On Fri, Feb 22, 2019 at 08:21:26PM +0100, Max Reitz wrote:
> On 19.02.19 13:50, Daniel P. Berrangé wrote:
> > During creation we write a minimal qcow2 header and then update it with
> > extra features. If the updating fails for some reason we might still be
> > left with a valid qcow2 image that will be mistakenly used for I/O. We
> > cannot delete the image, since we don't know if we created the
> > underlying storage or not. Thus we mark the header as corrupt to
> > prevents its later usage.
> >
> > Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
> > ---
> > block/qcow2.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/block/qcow2.c b/block/qcow2.c
> > index ecc577175f..338513e652 100644
> > --- a/block/qcow2.c
> > +++ b/block/qcow2.c
> > @@ -3104,6 +3104,9 @@ qcow2_co_create(BlockdevCreateOptions
> > *create_options, Error **errp)
> >
> > ret = 0;
> > out:
> > + if (ret < 0) {
> > + qcow2_mark_corrupt(blk_bs(blk));
...snip...
> Or maybe Eric's suggestion really is for the best, i.e. mark the image
> corrupt from the start and then clean that after we're all done. You
> don't need a new flag for that, we already have BDRV_O_CHECK.
Ah, I didn't realize that is what BDRV_O_CHECK could do. I'll try this
approach as it is nicer.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
