From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35060)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mreitz@redhat.com>) id 1XgsDK-00051R-Dm
	for qemu-devel@nongnu.org; Wed, 22 Oct 2014 05:28:24 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mreitz@redhat.com>) id 1XgsDE-0004xq-9r
	for qemu-devel@nongnu.org; Wed, 22 Oct 2014 05:28:18 -0400
Received: from mx1.redhat.com ([209.132.183.28]:42306)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mreitz@redhat.com>) id 1XgsDE-0004xg-34
	for qemu-devel@nongnu.org; Wed, 22 Oct 2014 05:28:12 -0400
Message-ID: <544778A6.4020904@redhat.com>
Date: Wed, 22 Oct 2014 11:28:06 +0200
From: Max Reitz <mreitz@redhat.com>
MIME-Version: 1.0
References: <1413965324-14541-1-git-send-email-mreitz@redhat.com>
	<1413965324-14541-9-git-send-email-mreitz@redhat.com>
	<20141022092418.GE3188@noname.str.redhat.com>
In-Reply-To: <20141022092418.GE3188@noname.str.redhat.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v7 08/13] qcow2: Fix refcount blocks beyond
	image end
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Kevin Wolf <kwolf@redhat.com>
Cc: qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>, =?windows-1252?Q?Beno=EEt_Canet?= <benoit.canet@nodalink.com>

On 2014-10-22 at 11:24, Kevin Wolf wrote:
> Am 22.10.2014 um 10:08 hat Max Reitz geschrieben:
>> If the qcow2 check function detects a refcount block located beyond the
>> image end, grow the image appropriately. This cannot break anything and
>> is the logical fix for such a case.
>>
>> Signed-off-by: Max Reitz <mreitz@redhat.com>
>> ---
>>   block/qcow2-refcount.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++----
>>   1 file changed, 59 insertions(+), 4 deletions(-)
>>
>> diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
>> index d484029..3800d3c 100644
>> --- a/block/qcow2-refcount.c
>> +++ b/block/qcow2-refcount.c
>> @@ -1544,7 +1544,8 @@ static int check_refblocks(BlockDriverState *bs, BdrvCheckResult *res,
>>                              int64_t *nb_clusters)
>>   {
>>       BDRVQcowState *s = bs->opaque;
>> -    int64_t i;
>> +    int64_t i, size;
>> +    int ret;
>>   
>>       for(i = 0; i < s->refcount_table_size; i++) {
>>           uint64_t offset, cluster;
>> @@ -1560,9 +1561,63 @@ static int check_refblocks(BlockDriverState *bs, BdrvCheckResult *res,
>>           }
>>   
>>           if (cluster >= *nb_clusters) {
>> -            fprintf(stderr, "ERROR refcount block %" PRId64
>> -                    " is outside image\n", i);
>> -            res->corruptions++;
>> +            fprintf(stderr, "%s refcount block %" PRId64 " is outside image\n",
>> +                    fix & BDRV_FIX_ERRORS ? "Repairing" : "ERROR", i);
>> +
>> +            if (fix & BDRV_FIX_ERRORS) {
>> +                int64_t old_nb_clusters = *nb_clusters;
>> +
>> +                if (offset + s->cluster_size < offset ||
>> +                    offset > INT64_MAX - s->cluster_size)
> Do you still need the first condition with the reworked second one?

Right, we can drop it.

Max

>> +                {
>> +                    ret = -EINVAL;
>> +                    goto resize_fail;
>> +                }
> Kevin