From: "Denis V. Lunev" <den@virtuozzo.com>
To: Alexander Ivanov <alexander.ivanov@virtuozzo.com>, qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org, stefanha@redhat.com,
vsementsov@yandex-team.ru, kwolf@redhat.com, hreitz@redhat.com
Subject: Re: [PATCH v2 1/8] parallels: Out of image offset in BAT leads to image inflation
Date: Fri, 12 Aug 2022 16:13:45 +0200 [thread overview]
Message-ID: <c910c939-dd25-8dac-cc6e-ca96f5ec47d3@virtuozzo.com> (raw)
In-Reply-To: <20220811150044.1704013-2-alexander.ivanov@virtuozzo.com>
On 11.08.2022 17:00, Alexander Ivanov wrote:
> When an image is opened, data_end field in BDRVParallelsState
> is setted as the biggest offset in the BAT plus cluster size.
> If there is a corrupted offset pointing outside the image,
> the image size increase accordingly. It potentially leads
> to attempts to create a file size of petabytes.
>
> Set the data_end field with the original file size if the image
> was opened for checking and repairing purposes or raise an error.
>
> v2: No changes.
Changelog should be below ---
In that case it will not be merged.
There are a lot of typos/mistakes inside, I'd better use the comment
below.
"data_end field in BDRVParallelsState is set to the biggest offset present
in BAT. If this offset is outside of the image, any further write will
create
the cluster at this offset and/or the image will be truncated to this
offset on close. This is definitely not correct and should be fixed."
With this change:
Reviewed-by: Denis V. Lunev <den@openvz.org>
> Signed-off-by: Alexander Ivanov <alexander.ivanov@virtuozzo.com>
> ---
> block/parallels.c | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
>
> diff --git a/block/parallels.c b/block/parallels.c
> index a229c06f25..a76cf9d993 100644
> --- a/block/parallels.c
> +++ b/block/parallels.c
> @@ -732,6 +732,7 @@ static int parallels_open(BlockDriverState *bs, QDict *options, int flags,
> BDRVParallelsState *s = bs->opaque;
> ParallelsHeader ph;
> int ret, size, i;
> + int64_t file_size;
> QemuOpts *opts = NULL;
> Error *local_err = NULL;
> char *buf;
> @@ -811,6 +812,22 @@ static int parallels_open(BlockDriverState *bs, QDict *options, int flags,
> }
> }
>
> + file_size = bdrv_getlength(bs->file->bs);
> + if (file_size < 0) {
> + goto fail;
> + }
> +
> + file_size >>= BDRV_SECTOR_BITS;
> + if (s->data_end > file_size) {
> + if (flags & BDRV_O_CHECK) {
> + s->data_end = file_size;
> + } else {
> + error_setg(errp, "parallels: Offset in BAT is out of image");
> + ret = -EINVAL;
> + goto fail;
> + }
> + }
> +
> if (le32_to_cpu(ph.inuse) == HEADER_INUSE_MAGIC) {
> /* Image was not closed correctly. The check is mandatory */
> s->header_unclean = true;
next prev parent reply other threads:[~2022-08-12 14:15 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-11 15:00 [PATCH v2 0/8] parallels: Refactor the code of images checks and fix a bug Alexander Ivanov
2022-08-11 15:00 ` [PATCH v2 1/8] parallels: Out of image offset in BAT leads to image inflation Alexander Ivanov
2022-08-12 14:13 ` Denis V. Lunev [this message]
2022-08-11 15:00 ` [PATCH v2 2/8] parallels: Move BAT entry setting to a separate function Alexander Ivanov
2022-08-12 14:19 ` Denis V. Lunev
2022-08-11 15:00 ` [PATCH v2 3/8] parallels: Replace bdrv_co_pwrite_sync by bdrv_co_flush for BAT flushing Alexander Ivanov
2022-08-12 14:39 ` Denis V. Lunev
2022-08-11 15:00 ` [PATCH v2 4/8] parallels: Move check of unclean image to a separate function Alexander Ivanov
2022-08-12 14:42 ` Denis V. Lunev
2022-08-11 15:00 ` [PATCH v2 5/8] parallels: Move check of cluster outside " Alexander Ivanov
2022-08-12 14:44 ` Denis V. Lunev
2022-08-11 15:00 ` [PATCH v2 6/8] parallels: Move check of leaks " Alexander Ivanov
2022-08-12 14:47 ` Denis V. Lunev
2022-08-11 15:00 ` [PATCH v2 7/8] parallels: Move statistic collection " Alexander Ivanov
2022-08-12 14:49 ` Denis V. Lunev
2022-08-11 15:00 ` [PATCH v2 8/8] parallels: Replace qemu_co_mutex_lock by WITH_QEMU_LOCK_GUARD Alexander Ivanov
2022-08-12 14:54 ` Denis V. Lunev
2022-08-12 14:55 ` [PATCH v2 0/8] parallels: Refactor the code of images checks and fix a bug Denis V. Lunev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c910c939-dd25-8dac-cc6e-ca96f5ec47d3@virtuozzo.com \
--to=den@virtuozzo.com \
--cc=alexander.ivanov@virtuozzo.com \
--cc=hreitz@redhat.com \
--cc=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=vsementsov@yandex-team.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.