qcow2: check for NULL l2meta

In the case of a metadata preallocation with a large cluster size, qcow2_alloc_cluster_offset() can allocate nothing and returns a NULL l2meta. This patch checks for it and link2 l2 with only valid l2meta. Replace 9 and 512 with BDRV_SECTOR_BITS, BDRV_SECTOR_SIZE respectively while at the function. Signed-off-by: Hu Tao <hutao@cn.fujitsu.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2024-11-26 12:23:36 +08:00 · 2014-01-26 11:12:39 +08:00 · 2014-01-26 11:12:39 +08:00 · 7c2bbf4aa6
commit 7c2bbf4aa6
parent 33304ec9fa
1 changed files with 16 additions and 15 deletions
--- a/block/qcow2.c
+++ b/block/qcow2.c
@ -1404,34 +1404,34 @@ static int preallocate(BlockDriverState *bs)
    int ret;
    QCowL2Meta *meta;

-    nb_sectors = bdrv_getlength(bs) >> 9;
+    nb_sectors = bdrv_getlength(bs) >> BDRV_SECTOR_BITS;
    offset = 0;

    while (nb_sectors) {
-        num = MIN(nb_sectors, INT_MAX >> 9);
+        num = MIN(nb_sectors, INT_MAX >> BDRV_SECTOR_BITS);
        ret = qcow2_alloc_cluster_offset(bs, offset, &num,
                                         &host_offset, &meta);
        if (ret < 0) {
            return ret;
        }

-        ret = qcow2_alloc_cluster_link_l2(bs, meta);
-        if (ret < 0) {
-            qcow2_free_any_clusters(bs, meta->alloc_offset, meta->nb_clusters,
-                                    QCOW2_DISCARD_NEVER);
-            return ret;
-        }
-
-        /* There are no dependent requests, but we need to remove our request
-         * from the list of in-flight requests */
        if (meta != NULL) {
+            ret = qcow2_alloc_cluster_link_l2(bs, meta);
+            if (ret < 0) {
+                qcow2_free_any_clusters(bs, meta->alloc_offset,
+                                        meta->nb_clusters, QCOW2_DISCARD_NEVER);
+                return ret;
+            }
+
+            /* There are no dependent requests, but we need to remove our
+             * request from the list of in-flight requests */
            QLIST_REMOVE(meta, next_in_flight);
        }

        /* TODO Preallocate data if requested */

        nb_sectors -= num;
-        offset += num << 9;
+        offset += num << BDRV_SECTOR_BITS;
    }

    /*
@ -1440,9 +1440,10 @@ static int preallocate(BlockDriverState *bs)
     * EOF). Extend the image to the last allocated sector.
     */
    if (host_offset != 0) {
-        uint8_t buf[512];
-        memset(buf, 0, 512);
-        ret = bdrv_write(bs->file, (host_offset >> 9) + num - 1, buf, 1);
+        uint8_t buf[BDRV_SECTOR_SIZE];
+        memset(buf, 0, BDRV_SECTOR_SIZE);
+        ret = bdrv_write(bs->file, (host_offset >> BDRV_SECTOR_BITS) + num - 1,
+                         buf, 1);
        if (ret < 0) {
            return ret;
        }