From f4055dd206fdc583d5b70b83d4ed55bad6f9a56e Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Dec 09 2014 13:29:50 +0000 Subject: Fix qemu-img convert corruption for unflushed files (bz #1167249) --- diff --git a/0424-block-raw-posix-Fix-disk-corruption-in-try_fiemap.patch b/0424-block-raw-posix-Fix-disk-corruption-in-try_fiemap.patch new file mode 100644 index 0000000..5a9b7b4 --- /dev/null +++ b/0424-block-raw-posix-Fix-disk-corruption-in-try_fiemap.patch @@ -0,0 +1,41 @@ +From: Tony Breeds +Date: Fri, 26 Sep 2014 09:14:11 +1000 +Subject: [PATCH] block/raw-posix: Fix disk corruption in try_fiemap +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Using fiemap without FIEMAP_FLAG_SYNC is a known corrupter. + +Add the FIEMAP_FLAG_SYNC flag to the FS_IOC_FIEMAP ioctl. This has +the downside of significantly reducing performance. + +Reported-By: Michael Steffens +Signed-off-by: Tony Breeds +Cc: Kevin Wolf +Cc: Markus Armbruster +Cc: Stefan Hajnoczi +Cc: Max Reitz +Cc: Pádraig Brady +Cc: Eric Blake +Reviewed-by: Eric Blake +Reviewed-by: Max Reitz +Signed-off-by: Kevin Wolf +(cherry picked from commit 38c4d0aea3e1264c86e282d99560330adf2b6e25) +--- + block/raw-posix.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/block/raw-posix.c b/block/raw-posix.c +index ba721d3..a6e13fb 100644 +--- a/block/raw-posix.c ++++ b/block/raw-posix.c +@@ -1108,7 +1108,7 @@ static int coroutine_fn raw_co_is_allocated(BlockDriverState *bs, + + f.fm.fm_start = start; + f.fm.fm_length = (int64_t)nb_sectors * BDRV_SECTOR_SIZE; +- f.fm.fm_flags = 0; ++ f.fm.fm_flags = FIEMAP_FLAG_SYNC; + f.fm.fm_extent_count = 1; + f.fm.fm_reserved = 0; + if (ioctl(s->fd, FS_IOC_FIEMAP, &f) == -1) { diff --git a/0425-raw-posix-Drop-fiemap.patch b/0425-raw-posix-Drop-fiemap.patch new file mode 100644 index 0000000..a493465 --- /dev/null +++ b/0425-raw-posix-Drop-fiemap.patch @@ -0,0 +1,75 @@ +From: Cole Robinson +Date: Tue, 9 Dec 2014 07:46:06 -0500 +Subject: [PATCH] raw-posix: Drop fiemap + +Current fiemap code can cause disk corruption: + +https://bugzilla.redhat.com/show_bug.cgi?id=1167249 + +Corruption was fixed upstream with: + +http://git.qemu.org/?p=qemu.git;a=commit;h=38c4d0aea3e1264c86e282d99560330adf2b6e25 +http://git.qemu.org/?p=qemu.git;a=commit;h=7c15903789953ead14a417882657d52dc0c19a24 + +But they don't apply cleanly to qemu 1.6. Just delete the fiemap code +which was done upstream later with c4875e5b2216cf5427459e619b10f75083565792 + +Non-upstream for reasons listed above +--- + block/raw-posix.c | 36 +----------------------------------- + 1 file changed, 1 insertion(+), 35 deletions(-) + +diff --git a/block/raw-posix.c b/block/raw-posix.c +index a6e13fb..26ce466 100644 +--- a/block/raw-posix.c ++++ b/block/raw-posix.c +@@ -56,9 +56,6 @@ + #include + #include + #endif +-#ifdef CONFIG_FIEMAP +-#include +-#endif + #ifdef CONFIG_FALLOCATE_PUNCH_HOLE + #include + #endif +@@ -1098,38 +1095,7 @@ static int coroutine_fn raw_co_is_allocated(BlockDriverState *bs, + + start = sector_num * BDRV_SECTOR_SIZE; + +-#ifdef CONFIG_FIEMAP +- +- BDRVRawState *s = bs->opaque; +- struct { +- struct fiemap fm; +- struct fiemap_extent fe; +- } f; +- +- f.fm.fm_start = start; +- f.fm.fm_length = (int64_t)nb_sectors * BDRV_SECTOR_SIZE; +- f.fm.fm_flags = FIEMAP_FLAG_SYNC; +- f.fm.fm_extent_count = 1; +- f.fm.fm_reserved = 0; +- if (ioctl(s->fd, FS_IOC_FIEMAP, &f) == -1) { +- /* Assume everything is allocated. */ +- *pnum = nb_sectors; +- return 1; +- } +- +- if (f.fm.fm_mapped_extents == 0) { +- /* No extents found, data is beyond f.fm.fm_start + f.fm.fm_length. +- * f.fm.fm_start + f.fm.fm_length must be clamped to the file size! +- */ +- off_t length = lseek(s->fd, 0, SEEK_END); +- hole = f.fm.fm_start; +- data = MIN(f.fm.fm_start + f.fm.fm_length, length); +- } else { +- data = f.fe.fe_logical; +- hole = f.fe.fe_logical + f.fe.fe_length; +- } +- +-#elif defined SEEK_HOLE && defined SEEK_DATA ++#if defined SEEK_HOLE && defined SEEK_DATA + + BDRVRawState *s = bs->opaque; + diff --git a/qemu.spec b/qemu.spec index d4e7548..690c3bd 100644 --- a/qemu.spec +++ b/qemu.spec @@ -139,7 +139,7 @@ Summary: QEMU is a FAST! processor emulator Name: qemu Version: 1.6.2 -Release: 11%{?dist} +Release: 12%{?dist} Epoch: 2 License: GPLv2+ and LGPLv2+ and BSD Group: Development/Tools @@ -377,6 +377,9 @@ Patch0422: 0422-kvmclock-Ensure-proper-env-tsc-value-for-kvmclock_cu.patch # CVE-2014-7840: insufficient parameter validation during ram load (bz # #1163080) Patch0423: 0423-migration-fix-parameter-validation-on-ram-load.patch +# Fix qemu-img convert corruption for unflushed files (bz #1167249) +Patch0424: 0424-block-raw-posix-Fix-disk-corruption-in-try_fiemap.patch +Patch0425: 0425-raw-posix-Drop-fiemap.patch BuildRequires: SDL-devel BuildRequires: zlib-devel @@ -1086,6 +1089,9 @@ CAC emulation development files. # CVE-2014-7840: insufficient parameter validation during ram load (bz # #1163080) %patch0423 -p1 +# Fix qemu-img convert corruption for unflushed files (bz #1167249) +%patch0424 -p1 +%patch0425 -p1 %build @@ -1793,6 +1799,9 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Tue Dec 09 2014 Cole Robinson - 2:1.6.2-12 +- Fix qemu-img convert corruption for unflushed files (bz #1167249) + * Sun Nov 30 2014 Cole Robinson - 2:1.6.2-11 - Fix SLES11 migration issue (bz #1109427) - CVE-2014-7840: insufficient parameter validation during ram load (bz