From nobody Thu Dec 18 13:27:19 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1520613714801413.5097908664262; Fri, 9 Mar 2018 08:41:54 -0800 (PST) Received: from localhost ([::1]:46410 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1euL5U-0002R3-OF for importer@patchew.org; Fri, 09 Mar 2018 11:41:44 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33308) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1euKkp-0000xr-He for qemu-devel@nongnu.org; Fri, 09 Mar 2018 11:20:27 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1euKkn-0006gE-PT for qemu-devel@nongnu.org; Fri, 09 Mar 2018 11:20:23 -0500 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:44666 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1euKkj-0006ZE-DP; Fri, 09 Mar 2018 11:20:17 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0D2D78151D47; Fri, 9 Mar 2018 16:20:17 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-117-234.ams2.redhat.com [10.36.117.234]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5B841215CDAC; Fri, 9 Mar 2018 16:20:16 +0000 (UTC) From: Kevin Wolf To: qemu-block@nongnu.org Date: Fri, 9 Mar 2018 17:18:51 +0100 Message-Id: <20180309161933.8168-15-kwolf@redhat.com> In-Reply-To: <20180309161933.8168-1-kwolf@redhat.com> References: <20180309161933.8168-1-kwolf@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Fri, 09 Mar 2018 16:20:17 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Fri, 09 Mar 2018 16:20:17 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'kwolf@redhat.com' RCPT:'' X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.187.233.73 Subject: [Qemu-devel] [PULL 14/56] qcow2: Make qemu-img check detect corrupted L1 tables in snapshots X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kwolf@redhat.com, qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Alberto Garcia 'qemu-img check' cannot detect if a snapshot's L1 table is corrupted. This patch checks the table's offset and size and reports corruption if the values are not valid. This patch doesn't add code to fix that corruption yet, only to detect and report it. Signed-off-by: Alberto Garcia Reviewed-by: Eric Blake Signed-off-by: Kevin Wolf --- block/qcow2-refcount.c | 14 ++++++++++++++ tests/qemu-iotests/080 | 2 ++ tests/qemu-iotests/080.out | 20 ++++++++++++++++++++ 3 files changed, 36 insertions(+) diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index b18ea0ca98..362deaf303 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -2047,6 +2047,20 @@ static int calculate_refcounts(BlockDriverState *bs,= BdrvCheckResult *res, /* snapshots */ for (i =3D 0; i < s->nb_snapshots; i++) { sn =3D s->snapshots + i; + if (offset_into_cluster(s, sn->l1_table_offset)) { + fprintf(stderr, "ERROR snapshot %s (%s) l1_offset=3D%#" PRIx64= ": " + "L1 table is not cluster aligned; snapshot table entry= " + "corrupted\n", sn->id_str, sn->name, sn->l1_table_offs= et); + res->corruptions++; + continue; + } + if (sn->l1_size > QCOW_MAX_L1_SIZE / sizeof(uint64_t)) { + fprintf(stderr, "ERROR snapshot %s (%s) l1_size=3D%#" PRIx32 "= : " + "L1 table is too large; snapshot table entry corrupted= \n", + sn->id_str, sn->name, sn->l1_size); + res->corruptions++; + continue; + } ret =3D check_refcounts_l1(bs, res, refcount_table, nb_clusters, sn->l1_table_offset, sn->l1_size, 0, fix); if (ret < 0) { diff --git a/tests/qemu-iotests/080 b/tests/qemu-iotests/080 index f8e7d6f4df..4dbe68e950 100755 --- a/tests/qemu-iotests/080 +++ b/tests/qemu-iotests/080 @@ -182,6 +182,7 @@ poke_file "$TEST_IMG" "$offset_snap1_l1_offset" "\x00\x= 00\x00\x00\x00\x40\x02\x0 -c 'write 0 4k'; } 2>&1 | _filter_qemu_io | _filter_testdir { $QEMU_IMG snapshot -a test $TEST_IMG; } 2>&1 | _filter_testdir { $QEMU_IMG snapshot -d test $TEST_IMG; } 2>&1 | _filter_testdir +_check_test_img =20 echo echo "=3D=3D Invalid snapshot L1 table size =3D=3D" @@ -195,6 +196,7 @@ poke_file "$TEST_IMG" "$offset_snap1_l1_size" "\x10\x00= \x00\x00" -c 'write 0 4k'; } 2>&1 | _filter_qemu_io | _filter_testdir { $QEMU_IMG snapshot -a test $TEST_IMG; } 2>&1 | _filter_testdir { $QEMU_IMG snapshot -d test $TEST_IMG; } 2>&1 | _filter_testdir +_check_test_img =20 # success, all done echo "*** done" diff --git a/tests/qemu-iotests/080.out b/tests/qemu-iotests/080.out index 89bcd27172..4e0f7f7b92 100644 --- a/tests/qemu-iotests/080.out +++ b/tests/qemu-iotests/080.out @@ -71,6 +71,16 @@ write failed: Invalid argument qemu-img: Snapshot L1 table offset invalid qemu-img: Could not apply snapshot 'test': Failed to load snapshot: Invali= d argument qemu-img: Could not delete snapshot 'test': Snapshot L1 table offset inval= id +ERROR snapshot 1 (test) l1_offset=3D0x400200: L1 table is not cluster alig= ned; snapshot table entry corrupted +Leaked cluster 4 refcount=3D2 reference=3D1 +Leaked cluster 5 refcount=3D2 reference=3D1 +Leaked cluster 6 refcount=3D1 reference=3D0 + +1 errors were found on the image. +Data may be corrupted, or further writes to the image may corrupt it. + +3 leaked clusters were found on the image. +This means waste of disk space, but no harm to data. =20 =3D=3D Invalid snapshot L1 table size =3D=3D Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D67108864 @@ -84,4 +94,14 @@ write failed: File too large qemu-img: Snapshot L1 table too large qemu-img: Could not apply snapshot 'test': Failed to load snapshot: File t= oo large qemu-img: Could not delete snapshot 'test': Snapshot L1 table too large +ERROR snapshot 1 (test) l1_size=3D0x10000000: L1 table is too large; snaps= hot table entry corrupted +Leaked cluster 4 refcount=3D2 reference=3D1 +Leaked cluster 5 refcount=3D2 reference=3D1 +Leaked cluster 6 refcount=3D1 reference=3D0 + +1 errors were found on the image. +Data may be corrupted, or further writes to the image may corrupt it. + +3 leaked clusters were found on the image. +This means waste of disk space, but no harm to data. *** done --=20 2.13.6