On 9/14/18 11:51 AM, Vladimir Sementsov-Ogievskiy wrote:
bitmap_to_extents function is broken: it switches dirty variable after
every iteration, however it can process only part of dirty (or zero)
area during one iteration in case when this area is too large for one
extent.
Fortunately, the bug don't produce wrong extents: it just inserts
zero-length extents between sequential extents representing large dirty
(or zero) area. However, zero-length extents are abandoned by NBD
s/abandoned by/forbidden by the/
protocol. So, careful client should consider such replay as server
s/replay/reply/
fault and not-careful will likely ignore zero-length extents.
Which camp is qemu 3.0 as client in? Does it tolerate the zero-length
extent, and still manage to see correct information overall, or does
it crash?
Hmm - I think we're "safe" with qemu as client - right now, the only
way qemu 3.0 accesses the qemu dirty bitmap over NBD is with my
x-dirty-bitmap hack (commit 216ee3657), which uses
block/nbd-client.c:nbd_client_co_block_status() to read the bitmap,
and that always passes NBD_CMD_FLAG_REQ_ONE. qemu will assert() if
nbd_client_co_block_status() doesn't make any progress, but from what
I'm reading of your bug report, qemu as client never permits the
server to answer with more than one extent, and the bug of a
zero-length extent is triggered only after the first extent has been
sent.
Thus, the primary reason to accept this patch is not because of qemu
3.0 as client, but for interoperability with other clients. I'm
planning on updating the commit message to add these additional details.
Fix this by more careful handling of dirty variable.
Bug was introduced in 3d068aff16
"nbd/server: implement dirty bitmap export", with the whole function.
and presents in v3.0.0 release.
s/presents/present/
Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
CC: address@hidden
---
nbd/server.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/nbd/server.c b/nbd/server.c
index ea5fe0eb33..12f721482d 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -1951,6 +1951,8 @@ static unsigned int
bitmap_to_extents(BdrvDirtyBitmap *bitmap, uint64_t offset,
assert(begin < overall_end && nb_extents);
while (begin < overall_end && i < nb_extents) {
+ bool next_dirty = !dirty;
+
if (dirty) {
end = bdrv_dirty_bitmap_next_zero(bitmap, begin);
} else {
@@ -1962,6 +1964,7 @@ static unsigned int
bitmap_to_extents(BdrvDirtyBitmap *bitmap, uint64_t offset,
end = MIN(bdrv_dirty_bitmap_size(bitmap),
begin + UINT32_MAX + 1 -
bdrv_dirty_bitmap_granularity(bitmap));
+ next_dirty = dirty;
}
Rather than introducing next_dirty, couldn't you just make this:
if (end == -1 || end - begin > UINT32_MAX) {
/* Cap ... */
end = MIN(...);
} else {
dirty = !dirty;
}