aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaolo Bonzini <pbonzini@redhat.com>2023-04-07 17:33:00 +0200
committerKevin Wolf <kwolf@redhat.com>2023-04-11 16:40:53 +0200
commit2c5451ca523fc2b757e1e5b4e0b9fc84dbd58f97 (patch)
treeb31834074a21b549780e99807535bb65dbb10994
parent8c6f27e7d85a794698eb1cd32c58df28cece50d1 (diff)
downloadqemu-2c5451ca523fc2b757e1e5b4e0b9fc84dbd58f97.zip
qemu-2c5451ca523fc2b757e1e5b4e0b9fc84dbd58f97.tar.gz
qemu-2c5451ca523fc2b757e1e5b4e0b9fc84dbd58f97.tar.bz2
migration/block: replace uses of blk_nb_sectors that do not check result
Uses of blk_nb_sectors must check whether the result is negative. Otherwise, underflow can happen. Fortunately, alloc_aio_bitmap() and bmds_aio_inflight() both have an alternative way to retrieve the number of sectors in the file. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20230407153303.391121-6-pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-rw-r--r--migration/block.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/migration/block.c b/migration/block.c
index 426a25b..b2497bb 100644
--- a/migration/block.c
+++ b/migration/block.c
@@ -195,7 +195,7 @@ static int bmds_aio_inflight(BlkMigDevState *bmds, int64_t sector)
{
int64_t chunk = sector / (int64_t)BDRV_SECTORS_PER_DIRTY_CHUNK;
- if (sector < blk_nb_sectors(bmds->blk)) {
+ if (sector < bmds->total_sectors) {
return !!(bmds->aio_bitmap[chunk / (sizeof(unsigned long) * 8)] &
(1UL << (chunk % (sizeof(unsigned long) * 8))));
} else {
@@ -229,10 +229,9 @@ static void bmds_set_aio_inflight(BlkMigDevState *bmds, int64_t sector_num,
static void alloc_aio_bitmap(BlkMigDevState *bmds)
{
- BlockBackend *bb = bmds->blk;
int64_t bitmap_size;
- bitmap_size = blk_nb_sectors(bb) + BDRV_SECTORS_PER_DIRTY_CHUNK * 8 - 1;
+ bitmap_size = bmds->total_sectors + BDRV_SECTORS_PER_DIRTY_CHUNK * 8 - 1;
bitmap_size /= BDRV_SECTORS_PER_DIRTY_CHUNK * 8;
bmds->aio_bitmap = g_malloc0(bitmap_size);