[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v9 14/34] qcow2: Add QCow2SubclusterType and qcow2_get_subclu
|
From: |
Max Reitz |
|
Subject: |
Re: [PATCH v9 14/34] qcow2: Add QCow2SubclusterType and qcow2_get_subcluster_type() |
|
Date: |
Wed, 1 Jul 2020 14:52:14 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 |
On 28.06.20 13:02, Alberto Garcia wrote:
> This patch adds QCow2SubclusterType, which is the subcluster-level
> version of QCow2ClusterType. All QCOW2_SUBCLUSTER_* values have the
> the same meaning as their QCOW2_CLUSTER_* equivalents (when they
> exist). See below for details and caveats.
>
> In images without extended L2 entries clusters are treated as having
> exactly one subcluster so it is possible to replace one data type with
> the other while keeping the exact same semantics.
>
> With extended L2 entries there are new possible values, and every
> subcluster in the same cluster can obviously have a different
> QCow2SubclusterType so functions need to be adapted to work on the
> subcluster level.
>
> There are several things that have to be taken into account:
>
> a) QCOW2_SUBCLUSTER_COMPRESSED means that the whole cluster is
> compressed. We do not support compression at the subcluster
> level.
>
> b) There are two different values for unallocated subclusters:
> QCOW2_SUBCLUSTER_UNALLOCATED_PLAIN which means that the whole
> cluster is unallocated, and QCOW2_SUBCLUSTER_UNALLOCATED_ALLOC
> which means that the cluster is allocated but the subcluster is
> not. The latter can only happen in images with extended L2
> entries.
>
> c) QCOW2_SUBCLUSTER_INVALID is used to detect the cases where an L2
> entry has a value that violates the specification. The caller is
> responsible for handling these situations.
>
> To prevent compatibility problems with images that have invalid
> values but are currently being read by QEMU without causing side
> effects, QCOW2_SUBCLUSTER_INVALID is only returned for images
> with extended L2 entries.
>
> qcow2_cluster_to_subcluster_type() is added as a separate function
> from qcow2_get_subcluster_type(), but this is only temporary and both
> will be merged in a subsequent patch.
>
> Signed-off-by: Alberto Garcia <berto@igalia.com>
> Reviewed-by: Eric Blake <eblake@redhat.com>
> ---
> block/qcow2.h | 126 +++++++++++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 125 insertions(+), 1 deletion(-)
>
> diff --git a/block/qcow2.h b/block/qcow2.h
> index 82b86f6cec..3aec6f452a 100644
> --- a/block/qcow2.h
> +++ b/block/qcow2.h
[...]
> @@ -634,9 +686,11 @@ static inline int64_t
> qcow2_vm_state_offset(BDRVQcow2State *s)
> static inline QCow2ClusterType qcow2_get_cluster_type(BlockDriverState *bs,
> uint64_t l2_entry)
> {
> + BDRVQcow2State *s = bs->opaque;
> +
> if (l2_entry & QCOW_OFLAG_COMPRESSED) {
> return QCOW2_CLUSTER_COMPRESSED;
> - } else if (l2_entry & QCOW_OFLAG_ZERO) {
> + } else if ((l2_entry & QCOW_OFLAG_ZERO) && !has_subclusters(s)) {
OK, so now qcow2_get_cluster_type() reports zero clusters to be normal
or unallocated clusters when there are subclusters. Seems weird to me,
because zero clusters are invalid clusters then. I preferred just
reporting them as zero clusters and letting the caller deal with it,
because it does mean an error in the image and so it should be reported.
So...
> if (l2_entry & L2E_OFFSET_MASK) {
> return QCOW2_CLUSTER_ZERO_ALLOC;
> }
[...]
> +/*
> + * In an image without subsclusters @l2_bitmap is ignored and
> + * @sc_index must be 0.
> + * Return QCOW2_SUBCLUSTER_INVALID if an invalid l2 entry is detected
> + * (this checks the whole entry and bitmap, not only the bits related
> + * to subcluster @sc_index).
> + */
> +static inline
> +QCow2SubclusterType qcow2_get_subcluster_type(BlockDriverState *bs,
> + uint64_t l2_entry,
> + uint64_t l2_bitmap,
> + unsigned sc_index)
> +{
> + BDRVQcow2State *s = bs->opaque;
> + QCow2ClusterType type = qcow2_get_cluster_type(bs, l2_entry);
> + assert(sc_index < s->subclusters_per_cluster);
> +
> + if (has_subclusters(s)) {
> + switch (type) {
> + case QCOW2_CLUSTER_COMPRESSED:
> + return QCOW2_SUBCLUSTER_COMPRESSED;
> + case QCOW2_CLUSTER_NORMAL:
> + if ((l2_bitmap >> 32) & l2_bitmap) {
> + return QCOW2_SUBCLUSTER_INVALID;
> + } else if (l2_bitmap & QCOW_OFLAG_SUB_ZERO(sc_index)) {
> + return QCOW2_SUBCLUSTER_ZERO_ALLOC;
> + } else if (l2_bitmap & QCOW_OFLAG_SUB_ALLOC(sc_index)) {
> + return QCOW2_SUBCLUSTER_NORMAL;
> + } else {
> + return QCOW2_SUBCLUSTER_UNALLOCATED_ALLOC;
> + }
> + case QCOW2_CLUSTER_UNALLOCATED:
> + if (l2_bitmap & QCOW_L2_BITMAP_ALL_ALLOC) {
> + return QCOW2_SUBCLUSTER_INVALID;
> + } else if (l2_bitmap & QCOW_OFLAG_SUB_ZERO(sc_index)) {
> + return QCOW2_SUBCLUSTER_ZERO_PLAIN;
> + } else {
> + return QCOW2_SUBCLUSTER_UNALLOCATED_PLAIN;
> + }
...consequentially, this function no longer reports clusters which have
the zero flag set as invalid (which it did in v4, when I last looked at it).
I see this was a conscious choice of yours in v5. I don’t really see
the justification for it, though. As far as I can understand, you seem
to argue that no corruption detection is better than incomplete
corruption detection, and that a complete and thorough detection would
warrant its own series, do I understand that correctly?
Max
> + default:
> + g_assert_not_reached();
> + }
> + } else {
> + return qcow2_cluster_to_subcluster_type(type);
> + }
> +}
> +
> /* Check whether refcounts are eager or lazy */
> static inline bool qcow2_need_accurate_refcounts(BDRVQcow2State *s)
> {
>
signature.asc
Description: OpenPGP digital signature
- Re: [PATCH v9 14/34] qcow2: Add QCow2SubclusterType and qcow2_get_subcluster_type(),
Max Reitz <=