]> git.proxmox.com Git - mirror_qemu.git/blob - block.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
block: Use child_of_bds in remaining places
[mirror_qemu.git] / block.c
1 /*
2 * QEMU System Emulator block driver
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25 #include "qemu/osdep.h"
26 #include "block/trace.h"
27 #include "block/block_int.h"
28 #include "block/blockjob.h"
29 #include "block/nbd.h"
30 #include "block/qdict.h"
31 #include "qemu/error-report.h"
32 #include "module_block.h"
33 #include "qemu/main-loop.h"
34 #include "qemu/module.h"
35 #include "qapi/error.h"
36 #include "qapi/qmp/qdict.h"
37 #include "qapi/qmp/qjson.h"
38 #include "qapi/qmp/qnull.h"
39 #include "qapi/qmp/qstring.h"
40 #include "qapi/qobject-output-visitor.h"
41 #include "qapi/qapi-visit-block-core.h"
42 #include "sysemu/block-backend.h"
43 #include "sysemu/sysemu.h"
44 #include "qemu/notify.h"
45 #include "qemu/option.h"
46 #include "qemu/coroutine.h"
47 #include "block/qapi.h"
48 #include "qemu/timer.h"
49 #include "qemu/cutils.h"
50 #include "qemu/id.h"
51
52 #ifdef CONFIG_BSD
53 #include <sys/ioctl.h>
54 #include <sys/queue.h>
55 #ifndef __DragonFly__
56 #include <sys/disk.h>
57 #endif
58 #endif
59
60 #ifdef _WIN32
61 #include <windows.h>
62 #endif
63
64 #define NOT_DONE 0x7fffffff /* used while emulated sync operation in progress */
65
66 static QTAILQ_HEAD(, BlockDriverState) graph_bdrv_states =
67 QTAILQ_HEAD_INITIALIZER(graph_bdrv_states);
68
69 static QTAILQ_HEAD(, BlockDriverState) all_bdrv_states =
70 QTAILQ_HEAD_INITIALIZER(all_bdrv_states);
71
72 static QLIST_HEAD(, BlockDriver) bdrv_drivers =
73 QLIST_HEAD_INITIALIZER(bdrv_drivers);
74
75 static BlockDriverState *bdrv_open_inherit(const char *filename,
76 const char *reference,
77 QDict *options, int flags,
78 BlockDriverState *parent,
79 const BdrvChildClass *child_class,
80 BdrvChildRole child_role,
81 Error **errp);
82
83 /* TODO: Remove when no longer needed */
84 static void bdrv_inherited_options(BdrvChildRole role, bool parent_is_format,
85 int *child_flags, QDict *child_options,
86 int parent_flags, QDict *parent_options);
87 static void bdrv_child_cb_attach(BdrvChild *child);
88 static void bdrv_child_cb_detach(BdrvChild *child);
89
90 /* If non-zero, use only whitelisted block drivers */
91 static int use_bdrv_whitelist;
92
93 #ifdef _WIN32
94 static int is_windows_drive_prefix(const char *filename)
95 {
96 return (((filename[0] >= 'a' && filename[0] <= 'z') ||
97 (filename[0] >= 'A' && filename[0] <= 'Z')) &&
98 filename[1] == ':');
99 }
100
101 int is_windows_drive(const char *filename)
102 {
103 if (is_windows_drive_prefix(filename) &&
104 filename[2] == '\0')
105 return 1;
106 if (strstart(filename, "\\\\.\\", NULL) ||
107 strstart(filename, "//./", NULL))
108 return 1;
109 return 0;
110 }
111 #endif
112
113 size_t bdrv_opt_mem_align(BlockDriverState *bs)
114 {
115 if (!bs || !bs->drv) {
116 /* page size or 4k (hdd sector size) should be on the safe side */
117 return MAX(4096, qemu_real_host_page_size);
118 }
119
120 return bs->bl.opt_mem_alignment;
121 }
122
123 size_t bdrv_min_mem_align(BlockDriverState *bs)
124 {
125 if (!bs || !bs->drv) {
126 /* page size or 4k (hdd sector size) should be on the safe side */
127 return MAX(4096, qemu_real_host_page_size);
128 }
129
130 return bs->bl.min_mem_alignment;
131 }
132
133 /* check if the path starts with "<protocol>:" */
134 int path_has_protocol(const char *path)
135 {
136 const char *p;
137
138 #ifdef _WIN32
139 if (is_windows_drive(path) ||
140 is_windows_drive_prefix(path)) {
141 return 0;
142 }
143 p = path + strcspn(path, ":/\\");
144 #else
145 p = path + strcspn(path, ":/");
146 #endif
147
148 return *p == ':';
149 }
150
151 int path_is_absolute(const char *path)
152 {
153 #ifdef _WIN32
154 /* specific case for names like: "\\.\d:" */
155 if (is_windows_drive(path) || is_windows_drive_prefix(path)) {
156 return 1;
157 }
158 return (*path == '/' || *path == '\\');
159 #else
160 return (*path == '/');
161 #endif
162 }
163
164 /* if filename is absolute, just return its duplicate. Otherwise, build a
165 path to it by considering it is relative to base_path. URL are
166 supported. */
167 char *path_combine(const char *base_path, const char *filename)
168 {
169 const char *protocol_stripped = NULL;
170 const char *p, *p1;
171 char *result;
172 int len;
173
174 if (path_is_absolute(filename)) {
175 return g_strdup(filename);
176 }
177
178 if (path_has_protocol(base_path)) {
179 protocol_stripped = strchr(base_path, ':');
180 if (protocol_stripped) {
181 protocol_stripped++;
182 }
183 }
184 p = protocol_stripped ?: base_path;
185
186 p1 = strrchr(base_path, '/');
187 #ifdef _WIN32
188 {
189 const char *p2;
190 p2 = strrchr(base_path, '\\');
191 if (!p1 || p2 > p1) {
192 p1 = p2;
193 }
194 }
195 #endif
196 if (p1) {
197 p1++;
198 } else {
199 p1 = base_path;
200 }
201 if (p1 > p) {
202 p = p1;
203 }
204 len = p - base_path;
205
206 result = g_malloc(len + strlen(filename) + 1);
207 memcpy(result, base_path, len);
208 strcpy(result + len, filename);
209
210 return result;
211 }
212
213 /*
214 * Helper function for bdrv_parse_filename() implementations to remove optional
215 * protocol prefixes (especially "file:") from a filename and for putting the
216 * stripped filename into the options QDict if there is such a prefix.
217 */
218 void bdrv_parse_filename_strip_prefix(const char *filename, const char *prefix,
219 QDict *options)
220 {
221 if (strstart(filename, prefix, &filename)) {
222 /* Stripping the explicit protocol prefix may result in a protocol
223 * prefix being (wrongly) detected (if the filename contains a colon) */
224 if (path_has_protocol(filename)) {
225 QString *fat_filename;
226
227 /* This means there is some colon before the first slash; therefore,
228 * this cannot be an absolute path */
229 assert(!path_is_absolute(filename));
230
231 /* And we can thus fix the protocol detection issue by prefixing it
232 * by "./" */
233 fat_filename = qstring_from_str("./");
234 qstring_append(fat_filename, filename);
235
236 assert(!path_has_protocol(qstring_get_str(fat_filename)));
237
238 qdict_put(options, "filename", fat_filename);
239 } else {
240 /* If no protocol prefix was detected, we can use the shortened
241 * filename as-is */
242 qdict_put_str(options, "filename", filename);
243 }
244 }
245 }
246
247
248 /* Returns whether the image file is opened as read-only. Note that this can
249 * return false and writing to the image file is still not possible because the
250 * image is inactivated. */
251 bool bdrv_is_read_only(BlockDriverState *bs)
252 {
253 return bs->read_only;
254 }
255
256 int bdrv_can_set_read_only(BlockDriverState *bs, bool read_only,
257 bool ignore_allow_rdw, Error **errp)
258 {
259 /* Do not set read_only if copy_on_read is enabled */
260 if (bs->copy_on_read && read_only) {
261 error_setg(errp, "Can't set node '%s' to r/o with copy-on-read enabled",
262 bdrv_get_device_or_node_name(bs));
263 return -EINVAL;
264 }
265
266 /* Do not clear read_only if it is prohibited */
267 if (!read_only && !(bs->open_flags & BDRV_O_ALLOW_RDWR) &&
268 !ignore_allow_rdw)
269 {
270 error_setg(errp, "Node '%s' is read only",
271 bdrv_get_device_or_node_name(bs));
272 return -EPERM;
273 }
274
275 return 0;
276 }
277
278 /*
279 * Called by a driver that can only provide a read-only image.
280 *
281 * Returns 0 if the node is already read-only or it could switch the node to
282 * read-only because BDRV_O_AUTO_RDONLY is set.
283 *
284 * Returns -EACCES if the node is read-write and BDRV_O_AUTO_RDONLY is not set
285 * or bdrv_can_set_read_only() forbids making the node read-only. If @errmsg
286 * is not NULL, it is used as the error message for the Error object.
287 */
288 int bdrv_apply_auto_read_only(BlockDriverState *bs, const char *errmsg,
289 Error **errp)
290 {
291 int ret = 0;
292
293 if (!(bs->open_flags & BDRV_O_RDWR)) {
294 return 0;
295 }
296 if (!(bs->open_flags & BDRV_O_AUTO_RDONLY)) {
297 goto fail;
298 }
299
300 ret = bdrv_can_set_read_only(bs, true, false, NULL);
301 if (ret < 0) {
302 goto fail;
303 }
304
305 bs->read_only = true;
306 bs->open_flags &= ~BDRV_O_RDWR;
307
308 return 0;
309
310 fail:
311 error_setg(errp, "%s", errmsg ?: "Image is read-only");
312 return -EACCES;
313 }
314
315 /*
316 * If @backing is empty, this function returns NULL without setting
317 * @errp. In all other cases, NULL will only be returned with @errp
318 * set.
319 *
320 * Therefore, a return value of NULL without @errp set means that
321 * there is no backing file; if @errp is set, there is one but its
322 * absolute filename cannot be generated.
323 */
324 char *bdrv_get_full_backing_filename_from_filename(const char *backed,
325 const char *backing,
326 Error **errp)
327 {
328 if (backing[0] == '\0') {
329 return NULL;
330 } else if (path_has_protocol(backing) || path_is_absolute(backing)) {
331 return g_strdup(backing);
332 } else if (backed[0] == '\0' || strstart(backed, "json:", NULL)) {
333 error_setg(errp, "Cannot use relative backing file names for '%s'",
334 backed);
335 return NULL;
336 } else {
337 return path_combine(backed, backing);
338 }
339 }
340
341 /*
342 * If @filename is empty or NULL, this function returns NULL without
343 * setting @errp. In all other cases, NULL will only be returned with
344 * @errp set.
345 */
346 static char *bdrv_make_absolute_filename(BlockDriverState *relative_to,
347 const char *filename, Error **errp)
348 {
349 char *dir, *full_name;
350
351 if (!filename || filename[0] == '\0') {
352 return NULL;
353 } else if (path_has_protocol(filename) || path_is_absolute(filename)) {
354 return g_strdup(filename);
355 }
356
357 dir = bdrv_dirname(relative_to, errp);
358 if (!dir) {
359 return NULL;
360 }
361
362 full_name = g_strconcat(dir, filename, NULL);
363 g_free(dir);
364 return full_name;
365 }
366
367 char *bdrv_get_full_backing_filename(BlockDriverState *bs, Error **errp)
368 {
369 return bdrv_make_absolute_filename(bs, bs->backing_file, errp);
370 }
371
372 void bdrv_register(BlockDriver *bdrv)
373 {
374 assert(bdrv->format_name);
375 QLIST_INSERT_HEAD(&bdrv_drivers, bdrv, list);
376 }
377
378 BlockDriverState *bdrv_new(void)
379 {
380 BlockDriverState *bs;
381 int i;
382
383 bs = g_new0(BlockDriverState, 1);
384 QLIST_INIT(&bs->dirty_bitmaps);
385 for (i = 0; i < BLOCK_OP_TYPE_MAX; i++) {
386 QLIST_INIT(&bs->op_blockers[i]);
387 }
388 notifier_with_return_list_init(&bs->before_write_notifiers);
389 qemu_co_mutex_init(&bs->reqs_lock);
390 qemu_mutex_init(&bs->dirty_bitmap_mutex);
391 bs->refcnt = 1;
392 bs->aio_context = qemu_get_aio_context();
393
394 qemu_co_queue_init(&bs->flush_queue);
395
396 for (i = 0; i < bdrv_drain_all_count; i++) {
397 bdrv_drained_begin(bs);
398 }
399
400 QTAILQ_INSERT_TAIL(&all_bdrv_states, bs, bs_list);
401
402 return bs;
403 }
404
405 static BlockDriver *bdrv_do_find_format(const char *format_name)
406 {
407 BlockDriver *drv1;
408
409 QLIST_FOREACH(drv1, &bdrv_drivers, list) {
410 if (!strcmp(drv1->format_name, format_name)) {
411 return drv1;
412 }
413 }
414
415 return NULL;
416 }
417
418 BlockDriver *bdrv_find_format(const char *format_name)
419 {
420 BlockDriver *drv1;
421 int i;
422
423 drv1 = bdrv_do_find_format(format_name);
424 if (drv1) {
425 return drv1;
426 }
427
428 /* The driver isn't registered, maybe we need to load a module */
429 for (i = 0; i < (int)ARRAY_SIZE(block_driver_modules); ++i) {
430 if (!strcmp(block_driver_modules[i].format_name, format_name)) {
431 block_module_load_one(block_driver_modules[i].library_name);
432 break;
433 }
434 }
435
436 return bdrv_do_find_format(format_name);
437 }
438
439 static int bdrv_format_is_whitelisted(const char *format_name, bool read_only)
440 {
441 static const char *whitelist_rw[] = {
442 CONFIG_BDRV_RW_WHITELIST
443 };
444 static const char *whitelist_ro[] = {
445 CONFIG_BDRV_RO_WHITELIST
446 };
447 const char **p;
448
449 if (!whitelist_rw[0] && !whitelist_ro[0]) {
450 return 1; /* no whitelist, anything goes */
451 }
452
453 for (p = whitelist_rw; *p; p++) {
454 if (!strcmp(format_name, *p)) {
455 return 1;
456 }
457 }
458 if (read_only) {
459 for (p = whitelist_ro; *p; p++) {
460 if (!strcmp(format_name, *p)) {
461 return 1;
462 }
463 }
464 }
465 return 0;
466 }
467
468 int bdrv_is_whitelisted(BlockDriver *drv, bool read_only)
469 {
470 return bdrv_format_is_whitelisted(drv->format_name, read_only);
471 }
472
473 bool bdrv_uses_whitelist(void)
474 {
475 return use_bdrv_whitelist;
476 }
477
478 typedef struct CreateCo {
479 BlockDriver *drv;
480 char *filename;
481 QemuOpts *opts;
482 int ret;
483 Error *err;
484 } CreateCo;
485
486 static void coroutine_fn bdrv_create_co_entry(void *opaque)
487 {
488 Error *local_err = NULL;
489 int ret;
490
491 CreateCo *cco = opaque;
492 assert(cco->drv);
493
494 ret = cco->drv->bdrv_co_create_opts(cco->drv,
495 cco->filename, cco->opts, &local_err);
496 error_propagate(&cco->err, local_err);
497 cco->ret = ret;
498 }
499
500 int bdrv_create(BlockDriver *drv, const char* filename,
501 QemuOpts *opts, Error **errp)
502 {
503 int ret;
504
505 Coroutine *co;
506 CreateCo cco = {
507 .drv = drv,
508 .filename = g_strdup(filename),
509 .opts = opts,
510 .ret = NOT_DONE,
511 .err = NULL,
512 };
513
514 if (!drv->bdrv_co_create_opts) {
515 error_setg(errp, "Driver '%s' does not support image creation", drv->format_name);
516 ret = -ENOTSUP;
517 goto out;
518 }
519
520 if (qemu_in_coroutine()) {
521 /* Fast-path if already in coroutine context */
522 bdrv_create_co_entry(&cco);
523 } else {
524 co = qemu_coroutine_create(bdrv_create_co_entry, &cco);
525 qemu_coroutine_enter(co);
526 while (cco.ret == NOT_DONE) {
527 aio_poll(qemu_get_aio_context(), true);
528 }
529 }
530
531 ret = cco.ret;
532 if (ret < 0) {
533 if (cco.err) {
534 error_propagate(errp, cco.err);
535 } else {
536 error_setg_errno(errp, -ret, "Could not create image");
537 }
538 }
539
540 out:
541 g_free(cco.filename);
542 return ret;
543 }
544
545 /**
546 * Helper function for bdrv_create_file_fallback(): Resize @blk to at
547 * least the given @minimum_size.
548 *
549 * On success, return @blk's actual length.
550 * Otherwise, return -errno.
551 */
552 static int64_t create_file_fallback_truncate(BlockBackend *blk,
553 int64_t minimum_size, Error **errp)
554 {
555 Error *local_err = NULL;
556 int64_t size;
557 int ret;
558
559 ret = blk_truncate(blk, minimum_size, false, PREALLOC_MODE_OFF, 0,
560 &local_err);
561 if (ret < 0 && ret != -ENOTSUP) {
562 error_propagate(errp, local_err);
563 return ret;
564 }
565
566 size = blk_getlength(blk);
567 if (size < 0) {
568 error_free(local_err);
569 error_setg_errno(errp, -size,
570 "Failed to inquire the new image file's length");
571 return size;
572 }
573
574 if (size < minimum_size) {
575 /* Need to grow the image, but we failed to do that */
576 error_propagate(errp, local_err);
577 return -ENOTSUP;
578 }
579
580 error_free(local_err);
581 local_err = NULL;
582
583 return size;
584 }
585
586 /**
587 * Helper function for bdrv_create_file_fallback(): Zero the first
588 * sector to remove any potentially pre-existing image header.
589 */
590 static int create_file_fallback_zero_first_sector(BlockBackend *blk,
591 int64_t current_size,
592 Error **errp)
593 {
594 int64_t bytes_to_clear;
595 int ret;
596
597 bytes_to_clear = MIN(current_size, BDRV_SECTOR_SIZE);
598 if (bytes_to_clear) {
599 ret = blk_pwrite_zeroes(blk, 0, bytes_to_clear, BDRV_REQ_MAY_UNMAP);
600 if (ret < 0) {
601 error_setg_errno(errp, -ret,
602 "Failed to clear the new image's first sector");
603 return ret;
604 }
605 }
606
607 return 0;
608 }
609
610 /**
611 * Simple implementation of bdrv_co_create_opts for protocol drivers
612 * which only support creation via opening a file
613 * (usually existing raw storage device)
614 */
615 int coroutine_fn bdrv_co_create_opts_simple(BlockDriver *drv,
616 const char *filename,
617 QemuOpts *opts,
618 Error **errp)
619 {
620 BlockBackend *blk;
621 QDict *options;
622 int64_t size = 0;
623 char *buf = NULL;
624 PreallocMode prealloc;
625 Error *local_err = NULL;
626 int ret;
627
628 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0);
629 buf = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC);
630 prealloc = qapi_enum_parse(&PreallocMode_lookup, buf,
631 PREALLOC_MODE_OFF, &local_err);
632 g_free(buf);
633 if (local_err) {
634 error_propagate(errp, local_err);
635 return -EINVAL;
636 }
637
638 if (prealloc != PREALLOC_MODE_OFF) {
639 error_setg(errp, "Unsupported preallocation mode '%s'",
640 PreallocMode_str(prealloc));
641 return -ENOTSUP;
642 }
643
644 options = qdict_new();
645 qdict_put_str(options, "driver", drv->format_name);
646
647 blk = blk_new_open(filename, NULL, options,
648 BDRV_O_RDWR | BDRV_O_RESIZE, errp);
649 if (!blk) {
650 error_prepend(errp, "Protocol driver '%s' does not support image "
651 "creation, and opening the image failed: ",
652 drv->format_name);
653 return -EINVAL;
654 }
655
656 size = create_file_fallback_truncate(blk, size, errp);
657 if (size < 0) {
658 ret = size;
659 goto out;
660 }
661
662 ret = create_file_fallback_zero_first_sector(blk, size, errp);
663 if (ret < 0) {
664 goto out;
665 }
666
667 ret = 0;
668 out:
669 blk_unref(blk);
670 return ret;
671 }
672
673 int bdrv_create_file(const char *filename, QemuOpts *opts, Error **errp)
674 {
675 BlockDriver *drv;
676
677 drv = bdrv_find_protocol(filename, true, errp);
678 if (drv == NULL) {
679 return -ENOENT;
680 }
681
682 return bdrv_create(drv, filename, opts, errp);
683 }
684
685 int coroutine_fn bdrv_co_delete_file(BlockDriverState *bs, Error **errp)
686 {
687 Error *local_err = NULL;
688 int ret;
689
690 assert(bs != NULL);
691
692 if (!bs->drv) {
693 error_setg(errp, "Block node '%s' is not opened", bs->filename);
694 return -ENOMEDIUM;
695 }
696
697 if (!bs->drv->bdrv_co_delete_file) {
698 error_setg(errp, "Driver '%s' does not support image deletion",
699 bs->drv->format_name);
700 return -ENOTSUP;
701 }
702
703 ret = bs->drv->bdrv_co_delete_file(bs, &local_err);
704 if (ret < 0) {
705 error_propagate(errp, local_err);
706 }
707
708 return ret;
709 }
710
711 /**
712 * Try to get @bs's logical and physical block size.
713 * On success, store them in @bsz struct and return 0.
714 * On failure return -errno.
715 * @bs must not be empty.
716 */
717 int bdrv_probe_blocksizes(BlockDriverState *bs, BlockSizes *bsz)
718 {
719 BlockDriver *drv = bs->drv;
720
721 if (drv && drv->bdrv_probe_blocksizes) {
722 return drv->bdrv_probe_blocksizes(bs, bsz);
723 } else if (drv && drv->is_filter && bs->file) {
724 return bdrv_probe_blocksizes(bs->file->bs, bsz);
725 }
726
727 return -ENOTSUP;
728 }
729
730 /**
731 * Try to get @bs's geometry (cyls, heads, sectors).
732 * On success, store them in @geo struct and return 0.
733 * On failure return -errno.
734 * @bs must not be empty.
735 */
736 int bdrv_probe_geometry(BlockDriverState *bs, HDGeometry *geo)
737 {
738 BlockDriver *drv = bs->drv;
739
740 if (drv && drv->bdrv_probe_geometry) {
741 return drv->bdrv_probe_geometry(bs, geo);
742 } else if (drv && drv->is_filter && bs->file) {
743 return bdrv_probe_geometry(bs->file->bs, geo);
744 }
745
746 return -ENOTSUP;
747 }
748
749 /*
750 * Create a uniquely-named empty temporary file.
751 * Return 0 upon success, otherwise a negative errno value.
752 */
753 int get_tmp_filename(char *filename, int size)
754 {
755 #ifdef _WIN32
756 char temp_dir[MAX_PATH];
757 /* GetTempFileName requires that its output buffer (4th param)
758 have length MAX_PATH or greater. */
759 assert(size >= MAX_PATH);
760 return (GetTempPath(MAX_PATH, temp_dir)
761 && GetTempFileName(temp_dir, "qem", 0, filename)
762 ? 0 : -GetLastError());
763 #else
764 int fd;
765 const char *tmpdir;
766 tmpdir = getenv("TMPDIR");
767 if (!tmpdir) {
768 tmpdir = "/var/tmp";
769 }
770 if (snprintf(filename, size, "%s/vl.XXXXXX", tmpdir) >= size) {
771 return -EOVERFLOW;
772 }
773 fd = mkstemp(filename);
774 if (fd < 0) {
775 return -errno;
776 }
777 if (close(fd) != 0) {
778 unlink(filename);
779 return -errno;
780 }
781 return 0;
782 #endif
783 }
784
785 /*
786 * Detect host devices. By convention, /dev/cdrom[N] is always
787 * recognized as a host CDROM.
788 */
789 static BlockDriver *find_hdev_driver(const char *filename)
790 {
791 int score_max = 0, score;
792 BlockDriver *drv = NULL, *d;
793
794 QLIST_FOREACH(d, &bdrv_drivers, list) {
795 if (d->bdrv_probe_device) {
796 score = d->bdrv_probe_device(filename);
797 if (score > score_max) {
798 score_max = score;
799 drv = d;
800 }
801 }
802 }
803
804 return drv;
805 }
806
807 static BlockDriver *bdrv_do_find_protocol(const char *protocol)
808 {
809 BlockDriver *drv1;
810
811 QLIST_FOREACH(drv1, &bdrv_drivers, list) {
812 if (drv1->protocol_name && !strcmp(drv1->protocol_name, protocol)) {
813 return drv1;
814 }
815 }
816
817 return NULL;
818 }
819
820 BlockDriver *bdrv_find_protocol(const char *filename,
821 bool allow_protocol_prefix,
822 Error **errp)
823 {
824 BlockDriver *drv1;
825 char protocol[128];
826 int len;
827 const char *p;
828 int i;
829
830 /* TODO Drivers without bdrv_file_open must be specified explicitly */
831
832 /*
833 * XXX(hch): we really should not let host device detection
834 * override an explicit protocol specification, but moving this
835 * later breaks access to device names with colons in them.
836 * Thanks to the brain-dead persistent naming schemes on udev-
837 * based Linux systems those actually are quite common.
838 */
839 drv1 = find_hdev_driver(filename);
840 if (drv1) {
841 return drv1;
842 }
843
844 if (!path_has_protocol(filename) || !allow_protocol_prefix) {
845 return &bdrv_file;
846 }
847
848 p = strchr(filename, ':');
849 assert(p != NULL);
850 len = p - filename;
851 if (len > sizeof(protocol) - 1)
852 len = sizeof(protocol) - 1;
853 memcpy(protocol, filename, len);
854 protocol[len] = '\0';
855
856 drv1 = bdrv_do_find_protocol(protocol);
857 if (drv1) {
858 return drv1;
859 }
860
861 for (i = 0; i < (int)ARRAY_SIZE(block_driver_modules); ++i) {
862 if (block_driver_modules[i].protocol_name &&
863 !strcmp(block_driver_modules[i].protocol_name, protocol)) {
864 block_module_load_one(block_driver_modules[i].library_name);
865 break;
866 }
867 }
868
869 drv1 = bdrv_do_find_protocol(protocol);
870 if (!drv1) {
871 error_setg(errp, "Unknown protocol '%s'", protocol);
872 }
873 return drv1;
874 }
875
876 /*
877 * Guess image format by probing its contents.
878 * This is not a good idea when your image is raw (CVE-2008-2004), but
879 * we do it anyway for backward compatibility.
880 *
881 * @buf contains the image's first @buf_size bytes.
882 * @buf_size is the buffer size in bytes (generally BLOCK_PROBE_BUF_SIZE,
883 * but can be smaller if the image file is smaller)
884 * @filename is its filename.
885 *
886 * For all block drivers, call the bdrv_probe() method to get its
887 * probing score.
888 * Return the first block driver with the highest probing score.
889 */
890 BlockDriver *bdrv_probe_all(const uint8_t *buf, int buf_size,
891 const char *filename)
892 {
893 int score_max = 0, score;
894 BlockDriver *drv = NULL, *d;
895
896 QLIST_FOREACH(d, &bdrv_drivers, list) {
897 if (d->bdrv_probe) {
898 score = d->bdrv_probe(buf, buf_size, filename);
899 if (score > score_max) {
900 score_max = score;
901 drv = d;
902 }
903 }
904 }
905
906 return drv;
907 }
908
909 static int find_image_format(BlockBackend *file, const char *filename,
910 BlockDriver **pdrv, Error **errp)
911 {
912 BlockDriver *drv;
913 uint8_t buf[BLOCK_PROBE_BUF_SIZE];
914 int ret = 0;
915
916 /* Return the raw BlockDriver * to scsi-generic devices or empty drives */
917 if (blk_is_sg(file) || !blk_is_inserted(file) || blk_getlength(file) == 0) {
918 *pdrv = &bdrv_raw;
919 return ret;
920 }
921
922 ret = blk_pread(file, 0, buf, sizeof(buf));
923 if (ret < 0) {
924 error_setg_errno(errp, -ret, "Could not read image for determining its "
925 "format");
926 *pdrv = NULL;
927 return ret;
928 }
929
930 drv = bdrv_probe_all(buf, ret, filename);
931 if (!drv) {
932 error_setg(errp, "Could not determine image format: No compatible "
933 "driver found");
934 ret = -ENOENT;
935 }
936 *pdrv = drv;
937 return ret;
938 }
939
940 /**
941 * Set the current 'total_sectors' value
942 * Return 0 on success, -errno on error.
943 */
944 int refresh_total_sectors(BlockDriverState *bs, int64_t hint)
945 {
946 BlockDriver *drv = bs->drv;
947
948 if (!drv) {
949 return -ENOMEDIUM;
950 }
951
952 /* Do not attempt drv->bdrv_getlength() on scsi-generic devices */
953 if (bdrv_is_sg(bs))
954 return 0;
955
956 /* query actual device if possible, otherwise just trust the hint */
957 if (drv->bdrv_getlength) {
958 int64_t length = drv->bdrv_getlength(bs);
959 if (length < 0) {
960 return length;
961 }
962 hint = DIV_ROUND_UP(length, BDRV_SECTOR_SIZE);
963 }
964
965 bs->total_sectors = hint;
966 return 0;
967 }
968
969 /**
970 * Combines a QDict of new block driver @options with any missing options taken
971 * from @old_options, so that leaving out an option defaults to its old value.
972 */
973 static void bdrv_join_options(BlockDriverState *bs, QDict *options,
974 QDict *old_options)
975 {
976 if (bs->drv && bs->drv->bdrv_join_options) {
977 bs->drv->bdrv_join_options(options, old_options);
978 } else {
979 qdict_join(options, old_options, false);
980 }
981 }
982
983 static BlockdevDetectZeroesOptions bdrv_parse_detect_zeroes(QemuOpts *opts,
984 int open_flags,
985 Error **errp)
986 {
987 Error *local_err = NULL;
988 char *value = qemu_opt_get_del(opts, "detect-zeroes");
989 BlockdevDetectZeroesOptions detect_zeroes =
990 qapi_enum_parse(&BlockdevDetectZeroesOptions_lookup, value,
991 BLOCKDEV_DETECT_ZEROES_OPTIONS_OFF, &local_err);
992 g_free(value);
993 if (local_err) {
994 error_propagate(errp, local_err);
995 return detect_zeroes;
996 }
997
998 if (detect_zeroes == BLOCKDEV_DETECT_ZEROES_OPTIONS_UNMAP &&
999 !(open_flags & BDRV_O_UNMAP))
1000 {
1001 error_setg(errp, "setting detect-zeroes to unmap is not allowed "
1002 "without setting discard operation to unmap");
1003 }
1004
1005 return detect_zeroes;
1006 }
1007
1008 /**
1009 * Set open flags for aio engine
1010 *
1011 * Return 0 on success, -1 if the engine specified is invalid
1012 */
1013 int bdrv_parse_aio(const char *mode, int *flags)
1014 {
1015 if (!strcmp(mode, "threads")) {
1016 /* do nothing, default */
1017 } else if (!strcmp(mode, "native")) {
1018 *flags |= BDRV_O_NATIVE_AIO;
1019 #ifdef CONFIG_LINUX_IO_URING
1020 } else if (!strcmp(mode, "io_uring")) {
1021 *flags |= BDRV_O_IO_URING;
1022 #endif
1023 } else {
1024 return -1;
1025 }
1026
1027 return 0;
1028 }
1029
1030 /**
1031 * Set open flags for a given discard mode
1032 *
1033 * Return 0 on success, -1 if the discard mode was invalid.
1034 */
1035 int bdrv_parse_discard_flags(const char *mode, int *flags)
1036 {
1037 *flags &= ~BDRV_O_UNMAP;
1038
1039 if (!strcmp(mode, "off") || !strcmp(mode, "ignore")) {
1040 /* do nothing */
1041 } else if (!strcmp(mode, "on") || !strcmp(mode, "unmap")) {
1042 *flags |= BDRV_O_UNMAP;
1043 } else {
1044 return -1;
1045 }
1046
1047 return 0;
1048 }
1049
1050 /**
1051 * Set open flags for a given cache mode
1052 *
1053 * Return 0 on success, -1 if the cache mode was invalid.
1054 */
1055 int bdrv_parse_cache_mode(const char *mode, int *flags, bool *writethrough)
1056 {
1057 *flags &= ~BDRV_O_CACHE_MASK;
1058
1059 if (!strcmp(mode, "off") || !strcmp(mode, "none")) {
1060 *writethrough = false;
1061 *flags |= BDRV_O_NOCACHE;
1062 } else if (!strcmp(mode, "directsync")) {
1063 *writethrough = true;
1064 *flags |= BDRV_O_NOCACHE;
1065 } else if (!strcmp(mode, "writeback")) {
1066 *writethrough = false;
1067 } else if (!strcmp(mode, "unsafe")) {
1068 *writethrough = false;
1069 *flags |= BDRV_O_NO_FLUSH;
1070 } else if (!strcmp(mode, "writethrough")) {
1071 *writethrough = true;
1072 } else {
1073 return -1;
1074 }
1075
1076 return 0;
1077 }
1078
1079 static char *bdrv_child_get_parent_desc(BdrvChild *c)
1080 {
1081 BlockDriverState *parent = c->opaque;
1082 return g_strdup(bdrv_get_device_or_node_name(parent));
1083 }
1084
1085 static void bdrv_child_cb_drained_begin(BdrvChild *child)
1086 {
1087 BlockDriverState *bs = child->opaque;
1088 bdrv_do_drained_begin_quiesce(bs, NULL, false);
1089 }
1090
1091 static bool bdrv_child_cb_drained_poll(BdrvChild *child)
1092 {
1093 BlockDriverState *bs = child->opaque;
1094 return bdrv_drain_poll(bs, false, NULL, false);
1095 }
1096
1097 static void bdrv_child_cb_drained_end(BdrvChild *child,
1098 int *drained_end_counter)
1099 {
1100 BlockDriverState *bs = child->opaque;
1101 bdrv_drained_end_no_poll(bs, drained_end_counter);
1102 }
1103
1104 static int bdrv_child_cb_inactivate(BdrvChild *child)
1105 {
1106 BlockDriverState *bs = child->opaque;
1107 assert(bs->open_flags & BDRV_O_INACTIVE);
1108 return 0;
1109 }
1110
1111 static bool bdrv_child_cb_can_set_aio_ctx(BdrvChild *child, AioContext *ctx,
1112 GSList **ignore, Error **errp)
1113 {
1114 BlockDriverState *bs = child->opaque;
1115 return bdrv_can_set_aio_context(bs, ctx, ignore, errp);
1116 }
1117
1118 static void bdrv_child_cb_set_aio_ctx(BdrvChild *child, AioContext *ctx,
1119 GSList **ignore)
1120 {
1121 BlockDriverState *bs = child->opaque;
1122 return bdrv_set_aio_context_ignore(bs, ctx, ignore);
1123 }
1124
1125 /*
1126 * Returns the options and flags that a temporary snapshot should get, based on
1127 * the originally requested flags (the originally requested image will have
1128 * flags like a backing file)
1129 */
1130 static void bdrv_temp_snapshot_options(int *child_flags, QDict *child_options,
1131 int parent_flags, QDict *parent_options)
1132 {
1133 *child_flags = (parent_flags & ~BDRV_O_SNAPSHOT) | BDRV_O_TEMPORARY;
1134
1135 /* For temporary files, unconditional cache=unsafe is fine */
1136 qdict_set_default_str(child_options, BDRV_OPT_CACHE_DIRECT, "off");
1137 qdict_set_default_str(child_options, BDRV_OPT_CACHE_NO_FLUSH, "on");
1138
1139 /* Copy the read-only and discard options from the parent */
1140 qdict_copy_default(child_options, parent_options, BDRV_OPT_READ_ONLY);
1141 qdict_copy_default(child_options, parent_options, BDRV_OPT_DISCARD);
1142
1143 /* aio=native doesn't work for cache.direct=off, so disable it for the
1144 * temporary snapshot */
1145 *child_flags &= ~BDRV_O_NATIVE_AIO;
1146 }
1147
1148 /*
1149 * Returns the options and flags that bs->file should get if a protocol driver
1150 * is expected, based on the given options and flags for the parent BDS
1151 */
1152 static void bdrv_protocol_options(BdrvChildRole role, bool parent_is_format,
1153 int *child_flags, QDict *child_options,
1154 int parent_flags, QDict *parent_options)
1155 {
1156 bdrv_inherited_options(BDRV_CHILD_IMAGE, true,
1157 child_flags, child_options,
1158 parent_flags, parent_options);
1159 }
1160
1161 const BdrvChildClass child_file = {
1162 .parent_is_bds = true,
1163 .get_parent_desc = bdrv_child_get_parent_desc,
1164 .inherit_options = bdrv_protocol_options,
1165 .drained_begin = bdrv_child_cb_drained_begin,
1166 .drained_poll = bdrv_child_cb_drained_poll,
1167 .drained_end = bdrv_child_cb_drained_end,
1168 .attach = bdrv_child_cb_attach,
1169 .detach = bdrv_child_cb_detach,
1170 .inactivate = bdrv_child_cb_inactivate,
1171 .can_set_aio_ctx = bdrv_child_cb_can_set_aio_ctx,
1172 .set_aio_ctx = bdrv_child_cb_set_aio_ctx,
1173 };
1174
1175 static void bdrv_backing_attach(BdrvChild *c)
1176 {
1177 BlockDriverState *parent = c->opaque;
1178 BlockDriverState *backing_hd = c->bs;
1179
1180 assert(!parent->backing_blocker);
1181 error_setg(&parent->backing_blocker,
1182 "node is used as backing hd of '%s'",
1183 bdrv_get_device_or_node_name(parent));
1184
1185 bdrv_refresh_filename(backing_hd);
1186
1187 parent->open_flags &= ~BDRV_O_NO_BACKING;
1188 pstrcpy(parent->backing_file, sizeof(parent->backing_file),
1189 backing_hd->filename);
1190 pstrcpy(parent->backing_format, sizeof(parent->backing_format),
1191 backing_hd->drv ? backing_hd->drv->format_name : "");
1192
1193 bdrv_op_block_all(backing_hd, parent->backing_blocker);
1194 /* Otherwise we won't be able to commit or stream */
1195 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_COMMIT_TARGET,
1196 parent->backing_blocker);
1197 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_STREAM,
1198 parent->backing_blocker);
1199 /*
1200 * We do backup in 3 ways:
1201 * 1. drive backup
1202 * The target bs is new opened, and the source is top BDS
1203 * 2. blockdev backup
1204 * Both the source and the target are top BDSes.
1205 * 3. internal backup(used for block replication)
1206 * Both the source and the target are backing file
1207 *
1208 * In case 1 and 2, neither the source nor the target is the backing file.
1209 * In case 3, we will block the top BDS, so there is only one block job
1210 * for the top BDS and its backing chain.
1211 */
1212 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_BACKUP_SOURCE,
1213 parent->backing_blocker);
1214 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_BACKUP_TARGET,
1215 parent->backing_blocker);
1216 }
1217
1218 static void bdrv_backing_detach(BdrvChild *c)
1219 {
1220 BlockDriverState *parent = c->opaque;
1221
1222 assert(parent->backing_blocker);
1223 bdrv_op_unblock_all(c->bs, parent->backing_blocker);
1224 error_free(parent->backing_blocker);
1225 parent->backing_blocker = NULL;
1226 }
1227
1228 static int bdrv_backing_update_filename(BdrvChild *c, BlockDriverState *base,
1229 const char *filename, Error **errp)
1230 {
1231 BlockDriverState *parent = c->opaque;
1232 bool read_only = bdrv_is_read_only(parent);
1233 int ret;
1234
1235 if (read_only) {
1236 ret = bdrv_reopen_set_read_only(parent, false, errp);
1237 if (ret < 0) {
1238 return ret;
1239 }
1240 }
1241
1242 ret = bdrv_change_backing_file(parent, filename,
1243 base->drv ? base->drv->format_name : "");
1244 if (ret < 0) {
1245 error_setg_errno(errp, -ret, "Could not update backing file link");
1246 }
1247
1248 if (read_only) {
1249 bdrv_reopen_set_read_only(parent, true, NULL);
1250 }
1251
1252 return ret;
1253 }
1254
1255 /*
1256 * Returns the options and flags that a generic child of a BDS should
1257 * get, based on the given options and flags for the parent BDS.
1258 */
1259 static void bdrv_inherited_options(BdrvChildRole role, bool parent_is_format,
1260 int *child_flags, QDict *child_options,
1261 int parent_flags, QDict *parent_options)
1262 {
1263 int flags = parent_flags;
1264
1265 /*
1266 * First, decide whether to set, clear, or leave BDRV_O_PROTOCOL.
1267 * Generally, the question to answer is: Should this child be
1268 * format-probed by default?
1269 */
1270
1271 /*
1272 * Pure and non-filtered data children of non-format nodes should
1273 * be probed by default (even when the node itself has BDRV_O_PROTOCOL
1274 * set). This only affects a very limited set of drivers (namely
1275 * quorum and blkverify when this comment was written).
1276 * Force-clear BDRV_O_PROTOCOL then.
1277 */
1278 if (!parent_is_format &&
1279 (role & BDRV_CHILD_DATA) &&
1280 !(role & (BDRV_CHILD_METADATA | BDRV_CHILD_FILTERED)))
1281 {
1282 flags &= ~BDRV_O_PROTOCOL;
1283 }
1284
1285 /*
1286 * All children of format nodes (except for COW children) and all
1287 * metadata children in general should never be format-probed.
1288 * Force-set BDRV_O_PROTOCOL then.
1289 */
1290 if ((parent_is_format && !(role & BDRV_CHILD_COW)) ||
1291 (role & BDRV_CHILD_METADATA))
1292 {
1293 flags |= BDRV_O_PROTOCOL;
1294 }
1295
1296 /*
1297 * If the cache mode isn't explicitly set, inherit direct and no-flush from
1298 * the parent.
1299 */
1300 qdict_copy_default(child_options, parent_options, BDRV_OPT_CACHE_DIRECT);
1301 qdict_copy_default(child_options, parent_options, BDRV_OPT_CACHE_NO_FLUSH);
1302 qdict_copy_default(child_options, parent_options, BDRV_OPT_FORCE_SHARE);
1303
1304 if (role & BDRV_CHILD_COW) {
1305 /* backing files are opened read-only by default */
1306 qdict_set_default_str(child_options, BDRV_OPT_READ_ONLY, "on");
1307 qdict_set_default_str(child_options, BDRV_OPT_AUTO_READ_ONLY, "off");
1308 } else {
1309 /* Inherit the read-only option from the parent if it's not set */
1310 qdict_copy_default(child_options, parent_options, BDRV_OPT_READ_ONLY);
1311 qdict_copy_default(child_options, parent_options,
1312 BDRV_OPT_AUTO_READ_ONLY);
1313 }
1314
1315 /*
1316 * bdrv_co_pdiscard() respects unmap policy for the parent, so we
1317 * can default to enable it on lower layers regardless of the
1318 * parent option.
1319 */
1320 qdict_set_default_str(child_options, BDRV_OPT_DISCARD, "unmap");
1321
1322 /* Clear flags that only apply to the top layer */
1323 flags &= ~(BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING | BDRV_O_COPY_ON_READ);
1324
1325 if (role & BDRV_CHILD_METADATA) {
1326 flags &= ~BDRV_O_NO_IO;
1327 }
1328 if (role & BDRV_CHILD_COW) {
1329 flags &= ~BDRV_O_TEMPORARY;
1330 }
1331
1332 *child_flags = flags;
1333 }
1334
1335 static void bdrv_child_cb_attach(BdrvChild *child)
1336 {
1337 BlockDriverState *bs = child->opaque;
1338
1339 if (child->role & BDRV_CHILD_COW) {
1340 bdrv_backing_attach(child);
1341 }
1342
1343 bdrv_apply_subtree_drain(child, bs);
1344 }
1345
1346 static void bdrv_child_cb_detach(BdrvChild *child)
1347 {
1348 BlockDriverState *bs = child->opaque;
1349
1350 if (child->role & BDRV_CHILD_COW) {
1351 bdrv_backing_detach(child);
1352 }
1353
1354 bdrv_unapply_subtree_drain(child, bs);
1355 }
1356
1357 static int bdrv_child_cb_update_filename(BdrvChild *c, BlockDriverState *base,
1358 const char *filename, Error **errp)
1359 {
1360 if (c->role & BDRV_CHILD_COW) {
1361 return bdrv_backing_update_filename(c, base, filename, errp);
1362 }
1363 return 0;
1364 }
1365
1366 const BdrvChildClass child_of_bds = {
1367 .parent_is_bds = true,
1368 .get_parent_desc = bdrv_child_get_parent_desc,
1369 .inherit_options = bdrv_inherited_options,
1370 .drained_begin = bdrv_child_cb_drained_begin,
1371 .drained_poll = bdrv_child_cb_drained_poll,
1372 .drained_end = bdrv_child_cb_drained_end,
1373 .attach = bdrv_child_cb_attach,
1374 .detach = bdrv_child_cb_detach,
1375 .inactivate = bdrv_child_cb_inactivate,
1376 .can_set_aio_ctx = bdrv_child_cb_can_set_aio_ctx,
1377 .set_aio_ctx = bdrv_child_cb_set_aio_ctx,
1378 .update_filename = bdrv_child_cb_update_filename,
1379 };
1380
1381 static int bdrv_open_flags(BlockDriverState *bs, int flags)
1382 {
1383 int open_flags = flags;
1384
1385 /*
1386 * Clear flags that are internal to the block layer before opening the
1387 * image.
1388 */
1389 open_flags &= ~(BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING | BDRV_O_PROTOCOL);
1390
1391 return open_flags;
1392 }
1393
1394 static void update_flags_from_options(int *flags, QemuOpts *opts)
1395 {
1396 *flags &= ~(BDRV_O_CACHE_MASK | BDRV_O_RDWR | BDRV_O_AUTO_RDONLY);
1397
1398 if (qemu_opt_get_bool_del(opts, BDRV_OPT_CACHE_NO_FLUSH, false)) {
1399 *flags |= BDRV_O_NO_FLUSH;
1400 }
1401
1402 if (qemu_opt_get_bool_del(opts, BDRV_OPT_CACHE_DIRECT, false)) {
1403 *flags |= BDRV_O_NOCACHE;
1404 }
1405
1406 if (!qemu_opt_get_bool_del(opts, BDRV_OPT_READ_ONLY, false)) {
1407 *flags |= BDRV_O_RDWR;
1408 }
1409
1410 if (qemu_opt_get_bool_del(opts, BDRV_OPT_AUTO_READ_ONLY, false)) {
1411 *flags |= BDRV_O_AUTO_RDONLY;
1412 }
1413 }
1414
1415 static void update_options_from_flags(QDict *options, int flags)
1416 {
1417 if (!qdict_haskey(options, BDRV_OPT_CACHE_DIRECT)) {
1418 qdict_put_bool(options, BDRV_OPT_CACHE_DIRECT, flags & BDRV_O_NOCACHE);
1419 }
1420 if (!qdict_haskey(options, BDRV_OPT_CACHE_NO_FLUSH)) {
1421 qdict_put_bool(options, BDRV_OPT_CACHE_NO_FLUSH,
1422 flags & BDRV_O_NO_FLUSH);
1423 }
1424 if (!qdict_haskey(options, BDRV_OPT_READ_ONLY)) {
1425 qdict_put_bool(options, BDRV_OPT_READ_ONLY, !(flags & BDRV_O_RDWR));
1426 }
1427 if (!qdict_haskey(options, BDRV_OPT_AUTO_READ_ONLY)) {
1428 qdict_put_bool(options, BDRV_OPT_AUTO_READ_ONLY,
1429 flags & BDRV_O_AUTO_RDONLY);
1430 }
1431 }
1432
1433 static void bdrv_assign_node_name(BlockDriverState *bs,
1434 const char *node_name,
1435 Error **errp)
1436 {
1437 char *gen_node_name = NULL;
1438
1439 if (!node_name) {
1440 node_name = gen_node_name = id_generate(ID_BLOCK);
1441 } else if (!id_wellformed(node_name)) {
1442 /*
1443 * Check for empty string or invalid characters, but not if it is
1444 * generated (generated names use characters not available to the user)
1445 */
1446 error_setg(errp, "Invalid node name");
1447 return;
1448 }
1449
1450 /* takes care of avoiding namespaces collisions */
1451 if (blk_by_name(node_name)) {
1452 error_setg(errp, "node-name=%s is conflicting with a device id",
1453 node_name);
1454 goto out;
1455 }
1456
1457 /* takes care of avoiding duplicates node names */
1458 if (bdrv_find_node(node_name)) {
1459 error_setg(errp, "Duplicate node name");
1460 goto out;
1461 }
1462
1463 /* Make sure that the node name isn't truncated */
1464 if (strlen(node_name) >= sizeof(bs->node_name)) {
1465 error_setg(errp, "Node name too long");
1466 goto out;
1467 }
1468
1469 /* copy node name into the bs and insert it into the graph list */
1470 pstrcpy(bs->node_name, sizeof(bs->node_name), node_name);
1471 QTAILQ_INSERT_TAIL(&graph_bdrv_states, bs, node_list);
1472 out:
1473 g_free(gen_node_name);
1474 }
1475
1476 static int bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv,
1477 const char *node_name, QDict *options,
1478 int open_flags, Error **errp)
1479 {
1480 Error *local_err = NULL;
1481 int i, ret;
1482
1483 bdrv_assign_node_name(bs, node_name, &local_err);
1484 if (local_err) {
1485 error_propagate(errp, local_err);
1486 return -EINVAL;
1487 }
1488
1489 bs->drv = drv;
1490 bs->read_only = !(bs->open_flags & BDRV_O_RDWR);
1491 bs->opaque = g_malloc0(drv->instance_size);
1492
1493 if (drv->bdrv_file_open) {
1494 assert(!drv->bdrv_needs_filename || bs->filename[0]);
1495 ret = drv->bdrv_file_open(bs, options, open_flags, &local_err);
1496 } else if (drv->bdrv_open) {
1497 ret = drv->bdrv_open(bs, options, open_flags, &local_err);
1498 } else {
1499 ret = 0;
1500 }
1501
1502 if (ret < 0) {
1503 if (local_err) {
1504 error_propagate(errp, local_err);
1505 } else if (bs->filename[0]) {
1506 error_setg_errno(errp, -ret, "Could not open '%s'", bs->filename);
1507 } else {
1508 error_setg_errno(errp, -ret, "Could not open image");
1509 }
1510 goto open_failed;
1511 }
1512
1513 ret = refresh_total_sectors(bs, bs->total_sectors);
1514 if (ret < 0) {
1515 error_setg_errno(errp, -ret, "Could not refresh total sector count");
1516 return ret;
1517 }
1518
1519 bdrv_refresh_limits(bs, &local_err);
1520 if (local_err) {
1521 error_propagate(errp, local_err);
1522 return -EINVAL;
1523 }
1524
1525 assert(bdrv_opt_mem_align(bs) != 0);
1526 assert(bdrv_min_mem_align(bs) != 0);
1527 assert(is_power_of_2(bs->bl.request_alignment));
1528
1529 for (i = 0; i < bs->quiesce_counter; i++) {
1530 if (drv->bdrv_co_drain_begin) {
1531 drv->bdrv_co_drain_begin(bs);
1532 }
1533 }
1534
1535 return 0;
1536 open_failed:
1537 bs->drv = NULL;
1538 if (bs->file != NULL) {
1539 bdrv_unref_child(bs, bs->file);
1540 bs->file = NULL;
1541 }
1542 g_free(bs->opaque);
1543 bs->opaque = NULL;
1544 return ret;
1545 }
1546
1547 BlockDriverState *bdrv_new_open_driver(BlockDriver *drv, const char *node_name,
1548 int flags, Error **errp)
1549 {
1550 BlockDriverState *bs;
1551 int ret;
1552
1553 bs = bdrv_new();
1554 bs->open_flags = flags;
1555 bs->explicit_options = qdict_new();
1556 bs->options = qdict_new();
1557 bs->opaque = NULL;
1558
1559 update_options_from_flags(bs->options, flags);
1560
1561 ret = bdrv_open_driver(bs, drv, node_name, bs->options, flags, errp);
1562 if (ret < 0) {
1563 qobject_unref(bs->explicit_options);
1564 bs->explicit_options = NULL;
1565 qobject_unref(bs->options);
1566 bs->options = NULL;
1567 bdrv_unref(bs);
1568 return NULL;
1569 }
1570
1571 return bs;
1572 }
1573
1574 QemuOptsList bdrv_runtime_opts = {
1575 .name = "bdrv_common",
1576 .head = QTAILQ_HEAD_INITIALIZER(bdrv_runtime_opts.head),
1577 .desc = {
1578 {
1579 .name = "node-name",
1580 .type = QEMU_OPT_STRING,
1581 .help = "Node name of the block device node",
1582 },
1583 {
1584 .name = "driver",
1585 .type = QEMU_OPT_STRING,
1586 .help = "Block driver to use for the node",
1587 },
1588 {
1589 .name = BDRV_OPT_CACHE_DIRECT,
1590 .type = QEMU_OPT_BOOL,
1591 .help = "Bypass software writeback cache on the host",
1592 },
1593 {
1594 .name = BDRV_OPT_CACHE_NO_FLUSH,
1595 .type = QEMU_OPT_BOOL,
1596 .help = "Ignore flush requests",
1597 },
1598 {
1599 .name = BDRV_OPT_READ_ONLY,
1600 .type = QEMU_OPT_BOOL,
1601 .help = "Node is opened in read-only mode",
1602 },
1603 {
1604 .name = BDRV_OPT_AUTO_READ_ONLY,
1605 .type = QEMU_OPT_BOOL,
1606 .help = "Node can become read-only if opening read-write fails",
1607 },
1608 {
1609 .name = "detect-zeroes",
1610 .type = QEMU_OPT_STRING,
1611 .help = "try to optimize zero writes (off, on, unmap)",
1612 },
1613 {
1614 .name = BDRV_OPT_DISCARD,
1615 .type = QEMU_OPT_STRING,
1616 .help = "discard operation (ignore/off, unmap/on)",
1617 },
1618 {
1619 .name = BDRV_OPT_FORCE_SHARE,
1620 .type = QEMU_OPT_BOOL,
1621 .help = "always accept other writers (default: off)",
1622 },
1623 { /* end of list */ }
1624 },
1625 };
1626
1627 QemuOptsList bdrv_create_opts_simple = {
1628 .name = "simple-create-opts",
1629 .head = QTAILQ_HEAD_INITIALIZER(bdrv_create_opts_simple.head),
1630 .desc = {
1631 {
1632 .name = BLOCK_OPT_SIZE,
1633 .type = QEMU_OPT_SIZE,
1634 .help = "Virtual disk size"
1635 },
1636 {
1637 .name = BLOCK_OPT_PREALLOC,
1638 .type = QEMU_OPT_STRING,
1639 .help = "Preallocation mode (allowed values: off)"
1640 },
1641 { /* end of list */ }
1642 }
1643 };
1644
1645 /*
1646 * Common part for opening disk images and files
1647 *
1648 * Removes all processed options from *options.
1649 */
1650 static int bdrv_open_common(BlockDriverState *bs, BlockBackend *file,
1651 QDict *options, Error **errp)
1652 {
1653 int ret, open_flags;
1654 const char *filename;
1655 const char *driver_name = NULL;
1656 const char *node_name = NULL;
1657 const char *discard;
1658 QemuOpts *opts;
1659 BlockDriver *drv;
1660 Error *local_err = NULL;
1661
1662 assert(bs->file == NULL);
1663 assert(options != NULL && bs->options != options);
1664
1665 opts = qemu_opts_create(&bdrv_runtime_opts, NULL, 0, &error_abort);
1666 qemu_opts_absorb_qdict(opts, options, &local_err);
1667 if (local_err) {
1668 error_propagate(errp, local_err);
1669 ret = -EINVAL;
1670 goto fail_opts;
1671 }
1672
1673 update_flags_from_options(&bs->open_flags, opts);
1674
1675 driver_name = qemu_opt_get(opts, "driver");
1676 drv = bdrv_find_format(driver_name);
1677 assert(drv != NULL);
1678
1679 bs->force_share = qemu_opt_get_bool(opts, BDRV_OPT_FORCE_SHARE, false);
1680
1681 if (bs->force_share && (bs->open_flags & BDRV_O_RDWR)) {
1682 error_setg(errp,
1683 BDRV_OPT_FORCE_SHARE
1684 "=on can only be used with read-only images");
1685 ret = -EINVAL;
1686 goto fail_opts;
1687 }
1688
1689 if (file != NULL) {
1690 bdrv_refresh_filename(blk_bs(file));
1691 filename = blk_bs(file)->filename;
1692 } else {
1693 /*
1694 * Caution: while qdict_get_try_str() is fine, getting
1695 * non-string types would require more care. When @options
1696 * come from -blockdev or blockdev_add, its members are typed
1697 * according to the QAPI schema, but when they come from
1698 * -drive, they're all QString.
1699 */
1700 filename = qdict_get_try_str(options, "filename");
1701 }
1702
1703 if (drv->bdrv_needs_filename && (!filename || !filename[0])) {
1704 error_setg(errp, "The '%s' block driver requires a file name",
1705 drv->format_name);
1706 ret = -EINVAL;
1707 goto fail_opts;
1708 }
1709
1710 trace_bdrv_open_common(bs, filename ?: "", bs->open_flags,
1711 drv->format_name);
1712
1713 bs->read_only = !(bs->open_flags & BDRV_O_RDWR);
1714
1715 if (use_bdrv_whitelist && !bdrv_is_whitelisted(drv, bs->read_only)) {
1716 if (!bs->read_only && bdrv_is_whitelisted(drv, true)) {
1717 ret = bdrv_apply_auto_read_only(bs, NULL, NULL);
1718 } else {
1719 ret = -ENOTSUP;
1720 }
1721 if (ret < 0) {
1722 error_setg(errp,
1723 !bs->read_only && bdrv_is_whitelisted(drv, true)
1724 ? "Driver '%s' can only be used for read-only devices"
1725 : "Driver '%s' is not whitelisted",
1726 drv->format_name);
1727 goto fail_opts;
1728 }
1729 }
1730
1731 /* bdrv_new() and bdrv_close() make it so */
1732 assert(atomic_read(&bs->copy_on_read) == 0);
1733
1734 if (bs->open_flags & BDRV_O_COPY_ON_READ) {
1735 if (!bs->read_only) {
1736 bdrv_enable_copy_on_read(bs);
1737 } else {
1738 error_setg(errp, "Can't use copy-on-read on read-only device");
1739 ret = -EINVAL;
1740 goto fail_opts;
1741 }
1742 }
1743
1744 discard = qemu_opt_get(opts, BDRV_OPT_DISCARD);
1745 if (discard != NULL) {
1746 if (bdrv_parse_discard_flags(discard, &bs->open_flags) != 0) {
1747 error_setg(errp, "Invalid discard option");
1748 ret = -EINVAL;
1749 goto fail_opts;
1750 }
1751 }
1752
1753 bs->detect_zeroes =
1754 bdrv_parse_detect_zeroes(opts, bs->open_flags, &local_err);
1755 if (local_err) {
1756 error_propagate(errp, local_err);
1757 ret = -EINVAL;
1758 goto fail_opts;
1759 }
1760
1761 if (filename != NULL) {
1762 pstrcpy(bs->filename, sizeof(bs->filename), filename);
1763 } else {
1764 bs->filename[0] = '\0';
1765 }
1766 pstrcpy(bs->exact_filename, sizeof(bs->exact_filename), bs->filename);
1767
1768 /* Open the image, either directly or using a protocol */
1769 open_flags = bdrv_open_flags(bs, bs->open_flags);
1770 node_name = qemu_opt_get(opts, "node-name");
1771
1772 assert(!drv->bdrv_file_open || file == NULL);
1773 ret = bdrv_open_driver(bs, drv, node_name, options, open_flags, errp);
1774 if (ret < 0) {
1775 goto fail_opts;
1776 }
1777
1778 qemu_opts_del(opts);
1779 return 0;
1780
1781 fail_opts:
1782 qemu_opts_del(opts);
1783 return ret;
1784 }
1785
1786 static QDict *parse_json_filename(const char *filename, Error **errp)
1787 {
1788 QObject *options_obj;
1789 QDict *options;
1790 int ret;
1791
1792 ret = strstart(filename, "json:", &filename);
1793 assert(ret);
1794
1795 options_obj = qobject_from_json(filename, errp);
1796 if (!options_obj) {
1797 error_prepend(errp, "Could not parse the JSON options: ");
1798 return NULL;
1799 }
1800
1801 options = qobject_to(QDict, options_obj);
1802 if (!options) {
1803 qobject_unref(options_obj);
1804 error_setg(errp, "Invalid JSON object given");
1805 return NULL;
1806 }
1807
1808 qdict_flatten(options);
1809
1810 return options;
1811 }
1812
1813 static void parse_json_protocol(QDict *options, const char **pfilename,
1814 Error **errp)
1815 {
1816 QDict *json_options;
1817 Error *local_err = NULL;
1818
1819 /* Parse json: pseudo-protocol */
1820 if (!*pfilename || !g_str_has_prefix(*pfilename, "json:")) {
1821 return;
1822 }
1823
1824 json_options = parse_json_filename(*pfilename, &local_err);
1825 if (local_err) {
1826 error_propagate(errp, local_err);
1827 return;
1828 }
1829
1830 /* Options given in the filename have lower priority than options
1831 * specified directly */
1832 qdict_join(options, json_options, false);
1833 qobject_unref(json_options);
1834 *pfilename = NULL;
1835 }
1836
1837 /*
1838 * Fills in default options for opening images and converts the legacy
1839 * filename/flags pair to option QDict entries.
1840 * The BDRV_O_PROTOCOL flag in *flags will be set or cleared accordingly if a
1841 * block driver has been specified explicitly.
1842 */
1843 static int bdrv_fill_options(QDict **options, const char *filename,
1844 int *flags, Error **errp)
1845 {
1846 const char *drvname;
1847 bool protocol = *flags & BDRV_O_PROTOCOL;
1848 bool parse_filename = false;
1849 BlockDriver *drv = NULL;
1850 Error *local_err = NULL;
1851
1852 /*
1853 * Caution: while qdict_get_try_str() is fine, getting non-string
1854 * types would require more care. When @options come from
1855 * -blockdev or blockdev_add, its members are typed according to
1856 * the QAPI schema, but when they come from -drive, they're all
1857 * QString.
1858 */
1859 drvname = qdict_get_try_str(*options, "driver");
1860 if (drvname) {
1861 drv = bdrv_find_format(drvname);
1862 if (!drv) {
1863 error_setg(errp, "Unknown driver '%s'", drvname);
1864 return -ENOENT;
1865 }
1866 /* If the user has explicitly specified the driver, this choice should
1867 * override the BDRV_O_PROTOCOL flag */
1868 protocol = drv->bdrv_file_open;
1869 }
1870
1871 if (protocol) {
1872 *flags |= BDRV_O_PROTOCOL;
1873 } else {
1874 *flags &= ~BDRV_O_PROTOCOL;
1875 }
1876
1877 /* Translate cache options from flags into options */
1878 update_options_from_flags(*options, *flags);
1879
1880 /* Fetch the file name from the options QDict if necessary */
1881 if (protocol && filename) {
1882 if (!qdict_haskey(*options, "filename")) {
1883 qdict_put_str(*options, "filename", filename);
1884 parse_filename = true;
1885 } else {
1886 error_setg(errp, "Can't specify 'file' and 'filename' options at "
1887 "the same time");
1888 return -EINVAL;
1889 }
1890 }
1891
1892 /* Find the right block driver */
1893 /* See cautionary note on accessing @options above */
1894 filename = qdict_get_try_str(*options, "filename");
1895
1896 if (!drvname && protocol) {
1897 if (filename) {
1898 drv = bdrv_find_protocol(filename, parse_filename, errp);
1899 if (!drv) {
1900 return -EINVAL;
1901 }
1902
1903 drvname = drv->format_name;
1904 qdict_put_str(*options, "driver", drvname);
1905 } else {
1906 error_setg(errp, "Must specify either driver or file");
1907 return -EINVAL;
1908 }
1909 }
1910
1911 assert(drv || !protocol);
1912
1913 /* Driver-specific filename parsing */
1914 if (drv && drv->bdrv_parse_filename && parse_filename) {
1915 drv->bdrv_parse_filename(filename, *options, &local_err);
1916 if (local_err) {
1917 error_propagate(errp, local_err);
1918 return -EINVAL;
1919 }
1920
1921 if (!drv->bdrv_needs_filename) {
1922 qdict_del(*options, "filename");
1923 }
1924 }
1925
1926 return 0;
1927 }
1928
1929 static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q,
1930 uint64_t perm, uint64_t shared,
1931 GSList *ignore_children,
1932 bool *tighten_restrictions, Error **errp);
1933 static void bdrv_child_abort_perm_update(BdrvChild *c);
1934 static void bdrv_child_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared);
1935
1936 typedef struct BlockReopenQueueEntry {
1937 bool prepared;
1938 bool perms_checked;
1939 BDRVReopenState state;
1940 QTAILQ_ENTRY(BlockReopenQueueEntry) entry;
1941 } BlockReopenQueueEntry;
1942
1943 /*
1944 * Return the flags that @bs will have after the reopens in @q have
1945 * successfully completed. If @q is NULL (or @bs is not contained in @q),
1946 * return the current flags.
1947 */
1948 static int bdrv_reopen_get_flags(BlockReopenQueue *q, BlockDriverState *bs)
1949 {
1950 BlockReopenQueueEntry *entry;
1951
1952 if (q != NULL) {
1953 QTAILQ_FOREACH(entry, q, entry) {
1954 if (entry->state.bs == bs) {
1955 return entry->state.flags;
1956 }
1957 }
1958 }
1959
1960 return bs->open_flags;
1961 }
1962
1963 /* Returns whether the image file can be written to after the reopen queue @q
1964 * has been successfully applied, or right now if @q is NULL. */
1965 static bool bdrv_is_writable_after_reopen(BlockDriverState *bs,
1966 BlockReopenQueue *q)
1967 {
1968 int flags = bdrv_reopen_get_flags(q, bs);
1969
1970 return (flags & (BDRV_O_RDWR | BDRV_O_INACTIVE)) == BDRV_O_RDWR;
1971 }
1972
1973 /*
1974 * Return whether the BDS can be written to. This is not necessarily
1975 * the same as !bdrv_is_read_only(bs), as inactivated images may not
1976 * be written to but do not count as read-only images.
1977 */
1978 bool bdrv_is_writable(BlockDriverState *bs)
1979 {
1980 return bdrv_is_writable_after_reopen(bs, NULL);
1981 }
1982
1983 static void bdrv_child_perm(BlockDriverState *bs, BlockDriverState *child_bs,
1984 BdrvChild *c, const BdrvChildClass *child_class,
1985 BdrvChildRole role, BlockReopenQueue *reopen_queue,
1986 uint64_t parent_perm, uint64_t parent_shared,
1987 uint64_t *nperm, uint64_t *nshared)
1988 {
1989 assert(bs->drv && bs->drv->bdrv_child_perm);
1990 bs->drv->bdrv_child_perm(bs, c, child_class, role, reopen_queue,
1991 parent_perm, parent_shared,
1992 nperm, nshared);
1993 /* TODO Take force_share from reopen_queue */
1994 if (child_bs && child_bs->force_share) {
1995 *nshared = BLK_PERM_ALL;
1996 }
1997 }
1998
1999 /*
2000 * Check whether permissions on this node can be changed in a way that
2001 * @cumulative_perms and @cumulative_shared_perms are the new cumulative
2002 * permissions of all its parents. This involves checking whether all necessary
2003 * permission changes to child nodes can be performed.
2004 *
2005 * Will set *tighten_restrictions to true if and only if new permissions have to
2006 * be taken or currently shared permissions are to be unshared. Otherwise,
2007 * errors are not fatal as long as the caller accepts that the restrictions
2008 * remain tighter than they need to be. The caller still has to abort the
2009 * transaction.
2010 * @tighten_restrictions cannot be used together with @q: When reopening, we may
2011 * encounter fatal errors even though no restrictions are to be tightened. For
2012 * example, changing a node from RW to RO will fail if the WRITE permission is
2013 * to be kept.
2014 *
2015 * A call to this function must always be followed by a call to bdrv_set_perm()
2016 * or bdrv_abort_perm_update().
2017 */
2018 static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
2019 uint64_t cumulative_perms,
2020 uint64_t cumulative_shared_perms,
2021 GSList *ignore_children,
2022 bool *tighten_restrictions, Error **errp)
2023 {
2024 BlockDriver *drv = bs->drv;
2025 BdrvChild *c;
2026 int ret;
2027
2028 assert(!q || !tighten_restrictions);
2029
2030 if (tighten_restrictions) {
2031 uint64_t current_perms, current_shared;
2032 uint64_t added_perms, removed_shared_perms;
2033
2034 bdrv_get_cumulative_perm(bs, &current_perms, &current_shared);
2035
2036 added_perms = cumulative_perms & ~current_perms;
2037 removed_shared_perms = current_shared & ~cumulative_shared_perms;
2038
2039 *tighten_restrictions = added_perms || removed_shared_perms;
2040 }
2041
2042 /* Write permissions never work with read-only images */
2043 if ((cumulative_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) &&
2044 !bdrv_is_writable_after_reopen(bs, q))
2045 {
2046 if (!bdrv_is_writable_after_reopen(bs, NULL)) {
2047 error_setg(errp, "Block node is read-only");
2048 } else {
2049 uint64_t current_perms, current_shared;
2050 bdrv_get_cumulative_perm(bs, &current_perms, &current_shared);
2051 if (current_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) {
2052 error_setg(errp, "Cannot make block node read-only, there is "
2053 "a writer on it");
2054 } else {
2055 error_setg(errp, "Cannot make block node read-only and create "
2056 "a writer on it");
2057 }
2058 }
2059
2060 return -EPERM;
2061 }
2062
2063 /* Check this node */
2064 if (!drv) {
2065 return 0;
2066 }
2067
2068 if (drv->bdrv_check_perm) {
2069 return drv->bdrv_check_perm(bs, cumulative_perms,
2070 cumulative_shared_perms, errp);
2071 }
2072
2073 /* Drivers that never have children can omit .bdrv_child_perm() */
2074 if (!drv->bdrv_child_perm) {
2075 assert(QLIST_EMPTY(&bs->children));
2076 return 0;
2077 }
2078
2079 /* Check all children */
2080 QLIST_FOREACH(c, &bs->children, next) {
2081 uint64_t cur_perm, cur_shared;
2082 bool child_tighten_restr;
2083
2084 bdrv_child_perm(bs, c->bs, c, c->klass, c->role, q,
2085 cumulative_perms, cumulative_shared_perms,
2086 &cur_perm, &cur_shared);
2087 ret = bdrv_child_check_perm(c, q, cur_perm, cur_shared, ignore_children,
2088 tighten_restrictions ? &child_tighten_restr
2089 : NULL,
2090 errp);
2091 if (tighten_restrictions) {
2092 *tighten_restrictions |= child_tighten_restr;
2093 }
2094 if (ret < 0) {
2095 return ret;
2096 }
2097 }
2098
2099 return 0;
2100 }
2101
2102 /*
2103 * Notifies drivers that after a previous bdrv_check_perm() call, the
2104 * permission update is not performed and any preparations made for it (e.g.
2105 * taken file locks) need to be undone.
2106 *
2107 * This function recursively notifies all child nodes.
2108 */
2109 static void bdrv_abort_perm_update(BlockDriverState *bs)
2110 {
2111 BlockDriver *drv = bs->drv;
2112 BdrvChild *c;
2113
2114 if (!drv) {
2115 return;
2116 }
2117
2118 if (drv->bdrv_abort_perm_update) {
2119 drv->bdrv_abort_perm_update(bs);
2120 }
2121
2122 QLIST_FOREACH(c, &bs->children, next) {
2123 bdrv_child_abort_perm_update(c);
2124 }
2125 }
2126
2127 static void bdrv_set_perm(BlockDriverState *bs, uint64_t cumulative_perms,
2128 uint64_t cumulative_shared_perms)
2129 {
2130 BlockDriver *drv = bs->drv;
2131 BdrvChild *c;
2132
2133 if (!drv) {
2134 return;
2135 }
2136
2137 /* Update this node */
2138 if (drv->bdrv_set_perm) {
2139 drv->bdrv_set_perm(bs, cumulative_perms, cumulative_shared_perms);
2140 }
2141
2142 /* Drivers that never have children can omit .bdrv_child_perm() */
2143 if (!drv->bdrv_child_perm) {
2144 assert(QLIST_EMPTY(&bs->children));
2145 return;
2146 }
2147
2148 /* Update all children */
2149 QLIST_FOREACH(c, &bs->children, next) {
2150 uint64_t cur_perm, cur_shared;
2151 bdrv_child_perm(bs, c->bs, c, c->klass, c->role, NULL,
2152 cumulative_perms, cumulative_shared_perms,
2153 &cur_perm, &cur_shared);
2154 bdrv_child_set_perm(c, cur_perm, cur_shared);
2155 }
2156 }
2157
2158 void bdrv_get_cumulative_perm(BlockDriverState *bs, uint64_t *perm,
2159 uint64_t *shared_perm)
2160 {
2161 BdrvChild *c;
2162 uint64_t cumulative_perms = 0;
2163 uint64_t cumulative_shared_perms = BLK_PERM_ALL;
2164
2165 QLIST_FOREACH(c, &bs->parents, next_parent) {
2166 cumulative_perms |= c->perm;
2167 cumulative_shared_perms &= c->shared_perm;
2168 }
2169
2170 *perm = cumulative_perms;
2171 *shared_perm = cumulative_shared_perms;
2172 }
2173
2174 static char *bdrv_child_user_desc(BdrvChild *c)
2175 {
2176 if (c->klass->get_parent_desc) {
2177 return c->klass->get_parent_desc(c);
2178 }
2179
2180 return g_strdup("another user");
2181 }
2182
2183 char *bdrv_perm_names(uint64_t perm)
2184 {
2185 struct perm_name {
2186 uint64_t perm;
2187 const char *name;
2188 } permissions[] = {
2189 { BLK_PERM_CONSISTENT_READ, "consistent read" },
2190 { BLK_PERM_WRITE, "write" },
2191 { BLK_PERM_WRITE_UNCHANGED, "write unchanged" },
2192 { BLK_PERM_RESIZE, "resize" },
2193 { BLK_PERM_GRAPH_MOD, "change children" },
2194 { 0, NULL }
2195 };
2196
2197 GString *result = g_string_sized_new(30);
2198 struct perm_name *p;
2199
2200 for (p = permissions; p->name; p++) {
2201 if (perm & p->perm) {
2202 if (result->len > 0) {
2203 g_string_append(result, ", ");
2204 }
2205 g_string_append(result, p->name);
2206 }
2207 }
2208
2209 return g_string_free(result, FALSE);
2210 }
2211
2212 /*
2213 * Checks whether a new reference to @bs can be added if the new user requires
2214 * @new_used_perm/@new_shared_perm as its permissions. If @ignore_children is
2215 * set, the BdrvChild objects in this list are ignored in the calculations;
2216 * this allows checking permission updates for an existing reference.
2217 *
2218 * See bdrv_check_perm() for the semantics of @tighten_restrictions.
2219 *
2220 * Needs to be followed by a call to either bdrv_set_perm() or
2221 * bdrv_abort_perm_update(). */
2222 static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
2223 uint64_t new_used_perm,
2224 uint64_t new_shared_perm,
2225 GSList *ignore_children,
2226 bool *tighten_restrictions,
2227 Error **errp)
2228 {
2229 BdrvChild *c;
2230 uint64_t cumulative_perms = new_used_perm;
2231 uint64_t cumulative_shared_perms = new_shared_perm;
2232
2233 assert(!q || !tighten_restrictions);
2234
2235 /* There is no reason why anyone couldn't tolerate write_unchanged */
2236 assert(new_shared_perm & BLK_PERM_WRITE_UNCHANGED);
2237
2238 QLIST_FOREACH(c, &bs->parents, next_parent) {
2239 if (g_slist_find(ignore_children, c)) {
2240 continue;
2241 }
2242
2243 if ((new_used_perm & c->shared_perm) != new_used_perm) {
2244 char *user = bdrv_child_user_desc(c);
2245 char *perm_names = bdrv_perm_names(new_used_perm & ~c->shared_perm);
2246
2247 if (tighten_restrictions) {
2248 *tighten_restrictions = true;
2249 }
2250
2251 error_setg(errp, "Conflicts with use by %s as '%s', which does not "
2252 "allow '%s' on %s",
2253 user, c->name, perm_names, bdrv_get_node_name(c->bs));
2254 g_free(user);
2255 g_free(perm_names);
2256 return -EPERM;
2257 }
2258
2259 if ((c->perm & new_shared_perm) != c->perm) {
2260 char *user = bdrv_child_user_desc(c);
2261 char *perm_names = bdrv_perm_names(c->perm & ~new_shared_perm);
2262
2263 if (tighten_restrictions) {
2264 *tighten_restrictions = true;
2265 }
2266
2267 error_setg(errp, "Conflicts with use by %s as '%s', which uses "
2268 "'%s' on %s",
2269 user, c->name, perm_names, bdrv_get_node_name(c->bs));
2270 g_free(user);
2271 g_free(perm_names);
2272 return -EPERM;
2273 }
2274
2275 cumulative_perms |= c->perm;
2276 cumulative_shared_perms &= c->shared_perm;
2277 }
2278
2279 return bdrv_check_perm(bs, q, cumulative_perms, cumulative_shared_perms,
2280 ignore_children, tighten_restrictions, errp);
2281 }
2282
2283 /* Needs to be followed by a call to either bdrv_child_set_perm() or
2284 * bdrv_child_abort_perm_update(). */
2285 static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q,
2286 uint64_t perm, uint64_t shared,
2287 GSList *ignore_children,
2288 bool *tighten_restrictions, Error **errp)
2289 {
2290 int ret;
2291
2292 ignore_children = g_slist_prepend(g_slist_copy(ignore_children), c);
2293 ret = bdrv_check_update_perm(c->bs, q, perm, shared, ignore_children,
2294 tighten_restrictions, errp);
2295 g_slist_free(ignore_children);
2296
2297 if (ret < 0) {
2298 return ret;
2299 }
2300
2301 if (!c->has_backup_perm) {
2302 c->has_backup_perm = true;
2303 c->backup_perm = c->perm;
2304 c->backup_shared_perm = c->shared_perm;
2305 }
2306 /*
2307 * Note: it's OK if c->has_backup_perm was already set, as we can find the
2308 * same child twice during check_perm procedure
2309 */
2310
2311 c->perm = perm;
2312 c->shared_perm = shared;
2313
2314 return 0;
2315 }
2316
2317 static void bdrv_child_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared)
2318 {
2319 uint64_t cumulative_perms, cumulative_shared_perms;
2320
2321 c->has_backup_perm = false;
2322
2323 c->perm = perm;
2324 c->shared_perm = shared;
2325
2326 bdrv_get_cumulative_perm(c->bs, &cumulative_perms,
2327 &cumulative_shared_perms);
2328 bdrv_set_perm(c->bs, cumulative_perms, cumulative_shared_perms);
2329 }
2330
2331 static void bdrv_child_abort_perm_update(BdrvChild *c)
2332 {
2333 if (c->has_backup_perm) {
2334 c->perm = c->backup_perm;
2335 c->shared_perm = c->backup_shared_perm;
2336 c->has_backup_perm = false;
2337 }
2338
2339 bdrv_abort_perm_update(c->bs);
2340 }
2341
2342 int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
2343 Error **errp)
2344 {
2345 Error *local_err = NULL;
2346 int ret;
2347 bool tighten_restrictions;
2348
2349 ret = bdrv_child_check_perm(c, NULL, perm, shared, NULL,
2350 &tighten_restrictions, &local_err);
2351 if (ret < 0) {
2352 bdrv_child_abort_perm_update(c);
2353 if (tighten_restrictions) {
2354 error_propagate(errp, local_err);
2355 } else {
2356 /*
2357 * Our caller may intend to only loosen restrictions and
2358 * does not expect this function to fail. Errors are not
2359 * fatal in such a case, so we can just hide them from our
2360 * caller.
2361 */
2362 error_free(local_err);
2363 ret = 0;
2364 }
2365 return ret;
2366 }
2367
2368 bdrv_child_set_perm(c, perm, shared);
2369
2370 return 0;
2371 }
2372
2373 int bdrv_child_refresh_perms(BlockDriverState *bs, BdrvChild *c, Error **errp)
2374 {
2375 uint64_t parent_perms, parent_shared;
2376 uint64_t perms, shared;
2377
2378 bdrv_get_cumulative_perm(bs, &parent_perms, &parent_shared);
2379 bdrv_child_perm(bs, c->bs, c, c->klass, c->role, NULL,
2380 parent_perms, parent_shared, &perms, &shared);
2381
2382 return bdrv_child_try_set_perm(c, perms, shared, errp);
2383 }
2384
2385 void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
2386 const BdrvChildClass *child_class,
2387 BdrvChildRole role,
2388 BlockReopenQueue *reopen_queue,
2389 uint64_t perm, uint64_t shared,
2390 uint64_t *nperm, uint64_t *nshared)
2391 {
2392 *nperm = perm & DEFAULT_PERM_PASSTHROUGH;
2393 *nshared = (shared & DEFAULT_PERM_PASSTHROUGH) | DEFAULT_PERM_UNCHANGED;
2394 }
2395
2396 static void bdrv_default_perms_for_cow(BlockDriverState *bs, BdrvChild *c,
2397 const BdrvChildClass *child_class,
2398 BdrvChildRole role,
2399 BlockReopenQueue *reopen_queue,
2400 uint64_t perm, uint64_t shared,
2401 uint64_t *nperm, uint64_t *nshared)
2402 {
2403 assert(child_class == &child_of_bds && (role & BDRV_CHILD_COW));
2404
2405 /*
2406 * We want consistent read from backing files if the parent needs it.
2407 * No other operations are performed on backing files.
2408 */
2409 perm &= BLK_PERM_CONSISTENT_READ;
2410
2411 /*
2412 * If the parent can deal with changing data, we're okay with a
2413 * writable and resizable backing file.
2414 * TODO Require !(perm & BLK_PERM_CONSISTENT_READ), too?
2415 */
2416 if (shared & BLK_PERM_WRITE) {
2417 shared = BLK_PERM_WRITE | BLK_PERM_RESIZE;
2418 } else {
2419 shared = 0;
2420 }
2421
2422 shared |= BLK_PERM_CONSISTENT_READ | BLK_PERM_GRAPH_MOD |
2423 BLK_PERM_WRITE_UNCHANGED;
2424
2425 if (bs->open_flags & BDRV_O_INACTIVE) {
2426 shared |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
2427 }
2428
2429 *nperm = perm;
2430 *nshared = shared;
2431 }
2432
2433 static void bdrv_default_perms_for_storage(BlockDriverState *bs, BdrvChild *c,
2434 const BdrvChildClass *child_class,
2435 BdrvChildRole role,
2436 BlockReopenQueue *reopen_queue,
2437 uint64_t perm, uint64_t shared,
2438 uint64_t *nperm, uint64_t *nshared)
2439 {
2440 int flags;
2441
2442 assert(child_class == &child_file ||
2443 (child_class == &child_of_bds &&
2444 (role & (BDRV_CHILD_METADATA | BDRV_CHILD_DATA))));
2445
2446 flags = bdrv_reopen_get_flags(reopen_queue, bs);
2447
2448 /*
2449 * Apart from the modifications below, the same permissions are
2450 * forwarded and left alone as for filters
2451 */
2452 bdrv_filter_default_perms(bs, c, child_class, role, reopen_queue,
2453 perm, shared, &perm, &shared);
2454
2455 if (role & BDRV_CHILD_METADATA) {
2456 /* Format drivers may touch metadata even if the guest doesn't write */
2457 if (bdrv_is_writable_after_reopen(bs, reopen_queue)) {
2458 perm |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
2459 }
2460
2461 /*
2462 * bs->file always needs to be consistent because of the
2463 * metadata. We can never allow other users to resize or write
2464 * to it.
2465 */
2466 if (!(flags & BDRV_O_NO_IO)) {
2467 perm |= BLK_PERM_CONSISTENT_READ;
2468 }
2469 shared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
2470 }
2471
2472 if (role & BDRV_CHILD_DATA) {
2473 /*
2474 * Technically, everything in this block is a subset of the
2475 * BDRV_CHILD_METADATA path taken above, and so this could
2476 * be an "else if" branch. However, that is not obvious, and
2477 * this function is not performance critical, therefore we let
2478 * this be an independent "if".
2479 */
2480
2481 /*
2482 * We cannot allow other users to resize the file because the
2483 * format driver might have some assumptions about the size
2484 * (e.g. because it is stored in metadata, or because the file
2485 * is split into fixed-size data files).
2486 */
2487 shared &= ~BLK_PERM_RESIZE;
2488
2489 /*
2490 * WRITE_UNCHANGED often cannot be performed as such on the
2491 * data file. For example, the qcow2 driver may still need to
2492 * write copied clusters on copy-on-read.
2493 */
2494 if (perm & BLK_PERM_WRITE_UNCHANGED) {
2495 perm |= BLK_PERM_WRITE;
2496 }
2497
2498 /*
2499 * If the data file is written to, the format driver may
2500 * expect to be able to resize it by writing beyond the EOF.
2501 */
2502 if (perm & BLK_PERM_WRITE) {
2503 perm |= BLK_PERM_RESIZE;
2504 }
2505 }
2506
2507 if (bs->open_flags & BDRV_O_INACTIVE) {
2508 shared |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
2509 }
2510
2511 *nperm = perm;
2512 *nshared = shared;
2513 }
2514
2515 void bdrv_format_default_perms(BlockDriverState *bs, BdrvChild *c,
2516 const BdrvChildClass *child_class,
2517 BdrvChildRole role,
2518 BlockReopenQueue *reopen_queue,
2519 uint64_t perm, uint64_t shared,
2520 uint64_t *nperm, uint64_t *nshared)
2521 {
2522 if (child_class == &child_of_bds) {
2523 bdrv_default_perms(bs, c, child_class, role, reopen_queue,
2524 perm, shared, nperm, nshared);
2525 return;
2526 }
2527
2528 assert(child_class == &child_file);
2529
2530 bdrv_default_perms_for_storage(bs, c, child_class, role, reopen_queue,
2531 perm, shared, nperm, nshared);
2532 }
2533
2534 void bdrv_default_perms(BlockDriverState *bs, BdrvChild *c,
2535 const BdrvChildClass *child_class, BdrvChildRole role,
2536 BlockReopenQueue *reopen_queue,
2537 uint64_t perm, uint64_t shared,
2538 uint64_t *nperm, uint64_t *nshared)
2539 {
2540 assert(child_class == &child_of_bds);
2541
2542 if (role & BDRV_CHILD_FILTERED) {
2543 assert(!(role & (BDRV_CHILD_DATA | BDRV_CHILD_METADATA |
2544 BDRV_CHILD_COW)));
2545 bdrv_filter_default_perms(bs, c, child_class, role, reopen_queue,
2546 perm, shared, nperm, nshared);
2547 } else if (role & BDRV_CHILD_COW) {
2548 assert(!(role & (BDRV_CHILD_DATA | BDRV_CHILD_METADATA)));
2549 bdrv_default_perms_for_cow(bs, c, child_class, role, reopen_queue,
2550 perm, shared, nperm, nshared);
2551 } else if (role & (BDRV_CHILD_METADATA | BDRV_CHILD_DATA)) {
2552 bdrv_default_perms_for_storage(bs, c, child_class, role, reopen_queue,
2553 perm, shared, nperm, nshared);
2554 } else {
2555 g_assert_not_reached();
2556 }
2557 }
2558
2559 uint64_t bdrv_qapi_perm_to_blk_perm(BlockPermission qapi_perm)
2560 {
2561 static const uint64_t permissions[] = {
2562 [BLOCK_PERMISSION_CONSISTENT_READ] = BLK_PERM_CONSISTENT_READ,
2563 [BLOCK_PERMISSION_WRITE] = BLK_PERM_WRITE,
2564 [BLOCK_PERMISSION_WRITE_UNCHANGED] = BLK_PERM_WRITE_UNCHANGED,
2565 [BLOCK_PERMISSION_RESIZE] = BLK_PERM_RESIZE,
2566 [BLOCK_PERMISSION_GRAPH_MOD] = BLK_PERM_GRAPH_MOD,
2567 };
2568
2569 QEMU_BUILD_BUG_ON(ARRAY_SIZE(permissions) != BLOCK_PERMISSION__MAX);
2570 QEMU_BUILD_BUG_ON(1UL << ARRAY_SIZE(permissions) != BLK_PERM_ALL + 1);
2571
2572 assert(qapi_perm < BLOCK_PERMISSION__MAX);
2573
2574 return permissions[qapi_perm];
2575 }
2576
2577 static void bdrv_replace_child_noperm(BdrvChild *child,
2578 BlockDriverState *new_bs)
2579 {
2580 BlockDriverState *old_bs = child->bs;
2581 int new_bs_quiesce_counter;
2582 int drain_saldo;
2583
2584 assert(!child->frozen);
2585
2586 if (old_bs && new_bs) {
2587 assert(bdrv_get_aio_context(old_bs) == bdrv_get_aio_context(new_bs));
2588 }
2589
2590 new_bs_quiesce_counter = (new_bs ? new_bs->quiesce_counter : 0);
2591 drain_saldo = new_bs_quiesce_counter - child->parent_quiesce_counter;
2592
2593 /*
2594 * If the new child node is drained but the old one was not, flush
2595 * all outstanding requests to the old child node.
2596 */
2597 while (drain_saldo > 0 && child->klass->drained_begin) {
2598 bdrv_parent_drained_begin_single(child, true);
2599 drain_saldo--;
2600 }
2601
2602 if (old_bs) {
2603 /* Detach first so that the recursive drain sections coming from @child
2604 * are already gone and we only end the drain sections that came from
2605 * elsewhere. */
2606 if (child->klass->detach) {
2607 child->klass->detach(child);
2608 }
2609 QLIST_REMOVE(child, next_parent);
2610 }
2611
2612 child->bs = new_bs;
2613
2614 if (new_bs) {
2615 QLIST_INSERT_HEAD(&new_bs->parents, child, next_parent);
2616
2617 /*
2618 * Detaching the old node may have led to the new node's
2619 * quiesce_counter having been decreased. Not a problem, we
2620 * just need to recognize this here and then invoke
2621 * drained_end appropriately more often.
2622 */
2623 assert(new_bs->quiesce_counter <= new_bs_quiesce_counter);
2624 drain_saldo += new_bs->quiesce_counter - new_bs_quiesce_counter;
2625
2626 /* Attach only after starting new drained sections, so that recursive
2627 * drain sections coming from @child don't get an extra .drained_begin
2628 * callback. */
2629 if (child->klass->attach) {
2630 child->klass->attach(child);
2631 }
2632 }
2633
2634 /*
2635 * If the old child node was drained but the new one is not, allow
2636 * requests to come in only after the new node has been attached.
2637 */
2638 while (drain_saldo < 0 && child->klass->drained_end) {
2639 bdrv_parent_drained_end_single(child);
2640 drain_saldo++;
2641 }
2642 }
2643
2644 /*
2645 * Updates @child to change its reference to point to @new_bs, including
2646 * checking and applying the necessary permisson updates both to the old node
2647 * and to @new_bs.
2648 *
2649 * NULL is passed as @new_bs for removing the reference before freeing @child.
2650 *
2651 * If @new_bs is not NULL, bdrv_check_perm() must be called beforehand, as this
2652 * function uses bdrv_set_perm() to update the permissions according to the new
2653 * reference that @new_bs gets.
2654 */
2655 static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
2656 {
2657 BlockDriverState *old_bs = child->bs;
2658 uint64_t perm, shared_perm;
2659
2660 bdrv_replace_child_noperm(child, new_bs);
2661
2662 /*
2663 * Start with the new node's permissions. If @new_bs is a (direct
2664 * or indirect) child of @old_bs, we must complete the permission
2665 * update on @new_bs before we loosen the restrictions on @old_bs.
2666 * Otherwise, bdrv_check_perm() on @old_bs would re-initiate
2667 * updating the permissions of @new_bs, and thus not purely loosen
2668 * restrictions.
2669 */
2670 if (new_bs) {
2671 bdrv_get_cumulative_perm(new_bs, &perm, &shared_perm);
2672 bdrv_set_perm(new_bs, perm, shared_perm);
2673 }
2674
2675 if (old_bs) {
2676 /* Update permissions for old node. This is guaranteed to succeed
2677 * because we're just taking a parent away, so we're loosening
2678 * restrictions. */
2679 bool tighten_restrictions;
2680 int ret;
2681
2682 bdrv_get_cumulative_perm(old_bs, &perm, &shared_perm);
2683 ret = bdrv_check_perm(old_bs, NULL, perm, shared_perm, NULL,
2684 &tighten_restrictions, NULL);
2685 assert(tighten_restrictions == false);
2686 if (ret < 0) {
2687 /* We only tried to loosen restrictions, so errors are not fatal */
2688 bdrv_abort_perm_update(old_bs);
2689 } else {
2690 bdrv_set_perm(old_bs, perm, shared_perm);
2691 }
2692
2693 /* When the parent requiring a non-default AioContext is removed, the
2694 * node moves back to the main AioContext */
2695 bdrv_try_set_aio_context(old_bs, qemu_get_aio_context(), NULL);
2696 }
2697 }
2698
2699 /*
2700 * This function steals the reference to child_bs from the caller.
2701 * That reference is later dropped by bdrv_root_unref_child().
2702 *
2703 * On failure NULL is returned, errp is set and the reference to
2704 * child_bs is also dropped.
2705 *
2706 * The caller must hold the AioContext lock @child_bs, but not that of @ctx
2707 * (unless @child_bs is already in @ctx).
2708 */
2709 BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
2710 const char *child_name,
2711 const BdrvChildClass *child_class,
2712 BdrvChildRole child_role,
2713 AioContext *ctx,
2714 uint64_t perm, uint64_t shared_perm,
2715 void *opaque, Error **errp)
2716 {
2717 BdrvChild *child;
2718 Error *local_err = NULL;
2719 int ret;
2720
2721 ret = bdrv_check_update_perm(child_bs, NULL, perm, shared_perm, NULL, NULL,
2722 errp);
2723 if (ret < 0) {
2724 bdrv_abort_perm_update(child_bs);
2725 bdrv_unref(child_bs);
2726 return NULL;
2727 }
2728
2729 child = g_new(BdrvChild, 1);
2730 *child = (BdrvChild) {
2731 .bs = NULL,
2732 .name = g_strdup(child_name),
2733 .klass = child_class,
2734 .role = child_role,
2735 .perm = perm,
2736 .shared_perm = shared_perm,
2737 .opaque = opaque,
2738 };
2739
2740 /* If the AioContexts don't match, first try to move the subtree of
2741 * child_bs into the AioContext of the new parent. If this doesn't work,
2742 * try moving the parent into the AioContext of child_bs instead. */
2743 if (bdrv_get_aio_context(child_bs) != ctx) {
2744 ret = bdrv_try_set_aio_context(child_bs, ctx, &local_err);
2745 if (ret < 0 && child_class->can_set_aio_ctx) {
2746 GSList *ignore = g_slist_prepend(NULL, child);
2747 ctx = bdrv_get_aio_context(child_bs);
2748 if (child_class->can_set_aio_ctx(child, ctx, &ignore, NULL)) {
2749 error_free(local_err);
2750 ret = 0;
2751 g_slist_free(ignore);
2752 ignore = g_slist_prepend(NULL, child);
2753 child_class->set_aio_ctx(child, ctx, &ignore);
2754 }
2755 g_slist_free(ignore);
2756 }
2757 if (ret < 0) {
2758 error_propagate(errp, local_err);
2759 g_free(child);
2760 bdrv_abort_perm_update(child_bs);
2761 bdrv_unref(child_bs);
2762 return NULL;
2763 }
2764 }
2765
2766 /* This performs the matching bdrv_set_perm() for the above check. */
2767 bdrv_replace_child(child, child_bs);
2768
2769 return child;
2770 }
2771
2772 /*
2773 * This function transfers the reference to child_bs from the caller
2774 * to parent_bs. That reference is later dropped by parent_bs on
2775 * bdrv_close() or if someone calls bdrv_unref_child().
2776 *
2777 * On failure NULL is returned, errp is set and the reference to
2778 * child_bs is also dropped.
2779 *
2780 * If @parent_bs and @child_bs are in different AioContexts, the caller must
2781 * hold the AioContext lock for @child_bs, but not for @parent_bs.
2782 */
2783 BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs,
2784 BlockDriverState *child_bs,
2785 const char *child_name,
2786 const BdrvChildClass *child_class,
2787 BdrvChildRole child_role,
2788 Error **errp)
2789 {
2790 BdrvChild *child;
2791 uint64_t perm, shared_perm;
2792
2793 bdrv_get_cumulative_perm(parent_bs, &perm, &shared_perm);
2794
2795 assert(parent_bs->drv);
2796 bdrv_child_perm(parent_bs, child_bs, NULL, child_class, child_role, NULL,
2797 perm, shared_perm, &perm, &shared_perm);
2798
2799 child = bdrv_root_attach_child(child_bs, child_name, child_class,
2800 child_role, bdrv_get_aio_context(parent_bs),
2801 perm, shared_perm, parent_bs, errp);
2802 if (child == NULL) {
2803 return NULL;
2804 }
2805
2806 QLIST_INSERT_HEAD(&parent_bs->children, child, next);
2807 return child;
2808 }
2809
2810 static void bdrv_detach_child(BdrvChild *child)
2811 {
2812 QLIST_SAFE_REMOVE(child, next);
2813
2814 bdrv_replace_child(child, NULL);
2815
2816 g_free(child->name);
2817 g_free(child);
2818 }
2819
2820 void bdrv_root_unref_child(BdrvChild *child)
2821 {
2822 BlockDriverState *child_bs;
2823
2824 child_bs = child->bs;
2825 bdrv_detach_child(child);
2826 bdrv_unref(child_bs);
2827 }
2828
2829 /**
2830 * Clear all inherits_from pointers from children and grandchildren of
2831 * @root that point to @root, where necessary.
2832 */
2833 static void bdrv_unset_inherits_from(BlockDriverState *root, BdrvChild *child)
2834 {
2835 BdrvChild *c;
2836
2837 if (child->bs->inherits_from == root) {
2838 /*
2839 * Remove inherits_from only when the last reference between root and
2840 * child->bs goes away.
2841 */
2842 QLIST_FOREACH(c, &root->children, next) {
2843 if (c != child && c->bs == child->bs) {
2844 break;
2845 }
2846 }
2847 if (c == NULL) {
2848 child->bs->inherits_from = NULL;
2849 }
2850 }
2851
2852 QLIST_FOREACH(c, &child->bs->children, next) {
2853 bdrv_unset_inherits_from(root, c);
2854 }
2855 }
2856
2857 void bdrv_unref_child(BlockDriverState *parent, BdrvChild *child)
2858 {
2859 if (child == NULL) {
2860 return;
2861 }
2862
2863 bdrv_unset_inherits_from(parent, child);
2864 bdrv_root_unref_child(child);
2865 }
2866
2867
2868 static void bdrv_parent_cb_change_media(BlockDriverState *bs, bool load)
2869 {
2870 BdrvChild *c;
2871 QLIST_FOREACH(c, &bs->parents, next_parent) {
2872 if (c->klass->change_media) {
2873 c->klass->change_media(c, load);
2874 }
2875 }
2876 }
2877
2878 /* Return true if you can reach parent going through child->inherits_from
2879 * recursively. If parent or child are NULL, return false */
2880 static bool bdrv_inherits_from_recursive(BlockDriverState *child,
2881 BlockDriverState *parent)
2882 {
2883 while (child && child != parent) {
2884 child = child->inherits_from;
2885 }
2886
2887 return child != NULL;
2888 }
2889
2890 /*
2891 * Return the BdrvChildRole for @bs's backing child. bs->backing is
2892 * mostly used for COW backing children (role = COW), but also for
2893 * filtered children (role = FILTERED | PRIMARY).
2894 */
2895 static BdrvChildRole bdrv_backing_role(BlockDriverState *bs)
2896 {
2897 if (bs->drv && bs->drv->is_filter) {
2898 return BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY;
2899 } else {
2900 return BDRV_CHILD_COW;
2901 }
2902 }
2903
2904 /*
2905 * Sets the backing file link of a BDS. A new reference is created; callers
2906 * which don't need their own reference any more must call bdrv_unref().
2907 */
2908 void bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd,
2909 Error **errp)
2910 {
2911 bool update_inherits_from = bdrv_chain_contains(bs, backing_hd) &&
2912 bdrv_inherits_from_recursive(backing_hd, bs);
2913
2914 if (bdrv_is_backing_chain_frozen(bs, backing_bs(bs), errp)) {
2915 return;
2916 }
2917
2918 if (backing_hd) {
2919 bdrv_ref(backing_hd);
2920 }
2921
2922 if (bs->backing) {
2923 bdrv_unref_child(bs, bs->backing);
2924 bs->backing = NULL;
2925 }
2926
2927 if (!backing_hd) {
2928 goto out;
2929 }
2930
2931 bs->backing = bdrv_attach_child(bs, backing_hd, "backing", &child_of_bds,
2932 bdrv_backing_role(bs), errp);
2933 /* If backing_hd was already part of bs's backing chain, and
2934 * inherits_from pointed recursively to bs then let's update it to
2935 * point directly to bs (else it will become NULL). */
2936 if (bs->backing && update_inherits_from) {
2937 backing_hd->inherits_from = bs;
2938 }
2939
2940 out:
2941 bdrv_refresh_limits(bs, NULL);
2942 }
2943
2944 /*
2945 * Opens the backing file for a BlockDriverState if not yet open
2946 *
2947 * bdref_key specifies the key for the image's BlockdevRef in the options QDict.
2948 * That QDict has to be flattened; therefore, if the BlockdevRef is a QDict
2949 * itself, all options starting with "${bdref_key}." are considered part of the
2950 * BlockdevRef.
2951 *
2952 * TODO Can this be unified with bdrv_open_image()?
2953 */
2954 int bdrv_open_backing_file(BlockDriverState *bs, QDict *parent_options,
2955 const char *bdref_key, Error **errp)
2956 {
2957 char *backing_filename = NULL;
2958 char *bdref_key_dot;
2959 const char *reference = NULL;
2960 int ret = 0;
2961 bool implicit_backing = false;
2962 BlockDriverState *backing_hd;
2963 QDict *options;
2964 QDict *tmp_parent_options = NULL;
2965 Error *local_err = NULL;
2966
2967 if (bs->backing != NULL) {
2968 goto free_exit;
2969 }
2970
2971 /* NULL means an empty set of options */
2972 if (parent_options == NULL) {
2973 tmp_parent_options = qdict_new();
2974 parent_options = tmp_parent_options;
2975 }
2976
2977 bs->open_flags &= ~BDRV_O_NO_BACKING;
2978
2979 bdref_key_dot = g_strdup_printf("%s.", bdref_key);
2980 qdict_extract_subqdict(parent_options, &options, bdref_key_dot);
2981 g_free(bdref_key_dot);
2982
2983 /*
2984 * Caution: while qdict_get_try_str() is fine, getting non-string
2985 * types would require more care. When @parent_options come from
2986 * -blockdev or blockdev_add, its members are typed according to
2987 * the QAPI schema, but when they come from -drive, they're all
2988 * QString.
2989 */
2990 reference = qdict_get_try_str(parent_options, bdref_key);
2991 if (reference || qdict_haskey(options, "file.filename")) {
2992 /* keep backing_filename NULL */
2993 } else if (bs->backing_file[0] == '\0' && qdict_size(options) == 0) {
2994 qobject_unref(options);
2995 goto free_exit;
2996 } else {
2997 if (qdict_size(options) == 0) {
2998 /* If the user specifies options that do not modify the
2999 * backing file's behavior, we might still consider it the
3000 * implicit backing file. But it's easier this way, and
3001 * just specifying some of the backing BDS's options is
3002 * only possible with -drive anyway (otherwise the QAPI
3003 * schema forces the user to specify everything). */
3004 implicit_backing = !strcmp(bs->auto_backing_file, bs->backing_file);
3005 }
3006
3007 backing_filename = bdrv_get_full_backing_filename(bs, &local_err);
3008 if (local_err) {
3009 ret = -EINVAL;
3010 error_propagate(errp, local_err);
3011 qobject_unref(options);
3012 goto free_exit;
3013 }
3014 }
3015
3016 if (!bs->drv || !bs->drv->supports_backing) {
3017 ret = -EINVAL;
3018 error_setg(errp, "Driver doesn't support backing files");
3019 qobject_unref(options);
3020 goto free_exit;
3021 }
3022
3023 if (!reference &&
3024 bs->backing_format[0] != '\0' && !qdict_haskey(options, "driver")) {
3025 qdict_put_str(options, "driver", bs->backing_format);
3026 }
3027
3028 backing_hd = bdrv_open_inherit(backing_filename, reference, options, 0, bs,
3029 &child_of_bds, bdrv_backing_role(bs), errp);
3030 if (!backing_hd) {
3031 bs->open_flags |= BDRV_O_NO_BACKING;
3032 error_prepend(errp, "Could not open backing file: ");
3033 ret = -EINVAL;
3034 goto free_exit;
3035 }
3036
3037 if (implicit_backing) {
3038 bdrv_refresh_filename(backing_hd);
3039 pstrcpy(bs->auto_backing_file, sizeof(bs->auto_backing_file),
3040 backing_hd->filename);
3041 }
3042
3043 /* Hook up the backing file link; drop our reference, bs owns the
3044 * backing_hd reference now */
3045 bdrv_set_backing_hd(bs, backing_hd, &local_err);
3046 bdrv_unref(backing_hd);
3047 if (local_err) {
3048 error_propagate(errp, local_err);
3049 ret = -EINVAL;
3050 goto free_exit;
3051 }
3052
3053 qdict_del(parent_options, bdref_key);
3054
3055 free_exit:
3056 g_free(backing_filename);
3057 qobject_unref(tmp_parent_options);
3058 return ret;
3059 }
3060
3061 static BlockDriverState *
3062 bdrv_open_child_bs(const char *filename, QDict *options, const char *bdref_key,
3063 BlockDriverState *parent, const BdrvChildClass *child_class,
3064 BdrvChildRole child_role, bool allow_none, Error **errp)
3065 {
3066 BlockDriverState *bs = NULL;
3067 QDict *image_options;
3068 char *bdref_key_dot;
3069 const char *reference;
3070
3071 assert(child_class != NULL);
3072
3073 bdref_key_dot = g_strdup_printf("%s.", bdref_key);
3074 qdict_extract_subqdict(options, &image_options, bdref_key_dot);
3075 g_free(bdref_key_dot);
3076
3077 /*
3078 * Caution: while qdict_get_try_str() is fine, getting non-string
3079 * types would require more care. When @options come from
3080 * -blockdev or blockdev_add, its members are typed according to
3081 * the QAPI schema, but when they come from -drive, they're all
3082 * QString.
3083 */
3084 reference = qdict_get_try_str(options, bdref_key);
3085 if (!filename && !reference && !qdict_size(image_options)) {
3086 if (!allow_none) {
3087 error_setg(errp, "A block device must be specified for \"%s\"",
3088 bdref_key);
3089 }
3090 qobject_unref(image_options);
3091 goto done;
3092 }
3093
3094 bs = bdrv_open_inherit(filename, reference, image_options, 0,
3095 parent, child_class, child_role, errp);
3096 if (!bs) {
3097 goto done;
3098 }
3099
3100 done:
3101 qdict_del(options, bdref_key);
3102 return bs;
3103 }
3104
3105 /*
3106 * Opens a disk image whose options are given as BlockdevRef in another block
3107 * device's options.
3108 *
3109 * If allow_none is true, no image will be opened if filename is false and no
3110 * BlockdevRef is given. NULL will be returned, but errp remains unset.
3111 *
3112 * bdrev_key specifies the key for the image's BlockdevRef in the options QDict.
3113 * That QDict has to be flattened; therefore, if the BlockdevRef is a QDict
3114 * itself, all options starting with "${bdref_key}." are considered part of the
3115 * BlockdevRef.
3116 *
3117 * The BlockdevRef will be removed from the options QDict.
3118 */
3119 BdrvChild *bdrv_open_child(const char *filename,
3120 QDict *options, const char *bdref_key,
3121 BlockDriverState *parent,
3122 const BdrvChildClass *child_class,
3123 BdrvChildRole child_role,
3124 bool allow_none, Error **errp)
3125 {
3126 BlockDriverState *bs;
3127
3128 bs = bdrv_open_child_bs(filename, options, bdref_key, parent, child_class,
3129 child_role, allow_none, errp);
3130 if (bs == NULL) {
3131 return NULL;
3132 }
3133
3134 return bdrv_attach_child(parent, bs, bdref_key, child_class, child_role,
3135 errp);
3136 }
3137
3138 /*
3139 * TODO Future callers may need to specify parent/child_class in order for
3140 * option inheritance to work. Existing callers use it for the root node.
3141 */
3142 BlockDriverState *bdrv_open_blockdev_ref(BlockdevRef *ref, Error **errp)
3143 {
3144 BlockDriverState *bs = NULL;
3145 QObject *obj = NULL;
3146 QDict *qdict = NULL;
3147 const char *reference = NULL;
3148 Visitor *v = NULL;
3149
3150 if (ref->type == QTYPE_QSTRING) {
3151 reference = ref->u.reference;
3152 } else {
3153 BlockdevOptions *options = &ref->u.definition;
3154 assert(ref->type == QTYPE_QDICT);
3155
3156 v = qobject_output_visitor_new(&obj);
3157 visit_type_BlockdevOptions(v, NULL, &options, &error_abort);
3158 visit_complete(v, &obj);
3159
3160 qdict = qobject_to(QDict, obj);
3161 qdict_flatten(qdict);
3162
3163 /* bdrv_open_inherit() defaults to the values in bdrv_flags (for
3164 * compatibility with other callers) rather than what we want as the
3165 * real defaults. Apply the defaults here instead. */
3166 qdict_set_default_str(qdict, BDRV_OPT_CACHE_DIRECT, "off");
3167 qdict_set_default_str(qdict, BDRV_OPT_CACHE_NO_FLUSH, "off");
3168 qdict_set_default_str(qdict, BDRV_OPT_READ_ONLY, "off");
3169 qdict_set_default_str(qdict, BDRV_OPT_AUTO_READ_ONLY, "off");
3170
3171 }
3172
3173 bs = bdrv_open_inherit(NULL, reference, qdict, 0, NULL, NULL, 0, errp);
3174 obj = NULL;
3175 qobject_unref(obj);
3176 visit_free(v);
3177 return bs;
3178 }
3179
3180 static BlockDriverState *bdrv_append_temp_snapshot(BlockDriverState *bs,
3181 int flags,
3182 QDict *snapshot_options,
3183 Error **errp)
3184 {
3185 /* TODO: extra byte is a hack to ensure MAX_PATH space on Windows. */
3186 char *tmp_filename = g_malloc0(PATH_MAX + 1);
3187 int64_t total_size;
3188 QemuOpts *opts = NULL;
3189 BlockDriverState *bs_snapshot = NULL;
3190 Error *local_err = NULL;
3191 int ret;
3192
3193 /* if snapshot, we create a temporary backing file and open it
3194 instead of opening 'filename' directly */
3195
3196 /* Get the required size from the image */
3197 total_size = bdrv_getlength(bs);
3198 if (total_size < 0) {
3199 error_setg_errno(errp, -total_size, "Could not get image size");
3200 goto out;
3201 }
3202
3203 /* Create the temporary image */
3204 ret = get_tmp_filename(tmp_filename, PATH_MAX + 1);
3205 if (ret < 0) {
3206 error_setg_errno(errp, -ret, "Could not get temporary filename");
3207 goto out;
3208 }
3209
3210 opts = qemu_opts_create(bdrv_qcow2.create_opts, NULL, 0,
3211 &error_abort);
3212 qemu_opt_set_number(opts, BLOCK_OPT_SIZE, total_size, &error_abort);
3213 ret = bdrv_create(&bdrv_qcow2, tmp_filename, opts, errp);
3214 qemu_opts_del(opts);
3215 if (ret < 0) {
3216 error_prepend(errp, "Could not create temporary overlay '%s': ",
3217 tmp_filename);
3218 goto out;
3219 }
3220
3221 /* Prepare options QDict for the temporary file */
3222 qdict_put_str(snapshot_options, "file.driver", "file");
3223 qdict_put_str(snapshot_options, "file.filename", tmp_filename);
3224 qdict_put_str(snapshot_options, "driver", "qcow2");
3225
3226 bs_snapshot = bdrv_open(NULL, NULL, snapshot_options, flags, errp);
3227 snapshot_options = NULL;
3228 if (!bs_snapshot) {
3229 goto out;
3230 }
3231
3232 /* bdrv_append() consumes a strong reference to bs_snapshot
3233 * (i.e. it will call bdrv_unref() on it) even on error, so in
3234 * order to be able to return one, we have to increase
3235 * bs_snapshot's refcount here */
3236 bdrv_ref(bs_snapshot);
3237 bdrv_append(bs_snapshot, bs, &local_err);
3238 if (local_err) {
3239 error_propagate(errp, local_err);
3240 bs_snapshot = NULL;
3241 goto out;
3242 }
3243
3244 out:
3245 qobject_unref(snapshot_options);
3246 g_free(tmp_filename);
3247 return bs_snapshot;
3248 }
3249
3250 /*
3251 * Opens a disk image (raw, qcow2, vmdk, ...)
3252 *
3253 * options is a QDict of options to pass to the block drivers, or NULL for an
3254 * empty set of options. The reference to the QDict belongs to the block layer
3255 * after the call (even on failure), so if the caller intends to reuse the
3256 * dictionary, it needs to use qobject_ref() before calling bdrv_open.
3257 *
3258 * If *pbs is NULL, a new BDS will be created with a pointer to it stored there.
3259 * If it is not NULL, the referenced BDS will be reused.
3260 *
3261 * The reference parameter may be used to specify an existing block device which
3262 * should be opened. If specified, neither options nor a filename may be given,
3263 * nor can an existing BDS be reused (that is, *pbs has to be NULL).
3264 */
3265 static BlockDriverState *bdrv_open_inherit(const char *filename,
3266 const char *reference,
3267 QDict *options, int flags,
3268 BlockDriverState *parent,
3269 const BdrvChildClass *child_class,
3270 BdrvChildRole child_role,
3271 Error **errp)
3272 {
3273 int ret;
3274 BlockBackend *file = NULL;
3275 BlockDriverState *bs;
3276 BlockDriver *drv = NULL;
3277 BdrvChild *child;
3278 const char *drvname;
3279 const char *backing;
3280 Error *local_err = NULL;
3281 QDict *snapshot_options = NULL;
3282 int snapshot_flags = 0;
3283
3284 assert(!child_class || !flags);
3285 assert(!child_class == !parent);
3286
3287 if (reference) {
3288 bool options_non_empty = options ? qdict_size(options) : false;
3289 qobject_unref(options);
3290
3291 if (filename || options_non_empty) {
3292 error_setg(errp, "Cannot reference an existing block device with "
3293 "additional options or a new filename");
3294 return NULL;
3295 }
3296
3297 bs = bdrv_lookup_bs(reference, reference, errp);
3298 if (!bs) {
3299 return NULL;
3300 }
3301
3302 bdrv_ref(bs);
3303 return bs;
3304 }
3305
3306 bs = bdrv_new();
3307
3308 /* NULL means an empty set of options */
3309 if (options == NULL) {
3310 options = qdict_new();
3311 }
3312
3313 /* json: syntax counts as explicit options, as if in the QDict */
3314 parse_json_protocol(options, &filename, &local_err);
3315 if (local_err) {
3316 goto fail;
3317 }
3318
3319 bs->explicit_options = qdict_clone_shallow(options);
3320
3321 if (child_class) {
3322 bool parent_is_format;
3323
3324 if (parent->drv) {
3325 parent_is_format = parent->drv->is_format;
3326 } else {
3327 /*
3328 * parent->drv is not set yet because this node is opened for
3329 * (potential) format probing. That means that @parent is going
3330 * to be a format node.
3331 */
3332 parent_is_format = true;
3333 }
3334
3335 bs->inherits_from = parent;
3336 child_class->inherit_options(child_role, parent_is_format,
3337 &flags, options,
3338 parent->open_flags, parent->options);
3339 }
3340
3341 ret = bdrv_fill_options(&options, filename, &flags, &local_err);
3342 if (ret < 0) {
3343 goto fail;
3344 }
3345
3346 /*
3347 * Set the BDRV_O_RDWR and BDRV_O_ALLOW_RDWR flags.
3348 * Caution: getting a boolean member of @options requires care.
3349 * When @options come from -blockdev or blockdev_add, members are
3350 * typed according to the QAPI schema, but when they come from
3351 * -drive, they're all QString.
3352 */
3353 if (g_strcmp0(qdict_get_try_str(options, BDRV_OPT_READ_ONLY), "on") &&
3354 !qdict_get_try_bool(options, BDRV_OPT_READ_ONLY, false)) {
3355 flags |= (BDRV_O_RDWR | BDRV_O_ALLOW_RDWR);
3356 } else {
3357 flags &= ~BDRV_O_RDWR;
3358 }
3359
3360 if (flags & BDRV_O_SNAPSHOT) {
3361 snapshot_options = qdict_new();
3362 bdrv_temp_snapshot_options(&snapshot_flags, snapshot_options,
3363 flags, options);
3364 /* Let bdrv_backing_options() override "read-only" */
3365 qdict_del(options, BDRV_OPT_READ_ONLY);
3366 bdrv_inherited_options(BDRV_CHILD_COW, true,
3367 &flags, options, flags, options);
3368 }
3369
3370 bs->open_flags = flags;
3371 bs->options = options;
3372 options = qdict_clone_shallow(options);
3373
3374 /* Find the right image format driver */
3375 /* See cautionary note on accessing @options above */
3376 drvname = qdict_get_try_str(options, "driver");
3377 if (drvname) {
3378 drv = bdrv_find_format(drvname);
3379 if (!drv) {
3380 error_setg(errp, "Unknown driver: '%s'", drvname);
3381 goto fail;
3382 }
3383 }
3384
3385 assert(drvname || !(flags & BDRV_O_PROTOCOL));
3386
3387 /* See cautionary note on accessing @options above */
3388 backing = qdict_get_try_str(options, "backing");
3389 if (qobject_to(QNull, qdict_get(options, "backing")) != NULL ||
3390 (backing && *backing == '\0'))
3391 {
3392 if (backing) {
3393 warn_report("Use of \"backing\": \"\" is deprecated; "
3394 "use \"backing\": null instead");
3395 }
3396 flags |= BDRV_O_NO_BACKING;
3397 qdict_del(bs->explicit_options, "backing");
3398 qdict_del(bs->options, "backing");
3399 qdict_del(options, "backing");
3400 }
3401
3402 /* Open image file without format layer. This BlockBackend is only used for
3403 * probing, the block drivers will do their own bdrv_open_child() for the
3404 * same BDS, which is why we put the node name back into options. */
3405 if ((flags & BDRV_O_PROTOCOL) == 0) {
3406 BlockDriverState *file_bs;
3407
3408 file_bs = bdrv_open_child_bs(filename, options, "file", bs,
3409 &child_of_bds, BDRV_CHILD_IMAGE,
3410 true, &local_err);
3411 if (local_err) {
3412 goto fail;
3413 }
3414 if (file_bs != NULL) {
3415 /* Not requesting BLK_PERM_CONSISTENT_READ because we're only
3416 * looking at the header to guess the image format. This works even
3417 * in cases where a guest would not see a consistent state. */
3418 file = blk_new(bdrv_get_aio_context(file_bs), 0, BLK_PERM_ALL);
3419 blk_insert_bs(file, file_bs, &local_err);
3420 bdrv_unref(file_bs);
3421 if (local_err) {
3422 goto fail;
3423 }
3424
3425 qdict_put_str(options, "file", bdrv_get_node_name(file_bs));
3426 }
3427 }
3428
3429 /* Image format probing */
3430 bs->probed = !drv;
3431 if (!drv && file) {
3432 ret = find_image_format(file, filename, &drv, &local_err);
3433 if (ret < 0) {
3434 goto fail;
3435 }
3436 /*
3437 * This option update would logically belong in bdrv_fill_options(),
3438 * but we first need to open bs->file for the probing to work, while
3439 * opening bs->file already requires the (mostly) final set of options
3440 * so that cache mode etc. can be inherited.
3441 *
3442 * Adding the driver later is somewhat ugly, but it's not an option
3443 * that would ever be inherited, so it's correct. We just need to make
3444 * sure to update both bs->options (which has the full effective
3445 * options for bs) and options (which has file.* already removed).
3446 */
3447 qdict_put_str(bs->options, "driver", drv->format_name);
3448 qdict_put_str(options, "driver", drv->format_name);
3449 } else if (!drv) {
3450 error_setg(errp, "Must specify either driver or file");
3451 goto fail;
3452 }
3453
3454 /* BDRV_O_PROTOCOL must be set iff a protocol BDS is about to be created */
3455 assert(!!(flags & BDRV_O_PROTOCOL) == !!drv->bdrv_file_open);
3456 /* file must be NULL if a protocol BDS is about to be created
3457 * (the inverse results in an error message from bdrv_open_common()) */
3458 assert(!(flags & BDRV_O_PROTOCOL) || !file);
3459
3460 /* Open the image */
3461 ret = bdrv_open_common(bs, file, options, &local_err);
3462 if (ret < 0) {
3463 goto fail;
3464 }
3465
3466 if (file) {
3467 blk_unref(file);
3468 file = NULL;
3469 }
3470
3471 /* If there is a backing file, use it */
3472 if ((flags & BDRV_O_NO_BACKING) == 0) {
3473 ret = bdrv_open_backing_file(bs, options, "backing", &local_err);
3474 if (ret < 0) {
3475 goto close_and_fail;
3476 }
3477 }
3478
3479 /* Remove all children options and references
3480 * from bs->options and bs->explicit_options */
3481 QLIST_FOREACH(child, &bs->children, next) {
3482 char *child_key_dot;
3483 child_key_dot = g_strdup_printf("%s.", child->name);
3484 qdict_extract_subqdict(bs->explicit_options, NULL, child_key_dot);
3485 qdict_extract_subqdict(bs->options, NULL, child_key_dot);
3486 qdict_del(bs->explicit_options, child->name);
3487 qdict_del(bs->options, child->name);
3488 g_free(child_key_dot);
3489 }
3490
3491 /* Check if any unknown options were used */
3492 if (qdict_size(options) != 0) {
3493 const QDictEntry *entry = qdict_first(options);
3494 if (flags & BDRV_O_PROTOCOL) {
3495 error_setg(errp, "Block protocol '%s' doesn't support the option "
3496 "'%s'", drv->format_name, entry->key);
3497 } else {
3498 error_setg(errp,
3499 "Block format '%s' does not support the option '%s'",
3500 drv->format_name, entry->key);
3501 }
3502
3503 goto close_and_fail;
3504 }
3505
3506 bdrv_parent_cb_change_media(bs, true);
3507
3508 qobject_unref(options);
3509 options = NULL;
3510
3511 /* For snapshot=on, create a temporary qcow2 overlay. bs points to the
3512 * temporary snapshot afterwards. */
3513 if (snapshot_flags) {
3514 BlockDriverState *snapshot_bs;
3515 snapshot_bs = bdrv_append_temp_snapshot(bs, snapshot_flags,
3516 snapshot_options, &local_err);
3517 snapshot_options = NULL;
3518 if (local_err) {
3519 goto close_and_fail;
3520 }
3521 /* We are not going to return bs but the overlay on top of it
3522 * (snapshot_bs); thus, we have to drop the strong reference to bs
3523 * (which we obtained by calling bdrv_new()). bs will not be deleted,
3524 * though, because the overlay still has a reference to it. */
3525 bdrv_unref(bs);
3526 bs = snapshot_bs;
3527 }
3528
3529 return bs;
3530
3531 fail:
3532 blk_unref(file);
3533 qobject_unref(snapshot_options);
3534 qobject_unref(bs->explicit_options);
3535 qobject_unref(bs->options);
3536 qobject_unref(options);
3537 bs->options = NULL;
3538 bs->explicit_options = NULL;
3539 bdrv_unref(bs);
3540 error_propagate(errp, local_err);
3541 return NULL;
3542
3543 close_and_fail:
3544 bdrv_unref(bs);
3545 qobject_unref(snapshot_options);
3546 qobject_unref(options);
3547 error_propagate(errp, local_err);
3548 return NULL;
3549 }
3550
3551 BlockDriverState *bdrv_open(const char *filename, const char *reference,
3552 QDict *options, int flags, Error **errp)
3553 {
3554 return bdrv_open_inherit(filename, reference, options, flags, NULL,
3555 NULL, 0, errp);
3556 }
3557
3558 /* Return true if the NULL-terminated @list contains @str */
3559 static bool is_str_in_list(const char *str, const char *const *list)
3560 {
3561 if (str && list) {
3562 int i;
3563 for (i = 0; list[i] != NULL; i++) {
3564 if (!strcmp(str, list[i])) {
3565 return true;
3566 }
3567 }
3568 }
3569 return false;
3570 }
3571
3572 /*
3573 * Check that every option set in @bs->options is also set in
3574 * @new_opts.
3575 *
3576 * Options listed in the common_options list and in
3577 * @bs->drv->mutable_opts are skipped.
3578 *
3579 * Return 0 on success, otherwise return -EINVAL and set @errp.
3580 */
3581 static int bdrv_reset_options_allowed(BlockDriverState *bs,
3582 const QDict *new_opts, Error **errp)
3583 {
3584 const QDictEntry *e;
3585 /* These options are common to all block drivers and are handled
3586 * in bdrv_reopen_prepare() so they can be left out of @new_opts */
3587 const char *const common_options[] = {
3588 "node-name", "discard", "cache.direct", "cache.no-flush",
3589 "read-only", "auto-read-only", "detect-zeroes", NULL
3590 };
3591
3592 for (e = qdict_first(bs->options); e; e = qdict_next(bs->options, e)) {
3593 if (!qdict_haskey(new_opts, e->key) &&
3594 !is_str_in_list(e->key, common_options) &&
3595 !is_str_in_list(e->key, bs->drv->mutable_opts)) {
3596 error_setg(errp, "Option '%s' cannot be reset "
3597 "to its default value", e->key);
3598 return -EINVAL;
3599 }
3600 }
3601
3602 return 0;
3603 }
3604
3605 /*
3606 * Returns true if @child can be reached recursively from @bs
3607 */
3608 static bool bdrv_recurse_has_child(BlockDriverState *bs,
3609 BlockDriverState *child)
3610 {
3611 BdrvChild *c;
3612
3613 if (bs == child) {
3614 return true;
3615 }
3616
3617 QLIST_FOREACH(c, &bs->children, next) {
3618 if (bdrv_recurse_has_child(c->bs, child)) {
3619 return true;
3620 }
3621 }
3622
3623 return false;
3624 }
3625
3626 /*
3627 * Adds a BlockDriverState to a simple queue for an atomic, transactional
3628 * reopen of multiple devices.
3629 *
3630 * bs_queue can either be an existing BlockReopenQueue that has had QTAILQ_INIT
3631 * already performed, or alternatively may be NULL a new BlockReopenQueue will
3632 * be created and initialized. This newly created BlockReopenQueue should be
3633 * passed back in for subsequent calls that are intended to be of the same
3634 * atomic 'set'.
3635 *
3636 * bs is the BlockDriverState to add to the reopen queue.
3637 *
3638 * options contains the changed options for the associated bs
3639 * (the BlockReopenQueue takes ownership)
3640 *
3641 * flags contains the open flags for the associated bs
3642 *
3643 * returns a pointer to bs_queue, which is either the newly allocated
3644 * bs_queue, or the existing bs_queue being used.
3645 *
3646 * bs must be drained between bdrv_reopen_queue() and bdrv_reopen_multiple().
3647 */
3648 static BlockReopenQueue *bdrv_reopen_queue_child(BlockReopenQueue *bs_queue,
3649 BlockDriverState *bs,
3650 QDict *options,
3651 const BdrvChildClass *klass,
3652 BdrvChildRole role,
3653 bool parent_is_format,
3654 QDict *parent_options,
3655 int parent_flags,
3656 bool keep_old_opts)
3657 {
3658 assert(bs != NULL);
3659
3660 BlockReopenQueueEntry *bs_entry;
3661 BdrvChild *child;
3662 QDict *old_options, *explicit_options, *options_copy;
3663 int flags;
3664 QemuOpts *opts;
3665
3666 /* Make sure that the caller remembered to use a drained section. This is
3667 * important to avoid graph changes between the recursive queuing here and
3668 * bdrv_reopen_multiple(). */
3669 assert(bs->quiesce_counter > 0);
3670
3671 if (bs_queue == NULL) {
3672 bs_queue = g_new0(BlockReopenQueue, 1);
3673 QTAILQ_INIT(bs_queue);
3674 }
3675
3676 if (!options) {
3677 options = qdict_new();
3678 }
3679
3680 /* Check if this BlockDriverState is already in the queue */
3681 QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
3682 if (bs == bs_entry->state.bs) {
3683 break;
3684 }
3685 }
3686
3687 /*
3688 * Precedence of options:
3689 * 1. Explicitly passed in options (highest)
3690 * 2. Retained from explicitly set options of bs
3691 * 3. Inherited from parent node
3692 * 4. Retained from effective options of bs
3693 */
3694
3695 /* Old explicitly set values (don't overwrite by inherited value) */
3696 if (bs_entry || keep_old_opts) {
3697 old_options = qdict_clone_shallow(bs_entry ?
3698 bs_entry->state.explicit_options :
3699 bs->explicit_options);
3700 bdrv_join_options(bs, options, old_options);
3701 qobject_unref(old_options);
3702 }
3703
3704 explicit_options = qdict_clone_shallow(options);
3705
3706 /* Inherit from parent node */
3707 if (parent_options) {
3708 flags = 0;
3709 klass->inherit_options(role, parent_is_format, &flags, options,
3710 parent_flags, parent_options);
3711 } else {
3712 flags = bdrv_get_flags(bs);
3713 }
3714
3715 if (keep_old_opts) {
3716 /* Old values are used for options that aren't set yet */
3717 old_options = qdict_clone_shallow(bs->options);
3718 bdrv_join_options(bs, options, old_options);
3719 qobject_unref(old_options);
3720 }
3721
3722 /* We have the final set of options so let's update the flags */
3723 options_copy = qdict_clone_shallow(options);
3724 opts = qemu_opts_create(&bdrv_runtime_opts, NULL, 0, &error_abort);
3725 qemu_opts_absorb_qdict(opts, options_copy, NULL);
3726 update_flags_from_options(&flags, opts);
3727 qemu_opts_del(opts);
3728 qobject_unref(options_copy);
3729
3730 /* bdrv_open_inherit() sets and clears some additional flags internally */
3731 flags &= ~BDRV_O_PROTOCOL;
3732 if (flags & BDRV_O_RDWR) {
3733 flags |= BDRV_O_ALLOW_RDWR;
3734 }
3735
3736 if (!bs_entry) {
3737 bs_entry = g_new0(BlockReopenQueueEntry, 1);
3738 QTAILQ_INSERT_TAIL(bs_queue, bs_entry, entry);
3739 } else {
3740 qobject_unref(bs_entry->state.options);
3741 qobject_unref(bs_entry->state.explicit_options);
3742 }
3743
3744 bs_entry->state.bs = bs;
3745 bs_entry->state.options = options;
3746 bs_entry->state.explicit_options = explicit_options;
3747 bs_entry->state.flags = flags;
3748
3749 /* This needs to be overwritten in bdrv_reopen_prepare() */
3750 bs_entry->state.perm = UINT64_MAX;
3751 bs_entry->state.shared_perm = 0;
3752
3753 /*
3754 * If keep_old_opts is false then it means that unspecified
3755 * options must be reset to their original value. We don't allow
3756 * resetting 'backing' but we need to know if the option is
3757 * missing in order to decide if we have to return an error.
3758 */
3759 if (!keep_old_opts) {
3760 bs_entry->state.backing_missing =
3761 !qdict_haskey(options, "backing") &&
3762 !qdict_haskey(options, "backing.driver");
3763 }
3764
3765 QLIST_FOREACH(child, &bs->children, next) {
3766 QDict *new_child_options = NULL;
3767 bool child_keep_old = keep_old_opts;
3768
3769 /* reopen can only change the options of block devices that were
3770 * implicitly created and inherited options. For other (referenced)
3771 * block devices, a syntax like "backing.foo" results in an error. */
3772 if (child->bs->inherits_from != bs) {
3773 continue;
3774 }
3775
3776 /* Check if the options contain a child reference */
3777 if (qdict_haskey(options, child->name)) {
3778 const char *childref = qdict_get_try_str(options, child->name);
3779 /*
3780 * The current child must not be reopened if the child
3781 * reference is null or points to a different node.
3782 */
3783 if (g_strcmp0(childref, child->bs->node_name)) {
3784 continue;
3785 }
3786 /*
3787 * If the child reference points to the current child then
3788 * reopen it with its existing set of options (note that
3789 * it can still inherit new options from the parent).
3790 */
3791 child_keep_old = true;
3792 } else {
3793 /* Extract child options ("child-name.*") */
3794 char *child_key_dot = g_strdup_printf("%s.", child->name);
3795 qdict_extract_subqdict(explicit_options, NULL, child_key_dot);
3796 qdict_extract_subqdict(options, &new_child_options, child_key_dot);
3797 g_free(child_key_dot);
3798 }
3799
3800 bdrv_reopen_queue_child(bs_queue, child->bs, new_child_options,
3801 child->klass, child->role, bs->drv->is_format,
3802 options, flags, child_keep_old);
3803 }
3804
3805 return bs_queue;
3806 }
3807
3808 BlockReopenQueue *bdrv_reopen_queue(BlockReopenQueue *bs_queue,
3809 BlockDriverState *bs,
3810 QDict *options, bool keep_old_opts)
3811 {
3812 return bdrv_reopen_queue_child(bs_queue, bs, options, NULL, 0, false,
3813 NULL, 0, keep_old_opts);
3814 }
3815
3816 /*
3817 * Reopen multiple BlockDriverStates atomically & transactionally.
3818 *
3819 * The queue passed in (bs_queue) must have been built up previous
3820 * via bdrv_reopen_queue().
3821 *
3822 * Reopens all BDS specified in the queue, with the appropriate
3823 * flags. All devices are prepared for reopen, and failure of any
3824 * device will cause all device changes to be abandoned, and intermediate
3825 * data cleaned up.
3826 *
3827 * If all devices prepare successfully, then the changes are committed
3828 * to all devices.
3829 *
3830 * All affected nodes must be drained between bdrv_reopen_queue() and
3831 * bdrv_reopen_multiple().
3832 */
3833 int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
3834 {
3835 int ret = -1;
3836 BlockReopenQueueEntry *bs_entry, *next;
3837
3838 assert(bs_queue != NULL);
3839
3840 QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
3841 assert(bs_entry->state.bs->quiesce_counter > 0);
3842 if (bdrv_reopen_prepare(&bs_entry->state, bs_queue, errp)) {
3843 goto cleanup;
3844 }
3845 bs_entry->prepared = true;
3846 }
3847
3848 QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
3849 BDRVReopenState *state = &bs_entry->state;
3850 ret = bdrv_check_perm(state->bs, bs_queue, state->perm,
3851 state->shared_perm, NULL, NULL, errp);
3852 if (ret < 0) {
3853 goto cleanup_perm;
3854 }
3855 /* Check if new_backing_bs would accept the new permissions */
3856 if (state->replace_backing_bs && state->new_backing_bs) {
3857 uint64_t nperm, nshared;
3858 bdrv_child_perm(state->bs, state->new_backing_bs,
3859 NULL, &child_of_bds, bdrv_backing_role(state->bs),
3860 bs_queue, state->perm, state->shared_perm,
3861 &nperm, &nshared);
3862 ret = bdrv_check_update_perm(state->new_backing_bs, NULL,
3863 nperm, nshared, NULL, NULL, errp);
3864 if (ret < 0) {
3865 goto cleanup_perm;
3866 }
3867 }
3868 bs_entry->perms_checked = true;
3869 }
3870
3871 /*
3872 * If we reach this point, we have success and just need to apply the
3873 * changes.
3874 *
3875 * Reverse order is used to comfort qcow2 driver: on commit it need to write
3876 * IN_USE flag to the image, to mark bitmaps in the image as invalid. But
3877 * children are usually goes after parents in reopen-queue, so go from last
3878 * to first element.
3879 */
3880 QTAILQ_FOREACH_REVERSE(bs_entry, bs_queue, entry) {
3881 bdrv_reopen_commit(&bs_entry->state);
3882 }
3883
3884 ret = 0;
3885 cleanup_perm:
3886 QTAILQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) {
3887 BDRVReopenState *state = &bs_entry->state;
3888
3889 if (!bs_entry->perms_checked) {
3890 continue;
3891 }
3892
3893 if (ret == 0) {
3894 bdrv_set_perm(state->bs, state->perm, state->shared_perm);
3895 } else {
3896 bdrv_abort_perm_update(state->bs);
3897 if (state->replace_backing_bs && state->new_backing_bs) {
3898 bdrv_abort_perm_update(state->new_backing_bs);
3899 }
3900 }
3901 }
3902
3903 if (ret == 0) {
3904 QTAILQ_FOREACH_REVERSE(bs_entry, bs_queue, entry) {
3905 BlockDriverState *bs = bs_entry->state.bs;
3906
3907 if (bs->drv->bdrv_reopen_commit_post)
3908 bs->drv->bdrv_reopen_commit_post(&bs_entry->state);
3909 }
3910 }
3911 cleanup:
3912 QTAILQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) {
3913 if (ret) {
3914 if (bs_entry->prepared) {
3915 bdrv_reopen_abort(&bs_entry->state);
3916 }
3917 qobject_unref(bs_entry->state.explicit_options);
3918 qobject_unref(bs_entry->state.options);
3919 }
3920 if (bs_entry->state.new_backing_bs) {
3921 bdrv_unref(bs_entry->state.new_backing_bs);
3922 }
3923 g_free(bs_entry);
3924 }
3925 g_free(bs_queue);
3926
3927 return ret;
3928 }
3929
3930 int bdrv_reopen_set_read_only(BlockDriverState *bs, bool read_only,
3931 Error **errp)
3932 {
3933 int ret;
3934 BlockReopenQueue *queue;
3935 QDict *opts = qdict_new();
3936
3937 qdict_put_bool(opts, BDRV_OPT_READ_ONLY, read_only);
3938
3939 bdrv_subtree_drained_begin(bs);
3940 queue = bdrv_reopen_queue(NULL, bs, opts, true);
3941 ret = bdrv_reopen_multiple(queue, errp);
3942 bdrv_subtree_drained_end(bs);
3943
3944 return ret;
3945 }
3946
3947 static BlockReopenQueueEntry *find_parent_in_reopen_queue(BlockReopenQueue *q,
3948 BdrvChild *c)
3949 {
3950 BlockReopenQueueEntry *entry;
3951
3952 QTAILQ_FOREACH(entry, q, entry) {
3953 BlockDriverState *bs = entry->state.bs;
3954 BdrvChild *child;
3955
3956 QLIST_FOREACH(child, &bs->children, next) {
3957 if (child == c) {
3958 return entry;
3959 }
3960 }
3961 }
3962
3963 return NULL;
3964 }
3965
3966 static void bdrv_reopen_perm(BlockReopenQueue *q, BlockDriverState *bs,
3967 uint64_t *perm, uint64_t *shared)
3968 {
3969 BdrvChild *c;
3970 BlockReopenQueueEntry *parent;
3971 uint64_t cumulative_perms = 0;
3972 uint64_t cumulative_shared_perms = BLK_PERM_ALL;
3973
3974 QLIST_FOREACH(c, &bs->parents, next_parent) {
3975 parent = find_parent_in_reopen_queue(q, c);
3976 if (!parent) {
3977 cumulative_perms |= c->perm;
3978 cumulative_shared_perms &= c->shared_perm;
3979 } else {
3980 uint64_t nperm, nshared;
3981
3982 bdrv_child_perm(parent->state.bs, bs, c, c->klass, c->role, q,
3983 parent->state.perm, parent->state.shared_perm,
3984 &nperm, &nshared);
3985
3986 cumulative_perms |= nperm;
3987 cumulative_shared_perms &= nshared;
3988 }
3989 }
3990 *perm = cumulative_perms;
3991 *shared = cumulative_shared_perms;
3992 }
3993
3994 static bool bdrv_reopen_can_attach(BlockDriverState *parent,
3995 BdrvChild *child,
3996 BlockDriverState *new_child,
3997 Error **errp)
3998 {
3999 AioContext *parent_ctx = bdrv_get_aio_context(parent);
4000 AioContext *child_ctx = bdrv_get_aio_context(new_child);
4001 GSList *ignore;
4002 bool ret;
4003
4004 ignore = g_slist_prepend(NULL, child);
4005 ret = bdrv_can_set_aio_context(new_child, parent_ctx, &ignore, NULL);
4006 g_slist_free(ignore);
4007 if (ret) {
4008 return ret;
4009 }
4010
4011 ignore = g_slist_prepend(NULL, child);
4012 ret = bdrv_can_set_aio_context(parent, child_ctx, &ignore, errp);
4013 g_slist_free(ignore);
4014 return ret;
4015 }
4016
4017 /*
4018 * Take a BDRVReopenState and check if the value of 'backing' in the
4019 * reopen_state->options QDict is valid or not.
4020 *
4021 * If 'backing' is missing from the QDict then return 0.
4022 *
4023 * If 'backing' contains the node name of the backing file of
4024 * reopen_state->bs then return 0.
4025 *
4026 * If 'backing' contains a different node name (or is null) then check
4027 * whether the current backing file can be replaced with the new one.
4028 * If that's the case then reopen_state->replace_backing_bs is set to
4029 * true and reopen_state->new_backing_bs contains a pointer to the new
4030 * backing BlockDriverState (or NULL).
4031 *
4032 * Return 0 on success, otherwise return < 0 and set @errp.
4033 */
4034 static int bdrv_reopen_parse_backing(BDRVReopenState *reopen_state,
4035 Error **errp)
4036 {
4037 BlockDriverState *bs = reopen_state->bs;
4038 BlockDriverState *overlay_bs, *new_backing_bs;
4039 QObject *value;
4040 const char *str;
4041
4042 value = qdict_get(reopen_state->options, "backing");
4043 if (value == NULL) {
4044 return 0;
4045 }
4046
4047 switch (qobject_type(value)) {
4048 case QTYPE_QNULL:
4049 new_backing_bs = NULL;
4050 break;
4051 case QTYPE_QSTRING:
4052 str = qobject_get_try_str(value);
4053 new_backing_bs = bdrv_lookup_bs(NULL, str, errp);
4054 if (new_backing_bs == NULL) {
4055 return -EINVAL;
4056 } else if (bdrv_recurse_has_child(new_backing_bs, bs)) {
4057 error_setg(errp, "Making '%s' a backing file of '%s' "
4058 "would create a cycle", str, bs->node_name);
4059 return -EINVAL;
4060 }
4061 break;
4062 default:
4063 /* 'backing' does not allow any other data type */
4064 g_assert_not_reached();
4065 }
4066
4067 /*
4068 * Check AioContext compatibility so that the bdrv_set_backing_hd() call in
4069 * bdrv_reopen_commit() won't fail.
4070 */
4071 if (new_backing_bs) {
4072 if (!bdrv_reopen_can_attach(bs, bs->backing, new_backing_bs, errp)) {
4073 return -EINVAL;
4074 }
4075 }
4076
4077 /*
4078 * Find the "actual" backing file by skipping all links that point
4079 * to an implicit node, if any (e.g. a commit filter node).
4080 */
4081 overlay_bs = bs;
4082 while (backing_bs(overlay_bs) && backing_bs(overlay_bs)->implicit) {
4083 overlay_bs = backing_bs(overlay_bs);
4084 }
4085
4086 /* If we want to replace the backing file we need some extra checks */
4087 if (new_backing_bs != backing_bs(overlay_bs)) {
4088 /* Check for implicit nodes between bs and its backing file */
4089 if (bs != overlay_bs) {
4090 error_setg(errp, "Cannot change backing link if '%s' has "
4091 "an implicit backing file", bs->node_name);
4092 return -EPERM;
4093 }
4094 /* Check if the backing link that we want to replace is frozen */
4095 if (bdrv_is_backing_chain_frozen(overlay_bs, backing_bs(overlay_bs),
4096 errp)) {
4097 return -EPERM;
4098 }
4099 reopen_state->replace_backing_bs = true;
4100 if (new_backing_bs) {
4101 bdrv_ref(new_backing_bs);
4102 reopen_state->new_backing_bs = new_backing_bs;
4103 }
4104 }
4105
4106 return 0;
4107 }
4108
4109 /*
4110 * Prepares a BlockDriverState for reopen. All changes are staged in the
4111 * 'opaque' field of the BDRVReopenState, which is used and allocated by
4112 * the block driver layer .bdrv_reopen_prepare()
4113 *
4114 * bs is the BlockDriverState to reopen
4115 * flags are the new open flags
4116 * queue is the reopen queue
4117 *
4118 * Returns 0 on success, non-zero on error. On error errp will be set
4119 * as well.
4120 *
4121 * On failure, bdrv_reopen_abort() will be called to clean up any data.
4122 * It is the responsibility of the caller to then call the abort() or
4123 * commit() for any other BDS that have been left in a prepare() state
4124 *
4125 */
4126 int bdrv_reopen_prepare(BDRVReopenState *reopen_state, BlockReopenQueue *queue,
4127 Error **errp)
4128 {
4129 int ret = -1;
4130 int old_flags;
4131 Error *local_err = NULL;
4132 BlockDriver *drv;
4133 QemuOpts *opts;
4134 QDict *orig_reopen_opts;
4135 char *discard = NULL;
4136 bool read_only;
4137 bool drv_prepared = false;
4138
4139 assert(reopen_state != NULL);
4140 assert(reopen_state->bs->drv != NULL);
4141 drv = reopen_state->bs->drv;
4142
4143 /* This function and each driver's bdrv_reopen_prepare() remove
4144 * entries from reopen_state->options as they are processed, so
4145 * we need to make a copy of the original QDict. */
4146 orig_reopen_opts = qdict_clone_shallow(reopen_state->options);
4147
4148 /* Process generic block layer options */
4149 opts = qemu_opts_create(&bdrv_runtime_opts, NULL, 0, &error_abort);
4150 qemu_opts_absorb_qdict(opts, reopen_state->options, &local_err);
4151 if (local_err) {
4152 error_propagate(errp, local_err);
4153 ret = -EINVAL;
4154 goto error;
4155 }
4156
4157 /* This was already called in bdrv_reopen_queue_child() so the flags
4158 * are up-to-date. This time we simply want to remove the options from
4159 * QemuOpts in order to indicate that they have been processed. */
4160 old_flags = reopen_state->flags;
4161 update_flags_from_options(&reopen_state->flags, opts);
4162 assert(old_flags == reopen_state->flags);
4163
4164 discard = qemu_opt_get_del(opts, BDRV_OPT_DISCARD);
4165 if (discard != NULL) {
4166 if (bdrv_parse_discard_flags(discard, &reopen_state->flags) != 0) {
4167 error_setg(errp, "Invalid discard option");
4168 ret = -EINVAL;
4169 goto error;
4170 }
4171 }
4172
4173 reopen_state->detect_zeroes =
4174 bdrv_parse_detect_zeroes(opts, reopen_state->flags, &local_err);
4175 if (local_err) {
4176 error_propagate(errp, local_err);
4177 ret = -EINVAL;
4178 goto error;
4179 }
4180
4181 /* All other options (including node-name and driver) must be unchanged.
4182 * Put them back into the QDict, so that they are checked at the end
4183 * of this function. */
4184 qemu_opts_to_qdict(opts, reopen_state->options);
4185
4186 /* If we are to stay read-only, do not allow permission change
4187 * to r/w. Attempting to set to r/w may fail if either BDRV_O_ALLOW_RDWR is
4188 * not set, or if the BDS still has copy_on_read enabled */
4189 read_only = !(reopen_state->flags & BDRV_O_RDWR);
4190 ret = bdrv_can_set_read_only(reopen_state->bs, read_only, true, &local_err);
4191 if (local_err) {
4192 error_propagate(errp, local_err);
4193 goto error;
4194 }
4195
4196 /* Calculate required permissions after reopening */
4197 bdrv_reopen_perm(queue, reopen_state->bs,
4198 &reopen_state->perm, &reopen_state->shared_perm);
4199
4200 ret = bdrv_flush(reopen_state->bs);
4201 if (ret) {
4202 error_setg_errno(errp, -ret, "Error flushing drive");
4203 goto error;
4204 }
4205
4206 if (drv->bdrv_reopen_prepare) {
4207 /*
4208 * If a driver-specific option is missing, it means that we
4209 * should reset it to its default value.
4210 * But not all options allow that, so we need to check it first.
4211 */
4212 ret = bdrv_reset_options_allowed(reopen_state->bs,
4213 reopen_state->options, errp);
4214 if (ret) {
4215 goto error;
4216 }
4217
4218 ret = drv->bdrv_reopen_prepare(reopen_state, queue, &local_err);
4219 if (ret) {
4220 if (local_err != NULL) {
4221 error_propagate(errp, local_err);
4222 } else {
4223 bdrv_refresh_filename(reopen_state->bs);
4224 error_setg(errp, "failed while preparing to reopen image '%s'",
4225 reopen_state->bs->filename);
4226 }
4227 goto error;
4228 }
4229 } else {
4230 /* It is currently mandatory to have a bdrv_reopen_prepare()
4231 * handler for each supported drv. */
4232 error_setg(errp, "Block format '%s' used by node '%s' "
4233 "does not support reopening files", drv->format_name,
4234 bdrv_get_device_or_node_name(reopen_state->bs));
4235 ret = -1;
4236 goto error;
4237 }
4238
4239 drv_prepared = true;
4240
4241 /*
4242 * We must provide the 'backing' option if the BDS has a backing
4243 * file or if the image file has a backing file name as part of
4244 * its metadata. Otherwise the 'backing' option can be omitted.
4245 */
4246 if (drv->supports_backing && reopen_state->backing_missing &&
4247 (backing_bs(reopen_state->bs) || reopen_state->bs->backing_file[0])) {
4248 error_setg(errp, "backing is missing for '%s'",
4249 reopen_state->bs->node_name);
4250 ret = -EINVAL;
4251 goto error;
4252 }
4253
4254 /*
4255 * Allow changing the 'backing' option. The new value can be
4256 * either a reference to an existing node (using its node name)
4257 * or NULL to simply detach the current backing file.
4258 */
4259 ret = bdrv_reopen_parse_backing(reopen_state, errp);
4260 if (ret < 0) {
4261 goto error;
4262 }
4263 qdict_del(reopen_state->options, "backing");
4264
4265 /* Options that are not handled are only okay if they are unchanged
4266 * compared to the old state. It is expected that some options are only
4267 * used for the initial open, but not reopen (e.g. filename) */
4268 if (qdict_size(reopen_state->options)) {
4269 const QDictEntry *entry = qdict_first(reopen_state->options);
4270
4271 do {
4272 QObject *new = entry->value;
4273 QObject *old = qdict_get(reopen_state->bs->options, entry->key);
4274
4275 /* Allow child references (child_name=node_name) as long as they
4276 * point to the current child (i.e. everything stays the same). */
4277 if (qobject_type(new) == QTYPE_QSTRING) {
4278 BdrvChild *child;
4279 QLIST_FOREACH(child, &reopen_state->bs->children, next) {
4280 if (!strcmp(child->name, entry->key)) {
4281 break;
4282 }
4283 }
4284
4285 if (child) {
4286 const char *str = qobject_get_try_str(new);
4287 if (!strcmp(child->bs->node_name, str)) {
4288 continue; /* Found child with this name, skip option */
4289 }
4290 }
4291 }
4292
4293 /*
4294 * TODO: When using -drive to specify blockdev options, all values
4295 * will be strings; however, when using -blockdev, blockdev-add or
4296 * filenames using the json:{} pseudo-protocol, they will be
4297 * correctly typed.
4298 * In contrast, reopening options are (currently) always strings
4299 * (because you can only specify them through qemu-io; all other
4300 * callers do not specify any options).
4301 * Therefore, when using anything other than -drive to create a BDS,
4302 * this cannot detect non-string options as unchanged, because
4303 * qobject_is_equal() always returns false for objects of different
4304 * type. In the future, this should be remedied by correctly typing
4305 * all options. For now, this is not too big of an issue because
4306 * the user can simply omit options which cannot be changed anyway,
4307 * so they will stay unchanged.
4308 */
4309 if (!qobject_is_equal(new, old)) {
4310 error_setg(errp, "Cannot change the option '%s'", entry->key);
4311 ret = -EINVAL;
4312 goto error;
4313 }
4314 } while ((entry = qdict_next(reopen_state->options, entry)));
4315 }
4316
4317 ret = 0;
4318
4319 /* Restore the original reopen_state->options QDict */
4320 qobject_unref(reopen_state->options);
4321 reopen_state->options = qobject_ref(orig_reopen_opts);
4322
4323 error:
4324 if (ret < 0 && drv_prepared) {
4325 /* drv->bdrv_reopen_prepare() has succeeded, so we need to
4326 * call drv->bdrv_reopen_abort() before signaling an error
4327 * (bdrv_reopen_multiple() will not call bdrv_reopen_abort()
4328 * when the respective bdrv_reopen_prepare() has failed) */
4329 if (drv->bdrv_reopen_abort) {
4330 drv->bdrv_reopen_abort(reopen_state);
4331 }
4332 }
4333 qemu_opts_del(opts);
4334 qobject_unref(orig_reopen_opts);
4335 g_free(discard);
4336 return ret;
4337 }
4338
4339 /*
4340 * Takes the staged changes for the reopen from bdrv_reopen_prepare(), and
4341 * makes them final by swapping the staging BlockDriverState contents into
4342 * the active BlockDriverState contents.
4343 */
4344 void bdrv_reopen_commit(BDRVReopenState *reopen_state)
4345 {
4346 BlockDriver *drv;
4347 BlockDriverState *bs;
4348 BdrvChild *child;
4349
4350 assert(reopen_state != NULL);
4351 bs = reopen_state->bs;
4352 drv = bs->drv;
4353 assert(drv != NULL);
4354
4355 /* If there are any driver level actions to take */
4356 if (drv->bdrv_reopen_commit) {
4357 drv->bdrv_reopen_commit(reopen_state);
4358 }
4359
4360 /* set BDS specific flags now */
4361 qobject_unref(bs->explicit_options);
4362 qobject_unref(bs->options);
4363
4364 bs->explicit_options = reopen_state->explicit_options;
4365 bs->options = reopen_state->options;
4366 bs->open_flags = reopen_state->flags;
4367 bs->read_only = !(reopen_state->flags & BDRV_O_RDWR);
4368 bs->detect_zeroes = reopen_state->detect_zeroes;
4369
4370 if (reopen_state->replace_backing_bs) {
4371 qdict_del(bs->explicit_options, "backing");
4372 qdict_del(bs->options, "backing");
4373 }
4374
4375 /* Remove child references from bs->options and bs->explicit_options.
4376 * Child options were already removed in bdrv_reopen_queue_child() */
4377 QLIST_FOREACH(child, &bs->children, next) {
4378 qdict_del(bs->explicit_options, child->name);
4379 qdict_del(bs->options, child->name);
4380 }
4381
4382 /*
4383 * Change the backing file if a new one was specified. We do this
4384 * after updating bs->options, so bdrv_refresh_filename() (called
4385 * from bdrv_set_backing_hd()) has the new values.
4386 */
4387 if (reopen_state->replace_backing_bs) {
4388 BlockDriverState *old_backing_bs = backing_bs(bs);
4389 assert(!old_backing_bs || !old_backing_bs->implicit);
4390 /* Abort the permission update on the backing bs we're detaching */
4391 if (old_backing_bs) {
4392 bdrv_abort_perm_update(old_backing_bs);
4393 }
4394 bdrv_set_backing_hd(bs, reopen_state->new_backing_bs, &error_abort);
4395 }
4396
4397 bdrv_refresh_limits(bs, NULL);
4398 }
4399
4400 /*
4401 * Abort the reopen, and delete and free the staged changes in
4402 * reopen_state
4403 */
4404 void bdrv_reopen_abort(BDRVReopenState *reopen_state)
4405 {
4406 BlockDriver *drv;
4407
4408 assert(reopen_state != NULL);
4409 drv = reopen_state->bs->drv;
4410 assert(drv != NULL);
4411
4412 if (drv->bdrv_reopen_abort) {
4413 drv->bdrv_reopen_abort(reopen_state);
4414 }
4415 }
4416
4417
4418 static void bdrv_close(BlockDriverState *bs)
4419 {
4420 BdrvAioNotifier *ban, *ban_next;
4421 BdrvChild *child, *next;
4422
4423 assert(!bs->refcnt);
4424
4425 bdrv_drained_begin(bs); /* complete I/O */
4426 bdrv_flush(bs);
4427 bdrv_drain(bs); /* in case flush left pending I/O */
4428
4429 if (bs->drv) {
4430 if (bs->drv->bdrv_close) {
4431 bs->drv->bdrv_close(bs);
4432 }
4433 bs->drv = NULL;
4434 }
4435
4436 QLIST_FOREACH_SAFE(child, &bs->children, next, next) {
4437 bdrv_unref_child(bs, child);
4438 }
4439
4440 bs->backing = NULL;
4441 bs->file = NULL;
4442 g_free(bs->opaque);
4443 bs->opaque = NULL;
4444 atomic_set(&bs->copy_on_read, 0);
4445 bs->backing_file[0] = '\0';
4446 bs->backing_format[0] = '\0';
4447 bs->total_sectors = 0;
4448 bs->encrypted = false;
4449 bs->sg = false;
4450 qobject_unref(bs->options);
4451 qobject_unref(bs->explicit_options);
4452 bs->options = NULL;
4453 bs->explicit_options = NULL;
4454 qobject_unref(bs->full_open_options);
4455 bs->full_open_options = NULL;
4456
4457 bdrv_release_named_dirty_bitmaps(bs);
4458 assert(QLIST_EMPTY(&bs->dirty_bitmaps));
4459
4460 QLIST_FOREACH_SAFE(ban, &bs->aio_notifiers, list, ban_next) {
4461 g_free(ban);
4462 }
4463 QLIST_INIT(&bs->aio_notifiers);
4464 bdrv_drained_end(bs);
4465 }
4466
4467 void bdrv_close_all(void)
4468 {
4469 assert(job_next(NULL) == NULL);
4470 nbd_export_close_all();
4471
4472 /* Drop references from requests still in flight, such as canceled block
4473 * jobs whose AIO context has not been polled yet */
4474 bdrv_drain_all();
4475
4476 blk_remove_all_bs();
4477 blockdev_close_all_bdrv_states();
4478
4479 assert(QTAILQ_EMPTY(&all_bdrv_states));
4480 }
4481
4482 static bool should_update_child(BdrvChild *c, BlockDriverState *to)
4483 {
4484 GQueue *queue;
4485 GHashTable *found;
4486 bool ret;
4487
4488 if (c->klass->stay_at_node) {
4489 return false;
4490 }
4491
4492 /* If the child @c belongs to the BDS @to, replacing the current
4493 * c->bs by @to would mean to create a loop.
4494 *
4495 * Such a case occurs when appending a BDS to a backing chain.
4496 * For instance, imagine the following chain:
4497 *
4498 * guest device -> node A -> further backing chain...
4499 *
4500 * Now we create a new BDS B which we want to put on top of this
4501 * chain, so we first attach A as its backing node:
4502 *
4503 * node B
4504 * |
4505 * v
4506 * guest device -> node A -> further backing chain...
4507 *
4508 * Finally we want to replace A by B. When doing that, we want to
4509 * replace all pointers to A by pointers to B -- except for the
4510 * pointer from B because (1) that would create a loop, and (2)
4511 * that pointer should simply stay intact:
4512 *
4513 * guest device -> node B
4514 * |
4515 * v
4516 * node A -> further backing chain...
4517 *
4518 * In general, when replacing a node A (c->bs) by a node B (@to),
4519 * if A is a child of B, that means we cannot replace A by B there
4520 * because that would create a loop. Silently detaching A from B
4521 * is also not really an option. So overall just leaving A in
4522 * place there is the most sensible choice.
4523 *
4524 * We would also create a loop in any cases where @c is only
4525 * indirectly referenced by @to. Prevent this by returning false
4526 * if @c is found (by breadth-first search) anywhere in the whole
4527 * subtree of @to.
4528 */
4529
4530 ret = true;
4531 found = g_hash_table_new(NULL, NULL);
4532 g_hash_table_add(found, to);
4533 queue = g_queue_new();
4534 g_queue_push_tail(queue, to);
4535
4536 while (!g_queue_is_empty(queue)) {
4537 BlockDriverState *v = g_queue_pop_head(queue);
4538 BdrvChild *c2;
4539
4540 QLIST_FOREACH(c2, &v->children, next) {
4541 if (c2 == c) {
4542 ret = false;
4543 break;
4544 }
4545
4546 if (g_hash_table_contains(found, c2->bs)) {
4547 continue;
4548 }
4549
4550 g_queue_push_tail(queue, c2->bs);
4551 g_hash_table_add(found, c2->bs);
4552 }
4553 }
4554
4555 g_queue_free(queue);
4556 g_hash_table_destroy(found);
4557
4558 return ret;
4559 }
4560
4561 void bdrv_replace_node(BlockDriverState *from, BlockDriverState *to,
4562 Error **errp)
4563 {
4564 BdrvChild *c, *next;
4565 GSList *list = NULL, *p;
4566 uint64_t perm = 0, shared = BLK_PERM_ALL;
4567 int ret;
4568
4569 /* Make sure that @from doesn't go away until we have successfully attached
4570 * all of its parents to @to. */
4571 bdrv_ref(from);
4572
4573 assert(qemu_get_current_aio_context() == qemu_get_aio_context());
4574 assert(bdrv_get_aio_context(from) == bdrv_get_aio_context(to));
4575 bdrv_drained_begin(from);
4576
4577 /* Put all parents into @list and calculate their cumulative permissions */
4578 QLIST_FOREACH_SAFE(c, &from->parents, next_parent, next) {
4579 assert(c->bs == from);
4580 if (!should_update_child(c, to)) {
4581 continue;
4582 }
4583 if (c->frozen) {
4584 error_setg(errp, "Cannot change '%s' link to '%s'",
4585 c->name, from->node_name);
4586 goto out;
4587 }
4588 list = g_slist_prepend(list, c);
4589 perm |= c->perm;
4590 shared &= c->shared_perm;
4591 }
4592
4593 /* Check whether the required permissions can be granted on @to, ignoring
4594 * all BdrvChild in @list so that they can't block themselves. */
4595 ret = bdrv_check_update_perm(to, NULL, perm, shared, list, NULL, errp);
4596 if (ret < 0) {
4597 bdrv_abort_perm_update(to);
4598 goto out;
4599 }
4600
4601 /* Now actually perform the change. We performed the permission check for
4602 * all elements of @list at once, so set the permissions all at once at the
4603 * very end. */
4604 for (p = list; p != NULL; p = p->next) {
4605 c = p->data;
4606
4607 bdrv_ref(to);
4608 bdrv_replace_child_noperm(c, to);
4609 bdrv_unref(from);
4610 }
4611
4612 bdrv_get_cumulative_perm(to, &perm, &shared);
4613 bdrv_set_perm(to, perm, shared);
4614
4615 out:
4616 g_slist_free(list);
4617 bdrv_drained_end(from);
4618 bdrv_unref(from);
4619 }
4620
4621 /*
4622 * Add new bs contents at the top of an image chain while the chain is
4623 * live, while keeping required fields on the top layer.
4624 *
4625 * This will modify the BlockDriverState fields, and swap contents
4626 * between bs_new and bs_top. Both bs_new and bs_top are modified.
4627 *
4628 * bs_new must not be attached to a BlockBackend.
4629 *
4630 * This function does not create any image files.
4631 *
4632 * bdrv_append() takes ownership of a bs_new reference and unrefs it because
4633 * that's what the callers commonly need. bs_new will be referenced by the old
4634 * parents of bs_top after bdrv_append() returns. If the caller needs to keep a
4635 * reference of its own, it must call bdrv_ref().
4636 */
4637 void bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top,
4638 Error **errp)
4639 {
4640 Error *local_err = NULL;
4641
4642 bdrv_set_backing_hd(bs_new, bs_top, &local_err);
4643 if (local_err) {
4644 error_propagate(errp, local_err);
4645 goto out;
4646 }
4647
4648 bdrv_replace_node(bs_top, bs_new, &local_err);
4649 if (local_err) {
4650 error_propagate(errp, local_err);
4651 bdrv_set_backing_hd(bs_new, NULL, &error_abort);
4652 goto out;
4653 }
4654
4655 /* bs_new is now referenced by its new parents, we don't need the
4656 * additional reference any more. */
4657 out:
4658 bdrv_unref(bs_new);
4659 }
4660
4661 static void bdrv_delete(BlockDriverState *bs)
4662 {
4663 assert(bdrv_op_blocker_is_empty(bs));
4664 assert(!bs->refcnt);
4665
4666 /* remove from list, if necessary */
4667 if (bs->node_name[0] != '\0') {
4668 QTAILQ_REMOVE(&graph_bdrv_states, bs, node_list);
4669 }
4670 QTAILQ_REMOVE(&all_bdrv_states, bs, bs_list);
4671
4672 bdrv_close(bs);
4673
4674 g_free(bs);
4675 }
4676
4677 /*
4678 * Run consistency checks on an image
4679 *
4680 * Returns 0 if the check could be completed (it doesn't mean that the image is
4681 * free of errors) or -errno when an internal error occurred. The results of the
4682 * check are stored in res.
4683 */
4684 static int coroutine_fn bdrv_co_check(BlockDriverState *bs,
4685 BdrvCheckResult *res, BdrvCheckMode fix)
4686 {
4687 if (bs->drv == NULL) {
4688 return -ENOMEDIUM;
4689 }
4690 if (bs->drv->bdrv_co_check == NULL) {
4691 return -ENOTSUP;
4692 }
4693
4694 memset(res, 0, sizeof(*res));
4695 return bs->drv->bdrv_co_check(bs, res, fix);
4696 }
4697
4698 typedef struct CheckCo {
4699 BlockDriverState *bs;
4700 BdrvCheckResult *res;
4701 BdrvCheckMode fix;
4702 int ret;
4703 } CheckCo;
4704
4705 static void coroutine_fn bdrv_check_co_entry(void *opaque)
4706 {
4707 CheckCo *cco = opaque;
4708 cco->ret = bdrv_co_check(cco->bs, cco->res, cco->fix);
4709 aio_wait_kick();
4710 }
4711
4712 int bdrv_check(BlockDriverState *bs,
4713 BdrvCheckResult *res, BdrvCheckMode fix)
4714 {
4715 Coroutine *co;
4716 CheckCo cco = {
4717 .bs = bs,
4718 .res = res,
4719 .ret = -EINPROGRESS,
4720 .fix = fix,
4721 };
4722
4723 if (qemu_in_coroutine()) {
4724 /* Fast-path if already in coroutine context */
4725 bdrv_check_co_entry(&cco);
4726 } else {
4727 co = qemu_coroutine_create(bdrv_check_co_entry, &cco);
4728 bdrv_coroutine_enter(bs, co);
4729 BDRV_POLL_WHILE(bs, cco.ret == -EINPROGRESS);
4730 }
4731
4732 return cco.ret;
4733 }
4734
4735 /*
4736 * Return values:
4737 * 0 - success
4738 * -EINVAL - backing format specified, but no file
4739 * -ENOSPC - can't update the backing file because no space is left in the
4740 * image file header
4741 * -ENOTSUP - format driver doesn't support changing the backing file
4742 */
4743 int bdrv_change_backing_file(BlockDriverState *bs,
4744 const char *backing_file, const char *backing_fmt)
4745 {
4746 BlockDriver *drv = bs->drv;
4747 int ret;
4748
4749 if (!drv) {
4750 return -ENOMEDIUM;
4751 }
4752
4753 /* Backing file format doesn't make sense without a backing file */
4754 if (backing_fmt && !backing_file) {
4755 return -EINVAL;
4756 }
4757
4758 if (drv->bdrv_change_backing_file != NULL) {
4759 ret = drv->bdrv_change_backing_file(bs, backing_file, backing_fmt);
4760 } else {
4761 ret = -ENOTSUP;
4762 }
4763
4764 if (ret == 0) {
4765 pstrcpy(bs->backing_file, sizeof(bs->backing_file), backing_file ?: "");
4766 pstrcpy(bs->backing_format, sizeof(bs->backing_format), backing_fmt ?: "");
4767 pstrcpy(bs->auto_backing_file, sizeof(bs->auto_backing_file),
4768 backing_file ?: "");
4769 }
4770 return ret;
4771 }
4772
4773 /*
4774 * Finds the image layer in the chain that has 'bs' as its backing file.
4775 *
4776 * active is the current topmost image.
4777 *
4778 * Returns NULL if bs is not found in active's image chain,
4779 * or if active == bs.
4780 *
4781 * Returns the bottommost base image if bs == NULL.
4782 */
4783 BlockDriverState *bdrv_find_overlay(BlockDriverState *active,
4784 BlockDriverState *bs)
4785 {
4786 while (active && bs != backing_bs(active)) {
4787 active = backing_bs(active);
4788 }
4789
4790 return active;
4791 }
4792
4793 /* Given a BDS, searches for the base layer. */
4794 BlockDriverState *bdrv_find_base(BlockDriverState *bs)
4795 {
4796 return bdrv_find_overlay(bs, NULL);
4797 }
4798
4799 /*
4800 * Return true if at least one of the backing links between @bs and
4801 * @base is frozen. @errp is set if that's the case.
4802 * @base must be reachable from @bs, or NULL.
4803 */
4804 bool bdrv_is_backing_chain_frozen(BlockDriverState *bs, BlockDriverState *base,
4805 Error **errp)
4806 {
4807 BlockDriverState *i;
4808
4809 for (i = bs; i != base; i = backing_bs(i)) {
4810 if (i->backing && i->backing->frozen) {
4811 error_setg(errp, "Cannot change '%s' link from '%s' to '%s'",
4812 i->backing->name, i->node_name,
4813 backing_bs(i)->node_name);
4814 return true;
4815 }
4816 }
4817
4818 return false;
4819 }
4820
4821 /*
4822 * Freeze all backing links between @bs and @base.
4823 * If any of the links is already frozen the operation is aborted and
4824 * none of the links are modified.
4825 * @base must be reachable from @bs, or NULL.
4826 * Returns 0 on success. On failure returns < 0 and sets @errp.
4827 */
4828 int bdrv_freeze_backing_chain(BlockDriverState *bs, BlockDriverState *base,
4829 Error **errp)
4830 {
4831 BlockDriverState *i;
4832
4833 if (bdrv_is_backing_chain_frozen(bs, base, errp)) {
4834 return -EPERM;
4835 }
4836
4837 for (i = bs; i != base; i = backing_bs(i)) {
4838 if (i->backing && backing_bs(i)->never_freeze) {
4839 error_setg(errp, "Cannot freeze '%s' link to '%s'",
4840 i->backing->name, backing_bs(i)->node_name);
4841 return -EPERM;
4842 }
4843 }
4844
4845 for (i = bs; i != base; i = backing_bs(i)) {
4846 if (i->backing) {
4847 i->backing->frozen = true;
4848 }
4849 }
4850
4851 return 0;
4852 }
4853
4854 /*
4855 * Unfreeze all backing links between @bs and @base. The caller must
4856 * ensure that all links are frozen before using this function.
4857 * @base must be reachable from @bs, or NULL.
4858 */
4859 void bdrv_unfreeze_backing_chain(BlockDriverState *bs, BlockDriverState *base)
4860 {
4861 BlockDriverState *i;
4862
4863 for (i = bs; i != base; i = backing_bs(i)) {
4864 if (i->backing) {
4865 assert(i->backing->frozen);
4866 i->backing->frozen = false;
4867 }
4868 }
4869 }
4870
4871 /*
4872 * Drops images above 'base' up to and including 'top', and sets the image
4873 * above 'top' to have base as its backing file.
4874 *
4875 * Requires that the overlay to 'top' is opened r/w, so that the backing file
4876 * information in 'bs' can be properly updated.
4877 *
4878 * E.g., this will convert the following chain:
4879 * bottom <- base <- intermediate <- top <- active
4880 *
4881 * to
4882 *
4883 * bottom <- base <- active
4884 *
4885 * It is allowed for bottom==base, in which case it converts:
4886 *
4887 * base <- intermediate <- top <- active
4888 *
4889 * to
4890 *
4891 * base <- active
4892 *
4893 * If backing_file_str is non-NULL, it will be used when modifying top's
4894 * overlay image metadata.
4895 *
4896 * Error conditions:
4897 * if active == top, that is considered an error
4898 *
4899 */
4900 int bdrv_drop_intermediate(BlockDriverState *top, BlockDriverState *base,
4901 const char *backing_file_str)
4902 {
4903 BlockDriverState *explicit_top = top;
4904 bool update_inherits_from;
4905 BdrvChild *c, *next;
4906 Error *local_err = NULL;
4907 int ret = -EIO;
4908
4909 bdrv_ref(top);
4910 bdrv_subtree_drained_begin(top);
4911
4912 if (!top->drv || !base->drv) {
4913 goto exit;
4914 }
4915
4916 /* Make sure that base is in the backing chain of top */
4917 if (!bdrv_chain_contains(top, base)) {
4918 goto exit;
4919 }
4920
4921 /* This function changes all links that point to top and makes
4922 * them point to base. Check that none of them is frozen. */
4923 QLIST_FOREACH(c, &top->parents, next_parent) {
4924 if (c->frozen) {
4925 goto exit;
4926 }
4927 }
4928
4929 /* If 'base' recursively inherits from 'top' then we should set
4930 * base->inherits_from to top->inherits_from after 'top' and all
4931 * other intermediate nodes have been dropped.
4932 * If 'top' is an implicit node (e.g. "commit_top") we should skip
4933 * it because no one inherits from it. We use explicit_top for that. */
4934 while (explicit_top && explicit_top->implicit) {
4935 explicit_top = backing_bs(explicit_top);
4936 }
4937 update_inherits_from = bdrv_inherits_from_recursive(base, explicit_top);
4938
4939 /* success - we can delete the intermediate states, and link top->base */
4940 /* TODO Check graph modification op blockers (BLK_PERM_GRAPH_MOD) once
4941 * we've figured out how they should work. */
4942 if (!backing_file_str) {
4943 bdrv_refresh_filename(base);
4944 backing_file_str = base->filename;
4945 }
4946
4947 QLIST_FOREACH_SAFE(c, &top->parents, next_parent, next) {
4948 /* Check whether we are allowed to switch c from top to base */
4949 GSList *ignore_children = g_slist_prepend(NULL, c);
4950 ret = bdrv_check_update_perm(base, NULL, c->perm, c->shared_perm,
4951 ignore_children, NULL, &local_err);
4952 g_slist_free(ignore_children);
4953 if (ret < 0) {
4954 error_report_err(local_err);
4955 goto exit;
4956 }
4957
4958 /* If so, update the backing file path in the image file */
4959 if (c->klass->update_filename) {
4960 ret = c->klass->update_filename(c, base, backing_file_str,
4961 &local_err);
4962 if (ret < 0) {
4963 bdrv_abort_perm_update(base);
4964 error_report_err(local_err);
4965 goto exit;
4966 }
4967 }
4968
4969 /* Do the actual switch in the in-memory graph.
4970 * Completes bdrv_check_update_perm() transaction internally. */
4971 bdrv_ref(base);
4972 bdrv_replace_child(c, base);
4973 bdrv_unref(top);
4974 }
4975
4976 if (update_inherits_from) {
4977 base->inherits_from = explicit_top->inherits_from;
4978 }
4979
4980 ret = 0;
4981 exit:
4982 bdrv_subtree_drained_end(top);
4983 bdrv_unref(top);
4984 return ret;
4985 }
4986
4987 /**
4988 * Length of a allocated file in bytes. Sparse files are counted by actual
4989 * allocated space. Return < 0 if error or unknown.
4990 */
4991 int64_t bdrv_get_allocated_file_size(BlockDriverState *bs)
4992 {
4993 BlockDriver *drv = bs->drv;
4994 if (!drv) {
4995 return -ENOMEDIUM;
4996 }
4997 if (drv->bdrv_get_allocated_file_size) {
4998 return drv->bdrv_get_allocated_file_size(bs);
4999 }
5000 if (bs->file) {
5001 return bdrv_get_allocated_file_size(bs->file->bs);
5002 }
5003 return -ENOTSUP;
5004 }
5005
5006 /*
5007 * bdrv_measure:
5008 * @drv: Format driver
5009 * @opts: Creation options for new image
5010 * @in_bs: Existing image containing data for new image (may be NULL)
5011 * @errp: Error object
5012 * Returns: A #BlockMeasureInfo (free using qapi_free_BlockMeasureInfo())
5013 * or NULL on error
5014 *
5015 * Calculate file size required to create a new image.
5016 *
5017 * If @in_bs is given then space for allocated clusters and zero clusters
5018 * from that image are included in the calculation. If @opts contains a
5019 * backing file that is shared by @in_bs then backing clusters may be omitted
5020 * from the calculation.
5021 *
5022 * If @in_bs is NULL then the calculation includes no allocated clusters
5023 * unless a preallocation option is given in @opts.
5024 *
5025 * Note that @in_bs may use a different BlockDriver from @drv.
5026 *
5027 * If an error occurs the @errp pointer is set.
5028 */
5029 BlockMeasureInfo *bdrv_measure(BlockDriver *drv, QemuOpts *opts,
5030 BlockDriverState *in_bs, Error **errp)
5031 {
5032 if (!drv->bdrv_measure) {
5033 error_setg(errp, "Block driver '%s' does not support size measurement",
5034 drv->format_name);
5035 return NULL;
5036 }
5037
5038 return drv->bdrv_measure(opts, in_bs, errp);
5039 }
5040
5041 /**
5042 * Return number of sectors on success, -errno on error.
5043 */
5044 int64_t bdrv_nb_sectors(BlockDriverState *bs)
5045 {
5046 BlockDriver *drv = bs->drv;
5047
5048 if (!drv)
5049 return -ENOMEDIUM;
5050
5051 if (drv->has_variable_length) {
5052 int ret = refresh_total_sectors(bs, bs->total_sectors);
5053 if (ret < 0) {
5054 return ret;
5055 }
5056 }
5057 return bs->total_sectors;
5058 }
5059
5060 /**
5061 * Return length in bytes on success, -errno on error.
5062 * The length is always a multiple of BDRV_SECTOR_SIZE.
5063 */
5064 int64_t bdrv_getlength(BlockDriverState *bs)
5065 {
5066 int64_t ret = bdrv_nb_sectors(bs);
5067
5068 ret = ret > INT64_MAX / BDRV_SECTOR_SIZE ? -EFBIG : ret;
5069 return ret < 0 ? ret : ret * BDRV_SECTOR_SIZE;
5070 }
5071
5072 /* return 0 as number of sectors if no device present or error */
5073 void bdrv_get_geometry(BlockDriverState *bs, uint64_t *nb_sectors_ptr)
5074 {
5075 int64_t nb_sectors = bdrv_nb_sectors(bs);
5076
5077 *nb_sectors_ptr = nb_sectors < 0 ? 0 : nb_sectors;
5078 }
5079
5080 bool bdrv_is_sg(BlockDriverState *bs)
5081 {
5082 return bs->sg;
5083 }
5084
5085 bool bdrv_is_encrypted(BlockDriverState *bs)
5086 {
5087 if (bs->backing && bs->backing->bs->encrypted) {
5088 return true;
5089 }
5090 return bs->encrypted;
5091 }
5092
5093 const char *bdrv_get_format_name(BlockDriverState *bs)
5094 {
5095 return bs->drv ? bs->drv->format_name : NULL;
5096 }
5097
5098 static int qsort_strcmp(const void *a, const void *b)
5099 {
5100 return strcmp(*(char *const *)a, *(char *const *)b);
5101 }
5102
5103 void bdrv_iterate_format(void (*it)(void *opaque, const char *name),
5104 void *opaque, bool read_only)
5105 {
5106 BlockDriver *drv;
5107 int count = 0;
5108 int i;
5109 const char **formats = NULL;
5110
5111 QLIST_FOREACH(drv, &bdrv_drivers, list) {
5112 if (drv->format_name) {
5113 bool found = false;
5114 int i = count;
5115
5116 if (use_bdrv_whitelist && !bdrv_is_whitelisted(drv, read_only)) {
5117 continue;
5118 }
5119
5120 while (formats && i && !found) {
5121 found = !strcmp(formats[--i], drv->format_name);
5122 }
5123
5124 if (!found) {
5125 formats = g_renew(const char *, formats, count + 1);
5126 formats[count++] = drv->format_name;
5127 }
5128 }
5129 }
5130
5131 for (i = 0; i < (int)ARRAY_SIZE(block_driver_modules); i++) {
5132 const char *format_name = block_driver_modules[i].format_name;
5133
5134 if (format_name) {
5135 bool found = false;
5136 int j = count;
5137
5138 if (use_bdrv_whitelist &&
5139 !bdrv_format_is_whitelisted(format_name, read_only)) {
5140 continue;
5141 }
5142
5143 while (formats && j && !found) {
5144 found = !strcmp(formats[--j], format_name);
5145 }
5146
5147 if (!found) {
5148 formats = g_renew(const char *, formats, count + 1);
5149 formats[count++] = format_name;
5150 }
5151 }
5152 }
5153
5154 qsort(formats, count, sizeof(formats[0]), qsort_strcmp);
5155
5156 for (i = 0; i < count; i++) {
5157 it(opaque, formats[i]);
5158 }
5159
5160 g_free(formats);
5161 }
5162
5163 /* This function is to find a node in the bs graph */
5164 BlockDriverState *bdrv_find_node(const char *node_name)
5165 {
5166 BlockDriverState *bs;
5167
5168 assert(node_name);
5169
5170 QTAILQ_FOREACH(bs, &graph_bdrv_states, node_list) {
5171 if (!strcmp(node_name, bs->node_name)) {
5172 return bs;
5173 }
5174 }
5175 return NULL;
5176 }
5177
5178 /* Put this QMP function here so it can access the static graph_bdrv_states. */
5179 BlockDeviceInfoList *bdrv_named_nodes_list(bool flat,
5180 Error **errp)
5181 {
5182 BlockDeviceInfoList *list, *entry;
5183 BlockDriverState *bs;
5184
5185 list = NULL;
5186 QTAILQ_FOREACH(bs, &graph_bdrv_states, node_list) {
5187 BlockDeviceInfo *info = bdrv_block_device_info(NULL, bs, flat, errp);
5188 if (!info) {
5189 qapi_free_BlockDeviceInfoList(list);
5190 return NULL;
5191 }
5192 entry = g_malloc0(sizeof(*entry));
5193 entry->value = info;
5194 entry->next = list;
5195 list = entry;
5196 }
5197
5198 return list;
5199 }
5200
5201 #define QAPI_LIST_ADD(list, element) do { \
5202 typeof(list) _tmp = g_new(typeof(*(list)), 1); \
5203 _tmp->value = (element); \
5204 _tmp->next = (list); \
5205 (list) = _tmp; \
5206 } while (0)
5207
5208 typedef struct XDbgBlockGraphConstructor {
5209 XDbgBlockGraph *graph;
5210 GHashTable *graph_nodes;
5211 } XDbgBlockGraphConstructor;
5212
5213 static XDbgBlockGraphConstructor *xdbg_graph_new(void)
5214 {
5215 XDbgBlockGraphConstructor *gr = g_new(XDbgBlockGraphConstructor, 1);
5216
5217 gr->graph = g_new0(XDbgBlockGraph, 1);
5218 gr->graph_nodes = g_hash_table_new(NULL, NULL);
5219
5220 return gr;
5221 }
5222
5223 static XDbgBlockGraph *xdbg_graph_finalize(XDbgBlockGraphConstructor *gr)
5224 {
5225 XDbgBlockGraph *graph = gr->graph;
5226
5227 g_hash_table_destroy(gr->graph_nodes);
5228 g_free(gr);
5229
5230 return graph;
5231 }
5232
5233 static uintptr_t xdbg_graph_node_num(XDbgBlockGraphConstructor *gr, void *node)
5234 {
5235 uintptr_t ret = (uintptr_t)g_hash_table_lookup(gr->graph_nodes, node);
5236
5237 if (ret != 0) {
5238 return ret;
5239 }
5240
5241 /*
5242 * Start counting from 1, not 0, because 0 interferes with not-found (NULL)
5243 * answer of g_hash_table_lookup.
5244 */
5245 ret = g_hash_table_size(gr->graph_nodes) + 1;
5246 g_hash_table_insert(gr->graph_nodes, node, (void *)ret);
5247
5248 return ret;
5249 }
5250
5251 static void xdbg_graph_add_node(XDbgBlockGraphConstructor *gr, void *node,
5252 XDbgBlockGraphNodeType type, const char *name)
5253 {
5254 XDbgBlockGraphNode *n;
5255
5256 n = g_new0(XDbgBlockGraphNode, 1);
5257
5258 n->id = xdbg_graph_node_num(gr, node);
5259 n->type = type;
5260 n->name = g_strdup(name);
5261
5262 QAPI_LIST_ADD(gr->graph->nodes, n);
5263 }
5264
5265 static void xdbg_graph_add_edge(XDbgBlockGraphConstructor *gr, void *parent,
5266 const BdrvChild *child)
5267 {
5268 BlockPermission qapi_perm;
5269 XDbgBlockGraphEdge *edge;
5270
5271 edge = g_new0(XDbgBlockGraphEdge, 1);
5272
5273 edge->parent = xdbg_graph_node_num(gr, parent);
5274 edge->child = xdbg_graph_node_num(gr, child->bs);
5275 edge->name = g_strdup(child->name);
5276
5277 for (qapi_perm = 0; qapi_perm < BLOCK_PERMISSION__MAX; qapi_perm++) {
5278 uint64_t flag = bdrv_qapi_perm_to_blk_perm(qapi_perm);
5279
5280 if (flag & child->perm) {
5281 QAPI_LIST_ADD(edge->perm, qapi_perm);
5282 }
5283 if (flag & child->shared_perm) {
5284 QAPI_LIST_ADD(edge->shared_perm, qapi_perm);
5285 }
5286 }
5287
5288 QAPI_LIST_ADD(gr->graph->edges, edge);
5289 }
5290
5291
5292 XDbgBlockGraph *bdrv_get_xdbg_block_graph(Error **errp)
5293 {
5294 BlockBackend *blk;
5295 BlockJob *job;
5296 BlockDriverState *bs;
5297 BdrvChild *child;
5298 XDbgBlockGraphConstructor *gr = xdbg_graph_new();
5299
5300 for (blk = blk_all_next(NULL); blk; blk = blk_all_next(blk)) {
5301 char *allocated_name = NULL;
5302 const char *name = blk_name(blk);
5303
5304 if (!*name) {
5305 name = allocated_name = blk_get_attached_dev_id(blk);
5306 }
5307 xdbg_graph_add_node(gr, blk, X_DBG_BLOCK_GRAPH_NODE_TYPE_BLOCK_BACKEND,
5308 name);
5309 g_free(allocated_name);
5310 if (blk_root(blk)) {
5311 xdbg_graph_add_edge(gr, blk, blk_root(blk));
5312 }
5313 }
5314
5315 for (job = block_job_next(NULL); job; job = block_job_next(job)) {
5316 GSList *el;
5317
5318 xdbg_graph_add_node(gr, job, X_DBG_BLOCK_GRAPH_NODE_TYPE_BLOCK_JOB,
5319 job->job.id);
5320 for (el = job->nodes; el; el = el->next) {
5321 xdbg_graph_add_edge(gr, job, (BdrvChild *)el->data);
5322 }
5323 }
5324
5325 QTAILQ_FOREACH(bs, &graph_bdrv_states, node_list) {
5326 xdbg_graph_add_node(gr, bs, X_DBG_BLOCK_GRAPH_NODE_TYPE_BLOCK_DRIVER,
5327 bs->node_name);
5328 QLIST_FOREACH(child, &bs->children, next) {
5329 xdbg_graph_add_edge(gr, bs, child);
5330 }
5331 }
5332
5333 return xdbg_graph_finalize(gr);
5334 }
5335
5336 BlockDriverState *bdrv_lookup_bs(const char *device,
5337 const char *node_name,
5338 Error **errp)
5339 {
5340 BlockBackend *blk;
5341 BlockDriverState *bs;
5342
5343 if (device) {
5344 blk = blk_by_name(device);
5345
5346 if (blk) {
5347 bs = blk_bs(blk);
5348 if (!bs) {
5349 error_setg(errp, "Device '%s' has no medium", device);
5350 }
5351
5352 return bs;
5353 }
5354 }
5355
5356 if (node_name) {
5357 bs = bdrv_find_node(node_name);
5358
5359 if (bs) {
5360 return bs;
5361 }
5362 }
5363
5364 error_setg(errp, "Cannot find device=%s nor node_name=%s",
5365 device ? device : "",
5366 node_name ? node_name : "");
5367 return NULL;
5368 }
5369
5370 /* If 'base' is in the same chain as 'top', return true. Otherwise,
5371 * return false. If either argument is NULL, return false. */
5372 bool bdrv_chain_contains(BlockDriverState *top, BlockDriverState *base)
5373 {
5374 while (top && top != base) {
5375 top = backing_bs(top);
5376 }
5377
5378 return top != NULL;
5379 }
5380
5381 BlockDriverState *bdrv_next_node(BlockDriverState *bs)
5382 {
5383 if (!bs) {
5384 return QTAILQ_FIRST(&graph_bdrv_states);
5385 }
5386 return QTAILQ_NEXT(bs, node_list);
5387 }
5388
5389 BlockDriverState *bdrv_next_all_states(BlockDriverState *bs)
5390 {
5391 if (!bs) {
5392 return QTAILQ_FIRST(&all_bdrv_states);
5393 }
5394 return QTAILQ_NEXT(bs, bs_list);
5395 }
5396
5397 const char *bdrv_get_node_name(const BlockDriverState *bs)
5398 {
5399 return bs->node_name;
5400 }
5401
5402 const char *bdrv_get_parent_name(const BlockDriverState *bs)
5403 {
5404 BdrvChild *c;
5405 const char *name;
5406
5407 /* If multiple parents have a name, just pick the first one. */
5408 QLIST_FOREACH(c, &bs->parents, next_parent) {
5409 if (c->klass->get_name) {
5410 name = c->klass->get_name(c);
5411 if (name && *name) {
5412 return name;
5413 }
5414 }
5415 }
5416
5417 return NULL;
5418 }
5419
5420 /* TODO check what callers really want: bs->node_name or blk_name() */
5421 const char *bdrv_get_device_name(const BlockDriverState *bs)
5422 {
5423 return bdrv_get_parent_name(bs) ?: "";
5424 }
5425
5426 /* This can be used to identify nodes that might not have a device
5427 * name associated. Since node and device names live in the same
5428 * namespace, the result is unambiguous. The exception is if both are
5429 * absent, then this returns an empty (non-null) string. */
5430 const char *bdrv_get_device_or_node_name(const BlockDriverState *bs)
5431 {
5432 return bdrv_get_parent_name(bs) ?: bs->node_name;
5433 }
5434
5435 int bdrv_get_flags(BlockDriverState *bs)
5436 {
5437 return bs->open_flags;
5438 }
5439
5440 int bdrv_has_zero_init_1(BlockDriverState *bs)
5441 {
5442 return 1;
5443 }
5444
5445 int bdrv_has_zero_init(BlockDriverState *bs)
5446 {
5447 if (!bs->drv) {
5448 return 0;
5449 }
5450
5451 /* If BS is a copy on write image, it is initialized to
5452 the contents of the base image, which may not be zeroes. */
5453 if (bs->backing) {
5454 return 0;
5455 }
5456 if (bs->drv->bdrv_has_zero_init) {
5457 return bs->drv->bdrv_has_zero_init(bs);
5458 }
5459 if (bs->file && bs->drv->is_filter) {
5460 return bdrv_has_zero_init(bs->file->bs);
5461 }
5462
5463 /* safe default */
5464 return 0;
5465 }
5466
5467 bool bdrv_unallocated_blocks_are_zero(BlockDriverState *bs)
5468 {
5469 BlockDriverInfo bdi;
5470
5471 if (bs->backing) {
5472 return false;
5473 }
5474
5475 if (bdrv_get_info(bs, &bdi) == 0) {
5476 return bdi.unallocated_blocks_are_zero;
5477 }
5478
5479 return false;
5480 }
5481
5482 bool bdrv_can_write_zeroes_with_unmap(BlockDriverState *bs)
5483 {
5484 if (!(bs->open_flags & BDRV_O_UNMAP)) {
5485 return false;
5486 }
5487
5488 return bs->supported_zero_flags & BDRV_REQ_MAY_UNMAP;
5489 }
5490
5491 void bdrv_get_backing_filename(BlockDriverState *bs,
5492 char *filename, int filename_size)
5493 {
5494 pstrcpy(filename, filename_size, bs->backing_file);
5495 }
5496
5497 int bdrv_get_info(BlockDriverState *bs, BlockDriverInfo *bdi)
5498 {
5499 BlockDriver *drv = bs->drv;
5500 /* if bs->drv == NULL, bs is closed, so there's nothing to do here */
5501 if (!drv) {
5502 return -ENOMEDIUM;
5503 }
5504 if (!drv->bdrv_get_info) {
5505 if (bs->file && drv->is_filter) {
5506 return bdrv_get_info(bs->file->bs, bdi);
5507 }
5508 return -ENOTSUP;
5509 }
5510 memset(bdi, 0, sizeof(*bdi));
5511 return drv->bdrv_get_info(bs, bdi);
5512 }
5513
5514 ImageInfoSpecific *bdrv_get_specific_info(BlockDriverState *bs,
5515 Error **errp)
5516 {
5517 BlockDriver *drv = bs->drv;
5518 if (drv && drv->bdrv_get_specific_info) {
5519 return drv->bdrv_get_specific_info(bs, errp);
5520 }
5521 return NULL;
5522 }
5523
5524 BlockStatsSpecific *bdrv_get_specific_stats(BlockDriverState *bs)
5525 {
5526 BlockDriver *drv = bs->drv;
5527 if (!drv || !drv->bdrv_get_specific_stats) {
5528 return NULL;
5529 }
5530 return drv->bdrv_get_specific_stats(bs);
5531 }
5532
5533 void bdrv_debug_event(BlockDriverState *bs, BlkdebugEvent event)
5534 {
5535 if (!bs || !bs->drv || !bs->drv->bdrv_debug_event) {
5536 return;
5537 }
5538
5539 bs->drv->bdrv_debug_event(bs, event);
5540 }
5541
5542 static BlockDriverState *bdrv_find_debug_node(BlockDriverState *bs)
5543 {
5544 while (bs && bs->drv && !bs->drv->bdrv_debug_breakpoint) {
5545 if (bs->file) {
5546 bs = bs->file->bs;
5547 continue;
5548 }
5549
5550 if (bs->drv->is_filter && bs->backing) {
5551 bs = bs->backing->bs;
5552 continue;
5553 }
5554
5555 break;
5556 }
5557
5558 if (bs && bs->drv && bs->drv->bdrv_debug_breakpoint) {
5559 assert(bs->drv->bdrv_debug_remove_breakpoint);
5560 return bs;
5561 }
5562
5563 return NULL;
5564 }
5565
5566 int bdrv_debug_breakpoint(BlockDriverState *bs, const char *event,
5567 const char *tag)
5568 {
5569 bs = bdrv_find_debug_node(bs);
5570 if (bs) {
5571 return bs->drv->bdrv_debug_breakpoint(bs, event, tag);
5572 }
5573
5574 return -ENOTSUP;
5575 }
5576
5577 int bdrv_debug_remove_breakpoint(BlockDriverState *bs, const char *tag)
5578 {
5579 bs = bdrv_find_debug_node(bs);
5580 if (bs) {
5581 return bs->drv->bdrv_debug_remove_breakpoint(bs, tag);
5582 }
5583
5584 return -ENOTSUP;
5585 }
5586
5587 int bdrv_debug_resume(BlockDriverState *bs, const char *tag)
5588 {
5589 while (bs && (!bs->drv || !bs->drv->bdrv_debug_resume)) {
5590 bs = bs->file ? bs->file->bs : NULL;
5591 }
5592
5593 if (bs && bs->drv && bs->drv->bdrv_debug_resume) {
5594 return bs->drv->bdrv_debug_resume(bs, tag);
5595 }
5596
5597 return -ENOTSUP;
5598 }
5599
5600 bool bdrv_debug_is_suspended(BlockDriverState *bs, const char *tag)
5601 {
5602 while (bs && bs->drv && !bs->drv->bdrv_debug_is_suspended) {
5603 bs = bs->file ? bs->file->bs : NULL;
5604 }
5605
5606 if (bs && bs->drv && bs->drv->bdrv_debug_is_suspended) {
5607 return bs->drv->bdrv_debug_is_suspended(bs, tag);
5608 }
5609
5610 return false;
5611 }
5612
5613 /* backing_file can either be relative, or absolute, or a protocol. If it is
5614 * relative, it must be relative to the chain. So, passing in bs->filename
5615 * from a BDS as backing_file should not be done, as that may be relative to
5616 * the CWD rather than the chain. */
5617 BlockDriverState *bdrv_find_backing_image(BlockDriverState *bs,
5618 const char *backing_file)
5619 {
5620 char *filename_full = NULL;
5621 char *backing_file_full = NULL;
5622 char *filename_tmp = NULL;
5623 int is_protocol = 0;
5624 BlockDriverState *curr_bs = NULL;
5625 BlockDriverState *retval = NULL;
5626
5627 if (!bs || !bs->drv || !backing_file) {
5628 return NULL;
5629 }
5630
5631 filename_full = g_malloc(PATH_MAX);
5632 backing_file_full = g_malloc(PATH_MAX);
5633
5634 is_protocol = path_has_protocol(backing_file);
5635
5636 for (curr_bs = bs; curr_bs->backing; curr_bs = curr_bs->backing->bs) {
5637
5638 /* If either of the filename paths is actually a protocol, then
5639 * compare unmodified paths; otherwise make paths relative */
5640 if (is_protocol || path_has_protocol(curr_bs->backing_file)) {
5641 char *backing_file_full_ret;
5642
5643 if (strcmp(backing_file, curr_bs->backing_file) == 0) {
5644 retval = curr_bs->backing->bs;
5645 break;
5646 }
5647 /* Also check against the full backing filename for the image */
5648 backing_file_full_ret = bdrv_get_full_backing_filename(curr_bs,
5649 NULL);
5650 if (backing_file_full_ret) {
5651 bool equal = strcmp(backing_file, backing_file_full_ret) == 0;
5652 g_free(backing_file_full_ret);
5653 if (equal) {
5654 retval = curr_bs->backing->bs;
5655 break;
5656 }
5657 }
5658 } else {
5659 /* If not an absolute filename path, make it relative to the current
5660 * image's filename path */
5661 filename_tmp = bdrv_make_absolute_filename(curr_bs, backing_file,
5662 NULL);
5663 /* We are going to compare canonicalized absolute pathnames */
5664 if (!filename_tmp || !realpath(filename_tmp, filename_full)) {
5665 g_free(filename_tmp);
5666 continue;
5667 }
5668 g_free(filename_tmp);
5669
5670 /* We need to make sure the backing filename we are comparing against
5671 * is relative to the current image filename (or absolute) */
5672 filename_tmp = bdrv_get_full_backing_filename(curr_bs, NULL);
5673 if (!filename_tmp || !realpath(filename_tmp, backing_file_full)) {
5674 g_free(filename_tmp);
5675 continue;
5676 }
5677 g_free(filename_tmp);
5678
5679 if (strcmp(backing_file_full, filename_full) == 0) {
5680 retval = curr_bs->backing->bs;
5681 break;
5682 }
5683 }
5684 }
5685
5686 g_free(filename_full);
5687 g_free(backing_file_full);
5688 return retval;
5689 }
5690
5691 void bdrv_init(void)
5692 {
5693 module_call_init(MODULE_INIT_BLOCK);
5694 }
5695
5696 void bdrv_init_with_whitelist(void)
5697 {
5698 use_bdrv_whitelist = 1;
5699 bdrv_init();
5700 }
5701
5702 static void coroutine_fn bdrv_co_invalidate_cache(BlockDriverState *bs,
5703 Error **errp)
5704 {
5705 BdrvChild *child, *parent;
5706 uint64_t perm, shared_perm;
5707 Error *local_err = NULL;
5708 int ret;
5709 BdrvDirtyBitmap *bm;
5710
5711 if (!bs->drv) {
5712 return;
5713 }
5714
5715 QLIST_FOREACH(child, &bs->children, next) {
5716 bdrv_co_invalidate_cache(child->bs, &local_err);
5717 if (local_err) {
5718 error_propagate(errp, local_err);
5719 return;
5720 }
5721 }
5722
5723 /*
5724 * Update permissions, they may differ for inactive nodes.
5725 *
5726 * Note that the required permissions of inactive images are always a
5727 * subset of the permissions required after activating the image. This
5728 * allows us to just get the permissions upfront without restricting
5729 * drv->bdrv_invalidate_cache().
5730 *
5731 * It also means that in error cases, we don't have to try and revert to
5732 * the old permissions (which is an operation that could fail, too). We can
5733 * just keep the extended permissions for the next time that an activation
5734 * of the image is tried.
5735 */
5736 if (bs->open_flags & BDRV_O_INACTIVE) {
5737 bs->open_flags &= ~BDRV_O_INACTIVE;
5738 bdrv_get_cumulative_perm(bs, &perm, &shared_perm);
5739 ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, NULL, &local_err);
5740 if (ret < 0) {
5741 bs->open_flags |= BDRV_O_INACTIVE;
5742 error_propagate(errp, local_err);
5743 return;
5744 }
5745 bdrv_set_perm(bs, perm, shared_perm);
5746
5747 if (bs->drv->bdrv_co_invalidate_cache) {
5748 bs->drv->bdrv_co_invalidate_cache(bs, &local_err);
5749 if (local_err) {
5750 bs->open_flags |= BDRV_O_INACTIVE;
5751 error_propagate(errp, local_err);
5752 return;
5753 }
5754 }
5755
5756 FOR_EACH_DIRTY_BITMAP(bs, bm) {
5757 bdrv_dirty_bitmap_skip_store(bm, false);
5758 }
5759
5760 ret = refresh_total_sectors(bs, bs->total_sectors);
5761 if (ret < 0) {
5762 bs->open_flags |= BDRV_O_INACTIVE;
5763 error_setg_errno(errp, -ret, "Could not refresh total sector count");
5764 return;
5765 }
5766 }
5767
5768 QLIST_FOREACH(parent, &bs->parents, next_parent) {
5769 if (parent->klass->activate) {
5770 parent->klass->activate(parent, &local_err);
5771 if (local_err) {
5772 bs->open_flags |= BDRV_O_INACTIVE;
5773 error_propagate(errp, local_err);
5774 return;
5775 }
5776 }
5777 }
5778 }
5779
5780 typedef struct InvalidateCacheCo {
5781 BlockDriverState *bs;
5782 Error **errp;
5783 bool done;
5784 } InvalidateCacheCo;
5785
5786 static void coroutine_fn bdrv_invalidate_cache_co_entry(void *opaque)
5787 {
5788 InvalidateCacheCo *ico = opaque;
5789 bdrv_co_invalidate_cache(ico->bs, ico->errp);
5790 ico->done = true;
5791 aio_wait_kick();
5792 }
5793
5794 void bdrv_invalidate_cache(BlockDriverState *bs, Error **errp)
5795 {
5796 Coroutine *co;
5797 InvalidateCacheCo ico = {
5798 .bs = bs,
5799 .done = false,
5800 .errp = errp
5801 };
5802
5803 if (qemu_in_coroutine()) {
5804 /* Fast-path if already in coroutine context */
5805 bdrv_invalidate_cache_co_entry(&ico);
5806 } else {
5807 co = qemu_coroutine_create(bdrv_invalidate_cache_co_entry, &ico);
5808 bdrv_coroutine_enter(bs, co);
5809 BDRV_POLL_WHILE(bs, !ico.done);
5810 }
5811 }
5812
5813 void bdrv_invalidate_cache_all(Error **errp)
5814 {
5815 BlockDriverState *bs;
5816 Error *local_err = NULL;
5817 BdrvNextIterator it;
5818
5819 for (bs = bdrv_first(&it); bs; bs = bdrv_next(&it)) {
5820 AioContext *aio_context = bdrv_get_aio_context(bs);
5821
5822 aio_context_acquire(aio_context);
5823 bdrv_invalidate_cache(bs, &local_err);
5824 aio_context_release(aio_context);
5825 if (local_err) {
5826 error_propagate(errp, local_err);
5827 bdrv_next_cleanup(&it);
5828 return;
5829 }
5830 }
5831 }
5832
5833 static bool bdrv_has_bds_parent(BlockDriverState *bs, bool only_active)
5834 {
5835 BdrvChild *parent;
5836
5837 QLIST_FOREACH(parent, &bs->parents, next_parent) {
5838 if (parent->klass->parent_is_bds) {
5839 BlockDriverState *parent_bs = parent->opaque;
5840 if (!only_active || !(parent_bs->open_flags & BDRV_O_INACTIVE)) {
5841 return true;
5842 }
5843 }
5844 }
5845
5846 return false;
5847 }
5848
5849 static int bdrv_inactivate_recurse(BlockDriverState *bs)
5850 {
5851 BdrvChild *child, *parent;
5852 bool tighten_restrictions;
5853 uint64_t perm, shared_perm;
5854 int ret;
5855
5856 if (!bs->drv) {
5857 return -ENOMEDIUM;
5858 }
5859
5860 /* Make sure that we don't inactivate a child before its parent.
5861 * It will be covered by recursion from the yet active parent. */
5862 if (bdrv_has_bds_parent(bs, true)) {
5863 return 0;
5864 }
5865
5866 assert(!(bs->open_flags & BDRV_O_INACTIVE));
5867
5868 /* Inactivate this node */
5869 if (bs->drv->bdrv_inactivate) {
5870 ret = bs->drv->bdrv_inactivate(bs);
5871 if (ret < 0) {
5872 return ret;
5873 }
5874 }
5875
5876 QLIST_FOREACH(parent, &bs->parents, next_parent) {
5877 if (parent->klass->inactivate) {
5878 ret = parent->klass->inactivate(parent);
5879 if (ret < 0) {
5880 return ret;
5881 }
5882 }
5883 }
5884
5885 bs->open_flags |= BDRV_O_INACTIVE;
5886
5887 /* Update permissions, they may differ for inactive nodes */
5888 bdrv_get_cumulative_perm(bs, &perm, &shared_perm);
5889 ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL,
5890 &tighten_restrictions, NULL);
5891 assert(tighten_restrictions == false);
5892 if (ret < 0) {
5893 /* We only tried to loosen restrictions, so errors are not fatal */
5894 bdrv_abort_perm_update(bs);
5895 } else {
5896 bdrv_set_perm(bs, perm, shared_perm);
5897 }
5898
5899
5900 /* Recursively inactivate children */
5901 QLIST_FOREACH(child, &bs->children, next) {
5902 ret = bdrv_inactivate_recurse(child->bs);
5903 if (ret < 0) {
5904 return ret;
5905 }
5906 }
5907
5908 return 0;
5909 }
5910
5911 int bdrv_inactivate_all(void)
5912 {
5913 BlockDriverState *bs = NULL;
5914 BdrvNextIterator it;
5915 int ret = 0;
5916 GSList *aio_ctxs = NULL, *ctx;
5917
5918 for (bs = bdrv_first(&it); bs; bs = bdrv_next(&it)) {
5919 AioContext *aio_context = bdrv_get_aio_context(bs);
5920
5921 if (!g_slist_find(aio_ctxs, aio_context)) {
5922 aio_ctxs = g_slist_prepend(aio_ctxs, aio_context);
5923 aio_context_acquire(aio_context);
5924 }
5925 }
5926
5927 for (bs = bdrv_first(&it); bs; bs = bdrv_next(&it)) {
5928 /* Nodes with BDS parents are covered by recursion from the last
5929 * parent that gets inactivated. Don't inactivate them a second
5930 * time if that has already happened. */
5931 if (bdrv_has_bds_parent(bs, false)) {
5932 continue;
5933 }
5934 ret = bdrv_inactivate_recurse(bs);
5935 if (ret < 0) {
5936 bdrv_next_cleanup(&it);
5937 goto out;
5938 }
5939 }
5940
5941 out:
5942 for (ctx = aio_ctxs; ctx != NULL; ctx = ctx->next) {
5943 AioContext *aio_context = ctx->data;
5944 aio_context_release(aio_context);
5945 }
5946 g_slist_free(aio_ctxs);
5947
5948 return ret;
5949 }
5950
5951 /**************************************************************/
5952 /* removable device support */
5953
5954 /**
5955 * Return TRUE if the media is present
5956 */
5957 bool bdrv_is_inserted(BlockDriverState *bs)
5958 {
5959 BlockDriver *drv = bs->drv;
5960 BdrvChild *child;
5961
5962 if (!drv) {
5963 return false;
5964 }
5965 if (drv->bdrv_is_inserted) {
5966 return drv->bdrv_is_inserted(bs);
5967 }
5968 QLIST_FOREACH(child, &bs->children, next) {
5969 if (!bdrv_is_inserted(child->bs)) {
5970 return false;
5971 }
5972 }
5973 return true;
5974 }
5975
5976 /**
5977 * If eject_flag is TRUE, eject the media. Otherwise, close the tray
5978 */
5979 void bdrv_eject(BlockDriverState *bs, bool eject_flag)
5980 {
5981 BlockDriver *drv = bs->drv;
5982
5983 if (drv && drv->bdrv_eject) {
5984 drv->bdrv_eject(bs, eject_flag);
5985 }
5986 }
5987
5988 /**
5989 * Lock or unlock the media (if it is locked, the user won't be able
5990 * to eject it manually).
5991 */
5992 void bdrv_lock_medium(BlockDriverState *bs, bool locked)
5993 {
5994 BlockDriver *drv = bs->drv;
5995
5996 trace_bdrv_lock_medium(bs, locked);
5997
5998 if (drv && drv->bdrv_lock_medium) {
5999 drv->bdrv_lock_medium(bs, locked);
6000 }
6001 }
6002
6003 /* Get a reference to bs */
6004 void bdrv_ref(BlockDriverState *bs)
6005 {
6006 bs->refcnt++;
6007 }
6008
6009 /* Release a previously grabbed reference to bs.
6010 * If after releasing, reference count is zero, the BlockDriverState is
6011 * deleted. */
6012 void bdrv_unref(BlockDriverState *bs)
6013 {
6014 if (!bs) {
6015 return;
6016 }
6017 assert(bs->refcnt > 0);
6018 if (--bs->refcnt == 0) {
6019 bdrv_delete(bs);
6020 }
6021 }
6022
6023 struct BdrvOpBlocker {
6024 Error *reason;
6025 QLIST_ENTRY(BdrvOpBlocker) list;
6026 };
6027
6028 bool bdrv_op_is_blocked(BlockDriverState *bs, BlockOpType op, Error **errp)
6029 {
6030 BdrvOpBlocker *blocker;
6031 assert((int) op >= 0 && op < BLOCK_OP_TYPE_MAX);
6032 if (!QLIST_EMPTY(&bs->op_blockers[op])) {
6033 blocker = QLIST_FIRST(&bs->op_blockers[op]);
6034 error_propagate_prepend(errp, error_copy(blocker->reason),
6035 "Node '%s' is busy: ",
6036 bdrv_get_device_or_node_name(bs));
6037 return true;
6038 }
6039 return false;
6040 }
6041
6042 void bdrv_op_block(BlockDriverState *bs, BlockOpType op, Error *reason)
6043 {
6044 BdrvOpBlocker *blocker;
6045 assert((int) op >= 0 && op < BLOCK_OP_TYPE_MAX);
6046
6047 blocker = g_new0(BdrvOpBlocker, 1);
6048 blocker->reason = reason;
6049 QLIST_INSERT_HEAD(&bs->op_blockers[op], blocker, list);
6050 }
6051
6052 void bdrv_op_unblock(BlockDriverState *bs, BlockOpType op, Error *reason)
6053 {
6054 BdrvOpBlocker *blocker, *next;
6055 assert((int) op >= 0 && op < BLOCK_OP_TYPE_MAX);
6056 QLIST_FOREACH_SAFE(blocker, &bs->op_blockers[op], list, next) {
6057 if (blocker->reason == reason) {
6058 QLIST_REMOVE(blocker, list);
6059 g_free(blocker);
6060 }
6061 }
6062 }
6063
6064 void bdrv_op_block_all(BlockDriverState *bs, Error *reason)
6065 {
6066 int i;
6067 for (i = 0; i < BLOCK_OP_TYPE_MAX; i++) {
6068 bdrv_op_block(bs, i, reason);
6069 }
6070 }
6071
6072 void bdrv_op_unblock_all(BlockDriverState *bs, Error *reason)
6073 {
6074 int i;
6075 for (i = 0; i < BLOCK_OP_TYPE_MAX; i++) {
6076 bdrv_op_unblock(bs, i, reason);
6077 }
6078 }
6079
6080 bool bdrv_op_blocker_is_empty(BlockDriverState *bs)
6081 {
6082 int i;
6083
6084 for (i = 0; i < BLOCK_OP_TYPE_MAX; i++) {
6085 if (!QLIST_EMPTY(&bs->op_blockers[i])) {
6086 return false;
6087 }
6088 }
6089 return true;
6090 }
6091
6092 void bdrv_img_create(const char *filename, const char *fmt,
6093 const char *base_filename, const char *base_fmt,
6094 char *options, uint64_t img_size, int flags, bool quiet,
6095 Error **errp)
6096 {
6097 QemuOptsList *create_opts = NULL;
6098 QemuOpts *opts = NULL;
6099 const char *backing_fmt, *backing_file;
6100 int64_t size;
6101 BlockDriver *drv, *proto_drv;
6102 Error *local_err = NULL;
6103 int ret = 0;
6104
6105 /* Find driver and parse its options */
6106 drv = bdrv_find_format(fmt);
6107 if (!drv) {
6108 error_setg(errp, "Unknown file format '%s'", fmt);
6109 return;
6110 }
6111
6112 proto_drv = bdrv_find_protocol(filename, true, errp);
6113 if (!proto_drv) {
6114 return;
6115 }
6116
6117 if (!drv->create_opts) {
6118 error_setg(errp, "Format driver '%s' does not support image creation",
6119 drv->format_name);
6120 return;
6121 }
6122
6123 if (!proto_drv->create_opts) {
6124 error_setg(errp, "Protocol driver '%s' does not support image creation",
6125 proto_drv->format_name);
6126 return;
6127 }
6128
6129 /* Create parameter list */
6130 create_opts = qemu_opts_append(create_opts, drv->create_opts);
6131 create_opts = qemu_opts_append(create_opts, proto_drv->create_opts);
6132
6133 opts = qemu_opts_create(create_opts, NULL, 0, &error_abort);
6134
6135 /* Parse -o options */
6136 if (options) {
6137 qemu_opts_do_parse(opts, options, NULL, &local_err);
6138 if (local_err) {
6139 goto out;
6140 }
6141 }
6142
6143 if (!qemu_opt_get(opts, BLOCK_OPT_SIZE)) {
6144 qemu_opt_set_number(opts, BLOCK_OPT_SIZE, img_size, &error_abort);
6145 } else if (img_size != UINT64_C(-1)) {
6146 error_setg(errp, "The image size must be specified only once");
6147 goto out;
6148 }
6149
6150 if (base_filename) {
6151 qemu_opt_set(opts, BLOCK_OPT_BACKING_FILE, base_filename, &local_err);
6152 if (local_err) {
6153 error_setg(errp, "Backing file not supported for file format '%s'",
6154 fmt);
6155 goto out;
6156 }
6157 }
6158
6159 if (base_fmt) {
6160 qemu_opt_set(opts, BLOCK_OPT_BACKING_FMT, base_fmt, &local_err);
6161 if (local_err) {
6162 error_setg(errp, "Backing file format not supported for file "
6163 "format '%s'", fmt);
6164 goto out;
6165 }
6166 }
6167
6168 backing_file = qemu_opt_get(opts, BLOCK_OPT_BACKING_FILE);
6169 if (backing_file) {
6170 if (!strcmp(filename, backing_file)) {
6171 error_setg(errp, "Error: Trying to create an image with the "
6172 "same filename as the backing file");
6173 goto out;
6174 }
6175 }
6176
6177 backing_fmt = qemu_opt_get(opts, BLOCK_OPT_BACKING_FMT);
6178
6179 /* The size for the image must always be specified, unless we have a backing
6180 * file and we have not been forbidden from opening it. */
6181 size = qemu_opt_get_size(opts, BLOCK_OPT_SIZE, img_size);
6182 if (backing_file && !(flags & BDRV_O_NO_BACKING)) {
6183 BlockDriverState *bs;
6184 char *full_backing;
6185 int back_flags;
6186 QDict *backing_options = NULL;
6187
6188 full_backing =
6189 bdrv_get_full_backing_filename_from_filename(filename, backing_file,
6190 &local_err);
6191 if (local_err) {
6192 goto out;
6193 }
6194 assert(full_backing);
6195
6196 /* backing files always opened read-only */
6197 back_flags = flags;
6198 back_flags &= ~(BDRV_O_RDWR | BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING);
6199
6200 backing_options = qdict_new();
6201 if (backing_fmt) {
6202 qdict_put_str(backing_options, "driver", backing_fmt);
6203 }
6204 qdict_put_bool(backing_options, BDRV_OPT_FORCE_SHARE, true);
6205
6206 bs = bdrv_open(full_backing, NULL, backing_options, back_flags,
6207 &local_err);
6208 g_free(full_backing);
6209 if (!bs && size != -1) {
6210 /* Couldn't open BS, but we have a size, so it's nonfatal */
6211 warn_reportf_err(local_err,
6212 "Could not verify backing image. "
6213 "This may become an error in future versions.\n");
6214 local_err = NULL;
6215 } else if (!bs) {
6216 /* Couldn't open bs, do not have size */
6217 error_append_hint(&local_err,
6218 "Could not open backing image to determine size.\n");
6219 goto out;
6220 } else {
6221 if (size == -1) {
6222 /* Opened BS, have no size */
6223 size = bdrv_getlength(bs);
6224 if (size < 0) {
6225 error_setg_errno(errp, -size, "Could not get size of '%s'",
6226 backing_file);
6227 bdrv_unref(bs);
6228 goto out;
6229 }
6230 qemu_opt_set_number(opts, BLOCK_OPT_SIZE, size, &error_abort);
6231 }
6232 bdrv_unref(bs);
6233 }
6234 } /* (backing_file && !(flags & BDRV_O_NO_BACKING)) */
6235
6236 if (size == -1) {
6237 error_setg(errp, "Image creation needs a size parameter");
6238 goto out;
6239 }
6240
6241 if (!quiet) {
6242 printf("Formatting '%s', fmt=%s ", filename, fmt);
6243 qemu_opts_print(opts, " ");
6244 puts("");
6245 }
6246
6247 ret = bdrv_create(drv, filename, opts, &local_err);
6248
6249 if (ret == -EFBIG) {
6250 /* This is generally a better message than whatever the driver would
6251 * deliver (especially because of the cluster_size_hint), since that
6252 * is most probably not much different from "image too large". */
6253 const char *cluster_size_hint = "";
6254 if (qemu_opt_get_size(opts, BLOCK_OPT_CLUSTER_SIZE, 0)) {
6255 cluster_size_hint = " (try using a larger cluster size)";
6256 }
6257 error_setg(errp, "The image size is too large for file format '%s'"
6258 "%s", fmt, cluster_size_hint);
6259 error_free(local_err);
6260 local_err = NULL;
6261 }
6262
6263 out:
6264 qemu_opts_del(opts);
6265 qemu_opts_free(create_opts);
6266 error_propagate(errp, local_err);
6267 }
6268
6269 AioContext *bdrv_get_aio_context(BlockDriverState *bs)
6270 {
6271 return bs ? bs->aio_context : qemu_get_aio_context();
6272 }
6273
6274 void bdrv_coroutine_enter(BlockDriverState *bs, Coroutine *co)
6275 {
6276 aio_co_enter(bdrv_get_aio_context(bs), co);
6277 }
6278
6279 static void bdrv_do_remove_aio_context_notifier(BdrvAioNotifier *ban)
6280 {
6281 QLIST_REMOVE(ban, list);
6282 g_free(ban);
6283 }
6284
6285 static void bdrv_detach_aio_context(BlockDriverState *bs)
6286 {
6287 BdrvAioNotifier *baf, *baf_tmp;
6288
6289 assert(!bs->walking_aio_notifiers);
6290 bs->walking_aio_notifiers = true;
6291 QLIST_FOREACH_SAFE(baf, &bs->aio_notifiers, list, baf_tmp) {
6292 if (baf->deleted) {
6293 bdrv_do_remove_aio_context_notifier(baf);
6294 } else {
6295 baf->detach_aio_context(baf->opaque);
6296 }
6297 }
6298 /* Never mind iterating again to check for ->deleted. bdrv_close() will
6299 * remove remaining aio notifiers if we aren't called again.
6300 */
6301 bs->walking_aio_notifiers = false;
6302
6303 if (bs->drv && bs->drv->bdrv_detach_aio_context) {
6304 bs->drv->bdrv_detach_aio_context(bs);
6305 }
6306
6307 if (bs->quiesce_counter) {
6308 aio_enable_external(bs->aio_context);
6309 }
6310 bs->aio_context = NULL;
6311 }
6312
6313 static void bdrv_attach_aio_context(BlockDriverState *bs,
6314 AioContext *new_context)
6315 {
6316 BdrvAioNotifier *ban, *ban_tmp;
6317
6318 if (bs->quiesce_counter) {
6319 aio_disable_external(new_context);
6320 }
6321
6322 bs->aio_context = new_context;
6323
6324 if (bs->drv && bs->drv->bdrv_attach_aio_context) {
6325 bs->drv->bdrv_attach_aio_context(bs, new_context);
6326 }
6327
6328 assert(!bs->walking_aio_notifiers);
6329 bs->walking_aio_notifiers = true;
6330 QLIST_FOREACH_SAFE(ban, &bs->aio_notifiers, list, ban_tmp) {
6331 if (ban->deleted) {
6332 bdrv_do_remove_aio_context_notifier(ban);
6333 } else {
6334 ban->attached_aio_context(new_context, ban->opaque);
6335 }
6336 }
6337 bs->walking_aio_notifiers = false;
6338 }
6339
6340 /*
6341 * Changes the AioContext used for fd handlers, timers, and BHs by this
6342 * BlockDriverState and all its children and parents.
6343 *
6344 * Must be called from the main AioContext.
6345 *
6346 * The caller must own the AioContext lock for the old AioContext of bs, but it
6347 * must not own the AioContext lock for new_context (unless new_context is the
6348 * same as the current context of bs).
6349 *
6350 * @ignore will accumulate all visited BdrvChild object. The caller is
6351 * responsible for freeing the list afterwards.
6352 */
6353 void bdrv_set_aio_context_ignore(BlockDriverState *bs,
6354 AioContext *new_context, GSList **ignore)
6355 {
6356 AioContext *old_context = bdrv_get_aio_context(bs);
6357 BdrvChild *child;
6358
6359 g_assert(qemu_get_current_aio_context() == qemu_get_aio_context());
6360
6361 if (old_context == new_context) {
6362 return;
6363 }
6364
6365 bdrv_drained_begin(bs);
6366
6367 QLIST_FOREACH(child, &bs->children, next) {
6368 if (g_slist_find(*ignore, child)) {
6369 continue;
6370 }
6371 *ignore = g_slist_prepend(*ignore, child);
6372 bdrv_set_aio_context_ignore(child->bs, new_context, ignore);
6373 }
6374 QLIST_FOREACH(child, &bs->parents, next_parent) {
6375 if (g_slist_find(*ignore, child)) {
6376 continue;
6377 }
6378 assert(child->klass->set_aio_ctx);
6379 *ignore = g_slist_prepend(*ignore, child);
6380 child->klass->set_aio_ctx(child, new_context, ignore);
6381 }
6382
6383 bdrv_detach_aio_context(bs);
6384
6385 /* Acquire the new context, if necessary */
6386 if (qemu_get_aio_context() != new_context) {
6387 aio_context_acquire(new_context);
6388 }
6389
6390 bdrv_attach_aio_context(bs, new_context);
6391
6392 /*
6393 * If this function was recursively called from
6394 * bdrv_set_aio_context_ignore(), there may be nodes in the
6395 * subtree that have not yet been moved to the new AioContext.
6396 * Release the old one so bdrv_drained_end() can poll them.
6397 */
6398 if (qemu_get_aio_context() != old_context) {
6399 aio_context_release(old_context);
6400 }
6401
6402 bdrv_drained_end(bs);
6403
6404 if (qemu_get_aio_context() != old_context) {
6405 aio_context_acquire(old_context);
6406 }
6407 if (qemu_get_aio_context() != new_context) {
6408 aio_context_release(new_context);
6409 }
6410 }
6411
6412 static bool bdrv_parent_can_set_aio_context(BdrvChild *c, AioContext *ctx,
6413 GSList **ignore, Error **errp)
6414 {
6415 if (g_slist_find(*ignore, c)) {
6416 return true;
6417 }
6418 *ignore = g_slist_prepend(*ignore, c);
6419
6420 /*
6421 * A BdrvChildClass that doesn't handle AioContext changes cannot
6422 * tolerate any AioContext changes
6423 */
6424 if (!c->klass->can_set_aio_ctx) {
6425 char *user = bdrv_child_user_desc(c);
6426 error_setg(errp, "Changing iothreads is not supported by %s", user);
6427 g_free(user);
6428 return false;
6429 }
6430 if (!c->klass->can_set_aio_ctx(c, ctx, ignore, errp)) {
6431 assert(!errp || *errp);
6432 return false;
6433 }
6434 return true;
6435 }
6436
6437 bool bdrv_child_can_set_aio_context(BdrvChild *c, AioContext *ctx,
6438 GSList **ignore, Error **errp)
6439 {
6440 if (g_slist_find(*ignore, c)) {
6441 return true;
6442 }
6443 *ignore = g_slist_prepend(*ignore, c);
6444 return bdrv_can_set_aio_context(c->bs, ctx, ignore, errp);
6445 }
6446
6447 /* @ignore will accumulate all visited BdrvChild object. The caller is
6448 * responsible for freeing the list afterwards. */
6449 bool bdrv_can_set_aio_context(BlockDriverState *bs, AioContext *ctx,
6450 GSList **ignore, Error **errp)
6451 {
6452 BdrvChild *c;
6453
6454 if (bdrv_get_aio_context(bs) == ctx) {
6455 return true;
6456 }
6457
6458 QLIST_FOREACH(c, &bs->parents, next_parent) {
6459 if (!bdrv_parent_can_set_aio_context(c, ctx, ignore, errp)) {
6460 return false;
6461 }
6462 }
6463 QLIST_FOREACH(c, &bs->children, next) {
6464 if (!bdrv_child_can_set_aio_context(c, ctx, ignore, errp)) {
6465 return false;
6466 }
6467 }
6468
6469 return true;
6470 }
6471
6472 int bdrv_child_try_set_aio_context(BlockDriverState *bs, AioContext *ctx,
6473 BdrvChild *ignore_child, Error **errp)
6474 {
6475 GSList *ignore;
6476 bool ret;
6477
6478 ignore = ignore_child ? g_slist_prepend(NULL, ignore_child) : NULL;
6479 ret = bdrv_can_set_aio_context(bs, ctx, &ignore, errp);
6480 g_slist_free(ignore);
6481
6482 if (!ret) {
6483 return -EPERM;
6484 }
6485
6486 ignore = ignore_child ? g_slist_prepend(NULL, ignore_child) : NULL;
6487 bdrv_set_aio_context_ignore(bs, ctx, &ignore);
6488 g_slist_free(ignore);
6489
6490 return 0;
6491 }
6492
6493 int bdrv_try_set_aio_context(BlockDriverState *bs, AioContext *ctx,
6494 Error **errp)
6495 {
6496 return bdrv_child_try_set_aio_context(bs, ctx, NULL, errp);
6497 }
6498
6499 void bdrv_add_aio_context_notifier(BlockDriverState *bs,
6500 void (*attached_aio_context)(AioContext *new_context, void *opaque),
6501 void (*detach_aio_context)(void *opaque), void *opaque)
6502 {
6503 BdrvAioNotifier *ban = g_new(BdrvAioNotifier, 1);
6504 *ban = (BdrvAioNotifier){
6505 .attached_aio_context = attached_aio_context,
6506 .detach_aio_context = detach_aio_context,
6507 .opaque = opaque
6508 };
6509
6510 QLIST_INSERT_HEAD(&bs->aio_notifiers, ban, list);
6511 }
6512
6513 void bdrv_remove_aio_context_notifier(BlockDriverState *bs,
6514 void (*attached_aio_context)(AioContext *,
6515 void *),
6516 void (*detach_aio_context)(void *),
6517 void *opaque)
6518 {
6519 BdrvAioNotifier *ban, *ban_next;
6520
6521 QLIST_FOREACH_SAFE(ban, &bs->aio_notifiers, list, ban_next) {
6522 if (ban->attached_aio_context == attached_aio_context &&
6523 ban->detach_aio_context == detach_aio_context &&
6524 ban->opaque == opaque &&
6525 ban->deleted == false)
6526 {
6527 if (bs->walking_aio_notifiers) {
6528 ban->deleted = true;
6529 } else {
6530 bdrv_do_remove_aio_context_notifier(ban);
6531 }
6532 return;
6533 }
6534 }
6535
6536 abort();
6537 }
6538
6539 int bdrv_amend_options(BlockDriverState *bs, QemuOpts *opts,
6540 BlockDriverAmendStatusCB *status_cb, void *cb_opaque,
6541 Error **errp)
6542 {
6543 if (!bs->drv) {
6544 error_setg(errp, "Node is ejected");
6545 return -ENOMEDIUM;
6546 }
6547 if (!bs->drv->bdrv_amend_options) {
6548 error_setg(errp, "Block driver '%s' does not support option amendment",
6549 bs->drv->format_name);
6550 return -ENOTSUP;
6551 }
6552 return bs->drv->bdrv_amend_options(bs, opts, status_cb, cb_opaque, errp);
6553 }
6554
6555 /*
6556 * This function checks whether the given @to_replace is allowed to be
6557 * replaced by a node that always shows the same data as @bs. This is
6558 * used for example to verify whether the mirror job can replace
6559 * @to_replace by the target mirrored from @bs.
6560 * To be replaceable, @bs and @to_replace may either be guaranteed to
6561 * always show the same data (because they are only connected through
6562 * filters), or some driver may allow replacing one of its children
6563 * because it can guarantee that this child's data is not visible at
6564 * all (for example, for dissenting quorum children that have no other
6565 * parents).
6566 */
6567 bool bdrv_recurse_can_replace(BlockDriverState *bs,
6568 BlockDriverState *to_replace)
6569 {
6570 if (!bs || !bs->drv) {
6571 return false;
6572 }
6573
6574 if (bs == to_replace) {
6575 return true;
6576 }
6577
6578 /* See what the driver can do */
6579 if (bs->drv->bdrv_recurse_can_replace) {
6580 return bs->drv->bdrv_recurse_can_replace(bs, to_replace);
6581 }
6582
6583 /* For filters without an own implementation, we can recurse on our own */
6584 if (bs->drv->is_filter) {
6585 BdrvChild *child = bs->file ?: bs->backing;
6586 return bdrv_recurse_can_replace(child->bs, to_replace);
6587 }
6588
6589 /* Safe default */
6590 return false;
6591 }
6592
6593 /*
6594 * Check whether the given @node_name can be replaced by a node that
6595 * has the same data as @parent_bs. If so, return @node_name's BDS;
6596 * NULL otherwise.
6597 *
6598 * @node_name must be a (recursive) *child of @parent_bs (or this
6599 * function will return NULL).
6600 *
6601 * The result (whether the node can be replaced or not) is only valid
6602 * for as long as no graph or permission changes occur.
6603 */
6604 BlockDriverState *check_to_replace_node(BlockDriverState *parent_bs,
6605 const char *node_name, Error **errp)
6606 {
6607 BlockDriverState *to_replace_bs = bdrv_find_node(node_name);
6608 AioContext *aio_context;
6609
6610 if (!to_replace_bs) {
6611 error_setg(errp, "Node name '%s' not found", node_name);
6612 return NULL;
6613 }
6614
6615 aio_context = bdrv_get_aio_context(to_replace_bs);
6616 aio_context_acquire(aio_context);
6617
6618 if (bdrv_op_is_blocked(to_replace_bs, BLOCK_OP_TYPE_REPLACE, errp)) {
6619 to_replace_bs = NULL;
6620 goto out;
6621 }
6622
6623 /* We don't want arbitrary node of the BDS chain to be replaced only the top
6624 * most non filter in order to prevent data corruption.
6625 * Another benefit is that this tests exclude backing files which are
6626 * blocked by the backing blockers.
6627 */
6628 if (!bdrv_recurse_can_replace(parent_bs, to_replace_bs)) {
6629 error_setg(errp, "Cannot replace '%s' by a node mirrored from '%s', "
6630 "because it cannot be guaranteed that doing so would not "
6631 "lead to an abrupt change of visible data",
6632 node_name, parent_bs->node_name);
6633 to_replace_bs = NULL;
6634 goto out;
6635 }
6636
6637 out:
6638 aio_context_release(aio_context);
6639 return to_replace_bs;
6640 }
6641
6642 /**
6643 * Iterates through the list of runtime option keys that are said to
6644 * be "strong" for a BDS. An option is called "strong" if it changes
6645 * a BDS's data. For example, the null block driver's "size" and
6646 * "read-zeroes" options are strong, but its "latency-ns" option is
6647 * not.
6648 *
6649 * If a key returned by this function ends with a dot, all options
6650 * starting with that prefix are strong.
6651 */
6652 static const char *const *strong_options(BlockDriverState *bs,
6653 const char *const *curopt)
6654 {
6655 static const char *const global_options[] = {
6656 "driver", "filename", NULL
6657 };
6658
6659 if (!curopt) {
6660 return &global_options[0];
6661 }
6662
6663 curopt++;
6664 if (curopt == &global_options[ARRAY_SIZE(global_options) - 1] && bs->drv) {
6665 curopt = bs->drv->strong_runtime_opts;
6666 }
6667
6668 return (curopt && *curopt) ? curopt : NULL;
6669 }
6670
6671 /**
6672 * Copies all strong runtime options from bs->options to the given
6673 * QDict. The set of strong option keys is determined by invoking
6674 * strong_options().
6675 *
6676 * Returns true iff any strong option was present in bs->options (and
6677 * thus copied to the target QDict) with the exception of "filename"
6678 * and "driver". The caller is expected to use this value to decide
6679 * whether the existence of strong options prevents the generation of
6680 * a plain filename.
6681 */
6682 static bool append_strong_runtime_options(QDict *d, BlockDriverState *bs)
6683 {
6684 bool found_any = false;
6685 const char *const *option_name = NULL;
6686
6687 if (!bs->drv) {
6688 return false;
6689 }
6690
6691 while ((option_name = strong_options(bs, option_name))) {
6692 bool option_given = false;
6693
6694 assert(strlen(*option_name) > 0);
6695 if ((*option_name)[strlen(*option_name) - 1] != '.') {
6696 QObject *entry = qdict_get(bs->options, *option_name);
6697 if (!entry) {
6698 continue;
6699 }
6700
6701 qdict_put_obj(d, *option_name, qobject_ref(entry));
6702 option_given = true;
6703 } else {
6704 const QDictEntry *entry;
6705 for (entry = qdict_first(bs->options); entry;
6706 entry = qdict_next(bs->options, entry))
6707 {
6708 if (strstart(qdict_entry_key(entry), *option_name, NULL)) {
6709 qdict_put_obj(d, qdict_entry_key(entry),
6710 qobject_ref(qdict_entry_value(entry)));
6711 option_given = true;
6712 }
6713 }
6714 }
6715
6716 /* While "driver" and "filename" need to be included in a JSON filename,
6717 * their existence does not prohibit generation of a plain filename. */
6718 if (!found_any && option_given &&
6719 strcmp(*option_name, "driver") && strcmp(*option_name, "filename"))
6720 {
6721 found_any = true;
6722 }
6723 }
6724
6725 if (!qdict_haskey(d, "driver")) {
6726 /* Drivers created with bdrv_new_open_driver() may not have a
6727 * @driver option. Add it here. */
6728 qdict_put_str(d, "driver", bs->drv->format_name);
6729 }
6730
6731 return found_any;
6732 }
6733
6734 /* Note: This function may return false positives; it may return true
6735 * even if opening the backing file specified by bs's image header
6736 * would result in exactly bs->backing. */
6737 static bool bdrv_backing_overridden(BlockDriverState *bs)
6738 {
6739 if (bs->backing) {
6740 return strcmp(bs->auto_backing_file,
6741 bs->backing->bs->filename);
6742 } else {
6743 /* No backing BDS, so if the image header reports any backing
6744 * file, it must have been suppressed */
6745 return bs->auto_backing_file[0] != '\0';
6746 }
6747 }
6748
6749 /* Updates the following BDS fields:
6750 * - exact_filename: A filename which may be used for opening a block device
6751 * which (mostly) equals the given BDS (even without any
6752 * other options; so reading and writing must return the same
6753 * results, but caching etc. may be different)
6754 * - full_open_options: Options which, when given when opening a block device
6755 * (without a filename), result in a BDS (mostly)
6756 * equalling the given one
6757 * - filename: If exact_filename is set, it is copied here. Otherwise,
6758 * full_open_options is converted to a JSON object, prefixed with
6759 * "json:" (for use through the JSON pseudo protocol) and put here.
6760 */
6761 void bdrv_refresh_filename(BlockDriverState *bs)
6762 {
6763 BlockDriver *drv = bs->drv;
6764 BdrvChild *child;
6765 QDict *opts;
6766 bool backing_overridden;
6767 bool generate_json_filename; /* Whether our default implementation should
6768 fill exact_filename (false) or not (true) */
6769
6770 if (!drv) {
6771 return;
6772 }
6773
6774 /* This BDS's file name may depend on any of its children's file names, so
6775 * refresh those first */
6776 QLIST_FOREACH(child, &bs->children, next) {
6777 bdrv_refresh_filename(child->bs);
6778 }
6779
6780 if (bs->implicit) {
6781 /* For implicit nodes, just copy everything from the single child */
6782 child = QLIST_FIRST(&bs->children);
6783 assert(QLIST_NEXT(child, next) == NULL);
6784
6785 pstrcpy(bs->exact_filename, sizeof(bs->exact_filename),
6786 child->bs->exact_filename);
6787 pstrcpy(bs->filename, sizeof(bs->filename), child->bs->filename);
6788
6789 qobject_unref(bs->full_open_options);
6790 bs->full_open_options = qobject_ref(child->bs->full_open_options);
6791
6792 return;
6793 }
6794
6795 backing_overridden = bdrv_backing_overridden(bs);
6796
6797 if (bs->open_flags & BDRV_O_NO_IO) {
6798 /* Without I/O, the backing file does not change anything.
6799 * Therefore, in such a case (primarily qemu-img), we can
6800 * pretend the backing file has not been overridden even if
6801 * it technically has been. */
6802 backing_overridden = false;
6803 }
6804
6805 /* Gather the options QDict */
6806 opts = qdict_new();
6807 generate_json_filename = append_strong_runtime_options(opts, bs);
6808 generate_json_filename |= backing_overridden;
6809
6810 if (drv->bdrv_gather_child_options) {
6811 /* Some block drivers may not want to present all of their children's
6812 * options, or name them differently from BdrvChild.name */
6813 drv->bdrv_gather_child_options(bs, opts, backing_overridden);
6814 } else {
6815 QLIST_FOREACH(child, &bs->children, next) {
6816 if (child == bs->backing && !backing_overridden) {
6817 /* We can skip the backing BDS if it has not been overridden */
6818 continue;
6819 }
6820
6821 qdict_put(opts, child->name,
6822 qobject_ref(child->bs->full_open_options));
6823 }
6824
6825 if (backing_overridden && !bs->backing) {
6826 /* Force no backing file */
6827 qdict_put_null(opts, "backing");
6828 }
6829 }
6830
6831 qobject_unref(bs->full_open_options);
6832 bs->full_open_options = opts;
6833
6834 if (drv->bdrv_refresh_filename) {
6835 /* Obsolete information is of no use here, so drop the old file name
6836 * information before refreshing it */
6837 bs->exact_filename[0] = '\0';
6838
6839 drv->bdrv_refresh_filename(bs);
6840 } else if (bs->file) {
6841 /* Try to reconstruct valid information from the underlying file */
6842
6843 bs->exact_filename[0] = '\0';
6844
6845 /*
6846 * We can use the underlying file's filename if:
6847 * - it has a filename,
6848 * - the file is a protocol BDS, and
6849 * - opening that file (as this BDS's format) will automatically create
6850 * the BDS tree we have right now, that is:
6851 * - the user did not significantly change this BDS's behavior with
6852 * some explicit (strong) options
6853 * - no non-file child of this BDS has been overridden by the user
6854 * Both of these conditions are represented by generate_json_filename.
6855 */
6856 if (bs->file->bs->exact_filename[0] &&
6857 bs->file->bs->drv->bdrv_file_open &&
6858 !generate_json_filename)
6859 {
6860 strcpy(bs->exact_filename, bs->file->bs->exact_filename);
6861 }
6862 }
6863
6864 if (bs->exact_filename[0]) {
6865 pstrcpy(bs->filename, sizeof(bs->filename), bs->exact_filename);
6866 } else {
6867 QString *json = qobject_to_json(QOBJECT(bs->full_open_options));
6868 snprintf(bs->filename, sizeof(bs->filename), "json:%s",
6869 qstring_get_str(json));
6870 qobject_unref(json);
6871 }
6872 }
6873
6874 char *bdrv_dirname(BlockDriverState *bs, Error **errp)
6875 {
6876 BlockDriver *drv = bs->drv;
6877
6878 if (!drv) {
6879 error_setg(errp, "Node '%s' is ejected", bs->node_name);
6880 return NULL;
6881 }
6882
6883 if (drv->bdrv_dirname) {
6884 return drv->bdrv_dirname(bs, errp);
6885 }
6886
6887 if (bs->file) {
6888 return bdrv_dirname(bs->file->bs, errp);
6889 }
6890
6891 bdrv_refresh_filename(bs);
6892 if (bs->exact_filename[0] != '\0') {
6893 return path_combine(bs->exact_filename, "");
6894 }
6895
6896 error_setg(errp, "Cannot generate a base directory for %s nodes",
6897 drv->format_name);
6898 return NULL;
6899 }
6900
6901 /*
6902 * Hot add/remove a BDS's child. So the user can take a child offline when
6903 * it is broken and take a new child online
6904 */
6905 void bdrv_add_child(BlockDriverState *parent_bs, BlockDriverState *child_bs,
6906 Error **errp)
6907 {
6908
6909 if (!parent_bs->drv || !parent_bs->drv->bdrv_add_child) {
6910 error_setg(errp, "The node %s does not support adding a child",
6911 bdrv_get_device_or_node_name(parent_bs));
6912 return;
6913 }
6914
6915 if (!QLIST_EMPTY(&child_bs->parents)) {
6916 error_setg(errp, "The node %s already has a parent",
6917 child_bs->node_name);
6918 return;
6919 }
6920
6921 parent_bs->drv->bdrv_add_child(parent_bs, child_bs, errp);
6922 }
6923
6924 void bdrv_del_child(BlockDriverState *parent_bs, BdrvChild *child, Error **errp)
6925 {
6926 BdrvChild *tmp;
6927
6928 if (!parent_bs->drv || !parent_bs->drv->bdrv_del_child) {
6929 error_setg(errp, "The node %s does not support removing a child",
6930 bdrv_get_device_or_node_name(parent_bs));
6931 return;
6932 }
6933
6934 QLIST_FOREACH(tmp, &parent_bs->children, next) {
6935 if (tmp == child) {
6936 break;
6937 }
6938 }
6939
6940 if (!tmp) {
6941 error_setg(errp, "The node %s does not have a child named %s",
6942 bdrv_get_device_or_node_name(parent_bs),
6943 bdrv_get_device_or_node_name(child->bs));
6944 return;
6945 }
6946
6947 parent_bs->drv->bdrv_del_child(parent_bs, child, errp);
6948 }
6949
6950 int bdrv_make_empty(BdrvChild *c, Error **errp)
6951 {
6952 BlockDriver *drv = c->bs->drv;
6953 int ret;
6954
6955 assert(c->perm & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED));
6956
6957 if (!drv->bdrv_make_empty) {
6958 error_setg(errp, "%s does not support emptying nodes",
6959 drv->format_name);
6960 return -ENOTSUP;
6961 }
6962
6963 ret = drv->bdrv_make_empty(c->bs);
6964 if (ret < 0) {
6965 error_setg_errno(errp, -ret, "Failed to empty %s",
6966 c->bs->filename);
6967 return ret;
6968 }
6969
6970 return 0;
6971 }
QEMU mirror