From nobody Sat Feb 7 18:23:10 2026 Delivered-To: importer@patchew.org Received-SPF: temperror (zoho.com: Error in retrieving data from DNS) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=temperror (zoho.com: Error in retrieving data from DNS) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1509551386737501.5026254256685; Wed, 1 Nov 2017 08:49:46 -0700 (PDT) Received: from localhost ([::1]:56389 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e9vGd-0003Cn-GM for importer@patchew.org; Wed, 01 Nov 2017 11:49:23 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59834) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e9vAt-000714-4T for qemu-devel@nongnu.org; Wed, 01 Nov 2017 11:43:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e9vAo-0005b2-6e for qemu-devel@nongnu.org; Wed, 01 Nov 2017 11:43:27 -0400 Received: from fanzine.igalia.com ([91.117.99.155]:55972) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1e9vAn-0005Z2-R6; Wed, 01 Nov 2017 11:43:22 -0400 Received: from [194.100.51.2] (helo=perseus.local) by fanzine.igalia.com with esmtpsa (Cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim) id 1e9vAl-0008Px-En; Wed, 01 Nov 2017 16:43:19 +0100 Received: from berto by perseus.local with local (Exim 4.89) (envelope-from ) id 1e9vAS-0006m6-Vz; Wed, 01 Nov 2017 17:43:00 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=igalia.com; s=20170329; h=References:In-Reply-To:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From; bh=lB+tW4L+a69jciza86sa6//LoPF4qOkKTBsLwgyAErM=; b=BebZOU84F1eeS56oSCjZUqj59h/2OsAN00s+jDF5qWeZ/6LiMRjnLt7jUmRX7Oo8blEyOAkVFdLhVq9lY905aKxsK2KKnHbmQGwaHD3yQ+7yNFreReu2GZu+jqiq66Ny85pOavTxZzO9WP5ZGEXRJwKMlX1uOr3ZbC0UpNiBQeJ6axq1NkGgPuddHlT/8c74DXZazcgTT6CFmYHwxU6tlRKGuQdQx8UuHk7FkgOR3UWsLbKZ+6P2UOyr31b5N5cnVzqdcLz2p5EImtU0zhUGKjzQ5f6wikrxZsVRdQNpg8KpkGBxw0DMhwtcZWkqZxjyTbh84aUKaQsQ68MGg3XxUA==; From: Alberto Garcia To: qemu-devel@nongnu.org Date: Wed, 1 Nov 2017 17:42:22 +0200 Message-Id: <49d365124cf0bffb3fe705678b50b86445d42605.1509550787.git.berto@igalia.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: References: In-Reply-To: References: X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no timestamps) [generic] [fuzzy] X-Received-From: 91.117.99.155 Subject: [Qemu-devel] [PATCH 1/4] qcow2: Prevent allocating refcount blocks at offset 0 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Thomas Huth , Alberto Garcia , qemu-block@nongnu.org, Max Reitz , "R . Nageswara Sastry" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_6 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Each entry in the qcow2 cache contains an offset field indicating the location of the data in the qcow2 image. If the offset is 0 then it means that the entry contains no data and is available to be used when needed. Because of that it is not possible to store in the cache the first cluster of the qcow2 image (offset =3D 0). This is not a problem because that cluster always contains the qcow2 header and we're not using this cache for that. However, if the qcow2 image is corrupted it can happen that we try to allocate a new refcount block at offset 0, triggering this assertion and crashing QEMU: qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset !=3D 0' fai= led This patch adds an explicit check for this scenario and a new test case. This problem was originally reported here: https://bugs.launchpad.net/qemu/+bug/1728615 Reported-by: R.Nageswara Sastry Signed-off-by: Alberto Garcia Reviewed-by: Max Reitz --- block/qcow2-refcount.c | 7 +++++++ tests/qemu-iotests/060 | 11 +++++++++++ tests/qemu-iotests/060.out | 8 ++++++++ 3 files changed, 26 insertions(+) diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index aa3fd6cf17..9059996c4b 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -367,6 +367,13 @@ static int alloc_refcount_block(BlockDriverState *bs, return new_block; } =20 + /* If we're allocating the block at offset 0 then something is wrong */ + if (new_block =3D=3D 0) { + qcow2_signal_corruption(bs, true, -1, -1, "Preventing invalid " + "allocation of refcount block at offset 0"= ); + return -EIO; + } + #ifdef DEBUG_ALLOC2 fprintf(stderr, "qcow2: Allocate refcount block %d for %" PRIx64 " at %" PRIx64 "\n", diff --git a/tests/qemu-iotests/060 b/tests/qemu-iotests/060 index 8e95c450eb..dead26aeaf 100755 --- a/tests/qemu-iotests/060 +++ b/tests/qemu-iotests/060 @@ -242,6 +242,17 @@ poke_file "$TEST_IMG" "$(($l2_offset+8))" "\x80\x00\x0= 0\x00\x00\x06\x2a\x00" # Should emit two error messages $QEMU_IO -c "discard 0 64k" -c "read 64k 64k" "$TEST_IMG" | _filter_qemu_io =20 +echo +echo "=3D=3D=3D Testing empty refcount table with valid L1 and L2 tables = =3D=3D=3D" +echo +_make_test_img 64M +$QEMU_IO -c "write 0 64k" "$TEST_IMG" | _filter_qemu_io +poke_file "$TEST_IMG" "$rt_offset" "\x00\x00\x00\x00\x00\x00\x00\x0= 0" +# Since the first data cluster is already allocated this triggers an +# allocation with an explicit offset (using qcow2_alloc_clusters_at()) +# causing a refcount block to be allocated at offset 0 +$QEMU_IO -c "write 0 128k" "$TEST_IMG" | _filter_qemu_io + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/060.out b/tests/qemu-iotests/060.out index 5ca3af491f..872719009c 100644 --- a/tests/qemu-iotests/060.out +++ b/tests/qemu-iotests/060.out @@ -181,4 +181,12 @@ qcow2: Marking image as corrupt: Cluster allocation of= fset 0x62a00 unaligned (L2 discard 65536/65536 bytes at offset 0 64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) read failed: Input/output error + +=3D=3D=3D Testing empty refcount table with valid L1 and L2 tables =3D=3D= =3D + +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D67108864 +wrote 65536/65536 bytes at offset 0 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +qcow2: Marking image as corrupt: Preventing invalid allocation of refcount= block at offset 0; further corruption events will be suppressed +write failed: Input/output error *** done --=20 2.11.0 From nobody Sat Feb 7 18:23:10 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1509551111613124.51756371966769; Wed, 1 Nov 2017 08:45:11 -0700 (PDT) Received: from localhost ([::1]:56370 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e9vCT-00080A-KW for importer@patchew.org; Wed, 01 Nov 2017 11:45:05 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59831) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e9vAt-000711-3t for qemu-devel@nongnu.org; Wed, 01 Nov 2017 11:43:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e9vAo-0005bF-7Q for qemu-devel@nongnu.org; Wed, 01 Nov 2017 11:43:27 -0400 Received: from fanzine.igalia.com ([91.117.99.155]:55969) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1e9vAn-0005Z0-Qv; Wed, 01 Nov 2017 11:43:22 -0400 Received: from [194.100.51.2] (helo=perseus.local) by fanzine.igalia.com with esmtpsa (Cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim) id 1e9vAl-0008Pv-Bz; Wed, 01 Nov 2017 16:43:19 +0100 Received: from berto by perseus.local with local (Exim 4.89) (envelope-from ) id 1e9vAT-0006m8-0x; Wed, 01 Nov 2017 17:43:01 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=igalia.com; s=20170329; h=References:In-Reply-To:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From; bh=/Wll5HO39lySFPGsmixiMV/yfOoZ4NCHVmwR27BkQPE=; b=rfLkYVlMsgeqMIXPjlLmolrcyPwMy/YGg4UybiuISY5cMmpKiGqCsIFqsWd/XKhR1kcL3ISYtbFM1ifVlQvmPi2JAQJldXregPzKpt9Map3+ac8jQP5rneuAZy8D7+chSC/FkVb0EgwJlIsJsx0Wm6kjc2JE7GL1UAYU+DZWTYj8Sf84mlzC67lI24mxh7L9RpACQFb62KzINTZz14mqvwrz30fHybfV+36z/69bQTmj4+pO+TuJ+iwFqQQlVQOWYC9GH2vRW7KOhoGzRwWd6885uLWI3tyCFc7Znxdw8nAuBJZChl8xQ9z7Z1SzTenGIyOWJt7lbXnheXuqwKRmyA==; From: Alberto Garcia To: qemu-devel@nongnu.org Date: Wed, 1 Nov 2017 17:42:23 +0200 Message-Id: <090da3a925cd09404afb7cae97bd867697e7da21.1509550787.git.berto@igalia.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: References: In-Reply-To: References: X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no timestamps) [generic] [fuzzy] X-Received-From: 91.117.99.155 Subject: [Qemu-devel] [PATCH 2/4] qcow2: Prevent allocating L2 tables at offset 0 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Thomas Huth , Alberto Garcia , qemu-block@nongnu.org, Max Reitz , "R . Nageswara Sastry" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" If the refcount data is corrupted then we can end up trying to allocate a new L2 table at offset 0 in the image, triggering an assertion in the qcow2 cache that would crash QEMU: qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset !=3D 0' fai= led This patch adds an explicit check for this scenario and a new test case. Signed-off-by: Alberto Garcia Reviewed-by: Max Reitz --- block/qcow2-cluster.c | 7 +++++++ tests/qemu-iotests/060 | 7 +++++++ tests/qemu-iotests/060.out | 6 ++++++ 3 files changed, 20 insertions(+) diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index fb10e26068..540af4d19d 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -278,6 +278,13 @@ static int l2_allocate(BlockDriverState *bs, int l1_in= dex, uint64_t **table) goto fail; } =20 + /* If we're allocating the table at offset 0 then something is wrong */ + if (l2_offset =3D=3D 0) { + qcow2_signal_corruption(bs, true, -1, -1, "Preventing invalid " + "allocation of L2 table at offset 0"); + return -EIO; + } + ret =3D qcow2_cache_flush(bs, s->refcount_block_cache); if (ret < 0) { goto fail; diff --git a/tests/qemu-iotests/060 b/tests/qemu-iotests/060 index dead26aeaf..40f85cc216 100755 --- a/tests/qemu-iotests/060 +++ b/tests/qemu-iotests/060 @@ -253,6 +253,13 @@ poke_file "$TEST_IMG" "$rt_offset" "\x00\x00\x0= 0\x00\x00\x00\x00\x00" # causing a refcount block to be allocated at offset 0 $QEMU_IO -c "write 0 128k" "$TEST_IMG" | _filter_qemu_io =20 +echo +echo "=3D=3D=3D Testing empty refcount block =3D=3D=3D" +echo +_make_test_img 64M +poke_file "$TEST_IMG" "$rb_offset" "\x00\x00\x00\x00\x00\x00\x00\x0= 0" +$QEMU_IO -c "write 0 64k" "$TEST_IMG" | _filter_qemu_io + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/060.out b/tests/qemu-iotests/060.out index 872719009c..5b8b518486 100644 --- a/tests/qemu-iotests/060.out +++ b/tests/qemu-iotests/060.out @@ -189,4 +189,10 @@ wrote 65536/65536 bytes at offset 0 64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) qcow2: Marking image as corrupt: Preventing invalid allocation of refcount= block at offset 0; further corruption events will be suppressed write failed: Input/output error + +=3D=3D=3D Testing empty refcount block =3D=3D=3D + +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D67108864 +qcow2: Marking image as corrupt: Preventing invalid allocation of L2 table= at offset 0; further corruption events will be suppressed +write failed: Input/output error *** done --=20 2.11.0 From nobody Sat Feb 7 18:23:10 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 150955127737622.52016045390326; Wed, 1 Nov 2017 08:47:57 -0700 (PDT) Received: from localhost ([::1]:56384 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e9vF9-0001zj-IK for importer@patchew.org; Wed, 01 Nov 2017 11:47:51 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59833) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e9vAt-000713-4I for qemu-devel@nongnu.org; Wed, 01 Nov 2017 11:43:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e9vAo-0005bC-7O for qemu-devel@nongnu.org; Wed, 01 Nov 2017 11:43:27 -0400 Received: from fanzine.igalia.com ([91.117.99.155]:55975) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1e9vAn-0005Z3-Qn; Wed, 01 Nov 2017 11:43:22 -0400 Received: from [194.100.51.2] (helo=perseus.local) by fanzine.igalia.com with esmtpsa (Cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim) id 1e9vAl-0008Pz-IG; Wed, 01 Nov 2017 16:43:19 +0100 Received: from berto by perseus.local with local (Exim 4.89) (envelope-from ) id 1e9vAT-0006mB-21; Wed, 01 Nov 2017 17:43:01 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=igalia.com; s=20170329; h=References:In-Reply-To:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From; bh=mhKR3SMBzWItOqOos6kratjq3tacaDKXQA7CR0YMSaw=; b=gPHPr/d9KWS9h7Ib1tZroCWGdZa+2113gPmAoAXTj+X5DuLz6jjzPZMh7hEflq5F87evEzii8hgI2J8c6wBoRLOLvDwU+Nj5X0Ku4/ToikhrzVHJH5QyDw7w8QlDZOZNeNpH5++8YugskcvTa0iTBNZ2DzYOrZDFlYNjpD9DXGgVAZtDIp9/aFQDR0/zK4mj1U8/A/X6csMjwBFbGA5K2+/mV4pyZL3FY5fhGkwypLnlAreQn+x+qGgcb7LT5roKaws4NEHzo1d/ik7t+9ZITWwj5CFMBCfeHUaXFMtBfgZj2J2ObhME34kVgs8OJvGUCyg+L5LuY6IYSQlipFNNYQ==; From: Alberto Garcia To: qemu-devel@nongnu.org Date: Wed, 1 Nov 2017 17:42:24 +0200 Message-Id: <33492fad2f21dff38a33a96decb38983aee7e405.1509550787.git.berto@igalia.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: References: In-Reply-To: References: X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no timestamps) [generic] [fuzzy] X-Received-From: 91.117.99.155 Subject: [Qemu-devel] [PATCH 3/4] qcow2: Don't open images with header.refcount_table_clusters == 0 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Thomas Huth , Alberto Garcia , qemu-block@nongnu.org, Max Reitz , "R . Nageswara Sastry" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" qcow2_do_open() is checking that header.refcount_table_clusters is not too large, but it doesn't check that it's greater than zero. Apart from the fact that an image like that is obviously corrupted, trying to use it crashes QEMU since we end up with a null s->refcount_table after qcow2_refcount_init(). These images can however be repaired, so allow opening them if the BDRV_O_CHECK flag is set. Signed-off-by: Alberto Garcia Reviewed-by: Max Reitz --- block/qcow2.c | 6 ++++++ tests/qemu-iotests/060 | 7 +++++++ tests/qemu-iotests/060.out | 5 +++++ 3 files changed, 18 insertions(+) diff --git a/block/qcow2.c b/block/qcow2.c index 92cb9f9bfa..defc1fe49f 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -1280,6 +1280,12 @@ static int qcow2_do_open(BlockDriverState *bs, QDict= *options, int flags, goto fail; } =20 + if (header.refcount_table_clusters =3D=3D 0 && !(flags & BDRV_O_CHECK)= ) { + error_setg(errp, "Image does not contain a reference count table"); + ret =3D -EINVAL; + goto fail; + } + ret =3D validate_table_offset(bs, s->refcount_table_offset, s->refcount_table_size, sizeof(uint64_t)); if (ret < 0) { diff --git a/tests/qemu-iotests/060 b/tests/qemu-iotests/060 index 40f85cc216..8fcfce1260 100755 --- a/tests/qemu-iotests/060 +++ b/tests/qemu-iotests/060 @@ -260,6 +260,13 @@ _make_test_img 64M poke_file "$TEST_IMG" "$rb_offset" "\x00\x00\x00\x00\x00\x00\x00\x0= 0" $QEMU_IO -c "write 0 64k" "$TEST_IMG" | _filter_qemu_io =20 +echo +echo "=3D=3D=3D Testing zero refcount table size =3D=3D=3D" +echo +_make_test_img 64M +poke_file "$TEST_IMG" "56" "\x00\x00\x00\x00" +$QEMU_IO -c "write 0 64k" "$TEST_IMG" 2>&1 | _filter_testdir | _filter_img= fmt + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/060.out b/tests/qemu-iotests/060.out index 5b8b518486..6db399d674 100644 --- a/tests/qemu-iotests/060.out +++ b/tests/qemu-iotests/060.out @@ -195,4 +195,9 @@ write failed: Input/output error Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D67108864 qcow2: Marking image as corrupt: Preventing invalid allocation of L2 table= at offset 0; further corruption events will be suppressed write failed: Input/output error + +=3D=3D=3D Testing zero refcount table size =3D=3D=3D + +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D67108864 +can't open device TEST_DIR/t.IMGFMT: Image does not contain a reference co= unt table *** done --=20 2.11.0 From nobody Sat Feb 7 18:23:10 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1509551193255931.6736149834649; Wed, 1 Nov 2017 08:46:33 -0700 (PDT) Received: from localhost ([::1]:56378 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e9vDi-0000ly-Gv for importer@patchew.org; Wed, 01 Nov 2017 11:46:22 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59832) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e9vAt-000712-3s for qemu-devel@nongnu.org; Wed, 01 Nov 2017 11:43:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e9vAo-0005b3-72 for qemu-devel@nongnu.org; Wed, 01 Nov 2017 11:43:27 -0400 Received: from fanzine.igalia.com ([91.117.99.155]:55976) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1e9vAn-0005Z1-Qz; Wed, 01 Nov 2017 11:43:22 -0400 Received: from [194.100.51.2] (helo=perseus.local) by fanzine.igalia.com with esmtpsa (Cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim) id 1e9vAl-0008Py-D1; Wed, 01 Nov 2017 16:43:19 +0100 Received: from berto by perseus.local with local (Exim 4.89) (envelope-from ) id 1e9vAT-0006mF-33; Wed, 01 Nov 2017 17:43:01 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=igalia.com; s=20170329; h=References:In-Reply-To:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From; bh=ulN/B3ciI3eb1HKAuadKWRoYDaYSnqtRU0grKsG1h5E=; b=ADSL7xaoYfPICn+X2X/JWwoATIcw4aTesDes5vFeUwxAuOg5jA3bMARnANH53nDRyAu2jOgW3gN68PV+ygnUGZMbS+plsRgo2eoDS+wzarJFIklWnSowCbgbioodOZe74Ipv1n13XyFQwLvkY0yO3Zun9xPPNaxxeDQAFifNdNXnYaI+KV6am5O2l5N3dTwUJMRiD4l9CKmaaDBJOc6S8S5IeBtEBqfIcCKVoH0umleO7YDi7nX0SsXmeycgSQOiL5CMPssriV1NpaLE1o9fEctgXdMbYlK7Ru+Z4BqGFKKrXU0qDPGTVxojAiLbUNJO2erTuNB9N5YAZsYZvSdzMw==; From: Alberto Garcia To: qemu-devel@nongnu.org Date: Wed, 1 Nov 2017 17:42:25 +0200 Message-Id: X-Mailer: git-send-email 2.11.0 In-Reply-To: References: In-Reply-To: References: X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no timestamps) [generic] [fuzzy] X-Received-From: 91.117.99.155 Subject: [Qemu-devel] [PATCH 4/4] qcow2: Add iotest for an empty refcount table X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Thomas Huth , Alberto Garcia , qemu-block@nongnu.org, Max Reitz , "R . Nageswara Sastry" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" This patch adds a simple iotests in which we try to write to an image with an empty refcount table (i.e. with all entries set to 0). This scenario was already handled by the existing consistency checks, but we add an explicit test case for completeness. Signed-off-by: Alberto Garcia Reviewed-by: Max Reitz --- tests/qemu-iotests/060 | 7 +++++++ tests/qemu-iotests/060.out | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/tests/qemu-iotests/060 b/tests/qemu-iotests/060 index 8fcfce1260..9344278ac4 100755 --- a/tests/qemu-iotests/060 +++ b/tests/qemu-iotests/060 @@ -243,6 +243,13 @@ poke_file "$TEST_IMG" "$(($l2_offset+8))" "\x80\x00\x0= 0\x00\x00\x06\x2a\x00" $QEMU_IO -c "discard 0 64k" -c "read 64k 64k" "$TEST_IMG" | _filter_qemu_io =20 echo +echo "=3D=3D=3D Testing empty refcount table =3D=3D=3D" +echo +_make_test_img 64M +poke_file "$TEST_IMG" "$rt_offset" "\x00\x00\x00\x00\x00\x00\x00\x0= 0" +$QEMU_IO -c "write 0 64k" "$TEST_IMG" | _filter_qemu_io + +echo echo "=3D=3D=3D Testing empty refcount table with valid L1 and L2 tables = =3D=3D=3D" echo _make_test_img 64M diff --git a/tests/qemu-iotests/060.out b/tests/qemu-iotests/060.out index 6db399d674..cc8a155643 100644 --- a/tests/qemu-iotests/060.out +++ b/tests/qemu-iotests/060.out @@ -182,6 +182,12 @@ discard 65536/65536 bytes at offset 0 64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) read failed: Input/output error =20 +=3D=3D=3D Testing empty refcount table =3D=3D=3D + +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D67108864 +qcow2: Marking image as corrupt: Preventing invalid write on metadata (ove= rlaps with refcount table); further corruption events will be suppressed +write failed: Input/output error + =3D=3D=3D Testing empty refcount table with valid L1 and L2 tables =3D=3D= =3D =20 Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D67108864 --=20 2.11.0