- 10 12月, 2014 40 次提交
-
-
由 Fam Zheng 提交于
It will be assigned to the return value of vmdk_read_desc. Suggested-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NFam Zheng <famz@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NDon Koch <dkoch@verizon.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Message-id: 1417649314-13704-6-git-send-email-famz@redhat.com Signed-off-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Fam Zheng 提交于
Since a too small file cannot be a valid VMDK image, and also since the buffer's first 4 bytes will be unconditionally examined by vmdk_open_sparse, let's error out the small file case to be clear. Signed-off-by: NFam Zheng <famz@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NDon Koch <dkoch@verizon.com> Message-id: 1417649314-13704-5-git-send-email-famz@redhat.com Signed-off-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Fam Zheng 提交于
Zeroing a buffer that will be filled right after is not necessary, and allocating a power of two + 1 is naughty. Suggested-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NFam Zheng <famz@redhat.com> Reviewed-by: NDon Koch <dkoch@verizon.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Message-id: 1417649314-13704-4-git-send-email-famz@redhat.com Signed-off-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Fam Zheng 提交于
commit 04d542c8 (vmdk: support vmfs files) added support of VMFS extent type but the comment above the changed code is left out. Update the comment so they are consistent. Signed-off-by: NFam Zheng <famz@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NDon Koch <dkoch@verizon.com> Message-id: 1417649314-13704-3-git-send-email-famz@redhat.com Signed-off-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Fam Zheng 提交于
This replaces two "time(NULL)" invocations with "g_random_int()". According to VMDK spec, CID "is a random 32‐bit value updated the first time the content of the virtual disk is modified after the virtual disk is opened". Using "seconds since epoch" is just a "lame way" to generate it, and not completely safe because of the low precision. Suggested-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NFam Zheng <famz@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NDon Koch <dkoch@verizon.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Message-id: 1417649314-13704-2-git-send-email-famz@redhat.com Signed-off-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Markus Armbruster 提交于
g_new(T, 1) is safer than g_malloc(sizeof(T)), because it returns T * rather than void *, which lets the compiler catch more type errors. Missed in commit 02c4f26b. Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Message-id: 1417697709-13087-1-git-send-email-armbru@redhat.com Signed-off-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Jeff Cody 提交于
In commit fef6070e, the need for NOCOW was removed from the vpc driver, as we removed the the posix calls. However, the BLOCK_OPT_NOCOW was not removed from vpc_create_opts. This was a mistake - remove the opt from there as well. Signed-off-by: NJeff Cody <jcody@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NStefan Weil <sw@weilnetz.de> Message-id: 8ba076fa725fed681cde7d8afc4fb239ae06a9c6.1417620301.git.jcody@redhat.com Signed-off-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Jeff Cody 提交于
In commit 70747862, the need for NOCOW was removed from the vdi driver, as we removed the the posix calls. However, the BLOCK_OPT_NOCOW was not removed from vdi_create_opts. This was a mistake - remove the opt from there as well. Signed-off-by: NJeff Cody <jcody@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NStefan Weil <sw@weilnetz.de> Message-id: e189364de11929d8fa04722f5d845de0a9834d44.1417620301.git.jcody@redhat.com Signed-off-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Fam Zheng 提交于
VMDK extent parsing code doesn't handle the JSON file name, so the case fails for these subformats. Disabled them. Signed-off-by: NFam Zheng <famz@redhat.com> Message-id: 1417571370-19495-1-git-send-email-famz@redhat.com Signed-off-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Max Reitz 提交于
The return value must be negative on error; there is one place in raw_open_common() where errp is set, but ret remains 0. Fix it. Cc: qemu-stable@nongnu.org Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Max Reitz 提交于
bdrv_truncate() may fail and qcow2_write_compressed() should return the error code in that case. Cc: qemu-stable@nongnu.org Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Max Reitz 提交于
qcow2_cache_flush() may fail; if one of the caches failed to be flushed successfully to disk in qcow2_close() the image should not be marked clean, and we should emit a warning. This breaks the (qcow2-specific) iotests 026, 071 and 089; change their output accordingly. Cc: qemu-stable@nongnu.org Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Max Reitz 提交于
In qcow2_alloc_cluster_offset(), *num is limited to INT_MAX >> BDRV_SECTOR_BITS by all callers. However, since remaining is of type uint64_t, we might as well cast *num to that type before performing the shift. Cc: qemu-stable@nongnu.org Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Max Reitz 提交于
Add a test for creating and amending images (amendment uses the creation options) with formats not supporting creation over protocols not supporting creation. Cc: qemu-stable@nongnu.org Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Max Reitz 提交于
There may be NBD tests which do not create a sample image and simply test whether wrong usage of the protocol is rejected as expected. In this case, there will be no NBD server and trying to kill it during clean-up will fail. Cc: qemu-stable@nongnu.org Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Max Reitz 提交于
The image options which can be amended are described by the .create_opts field for every driver. This field must therefore be non-NULL so that anything can be amended in the first place. Check that this holds true before going into qemu_opts_create() (because if .create_opts is NULL, the create_opts pointer in img_amend() will be NULL after qemu_opts_append()). Cc: qemu-stable@nongnu.org Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Max Reitz 提交于
If a driver supports image creation, it needs to set the .create_opts field. We can use that to make sure .create_opts for both drivers involved is not NULL for the target image in qemu-img convert, which is important so that the create_opts pointer in img_convert() is not NULL after the qemu_opts_append() calls and when going into qemu_opts_create(). Cc: qemu-stable@nongnu.org Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Max Reitz 提交于
If a driver supports image creation, it needs to set the .create_opts field. We can use that to make sure .create_opts for both drivers involved is not NULL in bdrv_img_create(), which is important so that the create_opts pointer in that function is not NULL after the qemu_opts_append() calls and when going into qemu_opts_create(). Cc: qemu-stable@nongnu.org Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Max Reitz 提交于
The nfs protocol driver is capable of creating images, but did not specify any creation options. Fix it. A way to test this issue is the following: $ qemu-img create -f nfs nfs://127.0.0.1/foo.qcow2 64M Without this patch, it segfaults. With this patch, it does not. However, this is not something that should really work; qemu-img should check whether the parameter for the -f option (and -O for convert) is indeed a format, and error out if it is not. Therefore, I am not making it an iotest. Cc: qemu-stable@nongnu.org Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Max Reitz 提交于
Although virtually impossible right now, bdrv_find_format("qcow") may fail. The vvfat block driver should heed that case. Cc: qemu-stable@nongnu.org Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NKevin Wolf <kwolf@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Max Reitz 提交于
We can always assume raw, file and qcow2 being available; so do not use bdrv_find_format() to locate their BlockDriver objects but statically reference the respective objects. Cc: qemu-stable@nongnu.org Signed-off-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Max Reitz 提交于
There are some block drivers which are essential to QEMU and may not be removed: These are raw, file and qcow2 (as the default non-raw format). Make their BlockDriver objects public so they can be directly referenced throughout the block layer without needing to call bdrv_find_format() and having to deal with an error at runtime, while the real problem occurred during linking (where raw, file or qcow2 were not linked into qemu). Cc: qemu-stable@nongnu.org Signed-off-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Max Reitz 提交于
There are two instances of iotest 059 using qemu-io on a qcow2 image. As of "qemu-iotests: Use qemu-io -f $IMGFMT" the iotests can no longer rely on $QEMU_IO doing probing, therefore the qcow2 format has to be specified explicitly here. Signed-off-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NFam Zheng <famz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Kevin Wolf 提交于
Our IDE emulation can't handle logical block sizes other than 512. Check for it. The original assumption was that other values would silently be ignored (which is bad enough), but it's not quite true: The physical block size is exposed in IDENTIFY DEVICE as a multiple of the logical block size. Setting a logical block size therefore also corrupts the physical block size (4096/4096 doesn't silently downgrade to 4096/512, but 512/512). Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NJohn Snow <jsnow@redhat.com>
-
由 Anton Blanchard 提交于
Initialise our maximum page size capability to 64kB and increase the page_size variable from 16 to 32 bits. Signed-off-by: NAnton Blanchard <anton@samba.org> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Michael Mueller 提交于
The real on-disk size of an image depends on things like the host filesystem. _img_info already filters it out, use the function in 082. Signed-off-by: NMichael Mueller <mimu@linux.vnet.ibm.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Kevin Wolf 提交于
The real on-disk size of an image depends on things like the host filesystem. _img_info already filters it out, use the function in 060. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NMichael Mueller <mimu@linux.vnet.ibm.com> Reviewed-by: NMax Reitz <mreitz@redhat.com>
-
由 Paolo Bonzini 提交于
Use the external qemu-timer API instead. No one else should be calling cpu_get_clock(), get_clock() and get_clock_realtime() directly; they are internal functions and they should be confined to qemu-timer.c and cpus.c (where the icount implementation resides). All accesses should go through qemu_clock_get_ns. Cc: kwolf@redhat.com Cc: stefanha@redhat.com Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Message-id: 1417010463-3527-2-git-send-email-pbonzini@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Kevin Wolf 提交于
If a qcow2 image specifies a backing file format that doesn't correspond to any format driver that qemu knows, we shouldn't fall back to probing, but simply error out. Not looking up the backing file driver in bdrv_open_backing_file(), but just filling in the "driver" option if it isn't there moves us closer to the goal of having everything in QDict options and gets us the error handling of bdrv_open(), which correctly refuses unknown drivers. Cc: qemu-stable@nongnu.org Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Message-id: 1416935562-7760-4-git-send-email-kwolf@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Kevin Wolf 提交于
The qcow2 specification requires that the header extension data be padded to round up the extension size to the next multiple of 8 bytes. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Message-id: 1416935562-7760-3-git-send-email-kwolf@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Kevin Wolf 提交于
After reading the extension header, offset is incremented, but not checked against end_offset any more. This way an integer overflow could happen when checking whether the extension end is within the allowed range, effectively disabling the check. This patch adds the missing check and a test case for it. Cc: qemu-stable@nongnu.org Reported-by: NMax Reitz <mreitz@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Message-id: 1416935562-7760-2-git-send-email-kwolf@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Stefan Hajnoczi 提交于
The BLOCK_OP_TYPE_INTERNAL_SNAPSHOT op blocker exists but was never used! Let's fix that so internal snapshots can be blocked. [Fixed s/external/internal/ typo as pointed out by Paolo Bonzini and Max Reitz. --Stefan] Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Message-id: 1416566940-4430-5-git-send-email-stefanha@redhat.com Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Stefan Hajnoczi 提交于
The transaction QMP command performs operations atomically on a group of drives. This command needs to acquire AioContext in order to work safely when virtio-blk dataplane IOThreads are accessing drives. The transactional nature of the command means that actions are split into prepare, commit, abort, and clean functions. Acquire the AioContext in prepare and don't release it until one of the other functions is called. This prevents the IOThread from running the AioContext before the transaction has completed. Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Message-id: 1416566940-4430-4-git-send-email-stefanha@redhat.com Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Stefan Hajnoczi 提交于
drive_backup_prepare() assigns DriveBackupState fields to NULL in the error path. This is unnecessary because the DriveBackupState is allocated using g_malloc0() and other functions like external_snapshot_prepare() already rely on this. Do not explicitly assign fields to NULL so that the error path is concise and does not require modification when fields are added to DriveBackupState. Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Message-id: 1416566940-4430-3-git-send-email-stefanha@redhat.com Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Stefan Hajnoczi 提交于
Originally the transaction QMP command was just for taking snapshots. The command became more general when drive-backup and abort were added. It is more accurate to say the command is about performing operations on an atomic group than to say it is about snapshots. Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Message-id: 1416566940-4430-2-git-send-email-stefanha@redhat.com Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Kevin Wolf 提交于
This is forbidden if the raw driver was probed. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Message-id: 1416497234-29880-10-git-send-email-kwolf@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Kevin Wolf 提交于
The original intention was to pipe stderr of qemu into $fifo_out. However, the redirections were specified in the wrong order for this. This patch fixes it. Now qemu's output on stderr can be retrieved with _send_qemu_cmd, which applies several useful filters on the output that were missing before. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Message-id: 1416497234-29880-9-git-send-email-kwolf@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Kevin Wolf 提交于
If the user neglects to specify the image format, QEMU probes the image to guess it automatically, for convenience. Relying on format probing is insecure for raw images (CVE-2008-2004). If the guest writes a suitable header to the device, the next probe will recognize a format chosen by the guest. A malicious guest can abuse this to gain access to host files, e.g. by crafting a QCOW2 header with backing file /etc/shadow. Commit 1e72d3b7 (April 2008) provided -drive parameter format to let users disable probing. Commit f965509c (March 2009) extended QCOW2 to optionally store the backing file format, to let users disable backing file probing. QED has had a flag to suppress probing since the beginning (2010), set whenever a raw backing file is assigned. All of these additions that allow to avoid format probing have to be specified explicitly. The default still allows the attack. In order to fix this, commit 79368c81 (July 2010) put probed raw images in a restricted mode, in which they wouldn't be able to overwrite the first few bytes of the image so that they would identify as a different image. If a write to the first sector would write one of the signatures of another driver, qemu would instead zero out the first four bytes. This patch was later reverted in commit 8b33d9ee (September 2010) because it didn't get the handling of unaligned qiov members right. Today's block layer that is based on coroutines and has qiov utility functions makes it much easier to get this functionality right, so this patch implements it. The other differences of this patch to the old one are that it doesn't silently write something different than the guest requested by zeroing out some bytes (it fails the request instead) and that it doesn't maintain a list of signatures in the raw driver (it calls the usual probe function instead). Note that this change doesn't introduce new breakage for false positive cases where the guest legitimately writes data into the first sector that matches the signatures of an image format (e.g. for nested virt): These cases were broken before, only the failure mode changes from corruption after the next restart (when the wrong format is probed) to failing the problematic write request. Also note that like in the original patch, the restrictions only apply if the image format has been guessed by probing. Explicitly specifying a format allows guests to write anything they like. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Message-id: 1416497234-29880-8-git-send-email-kwolf@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Kevin Wolf 提交于
The only image format driver that even potentially accesses anything after 512 bytes in its bdrv_probe() implementation is VMDK, which reads a plain-text descriptor file. In practice, the field it's looking for seems to come first and will be well within the first 512 bytes, too. Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Message-id: 1416497234-29880-7-git-send-email-kwolf@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Reviewed-by: NMax Reitz <mreitz@redhat.com> Message-id: 1416497234-29880-6-git-send-email-kwolf@redhat.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NKevin Wolf <kwolf@redhat.com>
-