[uml-devel] [PATCH] ubd does multiple io's when one will suffice

Wed, 13 Aug 2008 11:16:38 -0700 

When running UML under Valgrind (details to be posted later), I found
that ubd_kern.c:do_io() was accessing uninitialized memory. Specifically, ubd_test_bit() can be called with the first parameter greater than 32 and req->sector_mask is only 32bits long. This is only the case when not using a cow device, as cowify_req() ensures that the request size is not more than 32 sectors. 

Furthermore, when not using a cow device, there is no reason to break
a request into smaller pieces. The attached patch skips the call
to ubd_test_bit() for the non-cow case and completes the request in
a single batch.

--
Steve
diff -uprN -X linux-2.6.26.2/Documentation/dontdiff linux-2.6.26.2-stock/arch/um/drivers/ubd_kern.c linux-2.6.26.2/arch/um/drivers/ubd_kern.c
--- linux-2.6.26.2-stock/arch/um/drivers/ubd_kern.c	2008-08-06 09:19:01.000000000 -0700
+++ linux-2.6.26.2/arch/um/drivers/ubd_kern.c	2008-08-13 10:43:52.000000000 -0700
@@ -1218,8 +1218,7 @@ static void prepare_request(struct reque
 	struct ubd *ubd_dev = disk->private_data;
 
 	io_req->req = req;
-	io_req->fds[0] = (ubd_dev->cow.file != NULL) ? ubd_dev->cow.fd :
-		ubd_dev->fd;
+	io_req->fds[0] = (ubd_dev->cow.file == NULL) ? -1 : ubd_dev->cow.fd;
 	io_req->fds[1] = ubd_dev->fd;
 	io_req->cow_offset = -1;
 	io_req->offset = offset;
@@ -1374,12 +1373,17 @@ static void do_io(struct io_thread_req *
 	nsectors = req->length / req->sectorsize;
 	start = 0;
 	do {
-		bit = ubd_test_bit(start, (unsigned char *) &req->sector_mask);
-		end = start;
-		while((end < nsectors) &&
-		      (ubd_test_bit(end, (unsigned char *)
-				    &req->sector_mask) == bit))
-			end++;
+		if (req->fds[0] == -1) {
+			bit = 1;
+			end = nsectors;
+		} else {
+			bit = ubd_test_bit(start, (unsigned char *) &req->sector_mask);
+			end = start;
+			while((end < nsectors) &&
+					(ubd_test_bit(end, (unsigned char *)
+								  &req->sector_mask) == bit))
+				end++;
+		}
 
 		off = req->offset + req->offsets[bit] +
 			start * req->sectorsize;

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
User-mode-linux-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel














    











					Reply via email to