From e1eeded4e30e8a57a5acf98bd3f5fa492215e7d5 Mon Sep 17 00:00:00 2001 From: Mark McLoughlin Date: Tue, 21 Apr 2009 09:03:40 +0000 Subject: [PATCH] - Another qcow2 image corruption fix (#496642) --- qemu-fix-qcow2-corruption.patch | 47 +++++++++++++++++++++++++++------ qemu.spec | 5 +++- 2 files changed, 43 insertions(+), 9 deletions(-) diff --git a/qemu-fix-qcow2-corruption.patch b/qemu-fix-qcow2-corruption.patch index 95a3a6d..dfed7be 100644 --- a/qemu-fix-qcow2-corruption.patch +++ b/qemu-fix-qcow2-corruption.patch @@ -1,6 +1,28 @@ +From: Nolan Leake sigbus.net> +Subject: [PATCH] Fix (at least one cause of) qcow2 corruption. + +qcow2's get_cluster_offset() scans forward in the l2 table to find other +clusters that have the same allocation status as the first cluster. +This is used by (among others) qcow_is_allocated(). + +Unfortunately, it was not checking to be sure that it didn't fall off +the end of the l2 table. This patch adds that check. + +The symptom that motivated me to look into this was that +bdrv_is_allocated() was returning false when there was in fact data +there. This is one of many ways this bug could lead to data corruption. + +I checked the other place that scans for consecutive unallocated blocks +(alloc_cluster_offset()) and it appears to be OK: + nb_clusters = MIN(nb_clusters, s->l2_size - l2_index); +appears to prevent the same problem from occurring. + +Signed-off-by: Nolan Leake sigbus.net> + +--- + From: Kevin Wolf -To: qemu-devel@nongnu.org -Subject: [Qemu-devel] [PATCH] qcow2 corruption: Fix alloc_cluster_link_l2 +Subject: [PATCH] qcow2 corruption: Fix alloc_cluster_link_l2 This patch fixes a qcow2 corruption bug introduced in SVN Rev 5861. L2 tables are big endian, so entries must be converted before being passed to functions. @@ -18,14 +40,23 @@ qcow2 image (the header is gone after three loop iterations): done Signed-off-by: Kevin Wolf ---- - block-qcow2.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) diff -up qemu-kvm-0.10/qemu/block-qcow2.c.qcow2-corruption qemu-kvm-0.10/qemu/block-qcow2.c ---- qemu-kvm-0.10/qemu/block-qcow2.c.qcow2-corruption 2009-04-20 14:41:22.000000000 +0100 -+++ qemu-kvm-0.10/qemu/block-qcow2.c 2009-04-20 14:41:54.000000000 +0100 -@@ -912,7 +912,7 @@ static int alloc_cluster_link_l2(BlockDr +diff -up qemu-kvm-0.10/qemu/block-qcow2.c.qcow2-corruption qemu-kvm-0.10/qemu/block-qcow2.c +--- qemu-kvm-0.10/qemu/block-qcow2.c.qcow2-corruption 2009-04-21 09:57:21.000000000 +0100 ++++ qemu-kvm-0.10/qemu/block-qcow2.c 2009-04-21 09:58:27.000000000 +0100 +@@ -670,6 +670,10 @@ static uint64_t get_cluster_offset(Block + + nb_available = (nb_available >> 9) + index_in_cluster; + ++ if (nb_needed > nb_available) { ++ nb_needed = nb_available; ++ } ++ + cluster_offset = 0; + + /* seek the the l2 offset in the l1 table */ +@@ -912,7 +916,7 @@ static int alloc_cluster_link_l2(BlockDr goto err; for (i = 0; i < j; i++) diff --git a/qemu.spec b/qemu.spec index d0c7fe2..f5a59c2 100644 --- a/qemu.spec +++ b/qemu.spec @@ -1,7 +1,7 @@ Summary: QEMU is a FAST! processor emulator Name: qemu Version: 0.10 -Release: 11%{?dist} +Release: 12%{?dist} # I have mistakenly thought the revision name would be 1.0. # So 0.10 series get Epoch = 1 Epoch: 2 @@ -467,6 +467,9 @@ fi %{_mandir}/man1/qemu-img.1* %changelog +* Tue Apr 21 2009 Mark McLoughlin - 2:0.10-12 +- Another qcow2 image corruption fix (#496642) + * Mon Apr 20 2009 Mark McLoughlin - 2:0.10-11 - Fix qcow2 image corruption (#496642)