As can be seen in the final patch of this series, there are certain cases where the current repair implementation of qcow2 actually damages the image further because it allocates new clusters for the refcount structure which overlap with existing but according to the on-disk refcounts (which are assumed to be wrong to begin with) unallocated clusters.
This series fixes this by completely recreating the refcount structure based on the in-memory information calculated during the check operation if the possibility of damaging the image while repairing the refcount structures in-place exists. v5: - Added patch 1 which adds two helper variables to BDRVQcowState reflecting the number of entries per refcount block; in contrast to v4, we don't need to clamp the refcount order against sub-byte widths, because sub-byte widths are actually correct (that means, I dropped the MAX() around refcount_order - 3) - Patch 8 (prev. 7): - Use these new variables [Benoît] - Use a struct for rt_offset_and_clusters [Benoît] git-backport-diff against v4: Key: [----] : patches are identical [####] : number of functional differences between upstream/downstream patch [down] : patch is downstream-only The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively 001/11:[down] 'qcow2: Calculate refcount block entry count' 002/11:[----] [--] 'qcow2: Fix leaks in dirty images' 003/11:[----] [--] 'qcow2: Split qcow2_check_refcounts()' 004/11:[----] [--] 'qcow2: Pull check_refblocks() up' 005/11:[----] [--] 'qcow2: Reuse refcount table in calculate_refcounts()' 006/11:[----] [--] 'qcow2: Fix refcount blocks beyond image end' 007/11:[----] [--] 'qcow2: Do not perform potentially damaging repairs' 008/11:[0025] [FC] 'qcow2: Rebuild refcount structure during check' 009/11:[----] [--] 'qcow2: Clean up after refcount rebuild' 010/11:[----] [--] 'iotests: Fix test outputs' 011/11:[----] [-C] 'iotests: Add test for potentially damaging repairs' Max Reitz (11): qcow2: Calculate refcount block entry count qcow2: Fix leaks in dirty images qcow2: Split qcow2_check_refcounts() qcow2: Pull check_refblocks() up qcow2: Reuse refcount table in calculate_refcounts() qcow2: Fix refcount blocks beyond image end qcow2: Do not perform potentially damaging repairs qcow2: Rebuild refcount structure during check qcow2: Clean up after refcount rebuild iotests: Fix test outputs iotests: Add test for potentially damaging repairs block/qcow2-refcount.c | 677 ++++++++++++++++++++++++++++++++------------- block/qcow2.c | 4 +- block/qcow2.h | 2 + tests/qemu-iotests/039.out | 10 +- tests/qemu-iotests/060.out | 10 +- tests/qemu-iotests/061.out | 18 +- tests/qemu-iotests/104 | 141 ++++++++++ tests/qemu-iotests/104.out | 110 ++++++++ tests/qemu-iotests/group | 1 + 9 files changed, 767 insertions(+), 206 deletions(-) create mode 100755 tests/qemu-iotests/104 create mode 100644 tests/qemu-iotests/104.out -- 2.1.0
