rpms/qemu-kvm
7
0
Fork 0
Code Issues Pull Requests Releases Activity
a6628605f7
qemu-kvm/kvm-qcow2-Fix-theoretical-corruption-in-store_bitmap-err.patch
Miroslav Rezanina a6628605f7 * Thu Feb 09 2023 Miroslav Rezanina <mrezanin@redhat.com> - 7.2.0-8 
- kvm-qcow2-Fix-theoretical-corruption-in-store_bitmap-err.patch [bz#2150180]
- kvm-qemu-img-commit-Report-errors-while-closing-the-imag.patch [bz#2150180]
- kvm-qemu-img-bitmap-Report-errors-while-closing-the-imag.patch [bz#2150180]
- kvm-qemu-iotests-Test-qemu-img-bitmap-commit-exit-code-o.patch [bz#2150180]
- kvm-accel-tcg-Test-CPUJumpCache-in-tb_jmp_cache_clear_pa.patch [bz#2165280]
- kvm-block-Improve-empty-format-specific-info-dump.patch [bz#1860292]
- kvm-block-file-Add-file-specific-image-info.patch [bz#1860292]
- kvm-block-vmdk-Change-extent-info-type.patch [bz#1860292]
- kvm-block-Split-BlockNodeInfo-off-of-ImageInfo.patch [bz#1860292]
- kvm-qemu-img-Use-BlockNodeInfo.patch [bz#1860292]
- kvm-block-qapi-Let-bdrv_query_image_info-recurse.patch [bz#1860292]
- kvm-block-qapi-Introduce-BlockGraphInfo.patch [bz#1860292]
- kvm-block-qapi-Add-indentation-to-bdrv_node_info_dump.patch [bz#1860292]
- kvm-iotests-Filter-child-node-information.patch [bz#1860292]
- kvm-iotests-106-214-308-Read-only-one-size-line.patch [bz#1860292]
- kvm-qemu-img-Let-info-print-block-graph.patch [bz#1860292]
- kvm-qemu-img-Change-info-key-names-for-protocol-nodes.patch [bz#1860292]
- kvm-Revert-vhost-user-Monitor-slave-channel-in-vhost_use.patch [bz#2155173]
- kvm-Revert-vhost-user-Introduce-nested-event-loop-in-vho.patch [bz#2155173]
- kvm-virtio-rng-pci-fix-transitional-migration-compat-for.patch [bz#2162569]
- Resolves: bz#2150180
  (qemu-img finishes successfully while having errors in commit or bitmaps operations)
- Resolves: bz#2165280
  ([kvm-unit-tests] debug-wp-migration fails)
- Resolves: bz#1860292
  (RFE: add extent_size_hint information to qemu-img info)
- Resolves: bz#2155173
  ([vhost-user] unable to start vhost net: 71: falling back on userspace)
- Resolves: bz#2162569
  ([transitional device][virtio-rng-pci-transitional]Stable Guest ABI failed between RHEL 8.6 to RHEL 9.2)
2023-02-09 09:45:40 -05:00

68 lines
2.5 KiB
Diff
Raw Blame History

From 46ead2c391924b68741d6da28f28f909b80f5914 Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 12 Jan 2023 20:14:51 +0100
Subject: [PATCH 01/20] qcow2: Fix theoretical corruption in store_bitmap()
error path
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Kevin Wolf <kwolf@redhat.com>
RH-MergeRequest: 143: qemu-img: Fix exit code for errors closing the image
RH-Bugzilla: 2150180
RH-Acked-by: Thomas Huth <thuth@redhat.com>
RH-Acked-by: Hanna Czenczek <hreitz@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Commit: [1/4] a6a497947179431567d330d0501247a3749fb9fd (kmwolf/centos-qemu-kvm)
In order to write the bitmap table to the image file, it is converted to
big endian. If the write fails, it is passed to clear_bitmap_table() to
free all of the clusters it had allocated before. However, if we don't
convert it back to native endianness first, we'll free things at a wrong
offset.
In practical terms, the offsets will be so high that we won't actually
free any allocated clusters, but just run into an error, but in theory
this can cause image corruption.
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20230112191454.169353-2-kwolf@redhat.com>
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit b03dd9613bcf8fe948581b2b3585510cb525c382)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/qcow2-bitmap.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c
index bcad567c0c..3dff99ba06 100644
--- a/block/qcow2-bitmap.c
+++ b/block/qcow2-bitmap.c
@@ -115,7 +115,7 @@ static int update_header_sync(BlockDriverState *bs)
return bdrv_flush(bs->file->bs);
}
-static inline void bitmap_table_to_be(uint64_t *bitmap_table, size_t size)
+static inline void bitmap_table_bswap_be(uint64_t *bitmap_table, size_t size)
{
size_t i;
@@ -1401,9 +1401,10 @@ static int store_bitmap(BlockDriverState *bs, Qcow2Bitmap *bm, Error **errp)
goto fail;
}
- bitmap_table_to_be(tb, tb_size);
+ bitmap_table_bswap_be(tb, tb_size);
ret = bdrv_pwrite(bs->file, tb_offset, tb_size * sizeof(tb[0]), tb, 0);
if (ret < 0) {
+ bitmap_table_bswap_be(tb, tb_size);
error_setg_errno(errp, -ret, "Failed to write bitmap '%s' to file",
bm_name);
goto fail;
--
2.31.1
Reference in New Issue View Git Blame Copy Permalink