From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45568) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YKtyF-0005r7-0K for qemu-devel@nongnu.org; Mon, 09 Feb 2015 14:26:11 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YKty8-0003WR-NH for qemu-devel@nongnu.org; Mon, 09 Feb 2015 14:26:10 -0500 Received: from mx1.redhat.com ([209.132.183.28]:52016) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YKty8-0003Vy-Fh for qemu-devel@nongnu.org; Mon, 09 Feb 2015 14:26:04 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t19JQ301025353 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Mon, 9 Feb 2015 14:26:03 -0500 From: Max Reitz Date: Mon, 9 Feb 2015 14:25:48 -0500 Message-Id: <1423509950-7468-11-git-send-email-mreitz@redhat.com> In-Reply-To: <1423509950-7468-1-git-send-email-mreitz@redhat.com> References: <1423509950-7468-1-git-send-email-mreitz@redhat.com> Subject: [Qemu-devel] [PATCH v3 10/12] qcow2/overlaps: Protect inactive L1 tables List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Kevin Wolf , Stefan Hajnoczi , Max Reitz Keep track of the inactive L1 tables in the metadata list to protect them against accidental modifications. Signed-off-by: Max Reitz Reviewed-by: Eric Blake --- block/qcow2-snapshot.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c index c32d889..b3122d8 100644 --- a/block/qcow2-snapshot.c +++ b/block/qcow2-snapshot.c @@ -121,6 +121,21 @@ int qcow2_read_snapshots(BlockDriverState *bs) ret = -EFBIG; goto fail; } + + if (!(s->overlap_check & QCOW2_OL_INACTIVE_L1)) { + continue; + } + + if (sn->l1_size > INT_MAX / sizeof(uint64_t)) { + /* Do not fail opening the image because a snapshot is broken which + * might not be used anyway */ + continue; + } + + qcow2_metadata_list_enter(bs, sn->l1_table_offset, + size_to_clusters(s, sn->l1_size * + sizeof(uint64_t)), + QCOW2_OL_INACTIVE_L1); } assert(offset - s->snapshots_offset <= INT_MAX); @@ -416,6 +431,11 @@ int qcow2_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info) g_free(l1_table); l1_table = NULL; + qcow2_metadata_list_enter(bs, sn->l1_table_offset, + size_to_clusters(s, sn->l1_size * + sizeof(uint64_t)), + QCOW2_OL_INACTIVE_L1); + /* * Increase the refcounts of all clusters and make sure everything is * stable on disk before updating the snapshot table to contain a pointer @@ -636,6 +656,11 @@ int qcow2_snapshot_delete(BlockDriverState *bs, g_free(sn.id_str); g_free(sn.name); + qcow2_metadata_list_remove(bs, sn.l1_table_offset, + size_to_clusters(s, sn.l1_size * + sizeof(uint64_t)), + QCOW2_OL_INACTIVE_L1); + /* * Now decrease the refcounts of clusters referenced by the snapshot and * free the L1 table. -- 2.1.0