Alberto Garcia 80f5c01183 qcow2: Forbid discard in qcow2 v2 images with backing files
A discard request deallocates the selected clusters so they read back
as zeroes. This is done by clearing the cluster offset field and
setting QCOW_OFLAG_ZERO in the L2 entry.

This flag is however only supported when qcow_version >= 3. In older
images the cluster is simply deallocated, exposing any possible stale
data from the backing file.

Since discard is an advisory operation it's safer to simply forbid it
in this scenario.

Note that we are adding this check to qcow2_co_pdiscard() and not to
qcow2_cluster_discard() or discard_in_l2_slice() because the last
two are also used by qcow2_snapshot_create() to discard the clusters
used by the VM state. In this case there's no risk of exposing stale
data to the guest and we really want that the clusters are always
discarded.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-Id: <20200331114345.29993-1-berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-04-07 13:51:09 +02:00

98 lines
3.1 KiB
Bash
Executable File

#!/usr/bin/env bash
#
# Test how 'qemu-io -c discard' behaves on v2 and v3 qcow2 images
#
# Copyright (C) 2020 Igalia, S.L.
# Author: Alberto Garcia <berto@igalia.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# creator
owner=berto@igalia.com
seq=`basename $0`
echo "QA output created by $seq"
status=1 # failure is the default!
_cleanup()
{
_cleanup_test_img
}
trap "_cleanup; exit \$status" 0 1 2 3 15
# get standard environment, filters and checks
. ./common.rc
. ./common.filter
_supported_fmt qcow2
_supported_proto file
_supported_os Linux
_unsupported_imgopts 'compat=0.10' refcount_bits data_file
echo
echo "### Test 'qemu-io -c discard' on a QCOW2 image without a backing file"
echo
for qcow2_compat in 0.10 1.1; do
echo "# Create an image with compat=$qcow2_compat without a backing file"
_make_test_img -o "compat=$qcow2_compat" 128k
echo "# Fill all clusters with data and then discard them"
$QEMU_IO -c 'write -P 0x01 0 128k' "$TEST_IMG" | _filter_qemu_io
$QEMU_IO -c 'discard 0 128k' "$TEST_IMG" | _filter_qemu_io
echo "# Read the data from the discarded clusters"
$QEMU_IO -c 'read -P 0x00 0 128k' "$TEST_IMG" | _filter_qemu_io
echo "# Output of qemu-img map"
$QEMU_IMG map "$TEST_IMG" | _filter_testdir
done
echo
echo "### Test 'qemu-io -c discard' on a QCOW2 image with a backing file"
echo
echo "# Create a backing image and fill it with data"
BACKING_IMG="$TEST_IMG.base"
TEST_IMG="$BACKING_IMG" _make_test_img 128k
$QEMU_IO -c 'write -P 0xff 0 128k' "$BACKING_IMG" | _filter_qemu_io
for qcow2_compat in 0.10 1.1; do
echo "# Create an image with compat=$qcow2_compat and a backing file"
_make_test_img -o "compat=$qcow2_compat" -b "$BACKING_IMG"
echo "# Fill all clusters with data and then discard them"
$QEMU_IO -c 'write -P 0x01 0 128k' "$TEST_IMG" | _filter_qemu_io
$QEMU_IO -c 'discard 0 128k' "$TEST_IMG" | _filter_qemu_io
echo "# Read the data from the discarded clusters"
if [ "$qcow2_compat" = "1.1" ]; then
# In qcow2 v3 clusters are zeroed (with QCOW_OFLAG_ZERO)
$QEMU_IO -c 'read -P 0x00 0 128k' "$TEST_IMG" | _filter_qemu_io
else
# In qcow2 v2 if there's a backing image we cannot zero the clusters
# without exposing the backing file data so discard does nothing
$QEMU_IO -c 'read -P 0x01 0 128k' "$TEST_IMG" | _filter_qemu_io
fi
echo "# Output of qemu-img map"
$QEMU_IMG map "$TEST_IMG" | _filter_testdir
done
# success, all done
echo "*** done"
rm -f $seq.full
status=0