From nobody Mon Feb 9 08:56:15 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1574439249; cv=none; d=zohomail.com; s=zohoarc; b=WdOgZb2RzE9q7fbq3wiqfCT1CLaM2WfQyQIUhevsD6jH+AEKjUfX07j8VgzNG5UgbHe+kz3pULEAkITtYIqZPHf9a1hQtrpfDTFWb8QNtWwBkA4ClpMikfJoAaJkZMUOhN0YheQFkusQIWYnJds8PySYpIvBXrFbwVK8lv9sBRw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1574439249; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=2/6lgTvhUffQT9Ya7xc06OJxjRNaeStSgj7a61gvGUo=; b=SyEdaYHVjBG3MplJSTAhp5LRjvEoK7Z6ncRFnB/tEl0GmPxN+FZo2l4XnEz7IiTsSSr+WbTBv3j3EqDtRi9FGoQCRLP3zLZqNR3WQjz3d8Mg1O2uVKATqzoIQAHZS5pCDEiUSqsK2gk3N77xlHhubFNUEJMR2lhNzFVI18jgio0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1574439249261642.92740719492; Fri, 22 Nov 2019 08:14:09 -0800 (PST) Received: from localhost ([::1]:52642 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iYBZP-000114-Tv for importer@patchew.org; Fri, 22 Nov 2019 11:14:07 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:47854) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iYBR8-0000Ou-Gc for qemu-devel@nongnu.org; Fri, 22 Nov 2019 11:05:35 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iYBR7-0002r4-A2 for qemu-devel@nongnu.org; Fri, 22 Nov 2019 11:05:34 -0500 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:41609 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iYBR7-0002op-3e for qemu-devel@nongnu.org; Fri, 22 Nov 2019 11:05:33 -0500 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-378-pc2zqUFHO6un948GWoxDVw-1; Fri, 22 Nov 2019 11:05:29 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 67691107ACC5; Fri, 22 Nov 2019 16:05:28 +0000 (UTC) Received: from linux.fritz.box.com (ovpn-117-252.ams2.redhat.com [10.36.117.252]) by smtp.corp.redhat.com (Postfix) with ESMTP id B2B0810372C3; Fri, 22 Nov 2019 16:05:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1574438732; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2/6lgTvhUffQT9Ya7xc06OJxjRNaeStSgj7a61gvGUo=; b=eESFS+uBXQV3Met9XOZrGNoIpOY1MbQlbXKdB5t+lwJpEUTwZzusMzmMAD/nhXsYC60v7R KeSb0jk5ZpAu5B2WubqJTh/he3zqQWFukkCylz6hO8yXK7Ug+5hl1DQXGVs1OtflF4ByWX v6AhA4TjmnoIXRHIw1SSOrlOqXcLGW8= From: Kevin Wolf To: qemu-block@nongnu.org Subject: [PATCH v3 4/8] block: truncate: Don't make backing file data visible Date: Fri, 22 Nov 2019 17:05:07 +0100 Message-Id: <20191122160511.8377-5-kwolf@redhat.com> In-Reply-To: <20191122160511.8377-1-kwolf@redhat.com> References: <20191122160511.8377-1-kwolf@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-MC-Unique: pc2zqUFHO6un948GWoxDVw-1 X-Mimecast-Spam-Score: 0 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 205.139.110.120 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kwolf@redhat.com, vsementsov@virtuozzo.com, qemu-devel@nongnu.org, mreitz@redhat.com, stefanha@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" When extending the size of an image that has a backing file larger than its old size, make sure that the backing file data doesn't become visible in the guest, but the added area is properly zeroed out. Consider the following scenario where the overlay is shorter than its backing file: base.qcow2: AAAAAAAA overlay.qcow2: BBBB When resizing (extending) overlay.qcow2, the new blocks should not stay unallocated and make the additional As from base.qcow2 visible like before this patch, but zeros should be read. A similar case happens with the various variants of a commit job when an intermediate file is short (- for unallocated): base.qcow2: A-A-AAAA mid.qcow2: BB-B top.qcow2: C--C--C- After commit top.qcow2 to mid.qcow2, the following happens: mid.qcow2: CB-C00C0 (correct result) mid.qcow2: CB-C--C- (before this fix) Without the fix, blocks that previously read as zeros on top.qcow2 suddenly turn into A. Signed-off-by: Kevin Wolf Reviewed-by: Eric Blake Reviewed-by: Max Reitz --- block/io.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/block/io.c b/block/io.c index 42e7558954..61a63d9dc2 100644 --- a/block/io.c +++ b/block/io.c @@ -3392,12 +3392,45 @@ int coroutine_fn bdrv_co_truncate(BdrvChild *child,= int64_t offset, bool exact, ret =3D refresh_total_sectors(bs, offset >> BDRV_SECTOR_BITS); if (ret < 0) { error_setg_errno(errp, -ret, "Could not refresh total sector count= "); + goto fail_refresh_total_sectors; } else { offset =3D bs->total_sectors * BDRV_SECTOR_SIZE; } + + /* + * If the image has a backing file that is large enough that it would + * provide data for the new area, we cannot leave it unallocated becau= se + * then the backing file content would become visible. Instead, zero-f= ill + * the area where backing file and new area overlap. + * + * Note that if the image has a backing file, but was opened without t= he + * backing file, taking care of keeping things consistent with that ba= cking + * file is the user's responsibility. + */ + if (new_bytes && bs->backing && prealloc =3D=3D PREALLOC_MODE_OFF) { + int64_t backing_len; + + backing_len =3D bdrv_getlength(backing_bs(bs)); + if (backing_len < 0) { + ret =3D backing_len; + goto fail_refresh_total_sectors; + } + + if (backing_len > old_size) { + ret =3D bdrv_co_do_pwrite_zeroes( + bs, old_size, MIN(new_bytes, backing_len - old_size), + BDRV_REQ_ZERO_WRITE | BDRV_REQ_MAY_UNMAP | + (no_fallback ? BDRV_REQ_NO_FALLBACK : 0)); + if (ret < 0) { + goto fail_refresh_total_sectors; + } + } + } + /* It's possible that truncation succeeded but refresh_total_sectors * failed, but the latter doesn't affect how we should finish the requ= est. * Pass 0 as the last parameter so that dirty bitmaps etc. are handled= . */ +fail_refresh_total_sectors: bdrv_co_write_req_finish(child, offset - new_bytes, new_bytes, &req, 0= ); =20 out: --=20 2.20.1