From: Max Reitz <mreitz@redhat.com>
To: Alberto Garcia <berto@igalia.com>, qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org, Kevin Wolf <kwolf@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] qcow2: Check the L1 table parameters from all internal snapshots
Date: Fri, 9 Feb 2018 14:04:06 +0100 [thread overview]
Message-ID: <66ffb17c-6238-db0e-5a50-16d83ee12482@redhat.com> (raw)
In-Reply-To: <20180209113744.11842-1-berto@igalia.com>
[-- Attachment #1: Type: text/plain, Size: 1855 bytes --]
On 2018-02-09 12:37, Alberto Garcia wrote:
> The code that reads the qcow2 snapshot table takes the offset and size
> of all snapshots' L1 table without doing any kind of checks.
>
> Although qcow2_snapshot_load_tmp() does verify that the table size is
> valid, the table offset is not checked at all. On top of that there
> are several other code paths that deal with internal snapshots that
> don't use that function or do any other check.
>
> This patch verifies that all L1 tables are correctly aligned and the
> size does not exceed the maximum allowed valued.
>
> The check from qcow2_snapshot_load_tmp() is removed since it's now
> useless (opening an image will fail before that).
>
> Signed-off-by: Alberto Garcia <berto@igalia.com>
> ---
> block/qcow2-snapshot.c | 14 ++++++++++----
> tests/qemu-iotests/080 | 10 +++++++++-
> tests/qemu-iotests/080.out | 10 ++++++++--
> 3 files changed, 27 insertions(+), 7 deletions(-)
I don't like completely refusing to open a qcow2 image if one of the
snapshots is invalid, without giving the user any way of fixing it.
With this patch, the final two images created in 080 cannot be opened at
all (not even with qemu-img info). Without it, you can, you just can't
load the snapshots. (Well, in one case. In the other, you can even do
that, but that's a bug, as you correctly claim.)
More importantly, though, without this patch, you can delete the
snapshots. qemu-img will complain a bit, and you'll have leaks
afterwards, but that's nothing qemu-img check can't fix. With this
patch, you can't, because the image cannot be opened at all so it's
basically gone for good (unless you get a hex editor).
Another thing is that the error messages are not really useful...
(which is already an issue, but this patch doesn't make it better.)
Max
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
next prev parent reply other threads:[~2018-02-09 13:04 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-09 11:37 [Qemu-devel] [PATCH] qcow2: Check the L1 table parameters from all internal snapshots Alberto Garcia
2018-02-09 13:04 ` Max Reitz [this message]
2018-02-09 13:35 ` Alberto Garcia
2018-02-09 13:48 ` Max Reitz
2018-02-09 15:03 ` Kevin Wolf
2018-02-09 15:11 ` Alberto Garcia
2018-02-09 15:19 ` Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=66ffb17c-6238-db0e-5a50-16d83ee12482@redhat.com \
--to=mreitz@redhat.com \
--cc=berto@igalia.com \
--cc=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).