[Qemu-devel] [PATCH 35/35] qcow2: fix range check

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Kevin Wolf <kwolf@redhat.com>
To: anthony@codemonkey.ws
Cc: kwolf@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH 35/35] qcow2: fix range check
Date: Mon, 12 Sep 2011 16:19:34 +0200	[thread overview]
Message-ID: <1315837174-15327-36-git-send-email-kwolf@redhat.com> (raw)
In-Reply-To: <1315837174-15327-1-git-send-email-kwolf@redhat.com>

From: Frediano Ziglio <freddy77@gmail.com>

QCowL2Meta::offset is not cluster aligned but only sector aligned
however nb_clusters count cluster from cluster start.
This fix range check. Note that old code have no corruption issues
related to this check cause it only cause intersection to occur
when shouldn't.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 block/qcow2-cluster.c |   14 +++++++-------
 1 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 428b5ad..2f76311 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -776,17 +776,17 @@ again:
      */
     QLIST_FOREACH(old_alloc, &s->cluster_allocs, next_in_flight) {
 
-        uint64_t end_offset = offset + nb_clusters * s->cluster_size;
-        uint64_t old_offset = old_alloc->offset;
-        uint64_t old_end_offset = old_alloc->offset +
-            old_alloc->nb_clusters * s->cluster_size;
+        uint64_t start = offset >> s->cluster_bits;
+        uint64_t end = start + nb_clusters;
+        uint64_t old_start = old_alloc->offset >> s->cluster_bits;
+        uint64_t old_end = old_start + old_alloc->nb_clusters;
 
-        if (end_offset < old_offset || offset > old_end_offset) {
+        if (end < old_start || start > old_end) {
             /* No intersection */
         } else {
-            if (offset < old_offset) {
+            if (start < old_start) {
                 /* Stop at the start of a running allocation */
-                nb_clusters = (old_offset - offset) >> s->cluster_bits;
+                nb_clusters = old_start - start;
             } else {
                 nb_clusters = 0;
             }
-- 
1.7.6

next prev parent reply	other threads:[~2011-09-12 14:17 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-09-12 14:18 [Qemu-devel] [PULL 00/35] Block patches Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 01/35] qcow2: removed unused depends_on field Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 02/35] ide: Fix ATA command READ to set ATAPI signature for CD-ROM Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 03/35] ide: Use a table to declare which drive kinds accept each command Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 04/35] ide: Reject ATA commands specific to drive kinds Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 05/35] ide/atapi: Clean up misleading name in cmd_start_stop_unit() Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 06/35] ide/atapi: Track tray open/close state Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 07/35] scsi-disk: Factor out scsi_disk_emulate_start_stop() Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 08/35] scsi-disk: Track tray open/close state Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 09/35] block: Revert entanglement of bdrv_is_inserted() with tray status Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 10/35] block: Drop tray status tracking, no longer used Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 11/35] ide/atapi: Track tray locked state Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 12/35] scsi-disk: " Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 13/35] block: Leave enforcing tray lock to device models Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 14/35] block: Drop medium lock tracking, ask device models instead Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 15/35] block: Rename bdrv_set_locked() to bdrv_lock_medium() Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 16/35] rbd: allow client id to be specified in config string Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 17/35] rbd: clean up, fix style Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 18/35] rbd: fix leak in qemu_rbd_open failure paths Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 19/35] ide/atapi: Don't fail eject when tray is already open Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 20/35] scsi-disk: Fix START_STOP to fail when it can't eject Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 21/35] ide/atapi: Preserve tray state on migration Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 22/35] block: Clean up remaining users of "removable" Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 23/35] block: Drop BlockDriverState member removable Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 24/35] block: Show whether the virtual tray is open in info block Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 25/35] block: Move BlockConf & friends from block_int.h to block.h Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 26/35] hw: Trim superfluous #include "block_int.h" Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 27/35] block: New bdrv_set_buffer_alignment() Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 28/35] block: Reset buffer alignment on detach Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 29/35] nbd: Clean up use of block_int.h Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 30/35] block: New change_media_cb() parameter load Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 31/35] ide/atapi scsi-disk: Make monitor eject -f, then change work Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 32/35] qcow2: initialize metadata before inserting in cluster_allocs Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 33/35] ahci: Remove unused struct member Kevin Wolf
2011-09-12 14:19 ` [Qemu-devel] [PATCH 34/35] qcow2: align cluster_data to block to improve performance using O_DIRECT Kevin Wolf
2011-09-12 14:19 ` Kevin Wolf [this message]
2011-09-15 19:09 ` [Qemu-devel] [PULL 00/35] Block patches Anthony Liguori

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:428b5ad dfblob:2f76311 )
 OR (
bs:"[Qemu-devel] [PATCH 35/35] qcow2: fix range check" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1315837174-15327-36-git-send-email-kwolf@redhat.com \
    --to=kwolf@redhat.com \
    --cc=anthony@codemonkey.ws \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).