[fedora-virt-maint] rpms/qemu/devel qemu-fix-qcow2-2TB.patch, NONE, 1.1 qemu.spec, 1.75, 1.76

Sun Apr 5 18:23:50 UTC 2009

Author: glommer

Update of /cvs/pkgs/rpms/qemu/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28751

Modified Files:
	qemu.spec 
Added Files:
	qemu-fix-qcow2-2TB.patch 
Log Message:
Fixed qcow2 segfault creating disks over 2TB. #491943



qemu-fix-qcow2-2TB.patch:

--- NEW FILE qemu-fix-qcow2-2TB.patch ---
>From 2d2431f03fc78b532f3a1c5f858cf78859d50fc3 Mon Sep 17 00:00:00 2001
From: aliguori <aliguori at c046a42c-6fe2-441c-8c8c-71466251a162>
Date: Sun, 5 Apr 2009 17:40:58 +0000
Subject: [PATCH] qcow2: fix image creation for large, > ~2TB, images (Chris Wright)

When creating large disk images w/ qcow2 format, qcow2_create is hard
coded to creating a single refcount block.  This is insufficient for
large images, and will cause qemu-img to segfault as it walks off the
end of the refcount block.  Keep track of the space needed during image
create and create proper number of refcount blocks accordingly.

https://bugzilla.redhat.com/show_bug.cgi?id=491943

Signed-off-by: Chris Wright <chrisw at redhat.com>
Signed-off-by: Anthony Liguori <aliguori at us.ibm.com>


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6982 c046a42c-6fe2-441c-8c8c-71466251a162
---
 block-qcow2.c |   20 +++++++++++++-------
 1 files changed, 13 insertions(+), 7 deletions(-)

Index: qemu-kvm-0.10/qemu/block-qcow2.c
===================================================================
--- qemu-kvm-0.10.orig/qemu/block-qcow2.c
+++ qemu-kvm-0.10/qemu/block-qcow2.c
@@ -1458,6 +1458,7 @@ static int qcow_create(const char *filen
                       const char *backing_file, int flags)
 {
     int fd, header_size, backing_filename_len, l1_size, i, shift, l2_bits;
+    int ref_clusters = 0;
     QCowHeader header;
     uint64_t tmp, offset;
     QCowCreateState s1, *s = &s1;
@@ -1498,22 +1499,28 @@ static int qcow_create(const char *filen
     offset += align_offset(l1_size * sizeof(uint64_t), s->cluster_size);
 
     s->refcount_table = qemu_mallocz(s->cluster_size);
-    s->refcount_block = qemu_mallocz(s->cluster_size);
 
     s->refcount_table_offset = offset;
     header.refcount_table_offset = cpu_to_be64(offset);
     header.refcount_table_clusters = cpu_to_be32(1);
     offset += s->cluster_size;
-
-    s->refcount_table[0] = cpu_to_be64(offset);
     s->refcount_block_offset = offset;
-    offset += s->cluster_size;
+
+    /* count how many refcount blocks needed */
+    tmp = offset >> s->cluster_bits;
+    ref_clusters = (tmp >> (s->cluster_bits - REFCOUNT_SHIFT)) + 1;
+    for (i=0; i < ref_clusters; i++) {
+        s->refcount_table[i] = cpu_to_be64(offset);
+        offset += s->cluster_size;
+    }
+
+    s->refcount_block = qemu_mallocz(ref_clusters * s->cluster_size);
 
     /* update refcounts */
     create_refcount_update(s, 0, header_size);
     create_refcount_update(s, s->l1_table_offset, l1_size * sizeof(uint64_t));
     create_refcount_update(s, s->refcount_table_offset, s->cluster_size);
-    create_refcount_update(s, s->refcount_block_offset, s->cluster_size);
+    create_refcount_update(s, s->refcount_block_offset, ref_clusters * s->cluster_size);
 
     /* write all the data */
     write(fd, &header, sizeof(header));
@@ -1529,7 +1536,7 @@ static int qcow_create(const char *filen
     write(fd, s->refcount_table, s->cluster_size);
 
     lseek(fd, s->refcount_block_offset, SEEK_SET);
-    write(fd, s->refcount_block, s->cluster_size);
+    write(fd, s->refcount_block, ref_clusters * s->cluster_size);
 
     qemu_free(s->refcount_table);
     qemu_free(s->refcount_block);


Index: qemu.spec
===================================================================
RCS file: /cvs/pkgs/rpms/qemu/devel/qemu.spec,v
retrieving revision 1.75
retrieving revision 1.76
diff -u -r1.75 -r1.76
--- qemu.spec	3 Apr 2009 17:09:43 -0000	1.75
+++ qemu.spec	5 Apr 2009 18:23:20 -0000	1.76
@@ -1,7 +1,7 @@
 Summary: QEMU is a FAST! processor emulator
 Name: qemu
 Version: 0.10
-Release: 5%{?dist}
+Release: 6%{?dist}
 # I have mistakenly thought the revision name would be 1.0.
 # So 0.10 series get Epoch = 1
 Epoch: 2
@@ -36,6 +36,7 @@
 Patch12: qemu-roms-more-room.patch
 Patch13: qemu-bios-bigger-roms.patch
 Patch14: qemu-fix-display-breakage.patch
+Patch15: qemu-fix-qcow2-2TB.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: SDL-devel zlib-devel which texi2html gnutls-devel cyrus-sasl-devel
@@ -214,6 +215,7 @@
 %patch12 -p1
 %patch13 -p1
 %patch14 -p1
+%patch15 -p1
 
 %build
 # systems like rhel build system does not have a recent enough linker so
@@ -455,6 +457,9 @@
 %{_mandir}/man1/qemu-img.1*
 
 %changelog
+* Sun Apr  5 2009 Glauber Costa <glommer at redhat.com> - 2:0.10-6
+- Fixed qcow2 segfault creating disks over 2TB. #491943
+
 * Fri Apr  3 2009 Mark McLoughlin <markmc at redhat.com> - 2:0.10-5
 - Fix vga segfault under kvm-autotest (#494002)
 - Kill kernelrelease hack; it's not needed


