[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v5 7/9] block: truncate: Don't make backing file data visible
|
From: |
Max Reitz |
|
Subject: |
Re: [PATCH v5 7/9] block: truncate: Don't make backing file data visible |
|
Date: |
Thu, 23 Apr 2020 13:14:56 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 |
On 22.04.20 17:21, Kevin Wolf wrote:
> When extending the size of an image that has a backing file larger than
> its old size, make sure that the backing file data doesn't become
> visible in the guest, but the added area is properly zeroed out.
>
> Consider the following scenario where the overlay is shorter than its
> backing file:
>
> base.qcow2: AAAAAAAA
> overlay.qcow2: BBBB
>
> When resizing (extending) overlay.qcow2, the new blocks should not stay
> unallocated and make the additional As from base.qcow2 visible like
> before this patch, but zeros should be read.
>
> A similar case happens with the various variants of a commit job when an
> intermediate file is short (- for unallocated):
>
> base.qcow2: A-A-AAAA
> mid.qcow2: BB-B
> top.qcow2: C--C--C-
>
> After commit top.qcow2 to mid.qcow2, the following happens:
>
> mid.qcow2: CB-C00C0 (correct result)
> mid.qcow2: CB-C--C- (before this fix)
>
> Without the fix, blocks that previously read as zeros on top.qcow2
> suddenly turn into A.
>
> Signed-off-by: Kevin Wolf <address@hidden>
> Reviewed-by: Alberto Garcia <address@hidden>
> ---
> block/io.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/block/io.c b/block/io.c
> index 795075954e..8fbb607515 100644
> --- a/block/io.c
> +++ b/block/io.c
> @@ -3394,6 +3394,20 @@ int coroutine_fn bdrv_co_truncate(BdrvChild *child,
> int64_t offset, bool exact,
> goto out;
> }
>
> + /*
> + * If the image has a backing file that is large enough that it would
> + * provide data for the new area, we cannot leave it unallocated because
> + * then the backing file content would become visible. Instead, zero-fill
> + * the new area.
> + *
> + * Note that if the image has a backing file, but was opened without the
> + * backing file, taking care of keeping things consistent with that
> backing
> + * file is the user's responsibility.
> + */
> + if (new_bytes && bs->backing) {
> + flags |= BDRV_REQ_ZERO_WRITE;
> + }
This breaks growing any non-qcow2 image with any backing file. Do we
care about that?
The comment says something about “a backing file that is large enough
that it would provide data for the new area”, but that condition doesn’t
appear in the code. Should it? (If it did, I think the number of cases
this change broke would be much smaller.)
If it was deliberate to not have that condition here, and if we decide
that we don’t care about non-qcow2 formats here, then I think at least
the error message deserves some improvement over “qemu-img: Block driver
does not support requested flags”.
Max
signature.asc
Description: OpenPGP digital signature
- [PATCH v5 6/9] file-posix: Support BDRV_REQ_ZERO_WRITE for truncate, (continued)
- [PATCH v5 6/9] file-posix: Support BDRV_REQ_ZERO_WRITE for truncate, Kevin Wolf, 2020/04/22
- [PATCH v5 8/9] iotests: Filter testfiles out in filter_img_info(), Kevin Wolf, 2020/04/22
- [PATCH v5 5/9] raw-format: Support BDRV_REQ_ZERO_WRITE for truncate, Kevin Wolf, 2020/04/22
- [PATCH v5 9/9] iotests: Test committing to short backing file, Kevin Wolf, 2020/04/22
- [PATCH v5 7/9] block: truncate: Don't make backing file data visible, Kevin Wolf, 2020/04/22
- Re: [PATCH v5 7/9] block: truncate: Don't make backing file data visible,
Max Reitz <=