From: Eric Blake <eblake@redhat.com>
To: Max Reitz <mreitz@redhat.com>, qemu-block@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>, John Snow <jsnow@redhat.com>,
Alberto Garcia <berto@igalia.com>,
qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH for-2.11 5/5] qcow2: Refuse to get unaligned offsets from cache
Date: Fri, 10 Nov 2017 15:54:03 -0600 [thread overview]
Message-ID: <0d714dcf-f15c-c229-fa30-1d42002a2438@redhat.com> (raw)
In-Reply-To: <20171110203111.7666-6-mreitz@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1947 bytes --]
On 11/10/2017 02:31 PM, Max Reitz wrote:
> Instead of using an assertion, it is better to emit a corruption event
> here. Checking all offsets for correct alignment can be tedious and it
> is easily possible to forget to do so. qcow2_cache_do_get() is a
> function every L2 and refblock access has to go through, so this is a
> good central point to add such a check.
>
> And for good measure, let us also add an assertion that the offset is
> non-zero. Making this a corruption event is not feasible, because a
> zero offset usually means something special (such as the cluster is
> unused), so all callers should be checking this anyway. If they do not,
> it is their fault, hence the assertion here.
>
> Signed-off-by: Max Reitz <mreitz@redhat.com>
> ---
> block/qcow2-cache.c | 21 +++++++++++++++++++++
> tests/qemu-iotests/060 | 21 +++++++++++++++++++++
> tests/qemu-iotests/060.out | 29 +++++++++++++++++++++++++++++
> 3 files changed, 71 insertions(+)
>
> +--- Repairing ---
> +Repairing refcount block 1 is outside image
> +ERROR refcount block 2 is not cluster aligned; refcount table entry corrupted
> +qcow2: Marking image as corrupt: Refblock offset 0x200 unaligned (reftable index: 0x2); further corruption events will be suppressed
> +Can't get refcount for cluster 1048576: Input/output error
Trying to understand this: we have a double corruption, because we
encountered a refblock that points outside of the image, but fixing the
refblock in turn encounters a second refblock that points within the
image but to an unaligned area.
Of course, you should never encounter these bad refblocks in normal
usage, but when it comes to dealing with untrusted images, being robust
is always worth it.
Reviewed-by: Eric Blake <eblake@redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 619 bytes --]
next prev parent reply other threads:[~2017-11-10 21:54 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-10 20:31 [Qemu-devel] [PATCH for-2.11 0/5] qcow2: Fixes for corrupted images Max Reitz
2017-11-10 20:31 ` [Qemu-devel] [PATCH for-2.11 1/5] qcow2: check_errors are fatal Max Reitz
2017-11-10 20:55 ` Eric Blake
2017-11-10 20:31 ` [Qemu-devel] [PATCH for-2.11 2/5] qcow2: Unaligned zero cluster in handle_alloc() Max Reitz
2017-11-10 20:58 ` Eric Blake
2017-11-14 14:55 ` Alberto Garcia
2017-11-10 20:31 ` [Qemu-devel] [PATCH for-2.11 3/5] block: Guard against NULL bs->drv Max Reitz
2017-11-10 21:46 ` Eric Blake
2017-11-14 15:36 ` Max Reitz
2017-11-10 20:31 ` [Qemu-devel] [PATCH for-2.11 4/5] qcow2: Add bounds check to get_refblock_offset() Max Reitz
2017-11-10 21:49 ` Eric Blake
2017-11-14 15:02 ` Alberto Garcia
2017-11-14 15:27 ` Max Reitz
2017-11-14 15:38 ` Alberto Garcia
2017-11-14 15:40 ` Max Reitz
2017-11-10 20:31 ` [Qemu-devel] [PATCH for-2.11 5/5] qcow2: Refuse to get unaligned offsets from cache Max Reitz
2017-11-10 21:54 ` Eric Blake [this message]
2017-11-10 22:00 ` Max Reitz
2017-11-10 22:15 ` Eric Blake
2017-11-10 22:16 ` Max Reitz
2017-11-14 15:06 ` Alberto Garcia
2017-11-14 15:09 ` Max Reitz
2017-11-14 15:31 ` Alberto Garcia
2017-11-10 20:41 ` [Qemu-devel] [PATCH for-2.11 0/5] qcow2: Fixes for corrupted images Max Reitz
2017-11-15 20:25 ` Max Reitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0d714dcf-f15c-c229-fa30-1d42002a2438@redhat.com \
--to=eblake@redhat.com \
--cc=berto@igalia.com \
--cc=jsnow@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.