On 5/3/19 4:38 AM, Alberto Garcia wrote: > The standard cluster descriptor in L2 table entries has a field to > store the host cluster offset. When we need to get that offset from an > entry we use L2E_OFFSET_MASK to ensure that we only use the bits that > belong to that field. > > But while that mask is used every time we read from an L2 entry, it > is never used when we write to it. Due to the QCOW_MAX_CLUSTER_OFFSET > limit set in the cluster allocation code QEMU can never produce > offsets that don't fit in that field so any such offset would indicate > a bug in QEMU.
Yeah, I'm not seeing where this one could ever overflow. > > Compressed cluster descriptors contain two fields (host cluster offset > and size of the compressed data) and the situation with them is > similar. In this case the masks are not constant but are stored in the > csize_mask and cluster_offset_mask fields of BDRVQcow2State. For this one, we did have a bug in the past where we were overflowing, as evidenced by iotest 220 shortly after we patched the bug (77d6a215). > > Signed-off-by: Alberto Garcia <be...@igalia.com> > --- > block/qcow2-cluster.c | 14 ++++++++++++-- > 1 file changed, 12 insertions(+), 2 deletions(-) > Adding more assertions shouldn't hurt. Reviewed-by: Eric Blake <ebl...@redhat.com> -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature