From: Kevin Wolf <kwolf@redhat.com>
To: Alberto Garcia <berto@igalia.com>
Cc: qemu-devel@nongnu.org, qemu-block@nongnu.org,
Max Reitz <mreitz@redhat.com>
Subject: Re: [PATCH v2] qcow2: Avoid integer wraparound in qcow2_co_truncate()
Date: Mon, 4 May 2020 16:45:19 +0200 [thread overview]
Message-ID: <20200504144519.GC6129@linux.fritz.box> (raw)
In-Reply-To: <20200504142308.10446-1-berto@igalia.com>
Am 04.05.2020 um 16:23 hat Alberto Garcia geschrieben:
> After commit f01643fb8b47e8a70c04bbf45e0f12a9e5bc54de when an image is
> extended and BDRV_REQ_ZERO_WRITE is set then the new clusters are
> zeroized.
>
> The code however does not detect correctly situations when the old and
> the new end of the image are within the same cluster. The problem can
> be reproduced with these steps:
>
> qemu-img create -f qcow2 backing.qcow2 1M
> qemu-img create -f qcow2 -F qcow2 -b backing.qcow2 top.qcow2
> qemu-img resize --shrink top.qcow2 520k
> qemu-img resize top.qcow2 567k
>
> In the last step offset - zero_start causes an integer wraparound.
>
> Signed-off-by: Alberto Garcia <berto@igalia.com>
Can you add the reproducer to qemu-iotests?
> block/qcow2.c | 13 +++++++++----
> 1 file changed, 9 insertions(+), 4 deletions(-)
>
> v2:
> - Don't call qcow2_cluster_zeroize() if offset == zero_start
>
> diff --git a/block/qcow2.c b/block/qcow2.c
> index 2ba0b17c39..7ca0327995 100644
> --- a/block/qcow2.c
> +++ b/block/qcow2.c
> @@ -4234,15 +4234,20 @@ static int coroutine_fn qcow2_co_truncate(BlockDriverState *bs, int64_t offset,
> if ((flags & BDRV_REQ_ZERO_WRITE) && offset > old_length) {
> uint64_t zero_start = QEMU_ALIGN_UP(old_length, s->cluster_size);
>
> + /* zero_start should not be after the new end of the image */
> + zero_start = MIN(zero_start, offset);
I think this is a bit confusing because zero_start implies that this is
the aligned offset where qcow2_cluster_zeroize() would start. At first I
though this wasn't needed at all any more because you already check
offset > zero_start below. So if MIN() makes a difference, the if block
won't be executed anyway.
It would, however, make a difference for calculating the explicit zero
write for the unaligned head:
uint64_t len = zero_start - old_length;
Maybe it would be easier to understand if we changed only that line?
uint64_t len = MIN(zero_start, offset) - old_length;
Kevin
next prev parent reply other threads:[~2020-05-04 14:49 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-04 14:23 [PATCH v2] qcow2: Avoid integer wraparound in qcow2_co_truncate() Alberto Garcia
2020-05-04 14:45 ` Kevin Wolf [this message]
2020-05-05 8:20 ` no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200504144519.GC6129@linux.fritz.box \
--to=kwolf@redhat.com \
--cc=berto@igalia.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.