qemu-e2k/block
Fiona Ebner 8a9be79924 block/io: clear BDRV_BLOCK_RECURSE flag after recursing in bdrv_co_block_status
Using fleecing backup like in [0] on a qcow2 image (with metadata
preallocation) can lead to the following assertion failure:

> bdrv_co_do_block_status: Assertion `!(ret & BDRV_BLOCK_ZERO)' failed.

In the reproducer [0], it happens because the BDRV_BLOCK_RECURSE flag
will be set by the qcow2 driver, so the caller will recursively check
the file child. Then the BDRV_BLOCK_ZERO set too. Later up the call
chain, in bdrv_co_do_block_status() for the snapshot-access driver,
the assertion failure will happen, because both flags are set.

To fix it, clear the recurse flag after the recursive check was done.

In detail:

> #0  qcow2_co_block_status

Returns 0x45 = BDRV_BLOCK_RECURSE | BDRV_BLOCK_DATA |
BDRV_BLOCK_OFFSET_VALID.

> #1  bdrv_co_do_block_status

Because of the data flag, bdrv_co_do_block_status() will now also set
BDRV_BLOCK_ALLOCATED. Because of the recurse flag,
bdrv_co_do_block_status() for the bdrv_file child will be called,
which returns 0x16 = BDRV_BLOCK_ALLOCATED | BDRV_BLOCK_OFFSET_VALID |
BDRV_BLOCK_ZERO. Now the return value inherits the zero flag.

Returns 0x57 = BDRV_BLOCK_RECURSE | BDRV_BLOCK_DATA |
BDRV_BLOCK_OFFSET_VALID | BDRV_BLOCK_ALLOCATED | BDRV_BLOCK_ZERO.

> #2  bdrv_co_common_block_status_above
> #3  bdrv_co_block_status_above
> #4  bdrv_co_block_status
> #5  cbw_co_snapshot_block_status
> #6  bdrv_co_snapshot_block_status
> #7  snapshot_access_co_block_status
> #8  bdrv_co_do_block_status

Return value is propagated all the way up to here, where the assertion
failure happens, because BDRV_BLOCK_RECURSE and BDRV_BLOCK_ZERO are
both set.

> #9  bdrv_co_common_block_status_above
> #10 bdrv_co_block_status_above
> #11 block_copy_block_status
> #12 block_copy_dirty_clusters
> #13 block_copy_common
> #14 block_copy_async_co_entry
> #15 coroutine_trampoline

[0]:

> #!/bin/bash
> rm /tmp/disk.qcow2
> ./qemu-img create /tmp/disk.qcow2 -o preallocation=metadata -f qcow2 1G
> ./qemu-img create /tmp/fleecing.qcow2 -f qcow2 1G
> ./qemu-img create /tmp/backup.qcow2 -f qcow2 1G
> ./qemu-system-x86_64 --qmp stdio \
> --blockdev qcow2,node-name=node0,file.driver=file,file.filename=/tmp/disk.qcow2 \
> --blockdev qcow2,node-name=node1,file.driver=file,file.filename=/tmp/fleecing.qcow2 \
> --blockdev qcow2,node-name=node2,file.driver=file,file.filename=/tmp/backup.qcow2 \
> <<EOF
> {"execute": "qmp_capabilities"}
> {"execute": "blockdev-add", "arguments": { "driver": "copy-before-write", "file": "node0", "target": "node1", "node-name": "node3" } }
> {"execute": "blockdev-add", "arguments": { "driver": "snapshot-access", "file": "node3", "node-name": "snap0" } }
> {"execute": "blockdev-backup", "arguments": { "device": "snap0", "target": "node1", "sync": "full", "job-id": "backup0" } }
> EOF

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-id: 20240116154839.401030-1-f.ebner@proxmox.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2024-01-22 11:00:12 -05:00
..
export block: remove outdated AioContext locking comments 2023-12-21 22:49:27 +01:00
monitor block: remove AioContext locking 2023-12-21 22:49:27 +01:00
accounting.c
aio_task.c
amend.c
backup.c graph-lock: remove AioContext locking 2023-12-21 22:49:27 +01:00
blkdebug.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
blkio.c util/defer-call: move defer_call() to util/ 2023-10-31 15:41:42 +01:00
blklogwrites.c graph-lock: remove AioContext locking 2023-12-21 22:49:27 +01:00
blkreplay.c block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
blkverify.c graph-lock: remove AioContext locking 2023-12-21 22:49:27 +01:00
block-backend.c block: remove outdated AioContext locking comments 2023-12-21 22:49:27 +01:00
block-copy.c block: Mark bdrv_chain_contains() and callers GRAPH_RDLOCK 2023-11-07 19:14:19 +01:00
block-gen.h
block-ram-registrar.c
bochs.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
cloop.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
commit.c graph-lock: remove AioContext locking 2023-12-21 22:49:27 +01:00
copy-before-write.c block: remove AioContext locking 2023-12-21 22:49:27 +01:00
copy-before-write.h
copy-on-read.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
copy-on-read.h block: Mark bdrv_(un)freeze_backing_chain() and callers GRAPH_RDLOCK 2023-11-07 19:14:19 +01:00
coroutines.h
create.c
crypto.c block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
crypto.h
curl.c block: Mark bdrv_apply_auto_read_only() and callers GRAPH_RDLOCK 2023-10-12 16:31:33 +02:00
dirty-bitmap.c
dmg-bz2.c
dmg-lzfse.c
dmg.c block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
dmg.h
file-posix.c block/file-posix: set up Linux AIO and io_uring in the current thread 2023-12-21 22:49:27 +01:00
file-win32.c
filter-compress.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
gluster.c block: Mark bdrv_apply_auto_read_only() and callers GRAPH_RDLOCK 2023-10-12 16:31:33 +02:00
graph-lock.c graph-lock: remove AioContext locking 2023-12-21 22:49:27 +01:00
io_uring.c remove unnecessary casts from uintptr_t 2024-01-18 10:43:51 +01:00
io.c block/io: clear BDRV_BLOCK_RECURSE flag after recursing in bdrv_co_block_status 2024-01-22 11:00:12 -05:00
iscsi-opts.c
iscsi.c block: Mark bdrv_apply_auto_read_only() and callers GRAPH_RDLOCK 2023-10-12 16:31:33 +02:00
linux-aio.c virtio: use defer_call() in virtio_irqfd_notify() 2023-10-31 15:42:14 +01:00
meson.build configure, meson: rename targetos to host_os 2023-12-31 09:11:29 +01:00
mirror.c block: remove AioContext locking 2023-12-21 22:49:27 +01:00
nbd.c block: Mark bdrv_apply_auto_read_only() and callers GRAPH_RDLOCK 2023-10-12 16:31:33 +02:00
nfs.c
null.c
nvme.c block/nvme: nvme_process_completion() fix bound for cid 2023-11-06 15:00:28 +00:00
parallels-ext.c block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
parallels.c block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
parallels.h block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
preallocate.c block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
progress_meter.c
qapi-sysemu.c block: remove AioContext locking 2023-12-21 22:49:27 +01:00
qapi.c block: remove AioContext locking 2023-12-21 22:49:27 +01:00
qcow2-bitmap.c qcow2: Take locks for accessing bs->file 2023-11-08 17:56:17 +01:00
qcow2-cache.c
qcow2-cluster.c qcow2: Take locks for accessing bs->file 2023-11-08 17:56:17 +01:00
qcow2-refcount.c
qcow2-snapshot.c
qcow2-threads.c
qcow2.c graph-lock: remove AioContext locking 2023-12-21 22:49:27 +01:00
qcow2.h qcow2: Take locks for accessing bs->file 2023-11-08 17:56:17 +01:00
qcow.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
qed-check.c
qed-cluster.c
qed-l2-cache.c
qed-table.c
qed.c block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
qed.h block: Protect bs->file with graph_lock 2023-11-08 17:56:18 +01:00
quorum.c graph-lock: remove AioContext locking 2023-12-21 22:49:27 +01:00
raw-format.c block: remove AioContext locking 2023-12-21 22:49:27 +01:00
rbd.c block: Mark bdrv_apply_auto_read_only() and callers GRAPH_RDLOCK 2023-10-12 16:31:33 +02:00
replication.c block: remove AioContext locking 2023-12-21 22:49:27 +01:00
reqlist.c
snapshot-access.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
snapshot.c block: remove AioContext locking 2023-12-21 22:49:27 +01:00
ssh.c
stream.c graph-lock: remove AioContext locking 2023-12-21 22:49:27 +01:00
throttle-groups.c
throttle.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
trace-events
trace.h
vdi.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
vhdx-endian.c
vhdx-log.c vhdx: Take locks for accessing bs->file 2023-11-08 17:56:18 +01:00
vhdx.c vhdx: Take locks for accessing bs->file 2023-11-08 17:56:18 +01:00
vhdx.h vhdx: Take locks for accessing bs->file 2023-11-08 17:56:18 +01:00
vmdk.c graph-lock: remove AioContext locking 2023-12-21 22:49:27 +01:00
vpc.c block: Take graph lock for most of .bdrv_open 2023-11-08 17:56:18 +01:00
vvfat.c cpr: relax blockdev migration blockers 2023-11-01 16:13:59 +01:00
win32-aio.c
write-threshold.c block: remove AioContext locking 2023-12-21 22:49:27 +01:00