aboutsummaryrefslogtreecommitdiff
path: root/block
diff options
context:
space:
mode:
authorAlberto Garcia <berto@igalia.com>2020-03-31 13:43:45 +0200
committerMax Reitz <mreitz@redhat.com>2020-04-07 13:51:09 +0200
commit80f5c01183597b075157eb7bedbcb8691f8fa1d1 (patch)
treee1716cf4029012456fe1a8acb64de45302e26a12 /block
parent53ef8a92eb04ee19640f5aad3bff36cd4a36c250 (diff)
downloadqemu-80f5c01183597b075157eb7bedbcb8691f8fa1d1.zip
qemu-80f5c01183597b075157eb7bedbcb8691f8fa1d1.tar.gz
qemu-80f5c01183597b075157eb7bedbcb8691f8fa1d1.tar.bz2
qcow2: Forbid discard in qcow2 v2 images with backing files
A discard request deallocates the selected clusters so they read back as zeroes. This is done by clearing the cluster offset field and setting QCOW_OFLAG_ZERO in the L2 entry. This flag is however only supported when qcow_version >= 3. In older images the cluster is simply deallocated, exposing any possible stale data from the backing file. Since discard is an advisory operation it's safer to simply forbid it in this scenario. Note that we are adding this check to qcow2_co_pdiscard() and not to qcow2_cluster_discard() or discard_in_l2_slice() because the last two are also used by qcow2_snapshot_create() to discard the clusters used by the VM state. In this case there's no risk of exposing stale data to the guest and we really want that the clusters are always discarded. Signed-off-by: Alberto Garcia <berto@igalia.com> Message-Id: <20200331114345.29993-1-berto@igalia.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
Diffstat (limited to 'block')
-rw-r--r--block/qcow2.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/block/qcow2.c b/block/qcow2.c
index 2bb536b..e8cbcc1 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -3784,6 +3784,12 @@ static coroutine_fn int qcow2_co_pdiscard(BlockDriverState *bs,
int ret;
BDRVQcow2State *s = bs->opaque;
+ /* If the image does not support QCOW_OFLAG_ZERO then discarding
+ * clusters could expose stale data from the backing file. */
+ if (s->qcow_version < 3 && bs->backing) {
+ return -ENOTSUP;
+ }
+
if (!QEMU_IS_ALIGNED(offset | bytes, s->cluster_size)) {
assert(bytes < s->cluster_size);
/* Ignore partial clusters, except for the special case of the