[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 57/67] block/curl: Do not wait for data beyond EOF
|
From: |
Michael Roth |
|
Subject: |
[Qemu-stable] [PATCH 57/67] block/curl: Do not wait for data beyond EOF |
|
Date: |
Wed, 14 Dec 2016 18:44:51 -0600 |
From: Max Reitz <address@hidden>
libcurl will only give us as much data as there is, not more. The block
layer will deny requests beyond the end of file for us; but since this
block driver is still using a sector-based interface, we can still get
in trouble if the file size is not a multiple of 512.
While we have already made sure not to attempt transfers beyond the end
of the file, we are currently still trying to receive data from there if
the original request exceeds the file size. This patch fixes this issue
and invokes qemu_iovec_memset() on the iovec's tail.
Cc: address@hidden
Signed-off-by: Max Reitz <address@hidden>
Message-id: address@hidden
Signed-off-by: Jeff Cody <address@hidden>
(cherry picked from commit 4e504535c16dfa66290281e704384abfaca08673)
Signed-off-by: Michael Roth <address@hidden>
---
block/curl.c | 32 +++++++++++++++++++++++---------
1 file changed, 23 insertions(+), 9 deletions(-)
diff --git a/block/curl.c b/block/curl.c
index 600d032..db0b25b 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -254,8 +254,17 @@ static size_t curl_read_cb(void *ptr, size_t size, size_t
nmemb, void *opaque)
continue;
if ((s->buf_off >= acb->end)) {
+ size_t request_length = acb->nb_sectors * BDRV_SECTOR_SIZE;
+
qemu_iovec_from_buf(acb->qiov, 0, s->orig_buf + acb->start,
acb->end - acb->start);
+
+ if (acb->end - acb->start < request_length) {
+ size_t offset = acb->end - acb->start;
+ qemu_iovec_memset(acb->qiov, offset, 0,
+ request_length - offset);
+ }
+
acb->common.cb(acb->common.opaque, 0);
qemu_aio_unref(acb);
s->acb[i] = NULL;
@@ -272,6 +281,8 @@ static int curl_find_buf(BDRVCURLState *s, size_t start,
size_t len,
{
int i;
size_t end = start + len;
+ size_t clamped_end = MIN(end, s->len);
+ size_t clamped_len = clamped_end - start;
for (i=0; i<CURL_NUM_STATES; i++) {
CURLState *state = &s->states[i];
@@ -286,12 +297,15 @@ static int curl_find_buf(BDRVCURLState *s, size_t start,
size_t len,
// Does the existing buffer cover our section?
if ((start >= state->buf_start) &&
(start <= buf_end) &&
- (end >= state->buf_start) &&
- (end <= buf_end))
+ (clamped_end >= state->buf_start) &&
+ (clamped_end <= buf_end))
{
char *buf = state->orig_buf + (start - state->buf_start);
- qemu_iovec_from_buf(acb->qiov, 0, buf, len);
+ qemu_iovec_from_buf(acb->qiov, 0, buf, clamped_len);
+ if (clamped_len < len) {
+ qemu_iovec_memset(acb->qiov, clamped_len, 0, len -
clamped_len);
+ }
acb->common.cb(acb->common.opaque, 0);
return FIND_RET_OK;
@@ -301,13 +315,13 @@ static int curl_find_buf(BDRVCURLState *s, size_t start,
size_t len,
if (state->in_use &&
(start >= state->buf_start) &&
(start <= buf_fend) &&
- (end >= state->buf_start) &&
- (end <= buf_fend))
+ (clamped_end >= state->buf_start) &&
+ (clamped_end <= buf_fend))
{
int j;
acb->start = start - state->buf_start;
- acb->end = acb->start + len;
+ acb->end = acb->start + clamped_len;
for (j=0; j<CURL_NUM_ACB; j++) {
if (!state->acb[j]) {
@@ -786,13 +800,13 @@ static void curl_readv_bh_cb(void *p)
}
acb->start = 0;
- acb->end = (acb->nb_sectors * BDRV_SECTOR_SIZE);
+ acb->end = MIN(acb->nb_sectors * BDRV_SECTOR_SIZE, s->len - start);
state->buf_off = 0;
g_free(state->orig_buf);
state->buf_start = start;
- state->buf_len = acb->end + s->readahead_size;
- end = MIN(start + state->buf_len, s->len) - 1;
+ state->buf_len = MIN(acb->end + s->readahead_size, s->len - start);
+ end = start + state->buf_len - 1;
state->orig_buf = g_try_malloc(state->buf_len);
if (state->buf_len && state->orig_buf == NULL) {
curl_clean_state(state);
--
1.9.1
- [Qemu-stable] [PATCH 04/67] ppc: Check the availability of transactional memory, (continued)
- [Qemu-stable] [PATCH 04/67] ppc: Check the availability of transactional memory, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 53/67] block: Pass unaligned discard requests to drivers, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 54/67] block/curl: Use BDRV_SECTOR_SIZE, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 55/67] block/curl: Fix return value from curl_read_cb, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 49/67] slirp: Fix access to freed memory, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 56/67] block/curl: Remember all sockets, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 58/67] vhost: drop legacy vring layout bits, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 60/67] pci-assign: sync MSI/MSI-X cap and table with PCIDevice, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 52/67] block: Return -ENOTSUP rather than assert on unaligned discards, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 63/67] vhost-user-test: Use libqos instead of pxe-virtio.rom, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 57/67] block/curl: Do not wait for data beyond EOF,
Michael Roth <=
- [Qemu-stable] [PATCH 61/67] rules.mak: Use -r instead of -Wl, -r to fix building when PIE is default, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 66/67] msmouse: Fix segfault caused by free the chr before chardev cleanup., Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 05/67] virtio: zero vq->inuse in virtio_reset(), Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 59/67] ivshmem: Fix 64 bit memory bar configuration, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 62/67] intel_iommu: fix incorrect device invalidate, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 64/67] vl: Delay initialization of memory backends, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 65/67] Revert "megasas: remove useless check for cmd->frame", Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 06/67] virtio-balloon: discard virtqueue element on reset, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 67/67] vfio/pci: Fix vfio_rtl8168_quirk_data_read address offset, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 07/67] vnc: fix qemu crash because of SIGSEGV, Michael Roth, 2016/12/14