On 12/4/24 10:06, Stefan Fritsch wrote:
Commit 99868af3d0 changed the hardcoded constant BDRV_SECTOR_SIZE to a dynamic field 'align' but introduced a bug. qemu_iovec_discard_back() is now passed the wanted iov length instead of the actually required amount that should be removed from the end of the iov.The bug can likely only be hit in uncommon configurations, e.g. with icount enabled or when reading from disk directly to device memory. Fixes: 99868af3d0a75cf6 ("dma-helpers: explicitly pass alignment into DMA helpers")
Cc'ing developers mentioned in this commit.
Signed-off-by: Stefan Fritsch <s...@sfritsch.de> --- system/dma-helpers.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/system/dma-helpers.c b/system/dma-helpers.c index 9b221cf94e..c9677fd39b 100644 --- a/system/dma-helpers.c +++ b/system/dma-helpers.c @@ -174,8 +174,7 @@ static void dma_blk_cb(void *opaque, int ret) }if (!QEMU_IS_ALIGNED(dbs->iov.size, dbs->align)) {- qemu_iovec_discard_back(&dbs->iov, - QEMU_ALIGN_DOWN(dbs->iov.size, dbs->align)); + qemu_iovec_discard_back(&dbs->iov, dbs->iov.size % dbs->align); }dbs->acb = dbs->io_func(dbs->offset, &dbs->iov,
