From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:40915) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T20ER-0003d2-0y for qemu-devel@nongnu.org; Thu, 16 Aug 2012 09:35:32 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1T20EI-0000UH-Ny for qemu-devel@nongnu.org; Thu, 16 Aug 2012 09:35:26 -0400 Received: from mx1.redhat.com ([209.132.183.28]:13002) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T20EI-0000U1-GG for qemu-devel@nongnu.org; Thu, 16 Aug 2012 09:35:18 -0400 Message-ID: <502CF711.2060000@redhat.com> Date: Thu, 16 Aug 2012 15:35:13 +0200 From: Kevin Wolf MIME-Version: 1.0 References: <1345107632-10460-1-git-send-email-kwolf@redhat.com> <502CEDE9.9010504@redhat.com> In-Reply-To: <502CEDE9.9010504@redhat.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] Documentation: Warn against qemu-img on active image List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Eric Blake Cc: Peter Maydell , qemu-devel@nongnu.org Am 16.08.2012 14:56, schrieb Eric Blake: > On 08/16/2012 04:00 AM, Peter Maydell wrote: >> On 16 August 2012 10:00, Kevin Wolf wrote: >>> People have repeatedly expected that you can do things like snapshotting >>> an image with qemu-img while a qemu instance is running. Maybe we need >>> to consider locking the files while they are in use, > > Sounds like a nice feature bit to add to qcow2v3, where both qemu-img > and qemu check if the locking feature is enabled for an image, as well > as maintain a header bit that is set when the image is open read-write > and refuse to use the image if the lock bit is set. I thought the same. However, then you need some way to override this mechanism when recovering from a crash etc., so it's not a trivial addition and it would be user-visible. >> but having a >>> warning in the qemu-img manpage is doable for 1.2 and can't hurt anyway. >>> >>> Signed-off-by: Kevin Wolf > >> >>> + >>> +@b{Warning:} Never use qemu-img to modify images in use by a running virtual >>> +machine or any other process, this may destroy the image. >> >> ";" or ", because". > > Is this strong enough? Remember, with qcow2v3 and qed, the mere act of > opening an image will perform refcount checks that modify the image, > unless you explicitly request otherwise, which means even a query of the > file metadata may result in modifying the image as part of the default > open. Not for read-only opens. I think qemu-img gets this right meanwhile, so that images are opened read-only when they are only queried. (And for qcow2v3 the check only happens with lazy refcounting enabled, which is not the default) > Maybe incorporate some ideas from this attempt: > > Never use qemu-img to modify files in use by a running virtual machine > or any other process; this may destroy the image. Be aware that some > image formats perform modifications even on query operations. Also, be > aware that querying an image that is being modified by another process > may encounter inconsistent state. Adding the last sentence is probably a good idea anyway. Kevin