[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 66c867: block/mirror: fix use after free of l
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] 66c867: block/mirror: fix use after free of local_err |
|
Date: |
Thu, 26 Mar 2020 10:00:17 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 66c8672d242e9a494216237648b7787649c2c970
https://github.com/qemu/qemu/commit/66c8672d242e9a494216237648b7787649c2c970
Author: Vladimir Sementsov-Ogievskiy <address@hidden>
Date: 2020-03-26 (Thu, 26 Mar 2020)
Changed paths:
M block/mirror.c
Log Message:
-----------
block/mirror: fix use after free of local_err
local_err is used again in mirror_exit_common() after
bdrv_set_backing_hd(), so we must zero it. Otherwise try to set
non-NULL local_err will crash.
Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: John Snow <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
Commit: b92902dfeaafbceaf744ab7473f2d070284f6172
https://github.com/qemu/qemu/commit/b92902dfeaafbceaf744ab7473f2d070284f6172
Author: Maxim Levitsky <address@hidden>
Date: 2020-03-26 (Thu, 26 Mar 2020)
Changed paths:
M block.c
M block/crypto.c
M block/file-posix.c
M block/file-win32.c
M block/gluster.c
M block/nfs.c
M block/parallels.c
M block/qcow.c
M block/qcow2.c
M block/qed.c
M block/raw-format.c
M block/rbd.c
M block/sheepdog.c
M block/ssh.c
M block/vdi.c
M block/vhdx.c
M block/vmdk.c
M block/vpc.c
M include/block/block_int.h
Log Message:
-----------
block: pass BlockDriver reference to the .bdrv_co_create
This will allow the reuse of a single generic .bdrv_co_create
implementation for several drivers.
No functional changes.
Signed-off-by: Maxim Levitsky <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Denis V. Lunev <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
Commit: 5a5e7f8cd86b7ced0732b1b6e28c82baa65b09c9
https://github.com/qemu/qemu/commit/5a5e7f8cd86b7ced0732b1b6e28c82baa65b09c9
Author: Maxim Levitsky <address@hidden>
Date: 2020-03-26 (Thu, 26 Mar 2020)
Changed paths:
M block.c
M block/file-posix.c
M block/iscsi.c
M block/nbd.c
M block/nvme.c
M include/block/block.h
M include/block/block_int.h
Log Message:
-----------
block: trickle down the fallback image creation function use to the block
drivers
Instead of checking the .bdrv_co_create_opts to see if we need the
fallback, just implement the .bdrv_co_create_opts in the drivers that
need it.
This way we don't break various places that need to know if the
underlying protocol/format really supports image creation, and this way
we still allow some drivers to not support image creation.
Fixes: fd17146cd93d1704cd96d7c2757b325fc7aac6fd
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1816007
Note that technically this driver reverts the image creation fallback
for the vxhs driver since I don't have a means to test it, and IMHO it
is better to leave it not supported as it was prior to generic image
creation patches.
Also drop iscsi_create_opts which was left accidentally.
Signed-off-by: Maxim Levitsky <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Denis V. Lunev <address@hidden>
[mreitz: Fixed alignment, and moved bdrv_co_create_opts_simple() and
bdrv_create_opts_simple from block.h into block_int.h]
Signed-off-by: Max Reitz <address@hidden>
Commit: a951a631b96cefbe2636fed33a583ca05e9132ba
https://github.com/qemu/qemu/commit/a951a631b96cefbe2636fed33a583ca05e9132ba
Author: Eric Blake <address@hidden>
Date: 2020-03-26 (Thu, 26 Mar 2020)
Changed paths:
M block/qcow2.c
Log Message:
-----------
qcow2: Comment typo fixes
Various trivial typos noticed while working on this file.
Signed-off-by: Eric Blake <address@hidden>
Reviewed-by: Vladimir Sementsov-Ogievskiy <address@hidden>
Reviewed-by: Alberto Garcia <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
Commit: bb40ebce2cb0bd4bf37968074d43d5a864fb6dee
https://github.com/qemu/qemu/commit/bb40ebce2cb0bd4bf37968074d43d5a864fb6dee
Author: Eric Blake <address@hidden>
Date: 2020-03-26 (Thu, 26 Mar 2020)
Changed paths:
M block/qcow2.c
M docs/interop/qcow2.txt
M tests/qemu-iotests/031.out
M tests/qemu-iotests/036.out
M tests/qemu-iotests/061.out
Log Message:
-----------
qcow2: List autoclear bit names in header
The feature table is supposed to advertise the name of all feature
bits that we support; however, we forgot to update the table for
autoclear bits. While at it, move the table to read-only memory in
code, and tweak the qcow2 spec to name the second autoclear bit.
Update iotests that are affected by the longer header length.
Fixes: 88ddffae
Fixes: 93c24936
Signed-off-by: Eric Blake <address@hidden>
Reviewed-by: Vladimir Sementsov-Ogievskiy <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
Commit: e7be13ad3ff593608a118bfb69553037bd221563
https://github.com/qemu/qemu/commit/e7be13ad3ff593608a118bfb69553037bd221563
Author: Eric Blake <address@hidden>
Date: 2020-03-26 (Thu, 26 Mar 2020)
Changed paths:
M block/qcow2.c
M tests/qemu-iotests/036
M tests/qemu-iotests/061
Log Message:
-----------
qcow2: Avoid feature name extension on small cluster size
As the feature name table can be quite large (over 9k if all 64 bits
of all three feature fields have names; a mere 8 features leaves only
8 bytes for a backing file name in a 512-byte cluster), it is unwise
to emit this optional header in images with small cluster sizes.
Update iotest 036 to skip running on small cluster sizes; meanwhile,
note that iotest 061 never passed on alternative cluster sizes
(however, I limited this patch to tests with output affected by adding
feature names, rather than auditing for other tests that are not
robust to alternative cluster sizes).
Signed-off-by: Eric Blake <address@hidden>
Reviewed-by: Vladimir Sementsov-Ogievskiy <address@hidden>
Reviewed-by: Alberto Garcia <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
Commit: ed049910637be991c88cc25c864115bc5b1e4dab
https://github.com/qemu/qemu/commit/ed049910637be991c88cc25c864115bc5b1e4dab
Author: Eric Blake <address@hidden>
Date: 2020-03-26 (Thu, 26 Mar 2020)
Changed paths:
M block/sheepdog.c
Log Message:
-----------
sheepdog: Consistently set bdrv_has_zero_init_truncate
block_int.h claims that .bdrv_has_zero_init must return 0 if
.bdrv_has_zero_init_truncate does likewise; but this is violated if
only the former callback is provided if .bdrv_co_truncate also exists.
When adding the latter callback, it was mistakenly added to only one
of the three possible sheepdog instantiations.
Fixes: 1dcaf527
Signed-off-by: Eric Blake <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: John Snow <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
Commit: 1656324ec0d1a9466160a5c5065b9bf11e6ea91b
https://github.com/qemu/qemu/commit/1656324ec0d1a9466160a5c5065b9bf11e6ea91b
Author: Max Reitz <address@hidden>
Date: 2020-03-26 (Thu, 26 Mar 2020)
Changed paths:
M qemu-img.c
Log Message:
-----------
qemu-img: Fix check's leak/corruption fix report
There are two problems with qemu-img check's report on how many leaks
and/or corruptions have been fixed:
(1) ImageCheck.has_leaks_fixed and ImageCheck.has_corruptions_fixed are
only true when ImageCheck.leaks or ImageCheck.corruptions (respectively)
are non-zero. qcow2's check implementation will set the latter to zero
after it has fixed leaks and corruptions, though, so leaks-fixed and
corruptions-fixed are actually never reported after successful repairs.
We should always report them when they are non-zero, just like all the
other fields of ImageCheck.
(2) After something has been fixed and we run the check a second time,
leaks_fixed and corruptions_fixed are taken from the first run; but
has_leaks_fixed and has_corruptions_fixed are not. The second run
actually cannot fix anything, so with (1) fixed, has_leaks_fixed and
has_corruptions_fixed will always be false here. (With (1) unfixed,
they will at least be false on successful runs, because then the number
of leaks and corruptions found in the second run should be 0.)
We should save has_leaks_fixed and has_corruptions_fixed just like we
save leaks_fixed and corruptions_fixed.
Signed-off-by: Max Reitz <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
Commit: 2f8bb28ff0123a4e84bd14facc541dd2159580c2
https://github.com/qemu/qemu/commit/2f8bb28ff0123a4e84bd14facc541dd2159580c2
Author: Max Reitz <address@hidden>
Date: 2020-03-26 (Thu, 26 Mar 2020)
Changed paths:
M tests/qemu-iotests/common.rc
Log Message:
-----------
iotests: Add poke_file_[bl]e functions
Similarly to peek_file_[bl]e, we may want to write binary integers into
a file. Currently, this often means messing around with poke_file and
raw binary strings. I hope these functions make it a bit more
comfortable.
Signed-off-by: Max Reitz <address@hidden>
Code-suggested-by: Eric Blake <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
Commit: a507c51790fa955c1fccd4deca3c50476a862b83
https://github.com/qemu/qemu/commit/a507c51790fa955c1fccd4deca3c50476a862b83
Author: Max Reitz <address@hidden>
Date: 2020-03-26 (Thu, 26 Mar 2020)
Changed paths:
M tests/qemu-iotests/138
M tests/qemu-iotests/138.out
Log Message:
-----------
iotests/138: Test leaks/corruptions fixed report
Test that qemu-img check reports the number of leaks and corruptions
fixed in its JSON report (after a successful run).
While touching the _unsupported_imgopts line, adjust the note on why
data_file does not work with this test: The current comment sounds a bit
like it is a mistake for qemu-img check not to check external data
files' refcounts. But there are no such refcounts, so it is no mistake.
Just say that qemu-img check does not do much for external data files,
and this is why this test does not work with them.
Signed-off-by: Max Reitz <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
Commit: 762fa6d79aa30e1a713444da0399739423f8d00e
https://github.com/qemu/qemu/commit/762fa6d79aa30e1a713444da0399739423f8d00e
Author: Peter Maydell <address@hidden>
Date: 2020-03-26 (Thu, 26 Mar 2020)
Changed paths:
M block.c
M block/crypto.c
M block/file-posix.c
M block/file-win32.c
M block/gluster.c
M block/iscsi.c
M block/mirror.c
M block/nbd.c
M block/nfs.c
M block/nvme.c
M block/parallels.c
M block/qcow.c
M block/qcow2.c
M block/qed.c
M block/raw-format.c
M block/rbd.c
M block/sheepdog.c
M block/ssh.c
M block/vdi.c
M block/vhdx.c
M block/vmdk.c
M block/vpc.c
M docs/interop/qcow2.txt
M include/block/block.h
M include/block/block_int.h
M qemu-img.c
M tests/qemu-iotests/031.out
M tests/qemu-iotests/036
M tests/qemu-iotests/036.out
M tests/qemu-iotests/061
M tests/qemu-iotests/061.out
M tests/qemu-iotests/138
M tests/qemu-iotests/138.out
M tests/qemu-iotests/common.rc
Log Message:
-----------
Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-03-26'
into staging
Block patches for 5.0-rc1:
- Fix qemu-img convert with a host device or iscsi target
- Use-after-free fix in mirror
- Some minor qcow2 fixes
- Minor sheepdog fix
- Minor qemu-img check report fix
# gpg: Signature made Thu 26 Mar 2020 14:28:26 GMT
# gpg: using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40
# gpg: issuer "address@hidden"
# gpg: Good signature from "Max Reitz <address@hidden>" [full]
# Primary key fingerprint: 91BE B60A 30DB 3E88 57D1 1829 F407 DB00 61D5 CF40
* remotes/maxreitz/tags/pull-block-2020-03-26:
iotests/138: Test leaks/corruptions fixed report
iotests: Add poke_file_[bl]e functions
qemu-img: Fix check's leak/corruption fix report
sheepdog: Consistently set bdrv_has_zero_init_truncate
qcow2: Avoid feature name extension on small cluster size
qcow2: List autoclear bit names in header
qcow2: Comment typo fixes
block: trickle down the fallback image creation function use to the block
drivers
block: pass BlockDriver reference to the .bdrv_co_create
block/mirror: fix use after free of local_err
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/01e38186ecb1...762fa6d79aa3
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 66c867: block/mirror: fix use after free of local_err,
Peter Maydell <=