[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 12/14] qcow2: Fix corruption after refblock allocati
From: |
Kevin Wolf |
Subject: |
[Qemu-devel] [PATCH 12/14] qcow2: Fix corruption after refblock allocation |
Date: |
Fri, 28 May 2010 18:46:11 +0200 |
Refblock allocation code needs to take into consideration that update_refcount
will load a different refcount block into the cache, so it must initialize the
cache for a new refcount block only afterwards. Not doing this means that not
only the refcount in the wrong block is updated, but also that the caller will
work on the wrong block.
Signed-off-by: Kevin Wolf <address@hidden>
---
block/qcow2-refcount.c | 11 +++++++++--
1 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index a7f295d..5b7cda4 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -221,8 +221,6 @@ static int64_t alloc_refcount_block(BlockDriverState *bs,
int64_t cluster_index)
/* Allocate the refcount block itself and mark it as used */
uint64_t new_block = alloc_clusters_noref(bs, s->cluster_size);
- memset(s->refcount_block_cache, 0, s->cluster_size);
- s->refcount_block_cache_offset = new_block;
#ifdef DEBUG_ALLOC2
fprintf(stderr, "qcow2: Allocate refcount block %d for %" PRIx64
@@ -231,6 +229,10 @@ static int64_t alloc_refcount_block(BlockDriverState *bs,
int64_t cluster_index)
#endif
if (in_same_refcount_block(s, new_block, cluster_index <<
s->cluster_bits)) {
+ /* Zero the new refcount block before updating it */
+ memset(s->refcount_block_cache, 0, s->cluster_size);
+ s->refcount_block_cache_offset = new_block;
+
/* The block describes itself, need to update the cache */
int block_index = (new_block >> s->cluster_bits) &
((1 << (s->cluster_bits - REFCOUNT_SHIFT)) - 1);
@@ -242,6 +244,11 @@ static int64_t alloc_refcount_block(BlockDriverState *bs,
int64_t cluster_index)
if (ret < 0) {
goto fail_block;
}
+
+ /* Initialize the new refcount block only after updating its refcount,
+ * update_refcount uses the refcount cache itself */
+ memset(s->refcount_block_cache, 0, s->cluster_size);
+ s->refcount_block_cache_offset = new_block;
}
/* Now the new refcount block needs to be written to disk */
--
1.6.6.1
- [Qemu-devel] [PATCH 02/14] qcow2: Fix error handling in l2_allocate, (continued)
- [Qemu-devel] [PATCH 02/14] qcow2: Fix error handling in l2_allocate, Kevin Wolf, 2010/05/28
- [Qemu-devel] [PATCH 03/14] block: Fix multiwrite with overlapping requests, Kevin Wolf, 2010/05/28
- [Qemu-devel] [PATCH 04/14] qemu-io: Add multiwrite command, Kevin Wolf, 2010/05/28
- [Qemu-devel] [PATCH 05/14] add support for protocol driver create_options, Kevin Wolf, 2010/05/28
- [Qemu-devel] [PATCH 06/14] drive: allow rerror, werror and readonly for if=none, Kevin Wolf, 2010/05/28
- [Qemu-devel] [PATCH 07/14] posix-aio-compat: Expand tabs that have crept in, Kevin Wolf, 2010/05/28
- [Qemu-devel] [PATCH 08/14] block.h: Make BDRV_SECTOR_SIZE 64 bit safe, Kevin Wolf, 2010/05/28
- [Qemu-devel] [PATCH 09/14] qcow2: Allow qcow2_get_cluster_offset to return errors, Kevin Wolf, 2010/05/28
- [Qemu-devel] [PATCH 10/14] qcow2: Change l2_load to return 0/-errno, Kevin Wolf, 2010/05/28
- [Qemu-devel] [PATCH 11/14] qcow2: Return right error code in write_refcount_block_entries, Kevin Wolf, 2010/05/28
- [Qemu-devel] [PATCH 12/14] qcow2: Fix corruption after refblock allocation,
Kevin Wolf <=
- [Qemu-devel] [PATCH 13/14] qcow2: Fix corruption after error in update_refcount, Kevin Wolf, 2010/05/28
- [Qemu-devel] [PATCH 14/14] block: Add missing bdrv_delete() for SG_IO BlockDriver in find_image_format(), Kevin Wolf, 2010/05/28
- [Qemu-devel] Re: [PULL 00/14] Block patches, Anthony Liguori, 2010/05/28