|
 |
2dedc0 |
commit 52c050236eaa4f0b5e1d160cd66dc18106445c4d
|
|
|
2dedc0 |
Author: Christoph Hellwig <hch@lst.de>
|
|
|
2dedc0 |
Date: Wed Apr 6 20:28:34 2011 +0200
|
|
|
2dedc0 |
|
|
|
2dedc0 |
virtio-blk: fail unaligned requests
|
|
|
2dedc0 |
|
|
|
2dedc0 |
Like all block drivers virtio-blk should not allow small than block size
|
|
|
2dedc0 |
granularity access. But given that the protocol specifies a
|
|
|
2dedc0 |
byte unit length field we currently accept such requests, which cause
|
|
|
2dedc0 |
qemu to abort() in lower layers. Add checks to the main read and
|
|
|
2dedc0 |
write handlers to catch them early.
|
|
|
2dedc0 |
|
|
|
2dedc0 |
Reported-by: Conor Murphy <conor_murphy_virt@hotmail.com>
|
|
|
2dedc0 |
Tested-by: Conor Murphy <conor_murphy_virt@hotmail.com>
|
|
|
2dedc0 |
Signed-off-by: Christoph Hellwig <hch@lst.de>
|
|
|
2dedc0 |
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
|
|
|
2dedc0 |
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
|
2dedc0 |
|
|
|
2dedc0 |
diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
|
|
|
2dedc0 |
index b14fb99..91e0394 100644
|
|
|
2dedc0 |
--- a/hw/virtio-blk.c
|
|
|
2dedc0 |
+++ b/hw/virtio-blk.c
|
|
|
2dedc0 |
@@ -290,6 +290,10 @@ static void virtio_blk_handle_write(VirtIOBlockReq *req, MultiReqBuffer *mrb)
|
|
|
2dedc0 |
virtio_blk_rw_complete(req, -EIO);
|
|
|
2dedc0 |
return;
|
|
|
2dedc0 |
}
|
|
|
2dedc0 |
+ if (req->qiov.size % req->dev->conf->logical_block_size) {
|
|
|
2dedc0 |
+ virtio_blk_rw_complete(req, -EIO);
|
|
|
2dedc0 |
+ return;
|
|
|
2dedc0 |
+ }
|
|
|
2dedc0 |
|
|
|
2dedc0 |
if (mrb->num_writes == 32) {
|
|
|
2dedc0 |
virtio_submit_multiwrite(req->dev->bs, mrb);
|
|
|
2dedc0 |
@@ -317,6 +321,10 @@ static void virtio_blk_handle_read(VirtIOBlockReq *req)
|
|
|
2dedc0 |
virtio_blk_rw_complete(req, -EIO);
|
|
|
2dedc0 |
return;
|
|
|
2dedc0 |
}
|
|
|
2dedc0 |
+ if (req->qiov.size % req->dev->conf->logical_block_size) {
|
|
|
2dedc0 |
+ virtio_blk_rw_complete(req, -EIO);
|
|
|
2dedc0 |
+ return;
|
|
|
2dedc0 |
+ }
|
|
|
2dedc0 |
|
|
|
2dedc0 |
acb = bdrv_aio_readv(req->dev->bs, sector, &req->qiov,
|
|
|
2dedc0 |
req->qiov.size / BDRV_SECTOR_SIZE,
|