+static char *
+pread_fd (int fd, int count, int64_t offset, size_t *size_r,
+ const char *display_path)
+{
+ ssize_t r;
+ char *buf;
+
+ if (count < 0) {
+ reply_with_error ("count is negative");
+ close (fd);
+ return NULL;
+ }
+
+ if (offset < 0) {
+ reply_with_error ("offset is negative");
+ close (fd);
+ return NULL;
+ }
+
+ /* The actual limit on messages is smaller than this. This check
+ * just limits the amount of memory we'll try and allocate in the
+ * function. If the message is larger than the real limit, that
+ * will be caught later when we try to serialize the message.
+ */
+ if (count >= GUESTFS_MESSAGE_MAX) {
+ reply_with_error ("%s: count is too large for the protocol, use smaller reads", display_path);
+ close (fd);
+ return NULL;
+ }
+
+ buf = malloc (count);
+ if (buf == NULL) {
+ reply_with_perror ("malloc");
+ close (fd);
+ return NULL;
+ }
+
+ r = pread (fd, buf, count, offset);
+ if (r == -1) {
+ reply_with_perror ("pread: %s", display_path);
+ close (fd);
+ free (buf);
+ return NULL;
+ }
+
+ if (close (fd) == -1) {
+ reply_with_perror ("close: %s", display_path);
+ close (fd);
+ free (buf);
+ return NULL;
+ }
+
+ /* Mustn't touch *size_r until we are sure that we won't return any
+ * error (RHBZ#589039).
+ */
+ *size_r = r;
+ return buf;
+}
+
+char *
+do_pread (const char *path, int count, int64_t offset, size_t *size_r)
+{
+ int fd;
+
+ CHROOT_IN;
+ fd = open (path, O_RDONLY);
+ CHROOT_OUT;
+
+ if (fd == -1) {
+ reply_with_perror ("open: %s", path);
+ return NULL;
+ }
+
+ return pread_fd (fd, count, offset, size_r, path);
+}
+
+char *
+do_pread_device (const char *device, int count, int64_t offset, size_t *size_r)
+{
+ int fd = open (device, O_RDONLY);
+ if (fd == -1) {
+ reply_with_perror ("open: %s", device);
+ return NULL;
+ }
+
+ return pread_fd (fd, count, offset, size_r, device);
+}
+
+static int
+pwrite_fd (int fd, const char *content, size_t size, int64_t offset,
+ const char *display_path)
+{
+ ssize_t r;
+
+ r = pwrite (fd, content, size, offset);
+ if (r == -1) {
+ reply_with_perror ("pwrite: %s", display_path);
+ close (fd);
+ return -1;
+ }
+
+ if (close (fd) == -1) {
+ reply_with_perror ("close: %s", display_path);
+ close (fd);
+ return -1;
+ }
+
+ return r;
+}
+
+int
+do_pwrite (const char *path, const char *content, size_t size, int64_t offset)
+{
+ int fd;
+
+ if (offset < 0) {
+ reply_with_error ("offset is negative");
+ return -1;
+ }
+
+ CHROOT_IN;
+ fd = open (path, O_WRONLY);
+ CHROOT_OUT;
+
+ if (fd == -1) {
+ reply_with_perror ("open: %s", path);
+ return -1;
+ }
+
+ return pwrite_fd (fd, content, size, offset, path);
+}
+
+int
+do_pwrite_device (const char *device, const char *content, size_t size,
+ int64_t offset)
+{
+ if (offset < 0) {
+ reply_with_error ("offset is negative");
+ return -1;
+ }
+
+ int fd = open (device, O_WRONLY);
+ if (fd == -1) {
+ reply_with_perror ("open: %s", device);
+ return -1;
+ }
+
+ return pwrite_fd (fd, content, size, offset, device);
+}
+