Am 01.03.2018 um 17:27 hat Alberto Garcia geschrieben: > Hey ho! > > As we have already discussed in the mailing list, the offset and size > values of snapshots' L1 tables are almost never validated in the QEMU > code. > > One way to deal with this is to validate them when the image is being > opened (in qcow2_read_snapshots()) and return an error if there's > anything wrong. However this would render the image unusable because > we wouldn't be able to try to recover data using the active table as > we can do now. > > Another possibility is to refuse opening the image but add a way to > fix it using 'qemu-img check'. But this would be a destructive > operation, and knowing that the image is already corrupted we can't > guarantee that we wouldn't be corrupting it even more. > > So although having a way to repair this kind of corruption would be > nice, we should still allow the user to try to open the image and read > data from it without requiring a potentially destructive operation > first.
Generally speaking, there is also always the option to refuse opening a corrupted image read-write, but to allow opening it read-only. This would probably still require some checks on use, though (or maybe just hiding all snapshots). Kevin > So this series simply validates the snapshots' L1 tables in the places > where they are actually used. We already have a function to do this > kind of checks so we only need to call it. > > Regards, > > Berto > > Alberto Garcia (7): > qcow2: Generalize validate_table_offset() into qcow2_validate_table() > qcow2: Check L1 table offset in qcow2_snapshot_load_tmp() > qcow2: Check L1 table parameters in qcow2_expand_zero_clusters() > qcow2: Check snapshot L1 tables in qcow2_check_metadata_overlap() > qcow2: Check snapshot L1 table in qcow2_snapshot_goto() > qcow2: Check snapshot L1 table in qcow2_snapshot_delete() > qcow2: Make qemu-img check detect corrupted L1 tables in snapshots > > block/qcow2-cluster.c | 20 +++++++----- > block/qcow2-refcount.c | 24 ++++++++++++++- > block/qcow2-snapshot.c | 21 +++++++++++-- > block/qcow2.c | 77 > ++++++++++++++++++---------------------------- > block/qcow2.h | 10 +++--- > tests/qemu-iotests/080 | 22 ++++++++++++- > tests/qemu-iotests/080.out | 54 ++++++++++++++++++++++++++------ > 7 files changed, 155 insertions(+), 73 deletions(-) > > -- > 2.11.0 >
