[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 13/56] qcow2: Check snapshot L1 table in qcow2_snapsh
From: |
Kevin Wolf |
Subject: |
[Qemu-devel] [PULL 13/56] qcow2: Check snapshot L1 table in qcow2_snapshot_delete() |
Date: |
Fri, 9 Mar 2018 17:18:50 +0100 |
From: Alberto Garcia <address@hidden>
This function deletes a snapshot from disk, removing its entry from
the snapshot table, freeing its L1 table and decreasing the refcounts
of all clusters.
The L1 table offset and size are however not validated. If we use
invalid values in this function we'll probably corrupt the image even
more, so we should return an error instead.
We now have a function to take care of this, so let's use it.
Signed-off-by: Alberto Garcia <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
block/qcow2-snapshot.c | 7 +++++++
tests/qemu-iotests/080 | 2 ++
tests/qemu-iotests/080.out | 2 ++
3 files changed, 11 insertions(+)
diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c
index 0faf728dc4..74293be470 100644
--- a/block/qcow2-snapshot.c
+++ b/block/qcow2-snapshot.c
@@ -611,6 +611,13 @@ int qcow2_snapshot_delete(BlockDriverState *bs,
}
sn = s->snapshots[snapshot_index];
+ ret = qcow2_validate_table(bs, sn.l1_table_offset, sn.l1_size,
+ sizeof(uint64_t), QCOW_MAX_L1_SIZE,
+ "Snapshot L1 table", errp);
+ if (ret < 0) {
+ return ret;
+ }
+
/* Remove it from the snapshot list */
memmove(s->snapshots + snapshot_index,
s->snapshots + snapshot_index + 1,
diff --git a/tests/qemu-iotests/080 b/tests/qemu-iotests/080
index 538857310f..f8e7d6f4df 100755
--- a/tests/qemu-iotests/080
+++ b/tests/qemu-iotests/080
@@ -181,6 +181,7 @@ poke_file "$TEST_IMG" "$offset_snap1_l1_offset"
"\x00\x00\x00\x00\x00\x40\x02\x0
{ $QEMU_IO -c "open -o overlap-check.inactive-l2=on $TEST_IMG" \
-c 'write 0 4k'; } 2>&1 | _filter_qemu_io | _filter_testdir
{ $QEMU_IMG snapshot -a test $TEST_IMG; } 2>&1 | _filter_testdir
+{ $QEMU_IMG snapshot -d test $TEST_IMG; } 2>&1 | _filter_testdir
echo
echo "== Invalid snapshot L1 table size =="
@@ -193,6 +194,7 @@ poke_file "$TEST_IMG" "$offset_snap1_l1_size"
"\x10\x00\x00\x00"
{ $QEMU_IO -c "open -o overlap-check.inactive-l2=on $TEST_IMG" \
-c 'write 0 4k'; } 2>&1 | _filter_qemu_io | _filter_testdir
{ $QEMU_IMG snapshot -a test $TEST_IMG; } 2>&1 | _filter_testdir
+{ $QEMU_IMG snapshot -d test $TEST_IMG; } 2>&1 | _filter_testdir
# success, all done
echo "*** done"
diff --git a/tests/qemu-iotests/080.out b/tests/qemu-iotests/080.out
index 1525e1b087..89bcd27172 100644
--- a/tests/qemu-iotests/080.out
+++ b/tests/qemu-iotests/080.out
@@ -70,6 +70,7 @@ Failed to flush the refcount block cache: Invalid argument
write failed: Invalid argument
qemu-img: Snapshot L1 table offset invalid
qemu-img: Could not apply snapshot 'test': Failed to load snapshot: Invalid
argument
+qemu-img: Could not delete snapshot 'test': Snapshot L1 table offset invalid
== Invalid snapshot L1 table size ==
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
@@ -82,4 +83,5 @@ Failed to flush the refcount block cache: File too large
write failed: File too large
qemu-img: Snapshot L1 table too large
qemu-img: Could not apply snapshot 'test': Failed to load snapshot: File too
large
+qemu-img: Could not delete snapshot 'test': Snapshot L1 table too large
*** done
--
2.13.6
- [Qemu-devel] [PULL 11/56] qcow2: Check snapshot L1 tables in qcow2_check_metadata_overlap(), (continued)
- [Qemu-devel] [PULL 11/56] qcow2: Check snapshot L1 tables in qcow2_check_metadata_overlap(), Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 05/56] qed: make bdrv_qed_do_open a coroutine_fn, Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 04/56] qcow2: make qcow2_do_open a coroutine_fn, Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 16/56] block/qapi: Add qcow2 create options to schema, Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 17/56] qcow2: Rename qcow2_co_create2() to qcow2_co_create(), Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 10/56] qcow2: Check L1 table parameters in qcow2_expand_zero_clusters(), Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 15/56] block/qapi: Introduce BlockdevCreateOptions, Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 22/56] qcow2: Handle full/falloc preallocation in qcow2_co_create(), Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 08/56] qcow2: Generalize validate_table_offset() into qcow2_validate_table(), Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 12/56] qcow2: Check snapshot L1 table in qcow2_snapshot_goto(), Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 13/56] qcow2: Check snapshot L1 table in qcow2_snapshot_delete(),
Kevin Wolf <=
- [Qemu-devel] [PULL 14/56] qcow2: Make qemu-img check detect corrupted L1 tables in snapshots, Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 06/56] block: convert bdrv_invalidate_cache callback to coroutine_fn, Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 25/56] test-qemu-opts: Test qemu_opts_to_qdict_filtered(), Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 28/56] block: Make bdrv_is_whitelisted() public, Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 29/56] block: x-blockdev-create QMP command, Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 24/56] test-qemu-opts: Test qemu_opts_append(), Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 30/56] file-posix: Support .bdrv_co_create, Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 20/56] qcow2: Use BlockdevRef in qcow2_co_create(), Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 32/56] gluster: Support .bdrv_co_create, Kevin Wolf, 2018/03/09
- [Qemu-devel] [PULL 27/56] qcow2: Use visitor for options in qcow2_create(), Kevin Wolf, 2018/03/09