Skip to main content

Browse the archive

Revision 2e0e234272a65930743fe4580a500b6bf6782529 authored by Lukas Tschoke on 07 April 2023, 22:11:38 UTC, committed by Michael Tokarev on 13 April 2023, 15:31:39 UTC 
block/vhdx: fix dynamic VHDX BAT corruption
 
The corruption occurs when a BAT entry aligned to 4096 bytes is changed.

Specifically, the corruption occurs during the creation of the LOG Data
Descriptor. The incorrect behavior involves copying 4088 bytes from the
original 4096 bytes aligned offset to `tmp[8..4096]` and then copying
the new value for the first BAT entry to the beginning `tmp[0..8]`.
This results in all existing BAT entries inside the 4K region being
incorrectly moved by 8 bytes and the last entry being lost.

This bug did not cause noticeable corruption when only sequentially
writing once to an empty dynamic VHDX (e.g.
using `qemu-img convert -O vhdx -o subformat=dynamic ...`), but it
still resulted in invalid values for the (unused) Sector Bitmap BAT
entries.

Importantly, this corruption would only become noticeable after the
corrupted BAT is re-read from the file.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/727
Cc: qemu-stable@nongnu.org
Signed-off-by: Lukas Tschoke <lukts330@gmail.com>
Message-Id: <6cfb6d6b-adc5-7772-c8a5-6bae9a0ad668@gmail.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 8af037fe4cfeb88bbcded3122cec2c5be0b90907)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
1 parent c221208
History
File Mode Size
.github
.gitlab
.gitlab-ci.d
accel
audio
authz
backends
block
bsd-user
chardev
common-user
configs
contrib
crypto
disas
docs
dtc @ b6910be
dump
ebpf
fpu
fsdev
gdb-xml
gdbstub
hw
include
io
libdecnumber
linux-headers
linux-user
meson @ 3a9b285
migration
monitor
nbd
net
pc-bios
plugins
po
python
qapi
qga
qobject
qom
replay
roms
scripts
scsi
semihosting
softmmu
storage-daemon
stubs
subprojects
target
tcg
tests
tools
trace
ui
util
.cirrus.yml -rw-r--r-- 4.5 KB
.dir-locals.el -rw-r--r-- 75 bytes
.editorconfig -rw-r--r-- 951 bytes
.exrc -rw-r--r-- 220 bytes
.gdbinit -rw-r--r-- 326 bytes
.gitattributes -rw-r--r-- 100 bytes
.gitignore -rw-r--r-- 194 bytes
.gitlab-ci.yml -rw-r--r-- 884 bytes
.gitmodules -rw-r--r-- 2.3 KB
.gitpublish -rw-r--r-- 1.6 KB
.mailmap -rw-r--r-- 9.1 KB
.patchew.yml -rw-r--r-- 8.3 KB
.readthedocs.yml -rw-r--r-- 543 bytes
.travis.yml -rw-r--r-- 8.0 KB
COPYING -rw-r--r-- 17.6 KB
COPYING.LIB -rw-r--r-- 25.9 KB
Kconfig -rw-r--r-- 132 bytes
Kconfig.host -rw-r--r-- 616 bytes
LICENSE -rw-r--r-- 1.1 KB
MAINTAINERS -rw-r--r-- 87.4 KB
Makefile -rw-r--r-- 11.2 KB
README.rst -rw-r--r-- 5.4 KB
VERSION -rw-r--r-- 6 bytes
block.c -rw-r--r-- 239.8 KB
blockdev-nbd.c -rw-r--r-- 7.7 KB
blockdev.c -rw-r--r-- 116.3 KB
blockjob.c -rw-r--r-- 16.6 KB
configure -rwxr-xr-x 75.8 KB
cpu.c -rw-r--r-- 12.8 KB
cpus-common.c -rw-r--r-- 10.3 KB
disas.c -rw-r--r-- 10.7 KB
event-loop-base.c -rw-r--r-- 4.0 KB
gitdm.config -rw-r--r-- 1.8 KB
hmp-commands-info.hx -rw-r--r-- 21.7 KB
hmp-commands.hx -rw-r--r-- 53.2 KB
iothread.c -rw-r--r-- 11.6 KB
job-qmp.c -rw-r--r-- 4.3 KB
job.c -rw-r--r-- 32.3 KB
memory_ldst.c.inc -rw-r--r-- 15.7 KB
meson.build -rw-r--r-- 144.2 KB
meson_options.txt -rw-r--r-- 16.1 KB
module-common.c -rw-r--r-- 113 bytes
os-posix.c -rw-r--r-- 8.1 KB
os-win32.c -rw-r--r-- 2.0 KB
page-vary-common.c -rw-r--r-- 1.6 KB
page-vary.c -rw-r--r-- 1.2 KB
qemu-bridge-helper.c -rw-r--r-- 11.9 KB
qemu-edid.c -rw-r--r-- 3.7 KB
qemu-img-cmds.hx -rw-r--r-- 5.5 KB
qemu-img.c -rw-r--r-- 159.8 KB
qemu-io-cmds.c -rw-r--r-- 64.7 KB
qemu-io.c -rw-r--r-- 17.9 KB
qemu-keymap.c -rw-r--r-- 7.4 KB
qemu-nbd.c -rw-r--r-- 37.7 KB
qemu-options.hx -rw-r--r-- 237.3 KB
qemu.nsi -rw-r--r-- 6.7 KB
qemu.sasl -rw-r--r-- 1.7 KB
replication.c -rw-r--r-- 2.5 KB
trace-events -rw-r--r-- 3.8 KB
version.rc -rw-r--r-- 867 bytes

README.rst

back to top