aboutsummaryrefslogtreecommitdiff
path: root/block
AgeCommit message (Collapse)Author
2010-02-10don't dereference NULL after failed strdupJim Meyering
Most of these are obvious NULL-deref bug fixes, for example, the ones in these files: block/curl.c net.c slirp/misc.c and the first one in block/vvfat.c. The others in block/vvfat.c may not lead to an immediate segfault, but I traced the two schedule_rename(..., strdup(path)) uses, and a failed strdup would appear to trigger this assertion in handle_renames_and_mkdirs: assert(commit->path); The conversion to use qemu_strdup in envlist_to_environ is not technically needed, but does avoid a theoretical leak in the caller when strdup fails for one value, but later succeeds in allocating another buffer(plausible, if one string length is much larger than the others). The caller does not know the length of the returned list, and as such can only free pointers until it hits the first NULL. If there are non-NULL pointers beyond the first, their buffers would be leaked. This one is admittedly far-fetched. The two in linux-user/main.c are worth fixing to ensure that an OOM error is diagnosed up front, rather than letting it provoke some harder-to-diagnose secondary error, in case of exec failure, or worse, in case the exec succeeds but with an invalid list of command line options. However, considering how unlikely it is to encounter a failed strdup early in main, this isn't a big deal. Note that adding the required uses of qemu_strdup here and in envlist.c induce link failures because qemu_strdup is not currently in any library they're linked with. So for now, I've omitted those changes, as well as the fixes in target-i386/helper.c and target-sparc/helper.c. If you'd like to see the above discussion (or anything else) in the commit log, just let me know and I'll be happy to adjust. >From 9af42864fd1ea666bd25e2cecfdfae74c20aa8c7 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@redhat.com> Date: Mon, 8 Feb 2010 18:29:29 +0100 Subject: [PATCH] don't dereference NULL after failed strdup Handle failing strdup by replacing each use with qemu_strdup, so as not to dereference NULL or trigger a failing assertion. * block/curl.c (curl_open): s/\bstrdup\b/qemu_strdup/ * block/vvfat.c (init_directories): Likewise. (get_cluster_count_for_direntry, check_directory_consistency): Likewise. * net.c (parse_host_src_port): Likewise. * slirp/misc.c (fork_exec): Likewise. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-02-10qcow2: Fix signedness bugsKevin Wolf
Checking for return codes < 0 isn't really going to work with unsigned types. Use signed types instead. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-02-08block/curl: %Z is not a valid conversion specifiermalc
Signed-off-by: malc <av1474@comtv.ru>
2010-02-07Do not use dprintfmalc
dprintf is already claimed by POSIX[1], and on at least one system is implemented as a macro [1] http://www.opengroup.org/onlinepubs/9699919799/functions/dprintf.html Signed-off-by: malc <av1474@comtv.ru>
2010-01-26block/raw-posix: Abort on pread beyond end of non-growable fileKevin Wolf
This shouldn't happen under any normal circumstances. However, it looks like it's possible to achieve this with corrupted images. Without this patch raw_pread is hanging in an endless loop in such cases. The patch is not affecting growable files, for which such reads happen in normal use cases. raw_pread_aligned already handles these cases and won't return zero in the first place. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26win32: pair qemu_memalign() with qemu_vfree()Herve Poussineau
Win32 suffers from a very big memory leak when dealing with SCSI devices. Each read/write request allocates memory with qemu_memalign (ie VirtualAlloc) but frees it with qemu_free (ie free). Pair all qemu_memalign() calls with qemu_vfree() to prevent such leaks. Signed-off-by: Herve Poussineau <hpoussin@reactos.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26qcow2: rename two QCowAIOCB membersChristoph Hellwig
The n member is not very descriptive and very hard to grep, rename it to cur_nr_sectors to better indicate what it is used for. Also rename nb_sectors to remaining_sectors as that is what it is used for. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26block: kill BDRV_O_CREATChristoph Hellwig
The BDRV_O_CREAT option is unused inside qemu and partially duplicates the bdrv_create method. Remove it, and the -C option to qemu-io which isn't used in qemu-iotests anyway. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26Read-only device changed to opens it's file for read-only.Naphtali Sprei
Signed-off-by: Naphtali Sprei <nsprei@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26Ask for read-write permissions when opening filesNaphtali Sprei
Found some places that seems needs this explicitly, now that read-write is not the default. Signed-off-by: Naphtali Sprei <nsprei@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26block/qcow2.c: fix warnings with _FORTIFY_SOURCEKirill A. Shutemov
CC block/qcow2.o cc1: warnings being treated as errors block/qcow2.c: In function 'qcow_create2': block/qcow2.c:829: error: ignoring return value of 'write', declared with attribute warn_unused_result block/qcow2.c:838: error: ignoring return value of 'write', declared with attribute warn_unused_result block/qcow2.c:839: error: ignoring return value of 'write', declared with attribute warn_unused_result block/qcow2.c:841: error: ignoring return value of 'write', declared with attribute warn_unused_result block/qcow2.c:844: error: ignoring return value of 'write', declared with attribute warn_unused_result block/qcow2.c:849: error: ignoring return value of 'write', declared with attribute warn_unused_result block/qcow2.c:852: error: ignoring return value of 'write', declared with attribute warn_unused_result block/qcow2.c:855: error: ignoring return value of 'write', declared with attribute warn_unused_result make: *** [block/qcow2.o] Error 1 Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name> Signed-off-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26block/vvfat.c: fix warnings with _FORTIFY_SOURCEKirill A. Shutemov
CC block/vvfat.o cc1: warnings being treated as errors block/vvfat.c: In function 'commit_one_file': block/vvfat.c:2259: error: ignoring return value of 'ftruncate', declared with attribute warn_unused_result make: *** [block/vvfat.o] Error 1 CC block/vvfat.o In file included from /usr/include/stdio.h:912, from ./qemu-common.h:19, from block/vvfat.c:27: In function 'snprintf', inlined from 'init_directories' at block/vvfat.c:871, inlined from 'vvfat_open' at block/vvfat.c:1068: /usr/include/bits/stdio2.h:65: error: call to __builtin___snprintf_chk will always overflow destination buffer make: *** [block/vvfat.o] Error 1 Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name> Signed-off-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26block/vmdk.o: fix warnings with _FORTIFY_SOURCEKirill A. Shutemov
CC block/vmdk.o cc1: warnings being treated as errors block/vmdk.c: In function 'vmdk_snapshot_create': block/vmdk.c:236: error: ignoring return value of 'ftruncate', declared with attribute warn_unused_result block/vmdk.c: In function 'vmdk_create': block/vmdk.c:775: error: ignoring return value of 'write', declared with attribute warn_unused_result block/vmdk.c:776: error: ignoring return value of 'write', declared with attribute warn_unused_result block/vmdk.c:778: error: ignoring return value of 'ftruncate', declared with attribute warn_unused_result block/vmdk.c:784: error: ignoring return value of 'write', declared with attribute warn_unused_result block/vmdk.c:790: error: ignoring return value of 'write', declared with attribute warn_unused_result block/vmdk.c:807: error: ignoring return value of 'write', declared with attribute warn_unused_result make: *** [block/vmdk.o] Error 1 Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name> Signed-off-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26block/qcow.c: fix warnings with _FORTIFY_SOURCEKirill A. Shutemov
CC block/qcow.o cc1: warnings being treated as errors block/qcow.c: In function 'qcow_create': block/qcow.c:804: error: ignoring return value of 'write', declared with attribute warn_unused_result block/qcow.c:806: error: ignoring return value of 'write', declared with attribute warn_unused_result block/qcow.c:811: error: ignoring return value of 'write', declared with attribute warn_unused_result make: *** [block/qcow.o] Error 1 Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name> Signed-off-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26block/cow.c: fix warnings with _FORTIFY_SOURCEKirill A. Shutemov
CC block/cow.o cc1: warnings being treated as errors block/cow.c: In function 'cow_create': block/cow.c:251: error: ignoring return value of 'write', declared with attribute warn_unused_result block/cow.c:253: error: ignoring return value of 'ftruncate', declared with attribute warn_unused_result make: *** [block/cow.o] Error 1 Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name> Signed-off-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26qcow2: Don't ignore qcow2_alloc_clusters return valueKevin Wolf
Now that qcow2_alloc_clusters can return error codes, we must handle them in the callers of qcow2_alloc_clusters. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26qcow2: Don't ignore update_refcount return valueKevin Wolf
update_refcount can return errors that need to be handled by the callers. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26qcow2: Allow updating no refcountsKevin Wolf
There's absolutely no problem with updating the refcounts of 0 clusters. At least snapshot code is doing this and would fail once the result of update_refcount isn't ignored any more. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26qcow2: Improve error handling in update_refcountKevin Wolf
If update_refcount fails, try to undo any changes made so far to avoid inconsistencies in the image file. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26qcow2: Fix error handling in grow_refcount_tableKevin Wolf
Return the appropriate error code instead of -EIO. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26qcow2: Return 0/-errno in qcow2_alloc_cluster_offsetKevin Wolf
Returning 0/-errno allows it to distingush different errors classes. The cluster offset of newly allocated clusters is now returned in the QCowL2Meta struct. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26qcow2: Return 0/-errno in get_cluster_tableKevin Wolf
Switching to 0/-errno allows it to distinguish different error cases. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26qcow2: Fix error handling in qcow_save_vmstateKevin Wolf
Don't assume success but pass the bdrv_pwrite return value on. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26qcow2: Fix error handling in qcow2_grow_l1_tableKevin Wolf
Return the appropriate error value instead of always using EIO. Don't free the L1 table on errors, we still need it. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-20Clean-up a little bit the RW related bits of BDRV_O_FLAGS. BDRV_O_RDONLY ↵Naphtali Sprei
gone (and so is BDRV_O_ACCESS). Default value for bdrv_flags (0/zero) is READ-ONLY. Need to explicitly request READ-WRITE. Instead of using the field 'readonly' of the BlockDriverState struct for passing the request, pass the request in the flags parameter to the function. Signed-off-by: Naphtali Sprei <nsprei@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-19raw-posix: Detect legacy floppy via ioctl on linuxCole Robinson
Current legacy floppy detection is hardcoded based on source file name. Make this smarter on linux by attempting a floppy specific ioctl. v2: Give ioctl check higher priority than filename check s/IDE/legacy/ v3: Actually initialize 'prio' variable Check for ioctl success rather than absence of specific failure v4: Explicitly mention that change is linux specific. Signed-off-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-19raw-posix: Detect CDROM via ioctl on linuxCole Robinson
Current CDROM detection is hardcoded based on source file name. Make this smarter on linux by attempting a CDROM specific ioctl. This makes '-cdrom /dev/sr0' succeed with no media present. v2: Give ioctl check higher priority than filename check. v3: Actually initialize 'prio' variable. Check for ioctl success rather than absence of specific failure. v4: Explicitly mention that change is linux specific. Signed-off-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-13qcow/qcow2: implement bdrv_aio_flushKevin Wolf
Now that we do not have to flush the backing device anymore implementing the bdrv_aio_flush method for image formats is trivial. [hch: forward ported to qemu mainline from a product tree] Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-13qcow2-refcount: remove dead assignmentAmit Shah
clang-analyzer points out a redundant assignment. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-13block: Add bdrv_change_backing_fileKevin Wolf
Introduce the functions needed to change the backing file of an image. The function is implemented for qcow2. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-11dmg: fix ->open failureChristoph Hellwig
Currently the dmg image format driver simply opens the images as raw if any kind of failure happens. This is contrarty to the behaviour of all other image formats which just return an error and let the block core deal with it. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-08block/vdi: allow disk sizes not multiple of block sizeFrançois Revol
The disk image I created from my old laptop disk with VBoxManage internalcommand converthd obviously was not a multiple of 1MB as when created from scratch. This fixes QEMU refusing it. We still require the size to be a multiple of sector size though. It then boots correctly. Allow opening VDI images with size not multiple of 1MB (as when converted from a raw disk). Signed-off-by: François Revol <revol@free.fr> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-12-25block/bochs: improve format checkingBlue Swirl
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2009-12-25block/bochs.c: fix warning with _FORTIFY_SOURCEKirill A. Shutemov
CC block/bochs.o cc1: warnings being treated as errors block/bochs.c: In function 'seek_to_sector': block/bochs.c:202: error: ignoring return value of 'read', declared with attribute warn_unused_result make: *** [block/bochs.o] Error 1 Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2009-12-03Don't leak file descriptorsKevin Wolf
We're leaking file descriptors to child processes. Set FD_CLOEXEC on file descriptors that don't need to be passed to children to stop this misbehaviour. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-12-03qemu-img: There is more than one host device driverKevin Wolf
I haven't heard yet of anyone using qemu-img to copy an image to a real floppy, but it's a valid use case. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-12-03qcow2: Fix some more qemu_malloc falloutKevin Wolf
Oh joy... Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-12-03qcow2: Store exact backing format lengthKevin Wolf
Currently qcow2 unnecessarily rounds up the length of the backing format string to the next multiple of 8. At the same time, the array in BlockDriverState can only hold 15 characters, so in effect backing formats with 9 characters or more don't work (e.g. host_device). Save the real string length and things start to work for all valid image format names. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-11-29Add support for GNU/kFreeBSDAurelien Jarno
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2009-11-12Fix 32-bit overflow in parallels image supportDavid Woodhouse
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-11-09qcow2: Allow qcow2 disk images with size zeroStefan Weil
Images with disk size 0 may be used for VM snapshots, but not to save normal block data. It is possible to create such images using qemu-img, but opening them later fails. So even "qemu-img info image.qcow2" is not possible for an image created with "qemu-img create -f qcow2 image.qcow2 0". This is fixed here. Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-10-30Remove aio_ctx from paio_* interfaceKevin Wolf
The context parameter in paio_submit isn't used anyway, so there is no reason why block drivers should need to remember it. This also avoids passing a Linux AIO context to paio_submit (which doesn't do any harm as long as the parameter is unused, but it is highly confusing). Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-10-27Revert "qcow2: Bring synchronous read/write back to life"Kevin Wolf
It was merely a workaround and the real fix is done now. This reverts commit ef845c3bf421290153154635dc18eaa677cecb43. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-10-27Add qemu_aio_process_queue()Kevin Wolf
We'll leave some AIO completions unhandled when we can't call the callback. qemu_aio_process_queue() is used later to run any callbacks that are left and can be run then. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-10-27raw/linux-aio: Also initialize POSIX AIOKevin Wolf
When using Linux AIO raw still falls back to POSIX AIO sometimes, so we should initialize it. Not initializing it happens to work if POSIX AIO is used by another drive, or if the format is not specified (probing the format uses POSIX AIO) or by pure luck (e.g. it doesn't seem to happen any more with qcow2 since we have re-added synchronous qcow2 functions). Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-10-27qcow2: Fix grow_refcount_table error handlingKevin Wolf
In case of failure, we haven't increased the refcount for the newly allocated cluster yet. Therefore we must not free the cluster or its refcount will become negative (and endless recursion is possible). Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-10-15qcow2: Bring synchronous read/write back to lifeKevin Wolf
When the synchronous read and write functions were dropped, they were replaced by generic emulation functions. Unfortunately, these emulation functions don't provide the same semantics as the original functions did. The original bdrv_read would mean that we read some data synchronously and that we won't be interrupted during this read. The latter assumption is no longer true with the emulation function which needs to use qemu_aio_poll and therefore allows the callback of any other concurrent AIO request to be run during the read. Which in turn means that (meta)data read earlier could have changed and be invalid now. qcow2 is not prepared to work in this way and it's just scary how many places there are where other requests could run. I'm not sure yet where exactly it breaks, but you'll see breakage with virtio on qcow2 with a backing file. Providing synchronous functions again fixes the problem for me. Patchworks-ID: 35437 Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-10-05block/raw: Add create_options for host_deviceKevin Wolf
Today host_devices have a create function, so they also need a create_options field to prevent qemu-img from complaining. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-10-05qcow2: Increase maximum cluster size to 2 MBKevin Wolf
This patch increases the maximum qcow2 cluster size to 2 MB. Starting with 128k clusters, L2 tables span 2 GB or more of virtual disk space, causing 32 bit truncation and wraparound of signed integers. Therefore some variables need to use a larger data type. While being at reviewing data types, change some integers that are used for array indices to unsigned. In some places they were checked against some upper limit but not for negative values. This could avoid potential segfaults with corrupted qcow2 images. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-10-04Check availability of uuid header / libraryStefan Weil
If available, the Universally Unique Identifier library is used by the vdi block driver. Other parts of QEMU (vl.c) could also use it. Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>