From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=36939 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PnYmU-0000fQ-Hf
	for qemu-devel@nongnu.org; Thu, 10 Feb 2011 10:50:07 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1PnYmL-00084E-Jv
	for qemu-devel@nongnu.org; Thu, 10 Feb 2011 10:49:59 -0500
Received: from mx1.redhat.com ([209.132.183.28]:61892)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1PnYmL-00083k-DC
	for qemu-devel@nongnu.org; Thu, 10 Feb 2011 10:49:57 -0500
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 10 Feb 2011 16:51:26 +0100
Message-Id: <1297353086-4844-12-git-send-email-kwolf@redhat.com>
In-Reply-To: <1297353086-4844-1-git-send-email-kwolf@redhat.com>
References: <1297353086-4844-1-git-send-email-kwolf@redhat.com>
Subject: [Qemu-devel] [PATCH 11/11] qcow2: Fix order in L2 table COW
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: anthony@codemonkey.ws
Cc: kwolf@redhat.com, qemu-devel@nongnu.org

When copying L2 tables (this happens only with internal snapshots), the order
wasn't completely safe, so that after a crash you could end up with a L2 table
that has too low refcount, possibly leading to corruption in the long run.

This patch puts the operations in the right order: First allocate the new
L2 table and replace the reference, and only then decrease the refcount of the
old table.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 block/qcow2-cluster.c |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 437aaa8..750abe3 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -515,13 +515,16 @@ static int get_cluster_table(BlockDriverState *bs, uint64_t offset,
             return ret;
         }
     } else {
-        /* FIXME Order */
-        if (l2_offset)
-            qcow2_free_clusters(bs, l2_offset, s->l2_size * sizeof(uint64_t));
+        /* First allocate a new L2 table (and do COW if needed) */
         ret = l2_allocate(bs, l1_index, &l2_table);
         if (ret < 0) {
             return ret;
         }
+
+        /* Then decrease the refcount of the old table */
+        if (l2_offset) {
+            qcow2_free_clusters(bs, l2_offset, s->l2_size * sizeof(uint64_t));
+        }
         l2_offset = s->l1_table[l1_index] & ~QCOW_OFLAG_COPIED;
     }
 
-- 
1.7.2.3