From 289ef5f219d1a94b8225c459dc65821b37637a4f Mon Sep 17 00:00:00 2001 From: Vladimir Sementsov-Ogievskiy Date: Tue, 14 Sep 2021 15:24:51 +0300 Subject: [PATCH] qcow2-refcount: check_refcounts_l2(): check reserved bits Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Eric Blake Tested-by: Kirill Tkhai Reviewed-by: Hanna Reitz Message-Id: <20210914122454.141075-8-vsementsov@virtuozzo.com> [hreitz: Separated `type` declaration from statements] Signed-off-by: Hanna Reitz --- block/qcow2-refcount.c | 14 +++++++++++++- block/qcow2.h | 1 + 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 9a5ae3cac4..bdac7b1780 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -1680,10 +1680,22 @@ static int check_refcounts_l2(BlockDriverState *bs, BdrvCheckResult *res, for (i = 0; i < s->l2_size; i++) { uint64_t coffset; int csize; + QCow2ClusterType type; + l2_entry = get_l2_entry(s, l2_table, i); l2_bitmap = get_l2_bitmap(s, l2_table, i); + type = qcow2_get_cluster_type(bs, l2_entry); - switch (qcow2_get_cluster_type(bs, l2_entry)) { + if (type != QCOW2_CLUSTER_COMPRESSED) { + /* Check reserved bits of Standard Cluster Descriptor */ + if (l2_entry & L2E_STD_RESERVED_MASK) { + fprintf(stderr, "ERROR found l2 entry with reserved bits set: " + "%" PRIx64 "\n", l2_entry); + res->corruptions++; + } + } + + switch (type) { case QCOW2_CLUSTER_COMPRESSED: /* Compressed clusters don't have QCOW_OFLAG_COPIED */ if (l2_entry & QCOW_OFLAG_COPIED) { diff --git a/block/qcow2.h b/block/qcow2.h index c0e1e83796..b8b1093b61 100644 --- a/block/qcow2.h +++ b/block/qcow2.h @@ -587,6 +587,7 @@ typedef enum QCow2MetadataOverlap { #define L1E_OFFSET_MASK 0x00fffffffffffe00ULL #define L2E_OFFSET_MASK 0x00fffffffffffe00ULL +#define L2E_STD_RESERVED_MASK 0x3f000000000001feULL #define REFT_OFFSET_MASK 0xfffffffffffffe00ULL