From 3461fe0b46f3d1448b51e656e04210192d1287affe4281ab39e819be1344c449 Mon Sep 17 00:00:00 2001
From: Bruce Rogers <brogers@suse.com>
Date: Thu, 7 Nov 2019 20:37:13 +0000
Subject: [PATCH] Accepting request 746404 from
 home:bfrogers:branches:Virtualization

Fix two more qcow2 storage related bugs identified recently by upstream.

OBS-URL: https://build.opensuse.org/request/show/746404
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=507
---
 bundles.tar.xz                                |  4 +-
 qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch  | 33 ++++++++
 ...2-bitmap-Fix-uint64_t-left-shift-ove.patch | 66 +++++++++++++++
 qemu.changes                                  |  8 ++
 qemu.spec                                     | 84 ++++++++++---------
 5 files changed, 153 insertions(+), 42 deletions(-)
 create mode 100644 qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch
 create mode 100644 qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch

diff --git a/bundles.tar.xz b/bundles.tar.xz
index 72715411..575cbd3b 100644
--- a/bundles.tar.xz
+++ b/bundles.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:ab74c500798292a89444c80690bf83f6aad325186f5f98047951dd78c52c3bd0
-size 59948
+oid sha256:4c674d3cdda7189a79c9f7babf6858dddc3bf621d19f43e80cacf8fb6c85cc12
+size 60840
diff --git a/qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch b/qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch
new file mode 100644
index 00000000..04e89ec7
--- /dev/null
+++ b/qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch
@@ -0,0 +1,33 @@
+From: Max Reitz <mreitz@redhat.com>
+Date: Mon, 28 Oct 2019 17:18:40 +0100
+Subject: qcow2: Fix QCOW2_COMPRESSED_SECTOR_MASK
+
+Git-commit: 24552feb6ae2f615b76c2b95394af43901f75046
+
+Masks for L2 table entries should have 64 bit.
+
+Fixes: b6c246942b14d3e0dec46a6c5868ed84e7dbea19
+Buglink: https://bugs.launchpad.net/qemu/+bug/1850000
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Max Reitz <mreitz@redhat.com>
+Message-id: 20191028161841.1198-2-mreitz@redhat.com
+Reviewed-by: Alberto Garcia <berto@igalia.com>
+Signed-off-by: Max Reitz <mreitz@redhat.com>
+Signed-off-by: Bruce Rogers <brogers@suse.com>
+---
+ block/qcow2.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/block/qcow2.h b/block/qcow2.h
+index fc1b0d3c1e1e3110e86f36f0dcd9..359197f89fb9547d861d852cbf68 100644
+--- a/block/qcow2.h
++++ b/block/qcow2.h
+@@ -77,7 +77,7 @@
+ 
+ /* Defined in the qcow2 spec (compressed cluster descriptor) */
+ #define QCOW2_COMPRESSED_SECTOR_SIZE 512U
+-#define QCOW2_COMPRESSED_SECTOR_MASK (~(QCOW2_COMPRESSED_SECTOR_SIZE - 1))
++#define QCOW2_COMPRESSED_SECTOR_MASK (~(QCOW2_COMPRESSED_SECTOR_SIZE - 1ULL))
+ 
+ /* Must be at least 2 to cover COW */
+ #define MIN_L2_CACHE_SIZE 2 /* cache entries */
diff --git a/qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch b/qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch
new file mode 100644
index 00000000..a891a027
--- /dev/null
+++ b/qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch
@@ -0,0 +1,66 @@
+From: Tuguoyi <tu.guoyi@h3c.com>
+Date: Fri, 1 Nov 2019 07:37:35 +0000
+Subject: qcow2-bitmap: Fix uint64_t left-shift overflow
+
+Git-commit: 570542ecb11e04b61ef4b3f4d0965a6915232a88
+
+There are two issues in In check_constraints_on_bitmap(),
+1) The sanity check on the granularity will cause uint64_t
+integer left-shift overflow when cluster_size is 2M and the
+granularity is BIGGER than 32K.
+2) The way to calculate image size that the maximum bitmap
+supported can map to is a bit incorrect.
+This patch fix it by add a helper function to calculate the
+number of bytes needed by a normal bitmap in image and compare
+it to the maximum bitmap bytes supported by qemu.
+
+Fixes: 5f72826e7fc62167cf3a
+Signed-off-by: Guoyi Tu <tu.guoyi@h3c.com>
+Message-id: 4ba40cd1e7ee4a708b40899952e49f22@h3c.com
+Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Max Reitz <mreitz@redhat.com>
+Signed-off-by: Bruce Rogers <brogers@suse.com>
+---
+ block/qcow2-bitmap.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c
+index b2487101edec0bdde613c561da89..65034da1c0766603d273c200797d 100644
+--- a/block/qcow2-bitmap.c
++++ b/block/qcow2-bitmap.c
+@@ -142,6 +142,13 @@ static int check_table_entry(uint64_t entry, int cluster_size)
+     return 0;
+ }
+ 
++static int64_t get_bitmap_bytes_needed(int64_t len, uint32_t granularity)
++{
++    int64_t num_bits = DIV_ROUND_UP(len, granularity);
++
++    return DIV_ROUND_UP(num_bits, 8);
++}
++
+ static int check_constraints_on_bitmap(BlockDriverState *bs,
+                                        const char *name,
+                                        uint32_t granularity,
+@@ -150,6 +157,7 @@ static int check_constraints_on_bitmap(BlockDriverState *bs,
+     BDRVQcow2State *s = bs->opaque;
+     int granularity_bits = ctz32(granularity);
+     int64_t len = bdrv_getlength(bs);
++    int64_t bitmap_bytes;
+ 
+     assert(granularity > 0);
+     assert((granularity & (granularity - 1)) == 0);
+@@ -171,9 +179,9 @@ static int check_constraints_on_bitmap(BlockDriverState *bs,
+         return -EINVAL;
+     }
+ 
+-    if ((len > (uint64_t)BME_MAX_PHYS_SIZE << granularity_bits) ||
+-        (len > (uint64_t)BME_MAX_TABLE_SIZE * s->cluster_size <<
+-               granularity_bits))
++    bitmap_bytes = get_bitmap_bytes_needed(len, granularity);
++    if ((bitmap_bytes > (uint64_t)BME_MAX_PHYS_SIZE) ||
++        (bitmap_bytes > (uint64_t)BME_MAX_TABLE_SIZE * s->cluster_size))
+     {
+         error_setg(errp, "Too much space will be occupied by the bitmap. "
+                    "Use larger granularity");
diff --git a/qemu.changes b/qemu.changes
index 8c9c6aea..59bf50c5 100644
--- a/qemu.changes
+++ b/qemu.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Nov  7 19:02:39 UTC 2019 - Bruce Rogers <brogers@suse.com>
+
+- Fix two issues with qcow2 image processing which could affect
+  disk integrity
+  qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch
+  qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch
+
 -------------------------------------------------------------------
 Wed Nov  6 20:43:48 UTC 2019 - Bruce Rogers <brogers@suse.com>
 
diff --git a/qemu.spec b/qemu.spec
index 25fbf30a..ce55ae2a 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -154,46 +154,48 @@ Patch00028:     util-iov-introduce-qemu_iovec_init_exten.patch
 Patch00029:     block-Make-wait-mark-serialising-request.patch
 Patch00030:     block-Add-bdrv_co_get_self_request.patch
 Patch00031:     block-file-posix-Let-post-EOF-fallocate-.patch
-Patch00032:     XXX-dont-dump-core-on-sigabort.patch
-Patch00033:     qemu-binfmt-conf-Modify-default-path.patch
-Patch00034:     qemu-cvs-gettimeofday.patch
-Patch00035:     qemu-cvs-ioctl_debug.patch
-Patch00036:     qemu-cvs-ioctl_nodirection.patch
-Patch00037:     linux-user-add-binfmt-wrapper-for-argv-0.patch
-Patch00038:     PPC-KVM-Disable-mmu-notifier-check.patch
-Patch00039:     linux-user-binfmt-support-host-binaries.patch
-Patch00040:     linux-user-Fake-proc-cpuinfo.patch
-Patch00041:     linux-user-use-target_ulong.patch
-Patch00042:     Make-char-muxer-more-robust-wrt-small-FI.patch
-Patch00043:     linux-user-lseek-explicitly-cast-non-set.patch
-Patch00044:     AIO-Reduce-number-of-threads-for-32bit-h.patch
-Patch00045:     xen_disk-Add-suse-specific-flush-disable.patch
-Patch00046:     qemu-bridge-helper-reduce-security-profi.patch
-Patch00047:     qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
-Patch00048:     linux-user-properly-test-for-infinite-ti.patch
-Patch00049:     roms-Makefile-pass-a-packaging-timestamp.patch
-Patch00050:     Raise-soft-address-space-limit-to-hard-l.patch
-Patch00051:     increase-x86_64-physical-bits-to-42.patch
-Patch00052:     vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch
-Patch00053:     i8254-Fix-migration-from-SLE11-SP2.patch
-Patch00054:     acpi_piix4-Fix-migration-from-SLE11-SP2.patch
-Patch00055:     Switch-order-of-libraries-for-mpath-supp.patch
-Patch00056:     Make-installed-scripts-explicitly-python.patch
-Patch00057:     hw-smbios-handle-both-file-formats-regar.patch
-Patch00058:     xen-add-block-resize-support-for-xen-dis.patch
-Patch00059:     tests-qemu-iotests-Triple-timeout-of-i-o.patch
-Patch00060:     tests-Fix-block-tests-to-be-compatible-w.patch
-Patch00061:     xen-ignore-live-parameter-from-xen-save-.patch
-Patch00062:     Conditionalize-ui-bitmap-installation-be.patch
-Patch00063:     tests-change-error-message-in-test-162.patch
-Patch00064:     hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch
-Patch00065:     hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch
-Patch00066:     hw-intc-exynos4210_gic-provide-more-room.patch
-Patch00067:     configure-only-populate-roms-if-softmmu.patch
-Patch00068:     pc-bios-s390-ccw-net-avoid-warning-about.patch
-Patch00069:     roms-change-cross-compiler-naming-to-be-.patch
-Patch00070:     tests-Disable-some-block-tests-for-now.patch
-Patch00071:     test-add-mapping-from-arch-of-i686-to-qe.patch
+Patch00032:     qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch
+Patch00033:     qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch
+Patch00034:     XXX-dont-dump-core-on-sigabort.patch
+Patch00035:     qemu-binfmt-conf-Modify-default-path.patch
+Patch00036:     qemu-cvs-gettimeofday.patch
+Patch00037:     qemu-cvs-ioctl_debug.patch
+Patch00038:     qemu-cvs-ioctl_nodirection.patch
+Patch00039:     linux-user-add-binfmt-wrapper-for-argv-0.patch
+Patch00040:     PPC-KVM-Disable-mmu-notifier-check.patch
+Patch00041:     linux-user-binfmt-support-host-binaries.patch
+Patch00042:     linux-user-Fake-proc-cpuinfo.patch
+Patch00043:     linux-user-use-target_ulong.patch
+Patch00044:     Make-char-muxer-more-robust-wrt-small-FI.patch
+Patch00045:     linux-user-lseek-explicitly-cast-non-set.patch
+Patch00046:     AIO-Reduce-number-of-threads-for-32bit-h.patch
+Patch00047:     xen_disk-Add-suse-specific-flush-disable.patch
+Patch00048:     qemu-bridge-helper-reduce-security-profi.patch
+Patch00049:     qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
+Patch00050:     linux-user-properly-test-for-infinite-ti.patch
+Patch00051:     roms-Makefile-pass-a-packaging-timestamp.patch
+Patch00052:     Raise-soft-address-space-limit-to-hard-l.patch
+Patch00053:     increase-x86_64-physical-bits-to-42.patch
+Patch00054:     vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch
+Patch00055:     i8254-Fix-migration-from-SLE11-SP2.patch
+Patch00056:     acpi_piix4-Fix-migration-from-SLE11-SP2.patch
+Patch00057:     Switch-order-of-libraries-for-mpath-supp.patch
+Patch00058:     Make-installed-scripts-explicitly-python.patch
+Patch00059:     hw-smbios-handle-both-file-formats-regar.patch
+Patch00060:     xen-add-block-resize-support-for-xen-dis.patch
+Patch00061:     tests-qemu-iotests-Triple-timeout-of-i-o.patch
+Patch00062:     tests-Fix-block-tests-to-be-compatible-w.patch
+Patch00063:     xen-ignore-live-parameter-from-xen-save-.patch
+Patch00064:     Conditionalize-ui-bitmap-installation-be.patch
+Patch00065:     tests-change-error-message-in-test-162.patch
+Patch00066:     hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch
+Patch00067:     hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch
+Patch00068:     hw-intc-exynos4210_gic-provide-more-room.patch
+Patch00069:     configure-only-populate-roms-if-softmmu.patch
+Patch00070:     pc-bios-s390-ccw-net-avoid-warning-about.patch
+Patch00071:     roms-change-cross-compiler-naming-to-be-.patch
+Patch00072:     tests-Disable-some-block-tests-for-now.patch
+Patch00073:     test-add-mapping-from-arch-of-i686-to-qe.patch
 # Patches applied in roms/seabios/:
 Patch01000:     seabios-use-python2-explicitly-as-needed.patch
 Patch01001:     seabios-switch-to-python3-as-needed.patch
@@ -955,6 +957,8 @@ This package provides a service file for starting and stopping KSM.
 %patch00069 -p1
 %patch00070 -p1
 %patch00071 -p1
+%patch00072 -p1
+%patch00073 -p1
 %patch01000 -p1
 %patch01001 -p1
 %patch01002 -p1