| Message ID | 20230525180213.902012-2-andrey.drobyshev@virtuozzo.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | qemu-img: fix getting stuck in infinite loop on in-chain rebase | expand |
On 5/25/23 20:02, Andrey Drobyshev wrote: > In case when we're rebasing within one backing chain, and when target image > is larger than old backing file, bdrv_is_allocated_above() ends up setting > *pnum = 0. As a result, target offset isn't getting incremented, and we > get stuck in an infinite for loop. Let's detect this case and proceed > further down the loop body, as the offsets beyond the old backing size need > to be explicitly zeroed. > > Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com> > --- > qemu-img.c | 13 ++++++++++++- > 1 file changed, 12 insertions(+), 1 deletion(-) > > diff --git a/qemu-img.c b/qemu-img.c > index 27f48051b0..78433f3746 100644 > --- a/qemu-img.c > +++ b/qemu-img.c > @@ -3801,6 +3801,8 @@ static int img_rebase(int argc, char **argv) > } > > if (prefix_chain_bs) { > + uint64_t bytes = n; > + > /* > * If cluster wasn't changed since prefix_chain, we don't need > * to take action > @@ -3813,9 +3815,18 @@ static int img_rebase(int argc, char **argv) > strerror(-ret)); > goto out; > } > - if (!ret) { > + if (!ret && n) { > continue; > } > + if (!n) { > + /* > + * If we've reached EOF of the old backing, it means that > + * offsets beyond the old backing size were read as zeroes. > + * Now we will need to explicitly zero the cluster in > + * order to preserve that state after the rebase. > + */ > + n = bytes; > + } > } > > /* Revieved-by: Denis V. Lunev <den@openvz.org>
diff --git a/qemu-img.c b/qemu-img.c index 27f48051b0..78433f3746 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -3801,6 +3801,8 @@ static int img_rebase(int argc, char **argv) } if (prefix_chain_bs) { + uint64_t bytes = n; + /* * If cluster wasn't changed since prefix_chain, we don't need * to take action @@ -3813,9 +3815,18 @@ static int img_rebase(int argc, char **argv) strerror(-ret)); goto out; } - if (!ret) { + if (!ret && n) { continue; } + if (!n) { + /* + * If we've reached EOF of the old backing, it means that + * offsets beyond the old backing size were read as zeroes. + * Now we will need to explicitly zero the cluster in + * order to preserve that state after the rebase. + */ + n = bytes; + } } /*
In case when we're rebasing within one backing chain, and when target image is larger than old backing file, bdrv_is_allocated_above() ends up setting *pnum = 0. As a result, target offset isn't getting incremented, and we get stuck in an infinite for loop. Let's detect this case and proceed further down the loop body, as the offsets beyond the old backing size need to be explicitly zeroed. Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com> --- qemu-img.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-)