On 08/27/2015 01:45 AM, Vladimir Sementsov-Ogievskiy wrote:
> On 09.06.2015 18:50, Stefan Hajnoczi wrote:
>> On Mon, Jun 08, 2015 at 06:21:24PM +0300, Vladimir Sementsov-Ogievskiy
>> wrote:
>>> diff --git a/block/qcow2.c b/block/qcow2.c
>>> index 406e55d..f85a55a 100644
>>> --- a/block/qcow2.c
>>> +++ b/block/qcow2.c
>>> @@ -182,6 +182,14 @@ static int
>>> qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
>>> return ret;
>>> }
>>> + if (!(s->autoclear_features &
>>> QCOW2_AUTOCLEAR_DIRTY_BITMAPS) &&
>>> + s->nb_dirty_bitmaps > 0) {
>>> + ret = qcow2_delete_all_dirty_bitmaps(bs, errp);
>>> + if (ret < 0) {
>>> + return ret;
>>> + }
>>> + }
>>> +
>> What if the file is read-only?
>>
>> We shouldn't modify the file in qcow2_read_extensions().
> But where? In qcow2_open? Or nowhere? I think auto clear extensions
> should be cleared automatically..Autoclear bits should be cleared ONLY when opening a file for writing, and ONLY if the version of qemu[-img] opening the file does not recognize what the bit controls (or if it does recognize the bit, but is about to perform a semantic action that violates what the bit represents). We should already be clearing all unrecognized autoclear bits upon opening a file for writing (if not, that's a bug in the current implementation), when executing older qemu[-img]. And after your patch series, we know how to handle dirty bitmaps, so the dirty bitmap autoclear bit should no longer be cleared automatically (it is no longer in the mask of unrecognized autoclear bits). So all we have to do now that we are new-enough qemu[-img] is: 1. be sure to set the autoclear bit any time we write a dirty bitmap (the image can no longer be safely written by an older qemu[-img], because those older executables don't know how to interpret the dirty bitmap extension header and might try to overwrite a cluster that we have tied up in a dirty bitmap) 2. clear the bit if we are removing the last dirty bitmap from an image (optimization that is not strictly necessary; but lets older qemu[-img] once again be able to write to the file without the risk of corrupting it) 3. add in error reporting in case the autoclear bit is clear but the dirty bitmap header extension is present with a non-zero number of bitmaps (the autoclear bit served its purpose: an older qemu[-img] has opened the file for writing since new qemu last handled it, and may have broken our bitmaps) Since opening a file read-only cannot (further) corrupt the image, it also does not need to clear any autoclear bits. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
