Re: [Qemu-block] [PULL 01/12] util/iov: introduce qemu_iovec_init

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-block] [PULL 01/12] util/iov: introduce qemu_iovec_init_extend

From:	Vladimir Sementsov-Ogievskiy
Subject:	Re: [Qemu-block] [PULL 01/12] util/iov: introduce qemu_iovec_init_extended
Date:	Tue, 10 Sep 2019 09:03:03 +0000

09.09.2019 20:39, Peter Maydell wrote:
> On Tue, 27 Aug 2019 at 21:16, Stefan Hajnoczi <address@hidden> wrote:
>>
>> From: Vladimir Sementsov-Ogievskiy <address@hidden>
>>
>> Introduce new initialization API, to create requests with padding. Will
>> be used in the following patch. New API uses qemu_iovec_init_buf if
>> resulting io vector has only one element, to avoid extra allocations.
>> So, we need to update qemu_iovec_destroy to support destroying such
>> QIOVs.
>>
>> Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
>> Acked-by: Stefan Hajnoczi <address@hidden>
>> Message-id: address@hidden
>> Message-Id: <address@hidden>
>> Signed-off-by: Stefan Hajnoczi <address@hidden>
> 
> Hi -- Coverity thinks this new function could have an
> out-of-bounds read (CID 1405302):
> 
>> +/*
>> + * Compile new iovec, combining @head_buf buffer, sub-qiov of @mid_qiov,
>> + * and @tail_buf buffer into new qiov.
>> + */
>> +void qemu_iovec_init_extended(
>> +        QEMUIOVector *qiov,
>> +        void *head_buf, size_t head_len,
>> +        QEMUIOVector *mid_qiov, size_t mid_offset, size_t mid_len,
>> +        void *tail_buf, size_t tail_len)
>> +{
>> +    size_t mid_head, mid_tail;
>> +    int total_niov, mid_niov = 0;
>> +    struct iovec *p, *mid_iov;
>> +
>> +    if (mid_len) {
>> +        mid_iov = qiov_slice(mid_qiov, mid_offset, mid_len,
>> +                             &mid_head, &mid_tail, &mid_niov);
>> +    }
>> +
>> +    total_niov = !!head_len + mid_niov + !!tail_len;
>> +    if (total_niov == 1) {
>> +        qemu_iovec_init_buf(qiov, NULL, 0);
>> +        p = &qiov->local_iov;
>> +    } else {
>> +        qiov->niov = qiov->nalloc = total_niov;
>> +        qiov->size = head_len + mid_len + tail_len;
>> +        p = qiov->iov = g_new(struct iovec, qiov->niov);
>> +    }
>> +
>> +    if (head_len) {
>> +        p->iov_base = head_buf;
>> +        p->iov_len = head_len;
>> +        p++;
>> +    }
>> +
>> +    if (mid_len) {
>> +        memcpy(p, mid_iov, mid_niov * sizeof(*p));
>> +        p[0].iov_base = (uint8_t *)p[0].iov_base + mid_head;
>> +        p[0].iov_len -= mid_head;
>> +        p[mid_niov - 1].iov_len -= mid_tail;
>> +        p += mid_niov;
>> +    }
>> +
>> +    if (tail_len) {
>> +        p->iov_base = tail_buf;
>> +        p->iov_len = tail_len;
>> +    }
>> +}
> 
> but I'm not familiar enough with the code to be able to tell
> if it's correct or if it's just getting confused. Could
> somebody have a look? (It's possible it's getting confused
> because the calculation of 'total_niov' uses 'mid_niov',
> but the condition guarding the code that fills in that part
> of the vector is 'mid_len', so it thinks it can take the
> "total_niov == 1" codepath and also the "head_len == true"
> and "mid_len != 0" paths; in which case using "if (mid_niov)"
> instead might make it happier.)
> 

I'm afraid, I don't have better assumption. Let's try.


-- 
Best regards,
Vladimir

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-block] [PULL 01/12] util/iov: introduce qemu_iovec_init_extended, Peter Maydell, 2019/09/09
- Re: [Qemu-block] [PULL 01/12] util/iov: introduce qemu_iovec_init_extended, Vladimir Sementsov-Ogievskiy <=

Prev by Date: Re: [Qemu-block] [PATCH v2 2/3] iotests: add protocol support to initialization info
Next by Date: Re: [Qemu-block] [PATCH v6 04/42] block: Add child access functions
Previous by thread: Re: [Qemu-block] [PULL 01/12] util/iov: introduce qemu_iovec_init_extended
Next by thread: Re: [Qemu-block] [PATCH 1/6] curl: Keep pointer to the CURLState in CURLSocket
Index(es):
- Date
- Thread