Commit Graph

159 Commits

Author SHA1 Message Date
Stefan Hajnoczi
419b19d9b4 qcow2: Implement bdrv_truncate() for growing images
This patch adds the ability to grow qcow2 images in-place using
bdrv_truncate().  This enables qemu-img resize command support for
qcow2.

Snapshots are not supported and bdrv_truncate() will return -ENOTSUP.
The notion of resizing an image with snapshots could lead to confusion:
users may expect snapshots to remain unchanged, but this is not possible
with the current qcow2 on-disk format where the header.size field is
global instead of per-snapshot.  Others may expect snapshots to change
size along with the current image data.  I think it is safest to not
support snapshots and perhaps add behavior later if there is a
consensus.

Backing images continue to work.  If the image is now larger than its
backing image, zeroes are read when accessing beyond the end of the
backing image.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-03 10:07:32 +02:00
Kevin Wolf
003fad6e2c qcow2: Remove abort on free_clusters failure
While it's true that during regular operation free_clusters failure would be a
bug, an I/O error can always happen. There's no need to kill the VM, the worst
thing that can happen (and it will) is that we leak some clusters.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-03 10:07:32 +02:00
Stefan Hajnoczi
4899d10d14 raw-posix: Use pread/pwrite instead of lseek+read/write
This patch combines the lseek+read/write calls to use pread/pwrite
instead.  This will result in fewer system calls and is already used by
AIO.

Thanks to Jan Kiszka <jan.kiszka@siemens.com> for identifying excessive
lseek and Christoph Hellwig <hch@lst.de> for confirming that this
approach should work.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-03 10:07:31 +02:00
Stefan Hajnoczi
508e089368 qcow2: Avoid shadowing variable in alloc_clusters_noref()
The i loop iterator is shadowed by the next free cluster index.  Both
using the variable name 'i' makes the code harder to read.

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-03 10:07:31 +02:00
Kevin Wolf
6511ef7737 vmdk: Convert to bdrv_open
It's a format driver, so implement bdrv_open instead of bdrv_file_open.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-03 10:07:31 +02:00
Kevin Wolf
9949f97e84 vmdk: Clean up backing file handling
VMDK is doing interesting things when it needs to open a backing file. This
patch changes that part to look more like in other drivers. The nice side
effect is that the file name isn't needed any more in the open function.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-03 10:07:31 +02:00
Kevin Wolf
c336500df5 vmdk: Fix COW
When trying to do COW, VMDK wrote the data back to the backing file. This
problem was revealed by the patch that made backing files read-only. This patch
does not only fix the problem, but also simplifies the VMDK code a bit.

This fixes the backing file qemu-iotests cases for VMDK.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-03 10:07:31 +02:00
Kevin Wolf
66f82ceed6 block: Open the underlying image file in generic code
Format drivers shouldn't need to bother with things like file names, but rather
just get an open BlockDriverState for the underlying protocol. This patch
introduces this behaviour for bdrv_open implementation. For protocols which
need to access the filename to open their file/device/connection/... a new
callback bdrv_file_open is introduced which doesn't get an underlying file
opened.

For now, also some of the more obscure formats use bdrv_file_open because they
open() the file themselves instead of using the block.c functions. They need to
be fixed in later patches.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-03 10:07:30 +02:00
Christoph Hellwig
84a12e6648 block: separate raw images from the file protocol
We're running into various problems because the "raw" file access, which
is used internally by the various image formats is entangled with the
"raw" image format, which maps the VM view 1:1 to a file system.

This patch renames the raw file backends to the file protocol which
is treated like other protocols (e.g. nbd and http) and adds a new
"raw" image format which is just a wrapper around calls to the underlying
protocol.

The patch is surprisingly simple, besides changing the probing logical
in block.c to only look for image formats when using bdrv_open and
renaming of the old raw protocols to file there's almost nothing in there.

For creating images, a new bdrv_create_file is introduced which guesses the
protocol to use. This allows using qemu-img create -f raw (or just using the
default) for both files and host devices. Converting the other format drivers
to use this function to create their images is left for later patches.

The only issues still open are in the handling of the host devices.
Firstly in current qemu we can specifiy the host* format names
on various command line acceping images, but the new code can't
do that without adding some translation.  Second the layering breaks
the no_zero_init flag in the BlockDriver used by qemu-img.  I'm not
happy how this is done per-driver instead of per-state so I'll
prepare a separate patch to clean this up.

There's some more cleanup opportunity after this patch, e.g. using
separate lists and registration functions for image formats vs
protocols and maybe even host drivers, but this can be done at a
later stage.

Also there's a check for protocol in bdrv_open for the BDRV_O_SNAPSHOT
case that I don't quite understand, but which I fear won't work as
expected - possibly even before this patch.

Note that this patch requires various recent block patches from Kevin
and me, which should all be in his block queue.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-05-03 10:07:30 +02:00
Blue Swirl
88bf79500b Fix dead initialization, spotted by clang analyzer
Fix clang warnings:
/src/qemu/block/vvfat.c:1102:9: warning: Value stored to 'index3' during its initialization is never read
    int index3=index1+1;
/src/qemu/cmd.c:290:15: warning: Value stored to 'p' during its initialization is never read
        char *p = result;

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-04-25 15:27:14 +00:00
Blue Swirl
20d97356c9 Fix OpenBSD build
GCC 3.3.5 generates warnings for static forward declarations of data, so
rearrange code to use static forward declarations of functions instead.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-04-23 20:19:47 +00:00
Stefan Hajnoczi
d4c146f0da qcow2: Use QLIST_FOREACH_SAFE macro
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-04-23 16:21:58 +02:00
Kevin Wolf
c46e116723 qcow2: Return 0/-errno in l2_allocate
Returning NULL on error doesn't allow distinguishing between different errors.
Change the interface to return an integer for -errno.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-04-23 16:08:46 +02:00
Kevin Wolf
f7defcb627 qcow2: Return 0/-errno in write_l1_entry
Change write_l1_entry to return the real error code instead of -1.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-04-23 16:08:46 +02:00
Kevin Wolf
c835d00fc8 qcow2: Fix error return code in qcow2_alloc_cluster_link_l2
Fix qcow2_alloc_cluster_link_l2 to return the real error code like it does in
all other error cases.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-04-23 16:08:46 +02:00
Kevin Wolf
79a31189d4 qcow2: Return 0/-errno in write_l2_entries
Change write_l2_entries to return the real error code instead of -1.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-04-23 16:08:46 +02:00
Christoph Hellwig
50779cc264 block: split raw_getlength
Split up the raw_getlength into separate generic, solaris and BSD
versions to reduce the ifdef maze a bit.  The BSD variant still
is a complete maze, but to clean it up properly we'd need some
people using the BSD variants to figure out what code is used
for what variant.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-04-23 16:08:46 +02:00
Kevin Wolf
d6e9098e10 Replace calls of old bdrv_open
What is known today as bdrv_open2 becomes the new bdrv_open. All remaining
callers of the old function are converted to the new one. In some places they
even know the right format, so they should have used bdrv_open2 from the
beginning.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-04-23 16:08:46 +02:00
Kevin Wolf
4768fa902c qcow2: Fix creation of large images
qcow_create2 assumes that the new image will only need one cluster for its
refcount table initially. Obviously that's not true any more when the image is
big enough (exact value depends on the cluster size).

This patch calculates the refcount table size dynamically.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-04-23 16:08:46 +02:00
Kevin Wolf
8252278afb qcow2: Trigger blkdebug events
This adds blkdebug events to qcow2 to allow injecting I/O errors in specific
places.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-04-23 16:08:46 +02:00
Kevin Wolf
8b9b0cc2fd blkdebug: Add events and rules
Block drivers can trigger a blkdebug event whenever they reach a place where it
could be useful to inject an error for testing/debugging purposes.

Rules are read from a blkdebug config file and describe which action is taken
when an event is triggered. For now this is only injecting an error (with a few
options) or changing the state (which is an integer). Rules can be declared to
be active only in a specific state; this way later rules can distiguish on
which path we came to trigger their event.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-04-23 16:08:46 +02:00
Kevin Wolf
b9f66d9695 blkdebug: Inject errors
Add a mechanism to inject errors instead of passing requests on. With no
further patches applied, you can use it by setting inject_errno in gdb.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-04-23 16:08:45 +02:00
Kevin Wolf
6a1437273c blkdebug: Basic request passthrough
This isn't doing anything interesting. It creates the blkdebug block driver as
a protocol which just passes everything through to raw.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-04-23 16:08:45 +02:00
Christoph Hellwig
6e0a47aae0 raw-posix: don't assign bs->read_only
bdrv_open already takes care of this for us.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2010-04-10 02:22:05 +02:00
Kevin Wolf
c644db3d53 qcow2: Remove request from in-flight list after error
If we complete a request with a failure we need to remove it from the list of
requests that are in flight. If we don't do it, the next time the same AIOCB is
used for a cluster allocation it will create a loop in the list and qemu will
hang in an endless loop.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2010-04-10 01:25:30 +02:00
Kevin Wolf
171e3d6b99 qcow2: Don't ignore immediate read/write failures
Returning -EIO is far from optimal, but at least it's an error code.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2010-04-10 01:23:08 +02:00
Kevin Wolf
57e69b7d4e raw-posix: Better error return values for hdev_create
Now that we output an error message according to the returned error code in
qemu-img, let's return the real error codes. "Input/output error" for
everything isn't helpful.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2010-03-27 12:00:35 +01:00
Blue Swirl
43dc2a645e Replace assert(0) with abort() or cpu_abort()
When building with -DNDEBUG, assert(0) will not stop execution
so it must not be used for abnormal termination.

Use cpu_abort() when in CPU context, abort() otherwise.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-03-18 18:41:57 +00:00
Blue Swirl
a6c6f76ceb Fix build with -DNDEBUG in CFLAGS
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-03-13 14:18:50 +00:00
Juan Quintela
3829cb460c vmdk: share cleanup code
cleanup code is identical for error/success cases.  Only difference
are goto labels.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-03-09 11:23:00 -06:00
Juan Quintela
a161329b61 vmdk: fix double free
fail_gd error case would also free rgd_buf that was already freed

Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-03-09 11:23:00 -06:00
Juan Quintela
53c2e71632 vmdk: make vmdk_snapshot_create return -errno
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-03-09 11:23:00 -06:00
Juan Quintela
b781cce53d vmdk: return errno instead of -1
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-03-09 11:23:00 -06:00
Juan Quintela
98c2b2f437 qcow: return errno instead of -1
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-03-09 11:23:00 -06:00
Juan Quintela
bef57da55c qcow2: return errno instead of -1
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-03-09 11:23:00 -06:00
Juan Quintela
48b66db9ea cow: return errno instead of -1
Remove not needed ret = 0 assignment.

Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-03-09 11:22:59 -06:00
Kevin Wolf
6f745bdaac qcow2: Fix image creation regression
When checking for errors, commit db89119d compares with the wrong values,
failing image creation even when there was no error. Additionally, if an
error has occured, we can't preallocate the image (it's likely broken).

This unbreaks test 023 of qemu-iotests.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-02-23 13:23:29 -06:00
Kevin Wolf
746c3cb5d5 qcow2: More checks for qemu-img check
Implement some more refcount block related checks

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-02-23 13:23:29 -06:00
Kevin Wolf
92dcb59fd4 qcow2: Rewrite alloc_refcount_block/grow_refcount_table
The current implementation of alloc_refcount_block and grow_refcount_table has
fundamental problems regarding error handling. There are some places where an
I/O error means that the image is going to be corrupted. I have found that the
only way to fix this is to completely rewrite the thing.

In detail, the problem is that the refcount blocks itself are allocated using
alloc_refcount_noref (to avoid endless recursion when updating the refcount of
the new refcount block, which migh access just the same refcount block but its
allocation is not yet completed...). Only at the end of the refcount allocation
the refcount of the refcount block is increased. If an error happens in
between, the refcount block is in use, but has a refcount of zero and will
likely be overwritten later.

The new approach is explained in comments in the code. The trick is basically
to let new refcount blocks describe their own refcount, so their refcount will
be automatically changed when they are hooked up in the refcount table.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-02-23 13:23:29 -06:00
Kevin Wolf
05121aedc4 qcow2: Factor next_refcount_table_size out
When the refcount table grows, it doesn't only grow by one entry but reserves
some space for future refcount blocks. The algorithm to calculate the number of
entries stays the same with the fixes, so factor it out before replacing the
rest.

As Juan suggested take the opportunity to simplify the code a bit.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-02-23 13:23:29 -06:00
Kevin Wolf
4805bb6696 qcow2: Fix access after end of array
If a write requests crosses a L2 table boundary and all clusters until the
end of the L2 table are usable for the request, we must not look at the next
L2 entry because we already have arrived at the end of the array.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-02-19 15:53:54 -06:00
Jim Meyering
6265eb26a3 don't dereference NULL after failed strdup
Most of these are obvious NULL-deref bug fixes, for example,
the ones in these files:

  block/curl.c
  net.c
  slirp/misc.c

and the first one in block/vvfat.c.
The others in block/vvfat.c may not lead to an immediate segfault, but I
traced the two schedule_rename(..., strdup(path)) uses, and a failed
strdup would appear to trigger this assertion in handle_renames_and_mkdirs:

	    assert(commit->path);

The conversion to use qemu_strdup in envlist_to_environ is not technically
needed, but does avoid a theoretical leak in the caller when strdup fails
for one value, but later succeeds in allocating another buffer(plausible,
if one string length is much larger than the others).  The caller does
not know the length of the returned list, and as such can only free
pointers until it hits the first NULL.  If there are non-NULL pointers
beyond the first, their buffers would be leaked.  This one is admittedly
far-fetched.

The two in linux-user/main.c are worth fixing to ensure that an
OOM error is diagnosed up front, rather than letting it provoke some
harder-to-diagnose secondary error, in case of exec failure, or worse, in
case the exec succeeds but with an invalid list of command line options.
However, considering how unlikely it is to encounter a failed strdup early
in main, this isn't a big deal.  Note that adding the required uses of
qemu_strdup here and in envlist.c induce link failures because qemu_strdup
is not currently in any library they're linked with.  So for now, I've
omitted those changes, as well as the fixes in target-i386/helper.c
and target-sparc/helper.c.

If you'd like to see the above discussion (or anything else)
in the commit log, just let me know and I'll be happy to adjust.

>From 9af42864fd1ea666bd25e2cecfdfae74c20aa8c7 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Mon, 8 Feb 2010 18:29:29 +0100
Subject: [PATCH] don't dereference NULL after failed strdup

Handle failing strdup by replacing each use with qemu_strdup,
so as not to dereference NULL or trigger a failing assertion.
* block/curl.c (curl_open): s/\bstrdup\b/qemu_strdup/
* block/vvfat.c (init_directories): Likewise.
(get_cluster_count_for_direntry, check_directory_consistency): Likewise.
* net.c (parse_host_src_port): Likewise.
* slirp/misc.c (fork_exec): Likewise.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-02-10 14:00:53 -06:00
Kevin Wolf
f4f0d391b2 qcow2: Fix signedness bugs
Checking for return codes < 0 isn't really going to work with unsigned
types. Use signed types instead.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-02-10 11:56:57 -06:00
malc
48a402e693 block/curl: %Z is not a valid conversion specifier
Signed-off-by: malc <av1474@comtv.ru>
2010-02-08 12:44:55 +03:00
malc
d0f2c4c602 Do not use dprintf
dprintf is already claimed by POSIX[1], and on at least one system
is implemented as a macro

[1] http://www.opengroup.org/onlinepubs/9699919799/functions/dprintf.html

Signed-off-by: malc <av1474@comtv.ru>
2010-02-07 02:03:50 +03:00
Kevin Wolf
053965c7ff block/raw-posix: Abort on pread beyond end of non-growable file
This shouldn't happen under any normal circumstances. However, it looks like
it's possible to achieve this with corrupted images. Without this patch
raw_pread is hanging in an endless loop in such cases.

The patch is not affecting growable files, for which such reads happen in
normal use cases. raw_pread_aligned already handles these cases and won't
return zero in the first place.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26 16:41:07 -06:00
Herve Poussineau
f8a83245d9 win32: pair qemu_memalign() with qemu_vfree()
Win32 suffers from a very big memory leak when dealing with SCSI devices.
Each read/write request allocates memory with qemu_memalign (ie
VirtualAlloc) but frees it with qemu_free (ie free).
Pair all qemu_memalign() calls with qemu_vfree() to prevent such leaks.

Signed-off-by: Herve Poussineau <hpoussin@reactos.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26 16:41:06 -06:00
Christoph Hellwig
7b88e48ba5 qcow2: rename two QCowAIOCB members
The n member is not very descriptive and very hard to grep, rename it to
cur_nr_sectors to better indicate what it is used for.  Also rename
nb_sectors to remaining_sectors as that is what it is used for.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26 15:45:00 -06:00
Christoph Hellwig
9a2d77ad0d block: kill BDRV_O_CREAT
The BDRV_O_CREAT option is unused inside qemu and partially duplicates
the bdrv_create method.  Remove it, and the -C option to qemu-io which
isn't used in qemu-iotests anyway.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26 15:42:02 -06:00
Naphtali Sprei
0a7fc983ce Read-only device changed to opens it's file for read-only.
Signed-off-by: Naphtali Sprei <nsprei@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-01-26 15:42:01 -06:00