Commit 095e4fa4 authored by Peter Lieven's avatar Peter Lieven Committed by Stefan Hajnoczi
Browse files

block: limited request size in write zeroes unsupported path 



If bs->bl.max_write_zeroes is large and we end up in the unsupported
path we might allocate a lot of memory for the iovector and/or even
generate an oversized requests.

Fix this by limiting the request by the minimum of the reported
maximum transfer size or 16MB (32768 sectors).

Reported-by: default avatarDenis V. Lunev <den@openvz.org>
Signed-off-by: default avatarPeter Lieven <pl@kamp.de>
Reviewed-by: default avatarDenis V. Lunev <den@openvz.org>
Message-id: 1420457389-16332-1-git-send-email-pl@kamp.de
Signed-off-by: default avatarStefan Hajnoczi <stefanha@redhat.com>
parent 51a2219b

block.c

+4 −1
Original line number Diff line number Diff line
@@ -3244,6 +3244,9 @@ static int coroutine_fn bdrv_co_do_write_zeroes(BlockDriverState *bs, 


        if (ret == -ENOTSUP) {

            /* Fall back to bounce buffer if write zeroes is unsupported */

            int max_xfer_len = MIN_NON_ZERO(bs->bl.max_transfer_length,

                                            MAX_WRITE_ZEROES_DEFAULT);

            num = MIN(num, max_xfer_len);

            iov.iov_len = num * BDRV_SECTOR_SIZE;

            if (iov.iov_base == NULL) {

                iov.iov_base = qemu_try_blockalign(bs, num * BDRV_SECTOR_SIZE);
@@ -3260,7 +3263,7 @@ static int coroutine_fn bdrv_co_do_write_zeroes(BlockDriverState *bs, 
            /* Keep bounce buffer around if it is big enough for all

             * all future requests.

             */

            if (num < max_write_zeroes) {

            if (num < max_xfer_len) {

                qemu_vfree(iov.iov_base);

                iov.iov_base = NULL;

            }