include/io/channel.h | 133 +++++++++++++++++++ io/channel.c | 139 ++++++++++++++++++++ migration/file.c | 13 +- tests/unit/test-io-channel-file.c | 207 ++++++++++++++++++++++++++++++ 4 files changed, 486 insertions(+), 6 deletions(-)
This series fixes two bugs in multifd_file_recv_data() and completes
the positioned read/write "all" API set for QIO channels.
Bug summary:
- size_t variable storing ssize_t return: -1 wraps to SIZE_MAX
- error_prepend() called without ERRP_GUARD(): NULL deref on short read
Changes since v2:
- Added qio_channel_pread_all_eof() to complete the API set (Daniel)
- Added pwrite_all / pwritev_all variants (Daniel)
- Reworked doc comments to match existing API style (Daniel)
- Added Fixes tag, expanded _eof test coverage, added CONFIG_PREADV guard
Changes since v1:
- Used approach (b): add pread_all API instead of local retry loop
(Daniel, Peter)
v2: https://lore.kernel.org/qemu-devel/20260318140113.434-1-junjie.cao@intel.com/
v1: https://lore.kernel.org/qemu-devel/20260316084618.52-1-junjie.cao@intel.com/
Junjie Cao (4):
io/channel: introduce qio_channel_pread{v,}_all{,_eof}()
io/channel: introduce qio_channel_pwrite{v,}_all()
migration/file: fix type mismatch and NULL deref in
multifd_file_recv_data
tests/unit: add pread/pwrite _all tests for io channel file
include/io/channel.h | 133 +++++++++++++++++++
io/channel.c | 139 ++++++++++++++++++++
migration/file.c | 13 +-
tests/unit/test-io-channel-file.c | 207 ++++++++++++++++++++++++++++++
4 files changed, 486 insertions(+), 6 deletions(-)
--
2.43.0
On 14.04.2026 00:45, Junjie Cao wrote:
> This series fixes two bugs in multifd_file_recv_data() and completes
> the positioned read/write "all" API set for QIO channels.
>
> Bug summary:
> - size_t variable storing ssize_t return: -1 wraps to SIZE_MAX
> - error_prepend() called without ERRP_GUARD(): NULL deref on short read
> Junjie Cao (4):
> io/channel: introduce qio_channel_pread{v,}_all{,_eof}()
> io/channel: introduce qio_channel_pwrite{v,}_all()
> migration/file: fix type mismatch and NULL deref in
> multifd_file_recv_data
> tests/unit: add pread/pwrite _all tests for io channel file
>
> include/io/channel.h | 133 +++++++++++++++++++
> io/channel.c | 139 ++++++++++++++++++++
> migration/file.c | 13 +-
> tests/unit/test-io-channel-file.c | 207 ++++++++++++++++++++++++++++++
> 4 files changed, 486 insertions(+), 6 deletions(-)
Hi!
Is this a qemu-stable material? The amount of new code this series
introduces is somewhat large, but it fixes real bugs in the end. On
the other hand, these bugs doesn't seem to be very serious, so.. I'm
not sure :)
How do you think, should we pick this up for the current stable releases?
It applies cleanly to 10.0.x (the earliest stable series currently
supported).
Thanks,
/mjt
On 26.04.2026 11:15, Michael Tokarev wrote:
> On 14.04.2026 00:45, Junjie Cao wrote:
>> This series fixes two bugs in multifd_file_recv_data() and completes
>> the positioned read/write "all" API set for QIO channels.
>>
>> Bug summary:
>> - size_t variable storing ssize_t return: -1 wraps to SIZE_MAX
>> - error_prepend() called without ERRP_GUARD(): NULL deref on short
>> read
>> Junjie Cao (4):
>> io/channel: introduce qio_channel_pread{v,}_all{,_eof}()
>> io/channel: introduce qio_channel_pwrite{v,}_all()
>> migration/file: fix type mismatch and NULL deref in
>> multifd_file_recv_data
>> tests/unit: add pread/pwrite _all tests for io channel file
>>
>> include/io/channel.h | 133 +++++++++++++++++++
>> io/channel.c | 139 ++++++++++++++++++++
>> migration/file.c | 13 +-
>> tests/unit/test-io-channel-file.c | 207 ++++++++++++++++++++++++++++++
>> 4 files changed, 486 insertions(+), 6 deletions(-)
>
> Hi!
>
> Is this a qemu-stable material? The amount of new code this series
> introduces is somewhat large, but it fixes real bugs in the end. On
> the other hand, these bugs doesn't seem to be very serious, so.. I'm
> not sure :)
>
> How do you think, should we pick this up for the current stable releases?
> It applies cleanly to 10.0.x (the earliest stable series currently
> supported).
For 10.0.x, it also needs two more changes to work:
a5bc1ccca95 migration: simplify error reporting after channel read
1edf0df2840 io: Add qio_channel_wait_cond() helper
Thanks,
/mjt
Michael Tokarev <mjt@tls.msk.ru> writes:
> On 26.04.2026 11:15, Michael Tokarev wrote:
>> On 14.04.2026 00:45, Junjie Cao wrote:
>>> This series fixes two bugs in multifd_file_recv_data() and completes
>>> the positioned read/write "all" API set for QIO channels.
>>>
>>> Bug summary:
>>> - size_t variable storing ssize_t return: -1 wraps to SIZE_MAX
>>> - error_prepend() called without ERRP_GUARD(): NULL deref on short
>>> read
>>> Junjie Cao (4):
>>> io/channel: introduce qio_channel_pread{v,}_all{,_eof}()
>>> io/channel: introduce qio_channel_pwrite{v,}_all()
>>> migration/file: fix type mismatch and NULL deref in
>>> multifd_file_recv_data
>>> tests/unit: add pread/pwrite _all tests for io channel file
>>>
>>> include/io/channel.h | 133 +++++++++++++++++++
>>> io/channel.c | 139 ++++++++++++++++++++
>>> migration/file.c | 13 +-
>>> tests/unit/test-io-channel-file.c | 207 ++++++++++++++++++++++++++++++
>>> 4 files changed, 486 insertions(+), 6 deletions(-)
>>
>> Hi!
>>
>> Is this a qemu-stable material? The amount of new code this series
>> introduces is somewhat large, but it fixes real bugs in the end. On
>> the other hand, these bugs doesn't seem to be very serious, so.. I'm
>> not sure :)
>>
>> How do you think, should we pick this up for the current stable releases?
>> It applies cleanly to 10.0.x (the earliest stable series currently
>> supported).
>
> For 10.0.x, it also needs two more changes to work:
>
> a5bc1ccca95 migration: simplify error reporting after channel read
> 1edf0df2840 io: Add qio_channel_wait_cond() helper
>
> Thanks,
Hi! Sorry for the delay. I don't think we need this series for
stable. It's a fairly unlikely issue.
Hi Daniel, Peter, Just checking in on this series -- does v3 look alright to you? I have a follow-up series that depends on this one to fix the remaining positioned I/O call sites in migration, so it would be great to get this moving. Many thanks, Junjie
On Sat, Apr 18, 2026 at 12:51:55AM +0800, Junjie Cao wrote: > Hi Daniel, Peter, > > Just checking in on this series -- does v3 look alright to you? > > I have a follow-up series that depends on this one to fix the > remaining positioned I/O call sites in migration, so it would be > great to get this moving. I've ackd the io subsystem patches, so Peter / Fabiano can just include them in a migration pull request. With regards, Daniel -- |: https://berrange.com ~~ https://hachyderm.io/@berrange :| |: https://libvirt.org ~~ https://entangle-photo.org :| |: https://pixelfed.art/berrange ~~ https://fstop138.berrange.com :|
On Fri, Apr 17, 2026 at 10:48:32AM +0100, Daniel P. Berrangé wrote: > On Sat, Apr 18, 2026 at 12:51:55AM +0800, Junjie Cao wrote: > > Hi Daniel, Peter, > > > > Just checking in on this series -- does v3 look alright to you? > > > > I have a follow-up series that depends on this one to fix the > > remaining positioned I/O call sites in migration, so it would be > > great to get this moving. > > I've ackd the io subsystem patches, so Peter / Fabiano can just > include them in a migration pull request. Junjie, sorry for the late response. It looks all good here, thanks for your work! I bet Fabiano will pick this up for his first pull when 11.1 dev window opens. -- Peter Xu
© 2016 - 2026 Red Hat, Inc.