[v4,08/26] qcow2: Refcount overflow and qcow2_alloc_bytes()

Message ID	1417613866-25890-9-git-send-email-mreitz@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Max Reitz <mreitz@redhat.com> To: qemu-devel@nongnu.org Date: Wed, 3 Dec 2014 14:37:28 +0100 Message-Id: <1417613866-25890-9-git-send-email-mreitz@redhat.com> In-Reply-To: <1417613866-25890-1-git-send-email-mreitz@redhat.com> References: <1417613866-25890-1-git-send-email-mreitz@redhat.com> Cc: Kevin Wolf <kwolf@redhat.com>, Stefan Hajnoczi <stefanha@redhat.com>, Max Reitz <mreitz@redhat.com> Subject: [Qemu-devel] [PATCH v4 08/26] qcow2: Refcount overflow and qcow2_alloc_bytes() Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

1417613866-25890-9-git-send-email-mreitz@redhat.com

State

New

Headers

From: Max Reitz <mreitz@redhat.com>
To: qemu-devel@nongnu.org
Date: Wed,  3 Dec 2014 14:37:28 +0100
Message-Id: <1417613866-25890-9-git-send-email-mreitz@redhat.com>
In-Reply-To: <1417613866-25890-1-git-send-email-mreitz@redhat.com>
References: <1417613866-25890-1-git-send-email-mreitz@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>, Stefan Hajnoczi <stefanha@redhat.com>,
	Max Reitz <mreitz@redhat.com>
Subject: [Qemu-devel] [PATCH v4 08/26] qcow2: Refcount overflow and
	qcow2_alloc_bytes()
Precedence: list
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Max Reitz Dec. 3, 2014, 1:37 p.m. UTC

qcow2_alloc_bytes() may reuse a cluster multiple times, in which case
the refcount is increased accordingly. However, if this would lead to an
overflow the function should instead just not reuse this cluster and
allocate a new one.

Signed-off-by: Max Reitz <mreitz@redhat.com>
---
 block/qcow2-refcount.c | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

Comments

Eric Blake Dec. 3, 2014, 5:41 p.m. UTC | #1

On 12/03/2014 06:37 AM, Max Reitz wrote:
> qcow2_alloc_bytes() may reuse a cluster multiple times, in which case
> the refcount is increased accordingly. However, if this would lead to an
> overflow the function should instead just not reuse this cluster and
> allocate a new one.
> 
> Signed-off-by: Max Reitz <mreitz@redhat.com>
> ---
>  block/qcow2-refcount.c | 31 ++++++++++++++++++++++++++++++-
>  1 file changed, 30 insertions(+), 1 deletion(-)
> 

Reviewed-by: Eric Blake <eblake@redhat.com>

Stefan Hajnoczi Dec. 11, 2014, 11:12 a.m. UTC | #2

On Wed, Dec 03, 2014 at 02:37:28PM +0100, Max Reitz wrote:
> qcow2_alloc_bytes() may reuse a cluster multiple times, in which case
> the refcount is increased accordingly. However, if this would lead to an
> overflow the function should instead just not reuse this cluster and
> allocate a new one.
> 
> Signed-off-by: Max Reitz <mreitz@redhat.com>
> ---
>  block/qcow2-refcount.c | 31 ++++++++++++++++++++++++++++++-
>  1 file changed, 30 insertions(+), 1 deletion(-)

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>

diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 6166f7d..152ca22 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -780,9 +780,11 @@  int64_t qcow2_alloc_bytes(BlockDriverState *bs, int size)
     BDRVQcowState *s = bs->opaque;
     int64_t offset, cluster_offset, new_cluster;
     int free_in_cluster, ret;
+    uint64_t refcount;
 
     BLKDBG_EVENT(bs->file, BLKDBG_CLUSTER_ALLOC_BYTES);
     assert(size > 0 && size <= s->cluster_size);
+ redo:
     if (s->free_byte_offset == 0) {
         offset = qcow2_alloc_clusters(bs, s->cluster_size);
         if (offset < 0) {
@@ -790,12 +792,25 @@  int64_t qcow2_alloc_bytes(BlockDriverState *bs, int size)
         }
         s->free_byte_offset = offset;
     }
- redo:
+
     free_in_cluster = s->cluster_size -
         offset_into_cluster(s, s->free_byte_offset);
     if (size <= free_in_cluster) {
         /* enough space in current cluster */
         offset = s->free_byte_offset;
+
+        if (offset_into_cluster(s, offset) != 0) {
+            /* We will have to increase the refcount of this cluster; if the
+             * maximum has been reached already, this cluster cannot be used */
+            ret = qcow2_get_refcount(bs, offset >> s->cluster_bits, &refcount);
+            if (ret < 0) {
+                return ret;
+            } else if (refcount == s->refcount_max) {
+                s->free_byte_offset = 0;
+                goto redo;
+            }
+        }
+
         s->free_byte_offset += size;
         free_in_cluster -= size;
         if (free_in_cluster == 0)
@@ -816,6 +831,20 @@  int64_t qcow2_alloc_bytes(BlockDriverState *bs, int size)
         if ((cluster_offset + s->cluster_size) == new_cluster) {
             /* we are lucky: contiguous data */
             offset = s->free_byte_offset;
+
+            /* Same as above: In order to reuse the cluster, the refcount has to
+             * be increased; if that will not work, we are not so lucky after
+             * all */
+            ret = qcow2_get_refcount(bs, offset >> s->cluster_bits, &refcount);
+            if (ret < 0) {
+                qcow2_free_clusters(bs, new_cluster, s->cluster_size,
+                                    QCOW2_DISCARD_NEVER);
+                return ret;
+            } else if (refcount == s->refcount_max) {
+                s->free_byte_offset = offset;
+                goto redo;
+            }
+
             ret = qcow2_update_cluster_refcount(bs, offset >> s->cluster_bits,
                                                 1, false, QCOW2_DISCARD_NEVER);
             if (ret < 0) {

[v4,08/26] qcow2: Refcount overflow and qcow2_alloc_bytes()

Commit Message

Comments

Patch