aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/block
diff options
context:
space:
mode:
authorJan Beulich <JBeulich@novell.com>2011-05-17 11:07:05 +0100
committerKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>2011-05-18 11:28:16 -0400
commit8ab521506c4dbb144f0c04c55e3d8bec42c1b2b9 (patch)
tree4521381df4e0dad05ec7b0d3746ea520fd824e2f /drivers/block
parent496b318eb65558c1a3a4fe882cb9da6d1dc6493a (diff)
downloadkernel_samsung_crespo-8ab521506c4dbb144f0c04c55e3d8bec42c1b2b9.zip
kernel_samsung_crespo-8ab521506c4dbb144f0c04c55e3d8bec42c1b2b9.tar.gz
kernel_samsung_crespo-8ab521506c4dbb144f0c04c55e3d8bec42c1b2b9.tar.bz2
xen/blkback: don't fail empty barrier requests
The sector number on empty barrier requests may (will?) be -1, which, given that it's being treated as unsigned 64-bit quantity, will almost always exceed the actual (virtual) disk's size. Inspired by Konrad's "When writting barriers set the sector number to zero...". While at it also add overflow checking to the math in vbd_translate(). Signed-off-by: Jan Beulich <jbeulich@novell.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Diffstat (limited to 'drivers/block')
-rw-r--r--drivers/block/xen-blkback/blkback.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c
index dba55e3..c73910c 100644
--- a/drivers/block/xen-blkback/blkback.c
+++ b/drivers/block/xen-blkback/blkback.c
@@ -175,8 +175,14 @@ static int xen_vbd_translate(struct phys_req *req, struct xen_blkif *blkif,
if ((operation != READ) && vbd->readonly)
goto out;
- if (unlikely((req->sector_number + req->nr_sects) > vbd_sz(vbd)))
- goto out;
+ if (likely(req->nr_sects)) {
+ blkif_sector_t end = req->sector_number + req->nr_sects;
+
+ if (unlikely(end < req->sector_number))
+ goto out;
+ if (unlikely(end > vbd_sz(vbd)))
+ goto out;
+ }
req->dev = vbd->pdevice;
req->bdev = vbd->bdev;
@@ -538,11 +544,6 @@ static int dispatch_rw_block_io(struct xen_blkif *blkif,
case BLKIF_OP_FLUSH_DISKCACHE:
blkif->st_f_req++;
operation = WRITE_FLUSH;
- /*
- * The frontend likes to set this to -1, which xen_vbd_translate
- * is alergic too.
- */
- req->u.rw.sector_number = 0;
break;
case BLKIF_OP_WRITE_BARRIER:
default: