Series comparison

-[Qemu-devel] [PULL 0/2] Block patches
+[PULL 0/2] Block patches
-The following changes since commit 36f87b4513373b3cd79c87c9197d17face95d4ac:
+The following changes since commit 67c1115edd98f388ca89dd38322ea3fadf034523:
-  Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.10-20170630' into staging (2017-06-30 11:58:49 +0100)
+  Merge remote-tracking branch 'remotes/kraxel/tags/ui-20210323-pull-request' into staging (2021-03-23 23:47:30 +0000)
-are available in the git repository at:
+are available in the Git repository at:
-  git://github.com/famz/qemu.git tags/block-pull-request
+  https://gitlab.com/stefanha/qemu.git tags/block-pull-request
-for you to fetch changes up to c61e684e44272f2acb2bef34cf2aa234582a73a9:
+for you to fetch changes up to 3460fd7f3959d1fa7bcc255796844aa261c805a4:
-  block: Exploit BDRV_BLOCK_EOF for larger zero blocks (2017-06-30 21:48:06 +0800)
+  migrate-bitmaps-postcopy-test: check that we can't remove in-flight bitmaps (2021-03-24 13:41:19 +0000)
 ----------------------------------------------------------------
 Pull request
 This dirty bitmap fix solves a crash that can be triggered in the destination
 QEMU process during live migration.
 ----------------------------------------------------------------
-Hi Peter,
+Vladimir Sementsov-Ogievskiy (2):
   migration/block-dirty-bitmap: make incoming disabled bitmaps busy
   migrate-bitmaps-postcopy-test: check that we can't remove in-flight
     bitmaps
-Here are Eric Blake's enhancement to block layer API. Thanks!
+ migration/block-dirty-bitmap.c                         |  6 ++++++
+ tests/qemu-iotests/tests/migrate-bitmaps-postcopy-test | 10 ++++++++++
-----------------------------------------------------------------
+files changed, 16 insertions(+)
 Eric Blake (2):
   block: Add BDRV_BLOCK_EOF to bdrv_get_block_status()
   block: Exploit BDRV_BLOCK_EOF for larger zero blocks
  block/io.c                 | 42 +++++++++++++++++++++++++++++++++---------
  include/block/block.h      |  2 ++
  tests/qemu-iotests/154     |  4 ----
  tests/qemu-iotests/154.out | 12 ++++++------
 files changed, 41 insertions(+), 19 deletions(-)
 --
-.9.4
+.30.2

-[Qemu-devel] [PULL 1/2] block: Add BDRV_BLOCK_EOF to bdrv_get_block_status()
+[PULL 1/2] migration/block-dirty-bitmap: make incoming disabled bitmaps busy
-From: Eric Blake <eblake@redhat.com>
+From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Just as the block layer already sets BDRV_BLOCK_ALLOCATED as a
+Incoming enabled bitmaps are busy, because we do
-shortcut for subsequent operations, there are also some optimizations
+bdrv_dirty_bitmap_create_successor() for them. But disabled bitmaps
-that are made easier if we can quickly tell that *pnum will advance
+being migrated are not marked busy, and user can remove them during the
-us to the end of a file, via a new BDRV_BLOCK_EOF which gets set
+incoming migration. Then we may crash in cancel_incoming_locked() when
-by the block layer.
+try to remove the bitmap that was already removed by user, like this:
-This just plumbs up the new bit; subsequent patches will make use
+ #0  qemu_mutex_lock_impl (mutex=0x5593d88c50d1, file=0x559680554b20
-of it.
+   "../block/dirty-bitmap.c", line=64) at ../util/qemu-thread-posix.c:77
  #1  bdrv_dirty_bitmaps_lock (bs=0x5593d88c0ee9)
    at ../block/dirty-bitmap.c:64
  #2  bdrv_release_dirty_bitmap (bitmap=0x5596810e9570)
    at ../block/dirty-bitmap.c:362
  #3  cancel_incoming_locked (s=0x559680be8208 <dbm_state+40>)
    at ../migration/block-dirty-bitmap.c:918
  #4  dirty_bitmap_load (f=0x559681d02b10, opaque=0x559680be81e0
    <dbm_state>, version_id=1) at ../migration/block-dirty-bitmap.c:1194
  #5  vmstate_load (f=0x559681d02b10, se=0x559680fb5810)
    at ../migration/savevm.c:908
  #6  qemu_loadvm_section_part_end (f=0x559681d02b10,
    mis=0x559680fb4a30) at ../migration/savevm.c:2473
  #7  qemu_loadvm_state_main (f=0x559681d02b10, mis=0x559680fb4a30)
    at ../migration/savevm.c:2626
  #8  postcopy_ram_listen_thread (opaque=0x0)
    at ../migration/savevm.c:1871
  #9  qemu_thread_start (args=0x5596817ccd10)
    at ../util/qemu-thread-posix.c:521
  #10 start_thread () at /lib64/libpthread.so.0
  #11 clone () at /lib64/libc.so.6
-Signed-off-by: Eric Blake <eblake@redhat.com>
+Note bs pointer taken from bitmap: it's definitely bad aligned. That's
-Message-Id: <20170505021500.19315-2-eblake@redhat.com>
+because we are in use after free, bitmap is already freed.
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Signed-off-by: Fam Zheng <famz@redhat.com>
+So, let's make disabled bitmaps (being migrated) busy during incoming
 migration.
 Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 Message-Id: <20210322094906.5079-2-vsementsov@virtuozzo.com>
 ---
- block/io.c            | 15 +++++++++++----
+ migration/block-dirty-bitmap.c | 6 ++++++
- include/block/block.h |  2 ++
+file changed, 6 insertions(+)
 files changed, 13 insertions(+), 4 deletions(-)
-diff --git a/block/io.c b/block/io.c
+diff --git a/migration/block-dirty-bitmap.c b/migration/block-dirty-bitmap.c
 index XXXXXXX..XXXXXXX 100644
---- a/block/io.c
+--- a/migration/block-dirty-bitmap.c
-+++ b/block/io.c
++++ b/migration/block-dirty-bitmap.c
-@@ -XXX,XX +XXX,XX @@ typedef struct BdrvCoGetBlockStatusData {
+@@ -XXX,XX +XXX,XX @@ static int dirty_bitmap_load_start(QEMUFile *f, DBMLoadState *s)
-  * Drivers not implementing the functionality are assumed to not support
+             error_report_err(local_err);
-  * backing files, hence all their sectors are reported as allocated.
+             return -EINVAL;
-  *
+         }
-- * If 'sector_num' is beyond the end of the disk image the return value is 0
++    } else {
-- * and 'pnum' is set to 0.
++        bdrv_dirty_bitmap_set_busy(s->bitmap, true);
 + * If 'sector_num' is beyond the end of the disk image the return value is
 + * BDRV_BLOCK_EOF and 'pnum' is set to 0.
   *
   * 'pnum' is set to the number of sectors (including and immediately following
   * the specified sector) that are known to be in the same
   * allocated/unallocated state.
   *
   * 'nb_sectors' is the max value 'pnum' should be set to.  If nb_sectors goes
 - * beyond the end of the disk image it will be clamped.
 + * beyond the end of the disk image it will be clamped; if 'pnum' is set to
 + * the end of the image, then the returned value will include BDRV_BLOCK_EOF.
   *
   * If returned value is positive and BDRV_BLOCK_OFFSET_VALID bit is set, 'file'
   * points to the BDS which the sector range is allocated in.
@@ -XXX,XX +XXX,XX @@ static int64_t coroutine_fn bdrv_co_get_block_status(BlockDriverState *bs,
      if (sector_num >= total_sectors) {
          *pnum = 0;
 -        return 0;
 +        return BDRV_BLOCK_EOF;
      }
-     n = total_sectors - sector_num;
+     b = g_new(LoadBitmapState, 1);
-@@ -XXX,XX +XXX,XX @@ static int64_t coroutine_fn bdrv_co_get_block_status(BlockDriverState *bs,
+@@ -XXX,XX +XXX,XX @@ static void cancel_incoming_locked(DBMLoadState *s)
-     if (!bs->drv->bdrv_co_get_block_status) {
+         assert(!s->before_vm_start_handled || !b->migrated);
-         *pnum = nb_sectors;
+         if (bdrv_dirty_bitmap_has_successor(b->bitmap)) {
-         ret = BDRV_BLOCK_DATA | BDRV_BLOCK_ALLOCATED;
+             bdrv_reclaim_dirty_bitmap(b->bitmap, &error_abort);
-+        if (sector_num + nb_sectors == total_sectors) {
++        } else {
-+            ret |= BDRV_BLOCK_EOF;
++            bdrv_dirty_bitmap_set_busy(b->bitmap, false);
 +        }
          if (bs->drv->protocol_name) {
              ret |= BDRV_BLOCK_OFFSET_VALID | (sector_num * BDRV_SECTOR_SIZE);
          }
-@@ -XXX,XX +XXX,XX @@ static int64_t coroutine_fn bdrv_co_get_block_status(BlockDriverState *bs,
+         bdrv_release_dirty_bitmap(b->bitmap);
+     }
- out:
+@@ -XXX,XX +XXX,XX @@ static void dirty_bitmap_load_complete(QEMUFile *f, DBMLoadState *s)
-     bdrv_dec_in_flight(bs);
-+    if (ret >= 0 && sector_num + *pnum == total_sectors) {
+     if (bdrv_dirty_bitmap_has_successor(s->bitmap)) {
-+        ret |= BDRV_BLOCK_EOF;
+         bdrv_reclaim_dirty_bitmap(s->bitmap, &error_abort);
-+    }
++    } else {
-     return ret;
++        bdrv_dirty_bitmap_set_busy(s->bitmap, false);
- }
+     }
-diff --git a/include/block/block.h b/include/block/block.h
+     for (item = s->bitmaps; item; item = g_slist_next(item)) {
 index XXXXXXX..XXXXXXX 100644
 --- a/include/block/block.h
 +++ b/include/block/block.h
@@ -XXX,XX +XXX,XX @@ typedef struct HDGeometry {
   * BDRV_BLOCK_OFFSET_VALID: an associated offset exists for accessing raw data
   * BDRV_BLOCK_ALLOCATED: the content of the block is determined by this
   *                       layer (short for DATA || ZERO), set by block layer
 + * BDRV_BLOCK_EOF: the returned pnum covers through end of file for this layer
   *
   * Internal flag:
   * BDRV_BLOCK_RAW: used internally to indicate that the request was
@@ -XXX,XX +XXX,XX @@ typedef struct HDGeometry {
  #define BDRV_BLOCK_OFFSET_VALID 0x04
  #define BDRV_BLOCK_RAW          0x08
  #define BDRV_BLOCK_ALLOCATED    0x10
 +#define BDRV_BLOCK_EOF          0x20
  #define BDRV_BLOCK_OFFSET_MASK  BDRV_SECTOR_MASK
  typedef QSIMPLEQ_HEAD(BlockReopenQueue, BlockReopenQueueEntry) BlockReopenQueue;
 --
-.9.4
+.30.2

-[Qemu-devel] [PULL 2/2] block: Exploit BDRV_BLOCK_EOF for larger zero blocks
+[PULL 2/2] migrate-bitmaps-postcopy-test: check that we can't remove in-flight bitmaps
-From: Eric Blake <eblake@redhat.com>
+From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-When we have a BDS with unallocated clusters, but asking the status
+Check that we can't remove bitmaps being migrated on destination vm.
-of its underlying bs->file or backing layer encounters an end-of-file
+The new check proves that previous commit helps.
 condition, we know that the rest of the unallocated area will read as
 zeroes.  However, pre-patch, this required two separate calls to
 bdrv_get_block_status(), as the first call stops at the point where
 the underlying file ends.  Thanks to BDRV_BLOCK_EOF, we can now widen
 the results of the primary status if the secondary status already
 includes BDRV_BLOCK_ZERO.
-In turn, this fixes a TODO mentioned in iotest 154, where we can now
+Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-see that all sectors in a partial cluster at the end of a file read
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-as zero when coupling the shorter backing file's status along with our
+Message-Id: <20210322094906.5079-3-vsementsov@virtuozzo.com>
-knowledge that the remaining sectors came from an unallocated cluster.
+---
  tests/qemu-iotests/tests/migrate-bitmaps-postcopy-test | 10 ++++++++++
 file changed, 10 insertions(+)
-Also, note that the loop in bdrv_co_get_block_status_above() had an
+diff --git a/tests/qemu-iotests/tests/migrate-bitmaps-postcopy-test b/tests/qemu-iotests/tests/migrate-bitmaps-postcopy-test
-inefficent exit: in cases where the active layer sets BDRV_BLOCK_ZERO
+index XXXXXXX..XXXXXXX 100755
-but does NOT set BDRV_BLOCK_ALLOCATED (namely, where we know we read
+--- a/tests/qemu-iotests/tests/migrate-bitmaps-postcopy-test
-zeroes merely because our unallocated clusters lie beyond the backing
++++ b/tests/qemu-iotests/tests/migrate-bitmaps-postcopy-test
-file's shorter length), we still ended up probing the backing layer
+@@ -XXX,XX +XXX,XX @@ class TestDirtyBitmapPostcopyMigration(iotests.QMPTestCase):
-even though we already had a good answer.
+         self.start_postcopy()
          self.vm_b_events += self.vm_b.get_qmp_events()
 +
 +        # While being here, let's check that we can't remove in-flight bitmaps.
 +        for vm in (self.vm_a, self.vm_b):
 +            for i in range(0, nb_bitmaps):
 +                result = vm.qmp('block-dirty-bitmap-remove', node='drive0',
 +                                name=f'bitmap{i}')
 +                self.assert_qmp(result, 'error/desc',
 +                                f"Bitmap 'bitmap{i}' is currently in use by "
 +                                "another operation and cannot be used")
 +
          self.vm_b.shutdown()
          # recreate vm_b, so there is no incoming option, which prevents
          # loading bitmaps from disk
 --
 .30.2
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-Id: <20170505021500.19315-3-eblake@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Signed-off-by: Fam Zheng <famz@redhat.com>
----
- block/io.c                 | 27 ++++++++++++++++++++++-----
- tests/qemu-iotests/154     |  4 ----
- tests/qemu-iotests/154.out | 12 ++++++------
-files changed, 28 insertions(+), 15 deletions(-)
-diff --git a/block/io.c b/block/io.c
-index XXXXXXX..XXXXXXX 100644
---- a/block/io.c
-+++ b/block/io.c
-@@ -XXX,XX +XXX,XX @@ static int64_t coroutine_fn bdrv_co_get_block_status(BlockDriverState *bs,
-             /* Ignore errors.  This is just providing extra information, it
-              * is useful but not necessary.
-              */
--            if (!file_pnum) {
--                /* !file_pnum indicates an offset at or beyond the EOF; it is
--                 * perfectly valid for the format block driver to point to such
--                 * offsets, so catch it and mark everything as zero */
-+            if (ret2 & BDRV_BLOCK_EOF &&
-+                (!file_pnum || ret2 & BDRV_BLOCK_ZERO)) {
-+                /*
-+                 * It is valid for the format block driver to read
-+                 * beyond the end of the underlying file's current
-+                 * size; such areas read as zero.
-+                 */
-                 ret |= BDRV_BLOCK_ZERO;
-             } else {
-                 /* Limit request to the range reported by the protocol driver */
-@@ -XXX,XX +XXX,XX @@ static int64_t coroutine_fn bdrv_co_get_block_status_above(BlockDriverState *bs,
- {
-     BlockDriverState *p;
-     int64_t ret = 0;
-+    bool first = true;
-     assert(bs != base);
-     for (p = bs; p != base; p = backing_bs(p)) {
-         ret = bdrv_co_get_block_status(p, sector_num, nb_sectors, pnum, file);
--        if (ret < 0 || ret & BDRV_BLOCK_ALLOCATED) {
-+        if (ret < 0) {
-+            break;
-+        }
-+        if (ret & BDRV_BLOCK_ZERO && ret & BDRV_BLOCK_EOF && !first) {
-+            /*
-+             * Reading beyond the end of the file continues to read
-+             * zeroes, but we can only widen the result to the
-+             * unallocated length we learned from an earlier
-+             * iteration.
-+             */
-+            *pnum = nb_sectors;
-+        }
-+        if (ret & (BDRV_BLOCK_ZERO | BDRV_BLOCK_DATA)) {
-             break;
-         }
-         /* [sector_num, pnum] unallocated on this layer, which could be only
-          * the first part of [sector_num, nb_sectors].  */
-         nb_sectors = MIN(nb_sectors, *pnum);
-+        first = false;
-     }
-     return ret;
- }
-diff --git a/tests/qemu-iotests/154 b/tests/qemu-iotests/154
-index XXXXXXX..XXXXXXX 100755
---- a/tests/qemu-iotests/154
-+++ b/tests/qemu-iotests/154
-@@ -XXX,XX +XXX,XX @@ $QEMU_IO -c "alloc $size 2048" "$TEST_IMG" | _filter_qemu_io
- $QEMU_IMG map --output=json "$TEST_IMG" | _filter_qemu_img_map
- # Repeat with backing file holding unallocated cluster.
--# TODO: Note that this forces an allocation, because we aren't yet able to
--# quickly detect that reads beyond EOF of the backing file are always zero
- CLUSTER_SIZE=2048 TEST_IMG="$TEST_IMG.base" _make_test_img $((size + 1024))
- # Write at the front: sector-wise, the request is:
-@@ -XXX,XX +XXX,XX @@ $QEMU_IO -c "alloc $size 2048" "$TEST_IMG" | _filter_qemu_io
- $QEMU_IMG map --output=json "$TEST_IMG" | _filter_qemu_img_map
- # Repeat with backing file holding zero'd cluster
--# TODO: Note that this forces an allocation, because we aren't yet able to
--# quickly detect that reads beyond EOF of the backing file are always zero
- $QEMU_IO -c "write -z $size 512" "$TEST_IMG.base" | _filter_qemu_io
- # Write at the front: sector-wise, the request is:
-diff --git a/tests/qemu-iotests/154.out b/tests/qemu-iotests/154.out
-index XXXXXXX..XXXXXXX 100644
---- a/tests/qemu-iotests/154.out
-+++ b/tests/qemu-iotests/154.out
-@@ -XXX,XX +XXX,XX @@ wrote 512/512 bytes at offset 134217728
-bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-/2048 bytes allocated at offset 128 MiB
- [{ "start": 0, "length": 134217728, "depth": 1, "zero": true, "data": false},
--{ "start": 134217728, "length": 2048, "depth": 0, "zero": false, "data": true, "offset": OFFSET}]
-+{ "start": 134217728, "length": 2048, "depth": 0, "zero": true, "data": false}]
- Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134219776 backing_file=TEST_DIR/t.IMGFMT.base
- wrote 512/512 bytes at offset 134219264
-bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-/2048 bytes allocated at offset 128 MiB
- [{ "start": 0, "length": 134217728, "depth": 1, "zero": true, "data": false},
--{ "start": 134217728, "length": 2048, "depth": 0, "zero": false, "data": true, "offset": OFFSET}]
-+{ "start": 134217728, "length": 2048, "depth": 0, "zero": true, "data": false}]
- Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134219776 backing_file=TEST_DIR/t.IMGFMT.base
- wrote 1024/1024 bytes at offset 134218240
-KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-/2048 bytes allocated at offset 128 MiB
- [{ "start": 0, "length": 134217728, "depth": 1, "zero": true, "data": false},
--{ "start": 134217728, "length": 2048, "depth": 0, "zero": false, "data": true, "offset": OFFSET}]
-+{ "start": 134217728, "length": 2048, "depth": 0, "zero": true, "data": false}]
- Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134219776 backing_file=TEST_DIR/t.IMGFMT.base
- wrote 2048/2048 bytes at offset 134217728
-KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-@@ -XXX,XX +XXX,XX @@ wrote 512/512 bytes at offset 134217728
-bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-/2048 bytes allocated at offset 128 MiB
- [{ "start": 0, "length": 134217728, "depth": 1, "zero": true, "data": false},
--{ "start": 134217728, "length": 2048, "depth": 0, "zero": false, "data": true, "offset": OFFSET}]
-+{ "start": 134217728, "length": 2048, "depth": 0, "zero": true, "data": false}]
- Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134219776 backing_file=TEST_DIR/t.IMGFMT.base
- wrote 512/512 bytes at offset 134219264
-bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-/2048 bytes allocated at offset 128 MiB
- [{ "start": 0, "length": 134217728, "depth": 1, "zero": true, "data": false},
--{ "start": 134217728, "length": 2048, "depth": 0, "zero": false, "data": true, "offset": OFFSET}]
-+{ "start": 134217728, "length": 2048, "depth": 0, "zero": true, "data": false}]
- Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134219776 backing_file=TEST_DIR/t.IMGFMT.base
- wrote 1024/1024 bytes at offset 134218240
-KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-/2048 bytes allocated at offset 128 MiB
- [{ "start": 0, "length": 134217728, "depth": 1, "zero": true, "data": false},
--{ "start": 134217728, "length": 2048, "depth": 0, "zero": false, "data": true, "offset": OFFSET}]
-+{ "start": 134217728, "length": 2048, "depth": 0, "zero": true, "data": false}]
- Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134219776 backing_file=TEST_DIR/t.IMGFMT.base
- wrote 2048/2048 bytes at offset 134217728
-KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
---
-.9.4

The following changes since commit 36f87b4513373b3cd79c87c9197d17face95d4ac:

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.10-20170630' into staging (2017-06-30 11:58:49 +0100)

are available in the git repository at:

git://github.com/famz/qemu.git tags/block-pull-request

for you to fetch changes up to c61e684e44272f2acb2bef34cf2aa234582a73a9:

block: Exploit BDRV_BLOCK_EOF for larger zero blocks (2017-06-30 21:48:06 +0800)

----------------------------------------------------------------

Hi Peter,

Here are Eric Blake's enhancement to block layer API. Thanks!

----------------------------------------------------------------

Eric Blake (2):
  block: Add BDRV_BLOCK_EOF to bdrv_get_block_status()
  block: Exploit BDRV_BLOCK_EOF for larger zero blocks

block/io.c                 | 42 +++++++++++++++++++++++++++++++++---------
 include/block/block.h      |  2 ++
 tests/qemu-iotests/154     |  4 ----
 tests/qemu-iotests/154.out | 12 ++++++------
 4 files changed, 41 insertions(+), 19 deletions(-)

-- 
2.9.4

From: Eric Blake <eblake@redhat.com>

Just as the block layer already sets BDRV_BLOCK_ALLOCATED as a
shortcut for subsequent operations, there are also some optimizations
that are made easier if we can quickly tell that *pnum will advance
us to the end of a file, via a new BDRV_BLOCK_EOF which gets set
by the block layer.

This just plumbs up the new bit; subsequent patches will make use
of it.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20170505021500.19315-2-eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
---
 block/io.c            | 15 +++++++++++----
 include/block/block.h |  2 ++
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/block/io.c b/block/io.c
index XXXXXXX..XXXXXXX 100644
--- a/block/io.c
+++ b/block/io.c
@@ -XXX,XX +XXX,XX @@ typedef struct BdrvCoGetBlockStatusData {
  * Drivers not implementing the functionality are assumed to not support
  * backing files, hence all their sectors are reported as allocated.
  *
- * If 'sector_num' is beyond the end of the disk image the return value is 0
- * and 'pnum' is set to 0.
+ * If 'sector_num' is beyond the end of the disk image the return value is
+ * BDRV_BLOCK_EOF and 'pnum' is set to 0.
  *
  * 'pnum' is set to the number of sectors (including and immediately following
  * the specified sector) that are known to be in the same
  * allocated/unallocated state.
  *
  * 'nb_sectors' is the max value 'pnum' should be set to.  If nb_sectors goes
- * beyond the end of the disk image it will be clamped.
+ * beyond the end of the disk image it will be clamped; if 'pnum' is set to
+ * the end of the image, then the returned value will include BDRV_BLOCK_EOF.
  *
  * If returned value is positive and BDRV_BLOCK_OFFSET_VALID bit is set, 'file'
  * points to the BDS which the sector range is allocated in.
@@ -XXX,XX +XXX,XX @@ static int64_t coroutine_fn bdrv_co_get_block_status(BlockDriverState *bs,
 
     if (sector_num >= total_sectors) {
         *pnum = 0;
-        return 0;
+        return BDRV_BLOCK_EOF;
     }
 
     n = total_sectors - sector_num;
@@ -XXX,XX +XXX,XX @@ static int64_t coroutine_fn bdrv_co_get_block_status(BlockDriverState *bs,
     if (!bs->drv->bdrv_co_get_block_status) {
         *pnum = nb_sectors;
         ret = BDRV_BLOCK_DATA | BDRV_BLOCK_ALLOCATED;
+        if (sector_num + nb_sectors == total_sectors) {
+            ret |= BDRV_BLOCK_EOF;
+        }
         if (bs->drv->protocol_name) {
             ret |= BDRV_BLOCK_OFFSET_VALID | (sector_num * BDRV_SECTOR_SIZE);
         }
@@ -XXX,XX +XXX,XX @@ static int64_t coroutine_fn bdrv_co_get_block_status(BlockDriverState *bs,
 
 out:
     bdrv_dec_in_flight(bs);
+    if (ret >= 0 && sector_num + *pnum == total_sectors) {
+        ret |= BDRV_BLOCK_EOF;
+    }
     return ret;
 }
 
diff --git a/include/block/block.h b/include/block/block.h
index XXXXXXX..XXXXXXX 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -XXX,XX +XXX,XX @@ typedef struct HDGeometry {
  * BDRV_BLOCK_OFFSET_VALID: an associated offset exists for accessing raw data
  * BDRV_BLOCK_ALLOCATED: the content of the block is determined by this
  *                       layer (short for DATA || ZERO), set by block layer
+ * BDRV_BLOCK_EOF: the returned pnum covers through end of file for this layer
  *
  * Internal flag:
  * BDRV_BLOCK_RAW: used internally to indicate that the request was
@@ -XXX,XX +XXX,XX @@ typedef struct HDGeometry {
 #define BDRV_BLOCK_OFFSET_VALID 0x04
 #define BDRV_BLOCK_RAW          0x08
 #define BDRV_BLOCK_ALLOCATED    0x10
+#define BDRV_BLOCK_EOF          0x20
 #define BDRV_BLOCK_OFFSET_MASK  BDRV_SECTOR_MASK
 
 typedef QSIMPLEQ_HEAD(BlockReopenQueue, BlockReopenQueueEntry) BlockReopenQueue;
-- 
2.9.4

From: Eric Blake <eblake@redhat.com>

When we have a BDS with unallocated clusters, but asking the status
of its underlying bs->file or backing layer encounters an end-of-file
condition, we know that the rest of the unallocated area will read as
zeroes.  However, pre-patch, this required two separate calls to
bdrv_get_block_status(), as the first call stops at the point where
the underlying file ends.  Thanks to BDRV_BLOCK_EOF, we can now widen
the results of the primary status if the secondary status already
includes BDRV_BLOCK_ZERO.

In turn, this fixes a TODO mentioned in iotest 154, where we can now
see that all sectors in a partial cluster at the end of a file read
as zero when coupling the shorter backing file's status along with our
knowledge that the remaining sectors came from an unallocated cluster.

Also, note that the loop in bdrv_co_get_block_status_above() had an
inefficent exit: in cases where the active layer sets BDRV_BLOCK_ZERO
but does NOT set BDRV_BLOCK_ALLOCATED (namely, where we know we read
zeroes merely because our unallocated clusters lie beyond the backing
file's shorter length), we still ended up probing the backing layer
even though we already had a good answer.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20170505021500.19315-3-eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
---
 block/io.c                 | 27 ++++++++++++++++++++++-----
 tests/qemu-iotests/154     |  4 ----
 tests/qemu-iotests/154.out | 12 ++++++------
 3 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/block/io.c b/block/io.c
index XXXXXXX..XXXXXXX 100644
--- a/block/io.c
+++ b/block/io.c
@@ -XXX,XX +XXX,XX @@ static int64_t coroutine_fn bdrv_co_get_block_status(BlockDriverState *bs,
             /* Ignore errors.  This is just providing extra information, it
              * is useful but not necessary.
              */
-            if (!file_pnum) {
-                /* !file_pnum indicates an offset at or beyond the EOF; it is
-                 * perfectly valid for the format block driver to point to such
-                 * offsets, so catch it and mark everything as zero */
+            if (ret2 & BDRV_BLOCK_EOF &&
+                (!file_pnum || ret2 & BDRV_BLOCK_ZERO)) {
+                /*
+                 * It is valid for the format block driver to read
+                 * beyond the end of the underlying file's current
+                 * size; such areas read as zero.
+                 */
                 ret |= BDRV_BLOCK_ZERO;
             } else {
                 /* Limit request to the range reported by the protocol driver */
@@ -XXX,XX +XXX,XX @@ static int64_t coroutine_fn bdrv_co_get_block_status_above(BlockDriverState *bs,
 {
     BlockDriverState *p;
     int64_t ret = 0;
+    bool first = true;
 
     assert(bs != base);
     for (p = bs; p != base; p = backing_bs(p)) {
         ret = bdrv_co_get_block_status(p, sector_num, nb_sectors, pnum, file);
-        if (ret < 0 || ret & BDRV_BLOCK_ALLOCATED) {
+        if (ret < 0) {
+            break;
+        }
+        if (ret & BDRV_BLOCK_ZERO && ret & BDRV_BLOCK_EOF && !first) {
+            /*
+             * Reading beyond the end of the file continues to read
+             * zeroes, but we can only widen the result to the
+             * unallocated length we learned from an earlier
+             * iteration.
+             */
+            *pnum = nb_sectors;
+        }
+        if (ret & (BDRV_BLOCK_ZERO | BDRV_BLOCK_DATA)) {
             break;
         }
         /* [sector_num, pnum] unallocated on this layer, which could be only
          * the first part of [sector_num, nb_sectors].  */
         nb_sectors = MIN(nb_sectors, *pnum);
+        first = false;
     }
     return ret;
 }
diff --git a/tests/qemu-iotests/154 b/tests/qemu-iotests/154
index XXXXXXX..XXXXXXX 100755
--- a/tests/qemu-iotests/154
+++ b/tests/qemu-iotests/154
@@ -XXX,XX +XXX,XX @@ $QEMU_IO -c "alloc $size 2048" "$TEST_IMG" | _filter_qemu_io
 $QEMU_IMG map --output=json "$TEST_IMG" | _filter_qemu_img_map
 
 # Repeat with backing file holding unallocated cluster.
-# TODO: Note that this forces an allocation, because we aren't yet able to
-# quickly detect that reads beyond EOF of the backing file are always zero
 CLUSTER_SIZE=2048 TEST_IMG="$TEST_IMG.base" _make_test_img $((size + 1024))
 
 # Write at the front: sector-wise, the request is:
@@ -XXX,XX +XXX,XX @@ $QEMU_IO -c "alloc $size 2048" "$TEST_IMG" | _filter_qemu_io
 $QEMU_IMG map --output=json "$TEST_IMG" | _filter_qemu_img_map
 
 # Repeat with backing file holding zero'd cluster
-# TODO: Note that this forces an allocation, because we aren't yet able to
-# quickly detect that reads beyond EOF of the backing file are always zero
 $QEMU_IO -c "write -z $size 512" "$TEST_IMG.base" | _filter_qemu_io
 
 # Write at the front: sector-wise, the request is:
diff --git a/tests/qemu-iotests/154.out b/tests/qemu-iotests/154.out
index XXXXXXX..XXXXXXX 100644
--- a/tests/qemu-iotests/154.out
+++ b/tests/qemu-iotests/154.out
@@ -XXX,XX +XXX,XX @@ wrote 512/512 bytes at offset 134217728
 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 2048/2048 bytes allocated at offset 128 MiB
 [{ "start": 0, "length": 134217728, "depth": 1, "zero": true, "data": false},
-{ "start": 134217728, "length": 2048, "depth": 0, "zero": false, "data": true, "offset": OFFSET}]
+{ "start": 134217728, "length": 2048, "depth": 0, "zero": true, "data": false}]
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134219776 backing_file=TEST_DIR/t.IMGFMT.base
 wrote 512/512 bytes at offset 134219264
 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 2048/2048 bytes allocated at offset 128 MiB
 [{ "start": 0, "length": 134217728, "depth": 1, "zero": true, "data": false},
-{ "start": 134217728, "length": 2048, "depth": 0, "zero": false, "data": true, "offset": OFFSET}]
+{ "start": 134217728, "length": 2048, "depth": 0, "zero": true, "data": false}]
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134219776 backing_file=TEST_DIR/t.IMGFMT.base
 wrote 1024/1024 bytes at offset 134218240
 1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 2048/2048 bytes allocated at offset 128 MiB
 [{ "start": 0, "length": 134217728, "depth": 1, "zero": true, "data": false},
-{ "start": 134217728, "length": 2048, "depth": 0, "zero": false, "data": true, "offset": OFFSET}]
+{ "start": 134217728, "length": 2048, "depth": 0, "zero": true, "data": false}]
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134219776 backing_file=TEST_DIR/t.IMGFMT.base
 wrote 2048/2048 bytes at offset 134217728
 2 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -XXX,XX +XXX,XX @@ wrote 512/512 bytes at offset 134217728
 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 2048/2048 bytes allocated at offset 128 MiB
 [{ "start": 0, "length": 134217728, "depth": 1, "zero": true, "data": false},
-{ "start": 134217728, "length": 2048, "depth": 0, "zero": false, "data": true, "offset": OFFSET}]
+{ "start": 134217728, "length": 2048, "depth": 0, "zero": true, "data": false}]
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134219776 backing_file=TEST_DIR/t.IMGFMT.base
 wrote 512/512 bytes at offset 134219264
 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 2048/2048 bytes allocated at offset 128 MiB
 [{ "start": 0, "length": 134217728, "depth": 1, "zero": true, "data": false},
-{ "start": 134217728, "length": 2048, "depth": 0, "zero": false, "data": true, "offset": OFFSET}]
+{ "start": 134217728, "length": 2048, "depth": 0, "zero": true, "data": false}]
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134219776 backing_file=TEST_DIR/t.IMGFMT.base
 wrote 1024/1024 bytes at offset 134218240
 1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 2048/2048 bytes allocated at offset 128 MiB
 [{ "start": 0, "length": 134217728, "depth": 1, "zero": true, "data": false},
-{ "start": 134217728, "length": 2048, "depth": 0, "zero": false, "data": true, "offset": OFFSET}]
+{ "start": 134217728, "length": 2048, "depth": 0, "zero": true, "data": false}]
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134219776 backing_file=TEST_DIR/t.IMGFMT.base
 wrote 2048/2048 bytes at offset 134217728
 2 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-- 
2.9.4

The following changes since commit 67c1115edd98f388ca89dd38322ea3fadf034523:

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20210323-pull-request' into staging (2021-03-23 23:47:30 +0000)

are available in the Git repository at:

https://gitlab.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to 3460fd7f3959d1fa7bcc255796844aa261c805a4:

migrate-bitmaps-postcopy-test: check that we can't remove in-flight bitmaps (2021-03-24 13:41:19 +0000)

----------------------------------------------------------------
Pull request

This dirty bitmap fix solves a crash that can be triggered in the destination
QEMU process during live migration.

----------------------------------------------------------------

Vladimir Sementsov-Ogievskiy (2):
  migration/block-dirty-bitmap: make incoming disabled bitmaps busy
  migrate-bitmaps-postcopy-test: check that we can't remove in-flight
    bitmaps

migration/block-dirty-bitmap.c                         |  6 ++++++
 tests/qemu-iotests/tests/migrate-bitmaps-postcopy-test | 10 ++++++++++
 2 files changed, 16 insertions(+)

-- 
2.30.2

From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

Incoming enabled bitmaps are busy, because we do
bdrv_dirty_bitmap_create_successor() for them. But disabled bitmaps
being migrated are not marked busy, and user can remove them during the
incoming migration. Then we may crash in cancel_incoming_locked() when
try to remove the bitmap that was already removed by user, like this:

#0  qemu_mutex_lock_impl (mutex=0x5593d88c50d1, file=0x559680554b20
   "../block/dirty-bitmap.c", line=64) at ../util/qemu-thread-posix.c:77
 #1  bdrv_dirty_bitmaps_lock (bs=0x5593d88c0ee9)
   at ../block/dirty-bitmap.c:64
 #2  bdrv_release_dirty_bitmap (bitmap=0x5596810e9570)
   at ../block/dirty-bitmap.c:362
 #3  cancel_incoming_locked (s=0x559680be8208 <dbm_state+40>)
   at ../migration/block-dirty-bitmap.c:918
 #4  dirty_bitmap_load (f=0x559681d02b10, opaque=0x559680be81e0
   <dbm_state>, version_id=1) at ../migration/block-dirty-bitmap.c:1194
 #5  vmstate_load (f=0x559681d02b10, se=0x559680fb5810)
   at ../migration/savevm.c:908
 #6  qemu_loadvm_section_part_end (f=0x559681d02b10,
   mis=0x559680fb4a30) at ../migration/savevm.c:2473
 #7  qemu_loadvm_state_main (f=0x559681d02b10, mis=0x559680fb4a30)
   at ../migration/savevm.c:2626
 #8  postcopy_ram_listen_thread (opaque=0x0)
   at ../migration/savevm.c:1871
 #9  qemu_thread_start (args=0x5596817ccd10)
   at ../util/qemu-thread-posix.c:521
 #10 start_thread () at /lib64/libpthread.so.0
 #11 clone () at /lib64/libc.so.6

Note bs pointer taken from bitmap: it's definitely bad aligned. That's
because we are in use after free, bitmap is already freed.

So, let's make disabled bitmaps (being migrated) busy during incoming
migration.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210322094906.5079-2-vsementsov@virtuozzo.com>
---
 migration/block-dirty-bitmap.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/migration/block-dirty-bitmap.c b/migration/block-dirty-bitmap.c
index XXXXXXX..XXXXXXX 100644
--- a/migration/block-dirty-bitmap.c
+++ b/migration/block-dirty-bitmap.c
@@ -XXX,XX +XXX,XX @@ static int dirty_bitmap_load_start(QEMUFile *f, DBMLoadState *s)
             error_report_err(local_err);
             return -EINVAL;
         }
+    } else {
+        bdrv_dirty_bitmap_set_busy(s->bitmap, true);
     }
 
     b = g_new(LoadBitmapState, 1);
@@ -XXX,XX +XXX,XX @@ static void cancel_incoming_locked(DBMLoadState *s)
         assert(!s->before_vm_start_handled || !b->migrated);
         if (bdrv_dirty_bitmap_has_successor(b->bitmap)) {
             bdrv_reclaim_dirty_bitmap(b->bitmap, &error_abort);
+        } else {
+            bdrv_dirty_bitmap_set_busy(b->bitmap, false);
         }
         bdrv_release_dirty_bitmap(b->bitmap);
     }
@@ -XXX,XX +XXX,XX @@ static void dirty_bitmap_load_complete(QEMUFile *f, DBMLoadState *s)
 
     if (bdrv_dirty_bitmap_has_successor(s->bitmap)) {
         bdrv_reclaim_dirty_bitmap(s->bitmap, &error_abort);
+    } else {
+        bdrv_dirty_bitmap_set_busy(s->bitmap, false);
     }
 
     for (item = s->bitmaps; item; item = g_slist_next(item)) {
-- 
2.30.2

From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

Check that we can't remove bitmaps being migrated on destination vm.
The new check proves that previous commit helps.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210322094906.5079-3-vsementsov@virtuozzo.com>
---
 tests/qemu-iotests/tests/migrate-bitmaps-postcopy-test | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tests/qemu-iotests/tests/migrate-bitmaps-postcopy-test b/tests/qemu-iotests/tests/migrate-bitmaps-postcopy-test
index XXXXXXX..XXXXXXX 100755
--- a/tests/qemu-iotests/tests/migrate-bitmaps-postcopy-test
+++ b/tests/qemu-iotests/tests/migrate-bitmaps-postcopy-test
@@ -XXX,XX +XXX,XX @@ class TestDirtyBitmapPostcopyMigration(iotests.QMPTestCase):
         self.start_postcopy()
 
         self.vm_b_events += self.vm_b.get_qmp_events()
+
+        # While being here, let's check that we can't remove in-flight bitmaps.
+        for vm in (self.vm_a, self.vm_b):
+            for i in range(0, nb_bitmaps):
+                result = vm.qmp('block-dirty-bitmap-remove', node='drive0',
+                                name=f'bitmap{i}')
+                self.assert_qmp(result, 'error/desc',
+                                f"Bitmap 'bitmap{i}' is currently in use by "
+                                "another operation and cannot be used")
+
         self.vm_b.shutdown()
         # recreate vm_b, so there is no incoming option, which prevents
         # loading bitmaps from disk
-- 
2.30.2