Block patches for 5.0-rc0:
- Use-after-free fix - Fix for a memleak in an error path - Preventative measures against other potential use-after-frees, and against NULL deferences at runtime - iotest fixes -----BEGIN PGP SIGNATURE----- iQFFBAABCAAwFiEEkb62CjDbPohX0Rgp9AfbAGHVz0AFAl55+r0SHG1yZWl0ekBy ZWRoYXQuY29tAAoJEPQH2wBh1c9AypAH9ijjB8H/Vxp+A8DSIvMwXVDTEp2I+ACX +riIwJIgvpz9Vblf9PPFjGfoArBMtQwb4F91aPy+eDaYq+teaekmPU4YXGMz+/dG 5JDKoAbJJr1gwMrSOIW3kQ/MKvoP0hiEFgwXvBvXJkXiANb2sCIvrXXKr/gFB0vt M0/TERutiO7r+mkbfIVPKJahlaswguvoavqDak6kk5+OeOBpBoPwfPWlcjjEfGHb epZiZN/i6fHLphfD+TEmTIzQQQI6csPUDA/ORbhodVZ2sQJ5kVfLVs+69RAwilC6 L3F1SnstnXcazUYlWOIicTJfKfC0BubM2Sofs7mfPFwN6I8A6PRTtw== =KpHc -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-03-24' into staging Block patches for 5.0-rc0: - Use-after-free fix - Fix for a memleak in an error path - Preventative measures against other potential use-after-frees, and against NULL deferences at runtime - iotest fixes # gpg: Signature made Tue 24 Mar 2020 12:19:09 GMT # gpg: using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40 # gpg: issuer "mreitz@redhat.com" # gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full] # Primary key fingerprint: 91BE B60A 30DB 3E88 57D1 1829 F407 DB00 61D5 CF40 * remotes/maxreitz/tags/pull-block-2020-03-24: iotests/026: Move v3-exclusive test to new file iotests: Fix cleanup path in some tests block/qcow2: zero data_file child after free block: bdrv_set_backing_bs: fix use-after-free block: Assert BlockDriver::format_name is not NULL block: Avoid memleak on qcow2 image info failure Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
commit
62a43e53fa
3
block.c
3
block.c
@ -363,6 +363,7 @@ char *bdrv_get_full_backing_filename(BlockDriverState *bs, Error **errp)
|
||||
|
||||
void bdrv_register(BlockDriver *bdrv)
|
||||
{
|
||||
assert(bdrv->format_name);
|
||||
QLIST_INSERT_HEAD(&bdrv_drivers, bdrv, list);
|
||||
}
|
||||
|
||||
@ -2759,10 +2760,10 @@ void bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd,
|
||||
|
||||
if (bs->backing) {
|
||||
bdrv_unref_child(bs, bs->backing);
|
||||
bs->backing = NULL;
|
||||
}
|
||||
|
||||
if (!backing_hd) {
|
||||
bs->backing = NULL;
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -1758,6 +1758,7 @@ static int coroutine_fn qcow2_do_open(BlockDriverState *bs, QDict *options,
|
||||
g_free(s->image_data_file);
|
||||
if (has_data_file(bs)) {
|
||||
bdrv_unref_child(bs, s->data_file);
|
||||
s->data_file = NULL;
|
||||
}
|
||||
g_free(s->unknown_header_fields);
|
||||
cleanup_unknown_header_ext(bs);
|
||||
@ -2621,6 +2622,7 @@ static void qcow2_close(BlockDriverState *bs)
|
||||
|
||||
if (has_data_file(bs)) {
|
||||
bdrv_unref_child(bs, s->data_file);
|
||||
s->data_file = NULL;
|
||||
}
|
||||
|
||||
qcow2_refcount_close(bs);
|
||||
@ -4811,6 +4813,7 @@ static ImageInfoSpecific *qcow2_get_specific_info(BlockDriverState *bs,
|
||||
if (local_err) {
|
||||
error_propagate(errp, local_err);
|
||||
qapi_free_ImageInfoSpecific(spec_info);
|
||||
qapi_free_QCryptoBlockInfo(encrypt_info);
|
||||
return NULL;
|
||||
}
|
||||
*spec_info->u.qcow2.data = (ImageInfoSpecificQCow2){
|
||||
|
@ -240,37 +240,6 @@ $QEMU_IO -c "write 0 $CLUSTER_SIZE" "$BLKDBG_TEST_IMG" | _filter_qemu_io
|
||||
|
||||
_check_test_img
|
||||
|
||||
echo
|
||||
echo === Avoid freeing external data clusters on failure ===
|
||||
echo
|
||||
|
||||
# Similar test as the last one, except we test what happens when there
|
||||
# is an error when writing to an external data file instead of when
|
||||
# writing to a preallocated zero cluster
|
||||
_make_test_img -o "data_file=$TEST_IMG.data_file" $CLUSTER_SIZE
|
||||
|
||||
# Put blkdebug above the data-file, and a raw node on top of that so
|
||||
# that blkdebug will see a write_aio event and emit an error
|
||||
$QEMU_IO -c "write 0 $CLUSTER_SIZE" \
|
||||
"json:{
|
||||
'driver': 'qcow2',
|
||||
'file': { 'driver': 'file', 'filename': '$TEST_IMG' },
|
||||
'data-file': {
|
||||
'driver': 'raw',
|
||||
'file': {
|
||||
'driver': 'blkdebug',
|
||||
'config': '$TEST_DIR/blkdebug.conf',
|
||||
'image': {
|
||||
'driver': 'file',
|
||||
'filename': '$TEST_IMG.data_file'
|
||||
}
|
||||
}
|
||||
}
|
||||
}" \
|
||||
| _filter_qemu_io
|
||||
|
||||
_check_test_img
|
||||
|
||||
# success, all done
|
||||
echo "*** done"
|
||||
rm -f $seq.full
|
||||
|
@ -653,10 +653,4 @@ wrote 1024/1024 bytes at offset 0
|
||||
1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
write failed: Input/output error
|
||||
No errors were found on the image.
|
||||
|
||||
=== Avoid freeing external data clusters on failure ===
|
||||
|
||||
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1024 data_file=TEST_DIR/t.IMGFMT.data_file
|
||||
write failed: Input/output error
|
||||
No errors were found on the image.
|
||||
*** done
|
||||
|
@ -661,10 +661,4 @@ wrote 1024/1024 bytes at offset 0
|
||||
1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
||||
write failed: Input/output error
|
||||
No errors were found on the image.
|
||||
|
||||
=== Avoid freeing external data clusters on failure ===
|
||||
|
||||
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1024 data_file=TEST_DIR/t.IMGFMT.data_file
|
||||
write failed: Input/output error
|
||||
No errors were found on the image.
|
||||
*** done
|
||||
|
@ -39,6 +39,7 @@ SNAPSHOTS=10
|
||||
_cleanup()
|
||||
{
|
||||
_cleanup_qemu
|
||||
_cleanup_test_img
|
||||
for i in $(seq 1 ${SNAPSHOTS})
|
||||
do
|
||||
_rm_test_img "${TEST_DIR}/${i}-${snapshot_virt0}"
|
||||
|
@ -26,6 +26,12 @@ echo "QA output created by $seq"
|
||||
|
||||
status=1 # failure is the default!
|
||||
|
||||
_cleanup()
|
||||
{
|
||||
_cleanup_test_img
|
||||
}
|
||||
trap "_cleanup; exit \$status" 0 1 2 3 15
|
||||
|
||||
# get standard environment, filters and checks
|
||||
. ./common.rc
|
||||
. ./common.filter
|
||||
|
@ -26,7 +26,7 @@ status=1 # failure is the default!
|
||||
_cleanup()
|
||||
{
|
||||
_cleanup_test_img
|
||||
rm -f "$TEST_IMG.mid"
|
||||
_rm_test_img "$TEST_IMG.mid"
|
||||
}
|
||||
trap "_cleanup; exit \$status" 0 1 2 3 15
|
||||
|
||||
|
89
tests/qemu-iotests/289
Executable file
89
tests/qemu-iotests/289
Executable file
@ -0,0 +1,89 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# qcow2 v3-exclusive error path testing
|
||||
# (026 tests paths common to v2 and v3)
|
||||
#
|
||||
# Copyright (C) 2020 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
seq=$(basename $0)
|
||||
echo "QA output created by $seq"
|
||||
|
||||
status=1 # failure is the default!
|
||||
|
||||
_cleanup()
|
||||
{
|
||||
_cleanup_test_img
|
||||
rm "$TEST_DIR/blkdebug.conf"
|
||||
rm -f "$TEST_IMG.data_file"
|
||||
}
|
||||
trap "_cleanup; exit \$status" 0 1 2 3 15
|
||||
|
||||
# get standard environment, filters and checks
|
||||
. ./common.rc
|
||||
. ./common.filter
|
||||
. ./common.pattern
|
||||
|
||||
_supported_fmt qcow2
|
||||
_supported_proto file
|
||||
# This is a v3-exclusive test;
|
||||
# As for data_file, error paths often very much depend on whether
|
||||
# there is an external data file or not; so we create one exactly when
|
||||
# we want to test it
|
||||
_unsupported_imgopts 'compat=0.10' data_file
|
||||
|
||||
echo
|
||||
echo === Avoid freeing external data clusters on failure ===
|
||||
echo
|
||||
|
||||
cat > "$TEST_DIR/blkdebug.conf" <<EOF
|
||||
[inject-error]
|
||||
event = "write_aio"
|
||||
errno = "5"
|
||||
once = "on"
|
||||
EOF
|
||||
|
||||
# Test what happens when there is an error when writing to an external
|
||||
# data file instead of when writing to a preallocated zero cluster
|
||||
_make_test_img -o "data_file=$TEST_IMG.data_file" 64k
|
||||
|
||||
# Put blkdebug above the data-file, and a raw node on top of that so
|
||||
# that blkdebug will see a write_aio event and emit an error. This
|
||||
# will then trigger the alloc abort code, which we want to test here.
|
||||
$QEMU_IO -c "write 0 64k" \
|
||||
"json:{
|
||||
'driver': 'qcow2',
|
||||
'file': { 'driver': 'file', 'filename': '$TEST_IMG' },
|
||||
'data-file': {
|
||||
'driver': 'raw',
|
||||
'file': {
|
||||
'driver': 'blkdebug',
|
||||
'config': '$TEST_DIR/blkdebug.conf',
|
||||
'image': {
|
||||
'driver': 'file',
|
||||
'filename': '$TEST_IMG.data_file'
|
||||
}
|
||||
}
|
||||
}
|
||||
}" \
|
||||
| _filter_qemu_io
|
||||
|
||||
_check_test_img
|
||||
|
||||
# success, all done
|
||||
echo "*** done"
|
||||
rm -f $seq.full
|
||||
status=0
|
8
tests/qemu-iotests/289.out
Normal file
8
tests/qemu-iotests/289.out
Normal file
@ -0,0 +1,8 @@
|
||||
QA output created by 289
|
||||
|
||||
=== Avoid freeing external data clusters on failure ===
|
||||
|
||||
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=65536 data_file=TEST_DIR/t.IMGFMT.data_file
|
||||
write failed: Input/output error
|
||||
No errors were found on the image.
|
||||
*** done
|
@ -295,3 +295,4 @@
|
||||
284 rw
|
||||
286 rw quick
|
||||
288 quick
|
||||
289 rw quick
|
||||
|
Loading…
Reference in New Issue
Block a user