Am 12.10.2010 17:22, schrieb Anthony Liguori: > On 10/12/2010 10:08 AM, Kevin Wolf wrote: >> Otherwise we might destroy data that isn't >> even touched by the guest request in case of a crash. >> > > The failure scenarios are either that the cluster is leaked in which > case, the old version of the data is still present or the cluster is > orphaned because the L2 entry is written, in which case the old version > of the data is present.
Hm, how does the latter case work? Or rather, what do mean by "orphaned"? > Are you referring to a scenario where the cluster is partially written > because the data is present in the write cache and the write cache isn't > flushed on power failure? The case I'm referring to is a COW. So let's assume a partial write to an unallocated cluster, we then need to do a COW in pre/postfill. Then we do a normal write and link the new cluster in the L2 table. Assume that the write to the L2 table is already on the disk, but the pre/postfill data isn't yet. At this point we have a bad state because if we crash now we have lost the data that should have been copied from the backing file. If we can't guarantee that a new cluster is all zeros, the same happens without a backing file. So as soon as we start reusing freed clusters, we get this case for all QED images. Kevin
