Re: [Qemu-devel] [PATCH v2 1/2] raw-posix: Fix raw_co_get_block_status() after EOF

Thu, 16 Oct 2014 01:31:35 -0700 

Am 22.09.2014 um 17:36 hat Max Reitz geschrieben:
> As its comment states, raw_co_get_block_status() should unconditionally
> return 0 and set *pnum to 0 for after EOF.
> 
> An assertion after lseek(..., SEEK_HOLE) tried to catch this case by
> asserting that errno != -ENXIO (which would indicate a position after
> the EOF); but it should be errno != ENXIO instead. Fix this, too.
> 
> Additionally, nb_sectors should be clamped against the image end. This
> was probably not an issue if FIEMAP or SEEK_HOLE/SEEK_DATA worked, but
> the fallback did not take this case into account.
> 
> Reported-by: Kevin Wolf <kw...@redhat.com>
> Signed-off-by: Max Reitz <mre...@redhat.com>
> ---
>  block/raw-posix.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/block/raw-posix.c b/block/raw-posix.c
> index a253697..dd57992 100644
> --- a/block/raw-posix.c
> +++ b/block/raw-posix.c
> @@ -1509,9 +1509,9 @@ static int64_t try_seek_hole(BlockDriverState *bs, 
> off_t start, off_t *data,
>  
>      *hole = lseek(s->fd, start, SEEK_HOLE);
>      if (*hole == -1) {
> -        /* -ENXIO indicates that sector_num was past the end of the file.
> +        /* ENXIO indicates that sector_num was past the end of the file.
>           * There is a virtual hole there.  */
> -        assert(errno != -ENXIO);
> +        assert(errno != ENXIO);

This assertion can be triggered if another process truncates the file in
the background after it has been opened (bdrv_getlength() usually uses
the cached value, so this race condition isn't even hard to reproduce).

Kevin

>          return -errno;
>      }
> @@ -1552,6 +1552,7 @@ static int64_t coroutine_fn 
> raw_co_get_block_status(BlockDriverState *bs,
>                                                      int nb_sectors, int 
> *pnum)
>  {
>      off_t start, data = 0, hole = 0;
> +    int64_t total_size;
>      int64_t ret;
>  
>      ret = fd_open(bs);
> @@ -1560,6 +1561,13 @@ static int64_t coroutine_fn 
> raw_co_get_block_status(BlockDriverState *bs,
>      }
>  
>      start = sector_num * BDRV_SECTOR_SIZE;
> +    total_size = bdrv_getlength(bs);

bdrv_getlength() can fail.

> +    if (start >= total_size) {
> +        *pnum = 0;
> +        return 0;
> +    } else if (start + nb_sectors * BDRV_SECTOR_SIZE > total_size) {
> +        nb_sectors = (total_size - start) / BDRV_SECTOR_SIZE;
> +    }

Kevin

Reply via email to