From nobody Wed Oct 29 11:38:24 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1526042392164229.5501387394961; Fri, 11 May 2018 05:39:52 -0700 (PDT) Received: from localhost ([::1]:41850 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fH7Kx-0005da-Cx for importer@patchew.org; Fri, 11 May 2018 08:39:51 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:55634) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fH7JH-0004Lh-Uz for qemu-devel@nongnu.org; Fri, 11 May 2018 08:38:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fH7JG-0002dw-Va for qemu-devel@nongnu.org; Fri, 11 May 2018 08:38:08 -0400 Received: from mail-pl0-x244.google.com ([2607:f8b0:400e:c01::244]:34998) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fH7JA-0002bY-Cf; Fri, 11 May 2018 08:38:00 -0400 Received: by mail-pl0-x244.google.com with SMTP id i5-v6so3244799plt.2; Fri, 11 May 2018 05:38:00 -0700 (PDT) Received: from VM_111_45_centos.localdomain ([119.28.55.16]) by smtp.gmail.com with ESMTPSA id x88-v6sm11299148pfj.126.2018.05.11.05.37.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 11 May 2018 05:37:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=DpLsoci2Lj1PIkbB+Cd8xHrI9RvGtQhwAiY5aoeZLWY=; b=DkrW6z5mGfWa/F7QcDIhKBpS1LnCkU/eBlyA1GX7y88GeNu06UgkRBr3XcAwXlOMup QC6fx0UBufazIEsAT/CQzNs/PBjXEuWa6ANU5BXBLkfYlrU2dTxPRyJapuRWlAwtlX9a jsOxI6b+0zN6jcAGojI/bGSjU1Z8/9gtmSP1K+Y9NXOuV2rg4ce+PgcC8dZWOL1LUCpq 688jpG8xJzGU7hHEsozI3pq6g5BlJj4nNw5lwbz5ukGawNjlf7J0ggl+zAHAexP9yPxu Kc0FoOT4JwFjRTpKpEdh648gZzzsTcN2m3zj6azYtZNCWMSCKh06soDsXFn0k2eo3TKI Rxsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=DpLsoci2Lj1PIkbB+Cd8xHrI9RvGtQhwAiY5aoeZLWY=; b=WsGcVe6n/RxerTYbQZKKl9520za49mkWQ0ZjqSoB6XqMUbcpXYYRDi02iBxAieAudn HfCAol6gHco+cDwejDMrTXpos23JxA11C2BdGPAQvbO7PDJGQ+KIW4tnjA4eI5uyNnqa SiwuXITgsuXi1pynqiE9LyT+SaFSLRpdT16IZEdMlSdm3M0v9V4VIWUOBB9CAWly77uZ 7LDuYHkU5G9t2JIlD4jSenTYQZwFnS+Yy8cSerU/coi+fPaWXLvSmmXMLCmpasFE8c29 /RyOg/Tzzbgn6mLpHcjKM08oLlnS846gJAOpyoZ5Wndd1KKIaK+m6LV9xZf19gyKq+f4 C+JA== X-Gm-Message-State: ALKqPwdVDyoEmb3lFGw84OegpEgCgaCj4So6jQ8NRb5UHDsOyQKlG/Vf WZujIa0hrG5Y7kHXDb2qdgtCiVbj X-Google-Smtp-Source: AB8JxZobQL+2LscFSi03UEyCRx2QFNB67GOBU8OPS3LWmcOuDscP6QKkMrU0vO/hfqPGjI+6lFQ7Jg== X-Received: by 2002:a17:902:28a7:: with SMTP id f36-v6mr4539429plb.155.1526042279391; Fri, 11 May 2018 05:37:59 -0700 (PDT) From: Ivan Ren X-Google-Original-From: Ivan Ren To: mreitz@redhat.com, kwolf@redhat.com Date: Fri, 11 May 2018 20:37:51 +0800 Message-Id: <1526042271-11983-1-git-send-email-ivanren@tencent.com> X-Mailer: git-send-email 1.8.3.1 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:400e:c01::244 Subject: [Qemu-devel] [PATCH v2] qcow2: fix preallocation with metadata on bare block device X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org, qemu-block@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Create a qcow2 directly on bare block device with "-o preallocation=3Dmetadata" option. When read this qcow2, it will return pre-existing data on block device, and this may lead to data leakage. This patch add QCOW_OFLAG_ZERO for all preallocated l2 entry to avoid this problem. Signed-off-by: Ivan Ren --- Changes in v2: - always pass QCOW_OFLAG_ZERO when preallocate metadta --- block/qcow2-cluster.c | 5 +++-- block/qcow2.c | 6 +++--- block/qcow2.h | 3 ++- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index 1aee726..b9e0ceb 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -919,7 +919,8 @@ fail: return ret; } =20 -int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, QCowL2Meta *m) +int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, QCowL2Meta *m, + uint64_t flags) { BDRVQcow2State *s =3D bs->opaque; int i, j =3D 0, l2_index, ret; @@ -969,7 +970,7 @@ int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, Q= CowL2Meta *m) } =20 l2_slice[l2_index + i] =3D cpu_to_be64((cluster_offset + - (i << s->cluster_bits)) | QCOW_OFLAG_COPIED); + (i << s->cluster_bits)) | QCOW_OFLAG_COPIED | flags); } =20 =20 diff --git a/block/qcow2.c b/block/qcow2.c index 2f36e63..a7aeea9 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -2044,7 +2044,7 @@ static coroutine_fn int qcow2_co_pwritev(BlockDriverS= tate *bs, uint64_t offset, while (l2meta !=3D NULL) { QCowL2Meta *next; =20 - ret =3D qcow2_alloc_cluster_link_l2(bs, l2meta); + ret =3D qcow2_alloc_cluster_link_l2(bs, l2meta, 0); if (ret < 0) { goto fail; } @@ -2552,7 +2552,7 @@ static void coroutine_fn preallocate_co(void *opaque) while (meta) { QCowL2Meta *next =3D meta->next; =20 - ret =3D qcow2_alloc_cluster_link_l2(bs, meta); + ret =3D qcow2_alloc_cluster_link_l2(bs, meta, QCOW_OFLAG_ZERO); if (ret < 0) { qcow2_free_any_clusters(bs, meta->alloc_offset, meta->nb_clusters, QCOW2_DISCARD_N= EVER); @@ -3458,7 +3458,7 @@ static int qcow2_truncate(BlockDriverState *bs, int64= _t offset, }; qemu_co_queue_init(&allocation.dependent_requests); =20 - ret =3D qcow2_alloc_cluster_link_l2(bs, &allocation); + ret =3D qcow2_alloc_cluster_link_l2(bs, &allocation, 0); if (ret < 0) { error_setg_errno(errp, -ret, "Failed to update L2 tables"); qcow2_free_clusters(bs, host_offset, diff --git a/block/qcow2.h b/block/qcow2.h index adf5c39..9a59602 100644 --- a/block/qcow2.h +++ b/block/qcow2.h @@ -617,7 +617,8 @@ uint64_t qcow2_alloc_compressed_cluster_offset(BlockDri= verState *bs, uint64_t offset, int compressed_size); =20 -int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, QCowL2Meta *m); +int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, QCowL2Meta *m, + uint64_t flags); int qcow2_cluster_discard(BlockDriverState *bs, uint64_t offset, uint64_t bytes, enum qcow2_discard_type type, bool full_discard); --=20 1.8.3.1