From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, peter.maydell@linaro.org, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 03/27] qcow2: Assert that refcount block offsets fit in the refcount table
Date: Fri, 1 Feb 2019 17:34:54 +0100 [thread overview]
Message-ID: <20190201163518.31157-4-kwolf@redhat.com> (raw)
In-Reply-To: <20190201163518.31157-1-kwolf@redhat.com>
From: Alberto Garcia <berto@igalia.com>
Refcount table entries have a field to store the offset of the
refcount block. The rest of the bits of the entry are currently
reserved.
The offset is always taken from the entry using REFT_OFFSET_MASK to
ensure that we only use the bits that belong to that field.
While that mask is used every time we read from the refcount table, it
is never used when we write to it. Due to the other constraints of the
qcow2 format QEMU can never produce refcount block offsets that don't
fit in that field so any such offset when allocating a refcount block
would indicate a bug in QEMU.
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/qcow2-refcount.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 1c63ac244a..6f13d470d3 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -368,6 +368,9 @@ static int alloc_refcount_block(BlockDriverState *bs,
return new_block;
}
+ /* The offset must fit in the offset field of the refcount table entry */
+ assert((new_block & REFT_OFFSET_MASK) == new_block);
+
/* If we're allocating the block at offset 0 then something is wrong */
if (new_block == 0) {
qcow2_signal_corruption(bs, true, -1, -1, "Preventing invalid "
--
2.20.1
next prev parent reply other threads:[~2019-02-01 16:36 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-01 16:34 [Qemu-devel] [PULL 00/27] Block layer patches Kevin Wolf
2019-02-01 16:34 ` [Qemu-devel] [PULL 01/27] mirror: Release the dirty bitmap if mirror_start_job() fails Kevin Wolf
2019-02-01 16:34 ` [Qemu-devel] [PULL 02/27] mirror: Block the source BlockDriverState in mirror_start_job() Kevin Wolf
2019-02-01 16:34 ` Kevin Wolf [this message]
2019-02-01 16:34 ` [Qemu-devel] [PULL 04/27] qemu-iotests: add test case for dmg Kevin Wolf
2019-02-01 16:34 ` [Qemu-devel] [PULL 05/27] block: Replace qdict_put() by qdict_put_obj() where appropriate Kevin Wolf
2019-02-01 16:34 ` [Qemu-devel] [PULL 06/27] block: Fix hangs in synchronous APIs with iothreads Kevin Wolf
2019-02-01 16:34 ` [Qemu-devel] [PULL 07/27] iotests: Make 234 stable Kevin Wolf
2019-02-01 16:34 ` [Qemu-devel] [PULL 08/27] vmdk: Refactor vmdk_create_extent Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 09/27] vmdk: Implement .bdrv_co_create callback Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 10/27] iotests: Filter cid numbers in VMDK extent info Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 11/27] iotests: Add VMDK tests for blockdev-create Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 12/27] vmdk: Reject excess extents in blockdev-create Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 13/27] block/vpc: Don't take address of fields in packed structs Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 14/27] block/vdi: " Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 15/27] uuid: Make qemu_uuid_bswap() take and return a QemuUUID Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 16/27] block: Apply auto-read-only for ro-whitelist drivers Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 17/27] block: Remove blk_attach_dev_legacy() / legacy_dev code Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 18/27] block: Eliminate the S_1KiB, S_2KiB, ... macros Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 19/27] virtio-scsi: Move BlockBackend back to the main AioContext on unplug Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 20/27] scsi-disk: Acquire the AioContext in scsi_*_realize() Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 21/27] virtio-scsi: Forbid devices with different iothreads sharing a blockdev Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 22/27] iotests: Filter second BLOCK_JOB_ERROR from 229 Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 23/27] iotests/236: fix transaction kwarg order Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 24/27] block: Fix invalidate_cache error path for parent activation Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 25/27] qtest.py: Wait for the result of qtest commands Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 26/27] scsi-disk: Don't use empty string as device id Kevin Wolf
2019-02-01 16:35 ` [Qemu-devel] [PULL 27/27] scsi-disk: Add device_id property Kevin Wolf
2019-02-01 17:24 ` [Qemu-devel] [PULL 00/27] Block layer patches no-reply
2019-02-01 17:24 ` no-reply
2019-02-01 17:27 ` no-reply
2019-02-01 19:05 ` Peter Maydell
2019-02-03 15:10 ` no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190201163518.31157-4-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).