diff options
| author |   Christoph Hellwig <hch@lst.de> | 2011-04-06 20:28:34 +0200 |
|---|---|---|
| committer |   Doug Goldstein <cardoe@cardoe.com> | 2011-05-25 19:14:02 -0500 |
| commit | c3695ecbe4fb85a67d3f12cda81918ff9ca05fc2 (patch) | |
| tree | 6800c86b0801ee8008a3e57f4e54ef935bf4dda1 | |
| parent | Merge remote branch 'upstream/stable-0.13' into stable-0.13 (diff) | |
| download | qemu-kvm-c3695ecbe4fb85a67d3f12cda81918ff9ca05fc2.tar.gz qemu-kvm-c3695ecbe4fb85a67d3f12cda81918ff9ca05fc2.tar.bz2 qemu-kvm-c3695ecbe4fb85a67d3f12cda81918ff9ca05fc2.zip | |
virtio-blk: fail unaligned requests
Like all block drivers virtio-blk should not allow small than block size
granularity access. But given that the protocol specifies a
byte unit length field we currently accept such requests, which cause
qemu to abort() in lower layers. Add checks to the main read and
write handlers to catch them early.
Reported-by: Conor Murphy <conor_murphy_virt@hotmail.com>
Tested-by: Conor Murphy <conor_murphy_virt@hotmail.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
| -rw-r--r-- | hw/virtio-blk.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c index 251779ca7..dbe88a2b2 100644 --- a/hw/virtio-blk.c +++ b/hw/virtio-blk.c @@ -273,6 +273,10 @@ static void virtio_blk_handle_write(VirtIOBlockReq *req, MultiReqBuffer *mrb) virtio_blk_rw_complete(req, -EIO); return; } + if (req->qiov.size % req->dev->conf->logical_block_size) { + virtio_blk_rw_complete(req, -EIO); + return; + } if (mrb->num_writes == 32) { virtio_submit_multiwrite(req->dev->bs, mrb); @@ -297,6 +301,10 @@ static void virtio_blk_handle_read(VirtIOBlockReq *req) virtio_blk_rw_complete(req, -EIO); return; } + if (req->qiov.size % req->dev->conf->logical_block_size) { + virtio_blk_rw_complete(req, -EIO); + return; + } acb = bdrv_aio_readv(req->dev->bs, req->out->sector, &req->qiov, req->qiov.size / BDRV_SECTOR_SIZE, |