mirror of
				https://github.com/qemu/qemu.git
				synced 2025-10-25 19:32:47 +00:00 
			
		
		
		
	 3be2024aef
			
		
	
	
		3be2024aef
		
	
	
	
	
		
			
			Signed-off-by: Max Reitz <mreitz@redhat.com> Message-id: 20191107163708.833192-22-mreitz@redhat.com [mreitz: Also disable 273] Signed-off-by: Max Reitz <mreitz@redhat.com>
		
			
				
	
	
		
			205 lines
		
	
	
		
			8.2 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			205 lines
		
	
	
		
			8.2 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
| #!/usr/bin/env bash
 | |
| #
 | |
| # qcow2 format input validation tests
 | |
| #
 | |
| # Copyright (C) 2013 Red Hat, Inc.
 | |
| #
 | |
| # This program is free software; you can redistribute it and/or modify
 | |
| # it under the terms of the GNU General Public License as published by
 | |
| # the Free Software Foundation; either version 2 of the License, or
 | |
| # (at your option) any later version.
 | |
| #
 | |
| # This program is distributed in the hope that it will be useful,
 | |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
| # GNU General Public License for more details.
 | |
| #
 | |
| # You should have received a copy of the GNU General Public License
 | |
| # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 | |
| #
 | |
| 
 | |
| # creator
 | |
| owner=kwolf@redhat.com
 | |
| 
 | |
| seq=`basename $0`
 | |
| echo "QA output created by $seq"
 | |
| 
 | |
| status=1	# failure is the default!
 | |
| 
 | |
| _cleanup()
 | |
| {
 | |
|     _rm_test_img "$TEST_IMG.snap"
 | |
|     _cleanup_test_img
 | |
| }
 | |
| trap "_cleanup; exit \$status" 0 1 2 3 15
 | |
| 
 | |
| # get standard environment, filters and checks
 | |
| . ./common.rc
 | |
| . ./common.filter
 | |
| 
 | |
| _supported_fmt qcow2
 | |
| _supported_proto file
 | |
| _supported_os Linux
 | |
| # - Internal snapshots are (currently) impossible with refcount_bits=1,
 | |
| #   and generally impossible with external data files
 | |
| # - This is generally a test for compat=1.1 images
 | |
| _unsupported_imgopts 'refcount_bits=1[^0-9]' data_file 'compat=0.10'
 | |
| 
 | |
| header_size=104
 | |
| 
 | |
| offset_backing_file_offset=8
 | |
| offset_backing_file_size=16
 | |
| offset_l1_size=36
 | |
| offset_l1_table_offset=40
 | |
| offset_refcount_table_offset=48
 | |
| offset_refcount_table_clusters=56
 | |
| offset_nb_snapshots=60
 | |
| offset_snapshots_offset=64
 | |
| offset_header_size=100
 | |
| offset_ext_magic=$header_size
 | |
| offset_ext_size=$((header_size + 4))
 | |
| 
 | |
| offset_l2_table_0=$((0x40000))
 | |
| 
 | |
| offset_snap1=$((0x70000))
 | |
| offset_snap1_l1_offset=$((offset_snap1 + 0))
 | |
| offset_snap1_l1_size=$((offset_snap1 + 8))
 | |
| 
 | |
| echo
 | |
| echo "== Huge header size =="
 | |
| _make_test_img 64M
 | |
| poke_file "$TEST_IMG" "$offset_header_size" "\xff\xff\xff\xff"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| poke_file "$TEST_IMG" "$offset_header_size" "\x7f\xff\xff\xff"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| 
 | |
| echo
 | |
| echo "== Huge unknown header extension =="
 | |
| _make_test_img 64M
 | |
| poke_file "$TEST_IMG" "$offset_backing_file_offset" "\xff\xff\xff\xff\xff\xff\xff\xff"
 | |
| poke_file "$TEST_IMG" "$offset_ext_magic" "\x12\x34\x56\x78"
 | |
| poke_file "$TEST_IMG" "$offset_ext_size" "\x7f\xff\xff\xff"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\x00\x00\x00\x00\x$(printf %x $offset_ext_size)"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\x00\x00\x00\x00\x00"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| 
 | |
| echo
 | |
| echo "== Huge refcount table size =="
 | |
| _make_test_img 64M
 | |
| poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\xff\xff\xff\xff"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\x00\x02\x00\x01"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| 
 | |
| echo
 | |
| echo "== Misaligned refcount table =="
 | |
| _make_test_img 64M
 | |
| poke_file "$TEST_IMG" "$offset_refcount_table_offset" "\x12\x34\x56\x78\x90\xab\xcd\xef"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| 
 | |
| echo
 | |
| echo "== Huge refcount offset =="
 | |
| _make_test_img 64M
 | |
| poke_file "$TEST_IMG" "$offset_refcount_table_offset" "\xff\xff\xff\xff\xff\xff\x00\x00"
 | |
| poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\x00\x00\x00\x7f"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| 
 | |
| echo
 | |
| echo "== Invalid snapshot table =="
 | |
| _make_test_img 64M
 | |
| poke_file "$TEST_IMG" "$offset_nb_snapshots" "\xff\xff\xff\xff"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x7f\xff\xff\xff"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| 
 | |
| poke_file "$TEST_IMG" "$offset_snapshots_offset" "\xff\xff\xff\xff\xff\xff\x00\x00"
 | |
| poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x00\x00\xff\xff"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| 
 | |
| poke_file "$TEST_IMG" "$offset_snapshots_offset" "\x12\x34\x56\x78\x90\xab\xcd\xef"
 | |
| poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x00\x00\x00\x00"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| 
 | |
| echo
 | |
| echo "== Hitting snapshot table size limit =="
 | |
| _make_test_img 64M
 | |
| # Put the refcount table in a more or less safe place (16 MB)
 | |
| poke_file "$TEST_IMG" "$offset_snapshots_offset" "\x00\x00\x00\x00\x01\x00\x00\x00"
 | |
| poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x00\x01\x00\x00"
 | |
| { $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_testdir
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| 
 | |
| echo
 | |
| echo "== Invalid L1 table =="
 | |
| _make_test_img 64M
 | |
| poke_file "$TEST_IMG" "$offset_l1_size" "\xff\xff\xff\xff"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| poke_file "$TEST_IMG" "$offset_l1_size" "\x7f\xff\xff\xff"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| 
 | |
| poke_file "$TEST_IMG" "$offset_l1_table_offset" "\x7f\xff\xff\xff\xff\xff\x00\x00"
 | |
| poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\xff\xff"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| 
 | |
| poke_file "$TEST_IMG" "$offset_l1_table_offset" "\x12\x34\x56\x78\x90\xab\xcd\xef"
 | |
| poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\x00\x01"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| 
 | |
| echo
 | |
| echo "== Invalid L1 table (with internal snapshot in the image) =="
 | |
| _make_test_img 64M
 | |
| { $QEMU_IMG snapshot -c foo $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\x00\x00"
 | |
| _img_info
 | |
| 
 | |
| echo
 | |
| echo "== Invalid backing file size =="
 | |
| _make_test_img 64M
 | |
| poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\x00\x00\x00\x10\x00"
 | |
| poke_file "$TEST_IMG" "$offset_backing_file_size" "\xff\xff\xff\xff"
 | |
| { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| 
 | |
| echo
 | |
| echo "== Invalid L2 entry (huge physical offset) =="
 | |
| _make_test_img 64M
 | |
| { $QEMU_IO -c "write 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| poke_file "$TEST_IMG" "$offset_l2_table_0" "\xbf\xff\xff\xff\xff\xff\x00\x00"
 | |
| { $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| poke_file "$TEST_IMG" "$offset_l2_table_0" "\x80\x00\x00\xff\xff\xff\x00\x00"
 | |
| { $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| 
 | |
| echo
 | |
| echo "== Invalid snapshot L1 table offset =="
 | |
| _make_test_img 64M
 | |
| { $QEMU_IO -c "write 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| { $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_testdir
 | |
| poke_file "$TEST_IMG" "$offset_snap1_l1_offset" "\x00\x00\x00\x00\x00\x40\x02\x00"
 | |
| { $QEMU_IMG convert -l test $TEST_IMG $TEST_IMG.snap; } 2>&1 | _filter_testdir
 | |
| { $QEMU_IMG amend -o compat=0.10 $TEST_IMG; } 2>&1 | _filter_testdir
 | |
| { $QEMU_IO -c "open -o overlap-check.inactive-l2=on $TEST_IMG" \
 | |
|            -c 'write 0 4k'; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| { $QEMU_IMG snapshot -a test $TEST_IMG; } 2>&1 | _filter_testdir
 | |
| { $QEMU_IMG snapshot -d test $TEST_IMG; } 2>&1 | _filter_testdir
 | |
| _check_test_img
 | |
| 
 | |
| echo
 | |
| echo "== Invalid snapshot L1 table size =="
 | |
| _make_test_img 64M
 | |
| { $QEMU_IO -c "write 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| { $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_testdir
 | |
| poke_file "$TEST_IMG" "$offset_snap1_l1_size" "\x10\x00\x00\x00"
 | |
| { $QEMU_IMG convert -l test $TEST_IMG $TEST_IMG.snap; } 2>&1 | _filter_testdir
 | |
| { $QEMU_IMG amend -o compat=0.10 $TEST_IMG; } 2>&1 | _filter_testdir
 | |
| { $QEMU_IO -c "open -o overlap-check.inactive-l2=on $TEST_IMG" \
 | |
|            -c 'write 0 4k'; } 2>&1 | _filter_qemu_io | _filter_testdir
 | |
| { $QEMU_IMG snapshot -a test $TEST_IMG; } 2>&1 | _filter_testdir
 | |
| { $QEMU_IMG snapshot -d test $TEST_IMG; } 2>&1 | _filter_testdir
 | |
| _check_test_img
 | |
| 
 | |
| # success, all done
 | |
| echo "*** done"
 | |
| rm -f $seq.full
 | |
| status=0
 |