Re: [Qemu-devel] [PATCH] block: Flush image after open

From: Avi Kivity
Subject: Re: [Qemu-devel] [PATCH] block: Flush image after open
Date: Mon, 21 Mar 2011 15:21:52 +0200
On 03/21/2011 03:02 PM, Kevin Wolf wrote:
Am 21.03.2011 13:23, schrieb Avi Kivity:
>  On 03/09/2011 07:38 PM, Anthony Liguori wrote:
>>  On 03/09/2011 11:27 AM, Christoph Hellwig wrote:
>>>  On Wed, Mar 09, 2011 at 05:15:53PM +0100, Kevin Wolf wrote:
>>>>  Quoting the bug report:
>>>>       qemu ensures that guest writes and qemu metadata writes hit the
>>>>  disk
>>>>       when necessary to prevent data corruption. However, if an image
>>>>  was
>>>>       in host pagecache prior to starting qemu, for example after
>>>>  running
>>>>       qemu-img convert, then nothing prevents writes from reaching the
>>>>       disk out of order, potentially causing corruption.
>>>>  I'm not entirely sure if there is a realistic case where we would get
>>>>  corruption, but it's probably a case of better safe than sorry.
>>>  Except for SCSI with ordered tags (which we don't support) there are not
>>>  ordering guarantees in the storage protocols, and as such the above
>>>  explanation
>>>  doesn't make any sense at all.
>>  Even if there was, a guest shouldn't be relying on the ordering of a
>>  write that comes from a non-guest.
>>  I don't understand the failure scenario here.
>     $ cp x.img y.img
>     $ qemu -drive file=y.img,cache=writeback
>  <read something from disk, send it over the network>
>  <no guest flushes>
>  <host crash>
>  The guest may expect that any or none of its writes hit the disk, but
>  that anything that it read from the disk, stays there.

Is it true for real hardware? Consider a reboot, you could still have
some data in a volatile disk write cache if the OS that ran before the
reboot hasn't flushed it.

That's if RESET doesn't flush the cache. It's probably false for fc or iscsi, but possibly true for IDE.

But it can't happen for a single-boot host, or a dual boot host with no shared partitions.

