If bus_size is less than 0, the command fails.
If buf_size % granularity is not 0, mirror_free_init() will
do dangerous things.
Signed-off-by: Wen Congyang <we...@cn.fujitsu.com>
---
block/mirror.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/block/mirror.c b/block/mirror.c
index 58f391a..7732f8b 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -671,6 +671,10 @@ static void mirror_start_job(BlockDriverState *bs,
BlockDriverState *target,
return;
}
+ if (buf_size < 0) {
+ error_setg(errp, "Invalid parameter '%s'", "buf-size");
+ return;
+ }
s = block_job_create(driver, bs, speed, cb, opaque, errp);
if (!s) {
@@ -684,7 +688,7 @@ static void mirror_start_job(BlockDriverState *bs,
BlockDriverState *target,
s->is_none_mode = is_none_mode;
s->base = base;
s->granularity = granularity;
- s->buf_size = MAX(buf_size, granularity);
+ s->buf_size = ROUND_UP(buf_size, granularity);
s->dirty_bitmap = bdrv_create_dirty_bitmap(bs, granularity, NULL, errp);
if (!s->dirty_bitmap) {
--
2.1.0
