Skip to content

Commit

Permalink
Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-0…
Browse files Browse the repository at this point in the history 
…5-13' into staging

Block patches:
- zstd compression for qcow2
- Fix use-after-free

# gpg: Signature made Wed 13 May 2020 15:14:06 BST
# gpg:                using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40
# gpg:                issuer "mreitz@redhat.com"
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full]
# Primary key fingerprint: 91BE B60A 30DB 3E88 57D1  1829 F407 DB00 61D5 CF40

* remotes/maxreitz/tags/pull-block-2020-05-13:
  block/block-copy: fix use-after-free of task pointer
  iotests: 287: add qcow2 compression type test
  qcow2: add zstd cluster compression
  qcow2: rework the cluster compression routine
  qcow2: introduce compression type feature

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
  • Loading branch information
@pm215
pm215 committed May 13, 2020
2 parents d5c75ec + fc9aefc commit d8f9d57
Show file tree
Hide file tree
Showing 30 changed files with 825 additions and 163 deletions.
2 changes: 1 addition & 1 deletion block/block-copy.c
View file
Expand Up @@ -591,13 +591,13 @@ static int coroutine_fn block_copy_dirty_clusters(BlockCopyState *s,
}
if (s->skip_unallocated && !(ret & BDRV_BLOCK_ALLOCATED)) {
block_copy_task_end(task, 0);
g_free(task);
progress_set_remaining(s->progress,
bdrv_get_dirty_count(s->copy_bitmap) +
s->in_flight_bytes);
trace_block_copy_skip_range(s, task->offset, task->bytes);
offset = task_end(task);
bytes = end - offset;
g_free(task);
continue;
}
task->zeroes = ret & BDRV_BLOCK_ZERO;
Expand Down
240 changes: 229 additions & 11 deletions block/qcow2-threads.c
View file
Expand Up @@ -28,6 +28,11 @@
#define ZLIB_CONST
#include <zlib.h>

#ifdef CONFIG_ZSTD
#include <zstd.h>
#include <zstd_errors.h>
#endif

#include "qcow2.h"
#include "block/thread-pool.h"
#include "crypto.h"
Expand Down Expand Up @@ -74,7 +79,9 @@ typedef struct Qcow2CompressData {
} Qcow2CompressData;

/*
* qcow2_compress()
* qcow2_zlib_compress()
*
* Compress @src_size bytes of data using zlib compression method
*
* @dest - destination buffer, @dest_size bytes
* @src - source buffer, @src_size bytes
Expand All @@ -83,8 +90,8 @@ typedef struct Qcow2CompressData {
* -ENOMEM destination buffer is not enough to store compressed data
* -EIO on any other error
*/
static ssize_t qcow2_compress(void *dest, size_t dest_size,
const void *src, size_t src_size)
static ssize_t qcow2_zlib_compress(void *dest, size_t dest_size,
const void *src, size_t src_size)
{
ssize_t ret;
z_stream strm;
Expand Down Expand Up @@ -119,19 +126,19 @@ static ssize_t qcow2_compress(void *dest, size_t dest_size,
}

/*
* qcow2_decompress()
* qcow2_zlib_decompress()
*
* Decompress some data (not more than @src_size bytes) to produce exactly
* @dest_size bytes.
* @dest_size bytes using zlib compression method
*
* @dest - destination buffer, @dest_size bytes
* @src - source buffer, @src_size bytes
*
* Returns: 0 on success
* -EIO on fail
*/
static ssize_t qcow2_decompress(void *dest, size_t dest_size,
const void *src, size_t src_size)
static ssize_t qcow2_zlib_decompress(void *dest, size_t dest_size,
const void *src, size_t src_size)
{
int ret;
z_stream strm;
Expand Down Expand Up @@ -164,6 +171,160 @@ static ssize_t qcow2_decompress(void *dest, size_t dest_size,
return ret;
}

#ifdef CONFIG_ZSTD

/*
* qcow2_zstd_compress()
*
* Compress @src_size bytes of data using zstd compression method
*
* @dest - destination buffer, @dest_size bytes
* @src - source buffer, @src_size bytes
*
* Returns: compressed size on success
* -ENOMEM destination buffer is not enough to store compressed data
* -EIO on any other error
*/
static ssize_t qcow2_zstd_compress(void *dest, size_t dest_size,
const void *src, size_t src_size)
{
ssize_t ret;
size_t zstd_ret;
ZSTD_outBuffer output = {
.dst = dest,
.size = dest_size,
.pos = 0
};
ZSTD_inBuffer input = {
.src = src,
.size = src_size,
.pos = 0
};
ZSTD_CCtx *cctx = ZSTD_createCCtx();

if (!cctx) {
return -EIO;
}
/*
* Use the zstd streamed interface for symmetry with decompression,
* where streaming is essential since we don't record the exact
* compressed size.
*
* ZSTD_compressStream2() tries to compress everything it could
* with a single call. Although, ZSTD docs says that:
* "You must continue calling ZSTD_compressStream2() with ZSTD_e_end
* until it returns 0, at which point you are free to start a new frame",
* in out tests we saw the only case when it returned with >0 -
* when the output buffer was too small. In that case,
* ZSTD_compressStream2() expects a bigger buffer on the next call.
* We can't provide a bigger buffer because we are limited with dest_size
* which we pass to the ZSTD_compressStream2() at once.
* So, we don't need any loops and just abort the compression when we
* don't get 0 result on the first call.
*/
zstd_ret = ZSTD_compressStream2(cctx, &output, &input, ZSTD_e_end);

if (zstd_ret) {
if (zstd_ret > output.size - output.pos) {
ret = -ENOMEM;
} else {
ret = -EIO;
}
goto out;
}

/* make sure that zstd didn't overflow the dest buffer */
assert(output.pos <= dest_size);
ret = output.pos;
out:
ZSTD_freeCCtx(cctx);
return ret;
}

/*
* qcow2_zstd_decompress()
*
* Decompress some data (not more than @src_size bytes) to produce exactly
* @dest_size bytes using zstd compression method
*
* @dest - destination buffer, @dest_size bytes
* @src - source buffer, @src_size bytes
*
* Returns: 0 on success
* -EIO on any error
*/
static ssize_t qcow2_zstd_decompress(void *dest, size_t dest_size,
const void *src, size_t src_size)
{
size_t zstd_ret = 0;
ssize_t ret = 0;
ZSTD_outBuffer output = {
.dst = dest,
.size = dest_size,
.pos = 0
};
ZSTD_inBuffer input = {
.src = src,
.size = src_size,
.pos = 0
};
ZSTD_DCtx *dctx = ZSTD_createDCtx();

if (!dctx) {
return -EIO;
}

/*
* The compressed stream from the input buffer may consist of more
* than one zstd frame. So we iterate until we get a fully
* uncompressed cluster.
* From zstd docs related to ZSTD_decompressStream:
* "return : 0 when a frame is completely decoded and fully flushed"
* We suppose that this means: each time ZSTD_decompressStream reads
* only ONE full frame and returns 0 if and only if that frame
* is completely decoded and flushed. Only after returning 0,
* ZSTD_decompressStream reads another ONE full frame.
*/
while (output.pos < output.size) {
size_t last_in_pos = input.pos;
size_t last_out_pos = output.pos;
zstd_ret = ZSTD_decompressStream(dctx, &output, &input);

if (ZSTD_isError(zstd_ret)) {
ret = -EIO;
break;
}

/*
* The ZSTD manual is vague about what to do if it reads
* the buffer partially, and we don't want to get stuck
* in an infinite loop where ZSTD_decompressStream
* returns > 0 waiting for another input chunk. So, we add
* a check which ensures that the loop makes some progress
* on each step.
*/
if (last_in_pos >= input.pos &&
last_out_pos >= output.pos) {
ret = -EIO;
break;
}
}
/*
* Make sure that we have the frame fully flushed here
* if not, we somehow managed to get uncompressed cluster
* greater then the cluster size, possibly because of its
* damage.
*/
if (zstd_ret > 0) {
ret = -EIO;
}

ZSTD_freeDCtx(dctx);
assert(ret == 0 || ret == -EIO);
return ret;
}
#endif

static int qcow2_compress_pool_func(void *opaque)
{
Qcow2CompressData *data = opaque;
Expand Down Expand Up @@ -191,20 +352,77 @@ qcow2_co_do_compress(BlockDriverState *bs, void *dest, size_t dest_size,
return arg.ret;
}

/*
* qcow2_co_compress()
*
* Compress @src_size bytes of data using the compression
* method defined by the image compression type
*
* @dest - destination buffer, @dest_size bytes
* @src - source buffer, @src_size bytes
*
* Returns: compressed size on success
* a negative error code on failure
*/
ssize_t coroutine_fn
qcow2_co_compress(BlockDriverState *bs, void *dest, size_t dest_size,
const void *src, size_t src_size)
{
return qcow2_co_do_compress(bs, dest, dest_size, src, src_size,
qcow2_compress);
BDRVQcow2State *s = bs->opaque;
Qcow2CompressFunc fn;

switch (s->compression_type) {
case QCOW2_COMPRESSION_TYPE_ZLIB:
fn = qcow2_zlib_compress;
break;

#ifdef CONFIG_ZSTD
case QCOW2_COMPRESSION_TYPE_ZSTD:
fn = qcow2_zstd_compress;
break;
#endif
default:
abort();
}

return qcow2_co_do_compress(bs, dest, dest_size, src, src_size, fn);
}

/*
* qcow2_co_decompress()
*
* Decompress some data (not more than @src_size bytes) to produce exactly
* @dest_size bytes using the compression method defined by the image
* compression type
*
* @dest - destination buffer, @dest_size bytes
* @src - source buffer, @src_size bytes
*
* Returns: 0 on success
* a negative error code on failure
*/
ssize_t coroutine_fn
qcow2_co_decompress(BlockDriverState *bs, void *dest, size_t dest_size,
const void *src, size_t src_size)
{
return qcow2_co_do_compress(bs, dest, dest_size, src, src_size,
qcow2_decompress);
BDRVQcow2State *s = bs->opaque;
Qcow2CompressFunc fn;

switch (s->compression_type) {
case QCOW2_COMPRESSION_TYPE_ZLIB:
fn = qcow2_zlib_decompress;
break;

#ifdef CONFIG_ZSTD
case QCOW2_COMPRESSION_TYPE_ZSTD:
fn = qcow2_zstd_decompress;
break;
#endif
default:
abort();
}

return qcow2_co_do_compress(bs, dest, dest_size, src, src_size, fn);
}


Expand Down

0 comments on commit d8f9d57

Please sign in to comment.