qemu/block
Alberto Garcia 6bf45d59f9 qcow2: Prevent allocating refcount blocks at offset 0
Each entry in the qcow2 cache contains an offset field indicating the
location of the data in the qcow2 image. If the offset is 0 then it
means that the entry contains no data and is available to be used when
needed.

Because of that it is not possible to store in the cache the first
cluster of the qcow2 image (offset = 0). This is not a problem because
that cluster always contains the qcow2 header and we're not using this
cache for that.

However, if the qcow2 image is corrupted it can happen that we try to
allocate a new refcount block at offset 0, triggering this assertion
and crashing QEMU:

  qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset != 0' failed

This patch adds an explicit check for this scenario and a new test
case.

This problem was originally reported here:

   https://bugs.launchpad.net/qemu/+bug/1728615

Reported-by: R.Nageswara Sastry <nasastry@in.ibm.com>
Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 92a2fadd10d58b423f269c1d1a309af161cdc73f.1509718618.git.berto@igalia.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2017-11-14 18:06:25 +01:00
..
accounting.c block: make accounting thread-safe 2017-06-16 07:55:00 +08:00
backup.c dirty-bitmap: Change bdrv_dirty_iter_next() to report byte offset 2017-10-06 16:28:58 +02:00
blkdebug.c block: Align block status requests 2017-10-26 14:45:57 +02:00
blkreplay.c block: change variable names in BlockDriverState 2017-06-26 14:54:46 +02:00
blkverify.c blkverify: Catch bs->exact_filename overflow 2017-06-26 14:54:46 +02:00
block-backend.c block: Leave valid throttle timers when removing a BDS from a backend 2017-11-13 15:43:49 +00:00
bochs.c block: do not set BDS read_only if copy_on_read enabled 2017-04-24 15:09:33 -04:00
cloop.c block: do not set BDS read_only if copy_on_read enabled 2017-04-24 15:09:33 -04:00
commit.c commit: Remove overlay_bs 2017-10-06 16:28:58 +02:00
crypto.c block: support passthrough of BDRV_REQ_FUA in crypto driver 2017-10-06 16:30:47 +02:00
crypto.h qcow: convert QCow to use QCryptoBlock for encryption 2017-07-11 17:44:56 +02:00
curl.c curl: do not do aio_poll when waiting for a free CURLState 2017-05-16 10:34:50 -04:00
dirty-bitmap.c dirty-bitmap: Convert internal hbitmap size/granularity 2017-10-06 16:28:58 +02:00
dmg-bz2.c dmg: Move libbz2 code to dmg-bz2.so 2016-10-07 14:14:06 +02:00
dmg.c dmg: use DIV_ROUND_UP 2017-08-31 12:29:07 +02:00
dmg.h dmg: Move libbz2 code to dmg-bz2.so 2016-10-07 14:14:06 +02:00
file-posix.c file-posix: Clear out first sector in hdev_create 2017-09-26 14:46:23 +02:00
file-win32.c qapi: Change data type of the FOO_lookup generated for enum FOO 2017-09-04 13:09:13 +02:00
gluster.c qapi: Change data type of the FOO_lookup generated for enum FOO 2017-09-04 13:09:13 +02:00
io.c block: Reduce bdrv_aligned_preadv() rounding 2017-10-26 14:45:57 +02:00
iscsi-opts.c block/iscsi: statically link qemu_iscsi_opts 2017-01-27 18:07:58 +01:00
iscsi.c scsi: move block/scsi.h to include/scsi/constants.h 2017-09-19 14:09:31 +02:00
linux-aio.c block: explicitly acquire aiocontext in aio callbacks that need it 2017-02-21 11:39:39 +00:00
Makefile.objs block: add throttle block filter driver 2017-09-06 10:12:02 +02:00
mirror.c block: Convert bdrv_get_block_status_above() to bytes 2017-10-26 14:45:57 +02:00
nbd-client.c nbd-client: Stricter enforcing of structured reply spec 2017-11-09 10:22:26 -06:00
nbd-client.h nbd: Minimal structured read for client 2017-10-30 21:48:41 +01:00
nbd.c nbd: Implement NBD_INFO_BLOCK_SIZE on client 2017-07-14 12:04:42 +02:00
nfs.c qapi: Mechanically convert FOO_lookup[...] to FOO_str(...) 2017-09-04 13:09:13 +02:00
null.c block/null: Remove 'filename' option 2017-08-08 15:19:16 +02:00
parallels.c qapi: drop the sentinel in enum array 2017-09-04 13:09:13 +02:00
qapi.c block: move ThrottleGroup membership to ThrottleGroupMember 2017-09-05 16:47:51 +02:00
qcow2-bitmap.c qcow2: Switch store_bitmap_data() to byte-based iteration 2017-10-06 16:28:58 +02:00
qcow2-cache.c qcow2: add qcow2_cache_discard 2017-09-26 15:00:32 +02:00
qcow2-cluster.c block: Convert bdrv_get_block_status() to bytes 2017-10-26 14:45:57 +02:00
qcow2-refcount.c qcow2: Prevent allocating refcount blocks at offset 0 2017-11-14 18:06:25 +01:00
qcow2-snapshot.c qcow2: Discard/zero clusters by byte count 2017-05-11 14:28:07 +02:00
qcow2.c qcow2: Always execute preallocate() in a coroutine 2017-10-26 15:01:14 +02:00
qcow2.h qcow2: truncate the tail of the image file after shrinking the image 2017-10-06 16:30:48 +02:00
qcow.c block: convert qcrypto_block_encrypt|decrypt to take bytes offset 2017-10-06 16:30:47 +02:00
qed-check.c qed: Use DIV_ROUND_UP 2016-06-07 18:19:24 +03:00
qed-cluster.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed-l2-cache.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed-table.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed.c block: rename bdrv_co_drain to bdrv_co_drain_begin 2017-10-13 12:38:41 +01:00
qed.h qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
quorum.c qapi: Change data type of the FOO_lookup generated for enum FOO 2017-09-04 13:09:13 +02:00
raw-format.c block: remove unused bdrv_media_changed 2017-09-04 18:31:13 +02:00
rbd.c qapi: Mechanically convert FOO_lookup[...] to FOO_str(...) 2017-09-04 13:09:13 +02:00
replication.c block: Add reopen_queue to bdrv_child_perm() 2017-09-26 14:46:23 +02:00
sheepdog.c Merge QEMU I/O 2017/09/05 v2 2017-09-05 14:14:33 +01:00
snapshot.c qobject: Use simpler QDict/QList scalar insertion macros 2017-05-09 09:13:51 +02:00
ssh.c util: remove the obsolete non-blocking connect 2017-09-05 13:21:58 +01:00
stream.c block: Make bdrv_is_allocated_above() byte-based 2017-07-10 13:18:07 +02:00
throttle-groups.c throttle-groups: drain before detaching ThrottleState 2017-11-13 14:02:09 +00:00
throttle.c block/throttle.c: add bdrv_co_drain_begin/end callbacks 2017-10-13 12:38:41 +01:00
trace-events block: Make bdrv_round_to_clusters() signature more useful 2017-10-26 14:45:57 +02:00
vdi.c vdi: make it thread-safe 2017-07-17 11:28:15 +08:00
vhdx-endian.c vhdx: Use QEMU UUID API 2016-09-23 11:42:52 +08:00
vhdx-log.c vhdx: use QEMU_ALIGN_DOWN 2017-08-31 12:29:07 +02:00
vhdx.c block/vhdx: check for offset overflow to bdrv_truncate() 2017-08-08 14:37:00 +02:00
vhdx.h block: vhdx - update PAYLOAD_BLOCK_UNMAPPED value to match 1.00 spec 2014-12-12 15:42:22 +00:00
vmdk.c vmdk: Fix error handling/reporting of vmdk_check 2017-08-08 15:19:16 +02:00
vpc.c vpc: use DIV_ROUND_UP 2017-08-31 12:29:07 +02:00
vvfat.c block: Add reopen_queue to bdrv_child_perm() 2017-09-26 14:46:23 +02:00
vxhs.c qobject: Use simpler QDict/QList scalar insertion macros 2017-05-09 09:13:51 +02:00
win32-aio.c block: explicitly acquire aiocontext in aio callbacks that need it 2017-02-21 11:39:39 +00:00
write-threshold.c block: use bdrv_add_before_write_notifier 2016-10-07 13:34:07 +02:00