From: Maxim Levitsky <mlevitsk@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Kevin Wolf" <kwolf@redhat.com>,
"Vladimir Sementsov-Ogievskiy" <vsementsov@virtuozzo.com>,
"Daniel P . Berrangé" <berrange@redhat.com>,
qemu-block@nongnu.org, qemu-stable <qemu-stable@nongnu.org>,
"Max Reitz" <mreitz@redhat.com>,
"Maxim Levitsky" <mlevitsk@redhat.com>
Subject: [Qemu-devel] [PATCH v5 1/3] Fix qcow2+luks corruption introduced by commit 8ac0f15f335
Date: Fri, 13 Sep 2019 18:28:16 +0300 [thread overview]
Message-ID: <20190913152818.17843-2-mlevitsk@redhat.com> (raw)
In-Reply-To: <20190913152818.17843-1-mlevitsk@redhat.com>
This fixes subtle corruption introduced by luks threaded encryption
in commit 8ac0f15f335
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1745922
The corruption happens when we do a write that
* writes to two or more unallocated clusters at once
* doesn't fully cover the first sector
* doesn't fully cover the last sector
In this case, when allocating the new clusters we COW both areas
prior to the write and after the write, and we encrypt them.
The above mentioned commit accidentally made it so we encrypt the
second COW area using the physical cluster offset of the first area.
The problem is that offset_in_cluster in do_perform_cow_encrypt
can be larger that the cluster size, thus cluster_offset
will no longer point to the start of the cluster at which encrypted
area starts.
Next patch in this series will refactor the code to avoid all these
assumptions.
In the bugreport that was triggered by rebasing a luks image to new,
zero filled base, which lot of such writes, and causes some files
with zero areas to contain garbage there instead.
But as described above it can happen elsewhere as well
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
---
block/qcow2-cluster.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index dcacd3c450..bfeb0241d7 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -474,9 +474,10 @@ static bool coroutine_fn do_perform_cow_encrypt(BlockDriverState *bs,
assert((offset_in_cluster & ~BDRV_SECTOR_MASK) == 0);
assert((bytes & ~BDRV_SECTOR_MASK) == 0);
assert(s->crypto);
- if (qcow2_co_encrypt(bs, cluster_offset,
- src_cluster_offset + offset_in_cluster,
- buffer, bytes) < 0) {
+ if (qcow2_co_encrypt(bs,
+ start_of_cluster(s, cluster_offset + offset_in_cluster),
+ src_cluster_offset + offset_in_cluster,
+ buffer, bytes) < 0) {
return false;
}
}
--
2.17.2
next prev parent reply other threads:[~2019-09-13 15:34 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-13 15:28 [Qemu-devel] [PATCH v5 0/3] Fix qcow2+luks corruption introduced by commit 8ac0f15f335 Maxim Levitsky
2019-09-13 15:28 ` Maxim Levitsky [this message]
2019-09-13 15:44 ` [Qemu-devel] [PATCH v5 1/3] " Vladimir Sementsov-Ogievskiy
2019-09-13 15:28 ` [Qemu-devel] [PATCH v5 2/3] block/qcow2: refactor threaded encryption code Maxim Levitsky
2019-09-13 16:11 ` Vladimir Sementsov-Ogievskiy
2019-09-13 16:27 ` Maxim Levitsky
2019-09-13 15:28 ` [Qemu-devel] [PATCH v5 3/3] qemu-iotests: Add test for bz #1745922 Maxim Levitsky
2019-09-13 16:27 ` Vladimir Sementsov-Ogievskiy
2019-09-13 16:39 ` Maxim Levitsky
2019-09-13 16:57 ` Vladimir Sementsov-Ogievskiy
2019-09-13 17:03 ` Maxim Levitsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190913152818.17843-2-mlevitsk@redhat.com \
--to=mlevitsk@redhat.com \
--cc=berrange@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=vsementsov@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.