diff options
author | Alberto Garcia <berto@igalia.com> | 2020-03-31 13:43:45 +0200 |
---|---|---|
committer | Max Reitz <mreitz@redhat.com> | 2020-04-07 13:51:09 +0200 |
commit | 80f5c01183597b075157eb7bedbcb8691f8fa1d1 (patch) | |
tree | e1716cf4029012456fe1a8acb64de45302e26a12 /block | |
parent | 53ef8a92eb04ee19640f5aad3bff36cd4a36c250 (diff) | |
download | qemu-80f5c01183597b075157eb7bedbcb8691f8fa1d1.zip qemu-80f5c01183597b075157eb7bedbcb8691f8fa1d1.tar.gz qemu-80f5c01183597b075157eb7bedbcb8691f8fa1d1.tar.bz2 |
qcow2: Forbid discard in qcow2 v2 images with backing files
A discard request deallocates the selected clusters so they read back
as zeroes. This is done by clearing the cluster offset field and
setting QCOW_OFLAG_ZERO in the L2 entry.
This flag is however only supported when qcow_version >= 3. In older
images the cluster is simply deallocated, exposing any possible stale
data from the backing file.
Since discard is an advisory operation it's safer to simply forbid it
in this scenario.
Note that we are adding this check to qcow2_co_pdiscard() and not to
qcow2_cluster_discard() or discard_in_l2_slice() because the last
two are also used by qcow2_snapshot_create() to discard the clusters
used by the VM state. In this case there's no risk of exposing stale
data to the guest and we really want that the clusters are always
discarded.
Signed-off-by: Alberto Garcia <berto@igalia.com>
Message-Id: <20200331114345.29993-1-berto@igalia.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Diffstat (limited to 'block')
-rw-r--r-- | block/qcow2.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/block/qcow2.c b/block/qcow2.c index 2bb536b..e8cbcc1 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -3784,6 +3784,12 @@ static coroutine_fn int qcow2_co_pdiscard(BlockDriverState *bs, int ret; BDRVQcow2State *s = bs->opaque; + /* If the image does not support QCOW_OFLAG_ZERO then discarding + * clusters could expose stale data from the backing file. */ + if (s->qcow_version < 3 && bs->backing) { + return -ENOTSUP; + } + if (!QEMU_IS_ALIGNED(offset | bytes, s->cluster_size)) { assert(bytes < s->cluster_size); /* Ignore partial clusters, except for the special case of the |