On 04/07/2015 03:33 AM, Kevin Wolf wrote: > More specifically, did you take care to never access your image from > more than one process (except if both are read-only)? It happens > occasionally that people use 'qemu-img snapshot' while the VM is > running. This is wrong and can corrupt the image.
Since this has been done by more than one person, I'm wondering if there
is something we can do in the qcow2 format itself to make it harder for
the casual user to cause corruption. Maybe if we declare some bit or
extension header for an image open for writing, which other readers can
use as a warning ("this image is being actively modified; reading it may
fail"), and other writers can use to deny access ("another process is
already modifying this image"), where a writer should set that bit
before writing anything else in the file, then clear it on exit. Of
course, you'd need a way to override the bit to actively clear it to
recover from the case of a writer dying unexpectedly without resetting
it normally. And it won't help the case of a reader opening the file
first, followed by a writer, where the reader could still get thrown off
track.
Or maybe we could document in the qcow2 format that all readers and
writers should attempt to obtain the appropriate flock() permissions [or
other appropriate advisory locking scheme] over the file header, so that
cooperating processes that both use advisory locking will know when the
file is in use by another process.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
