From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1Ls16i-0001bZ-Qx
	for qemu-devel@nongnu.org; Thu, 09 Apr 2009 16:44:20 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1Ls16c-0001Xu-Os
	for qemu-devel@nongnu.org; Thu, 09 Apr 2009 16:44:19 -0400
Received: from [199.232.76.173] (port=52335 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Ls16c-0001Xr-MW
	for qemu-devel@nongnu.org; Thu, 09 Apr 2009 16:44:14 -0400
Received: from verein.lst.de ([213.95.11.210]:34400)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA1:24) (Exim 4.60)
	(envelope-from <hch@lst.de>) id 1Ls16c-0003Rq-43
	for qemu-devel@nongnu.org; Thu, 09 Apr 2009 16:44:14 -0400
Received: from verein.lst.de (localhost [127.0.0.1])
	by verein.lst.de (8.12.3/8.12.3/Debian-7.1) with ESMTP id
	n39KiCIF002737
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for <qemu-devel@nongnu.org>; Thu, 9 Apr 2009 22:44:12 +0200
Received: (from hch@localhost)
	by verein.lst.de (8.12.3/8.12.3/Debian-6.6) id n39KiCB2002735
	for qemu-devel@nongnu.org; Thu, 9 Apr 2009 22:44:12 +0200
Date: Thu, 9 Apr 2009 22:44:12 +0200
From: Christoph Hellwig <hch@lst.de>
Subject: Re: [Qemu-devel] [PATCH] Fix (at least one cause of) qcow2 corruption.
Message-ID: <20090409204412.GA2345@lst.de>
References: <1238539254.15350.554.camel@voxel>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1238539254.15350.554.camel@voxel>
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

On Tue, Mar 31, 2009 at 03:40:54PM -0700, Nolan wrote:
> qcow2's get_cluster_offset() scans forward in the l2 table to find other
> clusters that have the same allocation status as the first cluster.
> This is used by (among others) qcow_is_allocated().
> 
> Unfortunately, it was not checking to be sure that it didn't fall off
> the end of the l2 table.  This patch adds that check.
> 
> The symptom that motivated me to look into this was that
> bdrv_is_allocated() was returning false when there was in fact data
> there.  This is one of many ways this bug could lead to data corruption.
> 
> I checked the other place that scans for consecutive unallocated blocks
> (alloc_cluster_offset()) and it appears to be OK:
>     nb_clusters = MIN(nb_clusters, s->l2_size - l2_index);
> appears to prevent the same problem from occurring.

Do you have a specific I/O patter nthat would trigger this issue?