From: Kevin Wolf <kwolf@redhat.com>
To: anthony@codemonkey.ws
Cc: kwolf@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH 03/12] vmdk: fix endianness bugs
Date: Wed, 8 Jun 2011 15:48:21 +0200 [thread overview]
Message-ID: <1307540910-12398-4-git-send-email-kwolf@redhat.com> (raw)
In-Reply-To: <1307540910-12398-1-git-send-email-kwolf@redhat.com>
From: Alexander Graf <agraf@suse.de>
The vmdk code is sloppy when handling the header descriptor during
creation of an image. Fix all header accesses in the create path to
either store native endianness or convert it when appropriate.
Reported-by: Yury Tsarev <ytsarev@novell.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/vmdk.c | 22 ++++++++++++++--------
1 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/block/vmdk.c b/block/vmdk.c
index 8fc9d67..922b23d 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -716,11 +716,11 @@ static int vmdk_create(const char *filename, QEMUOptionParameter *options)
return -errno;
magic = cpu_to_be32(VMDK4_MAGIC);
memset(&header, 0, sizeof(header));
- header.version = cpu_to_le32(1);
- header.flags = cpu_to_le32(3); /* ?? */
- header.capacity = cpu_to_le64(total_size);
- header.granularity = cpu_to_le64(128);
- header.num_gtes_per_gte = cpu_to_le32(512);
+ header.version = 1;
+ header.flags = 3; /* ?? */
+ header.capacity = total_size;
+ header.granularity = 128;
+ header.num_gtes_per_gte = 512;
grains = (total_size + header.granularity - 1) / header.granularity;
gt_size = ((header.num_gtes_per_gte * sizeof(uint32_t)) + 511) >> 9;
@@ -736,6 +736,12 @@ static int vmdk_create(const char *filename, QEMUOptionParameter *options)
header.granularity - 1) / header.granularity) *
header.granularity;
+ /* swap endianness for all header fields */
+ header.version = cpu_to_le32(header.version);
+ header.flags = cpu_to_le32(header.flags);
+ header.capacity = cpu_to_le64(header.capacity);
+ header.granularity = cpu_to_le64(header.granularity);
+ header.num_gtes_per_gte = cpu_to_le32(header.num_gtes_per_gte);
header.desc_offset = cpu_to_le64(header.desc_offset);
header.desc_size = cpu_to_le64(header.desc_size);
header.rgd_offset = cpu_to_le64(header.rgd_offset);
@@ -759,7 +765,7 @@ static int vmdk_create(const char *filename, QEMUOptionParameter *options)
goto exit;
}
- ret = ftruncate(fd, header.grain_offset << 9);
+ ret = ftruncate(fd, le64_to_cpu(header.grain_offset) << 9);
if (ret < 0) {
ret = -errno;
goto exit;
@@ -767,7 +773,7 @@ static int vmdk_create(const char *filename, QEMUOptionParameter *options)
/* write grain directory */
lseek(fd, le64_to_cpu(header.rgd_offset) << 9, SEEK_SET);
- for (i = 0, tmp = header.rgd_offset + gd_size;
+ for (i = 0, tmp = le64_to_cpu(header.rgd_offset) + gd_size;
i < gt_count; i++, tmp += gt_size) {
ret = qemu_write_full(fd, &tmp, sizeof(tmp));
if (ret != sizeof(tmp)) {
@@ -778,7 +784,7 @@ static int vmdk_create(const char *filename, QEMUOptionParameter *options)
/* write backup grain directory */
lseek(fd, le64_to_cpu(header.gd_offset) << 9, SEEK_SET);
- for (i = 0, tmp = header.gd_offset + gd_size;
+ for (i = 0, tmp = le64_to_cpu(header.gd_offset) + gd_size;
i < gt_count; i++, tmp += gt_size) {
ret = qemu_write_full(fd, &tmp, sizeof(tmp));
if (ret != sizeof(tmp)) {
--
1.7.5.2
next prev parent reply other threads:[~2011-06-08 13:45 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-08 13:48 [Qemu-devel] [PULL 00/12] Block patches Kevin Wolf
2011-06-08 13:48 ` [Qemu-devel] [PATCH 01/12] ide/core: Remove explicit setting of BM_STATUS_INT Kevin Wolf
2011-06-08 13:48 ` [Qemu-devel] [PATCH 02/12] block: clarify the meaning of BDRV_O_NOCACHE Kevin Wolf
2011-06-08 13:48 ` Kevin Wolf [this message]
2011-06-08 13:48 ` [Qemu-devel] [PATCH 04/12] block/raw-posix: use a character device if a block device is given Kevin Wolf
2011-06-08 13:48 ` [Qemu-devel] [PATCH 05/12] block/raw-posix: get right partition size Kevin Wolf
2011-06-08 13:48 ` [Qemu-devel] [PATCH 06/12] rbd: use the higher level librbd instead of just librados Kevin Wolf
2011-06-08 13:48 ` [Qemu-devel] [PATCH 07/12] rbd: allow configuration of rados from the rbd filename Kevin Wolf
2011-06-08 13:48 ` [Qemu-devel] [PATCH 08/12] rbd: check return values when scheduling aio Kevin Wolf
2011-06-08 13:48 ` [Qemu-devel] [PATCH 09/12] rbd: Add bdrv_truncate implementation Kevin Wolf
2011-06-08 13:48 ` [Qemu-devel] [PATCH 10/12] qcow2: Fix memory leaks in error cases Kevin Wolf
2011-06-08 13:48 ` [Qemu-devel] [PATCH 11/12] bdrv_img_create: Fix segfault Kevin Wolf
2011-06-08 13:48 ` [Qemu-devel] [PATCH 12/12] qemu-img create: Fix displayed default cluster size Kevin Wolf
2011-06-09 12:39 ` [Qemu-devel] [PULL 00/12] Block patches Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1307540910-12398-4-git-send-email-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=anthony@codemonkey.ws \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).