Commit 8ab52150 authored by Jan Beulich's avatar Jan Beulich Committed by Konrad Rzeszutek Wilk

xen/blkback: don't fail empty barrier requests

The sector number on empty barrier requests may (will?) be -1, which,
given that it's being treated as unsigned 64-bit quantity, will almost
always exceed the actual (virtual) disk's size.

Inspired by Konrad's "When writting barriers set the sector number to
zero...".

While at it also add overflow checking to the math in vbd_translate().
Signed-off-by: default avatarJan Beulich <jbeulich@novell.com>
Signed-off-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
parent 496b318e
...@@ -175,8 +175,14 @@ static int xen_vbd_translate(struct phys_req *req, struct xen_blkif *blkif, ...@@ -175,8 +175,14 @@ static int xen_vbd_translate(struct phys_req *req, struct xen_blkif *blkif,
if ((operation != READ) && vbd->readonly) if ((operation != READ) && vbd->readonly)
goto out; goto out;
if (unlikely((req->sector_number + req->nr_sects) > vbd_sz(vbd))) if (likely(req->nr_sects)) {
goto out; blkif_sector_t end = req->sector_number + req->nr_sects;
if (unlikely(end < req->sector_number))
goto out;
if (unlikely(end > vbd_sz(vbd)))
goto out;
}
req->dev = vbd->pdevice; req->dev = vbd->pdevice;
req->bdev = vbd->bdev; req->bdev = vbd->bdev;
...@@ -538,11 +544,6 @@ static int dispatch_rw_block_io(struct xen_blkif *blkif, ...@@ -538,11 +544,6 @@ static int dispatch_rw_block_io(struct xen_blkif *blkif,
case BLKIF_OP_FLUSH_DISKCACHE: case BLKIF_OP_FLUSH_DISKCACHE:
blkif->st_f_req++; blkif->st_f_req++;
operation = WRITE_FLUSH; operation = WRITE_FLUSH;
/*
* The frontend likes to set this to -1, which xen_vbd_translate
* is alergic too.
*/
req->u.rw.sector_number = 0;
break; break;
case BLKIF_OP_WRITE_BARRIER: case BLKIF_OP_WRITE_BARRIER:
default: default:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment