From: Avi Kivity <avi@redhat.com>
To: Kevin Wolf <kwolf@redhat.com>
Cc: markmc@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] Re: [PATCH] qcow2/virtio corruption: Don't allocate the same cluster twice
Date: Wed, 06 May 2009 19:54:30 +0300 [thread overview]
Message-ID: <4A01C0C6.7020902@redhat.com> (raw)
In-Reply-To: <1241627950-22195-1-git-send-email-kwolf@redhat.com>
Kevin Wolf wrote:
> A write on a qcow2 image that results in the allocation of a new cluster can be
> divided into two parts: There is a part which happens before the actual data is
> written, this is about allocating clusters in the image file. The second part
> happens in the AIO callback handler and is about making L2 entries for the
> newly allocated clusters.
>
> When two AIO requests happen to touch the same free cluster, there is a chance
> that the second request still sees the cluster as free because the callback of
> the first request has not yet run. This means that it reserves another cluster
> for the same virtual hard disk offset and hooks it up in its own callback,
> overwriting what the first callback has done. Long story cut short: Bad Things
> happen.
>
> This patch maintains a list of in-flight requests that have allocated new
> clusters. A second request touching the same cluster doesn't find an entry yet
> in the L2 table, but can look it up in the list now. The second request is
> limited so that it either doesn't touch the allocation of the first request
> (so it can have a non-overlapping allocation) or that it doesn't exceed the
> end of the allocation of the first request (so it can reuse this allocation
> and doesn't need to do anything itself).
>
>
> + } else {
> + /* Reuse the previously allocated clusters */
> + if (end_offset > old_end_offset) {
> + nb_clusters = (old_end_offset - offset) >> s->cluster_bits;
> + }
> + cluster_offset = old_alloc->cluster_offset + (offset - old_offset);
> + m->nb_clusters = 0;
> + goto out;
> + }
> + }
> +
> + LIST_INSERT_HEAD(&s->cluster_allocs, m, next);
>
>
What happens if the second request completes before the first? Then,
when the first request completes, alloc_cluster_link_l2() will call
copy_clusters() and overwrite the second request.
Also, the second request now depends on the first to update its
metadata. But if the first request fail, it will not update its
metadata, and the second request will complete without error and also
without updating its metadata.
--
Do not meddle in the internals of kernels, for they are subtle and quick to panic.
next prev parent reply other threads:[~2009-05-06 16:55 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-06 16:39 [Qemu-devel] [PATCH] qcow2/virtio corruption: Don't allocate the same cluster twice Kevin Wolf
2009-05-06 16:54 ` Avi Kivity [this message]
2009-05-06 17:03 ` [Qemu-devel] " Kevin Wolf
2009-05-06 17:08 ` Avi Kivity
2009-05-06 17:52 ` Kevin Wolf
2009-05-06 18:31 ` Avi Kivity
2009-05-07 7:32 ` Gleb Natapov
2009-05-07 7:54 ` Avi Kivity
2009-05-07 8:01 ` Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A01C0C6.7020902@redhat.com \
--to=avi@redhat.com \
--cc=kwolf@redhat.com \
--cc=markmc@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).