[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 54/81] block/iscsi: avoid data corruption with cache
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 54/81] block/iscsi: avoid data corruption with cache=writeback |
Date: |
Mon, 20 Mar 2017 18:08:18 -0500 |
From: Peter Lieven <address@hidden>
nb_cls_shrunk in iscsi_allocmap_update can become -1 if the
request starts and ends within the same cluster. This results
in passing -1 to bitmap_set and bitmap_clear and they don't
handle negative values properly. In the end this leads to data
corruption.
Fixes: e1123a3b40a1a9a625a29c8ed4debb7e206ea690
Cc: address@hidden
Signed-off-by: Peter Lieven <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Fam Zheng <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
(cherry picked from commit 1da45e0c4cf4719fa75898d019e0874b9b2bc774)
Signed-off-by: Michael Roth <address@hidden>
---
block/iscsi.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/block/iscsi.c b/block/iscsi.c
index 0960929..a1ac8d9 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -498,14 +498,18 @@ iscsi_allocmap_update(IscsiLun *iscsilun, int64_t
sector_num,
if (allocated) {
bitmap_set(iscsilun->allocmap, cl_num_expanded, nb_cls_expanded);
} else {
- bitmap_clear(iscsilun->allocmap, cl_num_shrunk, nb_cls_shrunk);
+ if (nb_cls_shrunk > 0) {
+ bitmap_clear(iscsilun->allocmap, cl_num_shrunk, nb_cls_shrunk);
+ }
}
if (iscsilun->allocmap_valid == NULL) {
return;
}
if (valid) {
- bitmap_set(iscsilun->allocmap_valid, cl_num_shrunk, nb_cls_shrunk);
+ if (nb_cls_shrunk > 0) {
+ bitmap_set(iscsilun->allocmap_valid, cl_num_shrunk, nb_cls_shrunk);
+ }
} else {
bitmap_clear(iscsilun->allocmap_valid, cl_num_expanded,
nb_cls_expanded);
--
2.7.4
- [Qemu-devel] [PATCH 40/81] pc: fix crash in rtc_set_memory() if initial cpu is marked as hotplugged, (continued)
- [Qemu-devel] [PATCH 40/81] pc: fix crash in rtc_set_memory() if initial cpu is marked as hotplugged, Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 45/81] virtio-crypto: fix possible integer and heap overflow, Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 48/81] x86: ioapic: fix fail migration when irqchip=split, Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 53/81] virtio: fix up max size checks, Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 35/81] machine: Convert abstract typename on compat_props to subclass names, Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 34/81] 9pfs: fix vulnerability in openat_dir() and local_unlinkat_common(), Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 47/81] display: cirrus: ignore source pitch value as needed in blit_is_unsafe, Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 04/81] 9pfs: introduce relative_openat_nofollow() helper, Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 60/81] s390x/kvm: fix small race reboot vs. cmma, Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 57/81] cpu-exec: fix icount out-of-bounds access, Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 54/81] block/iscsi: avoid data corruption with cache=writeback,
Michael Roth <=
- [Qemu-devel] [PATCH 58/81] ahci: advertise HOST_CAP_64, Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 62/81] block/nfs: fix naming of runtime opts, Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 65/81] target-ppc, tcg: fix usermode segfault with pthread_create(), Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 67/81] target/sparc: Restore ldstub of odd asis, Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 68/81] apic: reset apic_delivered global variable on machine reset, Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 41/81] ui/gtk: fix crash at startup when no console is available, Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 44/81] qemu-thread: fix qemu_thread_set_name() race in qemu_thread_create(), Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 49/81] char: fix ctrl-a b not working, Michael Roth, 2017/03/20
- [Qemu-devel] [PATCH 51/81] tcg/aarch64: Fix tcg_out_movi, Michael Roth, 2017/03/20