[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-block] [PULL 03/27] qcow2: Assert that refcount block offsets fit
|
From: |
Kevin Wolf |
|
Subject: |
[Qemu-block] [PULL 03/27] qcow2: Assert that refcount block offsets fit in the refcount table |
|
Date: |
Fri, 1 Feb 2019 17:34:54 +0100 |
From: Alberto Garcia <address@hidden>
Refcount table entries have a field to store the offset of the
refcount block. The rest of the bits of the entry are currently
reserved.
The offset is always taken from the entry using REFT_OFFSET_MASK to
ensure that we only use the bits that belong to that field.
While that mask is used every time we read from the refcount table, it
is never used when we write to it. Due to the other constraints of the
qcow2 format QEMU can never produce refcount block offsets that don't
fit in that field so any such offset when allocating a refcount block
would indicate a bug in QEMU.
Signed-off-by: Alberto Garcia <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
block/qcow2-refcount.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 1c63ac244a..6f13d470d3 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -368,6 +368,9 @@ static int alloc_refcount_block(BlockDriverState *bs,
return new_block;
}
+ /* The offset must fit in the offset field of the refcount table entry */
+ assert((new_block & REFT_OFFSET_MASK) == new_block);
+
/* If we're allocating the block at offset 0 then something is wrong */
if (new_block == 0) {
qcow2_signal_corruption(bs, true, -1, -1, "Preventing invalid "
--
2.20.1
- [Qemu-block] [PULL 01/27] mirror: Release the dirty bitmap if mirror_start_job() fails, (continued)
- [Qemu-block] [PULL 01/27] mirror: Release the dirty bitmap if mirror_start_job() fails, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 12/27] vmdk: Reject excess extents in blockdev-create, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 20/27] scsi-disk: Acquire the AioContext in scsi_*_realize(), Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 17/27] block: Remove blk_attach_dev_legacy() / legacy_dev code, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 11/27] iotests: Add VMDK tests for blockdev-create, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 16/27] block: Apply auto-read-only for ro-whitelist drivers, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 10/27] iotests: Filter cid numbers in VMDK extent info, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 13/27] block/vpc: Don't take address of fields in packed structs, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 23/27] iotests/236: fix transaction kwarg order, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 24/27] block: Fix invalidate_cache error path for parent activation, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 03/27] qcow2: Assert that refcount block offsets fit in the refcount table,
Kevin Wolf <=
- [Qemu-block] [PULL 07/27] iotests: Make 234 stable, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 08/27] vmdk: Refactor vmdk_create_extent, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 15/27] uuid: Make qemu_uuid_bswap() take and return a QemuUUID, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 21/27] virtio-scsi: Forbid devices with different iothreads sharing a blockdev, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 09/27] vmdk: Implement .bdrv_co_create callback, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 27/27] scsi-disk: Add device_id property, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 26/27] scsi-disk: Don't use empty string as device id, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 25/27] qtest.py: Wait for the result of qtest commands, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 18/27] block: Eliminate the S_1KiB, S_2KiB, ... macros, Kevin Wolf, 2019/02/01
- [Qemu-block] [PULL 14/27] block/vdi: Don't take address of fields in packed structs, Kevin Wolf, 2019/02/01