[Qemu-devel] [PATCH v2 0/2] block: fix write with zero flag set and iovector provided

[Qemu-devel] [PATCH v2 0/2] block: fix write with zero flag set and iovector provided

[Anton Nefedov]

v2:
  patch 1: commit message fixed
  test added (patch 2)

v1: http://lists.nongnu.org/archive/html/qemu-devel/2018-02/msg00131.html

Anton Nefedov (2):
  iotest 033: add misaligned write-zeroes test via truncate
  block: fix write with zero flag set and iovector provided

 block/io.c                 |  2 +-
 tests/qemu-iotests/033     | 28 ++++++++++++++++++++++++++++
 tests/qemu-iotests/033.out | 13 +++++++++++++
 3 files changed, 42 insertions(+), 1 deletion(-)

-- 
2.7.4

[Qemu-devel] [PATCH v2 1/2] iotest 033: add misaligned write-zeroes test via truncate

[Anton Nefedov]

This new test case only makes sense for qcow2 while iotest 033 is generic;
however it matches the test purpose perfectly and also 033 contains those
do_test() tricks to pass the alignment, which won't look nice being
duplicated in other tests or moved to the common code.

Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
---
 tests/qemu-iotests/033     | 28 ++++++++++++++++++++++++++++
 tests/qemu-iotests/033.out | 13 +++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/tests/qemu-iotests/033 b/tests/qemu-iotests/033
index 2cdfd13..5fa3983 100755
--- a/tests/qemu-iotests/033
+++ b/tests/qemu-iotests/033
@@ -64,6 +64,9 @@ do_test()
 	} | $QEMU_IO $IO_EXTRA_ARGS
 }
 
+echo
+echo "=== Test aligned and misaligned write zeroes operations ==="
+
 for write_zero_cmd in "write -z" "aio_write -z"; do
 for align in 512 4k; do
 	echo
@@ -102,7 +105,32 @@ for align in 512 4k; do
 done
 done
 
+
+# Trigger truncate that would shrink qcow2 L1 table, which is done by
+#   clearing one entry (8 bytes) with bdrv_co_pwrite_zeroes()
+
+echo
+echo "=== Test misaligned write zeroes via truncate ==="
+echo
+
+CLUSTER_SIZE=$((64 * 1024))
+L2_COVERAGE=$(($CLUSTER_SIZE * $CLUSTER_SIZE / 8))
+_make_test_img $(($L2_COVERAGE * 2))
+
+do_test 512 "write -P 1 0 0x200" "$TEST_IMG" | _filter_qemu_io
+# next L2 table
+do_test 512 "write -P 1 $L2_COVERAGE 0x200" "$TEST_IMG" | _filter_qemu_io
+
+# only interested in qcow2 here; also other formats might respond with
+#  "not supported" error message
+if [ $IMGFMT = "qcow2" ]; then
+    do_test 512 "truncate $L2_COVERAGE" "$TEST_IMG" | _filter_qemu_io
+fi
+
+do_test 512 "read -P 1 0 0x200" "$TEST_IMG" | _filter_qemu_io
+
 # success, all done
+echo
 echo "*** done"
 rm -f $seq.full
 status=0
diff --git a/tests/qemu-iotests/033.out b/tests/qemu-iotests/033.out
index 95929ef..57799cb 100644
--- a/tests/qemu-iotests/033.out
+++ b/tests/qemu-iotests/033.out
@@ -1,6 +1,8 @@
 QA output created by 033
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728
 
+=== Test aligned and misaligned write zeroes operations ===
+
 == preparing image ==
 wrote 1024/1024 bytes at offset 512
 1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -164,4 +166,15 @@ read 512/512 bytes at offset 512
 read 3072/3072 bytes at offset 1024
 3 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 
+
+=== Test misaligned write zeroes via truncate ===
+
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
+wrote 512/512 bytes at offset 0
+512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 512/512 bytes at offset 536870912
+512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+read 512/512 bytes at offset 0
+512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
 *** done
-- 
2.7.4

[Qemu-devel] [PATCH v2 2/2] block: fix write with zero flag set and iovector provided

[Anton Nefedov]

The normal bdrv_co_pwritev() use is either
  - BDRV_REQ_ZERO_WRITE clear and iovector provided
  - BDRV_REQ_ZERO_WRITE set and iovector == NULL

while
  - the flag clear and iovector == NULL is an assertion failure
    in bdrv_co_do_zero_pwritev()
  - the flag set and iovector provided is in fact allowed
    (the flag prevails and zeroes are written)

However the alignment logic does not support the latter case so the padding
areas get overwritten with zeroes.

Currently, general functions like bdrv_rw_co() do provide iovector
regardless of flags. So, keep it supported and use bdrv_co_do_zero_pwritev()
alignment for it which also makes the code a bit more obvious anyway.

Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
---
 block/io.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/io.c b/block/io.c
index 89d0745..40df3be 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1701,7 +1701,7 @@ int coroutine_fn bdrv_co_pwritev(BdrvChild *child,
      */
     tracked_request_begin(&req, bs, offset, bytes, BDRV_TRACKED_WRITE);
 
-    if (!qiov) {
+    if (flags & BDRV_REQ_ZERO_WRITE) {
         ret = bdrv_co_do_zero_pwritev(child, offset, bytes, flags, &req);
         goto out;
     }
-- 
2.7.4

Re: [Qemu-devel] [PATCH v2 2/2] block: fix write with zero flag set and iovector provided

[Alberto Garcia]

On Mon 12 Feb 2018 02:14:01 PM CET, Anton Nefedov wrote:
> The normal bdrv_co_pwritev() use is either
>   - BDRV_REQ_ZERO_WRITE clear and iovector provided
>   - BDRV_REQ_ZERO_WRITE set and iovector == NULL
>
> while
>   - the flag clear and iovector == NULL is an assertion failure
>     in bdrv_co_do_zero_pwritev()
>   - the flag set and iovector provided is in fact allowed
>     (the flag prevails and zeroes are written)
>
> However the alignment logic does not support the latter case so the
> padding areas get overwritten with zeroes.

Oh, so this doesn't simply write zeroes in [offset, offset+bytes), but
also in the head and tail areas, instead of keeping the previous
contents.

This is a pretty serious bug, but I assume it can't be triggered
(bdrv_pwrite_zeroes() is used in complete clusters). Did you check if
there was any other scenario where this could happen?

> Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
> Reviewed-by: Eric Blake <eblake@redhat.com>

Reviewed-by: Alberto Garcia <berto@igalia.com>

Berto

Re: [Qemu-devel] [PATCH v2 1/2] iotest 033: add misaligned write-zeroes test via truncate

[Alberto Garcia]

On Mon 12 Feb 2018 02:14:00 PM CET, Anton Nefedov wrote:
> +# Trigger truncate that would shrink qcow2 L1 table, which is done by
> +#   clearing one entry (8 bytes) with bdrv_co_pwrite_zeroes()
> +
> +echo
> +echo "=== Test misaligned write zeroes via truncate ==="
> +echo
> +
> +CLUSTER_SIZE=$((64 * 1024))
> +L2_COVERAGE=$(($CLUSTER_SIZE * $CLUSTER_SIZE / 8))
> +_make_test_img $(($L2_COVERAGE * 2))

If my numbers are correct, that's a 1GB image. For qcow2 this is not a
problem but I wonder if it's ok to create such large images for other
formats (for raw they should be sparse by default, but still).

Berto

Re: [Qemu-devel] [PATCH v2 2/2] block: fix write with zero flag set and iovector provided

[Anton Nefedov]

On 12/2/2018 6:03 PM, Alberto Garcia wrote:
> On Mon 12 Feb 2018 02:14:01 PM CET, Anton Nefedov wrote:
>> The normal bdrv_co_pwritev() use is either
>>    - BDRV_REQ_ZERO_WRITE clear and iovector provided
>>    - BDRV_REQ_ZERO_WRITE set and iovector == NULL
>>
>> while
>>    - the flag clear and iovector == NULL is an assertion failure
>>      in bdrv_co_do_zero_pwritev()
>>    - the flag set and iovector provided is in fact allowed
>>      (the flag prevails and zeroes are written)
>>
>> However the alignment logic does not support the latter case so the
>> padding areas get overwritten with zeroes.
> 
> Oh, so this doesn't simply write zeroes in [offset, offset+bytes), but
> also in the head and tail areas, instead of keeping the previous
> contents.
> 
> This is a pretty serious bug, but I assume it can't be triggered
> (bdrv_pwrite_zeroes() is used in complete clusters). Did you check if
> there was any other scenario where this could happen?
> 

I was a bit lazy to look deep but as far as I can say currently it's
only bdrv_pwrite_zeroes(). It's mostly called for large extents like
clusters, but not everywhere, another case is I guess
qcow2_crypto_hdr_init_func(); also it's probably not guaranteed (though
being quite exotic) that the cluster size is not smaller than the
protocol driver alignment requirements.

At least external (block.h) write interfaces don't accept or set any
flags

Re: [Qemu-devel] [PATCH v2 1/2] iotest 033: add misaligned write-zeroes test via truncate

[Anton Nefedov]

On 12/2/2018 6:54 PM, Alberto Garcia wrote:
> On Mon 12 Feb 2018 02:14:00 PM CET, Anton Nefedov wrote:
>> +# Trigger truncate that would shrink qcow2 L1 table, which is done by
>> +#   clearing one entry (8 bytes) with bdrv_co_pwrite_zeroes()
>> +
>> +echo
>> +echo "=== Test misaligned write zeroes via truncate ==="
>> +echo
>> +
>> +CLUSTER_SIZE=$((64 * 1024))
>> +L2_COVERAGE=$(($CLUSTER_SIZE * $CLUSTER_SIZE / 8))
>> +_make_test_img $(($L2_COVERAGE * 2))
> 
> If my numbers are correct, that's a 1GB image. For qcow2 this is not a
> problem but I wonder if it's ok to create such large images for other
> formats (for raw they should be sparse by default, but still).
> 
> Berto
> 

Good point. Actually even 512 byte clusters will work here, resulting
in a just 64k image.

Re: [Qemu-devel] [PATCH v2 1/2] iotest 033: add misaligned write-zeroes test via truncate

[Max Reitz]

[-- Attachment #1: Type: text/plain, Size: 1499 bytes --]

On 2018-02-12 14:14, Anton Nefedov wrote:
> This new test case only makes sense for qcow2 while iotest 033 is generic;
> however it matches the test purpose perfectly and also 033 contains those
> do_test() tricks to pass the alignment, which won't look nice being
> duplicated in other tests or moved to the common code.
> 
> Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
> ---
>  tests/qemu-iotests/033     | 28 ++++++++++++++++++++++++++++
>  tests/qemu-iotests/033.out | 13 +++++++++++++
>  2 files changed, 41 insertions(+)
> 
> diff --git a/tests/qemu-iotests/033 b/tests/qemu-iotests/033
> index 2cdfd13..5fa3983 100755
> --- a/tests/qemu-iotests/033
> +++ b/tests/qemu-iotests/033
> @@ -64,6 +64,9 @@ do_test()
>  	} | $QEMU_IO $IO_EXTRA_ARGS
>  }
>  
> +echo
> +echo "=== Test aligned and misaligned write zeroes operations ==="
> +
>  for write_zero_cmd in "write -z" "aio_write -z"; do
>  for align in 512 4k; do
>  	echo
> @@ -102,7 +105,32 @@ for align in 512 4k; do
>  done
>  done
>  
> +
> +# Trigger truncate that would shrink qcow2 L1 table, which is done by
> +#   clearing one entry (8 bytes) with bdrv_co_pwrite_zeroes()
> +
> +echo
> +echo "=== Test misaligned write zeroes via truncate ==="
> +echo
> +
> +CLUSTER_SIZE=$((64 * 1024))
> +L2_COVERAGE=$(($CLUSTER_SIZE * $CLUSTER_SIZE / 8))
> +_make_test_img $(($L2_COVERAGE * 2))

There should be a _cleanup_test_img before this or this test will fail
with nbd.

Max


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]

Re: [Qemu-devel] [PATCH v2 1/2] iotest 033: add misaligned write-zeroes test via truncate

[Eric Blake]

On 02/23/2018 07:34 AM, Max Reitz wrote:
> On 2018-02-12 14:14, Anton Nefedov wrote:
>> This new test case only makes sense for qcow2 while iotest 033 is generic;
>> however it matches the test purpose perfectly and also 033 contains those
>> do_test() tricks to pass the alignment, which won't look nice being
>> duplicated in other tests or moved to the common code.
>>
>> Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
>> ---

> 
> There should be a _cleanup_test_img before this or this test will fail
> with nbd.

Thanks for spotting that; patch posted:
https://lists.gnu.org/archive/html/qemu-devel/2018-03/msg03688.html

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org