From patchwork Fri Nov 22 16:05:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kevin Wolf X-Patchwork-Id: 11258139 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4D143913 for ; Fri, 22 Nov 2019 16:13:49 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D564F20721 for ; Fri, 22 Nov 2019 16:13:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="eESFS+uB" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D564F20721 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:52642 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iYBZ5-000114-EO for patchwork-qemu-devel@patchwork.kernel.org; Fri, 22 Nov 2019 11:13:47 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:47854) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iYBR8-0000Ou-Gc for qemu-devel@nongnu.org; Fri, 22 Nov 2019 11:05:35 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iYBR7-0002r4-A2 for qemu-devel@nongnu.org; Fri, 22 Nov 2019 11:05:34 -0500 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:41609 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iYBR7-0002op-3e for qemu-devel@nongnu.org; Fri, 22 Nov 2019 11:05:33 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1574438732; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2/6lgTvhUffQT9Ya7xc06OJxjRNaeStSgj7a61gvGUo=; b=eESFS+uBXQV3Met9XOZrGNoIpOY1MbQlbXKdB5t+lwJpEUTwZzusMzmMAD/nhXsYC60v7R KeSb0jk5ZpAu5B2WubqJTh/he3zqQWFukkCylz6hO8yXK7Ug+5hl1DQXGVs1OtflF4ByWX v6AhA4TjmnoIXRHIw1SSOrlOqXcLGW8= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-378-pc2zqUFHO6un948GWoxDVw-1; Fri, 22 Nov 2019 11:05:29 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 67691107ACC5; Fri, 22 Nov 2019 16:05:28 +0000 (UTC) Received: from linux.fritz.box.com (ovpn-117-252.ams2.redhat.com [10.36.117.252]) by smtp.corp.redhat.com (Postfix) with ESMTP id B2B0810372C3; Fri, 22 Nov 2019 16:05:26 +0000 (UTC) From: Kevin Wolf To: qemu-block@nongnu.org Subject: [PATCH v3 4/8] block: truncate: Don't make backing file data visible Date: Fri, 22 Nov 2019 17:05:07 +0100 Message-Id: <20191122160511.8377-5-kwolf@redhat.com> In-Reply-To: <20191122160511.8377-1-kwolf@redhat.com> References: <20191122160511.8377-1-kwolf@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-MC-Unique: pc2zqUFHO6un948GWoxDVw-1 X-Mimecast-Spam-Score: 0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 205.139.110.120 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kwolf@redhat.com, vsementsov@virtuozzo.com, qemu-devel@nongnu.org, mreitz@redhat.com, stefanha@redhat.com Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" When extending the size of an image that has a backing file larger than its old size, make sure that the backing file data doesn't become visible in the guest, but the added area is properly zeroed out. Consider the following scenario where the overlay is shorter than its backing file: base.qcow2: AAAAAAAA overlay.qcow2: BBBB When resizing (extending) overlay.qcow2, the new blocks should not stay unallocated and make the additional As from base.qcow2 visible like before this patch, but zeros should be read. A similar case happens with the various variants of a commit job when an intermediate file is short (- for unallocated): base.qcow2: A-A-AAAA mid.qcow2: BB-B top.qcow2: C--C--C- After commit top.qcow2 to mid.qcow2, the following happens: mid.qcow2: CB-C00C0 (correct result) mid.qcow2: CB-C--C- (before this fix) Without the fix, blocks that previously read as zeros on top.qcow2 suddenly turn into A. Signed-off-by: Kevin Wolf Reviewed-by: Eric Blake Reviewed-by: Max Reitz --- block/io.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/block/io.c b/block/io.c index 42e7558954..61a63d9dc2 100644 --- a/block/io.c +++ b/block/io.c @@ -3392,12 +3392,45 @@ int coroutine_fn bdrv_co_truncate(BdrvChild *child, int64_t offset, bool exact, ret = refresh_total_sectors(bs, offset >> BDRV_SECTOR_BITS); if (ret < 0) { error_setg_errno(errp, -ret, "Could not refresh total sector count"); + goto fail_refresh_total_sectors; } else { offset = bs->total_sectors * BDRV_SECTOR_SIZE; } + + /* + * If the image has a backing file that is large enough that it would + * provide data for the new area, we cannot leave it unallocated because + * then the backing file content would become visible. Instead, zero-fill + * the area where backing file and new area overlap. + * + * Note that if the image has a backing file, but was opened without the + * backing file, taking care of keeping things consistent with that backing + * file is the user's responsibility. + */ + if (new_bytes && bs->backing && prealloc == PREALLOC_MODE_OFF) { + int64_t backing_len; + + backing_len = bdrv_getlength(backing_bs(bs)); + if (backing_len < 0) { + ret = backing_len; + goto fail_refresh_total_sectors; + } + + if (backing_len > old_size) { + ret = bdrv_co_do_pwrite_zeroes( + bs, old_size, MIN(new_bytes, backing_len - old_size), + BDRV_REQ_ZERO_WRITE | BDRV_REQ_MAY_UNMAP | + (no_fallback ? BDRV_REQ_NO_FALLBACK : 0)); + if (ret < 0) { + goto fail_refresh_total_sectors; + } + } + } + /* It's possible that truncation succeeded but refresh_total_sectors * failed, but the latter doesn't affect how we should finish the request. * Pass 0 as the last parameter so that dirty bitmaps etc. are handled. */ +fail_refresh_total_sectors: bdrv_co_write_req_finish(child, offset - new_bytes, new_bytes, &req, 0); out: