qemu/block
Kevin Wolf 5e97855052 qcow2: Fix corruption bug in qcow2_detect_metadata_preallocation()
qcow2_detect_metadata_preallocation() calls qcow2_get_refcount() which
requires s->lock to be taken to protect its accesses to the refcount
table and refcount blocks. However, nothing in this code path actually
took the lock. This could cause the same cache entry to be used by two
requests at the same time, for different tables at different offsets,
resulting in image corruption.

As it would be preferable to base the detection on consistent data (even
though it's just heuristics), let's take the lock not only around the
qcow2_get_refcount() calls, but around the whole function.

This patch takes the lock in qcow2_co_block_status() earlier and asserts
in qcow2_detect_metadata_preallocation() that we hold the lock.

Fixes: 69f47505ee
Cc: qemu-stable@nongnu.org
Reported-by: Michael Weiser <michael.weiser@gmx.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Tested-by: Michael Weiser <michael.weiser@gmx.de>
Reviewed-by: Michael Weiser <michael.weiser@gmx.de>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2019-10-25 15:18:55 +02:00
..
accounting.c block: add empty account cookie type 2019-10-10 10:56:18 +02:00
aio_task.c block: introduce aio task pool 2019-10-10 10:56:17 +02:00
backup-top.c block/backup: use backup-top instead of write notifiers 2019-10-10 10:56:18 +02:00
backup-top.h block: introduce backup-top filter driver 2019-10-10 10:56:18 +02:00
backup.c block/backup: drop dead code from backup_job_create 2019-10-25 15:15:01 +02:00
blkdebug.c blkdebug: Inject errors on .bdrv_co_block_status() 2019-06-14 14:16:57 +02:00
blklogwrites.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
blkreplay.c block: implement bdrv_snapshot_goto for blkreplay 2019-10-14 17:12:48 +02:00
blkverify.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
block-backend.c replay: add BH oneshot event for block layer 2019-10-14 17:12:48 +02:00
block-copy.c block/dirty-bitmap: add bs link 2019-10-17 17:02:32 -04:00
bochs.c block: Use QEMU_IS_ALIGNED 2019-09-16 14:48:30 +02:00
cloop.c block: Use QEMU_IS_ALIGNED 2019-09-16 14:48:30 +02:00
commit.c job: drop job_drain 2019-09-10 08:58:43 +02:00
copy-on-read.c block/copy-on-read: Fix permissions for inactive node 2019-07-30 12:25:43 +02:00
create.c block/create: Do not abort if a block driver is not available 2019-09-13 12:18:37 +02:00
crypto.c LUKS: support preallocation 2019-08-19 17:13:26 +02:00
crypto.h Clean up ill-advised or unusual header guards 2019-05-13 08:58:55 +02:00
curl.c curl: Check curl_multi_add_handle()'s return code 2019-09-16 15:31:12 +02:00
dirty-bitmap.c block/qcow2-bitmap: get rid of bdrv_has_changed_persistent_bitmaps 2019-10-17 17:02:32 -04:00
dmg-bz2.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
dmg-lzfse.c
dmg.c block: Use QEMU_IS_ALIGNED 2019-09-16 14:48:30 +02:00
dmg.h Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
file-posix.c qapi: query-blockstat: add driver specific file-posix stats 2019-10-10 10:56:18 +02:00
file-win32.c block: Implement .bdrv_has_zero_init_truncate() 2019-08-19 17:13:26 +02:00
gluster.c block: Implement .bdrv_has_zero_init_truncate() 2019-08-19 17:13:26 +02:00
io.c block: Reject misaligned write requests with BDRV_REQ_NO_FALLBACK 2019-10-14 17:12:48 +02:00
iscsi-opts.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
iscsi.c replay: add BH oneshot event for block layer 2019-10-14 17:12:48 +02:00
linux-aio.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
Makefile.objs block: introduce backup-top filter driver 2019-10-10 10:56:18 +02:00
mirror.c block/dirty-bitmap: add bs link 2019-10-17 17:02:32 -04:00
nbd.c block/nbd: nbd reconnect 2019-10-22 09:22:07 -05:00
nfs.c replay: add BH oneshot event for block layer 2019-10-14 17:12:48 +02:00
null.c replay: add BH oneshot event for block layer 2019-10-14 17:12:48 +02:00
nvme.c replay: add BH oneshot event for block layer 2019-10-14 17:12:48 +02:00
parallels.c block: Use bdrv_has_zero_init_truncate() 2019-08-19 17:13:26 +02:00
parallels.h
qapi.c qapi: query-blockstat: add driver specific file-posix stats 2019-10-10 10:56:18 +02:00
qcow2-bitmap.c block/qcow2-bitmap: fix and improve qcow2_reopen_bitmaps_rw 2019-10-17 17:53:28 -04:00
qcow2-cache.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
qcow2-cluster.c qcow2: Limit total allocation range to INT_MAX 2019-10-14 17:12:48 +02:00
qcow2-refcount.c qcow2: Fix corruption bug in qcow2_detect_metadata_preallocation() 2019-10-25 15:18:55 +02:00
qcow2-snapshot.c qcow2.h: add missing include 2019-05-28 20:30:55 +02:00
qcow2-threads.c block/qcow2: refactor encryption code 2019-09-16 15:36:22 +02:00
qcow2.c qcow2: Fix corruption bug in qcow2_detect_metadata_preallocation() 2019-10-25 15:18:55 +02:00
qcow2.h block/qcow2-bitmap: do not remove bitmaps on reopen-ro 2019-10-17 17:02:32 -04:00
qcow.c block/qcow: Improve error when opening qcow2 files as qcow 2019-07-08 16:00:26 +02:00
qed-check.c block/qed: add missed coroutine_fn markers 2019-04-30 15:29:00 +02:00
qed-cluster.c
qed-l2-cache.c
qed-table.c block/qed: add missed coroutine_fn markers 2019-04-30 15:29:00 +02:00
qed.c block: Implement .bdrv_has_zero_init_truncate() 2019-08-19 17:13:26 +02:00
qed.h block/qed: add missed coroutine_fn markers 2019-04-30 15:29:00 +02:00
quorum.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
raw-format.c block: Implement .bdrv_has_zero_init_truncate() 2019-08-19 17:13:26 +02:00
rbd.c replay: add BH oneshot event for block layer 2019-10-14 17:12:48 +02:00
replication.c block/backup: use backup-top instead of write notifiers 2019-10-10 10:56:18 +02:00
sheepdog.c block: Implement .bdrv_has_zero_init_truncate() 2019-08-19 17:13:26 +02:00
snapshot.c block/snapshot: Restrict set of snapshot nodes 2019-10-04 11:52:40 +02:00
ssh.c block: Implement .bdrv_has_zero_init_truncate() 2019-08-19 17:13:26 +02:00
stream.c job: drop job_drain 2019-09-10 08:58:43 +02:00
throttle-groups.c Include qemu/main-loop.h less 2019-08-16 13:31:52 +02:00
throttle.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
trace-events block: move block_copy from block/backup.c to separate file 2019-10-10 10:56:17 +02:00
vdi.c vdi: Make block_status recurse for fixed images 2019-08-19 17:13:26 +02:00
vhdx-endian.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
vhdx-log.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
vhdx.c block/vhdx: add check for truncated image files 2019-10-14 17:12:48 +02:00
vhdx.h
vmdk.c vmdk: Reject invalid compressed writes 2019-09-03 14:55:35 +02:00
vpc.c vpc: Return 0 from vpc_co_create() on success 2019-09-10 08:58:43 +02:00
vvfat.c block: Use QEMU_IS_ALIGNED 2019-09-16 14:48:30 +02:00
vxhs.c replay: add BH oneshot event for block layer 2019-10-14 17:12:48 +02:00
win32-aio.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
write-threshold.c