From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 14/56] qcow2: Make qemu-img check detect corrupted L1 tables in snapshots
Date: Fri, 9 Mar 2018 17:18:51 +0100 [thread overview]
Message-ID: <20180309161933.8168-15-kwolf@redhat.com> (raw)
In-Reply-To: <20180309161933.8168-1-kwolf@redhat.com>
From: Alberto Garcia <berto@igalia.com>
'qemu-img check' cannot detect if a snapshot's L1 table is corrupted.
This patch checks the table's offset and size and reports corruption
if the values are not valid.
This patch doesn't add code to fix that corruption yet, only to detect
and report it.
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/qcow2-refcount.c | 14 ++++++++++++++
tests/qemu-iotests/080 | 2 ++
tests/qemu-iotests/080.out | 20 ++++++++++++++++++++
3 files changed, 36 insertions(+)
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index b18ea0ca98..362deaf303 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -2047,6 +2047,20 @@ static int calculate_refcounts(BlockDriverState *bs, BdrvCheckResult *res,
/* snapshots */
for (i = 0; i < s->nb_snapshots; i++) {
sn = s->snapshots + i;
+ if (offset_into_cluster(s, sn->l1_table_offset)) {
+ fprintf(stderr, "ERROR snapshot %s (%s) l1_offset=%#" PRIx64 ": "
+ "L1 table is not cluster aligned; snapshot table entry "
+ "corrupted\n", sn->id_str, sn->name, sn->l1_table_offset);
+ res->corruptions++;
+ continue;
+ }
+ if (sn->l1_size > QCOW_MAX_L1_SIZE / sizeof(uint64_t)) {
+ fprintf(stderr, "ERROR snapshot %s (%s) l1_size=%#" PRIx32 ": "
+ "L1 table is too large; snapshot table entry corrupted\n",
+ sn->id_str, sn->name, sn->l1_size);
+ res->corruptions++;
+ continue;
+ }
ret = check_refcounts_l1(bs, res, refcount_table, nb_clusters,
sn->l1_table_offset, sn->l1_size, 0, fix);
if (ret < 0) {
diff --git a/tests/qemu-iotests/080 b/tests/qemu-iotests/080
index f8e7d6f4df..4dbe68e950 100755
--- a/tests/qemu-iotests/080
+++ b/tests/qemu-iotests/080
@@ -182,6 +182,7 @@ poke_file "$TEST_IMG" "$offset_snap1_l1_offset" "\x00\x00\x00\x00\x00\x40\x02\x0
-c 'write 0 4k'; } 2>&1 | _filter_qemu_io | _filter_testdir
{ $QEMU_IMG snapshot -a test $TEST_IMG; } 2>&1 | _filter_testdir
{ $QEMU_IMG snapshot -d test $TEST_IMG; } 2>&1 | _filter_testdir
+_check_test_img
echo
echo "== Invalid snapshot L1 table size =="
@@ -195,6 +196,7 @@ poke_file "$TEST_IMG" "$offset_snap1_l1_size" "\x10\x00\x00\x00"
-c 'write 0 4k'; } 2>&1 | _filter_qemu_io | _filter_testdir
{ $QEMU_IMG snapshot -a test $TEST_IMG; } 2>&1 | _filter_testdir
{ $QEMU_IMG snapshot -d test $TEST_IMG; } 2>&1 | _filter_testdir
+_check_test_img
# success, all done
echo "*** done"
diff --git a/tests/qemu-iotests/080.out b/tests/qemu-iotests/080.out
index 89bcd27172..4e0f7f7b92 100644
--- a/tests/qemu-iotests/080.out
+++ b/tests/qemu-iotests/080.out
@@ -71,6 +71,16 @@ write failed: Invalid argument
qemu-img: Snapshot L1 table offset invalid
qemu-img: Could not apply snapshot 'test': Failed to load snapshot: Invalid argument
qemu-img: Could not delete snapshot 'test': Snapshot L1 table offset invalid
+ERROR snapshot 1 (test) l1_offset=0x400200: L1 table is not cluster aligned; snapshot table entry corrupted
+Leaked cluster 4 refcount=2 reference=1
+Leaked cluster 5 refcount=2 reference=1
+Leaked cluster 6 refcount=1 reference=0
+
+1 errors were found on the image.
+Data may be corrupted, or further writes to the image may corrupt it.
+
+3 leaked clusters were found on the image.
+This means waste of disk space, but no harm to data.
== Invalid snapshot L1 table size ==
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
@@ -84,4 +94,14 @@ write failed: File too large
qemu-img: Snapshot L1 table too large
qemu-img: Could not apply snapshot 'test': Failed to load snapshot: File too large
qemu-img: Could not delete snapshot 'test': Snapshot L1 table too large
+ERROR snapshot 1 (test) l1_size=0x10000000: L1 table is too large; snapshot table entry corrupted
+Leaked cluster 4 refcount=2 reference=1
+Leaked cluster 5 refcount=2 reference=1
+Leaked cluster 6 refcount=1 reference=0
+
+1 errors were found on the image.
+Data may be corrupted, or further writes to the image may corrupt it.
+
+3 leaked clusters were found on the image.
+This means waste of disk space, but no harm to data.
*** done
--
2.13.6
next prev parent reply other threads:[~2018-03-09 16:20 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-09 16:18 [Qemu-devel] [PULL 00/56] Block layer patches Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 01/56] block: implement the bdrv_reopen_prepare helper for LUKS driver Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 02/56] qcow2: introduce qcow2_write_caches and qcow2_flush_caches Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 03/56] qcow2: fix flushing after dirty bitmap metadata writes Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 04/56] qcow2: make qcow2_do_open a coroutine_fn Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 05/56] qed: make bdrv_qed_do_open " Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 06/56] block: convert bdrv_invalidate_cache callback to coroutine_fn Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 07/56] block: convert bdrv_check " Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 08/56] qcow2: Generalize validate_table_offset() into qcow2_validate_table() Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 09/56] qcow2: Check L1 table offset in qcow2_snapshot_load_tmp() Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 10/56] qcow2: Check L1 table parameters in qcow2_expand_zero_clusters() Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 11/56] qcow2: Check snapshot L1 tables in qcow2_check_metadata_overlap() Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 12/56] qcow2: Check snapshot L1 table in qcow2_snapshot_goto() Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 13/56] qcow2: Check snapshot L1 table in qcow2_snapshot_delete() Kevin Wolf
2018-03-09 16:18 ` Kevin Wolf [this message]
2018-03-09 16:18 ` [Qemu-devel] [PULL 15/56] block/qapi: Introduce BlockdevCreateOptions Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 16/56] block/qapi: Add qcow2 create options to schema Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 17/56] qcow2: Rename qcow2_co_create2() to qcow2_co_create() Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 18/56] qcow2: Let qcow2_create() handle protocol layer Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 19/56] qcow2: Pass BlockdevCreateOptions to qcow2_co_create() Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 20/56] qcow2: Use BlockdevRef in qcow2_co_create() Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 21/56] qcow2: Use QCryptoBlockCreateOptions " Kevin Wolf
2018-03-09 16:18 ` [Qemu-devel] [PULL 22/56] qcow2: Handle full/falloc preallocation " Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 23/56] util: Add qemu_opts_to_qdict_filtered() Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 24/56] test-qemu-opts: Test qemu_opts_append() Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 25/56] test-qemu-opts: Test qemu_opts_to_qdict_filtered() Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 26/56] qdict: Introduce qdict_rename_keys() Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 27/56] qcow2: Use visitor for options in qcow2_create() Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 28/56] block: Make bdrv_is_whitelisted() public Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 29/56] block: x-blockdev-create QMP command Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 30/56] file-posix: Support .bdrv_co_create Kevin Wolf
2018-05-08 15:26 ` Peter Maydell
2018-03-09 16:19 ` [Qemu-devel] [PULL 31/56] file-win32: " Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 32/56] gluster: " Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 33/56] rbd: Fix use after free in qemu_rbd_set_keypairs() error path Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 34/56] rbd: Factor out qemu_rbd_connect() Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 35/56] rbd: Remove non-schema options from runtime_opts Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 36/56] rbd: Pass BlockdevOptionsRbd to qemu_rbd_connect() Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 37/56] rbd: Support .bdrv_co_create Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 38/56] rbd: Assign s->snap/image_name in qemu_rbd_open() Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 39/56] rbd: Use qemu_rbd_connect() in qemu_rbd_do_create() Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 40/56] nfs: Use QAPI options in nfs_client_open() Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 41/56] nfs: Support .bdrv_co_create Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 42/56] sheepdog: QAPIfy "redundancy" create option Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 43/56] sheepdog: Support .bdrv_co_create Kevin Wolf
2018-04-27 14:05 ` Peter Maydell
2018-04-27 14:07 ` Peter Maydell
2018-03-09 16:19 ` [Qemu-devel] [PULL 44/56] ssh: Use QAPI BlockdevOptionsSsh object Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 45/56] ssh: QAPIfy host-key-check option Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 46/56] ssh: Pass BlockdevOptionsSsh to connect_to_ssh() Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 47/56] ssh: Support .bdrv_co_create Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 48/56] file-posix: Fix no-op bdrv_truncate() with falloc preallocation Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 49/56] block: Fail bdrv_truncate() with negative size Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 50/56] qemu-iotests: Test qcow2 over file image creation with QMP Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 51/56] qemu-iotests: Test ssh image creation over QMP Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 52/56] iotests: Test creating overlay when guest running Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 53/56] iotests: Mark all tests executable Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 54/56] iotests: Skip test for ENOMEM error Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 55/56] iotests: Tweak 030 in order to trigger a race condition with parallel jobs Kevin Wolf
2018-03-09 16:19 ` [Qemu-devel] [PULL 56/56] qemu-iotests: fix 203 migration completion race Kevin Wolf
2018-03-12 11:47 ` [Qemu-devel] [PULL 00/56] Block layer patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180309161933.8168-15-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).