xemu/tests
Alberto Garcia 184581fa4d qcow2: Fix removal of list members from BDRVQcow2State.cluster_allocs
When a write request needs to allocate new clusters (or change the L2
bitmap of existing ones) a QCowL2Meta structure is created so the L2
metadata can be later updated and any copy-on-write can be performed
if necessary.

A write request can span a region consisting of an arbitrary
combination of previously unallocated and allocated clusters, and if
the unallocated ones can be put contiguous to the existing ones then
QEMU will do so in order to minimize the number of write operations.

In practice this means that a write request has not just one but a
number of QCowL2Meta structures. All of them are added to the
cluster_allocs list that is stored in BDRVQcow2State and is used to
detect overlapping requests. After the write request finishes all its
associated QCowL2Meta are removed from that list. calculate_l2_meta()
takes care of creating and putting those structures in the list, and
qcow2_handle_l2meta() takes care of removing them.

The problem is that the error path in handle_alloc() also tries to
remove an item in that list, a remnant from the time when this was
handled there (that code would not even be correct anymore because
it only removes one struct and not all the ones from the same write
request).

This can trigger a double removal of the same item from the list,
causing a crash. This is not easy to reproduce in practice because
it requires that do_alloc_cluster_offset() fails after a successful
previous allocation during the same write request, but it can be
reproduced with the included test case.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-Id: <3440a1c4d53c4fe48312b478c96accb338cbef7c.1599150873.git.berto@igalia.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-09-15 11:05:13 +02:00
..
acceptance tests/acceptance: console boot tests for quanta-gsj 2020-09-14 14:24:59 +01:00
data tests: acpi: update "virt/SSDT.memhp" for edk2-stable202008 2020-09-13 23:03:15 +02:00
decode decodetree: Improve identifier matching 2020-09-14 14:23:19 +01:00
docker Makefile: inline the relevant parts of rules.mak 2020-09-08 11:43:16 +02:00
fp meson: convert tests/fp and check-softfloat 2020-08-21 06:30:15 -04:00
guest-debug tests/guest-debug: catch hanging guests 2020-05-15 15:25:07 +01:00
image-fuzzer image-fuzzer: Use OSerror.strerror instead of tuple subscript 2019-11-05 16:36:11 +01:00
include meson: build qapi tests library 2020-09-08 07:17:09 +02:00
keys
migration meson: convert migration/initrd-stress 2020-09-08 11:43:16 +02:00
multiboot meson: link emulators without Makefile.target 2020-08-21 06:30:40 -04:00
perf/block/qcow2
plugin plugins: move the more involved plugins to contrib 2020-09-10 10:47:03 +01:00
qapi-schema qapi: Make section headings start a new doc comment block 2020-09-07 16:35:16 +02:00
qemu-iotests qcow2: Fix removal of list members from BDRVQcow2State.cluster_allocs 2020-09-15 11:05:13 +02:00
qtest tests: acpi: update "virt/SSDT.memhp" for edk2-stable202008 2020-09-13 23:03:15 +02:00
rocker
tcg plugins: move the more involved plugins to contrib 2020-09-10 10:47:03 +01:00
tsan tests/docker: Added docker build support for TSan. 2020-06-16 14:49:05 +01:00
uefi-test-tools roms/efirom, tests/uefi-test-tools: update edk2's own submodules first 2020-09-13 23:03:14 +02:00
vm meson: convert po/ 2020-08-21 06:30:45 -04:00
vmstate-static-checker-data
.gitignore tests/tcg/aarch64: add a gdbstub testcase for SVE registers 2020-03-17 17:38:47 +00:00
atomic64-bench.c
atomic_add-bench.c
benchmark-crypto-cipher.c tests: fix output message formatting for crypto benchmarks 2020-09-10 11:02:17 +01:00
benchmark-crypto-hash.c tests: fix output message formatting for crypto benchmarks 2020-09-10 11:02:17 +01:00
benchmark-crypto-hmac.c tests: fix output message formatting for crypto benchmarks 2020-09-10 11:02:17 +01:00
check-block-qdict.c tests: Use error_free_or_abort() where appropriate 2020-07-02 06:25:28 +02:00
check-block.sh check-block: enable iotests with SafeStack 2020-06-23 15:46:05 +01:00
check-qdict.c
check-qjson.c test: Use g_strndup instead of plain strndup 2019-08-21 10:27:13 +02:00
check-qlist.c qobject: Eliminate qlist_iter(), use QLIST_FOREACH_ENTRY() instead 2020-04-30 06:51:15 +02:00
check-qlit.c
check-qnull.c
check-qnum.c
check-qobject.c tests: Use &error_abort where appropriate 2020-07-02 06:25:28 +02:00
check-qom-interface.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
check-qom-proplist.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
check-qstring.c
crypto-tls-psk-helpers.c
crypto-tls-psk-helpers.h
crypto-tls-x509-helpers.c crypto: use a stronger private key for tests 2020-07-17 14:20:57 +02:00
crypto-tls-x509-helpers.h
dbus-vmstate-daemon.sh tests: add dbus-vmstate-test 2020-01-06 18:41:32 +04:00
io-channel-helpers.c
io-channel-helpers.h
iothread.c tests/iothread: Always connect iothread GSource to a GMainContext 2020-01-07 14:32:57 +00:00
iothread.h
Makefile.include plugins: move the more involved plugins to contrib 2020-09-10 10:47:03 +01:00
meson.build tests/meson.build: fp tests don't need CONFIG_TCG 2020-09-10 10:43:57 +01:00
pkix_asn1_tab.c
ptimer-test-stubs.c util/qemu-timer: refactor deadline calculation for external timers 2019-08-20 17:26:21 +02:00
ptimer-test.c tests/ptimer: Remove unnecessary inclusion of libqtest.h 2020-01-12 11:42:40 +01:00
ptimer-test.h
qht-bench.c tests/qht-bench: Adjust threshold computation 2020-07-11 15:53:00 +01:00
rcutorture.c tests/rcutorture: mild documenting refactor of update thread 2020-02-25 17:42:59 +00:00
requirements.txt tests: bump avocado version 2020-09-10 10:46:46 +01:00
socket-helpers.c tests: specify the address family when checking bind 2019-08-22 17:30:25 +04:00
socket-helpers.h tests: specify the address family when checking bind 2019-08-22 17:30:25 +04:00
test-aio-multithread.c
test-aio.c util/async: make bh_aio_poll() O(1) 2020-02-22 08:26:47 +00:00
test-authz-list.c
test-authz-listfile.c
test-authz-pam.c
test-authz-simple.c
test-base64.c tests: Use error_free_or_abort() where appropriate 2020-07-02 06:25:28 +02:00
test-bdrv-drain.c block: Drop @child_class from bdrv_child_perm() 2020-05-18 19:05:25 +02:00
test-bdrv-graph-mod.c tests: Use error_free_or_abort() where appropriate 2020-07-02 06:25:28 +02:00
test-bitcnt.c
test-bitmap.c tests: use g_test_rand_int 2019-12-17 09:05:23 +01:00
test-bitops.c
test-block-backend.c Include qemu/main-loop.h less 2019-08-16 13:31:52 +02:00
test-block-iothread.c tests: Use error_free_or_abort() where appropriate 2020-07-02 06:25:28 +02:00
test-blockjob-txn.c job: drop job_drain 2019-09-10 08:58:43 +02:00
test-blockjob.c job: take each job's lock individually in job_txn_apply 2020-04-07 14:34:47 +02:00
test-bufferiszero.c
test-char.c test-char: abort on serial test error 2020-07-28 18:27:59 +04:00
test-clone-visitor.c
test-coroutine.c
test-crypto-afsplit.c
test-crypto-block.c
test-crypto-cipher.c tests: Use error_free_or_abort() where appropriate 2020-07-02 06:25:28 +02:00
test-crypto-hash.c
test-crypto-hmac.c
test-crypto-ivgen.c
test-crypto-pbkdf.c
test-crypto-secret.c meson: declare keyutils dependency 2020-09-08 07:17:09 +02:00
test-crypto-tlscredsx509.c glib: use portable g_setenv() 2019-12-17 09:05:23 +01:00
test-crypto-tlssession.c glib: use portable g_setenv() 2019-12-17 09:05:23 +01:00
test-crypto-xts.c
test-cutils.c
test-hbitmap.c block/dirty-bitmap: improve _next_dirty_area API 2020-03-18 14:03:46 -04:00
test-image-locking.c Include qemu/main-loop.h less 2019-08-16 13:31:52 +02:00
test-int128.c
test-io-channel-buffer.c
test-io-channel-command.c
test-io-channel-file.c
test-io-channel-socket.c socket: Add num connections to qio_channel_socket_async() 2019-09-03 23:24:42 +02:00
test-io-channel-tls.c glib: use portable g_setenv() 2019-12-17 09:05:23 +01:00
test-io-task.c tests: Use error_free_or_abort() where appropriate 2020-07-02 06:25:28 +02:00
test-iov.c
test-keyval.c test-keyval: Tighten test of trailing crap after size 2019-12-18 12:28:44 +01:00
test-logging.c tests: Use &error_abort where appropriate 2020-07-02 06:25:28 +02:00
test-mul64.c
test-opts-visitor.c
test-qapi-util.c
test-qdev-global-props.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
test-qdist.c
test-qemu-opts.c tests: Use &error_abort where appropriate 2020-07-02 06:25:28 +02:00
test-qga.c meson: convert the unit tests 2020-09-08 11:43:16 +02:00
test-qgraph.c meson: convert tests/qtest to meson 2020-08-21 06:30:20 -04:00
test-qht-par.c
test-qht.c
test-qmp-cmds.c qapi: Add feature flags to remaining definitions 2020-03-17 19:58:34 +01:00
test-qmp-event.c tests/test-qmp-event: Check event is actually emitted 2020-03-17 19:58:34 +01:00
test-qobject-input-visitor.c qapi: enable use of g_autoptr with QAPI types 2020-09-03 09:38:36 +02:00
test-qobject-output-visitor.c qapi: Assert output visitors see only valid enum values 2020-04-30 07:26:09 +02:00
test-rcu-list.c tests: Fix a bug with count variables 2020-03-06 10:35:15 +00:00
test-rcu-simpleq.c
test-rcu-slist.c rcu_queue: add QSLIST functions 2020-02-22 08:26:47 +00:00
test-rcu-tailq.c
test-replication.c tests: handling signal on win32 properly 2020-09-06 20:26:43 +02:00
test-shift128.c
test-string-input-visitor.c tests: Use &error_abort where appropriate 2020-07-02 06:25:28 +02:00
test-string-output-visitor.c tests: Use &error_abort where appropriate 2020-07-02 06:25:28 +02:00
test-thread-pool.c
test-throttle.c test-throttle: Fix uninitialized use of burst_length 2019-08-20 17:26:19 +02:00
test-timed-average.c
test-util-filemonitor.c tests: Fixes building test-util-filemonitor.c on msys2/mingw 2020-09-07 12:34:17 +02:00
test-util-sockets.c tests: fix a memory in test_socket_unix_abstract_good 2020-08-25 11:49:49 +01:00
test-uuid.c
test-visitor-serialization.c
test-vmstate.c test-vmstate: remove unnecessary code in match_interval_mapping_node 2020-09-10 16:20:49 +02:00
test-write-threshold.c
test-x86-cpuid.c Revert "hw/i386: Update structures to save the number of nodes per package" 2020-09-02 07:29:26 -04:00
test-xbzrle.c
vhost-user-bridge.c core: replace getpagesize() with qemu_real_host_page_size 2019-10-26 15:38:06 +02:00