[Libguestfs] [PATCH nbdkit] cache, cow: Fix data corruption in zero and trim on unaligned tail

[Eric Blake]

On Wed, Aug 04, 2021 at 08:48:24PM +0100, Richard W.M. Jones wrote:
> Commit eb6009b092 ("cache, cow: Reduce use of bounce-buffer") first
> introduced in nbdkit 1.14 added an optimization of the
> read-modify-write mechanism used for unaligned heads and tails when
> zeroing in the cache layer.
> 
> Unfortunately the part applied to the tail contained a mistake: It
> zeroes the end of the buffer rather than the beginning.  This causes
> data corruption when you use the zero or trim function with an offset
> and count which is not aligned to the block size.

Ouch.  And I was copying from the blocksize filter, which did it
correctly.  Thanks so much for finding and fixing this.

> 
> We can demonstrate this by filling a buffer with data (100000 bytes in
> the example), and then trimming that data which ought to zero it all
> out but does not.
> 
> Before this commit:
> 
> $ nbdkit --filter=cow data "33 * 100000" --run 'nbdsh -u $uri -c "h.trim(100000, 0)" ; nbdcopy $uri - | hexdump -C'
> 00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> *
> 00018000  21 21 21 21 21 21 21 21  21 21 21 21 21 21 21 21  |!!!!!!!!!!!!!!!!|
> *
> 000186a0
> 
> After this commit:
> 
> $ ./nbdkit --filter=cow data "33 * 100000" --run 'nbdsh -u $uri -c "h.trim(100000, 0)" ; nbdcopy $uri - | hexdump -C'
> 00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> *
> 000186a0
> 
> Fixes: commit eb6009b092ae642ed25f133d487dd40ef7bf70f8
> Thanks: Ming Xie for originally finding the bug
> ---
>  filters/cache/cache.c | 2 +-
>  filters/cow/cow.c     | 4 ++--
>  2 files changed, 3 insertions(+), 3 deletions(-)

Ack.  And yes, we'll have to backport this to quite a few places.
I'll get started on that, to get more experience on doing Fedora
releases.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org