1. Patchew
  2. QEMU
  3. View series

[Qemu-devel] [PATCH 0/2] vmdk: Fix possible segfault with non-VMDK backing

Max Reitz posted 2 patches 7 years, 4 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20180702210721.4847-1-mreitz@redhat.com
Test checkpatch passed
Test docker-mingw@fedora passed
Test docker-quick@centos7 failed
Test s390x failed
block/vmdk.c               |   6 ++
tests/qemu-iotests/225     | 132 +++++++++++++++++++++++++++++++++++++
tests/qemu-iotests/225.out |  24 +++++++
tests/qemu-iotests/group   |   1 +
4 files changed, 163 insertions(+)
create mode 100755 tests/qemu-iotests/225
create mode 100644 tests/qemu-iotests/225.out
[Qemu-devel] [PATCH 0/2] vmdk: Fix possible segfault with non-VMDK backing
Posted by Max Reitz 7 years, 4 months ago 
The VMDK driver assumes that its backing file is always a VMDK file,
too, because it verifies that when creating the overlay.  However, that
verification means nothing at runtime, and consequently you can assign
non-VMDK backing files to a VMDK node.  This then breaks because the
driver accesses the backing node as a VMDK node to read its supposed CID
to compare it with the overlay's parentCID entry -- which usually fails,
either in a benign way (we read from a garbage offset, and then we read
garbage or get a read error straight away), or we get a segfault
(because the backing node does not have a respective file child).

Anyway, we just shouldn't do it and instead check whether the backing
file is a VMDK node before treating it like one.


(This fixes
 http://lists.nongnu.org/archive/html/qemu-block/2018-06/msg01268.html)


Max Reitz (2):
  vmdk: Fix possible segfault with non-VMDK backing
  iotests: Add VMDK backing file correlation test

 block/vmdk.c               |   6 ++
 tests/qemu-iotests/225     | 132 +++++++++++++++++++++++++++++++++++++
 tests/qemu-iotests/225.out |  24 +++++++
 tests/qemu-iotests/group   |   1 +
 4 files changed, 163 insertions(+)
 create mode 100755 tests/qemu-iotests/225
 create mode 100644 tests/qemu-iotests/225.out

-- 
2.17.1
Re: [Qemu-devel] [PATCH 0/2] vmdk: Fix possible segfault with non-VMDK backing
Posted by Max Reitz 7 years, 3 months ago 
On 2018-07-02 23:07, Max Reitz wrote:
> The VMDK driver assumes that its backing file is always a VMDK file,
> too, because it verifies that when creating the overlay.  However, that
> verification means nothing at runtime, and consequently you can assign
> non-VMDK backing files to a VMDK node.  This then breaks because the
> driver accesses the backing node as a VMDK node to read its supposed CID
> to compare it with the overlay's parentCID entry -- which usually fails,
> either in a benign way (we read from a garbage offset, and then we read
> garbage or get a read error straight away), or we get a segfault
> (because the backing node does not have a respective file child).
> 
> Anyway, we just shouldn't do it and instead check whether the backing
> file is a VMDK node before treating it like one.
> 
> 
> (This fixes
>  http://lists.nongnu.org/archive/html/qemu-block/2018-06/msg01268.html)
> 
> 
> Max Reitz (2):
>   vmdk: Fix possible segfault with non-VMDK backing
>   iotests: Add VMDK backing file correlation test
> 
>  block/vmdk.c               |   6 ++
>  tests/qemu-iotests/225     | 132 +++++++++++++++++++++++++++++++++++++
>  tests/qemu-iotests/225.out |  24 +++++++
>  tests/qemu-iotests/group   |   1 +
>  4 files changed, 163 insertions(+)
>  create mode 100755 tests/qemu-iotests/225
>  create mode 100644 tests/qemu-iotests/225.out

Applied to my block branch.

Max

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.