On Sat, Nov 07, 2015 at 06:54:57PM +0300, Denis V. Lunev wrote:
> +int bdrv_all_create_snapshot(QEMUSnapshotInfo *sn, BlockDriverState **bad)
> +{
> +    int err = 0;
> +    BlockDriverState *bs = NULL;
> +
> +    while (err == 0 && (bs = bdrv_next(bs))) {
> +        AioContext *ctx = bdrv_get_aio_context(bs);
> +
> +        aio_context_acquire(ctx);
> +        if (bdrv_can_snapshot(bs)) {
> +            err = bdrv_snapshot_create(bs, sn);
> +            /* Tricky part here. First image contains VM state. The behavior
> +             * is matched one in bdrv_all_find_vmstate_bs */
> +            sn->vm_state_size = 0;

Please avoid the tricky part by passing in vm_state_bs and
vm_state_size.  Then this function can do:

  /* Write VM state size only to the image that contains the state */
  sn->vm_state_size = (bs == bs1 ? vm_state_size : 0);

without making assumptions about the algorithm for choosing the device
to store vmstate data on.