Like all block drivers virtio-blk should not allow small than block size
granularity access. But given that the protocol specifies a
byte unit length field we currently accept such requests, which cause
qemu to abort() in lower layers. Add checks to the main read and
write handlers to catch them early.
Reported-by: Conor Murphy <conor_murphy_v...@hotmail.com>
Tested-by: Conor Murphy <conor_murphy_v...@hotmail.com>
Signed-off-by: Christoph Hellwig <h...@lst.de>
Index: qemu/hw/virtio-blk.c
===================================================================
--- qemu.orig/hw/virtio-blk.c 2011-03-30 11:46:10.268665534 -0700
+++ qemu/hw/virtio-blk.c 2011-03-30 11:49:45.655247322 -0700
@@ -290,6 +290,10 @@ static void virtio_blk_handle_write(Virt
virtio_blk_rw_complete(req, -EIO);
return;
}
+ if (req->qiov.size % req->dev->conf->logical_block_size) {
+ virtio_blk_rw_complete(req, -EIO);
+ return;
+ }
if (mrb->num_writes == 32) {
virtio_submit_multiwrite(req->dev->bs, mrb);
@@ -317,6 +321,10 @@ static void virtio_blk_handle_read(VirtI
virtio_blk_rw_complete(req, -EIO);
return;
}
+ if (req->qiov.size % req->dev->conf->logical_block_size) {
+ virtio_blk_rw_complete(req, -EIO);
+ return;
+ }
acb = bdrv_aio_readv(req->dev->bs, sector, &req->qiov,
req->qiov.size / BDRV_SECTOR_SIZE,
