mirrors/qemu
0
0
Fork 0
mirror of https://github.com/qemu/qemu.git synced 2024-11-26 12:23:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

qcow2: check for NULL l2meta

Browse Source 
In the case of a metadata preallocation with a large cluster size,
qcow2_alloc_cluster_offset() can allocate nothing and returns a
NULL l2meta. This patch checks for it and link2 l2 with only valid
l2meta.

Replace 9 and 512 with BDRV_SECTOR_BITS, BDRV_SECTOR_SIZE
respectively while at the function.

Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This commit is contained in:
Hu Tao 2014-01-26 11:12:39 +08:00 committed by Kevin Wolf
parent 33304ec9fa
commit 7c2bbf4aa6
1 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
block/qcow2.c
View File

@ -1404,34 +1404,34 @@ static int preallocate(BlockDriverState *bs)
int ret; int ret;
QCowL2Meta *meta; QCowL2Meta *meta;
nb_sectors = bdrv_getlength(bs) >> 9; nb_sectors = bdrv_getlength(bs) >> BDRV_SECTOR_BITS;
offset = 0; offset = 0;
while (nb_sectors) { while (nb_sectors) {
num = MIN(nb_sectors, INT_MAX >> 9); num = MIN(nb_sectors, INT_MAX >> BDRV_SECTOR_BITS);
ret = qcow2_alloc_cluster_offset(bs, offset, &num, ret = qcow2_alloc_cluster_offset(bs, offset, &num,
&host_offset, &meta); &host_offset, &meta);
if (ret < 0) { if (ret < 0) {
return ret; return ret;
} }
ret = qcow2_alloc_cluster_link_l2(bs, meta);
if (ret < 0) {
qcow2_free_any_clusters(bs, meta->alloc_offset, meta->nb_clusters,
QCOW2_DISCARD_NEVER);
return ret;
}
/* There are no dependent requests, but we need to remove our request
* from the list of in-flight requests */
if (meta != NULL) { if (meta != NULL) {
ret = qcow2_alloc_cluster_link_l2(bs, meta);
if (ret < 0) {
qcow2_free_any_clusters(bs, meta->alloc_offset,
meta->nb_clusters, QCOW2_DISCARD_NEVER);
return ret;
}
/* There are no dependent requests, but we need to remove our
* request from the list of in-flight requests */
QLIST_REMOVE(meta, next_in_flight); QLIST_REMOVE(meta, next_in_flight);
} }
/* TODO Preallocate data if requested */ /* TODO Preallocate data if requested */
nb_sectors -= num; nb_sectors -= num;
offset += num << 9; offset += num << BDRV_SECTOR_BITS;
} }
/* /*
@ -1440,9 +1440,10 @@ static int preallocate(BlockDriverState *bs)
* EOF). Extend the image to the last allocated sector. * EOF). Extend the image to the last allocated sector.
*/ */
if (host_offset != 0) { if (host_offset != 0) {
uint8_t buf[512]; uint8_t buf[BDRV_SECTOR_SIZE];
memset(buf, 0, 512); memset(buf, 0, BDRV_SECTOR_SIZE);
ret = bdrv_write(bs->file, (host_offset >> 9) + num - 1, buf, 1); ret = bdrv_write(bs->file, (host_offset >> BDRV_SECTOR_BITS) + num - 1,
buf, 1);
if (ret < 0) { if (ret < 0) {
return ret; return ret;
} }