2004-08-02 01:59:26 +04:00
|
|
|
/*
|
|
|
|
* QEMU System Emulator block driver
|
2007-09-17 01:08:06 +04:00
|
|
|
*
|
2004-08-02 01:59:26 +04:00
|
|
|
* Copyright (c) 2003 Fabrice Bellard
|
2007-09-17 01:08:06 +04:00
|
|
|
*
|
2004-08-02 01:59:26 +04:00
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
|
|
* in the Software without restriction, including without limitation the rights
|
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
|
|
* furnished to do so, subject to the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be included in
|
|
|
|
* all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
* THE SOFTWARE.
|
|
|
|
*/
|
|
|
|
#ifndef BLOCK_INT_H
|
|
|
|
#define BLOCK_INT_H
|
|
|
|
|
2014-09-05 17:46:16 +04:00
|
|
|
#include "block/accounting.h"
|
2012-12-17 21:19:44 +04:00
|
|
|
#include "block/block.h"
|
2012-12-17 21:20:00 +04:00
|
|
|
#include "qemu/option.h"
|
|
|
|
#include "qemu/queue.h"
|
2015-09-01 16:48:02 +03:00
|
|
|
#include "qemu/coroutine.h"
|
2012-12-17 21:20:00 +04:00
|
|
|
#include "qemu/timer.h"
|
2011-09-22 00:16:47 +04:00
|
|
|
#include "qapi-types.h"
|
2013-01-21 20:09:41 +04:00
|
|
|
#include "qemu/hbitmap.h"
|
2013-05-25 07:09:44 +04:00
|
|
|
#include "block/snapshot.h"
|
2013-08-21 19:02:47 +04:00
|
|
|
#include "qemu/main-loop.h"
|
2013-09-02 16:14:39 +04:00
|
|
|
#include "qemu/throttle.h"
|
2007-11-11 05:51:17 +03:00
|
|
|
|
2012-07-27 12:05:22 +04:00
|
|
|
#define BLOCK_FLAG_ENCRYPT 1
|
|
|
|
#define BLOCK_FLAG_LAZY_REFCOUNTS 8
|
2007-09-17 01:59:02 +04:00
|
|
|
|
2012-07-27 12:05:22 +04:00
|
|
|
#define BLOCK_OPT_SIZE "size"
|
|
|
|
#define BLOCK_OPT_ENCRYPT "encryption"
|
|
|
|
#define BLOCK_OPT_COMPAT6 "compat6"
|
2016-05-03 12:43:30 +03:00
|
|
|
#define BLOCK_OPT_HWVERSION "hwversion"
|
2012-07-27 12:05:22 +04:00
|
|
|
#define BLOCK_OPT_BACKING_FILE "backing_file"
|
|
|
|
#define BLOCK_OPT_BACKING_FMT "backing_fmt"
|
|
|
|
#define BLOCK_OPT_CLUSTER_SIZE "cluster_size"
|
|
|
|
#define BLOCK_OPT_TABLE_SIZE "table_size"
|
|
|
|
#define BLOCK_OPT_PREALLOC "preallocation"
|
|
|
|
#define BLOCK_OPT_SUBFMT "subformat"
|
|
|
|
#define BLOCK_OPT_COMPAT_LEVEL "compat"
|
|
|
|
#define BLOCK_OPT_LAZY_REFCOUNTS "lazy_refcounts"
|
2013-01-30 03:26:52 +04:00
|
|
|
#define BLOCK_OPT_ADAPTER_TYPE "adapter_type"
|
2013-11-07 18:56:38 +04:00
|
|
|
#define BLOCK_OPT_REDUNDANCY "redundancy"
|
qemu-img create: add 'nocow' option
Add 'nocow' option so that users could have a chance to set NOCOW flag to
newly created files. It's useful on btrfs file system to enhance performance.
Btrfs has low performance when hosting VM images, even more when the guest
in those VM are also using btrfs as file system. One way to mitigate this bad
performance is to turn off COW attributes on VM files. Generally, there are
two ways to turn off NOCOW on btrfs: a) by mounting fs with nodatacow, then
all newly created files will be NOCOW. b) per file. Add the NOCOW file
attribute. It could only be done to empty or new files.
This patch tries the second way, according to the option, it could add NOCOW
per file.
For most block drivers, since the create file step is in raw-posix.c, so we
can do setting NOCOW flag ioctl in raw-posix.c only.
But there are some exceptions, like block/vpc.c and block/vdi.c, they are
creating file by calling qemu_open directly. For them, do the same setting
NOCOW flag ioctl work in them separately.
[Fixed up 082.out due to the new 'nocow' creation option
--Stefan]
Signed-off-by: Chunyan Liu <cyliu@suse.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-30 10:29:58 +04:00
|
|
|
#define BLOCK_OPT_NOCOW "nocow"
|
2015-02-13 12:20:53 +03:00
|
|
|
#define BLOCK_OPT_OBJECT_SIZE "object_size"
|
2015-02-19 01:40:49 +03:00
|
|
|
#define BLOCK_OPT_REFCOUNT_BITS "refcount_bits"
|
2009-05-18 18:42:10 +04:00
|
|
|
|
2014-11-20 18:27:11 +03:00
|
|
|
#define BLOCK_PROBE_BUF_SIZE 512
|
|
|
|
|
2015-11-09 13:16:46 +03:00
|
|
|
enum BdrvTrackedRequestType {
|
|
|
|
BDRV_TRACKED_READ,
|
|
|
|
BDRV_TRACKED_WRITE,
|
|
|
|
BDRV_TRACKED_FLUSH,
|
|
|
|
BDRV_TRACKED_IOCTL,
|
|
|
|
BDRV_TRACKED_DISCARD,
|
|
|
|
};
|
|
|
|
|
2013-06-24 19:13:10 +04:00
|
|
|
typedef struct BdrvTrackedRequest {
|
|
|
|
BlockDriverState *bs;
|
2013-12-03 18:31:25 +04:00
|
|
|
int64_t offset;
|
|
|
|
unsigned int bytes;
|
2015-11-09 13:16:46 +03:00
|
|
|
enum BdrvTrackedRequestType type;
|
2013-12-04 20:08:50 +04:00
|
|
|
|
2013-12-04 19:43:44 +04:00
|
|
|
bool serialising;
|
2013-12-04 20:08:50 +04:00
|
|
|
int64_t overlap_offset;
|
|
|
|
unsigned int overlap_bytes;
|
|
|
|
|
2013-06-24 19:13:10 +04:00
|
|
|
QLIST_ENTRY(BdrvTrackedRequest) list;
|
|
|
|
Coroutine *co; /* owner, used for deadlock detection */
|
|
|
|
CoQueue wait_queue; /* coroutines blocked on this request */
|
2013-12-13 16:04:35 +04:00
|
|
|
|
|
|
|
struct BdrvTrackedRequest *waiting_for;
|
2013-06-24 19:13:10 +04:00
|
|
|
} BdrvTrackedRequest;
|
|
|
|
|
2004-08-02 01:59:26 +04:00
|
|
|
struct BlockDriver {
|
|
|
|
const char *format_name;
|
|
|
|
int instance_size;
|
2013-10-02 16:33:48 +04:00
|
|
|
|
2014-03-03 22:11:34 +04:00
|
|
|
/* set to true if the BlockDriver is a block filter */
|
|
|
|
bool is_filter;
|
|
|
|
/* for snapshots block filter like Quorum can implement the
|
|
|
|
* following recursive callback.
|
2014-01-24 00:31:36 +04:00
|
|
|
* It's purpose is to recurse on the filter children while calling
|
|
|
|
* bdrv_recurse_is_first_non_filter on them.
|
|
|
|
* For a sample implementation look in the future Quorum block filter.
|
2013-10-02 16:33:48 +04:00
|
|
|
*/
|
2014-01-24 00:31:36 +04:00
|
|
|
bool (*bdrv_recurse_is_first_non_filter)(BlockDriverState *bs,
|
|
|
|
BlockDriverState *candidate);
|
2013-10-02 16:33:48 +04:00
|
|
|
|
2004-08-02 01:59:26 +04:00
|
|
|
int (*bdrv_probe)(const uint8_t *buf, int buf_size, const char *filename);
|
2009-06-15 16:04:22 +04:00
|
|
|
int (*bdrv_probe_device)(const char *filename);
|
2013-03-18 19:40:51 +04:00
|
|
|
|
|
|
|
/* Any driver implementing this callback is expected to be able to handle
|
|
|
|
* NULL file names in its .bdrv_open() implementation */
|
2013-03-15 21:47:22 +04:00
|
|
|
void (*bdrv_parse_filename)(const char *filename, QDict *options, Error **errp);
|
2013-09-24 19:07:04 +04:00
|
|
|
/* Drivers not implementing bdrv_parse_filename nor bdrv_open should have
|
|
|
|
* this field set to true, except ones that are defined only by their
|
|
|
|
* child's bs.
|
|
|
|
* An example of the last type will be the quorum block driver.
|
|
|
|
*/
|
|
|
|
bool bdrv_needs_filename;
|
2012-09-20 23:13:19 +04:00
|
|
|
|
2014-06-04 17:09:35 +04:00
|
|
|
/* Set if a driver can support backing files */
|
|
|
|
bool supports_backing;
|
|
|
|
|
2012-09-20 23:13:19 +04:00
|
|
|
/* For handling image reopen for split or non-split files */
|
|
|
|
int (*bdrv_reopen_prepare)(BDRVReopenState *reopen_state,
|
|
|
|
BlockReopenQueue *queue, Error **errp);
|
|
|
|
void (*bdrv_reopen_commit)(BDRVReopenState *reopen_state);
|
|
|
|
void (*bdrv_reopen_abort)(BDRVReopenState *reopen_state);
|
2015-11-16 17:34:59 +03:00
|
|
|
void (*bdrv_join_options)(QDict *options, QDict *old_options);
|
2012-09-20 23:13:19 +04:00
|
|
|
|
2013-09-05 16:22:29 +04:00
|
|
|
int (*bdrv_open)(BlockDriverState *bs, QDict *options, int flags,
|
|
|
|
Error **errp);
|
|
|
|
int (*bdrv_file_open)(BlockDriverState *bs, QDict *options, int flags,
|
|
|
|
Error **errp);
|
2004-09-18 23:32:11 +04:00
|
|
|
void (*bdrv_close)(BlockDriverState *bs);
|
2014-06-05 13:21:11 +04:00
|
|
|
int (*bdrv_create)(const char *filename, QemuOpts *opts, Error **errp);
|
2004-08-02 01:59:26 +04:00
|
|
|
int (*bdrv_set_key)(BlockDriverState *bs, const char *key);
|
2005-12-18 21:28:15 +03:00
|
|
|
int (*bdrv_make_empty)(BlockDriverState *bs);
|
2014-07-18 22:24:56 +04:00
|
|
|
|
2015-04-27 14:50:54 +03:00
|
|
|
void (*bdrv_refresh_filename)(BlockDriverState *bs, QDict *options);
|
2014-07-18 22:24:56 +04:00
|
|
|
|
2006-08-01 20:21:11 +04:00
|
|
|
/* aio */
|
2014-10-07 15:59:14 +04:00
|
|
|
BlockAIOCB *(*bdrv_aio_readv)(BlockDriverState *bs,
|
2009-04-07 22:43:24 +04:00
|
|
|
int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
|
2014-10-07 15:59:15 +04:00
|
|
|
BlockCompletionFunc *cb, void *opaque);
|
2014-10-07 15:59:14 +04:00
|
|
|
BlockAIOCB *(*bdrv_aio_writev)(BlockDriverState *bs,
|
2009-04-07 22:43:24 +04:00
|
|
|
int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
|
2014-10-07 15:59:15 +04:00
|
|
|
BlockCompletionFunc *cb, void *opaque);
|
2014-10-07 15:59:14 +04:00
|
|
|
BlockAIOCB *(*bdrv_aio_flush)(BlockDriverState *bs,
|
2014-10-07 15:59:15 +04:00
|
|
|
BlockCompletionFunc *cb, void *opaque);
|
2014-10-07 15:59:14 +04:00
|
|
|
BlockAIOCB *(*bdrv_aio_discard)(BlockDriverState *bs,
|
2011-10-17 14:32:14 +04:00
|
|
|
int64_t sector_num, int nb_sectors,
|
2014-10-07 15:59:15 +04:00
|
|
|
BlockCompletionFunc *cb, void *opaque);
|
2006-08-01 20:21:11 +04:00
|
|
|
|
2011-07-14 19:27:13 +04:00
|
|
|
int coroutine_fn (*bdrv_co_readv)(BlockDriverState *bs,
|
|
|
|
int64_t sector_num, int nb_sectors, QEMUIOVector *qiov);
|
2016-04-25 12:25:18 +03:00
|
|
|
int coroutine_fn (*bdrv_co_preadv)(BlockDriverState *bs,
|
|
|
|
uint64_t offset, uint64_t bytes, QEMUIOVector *qiov, int flags);
|
2011-07-14 19:27:13 +04:00
|
|
|
int coroutine_fn (*bdrv_co_writev)(BlockDriverState *bs,
|
|
|
|
int64_t sector_num, int nb_sectors, QEMUIOVector *qiov);
|
2016-03-10 15:39:55 +03:00
|
|
|
int coroutine_fn (*bdrv_co_writev_flags)(BlockDriverState *bs,
|
|
|
|
int64_t sector_num, int nb_sectors, QEMUIOVector *qiov, int flags);
|
2016-04-25 12:25:18 +03:00
|
|
|
int coroutine_fn (*bdrv_co_pwritev)(BlockDriverState *bs,
|
|
|
|
uint64_t offset, uint64_t bytes, QEMUIOVector *qiov, int flags);
|
2016-03-10 15:39:55 +03:00
|
|
|
|
2012-02-07 17:27:25 +04:00
|
|
|
/*
|
|
|
|
* Efficiently zero a region of the disk image. Typically an image format
|
|
|
|
* would use a compact metadata representation to implement this. This
|
block: Honor BDRV_REQ_FUA during write_zeroes
The block layer has a couple of cases where it can lose
Force Unit Access semantics when writing a large block of
zeroes, such that the request returns before the zeroes
have been guaranteed to land on underlying media.
SCSI does not support FUA during WRITESAME(10/16); FUA is only
supported if it falls back to WRITE(10/16). But where the
underlying device is new enough to not need a fallback, it
means that any upper layer request with FUA semantics was
silently ignoring BDRV_REQ_FUA.
Conversely, NBD has situations where it can support FUA but not
ZERO_WRITE; when that happens, the generic block layer fallback
to bdrv_driver_pwritev() (or the older bdrv_co_writev() in qemu
2.6) was losing the FUA flag.
The problem of losing flags unrelated to ZERO_WRITE has been
latent in bdrv_co_do_write_zeroes() since commit aa7bfbff, but
back then, it did not matter because there was no FUA flag. It
became observable when commit 93f5e6d8 paved the way for flags
that can impact correctness, when we should have been using
bdrv_co_writev_flags() with modified flags. Compare to commit
9eeb6dd, which got flag manipulation right in
bdrv_co_do_zero_pwritev().
Symptoms: I tested with qemu-io with default writethrough cache
(which is supposed to use FUA semantics on every write), and
targetted an NBD client connected to a server that intentionally
did not advertise NBD_FLAG_SEND_FUA. When doing 'write 0 512',
the NBD client sent two operations (NBD_CMD_WRITE then
NBD_CMD_FLUSH) to get the fallback FUA semantics; but when doing
'write -z 0 512', the NBD client sent only NBD_CMD_WRITE.
The fix is do to a cleanup bdrv_co_flush() at the end of the
operation if any step in the middle relied on a BDS that does
not natively support FUA for that step (note that we don't
need to flush after every operation, if the operation is broken
into chunks based on bounce-buffer sizing). Each BDS gains a
new flag .supported_zero_flags, which parallels the use of
.supported_write_flags but only when accessing a zero write
operation (the flags MUST be different, because of SCSI having
different semantics based on WRITE vs. WRITESAME; and also
because BDRV_REQ_MAY_UNMAP only makes sense on zero writes).
Also fix some documentation to describe -ENOTSUP semantics,
particularly since iscsi depends on those semantics.
Down the road, we may want to add a driver where its
.bdrv_co_pwritev() honors all three of BDRV_REQ_FUA,
BDRV_REQ_ZERO_WRITE, and BDRV_REQ_MAY_UNMAP, and advertise
this via bs->supported_write_flags for blocks opened by that
driver; such a driver should NOT supply .bdrv_co_write_zeroes
nor .supported_zero_flags. But none of the drivers touched
in this patch want to do that (the act of writing zeroes is
different enough from normal writes to deserve a second
callback).
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-05-04 01:39:07 +03:00
|
|
|
* function pointer may be NULL or return -ENOSUP and .bdrv_co_writev()
|
|
|
|
* will be called instead.
|
2012-02-07 17:27:25 +04:00
|
|
|
*/
|
2016-06-02 00:10:03 +03:00
|
|
|
int coroutine_fn (*bdrv_co_pwrite_zeroes)(BlockDriverState *bs,
|
|
|
|
int64_t offset, int count, BdrvRequestFlags flags);
|
2011-10-17 14:32:14 +04:00
|
|
|
int coroutine_fn (*bdrv_co_discard)(BlockDriverState *bs,
|
|
|
|
int64_t sector_num, int nb_sectors);
|
2013-09-04 21:00:28 +04:00
|
|
|
int64_t coroutine_fn (*bdrv_co_get_block_status)(BlockDriverState *bs,
|
2016-01-26 06:58:48 +03:00
|
|
|
int64_t sector_num, int nb_sectors, int *pnum,
|
|
|
|
BlockDriverState **file);
|
2011-07-14 19:27:13 +04:00
|
|
|
|
2011-11-15 01:09:45 +04:00
|
|
|
/*
|
|
|
|
* Invalidate any cached meta-data.
|
|
|
|
*/
|
2014-03-12 18:59:16 +04:00
|
|
|
void (*bdrv_invalidate_cache)(BlockDriverState *bs, Error **errp);
|
2015-12-22 16:07:08 +03:00
|
|
|
int (*bdrv_inactivate)(BlockDriverState *bs);
|
2011-11-15 01:09:45 +04:00
|
|
|
|
2016-03-14 10:44:53 +03:00
|
|
|
/*
|
|
|
|
* Flushes all data for all layers by calling bdrv_co_flush for underlying
|
|
|
|
* layers, if needed. This function is needed for deterministic
|
|
|
|
* synchronization of the flush finishing callback.
|
|
|
|
*/
|
|
|
|
int coroutine_fn (*bdrv_co_flush)(BlockDriverState *bs);
|
|
|
|
|
2011-11-10 20:25:44 +04:00
|
|
|
/*
|
|
|
|
* Flushes all data that was already written to the OS all the way down to
|
|
|
|
* the disk (for example raw-posix calls fsync()).
|
|
|
|
*/
|
|
|
|
int coroutine_fn (*bdrv_co_flush_to_disk)(BlockDriverState *bs);
|
|
|
|
|
2011-11-10 21:10:11 +04:00
|
|
|
/*
|
|
|
|
* Flushes all internal caches to the OS. The data may still sit in a
|
|
|
|
* writeback cache of the host OS, but it will survive a crash of the qemu
|
|
|
|
* process.
|
|
|
|
*/
|
|
|
|
int coroutine_fn (*bdrv_co_flush_to_os)(BlockDriverState *bs);
|
|
|
|
|
2006-08-01 20:21:11 +04:00
|
|
|
const char *protocol_name;
|
|
|
|
int (*bdrv_truncate)(BlockDriverState *bs, int64_t offset);
|
block: Avoid unecessary drv->bdrv_getlength() calls
The block layer generally keeps the size of an image cached in
bs->total_sectors so that it doesn't have to perform expensive
operations to get the size whenever it needs it.
This doesn't work however when using a backend that can change its size
without qemu being aware of it, i.e. passthrough of removable media like
CD-ROMs or floppy disks. For this reason, the caching is disabled when a
removable device is used.
It is obvious that checking whether the _guest_ device has removable
media isn't the right thing to do when we want to know whether the size
of the host backend can change. To make things worse, non-top-level
BlockDriverStates never have any device attached, which makes qemu
assume they are removable, so drv->bdrv_getlength() is always called on
the protocol layer. In the case of raw-posix, this causes unnecessary
lseek() system calls, which turned out to be rather expensive.
This patch completely changes the logic and disables bs->total_sectors
caching only for certain block driver types, for which a size change is
expected: host_cdrom and host_floppy on POSIX, host_device on win32; also
the raw format in case it sits on top of one of these protocols, but in
the common case the nested bdrv_getlength() call on the protocol driver
will use the cache again and avoid an expensive drv->bdrv_getlength()
call.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2013-10-29 15:18:58 +04:00
|
|
|
|
2006-08-01 20:21:11 +04:00
|
|
|
int64_t (*bdrv_getlength)(BlockDriverState *bs);
|
block: Avoid unecessary drv->bdrv_getlength() calls
The block layer generally keeps the size of an image cached in
bs->total_sectors so that it doesn't have to perform expensive
operations to get the size whenever it needs it.
This doesn't work however when using a backend that can change its size
without qemu being aware of it, i.e. passthrough of removable media like
CD-ROMs or floppy disks. For this reason, the caching is disabled when a
removable device is used.
It is obvious that checking whether the _guest_ device has removable
media isn't the right thing to do when we want to know whether the size
of the host backend can change. To make things worse, non-top-level
BlockDriverStates never have any device attached, which makes qemu
assume they are removable, so drv->bdrv_getlength() is always called on
the protocol layer. In the case of raw-posix, this causes unnecessary
lseek() system calls, which turned out to be rather expensive.
This patch completely changes the logic and disables bs->total_sectors
caching only for certain block driver types, for which a size change is
expected: host_cdrom and host_floppy on POSIX, host_device on win32; also
the raw format in case it sits on top of one of these protocols, but in
the common case the nested bdrv_getlength() call on the protocol driver
will use the cache again and avoid an expensive drv->bdrv_getlength()
call.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2013-10-29 15:18:58 +04:00
|
|
|
bool has_variable_length;
|
2011-07-12 15:56:39 +04:00
|
|
|
int64_t (*bdrv_get_allocated_file_size)(BlockDriverState *bs);
|
block: Avoid unecessary drv->bdrv_getlength() calls
The block layer generally keeps the size of an image cached in
bs->total_sectors so that it doesn't have to perform expensive
operations to get the size whenever it needs it.
This doesn't work however when using a backend that can change its size
without qemu being aware of it, i.e. passthrough of removable media like
CD-ROMs or floppy disks. For this reason, the caching is disabled when a
removable device is used.
It is obvious that checking whether the _guest_ device has removable
media isn't the right thing to do when we want to know whether the size
of the host backend can change. To make things worse, non-top-level
BlockDriverStates never have any device attached, which makes qemu
assume they are removable, so drv->bdrv_getlength() is always called on
the protocol layer. In the case of raw-posix, this causes unnecessary
lseek() system calls, which turned out to be rather expensive.
This patch completely changes the logic and disables bs->total_sectors
caching only for certain block driver types, for which a size change is
expected: host_cdrom and host_floppy on POSIX, host_device on win32; also
the raw format in case it sits on top of one of these protocols, but in
the common case the nested bdrv_getlength() call on the protocol driver
will use the cache again and avoid an expensive drv->bdrv_getlength()
call.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2013-10-29 15:18:58 +04:00
|
|
|
|
2007-09-17 01:08:06 +04:00
|
|
|
int (*bdrv_write_compressed)(BlockDriverState *bs, int64_t sector_num,
|
2006-08-06 01:31:00 +04:00
|
|
|
const uint8_t *buf, int nb_sectors);
|
|
|
|
|
2007-09-17 01:08:06 +04:00
|
|
|
int (*bdrv_snapshot_create)(BlockDriverState *bs,
|
2006-08-06 01:31:00 +04:00
|
|
|
QEMUSnapshotInfo *sn_info);
|
2007-09-17 01:08:06 +04:00
|
|
|
int (*bdrv_snapshot_goto)(BlockDriverState *bs,
|
2006-08-06 01:31:00 +04:00
|
|
|
const char *snapshot_id);
|
snapshot: distinguish id and name in snapshot delete
Snapshot creation actually already distinguish id and name since it take
a structured parameter *sn, but delete can't. Later an accurate delete
is needed in qmp_transaction abort and blockdev-snapshot-delete-sync,
so change its prototype. Also *errp is added to tip error, but return
value is kepted to let caller check what kind of error happens. Existing
caller for it are savevm, delvm and qemu-img, they are not impacted by
introducing a new function bdrv_snapshot_delete_by_id_or_name(), which
check the return value and do the operation again.
Before this patch:
For qcow2, it search id first then name to find the one to delete.
For rbd, it search name.
For sheepdog, it does nothing.
After this patch:
For qcow2, logic is the same by call it twice in caller.
For rbd, it always fails in delete with id, but still search for name
in second try, no change to user.
Some code for *errp is based on Pavel's patch.
Signed-off-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-09-11 10:04:33 +04:00
|
|
|
int (*bdrv_snapshot_delete)(BlockDriverState *bs,
|
|
|
|
const char *snapshot_id,
|
|
|
|
const char *name,
|
|
|
|
Error **errp);
|
2007-09-17 01:08:06 +04:00
|
|
|
int (*bdrv_snapshot_list)(BlockDriverState *bs,
|
2006-08-06 01:31:00 +04:00
|
|
|
QEMUSnapshotInfo **psn_info);
|
2010-09-22 06:58:41 +04:00
|
|
|
int (*bdrv_snapshot_load_tmp)(BlockDriverState *bs,
|
2013-12-04 13:10:54 +04:00
|
|
|
const char *snapshot_id,
|
|
|
|
const char *name,
|
|
|
|
Error **errp);
|
2006-08-06 01:31:00 +04:00
|
|
|
int (*bdrv_get_info)(BlockDriverState *bs, BlockDriverInfo *bdi);
|
2013-10-09 12:46:16 +04:00
|
|
|
ImageInfoSpecific *(*bdrv_get_specific_info)(BlockDriverState *bs);
|
2006-08-01 20:21:11 +04:00
|
|
|
|
2016-06-09 17:24:44 +03:00
|
|
|
int coroutine_fn (*bdrv_save_vmstate)(BlockDriverState *bs,
|
|
|
|
QEMUIOVector *qiov,
|
|
|
|
int64_t pos);
|
|
|
|
int coroutine_fn (*bdrv_load_vmstate)(BlockDriverState *bs,
|
|
|
|
QEMUIOVector *qiov,
|
|
|
|
int64_t pos);
|
2009-04-05 23:10:55 +04:00
|
|
|
|
2010-01-12 14:55:17 +03:00
|
|
|
int (*bdrv_change_backing_file)(BlockDriverState *bs,
|
|
|
|
const char *backing_file, const char *backing_fmt);
|
|
|
|
|
2006-08-19 15:45:59 +04:00
|
|
|
/* removable device specific */
|
2015-10-19 18:53:11 +03:00
|
|
|
bool (*bdrv_is_inserted)(BlockDriverState *bs);
|
2006-08-19 15:45:59 +04:00
|
|
|
int (*bdrv_media_changed)(BlockDriverState *bs);
|
2012-02-03 22:24:53 +04:00
|
|
|
void (*bdrv_eject)(BlockDriverState *bs, bool eject_flag);
|
2011-09-06 20:58:47 +04:00
|
|
|
void (*bdrv_lock_medium)(BlockDriverState *bs, bool locked);
|
2007-09-17 12:09:54 +04:00
|
|
|
|
2007-12-24 19:10:43 +03:00
|
|
|
/* to control generic scsi devices */
|
2014-10-07 15:59:14 +04:00
|
|
|
BlockAIOCB *(*bdrv_aio_ioctl)(BlockDriverState *bs,
|
2009-03-28 20:28:41 +03:00
|
|
|
unsigned long int req, void *buf,
|
2014-10-07 15:59:15 +04:00
|
|
|
BlockCompletionFunc *cb, void *opaque);
|
2007-12-24 19:10:43 +03:00
|
|
|
|
2009-05-18 18:42:10 +04:00
|
|
|
/* List of options for creating images, terminated by name == NULL */
|
2014-06-05 13:20:51 +04:00
|
|
|
QemuOptsList *create_opts;
|
2009-03-28 20:55:10 +03:00
|
|
|
|
2010-06-29 14:37:54 +04:00
|
|
|
/*
|
|
|
|
* Returns 0 for completed check, -errno for internal errors.
|
|
|
|
* The check results are stored in result.
|
|
|
|
*/
|
2012-05-11 18:07:02 +04:00
|
|
|
int (*bdrv_check)(BlockDriverState* bs, BdrvCheckResult *result,
|
|
|
|
BdrvCheckMode fix);
|
2009-04-22 03:11:50 +04:00
|
|
|
|
2014-10-27 13:12:50 +03:00
|
|
|
int (*bdrv_amend_options)(BlockDriverState *bs, QemuOpts *opts,
|
2015-07-27 18:51:32 +03:00
|
|
|
BlockDriverAmendStatusCB *status_cb,
|
|
|
|
void *cb_opaque);
|
2013-09-03 12:09:50 +04:00
|
|
|
|
2015-11-18 11:52:54 +03:00
|
|
|
void (*bdrv_debug_event)(BlockDriverState *bs, BlkdebugEvent event);
|
2010-03-15 19:27:00 +03:00
|
|
|
|
2012-12-06 17:32:58 +04:00
|
|
|
/* TODO Better pass a option string/QDict/QemuOpts to add any rule? */
|
|
|
|
int (*bdrv_debug_breakpoint)(BlockDriverState *bs, const char *event,
|
|
|
|
const char *tag);
|
2013-11-20 06:01:54 +04:00
|
|
|
int (*bdrv_debug_remove_breakpoint)(BlockDriverState *bs,
|
|
|
|
const char *tag);
|
2012-12-06 17:32:58 +04:00
|
|
|
int (*bdrv_debug_resume)(BlockDriverState *bs, const char *tag);
|
|
|
|
bool (*bdrv_debug_is_suspended)(BlockDriverState *bs, const char *tag);
|
|
|
|
|
2014-07-16 19:48:16 +04:00
|
|
|
void (*bdrv_refresh_limits)(BlockDriverState *bs, Error **errp);
|
2013-12-11 22:26:16 +04:00
|
|
|
|
2010-07-28 13:26:29 +04:00
|
|
|
/*
|
|
|
|
* Returns 1 if newly created images are guaranteed to contain only
|
|
|
|
* zeros, 0 otherwise.
|
|
|
|
*/
|
|
|
|
int (*bdrv_has_zero_init)(BlockDriverState *bs);
|
2009-11-30 18:54:15 +03:00
|
|
|
|
2014-05-08 18:34:37 +04:00
|
|
|
/* Remove fd handlers, timers, and other event loop callbacks so the event
|
|
|
|
* loop is no longer in use. Called with no in-flight requests and in
|
|
|
|
* depth-first traversal order with parents before child nodes.
|
|
|
|
*/
|
|
|
|
void (*bdrv_detach_aio_context)(BlockDriverState *bs);
|
|
|
|
|
|
|
|
/* Add fd handlers, timers, and other event loop callbacks so I/O requests
|
|
|
|
* can be processed again. Called with no in-flight requests and in
|
|
|
|
* depth-first traversal order with child nodes before parent nodes.
|
|
|
|
*/
|
|
|
|
void (*bdrv_attach_aio_context)(BlockDriverState *bs,
|
|
|
|
AioContext *new_context);
|
|
|
|
|
2014-07-04 14:04:33 +04:00
|
|
|
/* io queue for linux-aio */
|
|
|
|
void (*bdrv_io_plug)(BlockDriverState *bs);
|
|
|
|
void (*bdrv_io_unplug)(BlockDriverState *bs);
|
|
|
|
|
2015-02-16 14:47:54 +03:00
|
|
|
/**
|
|
|
|
* Try to get @bs's logical and physical block size.
|
|
|
|
* On success, store them in @bsz and return zero.
|
|
|
|
* On failure, return negative errno.
|
|
|
|
*/
|
|
|
|
int (*bdrv_probe_blocksizes)(BlockDriverState *bs, BlockSizes *bsz);
|
|
|
|
/**
|
|
|
|
* Try to get @bs's geometry (cyls, heads, sectors)
|
|
|
|
* On success, store them in @geo and return 0.
|
|
|
|
* On failure return -errno.
|
|
|
|
* Only drivers that want to override guest geometry implement this
|
|
|
|
* callback; see hd_geometry_guess().
|
|
|
|
*/
|
|
|
|
int (*bdrv_probe_geometry)(BlockDriverState *bs, HDGeometry *geo);
|
|
|
|
|
2015-11-09 13:16:53 +03:00
|
|
|
/**
|
|
|
|
* Drain and stop any internal sources of requests in the driver, and
|
|
|
|
* remain so until next I/O callback (e.g. bdrv_co_writev) is called.
|
|
|
|
*/
|
|
|
|
void (*bdrv_drain)(BlockDriverState *bs);
|
|
|
|
|
2016-05-10 10:36:37 +03:00
|
|
|
void (*bdrv_add_child)(BlockDriverState *parent, BlockDriverState *child,
|
|
|
|
Error **errp);
|
|
|
|
void (*bdrv_del_child)(BlockDriverState *parent, BdrvChild *child,
|
|
|
|
Error **errp);
|
|
|
|
|
2010-04-13 13:29:33 +04:00
|
|
|
QLIST_ENTRY(BlockDriver) list;
|
2004-08-02 01:59:26 +04:00
|
|
|
};
|
|
|
|
|
2013-10-24 14:06:56 +04:00
|
|
|
typedef struct BlockLimits {
|
|
|
|
/* maximum number of sectors that can be discarded at once */
|
|
|
|
int max_discard;
|
|
|
|
|
|
|
|
/* optimal alignment for discard requests in sectors */
|
|
|
|
int64_t discard_alignment;
|
|
|
|
|
2016-06-02 00:10:02 +03:00
|
|
|
/* maximum number of bytes that can zeroized at once (since it is
|
|
|
|
* signed, it must be < 2G, if set) */
|
|
|
|
int32_t max_pwrite_zeroes;
|
2013-10-24 14:06:56 +04:00
|
|
|
|
2016-06-02 00:10:02 +03:00
|
|
|
/* optimal alignment for write zeroes requests in bytes, must be
|
|
|
|
* power of 2, and less than max_pwrite_zeroes if that is set */
|
|
|
|
uint32_t pwrite_zeroes_alignment;
|
2013-11-27 14:07:04 +04:00
|
|
|
|
|
|
|
/* optimal transfer length in sectors */
|
|
|
|
int opt_transfer_length;
|
2013-11-28 13:23:32 +04:00
|
|
|
|
2014-10-27 12:18:44 +03:00
|
|
|
/* maximal transfer length in sectors */
|
|
|
|
int max_transfer_length;
|
|
|
|
|
2013-11-28 13:23:32 +04:00
|
|
|
/* memory alignment so that no bounce buffer is needed */
|
2015-05-12 17:30:55 +03:00
|
|
|
size_t min_mem_alignment;
|
|
|
|
|
|
|
|
/* memory alignment for bounce buffer */
|
2013-11-28 13:23:32 +04:00
|
|
|
size_t opt_mem_alignment;
|
2015-07-09 12:56:44 +03:00
|
|
|
|
|
|
|
/* maximum number of iovec elements */
|
|
|
|
int max_iov;
|
2013-10-24 14:06:56 +04:00
|
|
|
} BlockLimits;
|
|
|
|
|
2014-05-23 17:29:42 +04:00
|
|
|
typedef struct BdrvOpBlocker BdrvOpBlocker;
|
|
|
|
|
2014-06-20 23:57:33 +04:00
|
|
|
typedef struct BdrvAioNotifier {
|
|
|
|
void (*attached_aio_context)(AioContext *new_context, void *opaque);
|
|
|
|
void (*detach_aio_context)(void *opaque);
|
|
|
|
|
|
|
|
void *opaque;
|
2016-06-16 19:56:26 +03:00
|
|
|
bool deleted;
|
2014-06-20 23:57:33 +04:00
|
|
|
|
|
|
|
QLIST_ENTRY(BdrvAioNotifier) list;
|
|
|
|
} BdrvAioNotifier;
|
|
|
|
|
2015-04-08 14:43:47 +03:00
|
|
|
struct BdrvChildRole {
|
2015-04-29 18:29:39 +03:00
|
|
|
void (*inherit_options)(int *child_flags, QDict *child_options,
|
|
|
|
int parent_flags, QDict *parent_options);
|
2016-03-22 14:05:35 +03:00
|
|
|
|
2016-02-24 17:13:35 +03:00
|
|
|
void (*change_media)(BdrvChild *child, bool load);
|
|
|
|
void (*resize)(BdrvChild *child);
|
|
|
|
|
2016-02-26 12:22:16 +03:00
|
|
|
/* Returns a name that is supposedly more useful for human users than the
|
|
|
|
* node name for identifying the node in question (in particular, a BB
|
|
|
|
* name), or NULL if the parent can't provide a better name. */
|
|
|
|
const char* (*get_name)(BdrvChild *child);
|
|
|
|
|
2016-03-22 14:05:35 +03:00
|
|
|
/*
|
|
|
|
* If this pair of functions is implemented, the parent doesn't issue new
|
|
|
|
* requests after returning from .drained_begin() until .drained_end() is
|
|
|
|
* called.
|
|
|
|
*
|
|
|
|
* Note that this can be nested. If drained_begin() was called twice, new
|
|
|
|
* I/O is allowed only after drained_end() was called twice, too.
|
|
|
|
*/
|
|
|
|
void (*drained_begin)(BdrvChild *child);
|
|
|
|
void (*drained_end)(BdrvChild *child);
|
2015-04-08 14:43:47 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
extern const BdrvChildRole child_file;
|
|
|
|
extern const BdrvChildRole child_format;
|
|
|
|
|
2015-06-15 14:24:19 +03:00
|
|
|
struct BdrvChild {
|
2015-04-08 14:49:41 +03:00
|
|
|
BlockDriverState *bs;
|
2015-04-27 14:46:22 +03:00
|
|
|
char *name;
|
2015-04-08 14:49:41 +03:00
|
|
|
const BdrvChildRole *role;
|
2016-02-24 17:13:35 +03:00
|
|
|
void *opaque;
|
2015-04-08 14:49:41 +03:00
|
|
|
QLIST_ENTRY(BdrvChild) next;
|
2015-09-17 14:18:23 +03:00
|
|
|
QLIST_ENTRY(BdrvChild) next_parent;
|
2015-06-15 14:24:19 +03:00
|
|
|
};
|
2015-04-08 14:49:41 +03:00
|
|
|
|
2012-02-29 00:54:06 +04:00
|
|
|
/*
|
|
|
|
* Note: the function bdrv_append() copies and swaps contents of
|
|
|
|
* BlockDriverStates, so if you add new fields to this struct, please
|
|
|
|
* inspect bdrv_append() to determine if the new fields need to be
|
|
|
|
* copied as well.
|
|
|
|
*/
|
2004-08-02 01:59:26 +04:00
|
|
|
struct BlockDriverState {
|
2006-08-06 17:35:09 +04:00
|
|
|
int64_t total_sectors; /* if we are reading a disk image, give its
|
|
|
|
size in sectors */
|
2004-08-02 01:59:26 +04:00
|
|
|
int read_only; /* if true, the media is read only */
|
2010-02-14 14:39:18 +03:00
|
|
|
int open_flags; /* flags used to open the file, re-used for re-open */
|
2004-08-02 01:59:26 +04:00
|
|
|
int encrypted; /* if true, the media is encrypted */
|
2009-03-06 02:01:01 +03:00
|
|
|
int valid_key; /* if true, a valid encryption key has been set */
|
2007-12-24 19:10:43 +03:00
|
|
|
int sg; /* if true, the device is a /dev/sg* */
|
2011-11-28 20:08:47 +04:00
|
|
|
int copy_on_read; /* if true, copy read backing sectors into image
|
|
|
|
note this is a reference count */
|
raw: Prohibit dangerous writes for probed images
If the user neglects to specify the image format, QEMU probes the
image to guess it automatically, for convenience.
Relying on format probing is insecure for raw images (CVE-2008-2004).
If the guest writes a suitable header to the device, the next probe
will recognize a format chosen by the guest. A malicious guest can
abuse this to gain access to host files, e.g. by crafting a QCOW2
header with backing file /etc/shadow.
Commit 1e72d3b (April 2008) provided -drive parameter format to let
users disable probing. Commit f965509 (March 2009) extended QCOW2 to
optionally store the backing file format, to let users disable backing
file probing. QED has had a flag to suppress probing since the
beginning (2010), set whenever a raw backing file is assigned.
All of these additions that allow to avoid format probing have to be
specified explicitly. The default still allows the attack.
In order to fix this, commit 79368c8 (July 2010) put probed raw images
in a restricted mode, in which they wouldn't be able to overwrite the
first few bytes of the image so that they would identify as a different
image. If a write to the first sector would write one of the signatures
of another driver, qemu would instead zero out the first four bytes.
This patch was later reverted in commit 8b33d9e (September 2010) because
it didn't get the handling of unaligned qiov members right.
Today's block layer that is based on coroutines and has qiov utility
functions makes it much easier to get this functionality right, so this
patch implements it.
The other differences of this patch to the old one are that it doesn't
silently write something different than the guest requested by zeroing
out some bytes (it fails the request instead) and that it doesn't
maintain a list of signatures in the raw driver (it calls the usual
probe function instead).
Note that this change doesn't introduce new breakage for false positive
cases where the guest legitimately writes data into the first sector
that matches the signatures of an image format (e.g. for nested virt):
These cases were broken before, only the failure mode changes from
corruption after the next restart (when the wrong format is probed) to
failing the problematic write request.
Also note that like in the original patch, the restrictions only apply
if the image format has been guessed by probing. Explicitly specifying a
format allows guests to write anything they like.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1416497234-29880-8-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-11-20 18:27:12 +03:00
|
|
|
bool probed;
|
2004-08-02 01:59:26 +04:00
|
|
|
|
2006-08-19 15:45:59 +04:00
|
|
|
BlockDriver *drv; /* NULL means no media */
|
2004-08-02 01:59:26 +04:00
|
|
|
void *opaque;
|
|
|
|
|
2014-05-08 18:34:37 +04:00
|
|
|
AioContext *aio_context; /* event loop used for fd handlers, timers, etc */
|
2014-06-20 23:57:33 +04:00
|
|
|
/* long-running tasks intended to always use the same AioContext as this
|
|
|
|
* BDS may register themselves in this list to be notified of changes
|
|
|
|
* regarding this BDS's context */
|
|
|
|
QLIST_HEAD(, BdrvAioNotifier) aio_notifiers;
|
2016-06-16 19:56:26 +03:00
|
|
|
bool walking_aio_notifiers; /* to make removal during iteration safe */
|
2014-05-08 18:34:37 +04:00
|
|
|
|
2015-01-22 16:03:30 +03:00
|
|
|
char filename[PATH_MAX];
|
|
|
|
char backing_file[PATH_MAX]; /* if non zero, the image is a diff of
|
|
|
|
this file image */
|
2009-03-28 20:55:10 +03:00
|
|
|
char backing_format[16]; /* if non-zero and backing_file exists */
|
2006-08-19 15:45:59 +04:00
|
|
|
|
2014-07-18 22:24:56 +04:00
|
|
|
QDict *full_open_options;
|
2015-01-22 16:03:30 +03:00
|
|
|
char exact_filename[PATH_MAX];
|
2014-07-18 22:24:56 +04:00
|
|
|
|
2015-06-17 15:55:21 +03:00
|
|
|
BdrvChild *backing;
|
2015-06-16 15:19:22 +03:00
|
|
|
BdrvChild *file;
|
2010-04-14 16:17:38 +04:00
|
|
|
|
2013-06-24 19:13:10 +04:00
|
|
|
/* Callback before write request is processed */
|
|
|
|
NotifierWithReturnList before_write_notifiers;
|
|
|
|
|
2013-12-04 19:43:44 +04:00
|
|
|
/* number of in-flight serialising requests */
|
|
|
|
unsigned int serialising_in_flight;
|
2012-01-18 18:40:42 +04:00
|
|
|
|
2015-10-19 18:53:20 +03:00
|
|
|
/* Offset after the highest byte written to */
|
|
|
|
uint64_t wr_highest_offset;
|
|
|
|
|
2013-10-24 14:06:56 +04:00
|
|
|
/* I/O Limits */
|
|
|
|
BlockLimits bl;
|
|
|
|
|
2011-11-29 15:42:20 +04:00
|
|
|
/* Alignment requirement for offset/length of I/O requests */
|
|
|
|
unsigned int request_alignment;
|
2016-05-04 01:39:06 +03:00
|
|
|
/* Flags honored during pwrite (so far: BDRV_REQ_FUA) */
|
|
|
|
unsigned int supported_write_flags;
|
2016-06-02 00:10:03 +03:00
|
|
|
/* Flags honored during pwrite_zeroes (so far: BDRV_REQ_FUA,
|
block: Honor BDRV_REQ_FUA during write_zeroes
The block layer has a couple of cases where it can lose
Force Unit Access semantics when writing a large block of
zeroes, such that the request returns before the zeroes
have been guaranteed to land on underlying media.
SCSI does not support FUA during WRITESAME(10/16); FUA is only
supported if it falls back to WRITE(10/16). But where the
underlying device is new enough to not need a fallback, it
means that any upper layer request with FUA semantics was
silently ignoring BDRV_REQ_FUA.
Conversely, NBD has situations where it can support FUA but not
ZERO_WRITE; when that happens, the generic block layer fallback
to bdrv_driver_pwritev() (or the older bdrv_co_writev() in qemu
2.6) was losing the FUA flag.
The problem of losing flags unrelated to ZERO_WRITE has been
latent in bdrv_co_do_write_zeroes() since commit aa7bfbff, but
back then, it did not matter because there was no FUA flag. It
became observable when commit 93f5e6d8 paved the way for flags
that can impact correctness, when we should have been using
bdrv_co_writev_flags() with modified flags. Compare to commit
9eeb6dd, which got flag manipulation right in
bdrv_co_do_zero_pwritev().
Symptoms: I tested with qemu-io with default writethrough cache
(which is supposed to use FUA semantics on every write), and
targetted an NBD client connected to a server that intentionally
did not advertise NBD_FLAG_SEND_FUA. When doing 'write 0 512',
the NBD client sent two operations (NBD_CMD_WRITE then
NBD_CMD_FLUSH) to get the fallback FUA semantics; but when doing
'write -z 0 512', the NBD client sent only NBD_CMD_WRITE.
The fix is do to a cleanup bdrv_co_flush() at the end of the
operation if any step in the middle relied on a BDS that does
not natively support FUA for that step (note that we don't
need to flush after every operation, if the operation is broken
into chunks based on bounce-buffer sizing). Each BDS gains a
new flag .supported_zero_flags, which parallels the use of
.supported_write_flags but only when accessing a zero write
operation (the flags MUST be different, because of SCSI having
different semantics based on WRITE vs. WRITESAME; and also
because BDRV_REQ_MAY_UNMAP only makes sense on zero writes).
Also fix some documentation to describe -ENOTSUP semantics,
particularly since iscsi depends on those semantics.
Down the road, we may want to add a driver where its
.bdrv_co_pwritev() honors all three of BDRV_REQ_FUA,
BDRV_REQ_ZERO_WRITE, and BDRV_REQ_MAY_UNMAP, and advertise
this via bs->supported_write_flags for blocks opened by that
driver; such a driver should NOT supply .bdrv_co_write_zeroes
nor .supported_zero_flags. But none of the drivers touched
in this patch want to do that (the act of writing zeroes is
different enough from normal writes to deserve a second
callback).
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-05-04 01:39:07 +03:00
|
|
|
* BDRV_REQ_MAY_UNMAP) */
|
|
|
|
unsigned int supported_zero_flags;
|
2011-11-29 15:42:20 +04:00
|
|
|
|
2014-01-24 00:31:32 +04:00
|
|
|
/* the following member gives a name to every node on the bs graph. */
|
|
|
|
char node_name[32];
|
|
|
|
/* element of the list of named nodes building the graph */
|
|
|
|
QTAILQ_ENTRY(BlockDriverState) node_list;
|
2016-01-29 18:36:11 +03:00
|
|
|
/* element of the list of all BlockDriverStates (all_bdrv_states) */
|
|
|
|
QTAILQ_ENTRY(BlockDriverState) bs_list;
|
2016-01-29 18:36:12 +03:00
|
|
|
/* element of the list of monitor-owned BDS */
|
|
|
|
QTAILQ_ENTRY(BlockDriverState) monitor_list;
|
2013-11-13 14:29:43 +04:00
|
|
|
QLIST_HEAD(, BdrvDirtyBitmap) dirty_bitmaps;
|
2013-08-23 05:14:46 +04:00
|
|
|
int refcnt;
|
2011-11-17 17:40:27 +04:00
|
|
|
|
|
|
|
QLIST_HEAD(, BdrvTrackedRequest) tracked_requests;
|
2012-01-18 18:40:43 +04:00
|
|
|
|
2014-05-23 17:29:42 +04:00
|
|
|
/* operation blockers */
|
|
|
|
QLIST_HEAD(, BdrvOpBlocker) op_blockers[BLOCK_OP_TYPE_MAX];
|
|
|
|
|
2012-01-18 18:40:43 +04:00
|
|
|
/* long-running background operation */
|
|
|
|
BlockJob *job;
|
2012-09-20 23:13:19 +04:00
|
|
|
|
2015-04-09 19:47:50 +03:00
|
|
|
/* The node that this node inherited default options from (and a reopen on
|
|
|
|
* which can affect this node by changing these defaults). This is always a
|
|
|
|
* parent node of this node. */
|
|
|
|
BlockDriverState *inherits_from;
|
2015-04-08 14:49:41 +03:00
|
|
|
QLIST_HEAD(, BdrvChild) children;
|
2015-09-17 14:18:23 +03:00
|
|
|
QLIST_HEAD(, BdrvChild) parents;
|
2015-04-08 14:49:41 +03:00
|
|
|
|
2013-03-15 13:35:02 +04:00
|
|
|
QDict *options;
|
2015-05-08 17:15:03 +03:00
|
|
|
QDict *explicit_options;
|
2014-05-18 02:58:19 +04:00
|
|
|
BlockdevDetectZeroesOptions detect_zeroes;
|
2014-05-23 17:29:47 +04:00
|
|
|
|
|
|
|
/* The error object in use for blocking operations on backing_hd */
|
|
|
|
Error *backing_blocker;
|
block: add event when disk usage exceeds threshold
Managing applications, like oVirt (http://www.ovirt.org), make extensive
use of thin-provisioned disk images.
To let the guest run smoothly and be not unnecessarily paused, oVirt sets
a disk usage threshold (so called 'high water mark') based on the occupation
of the device, and automatically extends the image once the threshold
is reached or exceeded.
In order to detect the crossing of the threshold, oVirt has no choice but
aggressively polling the QEMU monitor using the query-blockstats command.
This lead to unnecessary system load, and is made even worse under scale:
deployments with hundreds of VMs are no longer rare.
To fix this, this patch adds:
* A new monitor command `block-set-write-threshold', to set a mark for
a given block device.
* A new event `BLOCK_WRITE_THRESHOLD', to report if a block device
usage exceeds the threshold.
* A new `write_threshold' field into the `BlockDeviceInfo' structure,
to report the configured threshold.
This will allow the managing application to use smarter and more
efficient monitoring, greatly reducing the need of polling.
[Updated qemu-iotests 067 output to add the new 'write_threshold'
property. --Stefan]
[Changed g_assert_false() to !g_assert() to fix the build on older glib
versions. --Kevin]
Signed-off-by: Francesco Romani <fromani@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1421068273-692-1-git-send-email-fromani@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-01-12 16:11:13 +03:00
|
|
|
|
|
|
|
/* threshold limit for writes, in bytes. "High water mark". */
|
|
|
|
uint64_t write_threshold_offset;
|
|
|
|
NotifierWithReturn write_threshold_notifier;
|
2015-10-23 06:08:09 +03:00
|
|
|
|
2016-04-07 19:33:34 +03:00
|
|
|
/* counters for nested bdrv_io_plug and bdrv_io_unplugged_begin */
|
|
|
|
unsigned io_plugged;
|
|
|
|
unsigned io_plug_disabled;
|
|
|
|
|
2015-10-23 06:08:09 +03:00
|
|
|
int quiesce_counter;
|
2004-08-02 01:59:26 +04:00
|
|
|
};
|
|
|
|
|
2015-10-19 18:53:24 +03:00
|
|
|
struct BlockBackendRootState {
|
|
|
|
int open_flags;
|
|
|
|
bool read_only;
|
|
|
|
BlockdevDetectZeroesOptions detect_zeroes;
|
|
|
|
};
|
|
|
|
|
block/mirror: Fix target backing BDS
Currently, we are trying to move the backing BDS from the source to the
target in bdrv_replace_in_backing_chain() which is called from
mirror_exit(). However, mirror_complete() already tries to open the
target's backing chain with a call to bdrv_open_backing_file().
First, we should only set the target's backing BDS once. Second, the
mirroring block job has a better idea of what to set it to than the
generic code in bdrv_replace_in_backing_chain() (in fact, the latter's
conditions on when to move the backing BDS from source to target are not
really correct).
Therefore, remove that code from bdrv_replace_in_backing_chain() and
leave it to mirror_complete().
Depending on what kind of mirroring is performed, we furthermore want to
use different strategies to open the target's backing chain:
- If blockdev-mirror is used, we can assume the user made sure that the
target already has the correct backing chain. In particular, we should
not try to open a backing file if the target does not have any yet.
- If drive-mirror with mode=absolute-paths is used, we can and should
reuse the already existing chain of nodes that the source BDS is in.
In case of sync=full, no backing BDS is required; with sync=top, we
just link the source's backing BDS to the target, and with sync=none,
we use the source BDS as the target's backing BDS.
We should not try to open these backing files anew because this would
lead to two BDSs existing per physical file in the backing chain, and
we would like to avoid such concurrent access.
- If drive-mirror with mode=existing is used, we have to use the
information provided in the physical image file which means opening
the target's backing chain completely anew, just as it has been done
already.
If the target's backing chain shares images with the source, this may
lead to multiple BDSs per physical image file. But since we cannot
reliably ascertain this case, there is nothing we can do about it.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 20160610185750.30956-3-mreitz@redhat.com
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-06-10 21:57:47 +03:00
|
|
|
typedef enum BlockMirrorBackingMode {
|
|
|
|
/* Reuse the existing backing chain from the source for the target.
|
|
|
|
* - sync=full: Set backing BDS to NULL.
|
|
|
|
* - sync=top: Use source's backing BDS.
|
|
|
|
* - sync=none: Use source as the backing BDS. */
|
|
|
|
MIRROR_SOURCE_BACKING_CHAIN,
|
|
|
|
|
|
|
|
/* Open the target's backing chain completely anew */
|
|
|
|
MIRROR_OPEN_BACKING_CHAIN,
|
|
|
|
|
|
|
|
/* Do not change the target's backing BDS after job completion */
|
|
|
|
MIRROR_LEAVE_BACKING_CHAIN,
|
|
|
|
} BlockMirrorBackingMode;
|
|
|
|
|
2015-06-17 15:55:21 +03:00
|
|
|
static inline BlockDriverState *backing_bs(BlockDriverState *bs)
|
|
|
|
{
|
|
|
|
return bs->backing ? bs->backing->bs : NULL;
|
|
|
|
}
|
|
|
|
|
2014-12-02 20:32:41 +03:00
|
|
|
|
|
|
|
/* Essential block drivers which must always be statically linked into qemu, and
|
|
|
|
* which therefore can be accessed without using bdrv_find_format() */
|
|
|
|
extern BlockDriver bdrv_file;
|
|
|
|
extern BlockDriver bdrv_raw;
|
|
|
|
extern BlockDriver bdrv_qcow2;
|
|
|
|
|
2015-04-28 16:27:51 +03:00
|
|
|
/**
|
|
|
|
* bdrv_setup_io_funcs:
|
|
|
|
*
|
|
|
|
* Prepare a #BlockDriver for I/O request processing by populating
|
|
|
|
* unimplemented coroutine and AIO interfaces with generic wrapper functions
|
|
|
|
* that fall back to implemented interfaces.
|
|
|
|
*/
|
|
|
|
void bdrv_setup_io_funcs(BlockDriver *bdrv);
|
2014-12-02 20:32:41 +03:00
|
|
|
|
2016-04-25 15:57:23 +03:00
|
|
|
int coroutine_fn bdrv_co_preadv(BlockDriverState *bs,
|
2016-03-08 15:47:47 +03:00
|
|
|
int64_t offset, unsigned int bytes, QEMUIOVector *qiov,
|
|
|
|
BdrvRequestFlags flags);
|
2016-04-25 15:57:23 +03:00
|
|
|
int coroutine_fn bdrv_co_pwritev(BlockDriverState *bs,
|
2016-03-08 15:47:48 +03:00
|
|
|
int64_t offset, unsigned int bytes, QEMUIOVector *qiov,
|
|
|
|
BdrvRequestFlags flags);
|
2016-03-08 15:47:47 +03:00
|
|
|
|
2012-05-28 11:27:54 +04:00
|
|
|
int get_tmp_filename(char *filename, int size);
|
raw: Prohibit dangerous writes for probed images
If the user neglects to specify the image format, QEMU probes the
image to guess it automatically, for convenience.
Relying on format probing is insecure for raw images (CVE-2008-2004).
If the guest writes a suitable header to the device, the next probe
will recognize a format chosen by the guest. A malicious guest can
abuse this to gain access to host files, e.g. by crafting a QCOW2
header with backing file /etc/shadow.
Commit 1e72d3b (April 2008) provided -drive parameter format to let
users disable probing. Commit f965509 (March 2009) extended QCOW2 to
optionally store the backing file format, to let users disable backing
file probing. QED has had a flag to suppress probing since the
beginning (2010), set whenever a raw backing file is assigned.
All of these additions that allow to avoid format probing have to be
specified explicitly. The default still allows the attack.
In order to fix this, commit 79368c8 (July 2010) put probed raw images
in a restricted mode, in which they wouldn't be able to overwrite the
first few bytes of the image so that they would identify as a different
image. If a write to the first sector would write one of the signatures
of another driver, qemu would instead zero out the first four bytes.
This patch was later reverted in commit 8b33d9e (September 2010) because
it didn't get the handling of unaligned qiov members right.
Today's block layer that is based on coroutines and has qiov utility
functions makes it much easier to get this functionality right, so this
patch implements it.
The other differences of this patch to the old one are that it doesn't
silently write something different than the guest requested by zeroing
out some bytes (it fails the request instead) and that it doesn't
maintain a list of signatures in the raw driver (it calls the usual
probe function instead).
Note that this change doesn't introduce new breakage for false positive
cases where the guest legitimately writes data into the first sector
that matches the signatures of an image format (e.g. for nested virt):
These cases were broken before, only the failure mode changes from
corruption after the next restart (when the wrong format is probed) to
failing the problematic write request.
Also note that like in the original patch, the restrictions only apply
if the image format has been guessed by probing. Explicitly specifying a
format allows guests to write anything they like.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1416497234-29880-8-git-send-email-kwolf@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-11-20 18:27:12 +03:00
|
|
|
BlockDriver *bdrv_probe_all(const uint8_t *buf, int buf_size,
|
|
|
|
const char *filename);
|
2005-12-18 21:28:15 +03:00
|
|
|
|
2011-11-03 12:57:25 +04:00
|
|
|
|
2013-06-24 19:13:10 +04:00
|
|
|
/**
|
|
|
|
* bdrv_add_before_write_notifier:
|
|
|
|
*
|
|
|
|
* Register a callback that is invoked before write requests are processed but
|
|
|
|
* after any throttling or waiting for overlapping requests.
|
|
|
|
*/
|
|
|
|
void bdrv_add_before_write_notifier(BlockDriverState *bs,
|
|
|
|
NotifierWithReturn *notifier);
|
|
|
|
|
2014-05-08 18:34:37 +04:00
|
|
|
/**
|
|
|
|
* bdrv_detach_aio_context:
|
|
|
|
*
|
|
|
|
* May be called from .bdrv_detach_aio_context() to detach children from the
|
|
|
|
* current #AioContext. This is only needed by block drivers that manage their
|
2015-06-17 15:55:21 +03:00
|
|
|
* own children. Both ->file and ->backing are automatically handled and
|
2014-05-08 18:34:37 +04:00
|
|
|
* block drivers should not call this function on them explicitly.
|
|
|
|
*/
|
|
|
|
void bdrv_detach_aio_context(BlockDriverState *bs);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* bdrv_attach_aio_context:
|
|
|
|
*
|
|
|
|
* May be called from .bdrv_attach_aio_context() to attach children to the new
|
|
|
|
* #AioContext. This is only needed by block drivers that manage their own
|
2015-06-17 15:55:21 +03:00
|
|
|
* children. Both ->file and ->backing are automatically handled and block
|
2014-05-08 18:34:37 +04:00
|
|
|
* drivers should not call this function on them explicitly.
|
|
|
|
*/
|
|
|
|
void bdrv_attach_aio_context(BlockDriverState *bs,
|
|
|
|
AioContext *new_context);
|
|
|
|
|
2014-06-20 23:57:33 +04:00
|
|
|
/**
|
|
|
|
* bdrv_add_aio_context_notifier:
|
|
|
|
*
|
|
|
|
* If a long-running job intends to be always run in the same AioContext as a
|
|
|
|
* certain BDS, it may use this function to be notified of changes regarding the
|
|
|
|
* association of the BDS to an AioContext.
|
|
|
|
*
|
|
|
|
* attached_aio_context() is called after the target BDS has been attached to a
|
|
|
|
* new AioContext; detach_aio_context() is called before the target BDS is being
|
|
|
|
* detached from its old AioContext.
|
|
|
|
*/
|
|
|
|
void bdrv_add_aio_context_notifier(BlockDriverState *bs,
|
|
|
|
void (*attached_aio_context)(AioContext *new_context, void *opaque),
|
|
|
|
void (*detach_aio_context)(void *opaque), void *opaque);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* bdrv_remove_aio_context_notifier:
|
|
|
|
*
|
|
|
|
* Unsubscribe of change notifications regarding the BDS's AioContext. The
|
|
|
|
* parameters given here have to be the same as those given to
|
|
|
|
* bdrv_add_aio_context_notifier().
|
|
|
|
*/
|
|
|
|
void bdrv_remove_aio_context_notifier(BlockDriverState *bs,
|
|
|
|
void (*aio_context_attached)(AioContext *,
|
|
|
|
void *),
|
|
|
|
void (*aio_context_detached)(void *),
|
|
|
|
void *opaque);
|
|
|
|
|
2009-06-15 16:04:22 +04:00
|
|
|
#ifdef _WIN32
|
|
|
|
int is_windows_drive(const char *filename);
|
|
|
|
#endif
|
|
|
|
|
2012-03-30 15:17:13 +04:00
|
|
|
/**
|
|
|
|
* stream_start:
|
|
|
|
* @bs: Block device to operate on.
|
|
|
|
* @base: Block device that will become the new base, or %NULL to
|
|
|
|
* flatten the whole backing file chain onto @bs.
|
|
|
|
* @base_id: The file name that will be written to @bs as the new
|
|
|
|
* backing file if the job completes. Ignored if @base is %NULL.
|
2012-04-25 19:51:03 +04:00
|
|
|
* @speed: The maximum speed, in bytes per second, or 0 for unlimited.
|
2012-09-28 19:22:59 +04:00
|
|
|
* @on_error: The action to take upon error.
|
2012-03-30 15:17:13 +04:00
|
|
|
* @cb: Completion function for the job.
|
|
|
|
* @opaque: Opaque pointer value passed to @cb.
|
2012-04-25 19:51:00 +04:00
|
|
|
* @errp: Error object.
|
2012-03-30 15:17:13 +04:00
|
|
|
*
|
|
|
|
* Start a streaming operation on @bs. Clusters that are unallocated
|
|
|
|
* in @bs, but allocated in any image between @base and @bs (both
|
|
|
|
* exclusive) will be written to @bs. At the end of a successful
|
|
|
|
* streaming job, the backing file of @bs will be changed to
|
|
|
|
* @base_id in the written image and to @base in the live BlockDriverState.
|
|
|
|
*/
|
2012-04-25 19:51:00 +04:00
|
|
|
void stream_start(BlockDriverState *bs, BlockDriverState *base,
|
2012-09-28 19:22:59 +04:00
|
|
|
const char *base_id, int64_t speed, BlockdevOnError on_error,
|
2014-10-07 15:59:15 +04:00
|
|
|
BlockCompletionFunc *cb,
|
2012-04-25 19:51:00 +04:00
|
|
|
void *opaque, Error **errp);
|
2012-01-18 18:40:44 +04:00
|
|
|
|
2012-09-27 21:29:13 +04:00
|
|
|
/**
|
|
|
|
* commit_start:
|
2013-12-16 10:45:30 +04:00
|
|
|
* @bs: Active block device.
|
|
|
|
* @top: Top block device to be committed.
|
|
|
|
* @base: Block device that will be written into, and become the new top.
|
2012-09-27 21:29:13 +04:00
|
|
|
* @speed: The maximum speed, in bytes per second, or 0 for unlimited.
|
|
|
|
* @on_error: The action to take upon error.
|
|
|
|
* @cb: Completion function for the job.
|
|
|
|
* @opaque: Opaque pointer value passed to @cb.
|
block: extend block-commit to accept a string for the backing file
On some image chains, QEMU may not always be able to resolve the
filenames properly, when updating the backing file of an image
after a block commit.
For instance, certain relative pathnames may fail, or drives may
have been specified originally by file descriptor (e.g. /dev/fd/???),
or a relative protocol pathname may have been used.
In these instances, QEMU may lack the information to be able to make
the correct choice, but the user or management layer most likely does
have that knowledge.
With this extension to the block-commit api, the user is able to change
the backing file of the overlay image as part of the block-commit
operation.
This allows the change to be 'safe', in the sense that if the attempt
to write the overlay image metadata fails, then the block-commit
operation returns failure, without disrupting the guest.
If the commit top is the active layer, then specifying the backing
file string will be treated as an error (there is no overlay image
to modify in that case).
If a backing file string is not specified in the command, the backing
file string to use is determined in the same manner as it was
previously.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-25 23:40:10 +04:00
|
|
|
* @backing_file_str: String to use as the backing file in @top's overlay
|
2012-09-27 21:29:13 +04:00
|
|
|
* @errp: Error object.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
void commit_start(BlockDriverState *bs, BlockDriverState *base,
|
|
|
|
BlockDriverState *top, int64_t speed,
|
2014-10-07 15:59:15 +04:00
|
|
|
BlockdevOnError on_error, BlockCompletionFunc *cb,
|
block: extend block-commit to accept a string for the backing file
On some image chains, QEMU may not always be able to resolve the
filenames properly, when updating the backing file of an image
after a block commit.
For instance, certain relative pathnames may fail, or drives may
have been specified originally by file descriptor (e.g. /dev/fd/???),
or a relative protocol pathname may have been used.
In these instances, QEMU may lack the information to be able to make
the correct choice, but the user or management layer most likely does
have that knowledge.
With this extension to the block-commit api, the user is able to change
the backing file of the overlay image as part of the block-commit
operation.
This allows the change to be 'safe', in the sense that if the attempt
to write the overlay image metadata fails, then the block-commit
operation returns failure, without disrupting the guest.
If the commit top is the active layer, then specifying the backing
file string will be treated as an error (there is no overlay image
to modify in that case).
If a backing file string is not specified in the command, the backing
file string to use is determined in the same manner as it was
previously.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jeff Cody <jcody@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-25 23:40:10 +04:00
|
|
|
void *opaque, const char *backing_file_str, Error **errp);
|
2013-12-16 10:45:30 +04:00
|
|
|
/**
|
|
|
|
* commit_active_start:
|
|
|
|
* @bs: Active block device to be committed.
|
|
|
|
* @base: Block device that will be written into, and become the new top.
|
|
|
|
* @speed: The maximum speed, in bytes per second, or 0 for unlimited.
|
|
|
|
* @on_error: The action to take upon error.
|
|
|
|
* @cb: Completion function for the job.
|
|
|
|
* @opaque: Opaque pointer value passed to @cb.
|
|
|
|
* @errp: Error object.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
void commit_active_start(BlockDriverState *bs, BlockDriverState *base,
|
|
|
|
int64_t speed,
|
|
|
|
BlockdevOnError on_error,
|
2014-10-07 15:59:15 +04:00
|
|
|
BlockCompletionFunc *cb,
|
2013-12-16 10:45:30 +04:00
|
|
|
void *opaque, Error **errp);
|
2012-10-18 18:49:23 +04:00
|
|
|
/*
|
|
|
|
* mirror_start:
|
|
|
|
* @bs: Block device to operate on.
|
|
|
|
* @target: Block device to write to.
|
2014-06-27 20:25:25 +04:00
|
|
|
* @replaces: Block graph node name to replace once the mirror is done. Can
|
|
|
|
* only be used when full mirroring is selected.
|
2012-10-18 18:49:23 +04:00
|
|
|
* @speed: The maximum speed, in bytes per second, or 0 for unlimited.
|
2013-01-21 20:09:46 +04:00
|
|
|
* @granularity: The chosen granularity for the dirty bitmap.
|
2013-01-22 12:03:13 +04:00
|
|
|
* @buf_size: The amount of data that can be in flight at one time.
|
2012-10-18 18:49:23 +04:00
|
|
|
* @mode: Whether to collapse all images in the chain to the target.
|
block/mirror: Fix target backing BDS
Currently, we are trying to move the backing BDS from the source to the
target in bdrv_replace_in_backing_chain() which is called from
mirror_exit(). However, mirror_complete() already tries to open the
target's backing chain with a call to bdrv_open_backing_file().
First, we should only set the target's backing BDS once. Second, the
mirroring block job has a better idea of what to set it to than the
generic code in bdrv_replace_in_backing_chain() (in fact, the latter's
conditions on when to move the backing BDS from source to target are not
really correct).
Therefore, remove that code from bdrv_replace_in_backing_chain() and
leave it to mirror_complete().
Depending on what kind of mirroring is performed, we furthermore want to
use different strategies to open the target's backing chain:
- If blockdev-mirror is used, we can assume the user made sure that the
target already has the correct backing chain. In particular, we should
not try to open a backing file if the target does not have any yet.
- If drive-mirror with mode=absolute-paths is used, we can and should
reuse the already existing chain of nodes that the source BDS is in.
In case of sync=full, no backing BDS is required; with sync=top, we
just link the source's backing BDS to the target, and with sync=none,
we use the source BDS as the target's backing BDS.
We should not try to open these backing files anew because this would
lead to two BDSs existing per physical file in the backing chain, and
we would like to avoid such concurrent access.
- If drive-mirror with mode=existing is used, we have to use the
information provided in the physical image file which means opening
the target's backing chain completely anew, just as it has been done
already.
If the target's backing chain shares images with the source, this may
lead to multiple BDSs per physical image file. But since we cannot
reliably ascertain this case, there is nothing we can do about it.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 20160610185750.30956-3-mreitz@redhat.com
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-06-10 21:57:47 +03:00
|
|
|
* @backing_mode: How to establish the target's backing chain after completion.
|
2012-10-18 18:49:28 +04:00
|
|
|
* @on_source_error: The action to take upon error reading from the source.
|
|
|
|
* @on_target_error: The action to take upon error writing to the target.
|
2015-06-08 08:56:08 +03:00
|
|
|
* @unmap: Whether to unmap target where source sectors only contain zeroes.
|
2012-10-18 18:49:23 +04:00
|
|
|
* @cb: Completion function for the job.
|
|
|
|
* @opaque: Opaque pointer value passed to @cb.
|
|
|
|
* @errp: Error object.
|
|
|
|
*
|
|
|
|
* Start a mirroring operation on @bs. Clusters that are allocated
|
|
|
|
* in @bs will be written to @bs until the job is cancelled or
|
|
|
|
* manually completed. At the end of a successful mirroring job,
|
|
|
|
* @bs will be switched to read from @target.
|
|
|
|
*/
|
|
|
|
void mirror_start(BlockDriverState *bs, BlockDriverState *target,
|
2014-06-27 20:25:25 +04:00
|
|
|
const char *replaces,
|
2015-04-18 02:49:51 +03:00
|
|
|
int64_t speed, uint32_t granularity, int64_t buf_size,
|
block/mirror: Fix target backing BDS
Currently, we are trying to move the backing BDS from the source to the
target in bdrv_replace_in_backing_chain() which is called from
mirror_exit(). However, mirror_complete() already tries to open the
target's backing chain with a call to bdrv_open_backing_file().
First, we should only set the target's backing BDS once. Second, the
mirroring block job has a better idea of what to set it to than the
generic code in bdrv_replace_in_backing_chain() (in fact, the latter's
conditions on when to move the backing BDS from source to target are not
really correct).
Therefore, remove that code from bdrv_replace_in_backing_chain() and
leave it to mirror_complete().
Depending on what kind of mirroring is performed, we furthermore want to
use different strategies to open the target's backing chain:
- If blockdev-mirror is used, we can assume the user made sure that the
target already has the correct backing chain. In particular, we should
not try to open a backing file if the target does not have any yet.
- If drive-mirror with mode=absolute-paths is used, we can and should
reuse the already existing chain of nodes that the source BDS is in.
In case of sync=full, no backing BDS is required; with sync=top, we
just link the source's backing BDS to the target, and with sync=none,
we use the source BDS as the target's backing BDS.
We should not try to open these backing files anew because this would
lead to two BDSs existing per physical file in the backing chain, and
we would like to avoid such concurrent access.
- If drive-mirror with mode=existing is used, we have to use the
information provided in the physical image file which means opening
the target's backing chain completely anew, just as it has been done
already.
If the target's backing chain shares images with the source, this may
lead to multiple BDSs per physical image file. But since we cannot
reliably ascertain this case, there is nothing we can do about it.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-id: 20160610185750.30956-3-mreitz@redhat.com
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-06-10 21:57:47 +03:00
|
|
|
MirrorSyncMode mode, BlockMirrorBackingMode backing_mode,
|
|
|
|
BlockdevOnError on_source_error,
|
2012-10-18 18:49:28 +04:00
|
|
|
BlockdevOnError on_target_error,
|
2015-06-08 08:56:08 +03:00
|
|
|
bool unmap,
|
2014-10-07 15:59:15 +04:00
|
|
|
BlockCompletionFunc *cb,
|
2012-10-18 18:49:23 +04:00
|
|
|
void *opaque, Error **errp);
|
|
|
|
|
2013-06-24 19:13:11 +04:00
|
|
|
/*
|
|
|
|
* backup_start:
|
|
|
|
* @bs: Block device to operate on.
|
|
|
|
* @target: Block device to write to.
|
|
|
|
* @speed: The maximum speed, in bytes per second, or 0 for unlimited.
|
2013-07-26 22:39:04 +04:00
|
|
|
* @sync_mode: What parts of the disk image should be copied to the destination.
|
2015-06-05 03:20:34 +03:00
|
|
|
* @sync_bitmap: The dirty bitmap if sync_mode is MIRROR_SYNC_MODE_INCREMENTAL.
|
2013-06-24 19:13:11 +04:00
|
|
|
* @on_source_error: The action to take upon error reading from the source.
|
|
|
|
* @on_target_error: The action to take upon error writing to the target.
|
|
|
|
* @cb: Completion function for the job.
|
|
|
|
* @opaque: Opaque pointer value passed to @cb.
|
2015-11-06 02:13:17 +03:00
|
|
|
* @txn: Transaction that this job is part of (may be NULL).
|
2013-06-24 19:13:11 +04:00
|
|
|
*
|
|
|
|
* Start a backup operation on @bs. Clusters in @bs are written to @target
|
|
|
|
* until the job is cancelled or manually completed.
|
|
|
|
*/
|
|
|
|
void backup_start(BlockDriverState *bs, BlockDriverState *target,
|
2013-07-26 22:39:04 +04:00
|
|
|
int64_t speed, MirrorSyncMode sync_mode,
|
2015-04-18 02:49:58 +03:00
|
|
|
BdrvDirtyBitmap *sync_bitmap,
|
2013-07-26 22:39:04 +04:00
|
|
|
BlockdevOnError on_source_error,
|
2013-06-24 19:13:11 +04:00
|
|
|
BlockdevOnError on_target_error,
|
2014-10-07 15:59:15 +04:00
|
|
|
BlockCompletionFunc *cb, void *opaque,
|
2015-11-06 02:13:17 +03:00
|
|
|
BlockJobTxn *txn, Error **errp);
|
2013-06-24 19:13:11 +04:00
|
|
|
|
2016-02-23 19:33:24 +03:00
|
|
|
void hmp_drive_add_node(Monitor *mon, const char *optstr);
|
|
|
|
|
2016-03-08 15:47:46 +03:00
|
|
|
BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
|
|
|
|
const char *child_name,
|
2016-05-17 15:51:55 +03:00
|
|
|
const BdrvChildRole *child_role,
|
|
|
|
void *opaque);
|
2016-03-08 15:47:46 +03:00
|
|
|
void bdrv_root_unref_child(BdrvChild *child);
|
|
|
|
|
2016-03-22 20:38:44 +03:00
|
|
|
const char *bdrv_get_parent_name(const BlockDriverState *bs);
|
2014-10-07 15:59:25 +04:00
|
|
|
void blk_dev_change_media_cb(BlockBackend *blk, bool load);
|
|
|
|
bool blk_dev_has_removable_media(BlockBackend *blk);
|
2016-01-29 22:49:10 +03:00
|
|
|
bool blk_dev_has_tray(BlockBackend *blk);
|
2014-10-07 15:59:25 +04:00
|
|
|
void blk_dev_eject_request(BlockBackend *blk, bool force);
|
|
|
|
bool blk_dev_is_tray_open(BlockBackend *blk);
|
|
|
|
bool blk_dev_is_medium_locked(BlockBackend *blk);
|
|
|
|
|
2015-04-28 16:27:50 +03:00
|
|
|
void bdrv_set_dirty(BlockDriverState *bs, int64_t cur_sector, int nr_sectors);
|
2015-09-16 17:08:17 +03:00
|
|
|
bool bdrv_requests_pending(BlockDriverState *bs);
|
2015-04-28 16:27:50 +03:00
|
|
|
|
2015-11-09 13:16:54 +03:00
|
|
|
void bdrv_clear_dirty_bitmap(BdrvDirtyBitmap *bitmap, HBitmap **out);
|
|
|
|
void bdrv_undo_clear_dirty_bitmap(BdrvDirtyBitmap *bitmap, HBitmap *in);
|
|
|
|
|
2016-01-29 18:36:12 +03:00
|
|
|
void blockdev_close_all_bdrv_states(void);
|
|
|
|
|
2004-08-02 01:59:26 +04:00
|
|
|
#endif /* BLOCK_INT_H */
|