qemu/block
Eric Blake 77d6a21558 qcow2: Don't allow overflow during cluster allocation
Our code was already checking that we did not attempt to
allocate more clusters than what would fit in an INT64 (the
physical maximimum if we can access a full off_t's worth of
data).  But this does not catch smaller limits enforced by
various spots in the qcow2 image description: L1 and normal
clusters of L2 are documented as having bits 63-56 reserved
for other purposes, capping our maximum offset at 64PB (bit
55 is the maximum bit set).  And for compressed images with
2M clusters, the cap drops the maximum offset to bit 48, or
a maximum offset of 512TB.  If we overflow that offset, we
would write compressed data into one place, but try to
decompress from another, which won't work.

It's actually possible to prove that overflow can cause image
corruption without this patch; I'll add the iotests separately
in the next commit.

Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2018-11-19 12:51:40 +01:00
..
accounting.c block/accounting: introduce latency histogram 2018-03-19 14:58:37 -05:00
backup.c block/backup: make function variables consistently named 2018-08-31 16:28:33 +02:00
blkdebug.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
blklogwrites.c block: Use BdrvChild to discard 2018-07-10 16:01:52 +02:00
blkreplay.c trivial: Make bios files and source files non-executable 2018-09-25 17:26:18 +02:00
blkverify.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
block-backend.c block: Null pointer dereference in blk_root_get_parent_desc() 2018-11-12 17:49:21 +01:00
bochs.c block: Require auto-read-only for existing fallbacks 2018-11-05 15:09:55 +01:00
cloop.c block: Require auto-read-only for existing fallbacks 2018-11-05 15:09:55 +01:00
commit.c block/commit: refactor commit to use job callbacks 2018-09-25 15:31:15 +02:00
copy-on-read.c block: drop empty .bdrv_close handlers 2018-08-15 12:50:39 +02:00
create.c jobs: utilize job_exit shim 2018-08-31 16:28:33 +02:00
crypto.c luks: Allow share-rw=on 2018-08-15 12:50:39 +02:00
crypto.h block/crypto: Simplify block_crypto_{open,create}_opts_init() 2018-06-29 14:20:56 +02:00
curl.c curl: Support auto-read-only option 2018-11-05 15:09:55 +01:00
dirty-bitmap.c dirty-bitmaps: clean-up bitmaps loading and migration logic 2018-10-29 16:23:17 -04:00
dmg-bz2.c dmg: Move libbz2 code to dmg-bz2.so 2016-10-07 14:14:06 +02:00
dmg.c block: Require auto-read-only for existing fallbacks 2018-11-05 15:09:55 +01:00
dmg.h block: remove "qemu/osdep.h" from header file 2017-12-18 17:07:02 +03:00
file-posix.c file-posix: Drop s->lock_fd 2018-11-12 17:46:57 +01:00
file-win32.c block: Prefix file driver trace points with "file_" 2018-07-10 16:01:51 +02:00
gluster.c gluster: Support auto-read-only option 2018-11-05 15:09:55 +01:00
io.c block: Use a single global AioWait 2018-09-25 15:50:15 +02:00
iscsi-opts.c Move include qemu/option.h from qemu-common.h to actual users 2018-02-09 13:52:16 +01:00
iscsi.c iscsi: Support auto-read-only option 2018-11-05 15:09:55 +01:00
linux-aio.c block/linux-aio: acquire AioContext before qemu_laio_process_completions 2018-09-25 15:50:15 +02:00
Makefile.objs block: Make more block drivers compile-time configurable 2018-11-12 17:49:21 +01:00
mirror.c block/mirror: conservative mirror_exit refactor 2018-09-25 15:31:15 +02:00
nbd-client.c nbd: Support auto-read-only option 2018-11-05 15:09:55 +01:00
nbd-client.h nbd/client: Add x-dirty-bitmap to query bitmap from server 2018-07-02 15:27:38 -05:00
nbd.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
nfs.c block: Convert .bdrv_truncate callback to coroutine_fn 2018-06-29 14:20:56 +02:00
null.c block: drop empty .bdrv_close handlers 2018-08-15 12:50:39 +02:00
nvme.c nvme: correct locking around completion 2018-10-12 09:46:14 +08:00
parallels.c parallels: Switch to byte-based calls 2018-06-29 14:20:56 +02:00
parallels.h Clean up includes 2018-02-09 05:05:11 +01:00
qapi.c block/qapi: Fix memory leak in qmp_query_blockstats() 2018-08-15 12:50:39 +02:00
qcow2-bitmap.c block/qcow2-bitmap: Don't take address of fields in packed structs 2018-11-05 15:09:54 +01:00
qcow2-cache.c qcow2: Allow configuring the L2 slice size 2018-02-13 17:00:00 +01:00
qcow2-cluster.c qcow2: Free allocated clusters on write error 2018-06-29 14:20:56 +02:00
qcow2-refcount.c qcow2: Don't allow overflow during cluster allocation 2018-11-19 12:51:40 +01:00
qcow2-snapshot.c block: use local path for local headers 2018-05-31 04:16:06 +03:00
qcow2.c qcow2: Get the request alignment for encrypted images from QCryptoBlock 2018-11-05 15:09:54 +01:00
qcow2.h qcow2: Don't allow overflow during cluster allocation 2018-11-19 12:51:40 +01:00
qcow.c block/qcow: Don't take address of fields in packed structs 2018-11-05 15:09:54 +01:00
qed-check.c block: convert bdrv_check callback to coroutine_fn 2018-03-09 15:17:47 +01:00
qed-cluster.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed-l2-cache.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed-table.c block: convert bdrv_check callback to coroutine_fn 2018-03-09 15:17:47 +01:00
qed.c error: Fix use of error_prepend() with &error_fatal, &error_abort 2018-10-19 14:51:34 +02:00
qed.h qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
quorum.c quorum: Forbid adding children in blkverify mode 2018-11-05 15:09:54 +01:00
raw-format.c block: drop empty .bdrv_close handlers 2018-08-15 12:50:39 +02:00
rbd.c block: Require auto-read-only for existing fallbacks 2018-11-05 15:09:55 +01:00
replication.c replication: Switch to byte-based calls 2018-06-29 14:20:56 +02:00
sheepdog.c block: Use warn_report() & friends to report warnings 2018-10-19 14:51:34 +02:00
snapshot.c block: make .bdrv_close optional 2018-08-15 12:50:39 +02:00
ssh.c block: Convert .bdrv_truncate callback to coroutine_fn 2018-06-29 14:20:56 +02:00
stream.c block/stream: refactor stream to use job callbacks 2018-09-25 15:31:15 +02:00
throttle-groups.c throttle-groups: Don't allow timers without throttled requests 2018-08-15 12:50:39 +02:00
throttle.c block: Use BdrvChild to discard 2018-07-10 16:01:52 +02:00
trace-events block: Add copy offloading trace points 2018-07-10 16:01:52 +02:00
vdi.c vdi: Use a literal number of bytes for DEFAULT_CLUSTER_SIZE 2018-11-05 15:28:48 +01:00
vhdx-endian.c block/vhdx: Don't take address of fields in packed structs 2018-11-05 15:09:54 +01:00
vhdx-log.c block/vhdx: Don't take address of fields in packed structs 2018-11-05 15:09:54 +01:00
vhdx.c block/vhdx: Don't take address of fields in packed structs 2018-11-05 15:09:54 +01:00
vhdx.h block/vhdx: Don't take address of fields in packed structs 2018-11-05 15:09:54 +01:00
vmdk.c vmdk: align end of file to a sector boundary 2018-09-26 10:47:18 +08:00
vpc.c vpc: Don't leak opts in vpc_open() 2018-11-05 15:09:54 +01:00
vvfat.c vvfat: Fix memory leak 2018-11-19 12:51:40 +01:00
vxhs.c block: Add block-specific QDict header 2018-06-15 14:49:44 +02:00
win32-aio.c file-win32: Switch to byte-based callbacks 2018-05-15 16:11:41 +02:00
write-threshold.c qapi: Drop qapi_event_send_FOO()'s Error ** argument 2018-08-28 18:21:38 +02:00