During creation we write a minimal qcow2 header and then update it with
extra features. If the updating fails for some reason we might still be
left with a valid qcow2 image that will be mistakenly used for I/O. We
cannot delete the image, since we don't know if we created the
underlying storage or not. Thus we mark the header as corrupt to
prevents its later usage.
Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
---
block/qcow2.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/block/qcow2.c b/block/qcow2.c
index ecc577175f..338513e652 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -3104,6 +3104,9 @@ qcow2_co_create(BlockdevCreateOptions *create_options,
Error **errp)
ret = 0;
out:
+ if (ret < 0) {
+ qcow2_mark_corrupt(blk_bs(blk));
+ }
blk_unref(blk);
bdrv_unref(bs);
return ret;
--
2.20.1
