From nobody Sat May 18 12:29:50 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1588602279; cv=none;
	d=zohomail.com; s=zohoarc;
	b=oED7ycQ1AGHU1VfYiyQT2Eh2vEAlWayfJcgH82ZcKUVNb88bb3tyYf15Ip1OBGRLJJzPgBfH92q1E2aNZafpvUeJQXgYHdTtQNlILtG1T37Put14Uk0FXAFHxsdsz3r+onY1u6ETBQIdMgV2Z/ULu4ubqncr8VoFDk50n+V+Xjs=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1588602279;
 h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To;
	bh=FOK68+t9AGaNHYQSO62BbFjn/8zGgPMHqN3xKHDPC4I=;
	b=A8F3ajGntMP70nylqwqQhi70kGztQPZxFKYeCI7MmGXN2O4V9Vx2u6msZASCN4Q72AXr2jGAiv1nxwgOeLkSYxfQtuI7UZyun/NifJv2eAZ7x5ihnhY0x2xo5wsZpdXNgZduN2RljL1EcQirfiOPljRNQEe/xp7vzmqbEeTjixs=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1588602278218666.0434189320671;
 Mon, 4 May 2020 07:24:38 -0700 (PDT)
Received: from localhost ([::1]:35348 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1jVc1M-0007BI-UK
	for importer@patchew.org; Mon, 04 May 2020 10:24:36 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:46600)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <berto@igalia.com>)
 id 1jVc0L-0005qV-1L; Mon, 04 May 2020 10:23:33 -0400
Received: from fanzine.igalia.com ([178.60.130.6]:60843)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <berto@igalia.com>)
 id 1jVc0I-00041r-VK; Mon, 04 May 2020 10:23:32 -0400
Received: from [81.0.43.160] (helo=perseus.local)
 by fanzine.igalia.com with esmtpsa
 (Cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim)
 id 1jVc0C-0006WT-RB; Mon, 04 May 2020 16:23:24 +0200
Received: from berto by perseus.local with local (Exim 4.92)
 (envelope-from <berto@igalia.com>)
 id 1jVbzx-0002jE-RE; Mon, 04 May 2020 16:23:09 +0200
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=igalia.com;
 s=20170329;
 h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From;
 bh=FOK68+t9AGaNHYQSO62BbFjn/8zGgPMHqN3xKHDPC4I=;
 b=oeunp6AaB5oHNNLObwUnzSzUt30921doH3F8pzxvuLhvI4u2l0j7Ef10Lcoez3lWL2UoECmhdbp9kWuOJu8t3cwpgGK8WItcMOSc4iAwknwDPzmRlCevaVIQSY5QZH6LEmerdcZQ1/nCwsW6VQtG8BTnmyAVo6OVqo+O1rDkN1e1AzkGbPw88y3CrAz74dLddIZlThTU2ofW0isL9RD0CeetZfsVhjPdB1J8hsjdKp+mXDsYU8L2xvwXy4uqNrCG22znH6AcGfMg/6Yn6RZJ4cOPQuEof0esuLOVQqd8Oki6svVLPeyAvOHnAtBXmMpRA6AyPefEmBXIbvY+glPk4g==;
From: Alberto Garcia <berto@igalia.com>
To: qemu-devel@nongnu.org,
	Kevin Wolf <kwolf@redhat.com>
Subject: [PATCH v2] qcow2: Avoid integer wraparound in qcow2_co_truncate()
Date: Mon,  4 May 2020 16:23:08 +0200
Message-Id: <20200504142308.10446-1-berto@igalia.com>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=178.60.130.6; envelope-from=berto@igalia.com;
 helo=fanzine.igalia.com
X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/04 09:47:36
X-ACL-Warn: Detected OS   = Linux 2.2.x-3.x (no timestamps) [generic] [fuzzy]
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001,
 URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Alberto Garcia <berto@igalia.com>, qemu-block@nongnu.org,
 Max Reitz <mreitz@redhat.com>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
Content-Type: text/plain; charset="utf-8"

After commit f01643fb8b47e8a70c04bbf45e0f12a9e5bc54de when an image is
extended and BDRV_REQ_ZERO_WRITE is set then the new clusters are
zeroized.

The code however does not detect correctly situations when the old and
the new end of the image are within the same cluster. The problem can
be reproduced with these steps:

   qemu-img create -f qcow2 backing.qcow2 1M
   qemu-img create -f qcow2 -F qcow2 -b backing.qcow2 top.qcow2
   qemu-img resize --shrink top.qcow2 520k
   qemu-img resize top.qcow2 567k

In the last step offset - zero_start causes an integer wraparound.

Signed-off-by: Alberto Garcia <berto@igalia.com>
---
 block/qcow2.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

v2:
- Don't call qcow2_cluster_zeroize() if offset =3D=3D zero_start

diff --git a/block/qcow2.c b/block/qcow2.c
index 2ba0b17c39..7ca0327995 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -4234,15 +4234,20 @@ static int coroutine_fn qcow2_co_truncate(BlockDriv=
erState *bs, int64_t offset,
     if ((flags & BDRV_REQ_ZERO_WRITE) && offset > old_length) {
         uint64_t zero_start =3D QEMU_ALIGN_UP(old_length, s->cluster_size);
=20
+        /* zero_start should not be after the new end of the image */
+        zero_start =3D MIN(zero_start, offset);
+
         /*
          * Use zero clusters as much as we can. qcow2_cluster_zeroize()
          * requires a cluster-aligned start. The end may be unaligned if i=
t is
          * at the end of the image (which it is here).
          */
-        ret =3D qcow2_cluster_zeroize(bs, zero_start, offset - zero_start,=
 0);
-        if (ret < 0) {
-            error_setg_errno(errp, -ret, "Failed to zero out new clusters"=
);
-            goto fail;
+        if (offset > zero_start) {
+            ret =3D qcow2_cluster_zeroize(bs, zero_start, offset - zero_st=
art, 0);
+            if (ret < 0) {
+                error_setg_errno(errp, -ret, "Failed to zero out new clust=
ers");
+                goto fail;
+            }
         }
=20
         /* Write explicit zeros for the unaligned head */
--=20
2.20.1