->wps;
      if (ret == 0) {
          if ((type & (QEMU_AIO_WRITE | QEMU_AIO_ZONE_APPEND))
              && wps && bs->bl.zone_size) {
              uint64_t *wp = &wps->wp[offset / bs->bl.zone_size];
              if (!BDRV_ZT_IS_CONV(*wp)) {
                  if (type & QEMU_AIO_ZONE_APPEND) {
                      *s->offset = *wp;
                      trace_zbd_zone_append_complete(bs, *s->offset
                          >> BDRV_SECTOR_BITS);
                  }
                  /* Advance the wp if needed */
                  if (offset + bytes > *wp) {
                      *wp = offset + bytes;
                  }
              }
          }
      } else {
-         if (type & (QEMU_AIO_WRITE | QEMU_AIO_ZONE_APPEND)) {
+         if (wps && (type & (QEMU_AIO_WRITE | QEMU_AIO_ZONE_APPEND))) {
              update_zones_wp(bs, s->fd, 0, 1);
          }
      }

Stefan

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 1/2] block/file-posix: fix g_file_get_contents return path, Sam Li, 2023/06/04
- [PATCH 2/2] block/file-posix: fix wps checking in raw_co_prw, Sam Li, 2023/06/04
  - Re: [PATCH 2/2] block/file-posix: fix wps checking in raw_co_prw, Stefan Hajnoczi <=
- Re: [PATCH 1/2] block/file-posix: fix g_file_get_contents return path, Matthew Rosato, 2023/06/07
- Re: [PATCH 1/2] block/file-posix: fix g_file_get_contents return path, Stefan Hajnoczi, 2023/06/07

Prev by Date: Re: [PATCH] iotests: fix 194: filter out racy postcopy-active event
Next by Date: Re: [PATCH 1/2] block/file-posix: fix g_file_get_contents return path
Previous by thread: [PATCH 2/2] block/file-posix: fix wps checking in raw_co_prw
Next by thread: Re: [PATCH 1/2] block/file-posix: fix g_file_get_contents return path
Index(es):
- Date
- Thread