[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [Qemu-devel] [PATCH for-2.11 5/5] qcow2: Refuse to get
From: |
Eric Blake |
Subject: |
Re: [Qemu-block] [Qemu-devel] [PATCH for-2.11 5/5] qcow2: Refuse to get unaligned offsets from cache |
Date: |
Fri, 10 Nov 2017 15:54:03 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 |
On 11/10/2017 02:31 PM, Max Reitz wrote:
> Instead of using an assertion, it is better to emit a corruption event
> here. Checking all offsets for correct alignment can be tedious and it
> is easily possible to forget to do so. qcow2_cache_do_get() is a
> function every L2 and refblock access has to go through, so this is a
> good central point to add such a check.
>
> And for good measure, let us also add an assertion that the offset is
> non-zero. Making this a corruption event is not feasible, because a
> zero offset usually means something special (such as the cluster is
> unused), so all callers should be checking this anyway. If they do not,
> it is their fault, hence the assertion here.
>
> Signed-off-by: Max Reitz <address@hidden>
> ---
> block/qcow2-cache.c | 21 +++++++++++++++++++++
> tests/qemu-iotests/060 | 21 +++++++++++++++++++++
> tests/qemu-iotests/060.out | 29 +++++++++++++++++++++++++++++
> 3 files changed, 71 insertions(+)
>
> +--- Repairing ---
> +Repairing refcount block 1 is outside image
> +ERROR refcount block 2 is not cluster aligned; refcount table entry corrupted
> +qcow2: Marking image as corrupt: Refblock offset 0x200 unaligned (reftable
> index: 0x2); further corruption events will be suppressed
> +Can't get refcount for cluster 1048576: Input/output error
Trying to understand this: we have a double corruption, because we
encountered a refblock that points outside of the image, but fixing the
refblock in turn encounters a second refblock that points within the
image but to an unaligned area.
Of course, you should never encounter these bad refblocks in normal
usage, but when it comes to dealing with untrusted images, being robust
is always worth it.
Reviewed-by: Eric Blake <address@hidden>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature
- [Qemu-block] [PATCH for-2.11 3/5] block: Guard against NULL bs->drv, (continued)
[Qemu-block] [PATCH for-2.11 5/5] qcow2: Refuse to get unaligned offsets from cache, Max Reitz, 2017/11/10
- Re: [Qemu-block] [Qemu-devel] [PATCH for-2.11 5/5] qcow2: Refuse to get unaligned offsets from cache,
Eric Blake <=
Re: [Qemu-block] [PATCH for-2.11 5/5] qcow2: Refuse to get unaligned offsets from cache, Alberto Garcia, 2017/11/14
Re: [Qemu-block] [PATCH for-2.11 0/5] qcow2: Fixes for corrupted images, Max Reitz, 2017/11/10
Re: [Qemu-block] [PATCH for-2.11 0/5] qcow2: Fixes for corrupted images, Max Reitz, 2017/11/15