On 28.06.20 13:02, Alberto Garcia wrote: > This patch adds QCow2SubclusterType, which is the subcluster-level > version of QCow2ClusterType. All QCOW2_SUBCLUSTER_* values have the > the same meaning as their QCOW2_CLUSTER_* equivalents (when they > exist). See below for details and caveats. > > In images without extended L2 entries clusters are treated as having > exactly one subcluster so it is possible to replace one data type with > the other while keeping the exact same semantics. > > With extended L2 entries there are new possible values, and every > subcluster in the same cluster can obviously have a different > QCow2SubclusterType so functions need to be adapted to work on the > subcluster level. > > There are several things that have to be taken into account: > > a) QCOW2_SUBCLUSTER_COMPRESSED means that the whole cluster is > compressed. We do not support compression at the subcluster > level. > > b) There are two different values for unallocated subclusters: > QCOW2_SUBCLUSTER_UNALLOCATED_PLAIN which means that the whole > cluster is unallocated, and QCOW2_SUBCLUSTER_UNALLOCATED_ALLOC > which means that the cluster is allocated but the subcluster is > not. The latter can only happen in images with extended L2 > entries. > > c) QCOW2_SUBCLUSTER_INVALID is used to detect the cases where an L2 > entry has a value that violates the specification. The caller is > responsible for handling these situations. > > To prevent compatibility problems with images that have invalid > values but are currently being read by QEMU without causing side > effects, QCOW2_SUBCLUSTER_INVALID is only returned for images > with extended L2 entries. > > qcow2_cluster_to_subcluster_type() is added as a separate function > from qcow2_get_subcluster_type(), but this is only temporary and both > will be merged in a subsequent patch. > > Signed-off-by: Alberto Garcia <[email protected]> > Reviewed-by: Eric Blake <[email protected]> > --- > block/qcow2.h | 126 +++++++++++++++++++++++++++++++++++++++++++++++++- > 1 file changed, 125 insertions(+), 1 deletion(-) > > diff --git a/block/qcow2.h b/block/qcow2.h > index 82b86f6cec..3aec6f452a 100644 > --- a/block/qcow2.h > +++ b/block/qcow2.h
[...]
> @@ -634,9 +686,11 @@ static inline int64_t
> qcow2_vm_state_offset(BDRVQcow2State *s)
> static inline QCow2ClusterType qcow2_get_cluster_type(BlockDriverState *bs,
> uint64_t l2_entry)
> {
> + BDRVQcow2State *s = bs->opaque;
> +
> if (l2_entry & QCOW_OFLAG_COMPRESSED) {
> return QCOW2_CLUSTER_COMPRESSED;
> - } else if (l2_entry & QCOW_OFLAG_ZERO) {
> + } else if ((l2_entry & QCOW_OFLAG_ZERO) && !has_subclusters(s)) {
OK, so now qcow2_get_cluster_type() reports zero clusters to be normal
or unallocated clusters when there are subclusters. Seems weird to me,
because zero clusters are invalid clusters then. I preferred just
reporting them as zero clusters and letting the caller deal with it,
because it does mean an error in the image and so it should be reported.
So...
> if (l2_entry & L2E_OFFSET_MASK) {
> return QCOW2_CLUSTER_ZERO_ALLOC;
> }
[...]
> +/*
> + * In an image without subsclusters @l2_bitmap is ignored and
> + * @sc_index must be 0.
> + * Return QCOW2_SUBCLUSTER_INVALID if an invalid l2 entry is detected
> + * (this checks the whole entry and bitmap, not only the bits related
> + * to subcluster @sc_index).
> + */
> +static inline
> +QCow2SubclusterType qcow2_get_subcluster_type(BlockDriverState *bs,
> + uint64_t l2_entry,
> + uint64_t l2_bitmap,
> + unsigned sc_index)
> +{
> + BDRVQcow2State *s = bs->opaque;
> + QCow2ClusterType type = qcow2_get_cluster_type(bs, l2_entry);
> + assert(sc_index < s->subclusters_per_cluster);
> +
> + if (has_subclusters(s)) {
> + switch (type) {
> + case QCOW2_CLUSTER_COMPRESSED:
> + return QCOW2_SUBCLUSTER_COMPRESSED;
> + case QCOW2_CLUSTER_NORMAL:
> + if ((l2_bitmap >> 32) & l2_bitmap) {
> + return QCOW2_SUBCLUSTER_INVALID;
> + } else if (l2_bitmap & QCOW_OFLAG_SUB_ZERO(sc_index)) {
> + return QCOW2_SUBCLUSTER_ZERO_ALLOC;
> + } else if (l2_bitmap & QCOW_OFLAG_SUB_ALLOC(sc_index)) {
> + return QCOW2_SUBCLUSTER_NORMAL;
> + } else {
> + return QCOW2_SUBCLUSTER_UNALLOCATED_ALLOC;
> + }
> + case QCOW2_CLUSTER_UNALLOCATED:
> + if (l2_bitmap & QCOW_L2_BITMAP_ALL_ALLOC) {
> + return QCOW2_SUBCLUSTER_INVALID;
> + } else if (l2_bitmap & QCOW_OFLAG_SUB_ZERO(sc_index)) {
> + return QCOW2_SUBCLUSTER_ZERO_PLAIN;
> + } else {
> + return QCOW2_SUBCLUSTER_UNALLOCATED_PLAIN;
> + }
...consequentially, this function no longer reports clusters which have
the zero flag set as invalid (which it did in v4, when I last looked at it).
I see this was a conscious choice of yours in v5. I don’t really see
the justification for it, though. As far as I can understand, you seem
to argue that no corruption detection is better than incomplete
corruption detection, and that a complete and thorough detection would
warrant its own series, do I understand that correctly?
Max
> + default:
> + g_assert_not_reached();
> + }
> + } else {
> + return qcow2_cluster_to_subcluster_type(type);
> + }
> +}
> +
> /* Check whether refcounts are eager or lazy */
> static inline bool qcow2_need_accurate_refcounts(BDRVQcow2State *s)
> {
>
signature.asc
Description: OpenPGP digital signature
