Patchwork [2/4] qcow2: Move sync out of update_refcount

login
register
mail settings
Submitter Kevin Wolf
Date Sept. 17, 2010, 4:18 p.m.
Message ID <1284740318-20838-3-git-send-email-kwolf@redhat.com>
Download mbox | patch
Permalink /patch/65091/
State New
Headers show

Comments

Kevin Wolf - Sept. 17, 2010, 4:18 p.m.
Note that the flush is omitted intentionally in qcow2_free_clusters. If
anything, we can leak clusters here if we lose the writes.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 block/qcow2-refcount.c |   13 +++++++++++--
 1 files changed, 11 insertions(+), 2 deletions(-)
Anthony Liguori - Sept. 17, 2010, 5:06 p.m.
On 09/17/2010 11:18 AM, Kevin Wolf wrote:
> Note that the flush is omitted intentionally in qcow2_free_clusters. If
> anything, we can leak clusters here if we lose the writes.
>
> Signed-off-by: Kevin Wolf<kwolf@redhat.com>
>    

Cluster leaking gets picked up by bdrv_check though, right?

I think I've convinced myself that leaking clusters is not an acceptable 
behavior from a security perspective but as long as it's detectable via 
bdrv_check, qcow2 could implement an online check to address it.

Regards,

Anthony Liguori

> ---
>   block/qcow2-refcount.c |   13 +++++++++++--
>   1 files changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
> index 7dc75d1..4fc3f80 100644
> --- a/block/qcow2-refcount.c
> +++ b/block/qcow2-refcount.c
> @@ -261,6 +261,8 @@ static int64_t alloc_refcount_block(BlockDriverState *bs, int64_t cluster_index)
>               goto fail_block;
>           }
>
> +        bdrv_flush(bs->file);
> +
>           /* Initialize the new refcount block only after updating its refcount,
>            * update_refcount uses the refcount cache itself */
>           memset(s->refcount_block_cache, 0, s->cluster_size);
> @@ -551,8 +553,6 @@ fail:
>           dummy = update_refcount(bs, offset, cluster_offset - offset, -addend);
>       }
>
> -    bdrv_flush(bs->file);
> -
>       return ret;
>   }
>
> @@ -575,6 +575,8 @@ static int update_cluster_refcount(BlockDriverState *bs,
>           return ret;
>       }
>
> +    bdrv_flush(bs->file);
> +
>       return get_refcount(bs, cluster_index);
>   }
>
> @@ -626,6 +628,9 @@ int64_t qcow2_alloc_clusters(BlockDriverState *bs, int64_t size)
>       if (ret<  0) {
>           return ret;
>       }
> +
> +    bdrv_flush(bs->file);
> +
>       return offset;
>   }
>
> @@ -803,6 +808,10 @@ int qcow2_update_snapshot_refcount(BlockDriverState *bs,
>                               if (ret<  0) {
>                                   goto fail;
>                               }
> +
> +                            /* TODO Flushing once for the whole function should
> +                             * be enough */
> +                            bdrv_flush(bs->file);
>                           }
>                           /* compressed clusters are never modified */
>                           refcount = 2;
>
Kevin Wolf - Sept. 17, 2010, 5:19 p.m.
Am 17.09.2010 19:06, schrieb Anthony Liguori:
> On 09/17/2010 11:18 AM, Kevin Wolf wrote:
>> Note that the flush is omitted intentionally in qcow2_free_clusters. If
>> anything, we can leak clusters here if we lose the writes.
>>
>> Signed-off-by: Kevin Wolf<kwolf@redhat.com>
>>    
> 
> Cluster leaking gets picked up by bdrv_check though, right?
> 
> I think I've convinced myself that leaking clusters is not an acceptable 
> behavior from a security perspective but as long as it's detectable via 
> bdrv_check, qcow2 could implement an online check to address it.

Leaking clusters on crashes is unavoidable. But yes, qemu-img check does
detect this.

Kevin

Patch

diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 7dc75d1..4fc3f80 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -261,6 +261,8 @@  static int64_t alloc_refcount_block(BlockDriverState *bs, int64_t cluster_index)
             goto fail_block;
         }
 
+        bdrv_flush(bs->file);
+
         /* Initialize the new refcount block only after updating its refcount,
          * update_refcount uses the refcount cache itself */
         memset(s->refcount_block_cache, 0, s->cluster_size);
@@ -551,8 +553,6 @@  fail:
         dummy = update_refcount(bs, offset, cluster_offset - offset, -addend);
     }
 
-    bdrv_flush(bs->file);
-
     return ret;
 }
 
@@ -575,6 +575,8 @@  static int update_cluster_refcount(BlockDriverState *bs,
         return ret;
     }
 
+    bdrv_flush(bs->file);
+
     return get_refcount(bs, cluster_index);
 }
 
@@ -626,6 +628,9 @@  int64_t qcow2_alloc_clusters(BlockDriverState *bs, int64_t size)
     if (ret < 0) {
         return ret;
     }
+
+    bdrv_flush(bs->file);
+
     return offset;
 }
 
@@ -803,6 +808,10 @@  int qcow2_update_snapshot_refcount(BlockDriverState *bs,
                             if (ret < 0) {
                                 goto fail;
                             }
+
+                            /* TODO Flushing once for the whole function should
+                             * be enough */
+                            bdrv_flush(bs->file);
                         }
                         /* compressed clusters are never modified */
                         refcount = 2;