On Fri, May 06, Max Reitz wrote: > On 01.04.2016 19:49, Olaf Hering wrote: > > On Fri, Apr 01, Max Reitz wrote: > > > >> In any case, do you have a test case where a guest was able to submit a > >> request that led to the overflow error you described in the commit message? > > > > mkfs -t ext4 /dev/sdb1 in a xen guest with qcow2 as backing device. > > When I added discard support to libxl I worked with raw images, so I did > > not notice this. Not sure why it happens to work in kvm guests. I assume > > the frontend driver just works around the qemu bug by limiting its > > request size. > > Sorry for not having replied in so long. > > I know next to nothing about Xen, but I'm very much inclined to think > the Xen block driver (hw/block/xen_disk.c) is at fault here. The > blkif_request_discard structure it uses for accepting discard requests > apparently has a uint64_t nr_sectors field.
Thanks for the pointer. Looking at current master, BLKIF_OP_DISCARD is indeed broken. The values passed from the guest are u64 and get stashed into signed values. I will add a loop to repeatedly call blk_aio_pdiscard with small chunks of BDRV_REQUEST_MAX_SECTORS. We quickly checked other users of blk_aio_pdiscard and it appears they are not affected because they notify the guest abuilt the limits. Olaf
