Does the guest OS take advantage of this? What's the plan for implementing on something better than the raw sync backend - as I doubt that get's used very much compared to say io_uring.

io_uring is supported.

This is great! The lack of discard support has been one of the major drawbacks of both firecracker and cloud-hypervisor compared to qemu. I guess a future enhancement might be calling ioctl(BLKDISCARD) instead of using FALLOC_FL_PUNCH_HOLE when the virtual disk is backed by a block device instead of a plain file.

@lisongqian Please can you rebase - we can probably look at moving ahead with this PR.

I decided to do a little casual testing with this PR, on my linux-musl x86-64 dev host. I created a small, fully allocated disk image on the host's tmpfs /tmp with

# fallocate -l 8G /tmp/big

and then started cloud hypervisor with a 6.16.x kernel and my 'rescue initramfs' to play with this disk. My first move was to try making an ext4 filesystem, which involves writing zeros and discarding unused blocks.

I got an immediate warning about failed requests because 'Submission queue is full':

# hyper --cpus boot=1 --memory size=1G --kernel=boot/linux \
    --initramfs=boot/repair.zst --disk=path=/tmp/big --cmdline quiet
Please reboot or poweroff when maintenance is complete
# mkfs.ext4 /dev/vda
mke2fs 1.47.3 (8-Jul-2025)
Discarding device blocks: done
Creating filesystem with 2097152 4k blocks and 524288 inodes
Filesystem UUID: 30d894fc-df6b-4b21-a1dd-7daeab73aefc
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): cloud-hypervisor: 31.212182s: <_disk0_q0> WARN:virtio-devices/src/block.rs:277 -- Request failed: Request { request_type: WriteZeroes, sector: 0, data_descriptors: [(GuestAddress(233e5f0), 10)], status_addr: GuestAddress(39b5b10), writeback: true, aligned_operations: [AlignedOperation { origin_ptr: 7f2d9333e5f0, aligned_ptr: 7f2dd10cc400, size: 10, layout: Layout { size: 10, align: 512 (1 << 9) } }], start: Instant { tv_sec: abf31, tv_nsec: 26fead07 } } DiscardWriteZeroes(WriteZeroes(WriteVectored(Custom { kind: Other, error: "Submission queue is full" })))
cloud-hypervisor: 31.212733s: <_disk0_q0> WARN:virtio-devices/src/block.rs:277 -- Request failed: Request { request_type: WriteZeroes, sector: 0, data_descriptors: [(GuestAddress(233e5f0), 10)], status_addr: GuestAddress(39b5c90), writeback: true, aligned_operations: [AlignedOperation { origin_ptr: 7f2d9333e5f0, aligned_ptr: 7f2dd10cc600, size: 10, layout: Layout { size: 10, align: 512 (1 << 9) } }], start: Instant { tv_sec: abf31, tv_nsec: 2707276d } } DiscardWriteZeroes(WriteZeroes(WriteVectored(Custom { kind: Other, error: "Submission queue is full" })))
done
Writing superblocks and filesystem accounting information: cloud-hypervisor: 31.241350s: <_disk0_q0> WARN:virtio-devices/src/block.rs:305 -- Request failed with batch submission: Request { request_type: In, sector: 40000, data_descriptors: [(GuestAddress(2818000), 1000)], status_addr: GuestAddress(39b5e10), writeback: true, aligned_operations: [], start: Instant { tv_sec: abf31, tv_nsec: 28bbcde1 } } ReadVectored(Custom { kind: Other, error: "Submission queue is full" })
cloud-hypervisor: 31.241740s: <_disk0_q0> WARN:virtio-devices/src/block.rs:305 -- Request failed with batch submission: Request { request_type: In, sector: 40000, data_descriptors: [(GuestAddress(2818000), 1000)], status_addr: GuestAddress(39b5f90), writeback: true, aligned_operations: [], start: Instant { tv_sec: abf31, tv_nsec: 28c1c883 } } ReadVectored(Custom { kind: Other, error: "Submission queue is full" })
cloud-hypervisor: 31.242277s: <_disk0_q0> WARN:virtio-devices/src/block.rs:305 -- Request failed with batch submission: Request { request_type: Out, sector: 0, data_descriptors: [(GuestAddress(2225000), 1000), (GuestAddress(2810000), 1000), (GuestAddress(2205000), 1000), (GuestAddress(2155000), 2000), (GuestAddress(214e000), 1000), (GuestAddress(2150000), 2000), (GuestAddress(214d000), 1000), (GuestAddress(214a000), 1000), (GuestAddress(2147000), 1000), (GuestAddress(214b000), 2000), (GuestAddress(2148000), 2000), (GuestAddress(214f000), 1000), (GuestAddress(2252000), 1000), (GuestAddress(2152000), 1000), (GuestAddress(2145000), 1000), (GuestAddress(21fd000), 1000), (GuestAddress(2143000), 2000), (GuestAddress(2141000), 2000), (GuestAddress(2146000), 1000), (GuestAddress(213e000), 1000), (GuestAddress(213d000), 1000), (GuestAddress(213f000), 2000), (GuestAddress(213a000), 1000), (GuestAddress(2202000), 1000), (GuestAddress(2201000), 1000), (GuestAddress(21fe000), 1000), (GuestAddress(213b000), 2000), (GuestAddress(2134000), 1000), (GuestAddress(2136000), 2000), (GuestAddress(2133000), 1000), (GuestAddress(2130000), 2000), (GuestAddress(212a000), 2000), (GuestAddress(2132000), 1000), (GuestAddress(212c000), 4000), (GuestAddress(2135000), 1000), (GuestAddress(2153000), 1000), (GuestAddress(2206000), 1000), (GuestAddress(2138000), 1000), (GuestAddress(2128000), 1000), (GuestAddress(2126000), 2000), (GuestAddress(21ff000), 1000), (GuestAddress(2124000), 2000), (GuestAddress(21fb000), 1000), (GuestAddress(2129000), 1000), (GuestAddress(21fa000), 1000), (GuestAddress(21e5000), 1000), (GuestAddress(2200000), 1000), (GuestAddress(224e000), 1000), (GuestAddress(2203000), 1000), (GuestAddress(224f000), 1000), (GuestAddress(221b000), 1000), (GuestAddress(2121000), 1000), (GuestAddress(2120000), 1000), (GuestAddress(2122000), 2000), (GuestAddress(211d000), 3000), (GuestAddress(2117000), 1000), (GuestAddress(216c000), 1000), (GuestAddress(2119000), 2000), (GuestAddress(2116000), 1000), (GuestAddress(2251000), 1000), (GuestAddress(2112000), 2000), (GuestAddress(210b000), 2000), (GuestAddress(2114000), 1000), (GuestAddress(210e000), 4000), (GuestAddress(2118000), 1000), (GuestAddress(2139000), 1000), (GuestAddress(211b000), 1000), (GuestAddress(2109000), 1000), (GuestAddress(2107000), 2000), (GuestAddress(224d000), 1000), (GuestAddress(2105000), 2000), (GuestAddress(210a000), 1000), (GuestAddress(2102000), 1000), (GuestAddress(2101000), 1000), (GuestAddress(2103000), 2000), (GuestAddress(20fe000), 3000), (GuestAddress(20f8000), 1000), (GuestAddress(20fa000), 1000), (GuestAddress(20f7000), 1000), (GuestAddress(2173000), 1000), (GuestAddress(20f4000), 1000), (GuestAddress(20f3000), 1000), (GuestAddress(20f5000), 1000), (GuestAddress(20ed000), 2000), (GuestAddress(20f6000), 1000), (GuestAddress(20f0000), 3000), (GuestAddress(20f9000), 1000), (GuestAddress(211c000), 1000), (GuestAddress(20fc000), 1000), (GuestAddress(21d7000), 1000), (GuestAddress(21db000), 2000), (GuestAddress(21e0000), 1000)], status_addr: GuestAddress(39b5f90), writeback: true, aligned_operations: [], start: Instant { tv_sec: abf31, tv_nsec: 28c9bcc0 } } WriteVectored(Custom { kind: Other, error: "Submission queue is full" })

The guest appears to be hung at this point.

However, if I disable detect-zeroes, things seem fine:

# hyper --cpus boot=1 --memory size=1G --kernel=boot/linux \
  --initramfs=boot/repair.zst --disk=path=/tmp/big,detect-zeroes=off --cmdline quiet
Please reboot or poweroff when maintenance is complete
# mkfs.ext4 /dev/vda
mke2fs 1.47.3 (8-Jul-2025)
Discarding device blocks: done
Creating filesystem with 2097152 4k blocks and 524288 inodes
Filesystem UUID: 3859c2aa-97be-4a58-a688-e75402dd70a5
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done
#

I can confirm that the discards have happened correctly too:

# du /tmp/big # before
8388608 /tmp/big
# du /tmp/big # after
71900   /tmp/big
#

I don't think the specifics of the kernel or initramfs are very exciting, although they're available at

• https://github.com/arachsys-hosts/guest/raw/refs/heads/master/boot/linux
• https://github.com/arachsys-hosts/repair/raw/refs/heads/master/boot/repair.zst

respectively, with the defconfig-abbreviated kernel config (suitable for make olddefconfig) at

• https://github.com/arachsys-hosts/guest/blob/master/config

(I should also confirm: for the purposes of this test, I've built an exact clone of this PR's branch without any additional patches, using the current release version of rust. I've also rebased the changes onto the current release of CH, and get the same behaviour there.)

I'll continue trying to find problems with the discard=on,detect-zeroes=off configuration with more testing, but so far everything is working perfectly. I've tested with both block-device and file-backed vda, with a filesystem mounted -o discard, and see used space smoothly increasing and decreasing as the filesystem is filled and emptied. I've also successfully tested guest-side fstrim, which does the right thing.

I've now repeated these tests with discard=on,detect-zeros=unmap, which also appears to work fine. The initial mkfs.ext4 doesn't complain about an overflowing submission queue, and the allocated space on the backing file smoothly increases and decreases as the filesystem is filled and emptied, exactly as when detect-zeros is turned off.

So I think it's just detect-zeros=on that has some small problem here, @lisongqian?

It's really great seeing CH having proper discard/trim support at last. I was delighted when I saw the allocated space in the disk image being released for the first time. Thanks! :)

Until @lisongqian is about, maybe I can help out with some notes on the importance of discard support, as you asked for @likebreath?

With guest drives provisioned directly onto SSDs (or contiguous volumes/partitions of SSDs), discard support is essentially pass-through of TRIM, and is useful for exactly the same reasons that TRIM helps on the host: passing information about unused blocks down to the flash management firmware to help with wear-levelling and performance.

It's much better to erase the released blocks during "idle" time ahead of wanting to reuse them, vs doing a full read-erase-modify-write at write time. And allowing the firmware to understand what blocks are really free and can be reused can make the wear-levelling work across a larger range of free blocks, prolonging SSD life.

With thin-provisioned guests, either with sparse image files in filesystems or something like lvm2 sparse volumes, discard plays an even more important role: allowing unused space when files are deleted in guest filesystems (mounted with -o discard) to be released back to the thin provisioning pool for use by other guests. This turns out to work really well in practice: if you fill a large filesystem in the guest then delete everything again, almost all of the space is released straight back again.

There are lots of thin-provisioned or SSD-backed situations where the only reason I use qemu instead of cloud-hypervisor or firecracker is because qemu supports discard pass-through, and that's required to make the thin-provisioning work or maximise SSD lifespan.

As I said I prefer the way crosvm did it - #7292 (comment)
i.e. you don't need separate write-zeroes option - we can just do that unconditionally with no negative performance impact.

As I understand it, crosvm simplifies the options to sparse=off which disables discard and makes write-zeros attempt a fallocate ZERO_RANGE, and sparse=on which enables both discard and write-zeroes as unmaps, i.e. either fallocate PUNCH_HOLE or block device discard. That certainly works for me; does it cover your use cases too @lisongqian?

Edit: ...though not all block devices guarantee that zeroes will be read back from discarded blocks, so mapping write-zeros to block device discard isn't correct. But it's probably fine in the sparse=on case to unconditionally map virtio discard to fallocate PUNCH_HOLE or ioctl BLKDISCARD, and map virtio write-zeroes to fallocate PUNCH_HOLE or ioctl BLKZEROOUT.

For my purposes, I also wouldn't care if write-zeroes was unconditionally mapped to fallocate ZERO_RANGE / ioctl BLKZEROOUT in both sparse=off and sparse=on, with the sparse setting just changing discard behaviour. That's probably the simplest option of all.

Right, crosvm does ZERO_RANGE by default for virtio WRITE_ZEROES. That's why i'm saying we don't need to have a special option for that.

Right, crosvm does ZERO_RANGE by default for virtio WRITE_ZEROES. That's why i'm saying we don't need to have a special option for that.

I agree, at least for my use of CH. The only thing I wanted to double check is that both sync and async do the right thing with block devices in the sparse case with write-zeros mapping to ioctl BLKZEROOUT and discard mapping to ioctl BLKDISCARD.

With files instead block devices, write-zeroes could correctly map to either fallocate PUNCH_HOLE or fallocate WRITE_ZEROES, and I don't mind. Probably the latter unconditionally is easier as you say.

The latest push has changed the configuration to sparse.

The only thing I wanted to double check is that both sync and async do the right thing with block devices in the sparse case with write-zeros mapping to ioctl BLKZEROOUT and discard mapping to ioctl BLKDISCARD.

For raw async with io_uring, The IORING_OP_IOCTL patch hasn't landed: https://lore.kernel.org/lkml/3757f227-6ed9-b140-e367-69387f966874@gmail.com/t/. We need to use sync ioctl operations here? @arachsys @rbradford

For raw async with io_uring, The IORING_OP_IOCTL patch hasn't landed: https://lore.kernel.org/lkml/3757f227-6ed9-b140-e367-69387f966874@gmail.com/t/. We need to use sync ioctl operations here? @arachsys @rbradford

Ah, I hadn't spotted that wasn't available! When sparse is enabled on a block device, are all IO operations except discard async, with discard issued synchronously, or does enabling sparse force all IO operations include normal reads and writes to be sync?

Potentially torvalds/linux@50c5225 which went into 6.11 might be the specific async block discard, although it's not the whole of ioctl()?

Potentially torvalds/linux@50c5225 which went into 6.11 might be the specific async block discard, although it's not the whole of ioctl()?

I will give it a try and add some integration test cases.

Would you like me to do some live testing on this yet, @lisongqian, or is it still in development? Very happy to test on some real VMs if we're at a stage where that's helpful.

Would you like me to do some live testing on this yet, @lisongqian, or is it still in development? Very happy to test on some real VMs if we're at a stage where that's helpful.

I'm not sure it's ready. The unit test has failed but I don't know whether the kernel of the host is bigger than 6.12.
I'm busy this month. I'm happy if you could help me test it ❤️

I'm not sure it's ready. The unit test has failed but I don't know whether the kernel of the host is bigger than 6.12.
I'm busy this month. I'm happy if you could help me test it ❤️

I can reproduce these failures on a 6.12 kernel. It is flaky, with different assertions in the new test failing at different times. I also observed a partly cleared buffer at some point. My guess is there is at least a race condition between the blk_dev discard tests on the use of /tmp/test_discard_dev.raw, but my first attempt at avoiding that did not fix the test yet.