From 4096974e1885913dfe2931863be47bd35b266521 Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Fri, 17 Nov 2017 10:47:47 -0600 Subject: qcow2: fix image corruption on commit with persistent bitmap If an image contains persistent bitmaps, we cannot use the fast path of bdrv_make_empty() to clear the image during qemu-img commit, because that will lose the clusters related to the bitmaps. Also leave a comment in qcow2_read_extensions to remind future feature additions to think about fast-path removal, since we just barely fixed the same bug for LUKS encryption. It's a pain that qemu-img has not yet been taught to manipulate, or even at a very minimum display, information about persistent bitmaps; instead, we have to use QMP commands. It's also a pain that only qeury-block and x-debug-block-dirty-bitmap-sha256 will allow bitmap introspection; but the former requires the node to be hooked to a block device, and the latter is experimental. Signed-off-by: Eric Blake Signed-off-by: Kevin Wolf --- block/qcow2.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'block/qcow2.c') diff --git a/block/qcow2.c b/block/qcow2.c index e9a86b7443..f2731a7cb5 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -376,6 +376,8 @@ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset, default: /* unknown magic - save it in case we need to rewrite the header */ + /* If you add a new feature, make sure to also update the fast + * path of qcow2_make_empty() to deal with it. */ { Qcow2UnknownHeaderExtension *uext; @@ -3600,15 +3602,16 @@ static int qcow2_make_empty(BlockDriverState *bs) l1_clusters = DIV_ROUND_UP(s->l1_size, s->cluster_size / sizeof(uint64_t)); - if (s->qcow_version >= 3 && !s->snapshots && + if (s->qcow_version >= 3 && !s->snapshots && !s->nb_bitmaps && 3 + l1_clusters <= s->refcount_block_size && s->crypt_method_header != QCOW_CRYPT_LUKS) { - /* The following function only works for qcow2 v3 images (it requires - * the dirty flag) and only as long as there are no snapshots (because - * it completely empties the image). Furthermore, the L1 table and three - * additional clusters (image header, refcount table, one refcount - * block) have to fit inside one refcount block. It cannot be used - * for LUKS (yet) as it throws away the LUKS header cluster(s) */ + /* The following function only works for qcow2 v3 images (it + * requires the dirty flag) and only as long as there are no + * features that reserve extra clusters (such as snapshots, + * LUKS header, or persistent bitmaps), because it completely + * empties the image. Furthermore, the L1 table and three + * additional clusters (image header, refcount table, one + * refcount block) have to fit inside one refcount block. */ return make_completely_empty(bs); } -- cgit v1.2.1