On 08/04/2017 09:08 AM, Alberto Garcia wrote: > A bdrv_getlength() call can fail and return a negative value. This > is not being handled in quorum_co_flush(), which can result in a > QUORUM_REPORT_BAD event with an arbitrary value on the 'sectors-count' > field. > > Reported-by: Markus Armbruster <arm...@redhat.com> > Signed-off-by: Alberto Garcia <be...@igalia.com> > --- > block/quorum.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/block/quorum.c b/block/quorum.c > index 55ba916655..d77991d680 100644 > --- a/block/quorum.c > +++ b/block/quorum.c > @@ -785,8 +785,9 @@ static coroutine_fn int quorum_co_flush(BlockDriverState > *bs) > for (i = 0; i < s->num_children; i++) { > result = bdrv_co_flush(s->children[i]->bs); > if (result) { > + int64_t length = bdrv_getlength(s->children[i]->bs); > quorum_report_bad(QUORUM_OP_TYPE_FLUSH, 0, > - bdrv_getlength(s->children[i]->bs), > + length > 0 ? length : 0,
In the fallback case, is always picking 0 good enough? Then again, this is in the error path, so it is unlikely in practice, and I don't see any better way to handle it. Reviewed-by: Eric Blake <ebl...@redhat.com> -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature