diff options
author | Chunqiang Tang <ctang@us.ibm.com> | 2011-02-03 10:12:49 -0500 |
---|---|---|
committer | Kevin Wolf <kwolf@redhat.com> | 2011-02-10 13:23:44 +0100 |
commit | e0d9c6f93729c9bfc98fcafcd73098bb8e131aeb (patch) | |
tree | 3fb49fe18a687f023bb5eb1e7a662109b625a46c /qemu-common.h | |
parent | 982aa95532a3a7b549695d5b3e18442975eecfb5 (diff) | |
download | qemu-e0d9c6f93729c9bfc98fcafcd73098bb8e131aeb.zip qemu-e0d9c6f93729c9bfc98fcafcd73098bb8e131aeb.tar.gz qemu-e0d9c6f93729c9bfc98fcafcd73098bb8e131aeb.tar.bz2 |
QCOW2: bug fix - read base image beyond its size
This patch fixes the following bug in QCOW2. For a QCOW2 image that is larger
than its base image, when handling a read request straddling over the end of the
base image, the QCOW2 driver attempts to read beyond the end of the base image
and the request would fail.
This bug was found by Fast Virtual Disk (FVD)'s fully automated testing tool.
The following test triggered the bug.
dd if=/dev/zero of=/var/ramdisk/truth.raw count=0 bs=1 seek=1098561536
dd if=/dev/zero of=/var/ramdisk/zero-500M.raw count=0 bs=1 seek=593099264
./qemu-img create -f qcow2 -ocluster_size=65536,backing_fmt=blksim -b /var/ramdisk/zero-500M.raw /var/ramdisk/test.qcow2 1098561536
./qemu-io --auto --seed=30477694 --truth=/var/ramdisk/truth.raw --format=qcow2 --test=blksim:/var/ramdisk/test.qcow2 --verify_write=true --compare_before=false --compare_after=true --round=100000 --parallel=100 --io_size=10485760 --fail_prob=0 --cancel_prob=0 --instant_qemubh=true
Signed-off-by: Chunqiang Tang <ctang@us.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'qemu-common.h')
-rw-r--r-- | qemu-common.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/qemu-common.h b/qemu-common.h index c7ff280..cb4b7e0 100644 --- a/qemu-common.h +++ b/qemu-common.h @@ -322,6 +322,8 @@ void qemu_iovec_reset(QEMUIOVector *qiov); void qemu_iovec_to_buffer(QEMUIOVector *qiov, void *buf); void qemu_iovec_from_buffer(QEMUIOVector *qiov, const void *buf, size_t count); void qemu_iovec_memset(QEMUIOVector *qiov, int c, size_t count); +void qemu_iovec_memset_skip(QEMUIOVector *qiov, int c, size_t count, + size_t skip); struct Monitor; typedef struct Monitor Monitor; |