Currently cache=unsafe is unsafe to the point of unusability - the
caches are never written to disk except on exit so anything except
an orderly exit -- including live migration -- leaves the disk image
corrupted.
Fix by interpreting flush requests and doing everything except flushing
the underlying file. The contents of the metadata cache are transferred
to the host pagecache, so that qemu aborts keep the disk in a consistent
state, and live migration (on the same host, or if using a coherent
filesystem) works.
Signed-off-by: Avi Kivity <a...@redhat.com>
---
Untested - is this the right approach?
block/qcow2.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/block/qcow2.c b/block/qcow2.c
index bfff6cd..7ecd096 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -275,6 +275,13 @@ static int qcow2_open(BlockDriverState *bs, int flags)
ret = -EINVAL;
goto fail;
}
+ /*
+ * Request flush callbask so that we can write metadata to the host
+ * pagecache. Flushes to bs->file will still be ignored. This keeps
+ * metadata consistent in host pagecache, so we're safe wrt unexpected
+ * exits, but avoids slow disk flushes (and is vulnerable to host crashes)
+ */
+ bs->open_flags &= ~BDRV_O_NO_FLUSH;
/* Initialise locks */
qemu_co_mutex_init(&s->lock);
--
1.7.6.1
