qemu/block
Daniel Henrique Barboza 6ca080453e block/snapshot.c: eliminate use of ID input in snapshot operations
At this moment, QEMU attempts to create/load/delete snapshots
by using either an ID (id_str) or a name. The problem is that the code
isn't consistent of whether the entered argument is an ID or a name,
causing unexpected behaviors.

For example, when creating snapshots via savevm <arg>, what happens is that
"arg" is treated as both name and id_str. In a guest without snapshots, create
a single snapshot via savevm:

(qemu) savevm 0
(qemu) info snapshots
List of snapshots present on all disks:
ID        TAG                 VM SIZE                DATE       VM CLOCK
--        0                      741M 2018-07-31 13:39:56   00:41:25.313

A snapshot with name "0" is created. ID is hidden from the user, but the
ID is a non-zero integer that starts at "1". Thus, this snapshot has
id_str=1, TAG="0". Creating a second snapshot with arg = 1, the first one
is deleted:

(qemu) savevm 1
(qemu) info snapshots
List of snapshots present on all disks:
ID        TAG                 VM SIZE                DATE       VM CLOCK
--        1                      741M 2018-07-31 13:42:14   00:41:55.252

What happened?

- when creating the second snapshot, a verification is done inside
bdrv_all_delete_snapshot to delete any existing snapshots that matches an
string argument. Here, the code calls bdrv_all_delete_snapshot("1", ...);

- bdrv_all_delete_snapshot calls bdrv_snapshot_find(..., "1") for each
BlockDriverState of the guest. And this is where things goes tilting:
bdrv_snapshot_find does a search by both id_str and name. It finds
out that there is a snapshot that has id_str = 1, stores a reference
to the snapshot in the sn_info pointer and then returns match found;

- since a match was found, a call to bdrv_snapshot_delete_by_id_or_name() is
made. This function ignores the pointer written by bdrv_snapshot_find. Instead,
it deletes the snapshot using bdrv_snapshot_delete() calling it first with
id_str = 1. If it fails to delete, then it calls it again with name = 1.

- after all that, QEMU creates the new snapshot, that has id_str = 1 and
name = 1. The user is left wondering that happened with the first snapshot
created. Similar bugs can be triggered when using loadvm and delvm.

Before contemplating discarding the use of ID input in these operations,
I've searched the code of what would be the implications. My findings
are:

- the RBD and Sheepdog drivers don't care. Both uses the 'name' field as
key in their logic, making id_str = name when appropriate.
replay-snapshot.c does not make any special use of id_str;

- qcow2 uses id_str as an unique identifier but it is automatically
calculated, not being influenced by user input. Other than that, there are
no distinguish operations made only with id_str;

- in blockdev.c, the delete operation uses a match of both id_str AND
name. Given that id_str is either a copy of 'name' or auto-generated,
we're fine here.

This gives motivation to not consider ID as a valid user input in HMP
commands - sticking with 'name' input only is more consistent. To
accomplish that, the following changes were made in this patch:

- bdrv_snapshot_find() does not match for id_str anymore, only 'name'. The
function is called in save_snapshot(), load_snapshot(), bdrv_all_delete_snapshot()
and bdrv_all_find_snapshot(). This change makes the search function more
predictable and does not change the behavior of any underlying code that uses
these affected functions, which are related to HMP (which is fine) and the
main loop inside vl.c (which doesn't care about it anyways);

- bdrv_all_delete_snapshot() does not call bdrv_snapshot_delete_by_id_or_name
anymore. Instead, it uses the pointer returned by bdrv_snapshot_find to
erase the snapshot with the exact match of id_str an name. This function
is called in save_snapshot and hmp_delvm, thus this change  produces the
intended effect;

- documentation changes to reflect the new behavior. I consider this to
be an API fix instead of an API change - the user was already creating
snapshots using 'name', but now he/she will also enjoy a consistent
behavior.

Ideally we would get rid of the id_str field entirely, but this would have
repercussions on existing snapshots. Another day perhaps.

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-02-25 15:03:18 +01:00
..
accounting.c block/accounting: introduce latency histogram 2018-03-19 14:58:37 -05:00
backup.c Revert "hbitmap: Add @advance param to hbitmap_iter_next()" 2019-01-15 18:26:50 -05:00
blkdebug.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
blklogwrites.c block: Replace qdict_put() by qdict_put_obj() where appropriate 2019-02-01 13:46:44 +01:00
blkreplay.c trivial: Make bios files and source files non-executable 2018-09-25 17:26:18 +02:00
blkverify.c qstring: Move qstring_from_substr()'s @end one to the right 2018-07-28 09:09:58 +02:00
block-backend.c block: Remove blk_attach_dev_legacy() / legacy_dev code 2019-02-01 13:46:45 +01:00
bochs.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
cloop.c block: Require auto-read-only for existing fallbacks 2018-11-05 15:09:55 +01:00
commit.c block: Use bdrv_reopen_set_read_only() in bdrv_commit() 2018-12-14 11:55:01 +01:00
copy-on-read.c block: drop empty .bdrv_close handlers 2018-08-15 12:50:39 +02:00
create.c jobs: utilize job_exit shim 2018-08-31 16:28:33 +02:00
crypto.c bdrv_query_image_info Error parameter added 2019-02-11 14:35:43 -06:00
crypto.h block/crypto: Simplify block_crypto_{open,create}_opts_init() 2018-06-29 14:20:56 +02:00
curl.c block/curl: Convert from DPRINTF() macro to trace events 2019-01-31 00:38:19 +01:00
dirty-bitmap.c block/dirty-bitmap: Documentation and Comment fixups 2019-02-19 17:49:43 -05:00
dmg-bz2.c dmg: Move libbz2 code to dmg-bz2.so 2016-10-07 14:14:06 +02:00
dmg-lzfse.c block: adding lzfse decompressing support as a module. 2018-12-14 11:52:40 +01:00
dmg.c dmg: don't skip zero chunk 2019-01-04 11:15:09 +00:00
dmg.h dmg: including dmg-lzfse module inside dmg block driver. 2018-12-14 11:52:40 +01:00
file-posix.c block/file-posix: Convert from DPRINTF() macro to trace events 2019-01-31 00:38:19 +01:00
file-win32.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
gluster.c qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
io.c block: Fix hangs in synchronous APIs with iothreads 2019-02-01 13:46:44 +01:00
iscsi-opts.c Move include qemu/option.h from qemu-common.h to actual users 2018-02-09 13:52:16 +01:00
iscsi.c block: Work-around a bug in libiscsi 1.9.0 when used in gnu99 mode 2019-01-22 06:26:32 +01:00
linux-aio.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
Makefile.objs configure: adding support to lzfse library. 2018-12-14 11:52:40 +01:00
mirror.c mirror: Block the source BlockDriverState in mirror_start_job() 2019-02-01 13:46:44 +01:00
nbd-client.c block/nbd-client: rename read_reply_co to connection_co 2019-02-04 15:11:27 -06:00
nbd-client.h block/nbd-client: rename read_reply_co to connection_co 2019-02-04 15:11:27 -06:00
nbd.c block/nbd: move connection code from block/nbd to block/nbd-client 2019-02-04 15:11:27 -06:00
nfs.c block: Convert .bdrv_truncate callback to coroutine_fn 2018-06-29 14:20:56 +02:00
null.c block: drop empty .bdrv_close handlers 2018-08-15 12:50:39 +02:00
nvme.c block: Fix hangs in synchronous APIs with iothreads 2019-02-01 13:46:44 +01:00
parallels.c parallels: Switch to byte-based calls 2018-06-29 14:20:56 +02:00
parallels.h Clean up includes 2018-02-09 05:05:11 +01:00
qapi.c bdrv_query_image_info Error parameter added 2019-02-11 14:35:43 -06:00
qcow2-bitmap.c qcow2: Add list of bitmaps to ImageInfoSpecificQCow2 2019-02-11 14:35:43 -06:00
qcow2-cache.c qcow2: Allow configuring the L2 slice size 2018-02-13 17:00:00 +01:00
qcow2-cluster.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
qcow2-refcount.c qcow2: Assert that refcount block offsets fit in the refcount table 2019-02-01 13:46:44 +01:00
qcow2-snapshot.c block: use local path for local headers 2018-05-31 04:16:06 +03:00
qcow2.c qcow2: Add list of bitmaps to ImageInfoSpecificQCow2 2019-02-11 14:35:43 -06:00
qcow2.h qcow2: Add list of bitmaps to ImageInfoSpecificQCow2 2019-02-11 14:35:43 -06:00
qcow.c crypto: support multiple threads accessing one QCryptoBlock 2018-12-12 11:16:49 +00:00
qed-check.c block: convert bdrv_check callback to coroutine_fn 2018-03-09 15:17:47 +01:00
qed-cluster.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed-l2-cache.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed-table.c block: convert bdrv_check callback to coroutine_fn 2018-03-09 15:17:47 +01:00
qed.c block: Fix hangs in synchronous APIs with iothreads 2019-02-01 13:46:44 +01:00
qed.h qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
quorum.c quorum: Forbid adding children in blkverify mode 2018-11-05 15:09:54 +01:00
raw-format.c block: drop empty .bdrv_close handlers 2018-08-15 12:50:39 +02:00
rbd.c block: Require auto-read-only for existing fallbacks 2018-11-05 15:09:55 +01:00
replication.c block: Remove flags parameter from bdrv_reopen_queue() 2018-12-14 11:55:02 +01:00
sheepdog.c block/sheepdog: Convert from DPRINTF() macro to trace events 2019-01-31 00:38:19 +01:00
snapshot.c block/snapshot.c: eliminate use of ID input in snapshot operations 2019-02-25 15:03:18 +01:00
ssh.c block/ssh: Convert from DPRINTF() macro to trace events 2019-01-31 00:38:19 +01:00
stream.c block: Use bdrv_reopen_set_read_only() in stream_start/complete() 2018-12-14 11:55:02 +01:00
throttle-groups.c throttle-groups: fix restart coroutine iothread race 2019-01-24 10:02:28 +00:00
throttle.c block: Use BdrvChild to discard 2018-07-10 16:01:52 +02:00
trace-events block/sheepdog: Convert from DPRINTF() macro to trace events 2019-01-31 00:38:19 +01:00
vdi.c block: Eliminate the S_1KiB, S_2KiB, ... macros 2019-02-01 13:46:45 +01:00
vhdx-endian.c block/vhdx: Don't take address of fields in packed structs 2018-11-05 15:09:54 +01:00
vhdx-log.c block/vhdx: Don't take address of fields in packed structs 2018-11-05 15:09:54 +01:00
vhdx.c block/vhdx: Don't take address of fields in packed structs 2018-11-05 15:09:54 +01:00
vhdx.h qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
vmdk.c bdrv_query_image_info Error parameter added 2019-02-11 14:35:43 -06:00
vpc.c block/vpc: Don't take address of fields in packed structs 2019-02-01 13:46:44 +01:00
vvfat.c vvfat: Fix memory leak 2018-11-19 12:51:40 +01:00
vxhs.c block: Add block-specific QDict header 2018-06-15 14:49:44 +02:00
win32-aio.c file-win32: Switch to byte-based callbacks 2018-05-15 16:11:41 +02:00
write-threshold.c qapi: Drop qapi_event_send_FOO()'s Error ** argument 2018-08-28 18:21:38 +02:00