aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>2021-09-02 13:38:05 +0300
committerEric Blake <eblake@redhat.com>2021-09-29 13:46:33 -0500
commit1af7737871fb3b66036f5e520acb0a98fc2605f7 (patch)
treefc3bab1cc9fe8db22203168f5d75b07e763a0123
parent4ddb5d2fde6f22b2cf65f314107e890a7ca14fcf (diff)
downloadqemu-1af7737871fb3b66036f5e520acb0a98fc2605f7.zip
qemu-1af7737871fb3b66036f5e520acb0a98fc2605f7.tar.gz
qemu-1af7737871fb3b66036f5e520acb0a98fc2605f7.tar.bz2
block/nbd: check that received handle is valid
If we don't have active request, that waiting for this handle to be received, we should report an error. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20210902103805.25686-6-vsementsov@virtuozzo.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
-rw-r--r--block/nbd.c11
1 files changed, 3 insertions, 8 deletions
diff --git a/block/nbd.c b/block/nbd.c
index 8ff6daf..5ef462d 100644
--- a/block/nbd.c
+++ b/block/nbd.c
@@ -58,6 +58,7 @@ typedef struct {
Coroutine *coroutine;
uint64_t offset; /* original offset of the request */
bool receiving; /* sleeping in the yield in nbd_receive_replies */
+ bool reply_possible; /* reply header not yet received */
} NBDClientRequest;
typedef enum NBDClientState {
@@ -415,14 +416,7 @@ static coroutine_fn int nbd_receive_replies(BDRVNBDState *s, uint64_t handle)
return 0;
}
ind2 = HANDLE_TO_INDEX(s, s->reply.handle);
- if (ind2 >= MAX_NBD_REQUESTS || !s->requests[ind2].coroutine) {
- /*
- * We only check that ind2 request exists. But don't check
- * whether it is now waiting for the reply header or
- * not. We can't just check s->requests[ind2].receiving:
- * ind2 request may wait in trying to lock
- * receive_mutex. So that's a TODO.
- */
+ if (ind2 >= MAX_NBD_REQUESTS || !s->requests[ind2].reply_possible) {
nbd_channel_error(s, -EINVAL);
return -EINVAL;
}
@@ -468,6 +462,7 @@ static int nbd_co_send_request(BlockDriverState *bs,
s->requests[i].coroutine = qemu_coroutine_self();
s->requests[i].offset = request->from;
s->requests[i].receiving = false;
+ s->requests[i].reply_possible = true;
request->handle = INDEX_TO_HANDLE(s, i);