Re: [Qemu-devel] [PATCH v3] iotests: Test abnormally large size in compr

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v3] iotests: Test abnormally large size in compr

From:	Eric Blake
Subject:	Re: [Qemu-devel] [PATCH v3] iotests: Test abnormally large size in compressed cluster descriptor
Date:	Mon, 26 Feb 2018 09:12:22 -0600
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0

On 02/26/2018 08:36 AM, Alberto Garcia wrote:

L2 entries for compressed clusters have a field that indicates the
number of sectors used to store the data in the image.


One consequence of this is that even if the size field is larger than
it needs to be QEMU can handle it just fine: it will read more data
from disk but it will ignore the extra bytes.


Modulo any ref count checks, of course ;)


Signed-off-by: Alberto Garcia <address@hidden>
---

v3: Add TODO comment, as suggested by Eric.

     Corrupt the length of the second compressed cluster as well so the
     uncompressed data would span three host clusters.

Rather, it is the 'claimed' size of the compressed data that spans threehost clusters. I don't know if our refcount repair code is geared forthat (it IS prepared for a compressed data cluster that spans two hostclusters, but spanning three is only possible for externally-producedimages, as in this test).

  echo
+echo "=== Corrupted size field in compressed cluster descriptor ==="
+echo
+# Create an empty image, fill half of it with data and compress it.
+# The L2 entries of the two compressed clusters are located at
+# 0x800000 and 0x800008, their original values are 0x4008000000a00000
+# and 0x4008000000a00802 (5 sectors for compressed data each).
+TEST_IMG="$TEST_IMG".1 _make_test_img 8M
+$QEMU_IO -c "write -P 0x11 0 4M" "$TEST_IMG".1 2>&1 | _filter_qemu_io | 
_filter_testdir
+$QEMU_IMG convert -c -O qcow2 -o cluster_size=2M "$TEST_IMG".1 "$TEST_IMG"

Is it worth a $QEMU_IO -c "read -v 0x800000 16" so that our .out filevalidates that we indeed see the values we expect (if some other qcow2change causes us to stick the L2 table at a different offset, theverbose read will make it a bit more obvious why this test startsfailing). But that's an extra layer of paranoia, I'm fairly confidentthis test would start failing even without that extra read, so it's nota reason for a respin.

+
+# Reduce size of compressed data to 4 sectors: this corrupts the image.
+poke_file "$TEST_IMG" $((0x800000)) "\x40\x06"
+$QEMU_IO -c "read  -P 0x11 0 4M" "$TEST_IMG" 2>&1 | _filter_qemu_io | 
_filter_testdir
+
+# 'qemu-img check' however doesn't see anything wrong because it
+# doesn't try to decompress the data and the refcounts are consistent.
+# TODO: update qemu-img so this can be detected
+_check_test_img
+
+# Increase size of compressed data to the maximum (8192 sectors).
+# This makes QEMU read more data (8192 sectors instead of 5, host
+# addresses [0xa00000, 0xdfffff]), but the decompression algorithm
+# stops once we have enough to restore the uncompressed cluster, so
+# the rest of the data is ignored.
+poke_file "$TEST_IMG" $((0x800000)) "\x7f\xfe"
+# Do it also for the second compressed cluster (L2 entry at 0x800008).
+# In this case the compressed data would span 3 host clusters
+# (host addresses: [0xa00802, 0xe00801])
+poke_file "$TEST_IMG" $((0x800008)) "\x7f\xfe"
+
+# Here the image is too small so we're asking QEMU to read beyond the
+# end of the image.
+$QEMU_IO -c "read  -P 0x11  0 4M" "$TEST_IMG" 2>&1 | _filter_qemu_io | 
_filter_testdir
+# But if we grow the image we won't be reading beyond its end anymore.
+$QEMU_IO -c "write -P 0x22 4M 4M" "$TEST_IMG" 2>&1 | _filter_qemu_io | 
_filter_testdir
+$QEMU_IO -c "read  -P 0x11  0 4M" "$TEST_IMG" 2>&1 | _filter_qemu_io | 
_filter_testdir
+
+# The refcount data is however wrong because due to the increased size
+# of the compressed data it now reaches the following host clusters.
+# This can be repaired by qemu-img check.
+_check_test_img -r all
+$QEMU_IO -c "read  -P 0x11  0 4M" "$TEST_IMG" 2>&1 | _filter_qemu_io | 
_filter_testdir
+$QEMU_IO -c "read  -P 0x22 4M 4M" "$TEST_IMG" 2>&1 | _filter_qemu_io | 
_filter_testdir


Looks good.  Thanks for adding this in v3.

Reviewed-by: Eric Blake <address@hidden>

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v3] iotests: Test abnormally large size in compressed cluster descriptor, Alberto Garcia, 2018/02/26
- Re: [Qemu-devel] [PATCH v3] iotests: Test abnormally large size in compressed cluster descriptor, Eric Blake <=
  - Re: [Qemu-devel] [PATCH v3] iotests: Test abnormally large size in compressed cluster descriptor, Alberto Garcia, 2018/02/26

Prev by Date: Re: [Qemu-devel] [PATCH] hw/acpi-build: build SRAT memory affinity structures for NVDIMM
Next by Date: Re: [Qemu-devel] [PATCH 1/1] serial: Open non-block
Previous by thread: [Qemu-devel] [PATCH v3] iotests: Test abnormally large size in compressed cluster descriptor
Next by thread: Re: [Qemu-devel] [PATCH v3] iotests: Test abnormally large size in compressed cluster descriptor
Index(es):
- Date
- Thread