thebeanogamer / rpms / qemu-kvm

Forked from rpms/qemu-kvm 5 months ago
Clone
9ae3a8
From b8514c8dfe9af1d7c6e5ed3eff1a4383b5da087e Mon Sep 17 00:00:00 2001
9ae3a8
From: Max Reitz <mreitz@redhat.com>
9ae3a8
Date: Sat, 13 Jun 2015 16:22:31 +0200
9ae3a8
Subject: [PATCH 37/42] qcow2: Add two more unalignment checks
9ae3a8
9ae3a8
Message-id: <1434212556-3927-38-git-send-email-mreitz@redhat.com>
9ae3a8
Patchwork-id: 66056
9ae3a8
O-Subject: [RHEL-7.2 qemu-kvm PATCH 37/42] qcow2: Add two more unalignment checks
9ae3a8
Bugzilla: 1129893
9ae3a8
RH-Acked-by: Jeffrey Cody <jcody@redhat.com>
9ae3a8
RH-Acked-by: Fam Zheng <famz@redhat.com>
9ae3a8
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
9ae3a8
9ae3a8
BZ: 1129893
9ae3a8
9ae3a8
This adds checks for unaligned L2 table offsets and unaligned data
9ae3a8
cluster offsets (actually the preallocated offsets for zero clusters) to
9ae3a8
the zero cluster expansion function.
9ae3a8
9ae3a8
Signed-off-by: Max Reitz <mreitz@redhat.com>
9ae3a8
Reviewed-by: Eric Blake <eblake@redhat.com>
9ae3a8
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
9ae3a8
(cherry picked from commit 8dd93d9339505376f6ce6737ead871ff6d7e676f)
9ae3a8
9ae3a8
Signed-off-by: Max Reitz <mreitz@redhat.com>
9ae3a8
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
9ae3a8
---
9ae3a8
 block/qcow2-cluster.c | 21 +++++++++++++++++++++
9ae3a8
 1 file changed, 21 insertions(+)
9ae3a8
9ae3a8
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
9ae3a8
index 053e9fe..f7938f6 100644
9ae3a8
--- a/block/qcow2-cluster.c
9ae3a8
+++ b/block/qcow2-cluster.c
9ae3a8
@@ -1579,6 +1579,14 @@ static int expand_zero_clusters_in_l1(BlockDriverState *bs, uint64_t *l1_table,
9ae3a8
             continue;
9ae3a8
         }
9ae3a8
 
9ae3a8
+        if (offset_into_cluster(s, l2_offset)) {
9ae3a8
+            qcow2_signal_corruption(bs, true, -1, -1, "L2 table offset %#"
9ae3a8
+                                    PRIx64 " unaligned (L1 index: %#x)",
9ae3a8
+                                    l2_offset, i);
9ae3a8
+            ret = -EIO;
9ae3a8
+            goto fail;
9ae3a8
+        }
9ae3a8
+
9ae3a8
         if (is_active_l1) {
9ae3a8
             /* get active L2 tables from cache */
9ae3a8
             ret = qcow2_cache_get(bs, s->l2_table_cache, l2_offset,
9ae3a8
@@ -1638,6 +1646,19 @@ static int expand_zero_clusters_in_l1(BlockDriverState *bs, uint64_t *l1_table,
9ae3a8
                 }
9ae3a8
             }
9ae3a8
 
9ae3a8
+            if (offset_into_cluster(s, offset)) {
9ae3a8
+                qcow2_signal_corruption(bs, true, -1, -1, "Data cluster offset "
9ae3a8
+                                        "%#" PRIx64 " unaligned (L2 offset: %#"
9ae3a8
+                                        PRIx64 ", L2 index: %#x)", offset,
9ae3a8
+                                        l2_offset, j);
9ae3a8
+                if (!preallocated) {
9ae3a8
+                    qcow2_free_clusters(bs, offset, s->cluster_size,
9ae3a8
+                                        QCOW2_DISCARD_ALWAYS);
9ae3a8
+                }
9ae3a8
+                ret = -EIO;
9ae3a8
+                goto fail;
9ae3a8
+            }
9ae3a8
+
9ae3a8
             ret = qcow2_pre_write_overlap_check(bs, 0, offset, s->cluster_size);
9ae3a8
             if (ret < 0) {
9ae3a8
                 if (!preallocated) {
9ae3a8
-- 
9ae3a8
1.8.3.1
9ae3a8