All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Philippe Mathieu-Daudé" <philmd@linaro.org>
To: Kevin Wolf <kwolf@redhat.com>, qemu-block@nongnu.org
Cc: hreitz@redhat.com, aesteve@redhat.com, nsoffer@redhat.com,
	qemu-devel@nongnu.org
Subject: Re: [PATCH 1/4] qcow2: Fix theoretical corruption in store_bitmap() error path
Date: Fri, 13 Jan 2023 08:30:47 +0100	[thread overview]
Message-ID: <d13c9ba1-84df-dbac-adc5-8ea8b4df2dbe@linaro.org> (raw)
In-Reply-To: <20230112191454.169353-2-kwolf@redhat.com>

On 12/1/23 20:14, Kevin Wolf wrote:
> In order to write the bitmap table to the image file, it is converted to
> big endian. If the write fails, it is passed to clear_bitmap_table() to
> free all of the clusters it had allocated before. However, if we don't
> convert it back to native endianness first, we'll free things at a wrong
> offset.
> 
> In practical terms, the offsets will be so high that we won't actually
> free any allocated clusters, but just run into an error, but in theory
> this can cause image corruption.
> 
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
>   block/qcow2-bitmap.c | 5 +++--
>   1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c
> index bcad567c0c..3dff99ba06 100644
> --- a/block/qcow2-bitmap.c
> +++ b/block/qcow2-bitmap.c
> @@ -115,7 +115,7 @@ static int update_header_sync(BlockDriverState *bs)
>       return bdrv_flush(bs->file->bs);
>   }
>   

Maybe add a comment here remembering to bswap back to native endianness?

> -static inline void bitmap_table_to_be(uint64_t *bitmap_table, size_t size)
> +static inline void bitmap_table_bswap_be(uint64_t *bitmap_table, size_t size)
>   {

This function uses cpu_to_be64(), semantically we convert back calling
be64_to_cpu(), but technically both functions end up being the same.

Alternatively:

      for (i = 0; i < size; ++i) {
-        bitmap_table[i] = cpu_to_be64(bitmap_table[i]);
+        bswap64s(&bitmap_table[i]);
      }

> @@ -1401,9 +1401,10 @@ static int store_bitmap(BlockDriverState *bs, Qcow2Bitmap *bm, Error **errp)
>           goto fail;
>       }
>   
> -    bitmap_table_to_be(tb, tb_size);
> +    bitmap_table_bswap_be(tb, tb_size);
>       ret = bdrv_pwrite(bs->file, tb_offset, tb_size * sizeof(tb[0]), tb, 0);
>       if (ret < 0) {
> +        bitmap_table_bswap_be(tb, tb_size);
>           error_setg_errno(errp, -ret, "Failed to write bitmap '%s' to file",
>                            bm_name);
>           goto fail;

Pre-existing, but consider using g_autofree for 'tb'.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>



  reply	other threads:[~2023-01-13  7:31 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-12 19:14 [PATCH 0/4] qemu-img: Fix exit code for errors closing the image Kevin Wolf
2023-01-12 19:14 ` [PATCH 1/4] qcow2: Fix theoretical corruption in store_bitmap() error path Kevin Wolf
2023-01-13  7:30   ` Philippe Mathieu-Daudé [this message]
2023-01-13 10:45     ` Kevin Wolf
2023-01-13 17:37       ` Philippe Mathieu-Daudé
2023-01-12 19:14 ` [PATCH 2/4] qemu-img commit: Report errors while closing the image Kevin Wolf
2023-01-12 19:14 ` [PATCH 3/4] qemu-img bitmap: " Kevin Wolf
2023-01-13  7:32   ` Philippe Mathieu-Daudé
2023-01-12 19:14 ` [PATCH 4/4] qemu-iotests: Test qemu-img bitmap/commit exit code on error Kevin Wolf
2023-01-13  7:30 ` [PATCH 0/4] qemu-img: Fix exit code for errors closing the image Markus Armbruster
2023-01-13 11:29   ` Kevin Wolf
2023-02-14 20:09     ` Vladimir Sementsov-Ogievskiy
2023-02-15 13:07     ` Markus Armbruster
2023-02-15 20:50       ` Vladimir Sementsov-Ogievskiy
2023-02-22 12:08       ` Reference-counting and finalizers that can fail are uneasy partners (was: [PATCH 0/4] qemu-img: Fix exit code for errors closing the image) Markus Armbruster
2023-02-22 12:54         ` Daniel P. Berrangé
2023-01-17 11:24 ` [PATCH 0/4] qemu-img: Fix exit code for errors closing the image Hanna Czenczek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d13c9ba1-84df-dbac-adc5-8ea8b4df2dbe@linaro.org \
    --to=philmd@linaro.org \
    --cc=aesteve@redhat.com \
    --cc=hreitz@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=nsoffer@redhat.com \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.