Message ID | 1415627159-15941-2-git-send-email-mreitz@redhat.com |
---|---|
State | New |
Headers | show |
On 11/10/2014 06:45 AM, Max Reitz wrote: > Add two new fields regarding refcount information (the bit width of > every entry and the maximum refcount value) to the BDRVQcowState. > > Signed-off-by: Max Reitz <mreitz@redhat.com> > --- > block/qcow2-refcount.c | 2 +- > block/qcow2.c | 9 +++++++++ > block/qcow2.h | 2 ++ > 3 files changed, 12 insertions(+), 1 deletion(-) Reviewed-by: Eric Blake <eblake@redhat.com> > +++ b/block/qcow2.c > @@ -684,6 +684,15 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, > goto fail; > } > s->refcount_order = header.refcount_order; > + s->refcount_bits = 1 << s->refcount_order; Not shown is the context where a few lines before still enforces refcount_order==4, so this doesn't overflow. When later patches relax that, I'll make sure we don't overflow here as well. > + if (s->refcount_order < 6) { > + s->refcount_max = (UINT64_C(1) << s->refcount_bits) - 1; I don't see the UINT64_C macro get much use, but like it better than casting :) > + } else { I don't know if Coverity might complain about dead code during bisection (since we can't get here until we relax refcount_order to not be forced to 4), but that's a layer beyond making sure 'make check' works so I don't care.
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 9afdb40..6016211 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -584,7 +584,7 @@ static int QEMU_WARN_UNUSED_RESULT update_refcount(BlockDriverState *bs, refcount = be16_to_cpu(refcount_block[block_index]); refcount += addend; - if (refcount < 0 || refcount > 0xffff) { + if (refcount < 0 || refcount > s->refcount_max) { ret = -EINVAL; goto fail; } diff --git a/block/qcow2.c b/block/qcow2.c index d120494..f57aff9 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -684,6 +684,15 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, goto fail; } s->refcount_order = header.refcount_order; + s->refcount_bits = 1 << s->refcount_order; + if (s->refcount_order < 6) { + s->refcount_max = (UINT64_C(1) << s->refcount_bits) - 1; + } else { + /* The above shift would overflow with s->refcount_bits == 64; + * furthermore, we do not want to use UINT64_MAX because refcounts will + * be passed around in int64_ts (negative values for -errno) */ + s->refcount_max = INT64_MAX; + } if (header.crypt_method > QCOW_CRYPT_AES) { error_setg(errp, "Unsupported encryption method: %" PRIu32, diff --git a/block/qcow2.h b/block/qcow2.h index 6e39a1b..4d8c902 100644 --- a/block/qcow2.h +++ b/block/qcow2.h @@ -258,6 +258,8 @@ typedef struct BDRVQcowState { int qcow_version; bool use_lazy_refcounts; int refcount_order; + int refcount_bits; + uint64_t refcount_max; bool discard_passthrough[QCOW2_DISCARD_MAX];
Add two new fields regarding refcount information (the bit width of every entry and the maximum refcount value) to the BDRVQcowState. Signed-off-by: Max Reitz <mreitz@redhat.com> --- block/qcow2-refcount.c | 2 +- block/qcow2.c | 9 +++++++++ block/qcow2.h | 2 ++ 3 files changed, 12 insertions(+), 1 deletion(-)