From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40942) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YfVPV-0003rv-Lw for qemu-devel@nongnu.org; Tue, 07 Apr 2015 11:27:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YfVPU-0007p5-MI for qemu-devel@nongnu.org; Tue, 07 Apr 2015 11:27:29 -0400 Received: from mx1.redhat.com ([209.132.183.28]:47641) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YfVPU-0007ot-EL for qemu-devel@nongnu.org; Tue, 07 Apr 2015 11:27:28 -0400 Message-ID: <5523F756.7020306@redhat.com> Date: Tue, 07 Apr 2015 09:27:18 -0600 From: Eric Blake MIME-Version: 1.0 References: <201504031804076871637@sangfor.com.cn> <20150407093312.GF4635@noname.str.redhat.com> In-Reply-To: <20150407093312.GF4635@noname.str.redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="1Vvkx0D5BsxKIQ7Dur2TjMO2ol3r61GsF" Subject: Re: [Qemu-devel] [Snapshot Bug?]Qcow2 meta data corruption List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Kevin Wolf , leijian Cc: qemu-devel , stefanha This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --1Vvkx0D5BsxKIQ7Dur2TjMO2ol3r61GsF Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 04/07/2015 03:33 AM, Kevin Wolf wrote: > More specifically, did you take care to never access your image from > more than one process (except if both are read-only)? It happens > occasionally that people use 'qemu-img snapshot' while the VM is > running. This is wrong and can corrupt the image. Since this has been done by more than one person, I'm wondering if there is something we can do in the qcow2 format itself to make it harder for the casual user to cause corruption. Maybe if we declare some bit or extension header for an image open for writing, which other readers can use as a warning ("this image is being actively modified; reading it may fail"), and other writers can use to deny access ("another process is already modifying this image"), where a writer should set that bit before writing anything else in the file, then clear it on exit. Of course, you'd need a way to override the bit to actively clear it to recover from the case of a writer dying unexpectedly without resetting it normally. And it won't help the case of a reader opening the file first, followed by a writer, where the reader could still get thrown off track. Or maybe we could document in the qcow2 format that all readers and writers should attempt to obtain the appropriate flock() permissions [or other appropriate advisory locking scheme] over the file header, so that cooperating processes that both use advisory locking will know when the file is in use by another process. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --1Vvkx0D5BsxKIQ7Dur2TjMO2ol3r61GsF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJVI/dWAAoJEKeha0olJ0Nqn30IAJ4eAmhpDisVEVaL8vonTDJE V+kHsdsII3rPyHAj1a7ZTmPKQgDKMNAf8jJ3fLOlegxvtTfz7vy7X0kDLLW9If2a MpZhOhOpYjRoBfoj55Ub6C61gDaDXL+ArsCBgVDK2RtBeChS1+1pyRMHgjbgXU7n JYznpozxJv5Ujv10yBUbZGAVqeoDyDU9/5zaUBr5/Kv099ywzsRDykJaIVc6gi3N QWouYWVIimzybbUgxKZfHGiTg6ofISqdofQIwCxIZA6DOpRPD8a6/v+/dJmvaMl7 lU6XTNpPO2OYipQviCa31BssTYDf+80aUtDRCRhp0JgE8TxfJ6pmYblvlJ7XVj8= =AX20 -----END PGP SIGNATURE----- --1Vvkx0D5BsxKIQ7Dur2TjMO2ol3r61GsF--