qemu-e2k/block
Alberto Garcia 9883975050 qcow2: Prevent allocating L2 tables at offset 0
If the refcount data is corrupted then we can end up trying to
allocate a new L2 table at offset 0 in the image, triggering an
assertion in the qcow2 cache that would crash QEMU:

  qcow2_cache_entry_mark_dirty: Assertion `c->entries[i].offset != 0' failed

This patch adds an explicit check for this scenario and a new test
case.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 92dac37191ae7844a2da22c122204eb493cc3133.1509718618.git.berto@igalia.com
Signed-off-by: Max Reitz <mreitz@redhat.com>
2017-11-14 18:06:25 +01:00
..
accounting.c block: make accounting thread-safe 2017-06-16 07:55:00 +08:00
backup.c dirty-bitmap: Change bdrv_dirty_iter_next() to report byte offset 2017-10-06 16:28:58 +02:00
blkdebug.c block: Align block status requests 2017-10-26 14:45:57 +02:00
blkreplay.c block: change variable names in BlockDriverState 2017-06-26 14:54:46 +02:00
blkverify.c blkverify: Catch bs->exact_filename overflow 2017-06-26 14:54:46 +02:00
block-backend.c block: Leave valid throttle timers when removing a BDS from a backend 2017-11-13 15:43:49 +00:00
bochs.c block: do not set BDS read_only if copy_on_read enabled 2017-04-24 15:09:33 -04:00
cloop.c block: do not set BDS read_only if copy_on_read enabled 2017-04-24 15:09:33 -04:00
commit.c commit: Remove overlay_bs 2017-10-06 16:28:58 +02:00
crypto.c block: support passthrough of BDRV_REQ_FUA in crypto driver 2017-10-06 16:30:47 +02:00
crypto.h qcow: convert QCow to use QCryptoBlock for encryption 2017-07-11 17:44:56 +02:00
curl.c curl: do not do aio_poll when waiting for a free CURLState 2017-05-16 10:34:50 -04:00
dirty-bitmap.c dirty-bitmap: Convert internal hbitmap size/granularity 2017-10-06 16:28:58 +02:00
dmg-bz2.c
dmg.c dmg: use DIV_ROUND_UP 2017-08-31 12:29:07 +02:00
dmg.h
file-posix.c file-posix: Clear out first sector in hdev_create 2017-09-26 14:46:23 +02:00
file-win32.c qapi: Change data type of the FOO_lookup generated for enum FOO 2017-09-04 13:09:13 +02:00
gluster.c qapi: Change data type of the FOO_lookup generated for enum FOO 2017-09-04 13:09:13 +02:00
io.c block: Reduce bdrv_aligned_preadv() rounding 2017-10-26 14:45:57 +02:00
iscsi-opts.c block/iscsi: statically link qemu_iscsi_opts 2017-01-27 18:07:58 +01:00
iscsi.c scsi: move block/scsi.h to include/scsi/constants.h 2017-09-19 14:09:31 +02:00
linux-aio.c block: explicitly acquire aiocontext in aio callbacks that need it 2017-02-21 11:39:39 +00:00
Makefile.objs block: add throttle block filter driver 2017-09-06 10:12:02 +02:00
mirror.c block: Convert bdrv_get_block_status_above() to bytes 2017-10-26 14:45:57 +02:00
nbd-client.c nbd-client: Stricter enforcing of structured reply spec 2017-11-09 10:22:26 -06:00
nbd-client.h nbd: Minimal structured read for client 2017-10-30 21:48:41 +01:00
nbd.c nbd: Implement NBD_INFO_BLOCK_SIZE on client 2017-07-14 12:04:42 +02:00
nfs.c qapi: Mechanically convert FOO_lookup[...] to FOO_str(...) 2017-09-04 13:09:13 +02:00
null.c block/null: Remove 'filename' option 2017-08-08 15:19:16 +02:00
parallels.c qapi: drop the sentinel in enum array 2017-09-04 13:09:13 +02:00
qapi.c block: move ThrottleGroup membership to ThrottleGroupMember 2017-09-05 16:47:51 +02:00
qcow2-bitmap.c qcow2: Switch store_bitmap_data() to byte-based iteration 2017-10-06 16:28:58 +02:00
qcow2-cache.c qcow2: add qcow2_cache_discard 2017-09-26 15:00:32 +02:00
qcow2-cluster.c qcow2: Prevent allocating L2 tables at offset 0 2017-11-14 18:06:25 +01:00
qcow2-refcount.c qcow2: Prevent allocating refcount blocks at offset 0 2017-11-14 18:06:25 +01:00
qcow2-snapshot.c qcow2: Discard/zero clusters by byte count 2017-05-11 14:28:07 +02:00
qcow2.c qcow2: Always execute preallocate() in a coroutine 2017-10-26 15:01:14 +02:00
qcow2.h qcow2: truncate the tail of the image file after shrinking the image 2017-10-06 16:30:48 +02:00
qcow.c block: convert qcrypto_block_encrypt|decrypt to take bytes offset 2017-10-06 16:30:47 +02:00
qed-check.c
qed-cluster.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed-l2-cache.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed-table.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed.c block: rename bdrv_co_drain to bdrv_co_drain_begin 2017-10-13 12:38:41 +01:00
qed.h qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
quorum.c qapi: Change data type of the FOO_lookup generated for enum FOO 2017-09-04 13:09:13 +02:00
raw-format.c block: remove unused bdrv_media_changed 2017-09-04 18:31:13 +02:00
rbd.c qapi: Mechanically convert FOO_lookup[...] to FOO_str(...) 2017-09-04 13:09:13 +02:00
replication.c block: Add reopen_queue to bdrv_child_perm() 2017-09-26 14:46:23 +02:00
sheepdog.c Merge QEMU I/O 2017/09/05 v2 2017-09-05 14:14:33 +01:00
snapshot.c qobject: Use simpler QDict/QList scalar insertion macros 2017-05-09 09:13:51 +02:00
ssh.c util: remove the obsolete non-blocking connect 2017-09-05 13:21:58 +01:00
stream.c block: Make bdrv_is_allocated_above() byte-based 2017-07-10 13:18:07 +02:00
throttle-groups.c throttle-groups: drain before detaching ThrottleState 2017-11-13 14:02:09 +00:00
throttle.c block/throttle.c: add bdrv_co_drain_begin/end callbacks 2017-10-13 12:38:41 +01:00
trace-events block: Make bdrv_round_to_clusters() signature more useful 2017-10-26 14:45:57 +02:00
vdi.c vdi: make it thread-safe 2017-07-17 11:28:15 +08:00
vhdx-endian.c
vhdx-log.c vhdx: use QEMU_ALIGN_DOWN 2017-08-31 12:29:07 +02:00
vhdx.c block/vhdx: check for offset overflow to bdrv_truncate() 2017-08-08 14:37:00 +02:00
vhdx.h
vmdk.c vmdk: Fix error handling/reporting of vmdk_check 2017-08-08 15:19:16 +02:00
vpc.c vpc: use DIV_ROUND_UP 2017-08-31 12:29:07 +02:00
vvfat.c block: Add reopen_queue to bdrv_child_perm() 2017-09-26 14:46:23 +02:00
vxhs.c qobject: Use simpler QDict/QList scalar insertion macros 2017-05-09 09:13:51 +02:00
win32-aio.c block: explicitly acquire aiocontext in aio callbacks that need it 2017-02-21 11:39:39 +00:00
write-threshold.c