peterdelevoryas / rpms / qemu

Forked from rpms/qemu 2 years ago
Clone
Blob Blame History Raw
commit 52c050236eaa4f0b5e1d160cd66dc18106445c4d
Author: Christoph Hellwig <hch@lst.de>
Date:   Wed Apr 6 20:28:34 2011 +0200

    virtio-blk: fail unaligned requests
    
    Like all block drivers virtio-blk should not allow small than block size
    granularity access.  But given that the protocol specifies a
    byte unit length field we currently accept such requests, which cause
    qemu to abort() in lower layers.  Add checks to the main read and
    write handlers to catch them early.
    
    Reported-by: Conor Murphy <conor_murphy_virt@hotmail.com>
    Tested-by: Conor Murphy <conor_murphy_virt@hotmail.com>
    Signed-off-by: Christoph Hellwig <hch@lst.de>
    Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
    Signed-off-by: Kevin Wolf <kwolf@redhat.com>

diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index b14fb99..91e0394 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -290,6 +290,10 @@ static void virtio_blk_handle_write(VirtIOBlockReq *req, MultiReqBuffer *mrb)
         virtio_blk_rw_complete(req, -EIO);
         return;
     }
+    if (req->qiov.size % req->dev->conf->logical_block_size) {
+        virtio_blk_rw_complete(req, -EIO);
+        return;
+    }
 
     if (mrb->num_writes == 32) {
         virtio_submit_multiwrite(req->dev->bs, mrb);
@@ -317,6 +321,10 @@ static void virtio_blk_handle_read(VirtIOBlockReq *req)
         virtio_blk_rw_complete(req, -EIO);
         return;
     }
+    if (req->qiov.size % req->dev->conf->logical_block_size) {
+        virtio_blk_rw_complete(req, -EIO);
+        return;
+    }
 
     acb = bdrv_aio_readv(req->dev->bs, sector, &req->qiov,
                          req->qiov.size / BDRV_SECTOR_SIZE,