From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1M1z1F-00021R-VG for qemu-devel@nongnu.org; Thu, 07 May 2009 04:31:54 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1M1z1A-0001xc-Ec for qemu-devel@nongnu.org; Thu, 07 May 2009 04:31:53 -0400 Received: from [199.232.76.173] (port=34374 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1M1z19-0001xD-Qy for qemu-devel@nongnu.org; Thu, 07 May 2009 04:31:47 -0400 Received: from mx2.redhat.com ([66.187.237.31]:42457) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1M1z19-00037m-Ci for qemu-devel@nongnu.org; Thu, 07 May 2009 04:31:47 -0400 Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id n478Vk6c004516 for ; Thu, 7 May 2009 04:31:46 -0400 Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n478VjvA024545 for ; Thu, 7 May 2009 04:31:45 -0400 Received: from dhcp-1-237.tlv.redhat.com (dhcp-1-237.tlv.redhat.com [10.35.1.237]) by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n478Vijs005334 for ; Thu, 7 May 2009 04:31:45 -0400 Date: Thu, 7 May 2009 11:31:44 +0300 From: Gleb Natapov Message-ID: <20090507083144.GA9795@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [Qemu-devel] [PATCH] Fix cluster freeing in qcow2 List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Need to drop QCOW_OFLAG_COPIED from a cluster pointer before freeing it. Add an explanation how thing meant to work. Signed-off-by: Gleb Natapov diff --git a/block-qcow2.c b/block-qcow2.c index 7840634..aca41b4 100644 --- a/block-qcow2.c +++ b/block-qcow2.c @@ -992,6 +992,12 @@ static int alloc_cluster_link_l2(BlockDriverState *bs, uint64_t cluster_offset, goto err; for (i = 0; i < m->nb_clusters; i++) { + /* if two concurrent writes happen to the same unallocated cluster + * each write allocates separate cluster and writes data concurrently. + * The first one to complete updates l2 table with pointer to its + * cluster the second one has to do RMW (which is done above by + * copy_sectors()), update l2 table with its cluster pointer and free + * old cluster. This is what this loop does */ if(l2_table[l2_index + i] != 0) old_cluster[j++] = l2_table[l2_index + i]; @@ -1005,7 +1011,8 @@ static int alloc_cluster_link_l2(BlockDriverState *bs, uint64_t cluster_offset, goto err; for (i = 0; i < j; i++) - free_any_clusters(bs, be64_to_cpu(old_cluster[i]), 1); + free_any_clusters(bs, be64_to_cpu(old_cluster[i]) & ~QCOW_OFLAG_COPIED, + 1); ret = 0; err: -- Gleb.