1. Patchew
  2. QEMU
  3. View series

[Qemu-devel] [PATCH v2 0/7] Misc qcow2 corruption checks

Alberto Garcia posted 7 patches 7 years, 12 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/cover.1509718618.git.berto@igalia.com
Test checkpatch passed
Test docker passed
Test ppc passed
Test s390x passed
block/qcow2-cluster.c      |  8 ++++++++
block/qcow2-refcount.c     | 15 +++++++++++++-
block/qcow2.c              |  7 +++++++
tests/qemu-iotests/060     | 49 ++++++++++++++++++++++++++++++++++++++++++++++
tests/qemu-iotests/060.out | 39 ++++++++++++++++++++++++++++++++++++
5 files changed, 117 insertions(+), 1 deletion(-)
[Qemu-devel] [PATCH v2 0/7] Misc qcow2 corruption checks
Posted by Alberto Garcia 7 years, 12 months ago 
This series contains a few checks that prevent QEMU from crashing
under some scenarios with corrupted qcow2 images.

The first patch solves the crash reported here:

  https://bugs.launchpad.net/qemu/+bug/1728615

And the others solve similar crashes that I detected in the process of
fixing this one.

Regards,

Berto

v2:
- Use goto fail in the l2_allocate() check [Max]
- Add check and test case for allocation of compressed clusters [Max]
- Add test case for header.refcount_table_offset == 0
- Add overlap checks to qcow2_crypto_hdr_init_func() [Max]

v1: https://lists.gnu.org/archive/html/qemu-block/2017-11/msg00010.html
- Initial version

Output of backport-diff against v1:

Key:
[----] : patches are identical
[####] : number of functional differences between upstream/downstream patch
[down] : patch is downstream-only
The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively

001/7:[----] [--] 'qcow2: Prevent allocating refcount blocks at offset 0'
002/7:[0003] [FC] 'qcow2: Prevent allocating L2 tables at offset 0'
003/7:[down] 'qcow2: Prevent allocating compressed clusters at offset 0'
004/7:[----] [-C] 'qcow2: Don't open images with header.refcount_table_clusters == 0'
005/7:[down] 'qcow2: Add iotest for an image with header.refcount_table_offset == 0'
006/7:[----] [--] 'qcow2: Add iotest for an empty refcount table'
007/7:[down] 'qcow2: Assert that the crypto header does not overlap other metadata'

Alberto Garcia (7):
  qcow2: Prevent allocating refcount blocks at offset 0
  qcow2: Prevent allocating L2 tables at offset 0
  qcow2: Prevent allocating compressed clusters at offset 0
  qcow2: Don't open images with header.refcount_table_clusters == 0
  qcow2: Add iotest for an image with header.refcount_table_offset == 0
  qcow2: Add iotest for an empty refcount table
  qcow2: Assert that the crypto header does not overlap other metadata

 block/qcow2-cluster.c      |  8 ++++++++
 block/qcow2-refcount.c     | 15 +++++++++++++-
 block/qcow2.c              |  7 +++++++
 tests/qemu-iotests/060     | 49 ++++++++++++++++++++++++++++++++++++++++++++++
 tests/qemu-iotests/060.out | 39 ++++++++++++++++++++++++++++++++++++
 5 files changed, 117 insertions(+), 1 deletion(-)

-- 
2.11.0
Re: [Qemu-devel] [PATCH v2 0/7] Misc qcow2 corruption checks
Posted by Max Reitz 7 years, 12 months ago 
On 2017-11-03 15:18, Alberto Garcia wrote:
> This series contains a few checks that prevent QEMU from crashing
> under some scenarios with corrupted qcow2 images.
> 
> The first patch solves the crash reported here:
> 
>   https://bugs.launchpad.net/qemu/+bug/1728615
> 
> And the others solve similar crashes that I detected in the process of
> fixing this one.
> 
> Regards,
> 
> Berto
> 
> v2:
> - Use goto fail in the l2_allocate() check [Max]
> - Add check and test case for allocation of compressed clusters [Max]
> - Add test case for header.refcount_table_offset == 0
> - Add overlap checks to qcow2_crypto_hdr_init_func() [Max]
> 
> v1: https://lists.gnu.org/archive/html/qemu-block/2017-11/msg00010.html
> - Initial version
> 
> Output of backport-diff against v1:
> 
> Key:
> [----] : patches are identical
> [####] : number of functional differences between upstream/downstream patch
> [down] : patch is downstream-only
> The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively
> 
> 001/7:[----] [--] 'qcow2: Prevent allocating refcount blocks at offset 0'
> 002/7:[0003] [FC] 'qcow2: Prevent allocating L2 tables at offset 0'
> 003/7:[down] 'qcow2: Prevent allocating compressed clusters at offset 0'
> 004/7:[----] [-C] 'qcow2: Don't open images with header.refcount_table_clusters == 0'
> 005/7:[down] 'qcow2: Add iotest for an image with header.refcount_table_offset == 0'
> 006/7:[----] [--] 'qcow2: Add iotest for an empty refcount table'
> 007/7:[down] 'qcow2: Assert that the crypto header does not overlap other metadata'
> 
> Alberto Garcia (7):
>   qcow2: Prevent allocating refcount blocks at offset 0
>   qcow2: Prevent allocating L2 tables at offset 0
>   qcow2: Prevent allocating compressed clusters at offset 0
>   qcow2: Don't open images with header.refcount_table_clusters == 0
>   qcow2: Add iotest for an image with header.refcount_table_offset == 0
>   qcow2: Add iotest for an empty refcount table
>   qcow2: Assert that the crypto header does not overlap other metadata
> 
>  block/qcow2-cluster.c      |  8 ++++++++
>  block/qcow2-refcount.c     | 15 +++++++++++++-
>  block/qcow2.c              |  7 +++++++
>  tests/qemu-iotests/060     | 49 ++++++++++++++++++++++++++++++++++++++++++++++
>  tests/qemu-iotests/060.out | 39 ++++++++++++++++++++++++++++++++++++
>  5 files changed, 117 insertions(+), 1 deletion(-)

Thanks, applied to my block branch:

https://github.com/XanClic/qemu/commits/block

Max

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.