diff options
author | Kevin Wolf <kwolf@redhat.com> | 2011-11-16 17:22:10 +0100 |
---|---|---|
committer | Kevin Wolf <kwolf@redhat.com> | 2011-12-05 14:51:36 +0100 |
commit | 9a4767809fe9ac184806bef38be2e2a84e451a65 (patch) | |
tree | a36e9f0c88f6dcd7d4f2643b5455204ee2855396 /block | |
parent | 43a0cac4658bbee9c9e84554712a94daa092c1cd (diff) | |
download | qemu-9a4767809fe9ac184806bef38be2e2a84e451a65.zip qemu-9a4767809fe9ac184806bef38be2e2a84e451a65.tar.gz qemu-9a4767809fe9ac184806bef38be2e2a84e451a65.tar.bz2 |
qcow2: Fix order in qcow2_snapshot_delete
First the snapshot must be deleted and only then the refcounts can be
decreased.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Diffstat (limited to 'block')
-rw-r--r-- | block/qcow2-snapshot.c | 48 |
1 files changed, 33 insertions, 15 deletions
diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c index 9fb3ff0..e959ef2 100644 --- a/block/qcow2-snapshot.c +++ b/block/qcow2-snapshot.c @@ -489,32 +489,50 @@ fail: int qcow2_snapshot_delete(BlockDriverState *bs, const char *snapshot_id) { BDRVQcowState *s = bs->opaque; - QCowSnapshot *sn; + QCowSnapshot sn; int snapshot_index, ret; + /* Search the snapshot */ snapshot_index = find_snapshot_by_id_or_name(bs, snapshot_id); - if (snapshot_index < 0) + if (snapshot_index < 0) { return -ENOENT; - sn = &s->snapshots[snapshot_index]; + } + sn = s->snapshots[snapshot_index]; - ret = qcow2_update_snapshot_refcount(bs, sn->l1_table_offset, sn->l1_size, -1); - if (ret < 0) + /* Remove it from the snapshot list */ + memmove(s->snapshots + snapshot_index, + s->snapshots + snapshot_index + 1, + (s->nb_snapshots - snapshot_index - 1) * sizeof(sn)); + s->nb_snapshots--; + ret = qcow2_write_snapshots(bs); + if (ret < 0) { return ret; - /* must update the copied flag on the current cluster offsets */ - ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 0); - if (ret < 0) + } + + /* + * The snapshot is now unused, clean up. If we fail after this point, we + * won't recover but just leak clusters. + */ + g_free(sn.id_str); + g_free(sn.name); + + /* + * Now decrease the refcounts of clusters referenced by the snapshot and + * free the L1 table. + */ + ret = qcow2_update_snapshot_refcount(bs, sn.l1_table_offset, + sn.l1_size, -1); + if (ret < 0) { return ret; - qcow2_free_clusters(bs, sn->l1_table_offset, sn->l1_size * sizeof(uint64_t)); + } + qcow2_free_clusters(bs, sn.l1_table_offset, sn.l1_size * sizeof(uint64_t)); - g_free(sn->id_str); - g_free(sn->name); - memmove(sn, sn + 1, (s->nb_snapshots - snapshot_index - 1) * sizeof(*sn)); - s->nb_snapshots--; - ret = qcow2_write_snapshots(bs); + /* must update the copied flag on the current cluster offsets */ + ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 0); if (ret < 0) { - /* XXX: restore snapshot if error ? */ return ret; } + #ifdef DEBUG_ALLOC { BdrvCheckResult result = {0}; |