Commit 99868af3d0 changed the hardcoded constant BDRV_SECTOR_SIZE to a
dynamic field 'align' but introduced a bug. qemu_iovec_discard_back()
is now passed the wanted iov length instead of the actually required
amount that should be removed from the end of the iov.
The bug can likely only be hit in uncommon configurations, e.g. with
icount enabled or when reading from disk directly to device memory.
Fixes: 99868af3d0a75cf6 ("dma-helpers: explicitly pass alignment into DMA
helpers")
Signed-off-by: Stefan Fritsch <s...@sfritsch.de>
---
system/dma-helpers.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/system/dma-helpers.c b/system/dma-helpers.c
index 9b221cf94e..c9677fd39b 100644
--- a/system/dma-helpers.c
+++ b/system/dma-helpers.c
@@ -174,8 +174,7 @@ static void dma_blk_cb(void *opaque, int ret)
}
if (!QEMU_IS_ALIGNED(dbs->iov.size, dbs->align)) {
- qemu_iovec_discard_back(&dbs->iov,
- QEMU_ALIGN_DOWN(dbs->iov.size, dbs->align));
+ qemu_iovec_discard_back(&dbs->iov, dbs->iov.size % dbs->align);
}
dbs->acb = dbs->io_func(dbs->offset, &dbs->iov,
--
2.43.0
