mirror of
https://github.com/qemu/qemu.git
synced 2024-12-11 20:53:51 +08:00
c05e4667be
For the L1 table to loaded for an internal snapshot, the code allocated only enough memory to hold the currently active L1 table. If the snapshot's L1 table is actually larger than the current one, this leads to a buffer overflow. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
100 lines
2.6 KiB
Bash
Executable File
100 lines
2.6 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# qcow2 internal snapshots/VM state tests
|
|
#
|
|
# Copyright (C) 2011 Red Hat, Inc.
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
# creator
|
|
owner=kwolf@redhat.com
|
|
|
|
seq=`basename $0`
|
|
echo "QA output created by $seq"
|
|
|
|
here=`pwd`
|
|
tmp=/tmp/$$
|
|
status=1 # failure is the default!
|
|
|
|
_cleanup()
|
|
{
|
|
rm -f $TEST_IMG.snap
|
|
_cleanup_test_img
|
|
}
|
|
trap "_cleanup; exit \$status" 0 1 2 3 15
|
|
|
|
# get standard environment, filters and checks
|
|
. ./common.rc
|
|
. ./common.filter
|
|
. ./common.pattern
|
|
|
|
# Any format supporting intenal snapshots
|
|
_supported_fmt qcow2
|
|
_supported_proto generic
|
|
_supported_os Linux
|
|
|
|
offset_size=24
|
|
offset_l1_size=36
|
|
|
|
echo
|
|
echo Test loading internal snapshots where the L1 table of the snapshot
|
|
echo is smaller than the current L1 table.
|
|
echo
|
|
|
|
CLUSTER_SIZE=65536
|
|
_make_test_img 64M
|
|
$QEMU_IMG snapshot -c foo "$TEST_IMG"
|
|
$QEMU_IO -c 'write -b 0 4k' "$TEST_IMG" | _filter_qemu_io
|
|
$QEMU_IMG snapshot -a foo "$TEST_IMG"
|
|
_check_test_img
|
|
|
|
CLUSTER_SIZE=1024
|
|
_make_test_img 16M
|
|
$QEMU_IMG snapshot -c foo "$TEST_IMG"
|
|
$QEMU_IO -c 'write -b 0 4M' "$TEST_IMG" | _filter_qemu_io
|
|
$QEMU_IMG snapshot -a foo "$TEST_IMG"
|
|
_check_test_img
|
|
|
|
|
|
echo
|
|
echo Try using a huge VM state
|
|
echo
|
|
|
|
CLUSTER_SIZE=65536
|
|
_make_test_img 64M
|
|
{ $QEMU_IO -c "write -b -P 0x11 1T 4k" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
|
|
{ $QEMU_IMG snapshot -c foo $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
|
|
{ $QEMU_IMG snapshot -a foo $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
|
|
{ $QEMU_IO -c "read -b -P 0x11 1T 4k" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
|
|
_check_test_img
|
|
|
|
|
|
echo
|
|
echo "qcow2_snapshot_load_tmp() should take the L1 size from the snapshot"
|
|
echo
|
|
|
|
CLUSTER_SIZE=512
|
|
_make_test_img 64M
|
|
{ $QEMU_IMG snapshot -c foo $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
|
|
poke_file "$TEST_IMG" "$offset_size" "\x00\x00\x00\x00\x00\x00\x02\x00"
|
|
poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\x00\x01"
|
|
{ $QEMU_IMG convert -s foo $TEST_IMG $TEST_IMG.snap; } 2>&1 | _filter_qemu_io | _filter_testdir
|
|
|
|
|
|
# success, all done
|
|
echo "*** done"
|
|
rm -f $seq.full
|
|
status=0
|