diff mbox

[RFC,V6,15/33] qcow2: Load and save deduplication table header extension.

Message ID 1360153926-9492-16-git-send-email-benoit@irqsave.net
State New
Headers show

Commit Message

Benoît Canet Feb. 6, 2013, 12:31 p.m. UTC 
Signed-off-by: Benoit Canet <benoit@irqsave.net>
---
 block/qcow2.c |   43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

Comments

Stefan Hajnoczi Feb. 7, 2013, 9:57 a.m. UTC | #1 
On Wed, Feb 06, 2013 at 01:31:48PM +0100, Benoît Canet wrote:
> @@ -148,6 +158,19 @@ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
>              }
>              break;
>  
> +        case QCOW2_EXT_MAGIC_DEDUP_TABLE:
> +                ret = bdrv_pread(bs->file, offset,
> +                                 &dedup_table_extension, ext.len);

Buffer overflow if ext.len > sizeof(dedup_table_extension).  Please
check ext.len before using it.

> +                if (ret < 0) {
> +                    return ret;
> +                }
> +                s->dedup_table_offset =
> +                    be64_to_cpu(dedup_table_extension.offset);
> +                s->dedup_table_size =
> +                    be32_to_cpu(dedup_table_extension.size);
> +                s->dedup_hash_algo = dedup_table_extension.hash_algo;

Input validation for these fields (especially table size)?
diff mbox

Patch

diff --git a/block/qcow2.c b/block/qcow2.c
index ecbe352..7eeaeb9 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -53,9 +53,18 @@  typedef struct {
     uint32_t len;
 } QCowExtension;
 
+typedef struct {
+    uint64_t offset;
+    int32_t  size;
+    uint8_t  hash_algo;
+    uint8_t  strategies;
+    char     reserved[56];
+} QCowDedupTableExtension;
+
 #define  QCOW2_EXT_MAGIC_END 0
 #define  QCOW2_EXT_MAGIC_BACKING_FORMAT 0xE2792ACA
 #define  QCOW2_EXT_MAGIC_FEATURE_TABLE 0x6803f857
+#define  QCOW2_EXT_MAGIC_DEDUP_TABLE 0xCD8E819B
 
 static int qcow2_probe(const uint8_t *buf, int buf_size, const char *filename)
 {
@@ -84,6 +93,7 @@  static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
     QCowExtension ext;
     uint64_t offset;
     int ret;
+    QCowDedupTableExtension dedup_table_extension;
 
 #ifdef DEBUG_EXT
     printf("qcow2_read_extensions: start=%ld end=%ld\n", start_offset, end_offset);
@@ -148,6 +158,19 @@  static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
             }
             break;
 
+        case QCOW2_EXT_MAGIC_DEDUP_TABLE:
+                ret = bdrv_pread(bs->file, offset,
+                                 &dedup_table_extension, ext.len);
+                if (ret < 0) {
+                    return ret;
+                }
+                s->dedup_table_offset =
+                    be64_to_cpu(dedup_table_extension.offset);
+                s->dedup_table_size =
+                    be32_to_cpu(dedup_table_extension.size);
+                s->dedup_hash_algo = dedup_table_extension.hash_algo;
+            break;
+
         default:
             /* unknown magic - save it in case we need to rewrite the header */
             {
@@ -959,6 +982,7 @@  int qcow2_update_header(BlockDriverState *bs)
     uint32_t refcount_table_clusters;
     size_t header_length;
     Qcow2UnknownHeaderExtension *uext;
+    QCowDedupTableExtension dedup_table_extension;
 
     buf = qemu_blockalign(bs, buflen);
 
@@ -1062,6 +1086,25 @@  int qcow2_update_header(BlockDriverState *bs)
     buf += ret;
     buflen -= ret;
 
+    if (s->has_dedup) {
+        memset(&dedup_table_extension, 0, sizeof(dedup_table_extension));
+        dedup_table_extension.offset = cpu_to_be64(s->dedup_table_offset);
+        dedup_table_extension.size = cpu_to_be32(s->dedup_table_size);
+        dedup_table_extension.hash_algo = s->dedup_hash_algo;
+        dedup_table_extension.strategies |= QCOW_STRATEGY_RAM;
+        dedup_table_extension.strategies |= QCOW_STRATEGY_RUNNING;
+        ret = header_ext_add(buf,
+                             QCOW2_EXT_MAGIC_DEDUP_TABLE,
+                             &dedup_table_extension,
+                             sizeof(dedup_table_extension),
+                             buflen);
+        if (ret < 0) {
+            goto fail;
+        }
+        buf += ret;
+        buflen -= ret;
+    }
+
     /* Keep unknown header extensions */
     QLIST_FOREACH(uext, &s->unknown_header_ext, next) {
         ret = header_ext_add(buf, uext->magic, uext->data, uext->len, buflen);