rpms/qemu/devel qemu-fix-qcow2-corruption.patch, 1.1, 1.2 qemu.spec, 1.81, 1.82

[Mark McLoughlin]

Author: markmc

Update of /cvs/pkgs/rpms/qemu/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9459

Modified Files:
	qemu-fix-qcow2-corruption.patch qemu.spec 
Log Message:
* Tue Apr 21 2009 Mark McLoughlin <markmc at redhat.com> - 2:0.10-12
- Another qcow2 image corruption fix (#496642)


qemu-fix-qcow2-corruption.patch:

Index: qemu-fix-qcow2-corruption.patch
===================================================================
RCS file: /cvs/pkgs/rpms/qemu/devel/qemu-fix-qcow2-corruption.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- qemu-fix-qcow2-corruption.patch	20 Apr 2009 13:51:35 -0000	1.1
+++ qemu-fix-qcow2-corruption.patch	21 Apr 2009 09:03:39 -0000	1.2
@@ -1,6 +1,28 @@
+From: Nolan Leake <nolan <at> sigbus.net>
+Subject: [PATCH] Fix (at least one cause of) qcow2 corruption.
+
+qcow2's get_cluster_offset() scans forward in the l2 table to find other
+clusters that have the same allocation status as the first cluster.
+This is used by (among others) qcow_is_allocated().
+
+Unfortunately, it was not checking to be sure that it didn't fall off
+the end of the l2 table.  This patch adds that check.
+
+The symptom that motivated me to look into this was that
+bdrv_is_allocated() was returning false when there was in fact data
+there.  This is one of many ways this bug could lead to data corruption.
+
+I checked the other place that scans for consecutive unallocated blocks
+(alloc_cluster_offset()) and it appears to be OK:
+    nb_clusters = MIN(nb_clusters, s->l2_size - l2_index);
+appears to prevent the same problem from occurring.
+
+Signed-off-by: Nolan Leake <nolan <at> sigbus.net>
+
+---
+
 From: Kevin Wolf <kwolf at redhat.com>
-To: qemu-devel at nongnu.org
-Subject: [Qemu-devel] [PATCH] qcow2 corruption: Fix alloc_cluster_link_l2
+Subject: [PATCH] qcow2 corruption: Fix alloc_cluster_link_l2
 
 This patch fixes a qcow2 corruption bug introduced in SVN Rev 5861. L2 tables
 are big endian, so entries must be converted before being passed to functions.
@@ -18,14 +40,23 @@
     done
 
 Signed-off-by: Kevin Wolf <kwolf at redhat.com>
----
- block-qcow2.c |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
 
 diff -up qemu-kvm-0.10/qemu/block-qcow2.c.qcow2-corruption qemu-kvm-0.10/qemu/block-qcow2.c
---- qemu-kvm-0.10/qemu/block-qcow2.c.qcow2-corruption	2009-04-20 14:41:22.000000000 +0100
-+++ qemu-kvm-0.10/qemu/block-qcow2.c	2009-04-20 14:41:54.000000000 +0100
-@@ -912,7 +912,7 @@ static int alloc_cluster_link_l2(BlockDr
+diff -up qemu-kvm-0.10/qemu/block-qcow2.c.qcow2-corruption qemu-kvm-0.10/qemu/block-qcow2.c
+--- qemu-kvm-0.10/qemu/block-qcow2.c.qcow2-corruption	2009-04-21 09:57:21.000000000 +0100
++++ qemu-kvm-0.10/qemu/block-qcow2.c	2009-04-21 09:58:27.000000000 +0100
+@@ -670,6 +670,10 @@ static uint64_t get_cluster_offset(Block
+ 
+     nb_available = (nb_available >> 9) + index_in_cluster;
+ 
++    if (nb_needed > nb_available) {
++        nb_needed = nb_available;
++    }
++
+     cluster_offset = 0;
+ 
+     /* seek the the l2 offset in the l1 table */
+@@ -912,7 +916,7 @@ static int alloc_cluster_link_l2(BlockDr
          goto err;
  
      for (i = 0; i < j; i++)


Index: qemu.spec
===================================================================
RCS file: /cvs/pkgs/rpms/qemu/devel/qemu.spec,v
retrieving revision 1.81
retrieving revision 1.82
diff -u -r1.81 -r1.82
--- qemu.spec	20 Apr 2009 13:51:35 -0000	1.81
+++ qemu.spec	21 Apr 2009 09:03:40 -0000	1.82
@@ -1,7 +1,7 @@
 Summary: QEMU is a FAST! processor emulator
 Name: qemu
 Version: 0.10
-Release: 11%{?dist}
+Release: 12%{?dist}
 # I have mistakenly thought the revision name would be 1.0.
 # So 0.10 series get Epoch = 1
 Epoch: 2
@@ -467,6 +467,9 @@
 %{_mandir}/man1/qemu-img.1*
 
 %changelog
+* Tue Apr 21 2009 Mark McLoughlin <markmc at redhat.com> - 2:0.10-12
+- Another qcow2 image corruption fix (#496642)
+
 * Mon Apr 20 2009 Mark McLoughlin <markmc at redhat.com> - 2:0.10-11
 - Fix qcow2 image corruption (#496642)