From: Kevin Wolf <kwolf@redhat.com>
To: Alberto Garcia <berto@igalia.com>
Cc: Thomas Huth <thuth@redhat.com>,
qemu-block@nongnu.org, qemu-devel@nongnu.org,
Max Reitz <mreitz@redhat.com>,
"R . Nageswara Sastry" <nasastry@in.ibm.com>
Subject: Re: [Qemu-devel] [Qemu-block] [PATCH v2 4/7] qcow2: Don't open images with header.refcount_table_clusters == 0
Date: Tue, 7 Nov 2017 17:43:49 +0100 [thread overview]
Message-ID: <20171107164349.GE4706@localhost.localdomain> (raw)
In-Reply-To: <f9750f50c80359babba11062e88f5075a47e8e16.1509718618.git.berto@igalia.com>
Am 03.11.2017 um 15:18 hat Alberto Garcia geschrieben:
> qcow2_do_open() is checking that header.refcount_table_clusters is not
> too large, but it doesn't check that it's greater than zero. Apart
> from the fact that an image like that is obviously corrupted, trying
> to use it crashes QEMU since we end up with a null s->refcount_table
> after qcow2_refcount_init().
>
> These images can however be repaired, so allow opening them if the
> BDRV_O_CHECK flag is set.
>
> Signed-off-by: Alberto Garcia <berto@igalia.com>
> Reviewed-by: Max Reitz <mreitz@redhat.com>
> --- a/tests/qemu-iotests/060
> +++ b/tests/qemu-iotests/060
> @@ -270,6 +270,13 @@ poke_file "$TEST_IMG" "$rb_offset" "\x00\x00\x00\x00\x00\x00\x00\x00"
> # write will try to allocate a compressed data cluster at offset 0.
> $QEMU_IO -c "write -c 0k 64k" "$TEST_IMG" | _filter_qemu_io
>
> +echo
> +echo "=== Testing zero refcount table size ==="
> +echo
> +_make_test_img 64M
> +poke_file "$TEST_IMG" "56" "\x00\x00\x00\x00"
> +$QEMU_IO -c "write 0 64k" "$TEST_IMG" 2>&1 | _filter_testdir | _filter_imgfmt
In the commit message, you claim that the image can be repaired. Would
it be worth actually testing the repair here?
Kevin
next prev parent reply other threads:[~2017-11-07 16:44 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-03 14:18 [Qemu-devel] [PATCH v2 0/7] Misc qcow2 corruption checks Alberto Garcia
2017-11-03 14:18 ` [Qemu-devel] [PATCH v2 1/7] qcow2: Prevent allocating refcount blocks at offset 0 Alberto Garcia
2017-11-03 14:18 ` [Qemu-devel] [PATCH v2 2/7] qcow2: Prevent allocating L2 tables " Alberto Garcia
2017-11-03 14:18 ` [Qemu-devel] [PATCH v2 3/7] qcow2: Prevent allocating compressed clusters " Alberto Garcia
2017-11-03 16:27 ` Max Reitz
2017-11-03 20:22 ` Alberto Garcia
2017-11-03 20:32 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-11-06 12:36 ` Max Reitz
2017-11-06 12:52 ` Alberto Garcia
2017-11-03 14:18 ` [Qemu-devel] [PATCH v2 4/7] qcow2: Don't open images with header.refcount_table_clusters == 0 Alberto Garcia
2017-11-07 16:43 ` Kevin Wolf [this message]
2017-11-08 9:55 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-11-03 14:18 ` [Qemu-devel] [PATCH v2 5/7] qcow2: Add iotest for an image with header.refcount_table_offset " Alberto Garcia
2017-11-03 16:36 ` Max Reitz
2017-11-03 14:18 ` [Qemu-devel] [PATCH v2 6/7] qcow2: Add iotest for an empty refcount table Alberto Garcia
2017-11-03 14:18 ` [Qemu-devel] [PATCH v2 7/7] qcow2: Assert that the crypto header does not overlap other metadata Alberto Garcia
2017-11-03 14:21 ` Daniel P. Berrange
2017-11-03 16:37 ` [Qemu-devel] [PATCH v2 0/7] Misc qcow2 corruption checks Max Reitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171107164349.GE4706@localhost.localdomain \
--to=kwolf@redhat.com \
--cc=berto@igalia.com \
--cc=mreitz@redhat.com \
--cc=nasastry@in.ibm.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.