git.ipfire.org Git - thirdparty/qemu.git/commit

author	Kevin Wolf <kwolf@redhat.com>
	Thu, 24 Oct 2019 14:26:58 +0000 (16:26 +0200)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Wed, 30 Oct 2019 16:34:26 +0000 (11:34 -0500)
commit	416a692e51b8b582407e30046ddcffbbe52ecf77
tree	2cdc7e61b42d5ef2271efb251a52a90619d69baf	tree \| snapshot
parent	e9bb3d942e268a19e03fc5d404586d2ed1564282	commit \| diff

qcow2: Fix corruption bug in qcow2_detect_metadata_preallocation()

qcow2_detect_metadata_preallocation() calls qcow2_get_refcount() which
requires s->lock to be taken to protect its accesses to the refcount
table and refcount blocks. However, nothing in this code path actually
took the lock. This could cause the same cache entry to be used by two
requests at the same time, for different tables at different offsets,
resulting in image corruption.

As it would be preferable to base the detection on consistent data (even
though it's just heuristics), let's take the lock not only around the
qcow2_get_refcount() calls, but around the whole function.

This patch takes the lock in qcow2_co_block_status() earlier and asserts
in qcow2_detect_metadata_preallocation() that we hold the lock.

Fixes: 69f47505ee66afaa513305de0c1895a224e52c45
Cc: qemu-stable@nongnu.org
Reported-by: Michael Weiser <michael.weiser@gmx.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Tested-by: Michael Weiser <michael.weiser@gmx.de>
Reviewed-by: Michael Weiser <michael.weiser@gmx.de>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
(cherry picked from commit 5e9785505210e2477e590e61b1ab100d0ec22b01)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

block/qcow2-refcount.c		diff \| blob \| blame \| history
block/qcow2.c		diff \| blob \| blame \| history