[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 25/71] qcow2: Assert that L2 table offsets fit in the
From: |
Kevin Wolf |
Subject: |
[Qemu-devel] [PULL 25/71] qcow2: Assert that L2 table offsets fit in the L1 table |
Date: |
Mon, 25 Feb 2019 16:20:07 +0100 |
From: Alberto Garcia <address@hidden>
L1 table entries have a field to store the offset of an L2 table.
The rest of the bits of the entry are currently reserved except from
bit 63, which stores the COPIED flag.
The offset is always taken from the entry using L1E_OFFSET_MASK to
ensure that we only use the bits that belong to that field.
While that mask is used every time we read from the L1 table, it is
never used when we write to it. Due to the limits set elsewhere in the
code QEMU can never produce L2 table offsets that don't fit in that
field so any such offset when allocating an L2 table would indicate a
bug in QEMU.
Signed-off-by: Alberto Garcia <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
block/qcow2-cluster.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 30eca26c47..179aa2c728 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -285,6 +285,9 @@ static int l2_allocate(BlockDriverState *bs, int l1_index)
goto fail;
}
+ /* The offset must fit in the offset field of the L1 table entry */
+ assert((l2_offset & L1E_OFFSET_MASK) == l2_offset);
+
/* If we're allocating the table at offset 0 then something is wrong */
if (l2_offset == 0) {
qcow2_signal_corruption(bs, true, -1, -1, "Preventing invalid "
--
2.20.1
- [Qemu-devel] [PULL 13/71] io: Remove redundant read/write_coroutine assignments, (continued)
- [Qemu-devel] [PULL 13/71] io: Remove redundant read/write_coroutine assignments, Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 16/71] nbd: Increase bs->in_flight during AioContext switch, Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 20/71] block: Use normal drain for bdrv_set_aio_context(), Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 19/71] test-bdrv-drain: AioContext switch in drained section, Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 15/71] nbd: Use low-level QIOChannel API in nbd_read_eof(), Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 17/71] block: Don't poll in bdrv_set_aio_context(), Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 21/71] aio-posix: Assert that aio_poll() is always called in home thread, Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 22/71] block: improve should_update_child, Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 23/71] block: fix bdrv_check_perm for non-tree subgraph, Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 24/71] tests: add test-bdrv-graph-mod, Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 25/71] qcow2: Assert that L2 table offsets fit in the L1 table,
Kevin Wolf <=
- [Qemu-devel] [PULL 29/71] block: Skip implicit nodes for filename info, Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 32/71] iotests.py: Add filter_imgfmt(), Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 33/71] iotests.py: Add node_info(), Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 38/71] block: Add bdrv_make_absolute_filename(), Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 41/71] blkverify: Make bdrv_dirname() return NULL, Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 36/71] block: bdrv_get_full_backing_filename_from_...'s ret. val., Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 28/71] block: Use children list in bdrv_refresh_filename, Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 26/71] block/nvme: Remove QEMU_PACKED from naturally aligned NVMeRegs struct, Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 35/71] block: Make path_combine() return the path, Kevin Wolf, 2019/02/25
- [Qemu-devel] [PULL 44/71] block/nfs: Implement bdrv_dirname(), Kevin Wolf, 2019/02/25