diff options
| author | Peter Lieven <pl@kamp.de> | 2015-01-05 12:29:49 +0100 |
|---|---|---|
| committer | Stefan Hajnoczi <stefanha@redhat.com> | 2015-01-13 13:43:29 +0000 |
| commit | 095e4fa4b56cf511cb41005872eeace9a2f24582 (patch) | |
| tree | 929757fee681f1d76a0b744238c88d5900e9144d /block.c | |
| parent | 51a2219bdceed16e81c6e2e2f08aed39c579728f (diff) | |
| download | qemu-095e4fa4b56cf511cb41005872eeace9a2f24582.tar.gz qemu-095e4fa4b56cf511cb41005872eeace9a2f24582.tar.bz2 qemu-095e4fa4b56cf511cb41005872eeace9a2f24582.zip | |
block: limited request size in write zeroes unsupported path
If bs->bl.max_write_zeroes is large and we end up in the unsupported
path we might allocate a lot of memory for the iovector and/or even
generate an oversized requests.
Fix this by limiting the request by the minimum of the reported
maximum transfer size or 16MB (32768 sectors).
Reported-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Message-id: 1420457389-16332-1-git-send-email-pl@kamp.de
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Diffstat (limited to 'block.c')
| -rw-r--r-- | block.c | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -3244,6 +3244,9 @@ static int coroutine_fn bdrv_co_do_write_zeroes(BlockDriverState *bs, if (ret == -ENOTSUP) { /* Fall back to bounce buffer if write zeroes is unsupported */ + int max_xfer_len = MIN_NON_ZERO(bs->bl.max_transfer_length, + MAX_WRITE_ZEROES_DEFAULT); + num = MIN(num, max_xfer_len); iov.iov_len = num * BDRV_SECTOR_SIZE; if (iov.iov_base == NULL) { iov.iov_base = qemu_try_blockalign(bs, num * BDRV_SECTOR_SIZE); @@ -3260,7 +3263,7 @@ static int coroutine_fn bdrv_co_do_write_zeroes(BlockDriverState *bs, /* Keep bounce buffer around if it is big enough for all * all future requests. */ - if (num < max_write_zeroes) { + if (num < max_xfer_len) { qemu_vfree(iov.iov_base); iov.iov_base = NULL; } |