aboutsummaryrefslogtreecommitdiff
path: root/block/qcow2-refcount.c
AgeCommit message (Collapse)Author
2010-06-22qcow2: Don't try to check tables that couldn't be loadedKevin Wolf
Trying to check them leads to a second error message which is more confusing than helpful: Can't get refcount for cluster 0: Invalid argument ERROR cluster 0 refcount=-22 reference=1 Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-06-22qcow2: Fix qemu-img check segfault on corrupted imagesKevin Wolf
With corrupted images, we can easily get an cluster index that exceeds the array size of the temporary refcount table. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-06-22qcow2: Use bdrv_(p)write_sync for metadata writesKevin Wolf
Use bdrv_(p)write_sync to ensure metadata integrity in case of a crash. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-06-15qcow2: Return real error code in load_refcount_blockKevin Wolf
This fixes load_refcount_block which completely ignored the return value of write_refcount_block and always returned -EIO for bdrv_pwrite failure. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-06-15qcow2: Allow alloc_clusters_noref to return errorsKevin Wolf
Currently it would consider blocks for which get_refcount fails used. However, it's unlikely that get_refcount would succeed for the next cluster, so it's not really helpful. Return an error instead. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-06-15qcow2: Allow get_refcount to return errorsKevin Wolf
get_refcount might need to load a refcount block from disk, so errors may happen. Return the error code instead of assuming a refcount of 1 and change the callers to respect error return values. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-28qcow2: Fix corruption after error in update_refcountKevin Wolf
After it is done with updating refcounts in the cache, update_refcount writes all changed entries to disk. If a refcount block allocation fails, however, there was no change yet and therefore first_index = last_index = -1. Don't treat -1 as a normal sector index (resulting in a 512 byte write!) but return without updating anything in this case. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-28qcow2: Fix corruption after refblock allocationKevin Wolf
Refblock allocation code needs to take into consideration that update_refcount will load a different refcount block into the cache, so it must initialize the cache for a new refcount block only afterwards. Not doing this means that not only the refcount in the wrong block is updated, but also that the caller will work on the wrong block. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-28qcow2: Return right error code in write_refcount_block_entriesKevin Wolf
write_refcount_block_entries used to return -EIO for any errors. Change this to return the real error code. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-03qcow2: Remove abort on free_clusters failureKevin Wolf
While it's true that during regular operation free_clusters failure would be a bug, an I/O error can always happen. There's no need to kill the VM, the worst thing that can happen (and it will) is that we leak some clusters. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-03qcow2: Avoid shadowing variable in alloc_clusters_noref()Stefan Hajnoczi
The i loop iterator is shadowed by the next free cluster index. Both using the variable name 'i' makes the code harder to read. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-03block: Open the underlying image file in generic codeKevin Wolf
Format drivers shouldn't need to bother with things like file names, but rather just get an open BlockDriverState for the underlying protocol. This patch introduces this behaviour for bdrv_open implementation. For protocols which need to access the filename to open their file/device/connection/... a new callback bdrv_file_open is introduced which doesn't get an underlying file opened. For now, also some of the more obscure formats use bdrv_file_open because they open() the file themselves instead of using the block.c functions. They need to be fixed in later patches. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-04-23qcow2: Trigger blkdebug eventsKevin Wolf
This adds blkdebug events to qcow2 to allow injecting I/O errors in specific places. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-02-23qcow2: More checks for qemu-img checkKevin Wolf
Implement some more refcount block related checks Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-02-23qcow2: Rewrite alloc_refcount_block/grow_refcount_tableKevin Wolf
The current implementation of alloc_refcount_block and grow_refcount_table has fundamental problems regarding error handling. There are some places where an I/O error means that the image is going to be corrupted. I have found that the only way to fix this is to completely rewrite the thing. In detail, the problem is that the refcount blocks itself are allocated using alloc_refcount_noref (to avoid endless recursion when updating the refcount of the new refcount block, which migh access just the same refcount block but its allocation is not yet completed...). Only at the end of the refcount allocation the refcount of the refcount block is increased. If an error happens in between, the refcount block is in use, but has a refcount of zero and will likely be overwritten later. The new approach is explained in comments in the code. The trick is basically to let new refcount blocks describe their own refcount, so their refcount will be automatically changed when they are hooked up in the refcount table. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-02-23qcow2: Factor next_refcount_table_size outKevin Wolf
When the refcount table grows, it doesn't only grow by one entry but reserves some space for future refcount blocks. The algorithm to calculate the number of entries stays the same with the fixes, so factor it out before replacing the rest. As Juan suggested take the opportunity to simplify the code a bit. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26qcow2: Don't ignore qcow2_alloc_clusters return valueKevin Wolf
Now that qcow2_alloc_clusters can return error codes, we must handle them in the callers of qcow2_alloc_clusters. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26qcow2: Don't ignore update_refcount return valueKevin Wolf
update_refcount can return errors that need to be handled by the callers. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26qcow2: Allow updating no refcountsKevin Wolf
There's absolutely no problem with updating the refcounts of 0 clusters. At least snapshot code is doing this and would fail once the result of update_refcount isn't ignored any more. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26qcow2: Improve error handling in update_refcountKevin Wolf
If update_refcount fails, try to undo any changes made so far to avoid inconsistencies in the image file. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26qcow2: Fix error handling in grow_refcount_tableKevin Wolf
Return the appropriate error code instead of -EIO. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-13qcow2-refcount: remove dead assignmentAmit Shah
clang-analyzer points out a redundant assignment. Signed-off-by: Amit Shah <amit.shah@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-12-03qcow2: Fix some more qemu_malloc falloutKevin Wolf
Oh joy... Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-10-27qcow2: Fix grow_refcount_table error handlingKevin Wolf
In case of failure, we haven't increased the refcount for the newly allocated cluster yet. Therefore we must not free the cluster or its refcount will become negative (and endless recursion is possible). Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-10-05qcow2: Increase maximum cluster size to 2 MBKevin Wolf
This patch increases the maximum qcow2 cluster size to 2 MB. Starting with 128k clusters, L2 tables span 2 GB or more of virtual disk space, causing 32 bit truncation and wraparound of signed integers. Therefore some variables need to use a larger data type. While being at reviewing data types, change some integers that are used for array indices to unsigned. In some places they were checked against some upper limit but not for negative values. This could avoid potential segfaults with corrupted qcow2 images. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-07-20Fix most warnings (errors with -Werror) when debugging is enabledBlue Swirl
I used the following command to enable debugging: perl -p -i -e 's/^\/\/#define DEBUG/#define DEBUG/g' * */* */*/* Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2009-07-10qcow2: Fix L1 table memory allocationKevin Wolf
Contrary to what one could expect, the size of L1 tables is not cluster aligned. So as we're writing whole sectors now instead of single entries, we need to ensure that the L1 table in memory is large enough; otherwise write would access memory after the end of the L1 table. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-29qcow2: Cache refcount blocks during snapshot creationKevin Wolf
The really time consuming part of snapshotting is to adjust the reference count of all clusters. Currently after each adjusted cluster the refcount block is written to disk. Don't write each single byte immediately to disk but cache all writes to the refcount block and write them out once we're done with the block. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-16update_refcount: Write complete sectorsKevin Wolf
When updating the refcount blocks in update_refcount(), write complete sectors instead of updating single entries. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-16qcow2: Rename global functionsKevin Wolf
The qcow2 source is now split into several more manageable files. During the conversion quite some functions that were static before needed to be changed to be global to make the source compile again. We were lucky enough not to get name conflicts with these additional global names, but they are not nice. This patch adds a qcow2_ prefix to all of the global functions in qcow2. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-16qcow2: Split out guest cluster functionsKevin Wolf
qcow2-cluster.c contains all functions related to the management of guest clusters, i.e. what the guest sees on its virtual disk. This code is about mapping these guest clusters to host clusters in the image file using the two-level lookup tables. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-06-16qcow2: Split out refcount handlingKevin Wolf
qcow2-refcount.c contains all functions which are related to cluster allocation and management in the image file. A large part of this is the reference counting of these clusters. Also a header file qcow2.h is introduced which will contain the interface of the split qcow2 modules. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>