aboutsummaryrefslogtreecommitdiff
path: root/block.c
AgeCommit message (Collapse)AuthorFilesLines
2012-06-15block: Replace bdrv_get_format() by bdrv_get_format_name()Markus Armbruster1-7/+4
So callers don't need to know anything about maximum name length. Returning a pointer is safe, because the name string lives as long as the block driver it names, and block drivers don't die. Requested by Peter Maydell. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-06-15block: always open drivers in writeback modePaolo Bonzini1-1/+2
Formats are entirely in charge of flushes for metadata writes. For guest-initiated writes, a writethrough cache is faked in the block layer. So we can always open in writeback mode. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-06-15block: add bdrv_set_enable_write_cachePaolo Bonzini1-0/+5
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-06-15block: copy enable_write_cache in bdrv_appendPaolo Bonzini1-0/+2
Because the guest will be able to flip enable_write_cache, the actual state may not match what is used to open the new snapshot. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-06-15block: flush in writethrough mode after writesPaolo Bonzini1-2/+9
We want to make the formats handle their own flushes autonomously, while keeping for guests the ability to use a writethrough cache. Since formats will write metadata via bs->file, bdrv_co_do_writev is the only place where we need to add a flush. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-06-15block: New bdrv_get_flags()Markus Armbruster1-0/+5
Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-06-15qemu-img check -r for repairing imagesKevin Wolf1-2/+2
The QED block driver already provides the functionality to not only detect inconsistencies in images, but also fix them. However, this functionality cannot be manually invoked with qemu-img, but the check happens only automatically during bdrv_open(). This adds a -r switch to qemu-img check that allows manual invocation of an image repair. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-06-15stream: move is_allocated_above to block.cPaolo Bonzini1-0/+49
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-30block: prevent snapshot mode $TMPDIR symlink attackJim Meyering1-13/+24
In snapshot mode, bdrv_open creates an empty temporary file without checking for mkstemp or close failure, and ignoring the possibility of a buffer overrun given a surprisingly long $TMPDIR. Change the get_tmp_filename function to return int (not void), so that it can inform its two callers of those failures. Also avoid the risk of buffer overrun and do not ignore mkstemp or close failure. Update both callers (in block.c and vvfat.c) to propagate temp-file-creation failure to their callers. get_tmp_filename creates and closes an empty file, while its callers later open that presumed-existing file with O_CREAT. The problem was that a malicious user could provoke mkstemp failure and race to create a symlink with the selected temporary file name, thus causing the qemu process (usually root owned) to open through the symlink, overwriting an attacker-chosen file. This addresses CVE-2012-2652. http://bugzilla.redhat.com/CVE-2012-2652 Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Jim Meyering <meyering@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-05-10qemu-img: make "info" backing file output correct and easier to usePaolo Bonzini1-8/+11
qemu-img info should use the same logic as qemu when printing the backing file path, or debugging becomes quite tricky. We can also simplify the output in case the backing file has an absolute path or a protocol. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-10block: move field reset from bdrv_open_common to bdrv_closePaolo Bonzini1-7/+6
bdrv_close should leave fields in the same state as bdrv_new. It is not up to bdrv_open_common to fix the mess. Also, backing_format was not being re-initialized. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-10block: protect path_has_protocol from filenames with colonsPaolo Bonzini1-1/+6
path_has_protocol will erroneously return "true" if the colon is part of a filename. These names are common with stable device names produced by udev. We cannot fully protect against this in case the filename does not have a path component (e.g. if the current directory is /dev/disk/by-path), but in the common case there will be a slash before and path_has_protocol can easily detect that and return false. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-10block: simplify path_is_absolutePaolo Bonzini1-11/+4
On Windows, all the logic is already in is_windows_drive and is_windows_drive_prefix. On POSIX, there is no need to look out for colons. The win32 code changes the behaviour in some cases, we could have something like "d:foo.img". The old code would treat it as relative path, the new one as absolute. Now the path is absolute, because to go from c:/program files/blah to d:foo.img you cannot say c:/program files/blah/d:foo.img. You have to say d:foo.img. But you could also say it's relative because (I think, at least it was like that in DOS 15 years ago) d:foo.img is relative to the current path of drive D. Considering how path_is_absolute is used by path_combine, I think it's better to treat it as absolute. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-10block: wait for job callback in block_job_cancel_syncPaolo Bonzini1-2/+34
The limitation on not having I/O after cancellation cannot really be kept. Even streaming has a very small race window where you could cancel a job and have it report completion. If this window is hit, bdrv_change_backing_file() will yield and possibly cause accesses to dangling pointers etc. So, let's just assume that we cannot know exactly what will happen after the coroutine has set busy to false. We can set a very lax condition: - if we cancel the job, the coroutine won't set it to false again (and hence will not call co_sleep_ns again). - block_job_cancel_sync will wait for the coroutine to exit, which pretty much ensures no race. Instead, we track the coroutine that executes the job and put very strict conditions on what to do while it is quiescent (busy = false). First of all, the coroutine must never set busy = false while the job has been cancelled. Second, the coroutine can be reentered arbitrarily while it is quiescent, so you cannot really do anything but co_sleep_ns at that time. This condition is obeyed by the block_job_sleep_ns function. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-10block: add block_job_sleep_nsPaolo Bonzini1-0/+11
This function abstracts the pretty complex semantics of the "busy" member of BlockJob. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-10block: fully delete bs->file when closingPaolo Bonzini1-4/+2
We are reusing bs->file across close/open, which may not cause any known bugs but is a recipe for trouble. Prefer bdrv_delete, and enjoy the new invariant in the implementation of bdrv_delete. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-10block: do not reuse the backing file across bdrv_close/bdrv_openPaolo Bonzini1-0/+2
This is another bug caused by not doing a full cleanup of the BDS across close/open. This was found with mirroring by Shaolong Hu, but it can probably be reproduced also with eject or change. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-10block: another bdrv_append fixPaolo Bonzini1-0/+1
bdrv_append must also copy open_flags to the top, because the snapshot has BDRV_O_NO_BACKING set. This causes interesting results if you later use drive-reopen (not upstream) to reopen the image, and lose the backing file in the process. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-10block: fix snapshot on QEDPaolo Bonzini1-0/+10
QED's opaque data includes a pointer back to the BlockDriverState. This breaks when bdrv_append shuffles data between bs_new and bs_top. To avoid this, add a "rebind" function that tells the driver about the new relationship between the BlockDriverState and its opaque. The patch also adds rebind to VVFAT for completeness, even though it is not used with live snapshots. Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-10block: fix allocation size for dirty bitmapPaolo Bonzini1-5/+7
Also reuse elsewhere the new constant for sizeof(unsigned long) * 8. The dirty bitmap is allocated in bits but declared as unsigned long. Thus, its memory block is accessed beyond its end unless the image is a multiple of 64 chunks (i.e. a multiple of 64 MB). Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-10block: open backing file as read-only when probing for sizePaolo Bonzini1-1/+6
bdrv_img_create will temporarily open the backing file to probe its size. However, this could be done with a read-write open if the wrong flags are passed to bdrv_img_create. Since there is really no documentation on what flags can be passed, assume that bdrv_img_create receives the flags with which the new image will be opened; sanitize them when opening the backing file. Reported-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-10block: update in-memory backing file and formatPaolo Bonzini1-2/+9
These are needed to print "info block" output correctly. QCOW2 does this because it needs it to write the header, but QED does not, and common code is the right place to do it. Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-10block: push bdrv_change_backing_file error checking up from driversPaolo Bonzini1-0/+5
This check applies to all drivers, but QED lacks it. Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-10block: add the support to drain throttled requestsZhi Yong Wu1-1/+20
Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com> [ Iterate until all block devices have processed all requests, add comments. - Paolo ] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-05-07block: make bdrv_create adopt coroutineZhi Yong Wu1-2/+42
The current qemu.git introduces failure with preallocation and some sizes: qemu-img create -f qcow2 new.img 976563K -o preallocation=metadata qemu-img: qemu-coroutine-lock.c:111: qemu_co_mutex_unlock: Assertion `mutex->locked == 1' failed. And lock needs to work in coroutine context. So to fix this issue, we need to make bdrv_create adopt coroutine at first. Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-04-27block: add 'speed' optional parameter to block-streamStefan Hajnoczi1-2/+16
Allow streaming operations to be started with an initial speed limit. This eliminates the window of time between starting streaming and issuing block-job-set-speed. Users should use the new optional 'speed' parameter instead so that speed limits are in effect immediately when the job starts. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Acked-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2012-04-27block: change block-job-set-speed argument from 'value' to 'speed'Stefan Hajnoczi1-3/+3
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Acked-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2012-04-27block: use Error mechanism instead of -errno for block_job_set_speed()Stefan Hajnoczi1-7/+10
There are at least two different errors that can occur in block_job_set_speed(): the job might not support setting speeds or the value might be invalid. Use the Error mechanism to report the error where it occurs. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Acked-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2012-04-27block: use Error mechanism instead of -errno for block_job_create()Stefan Hajnoczi1-1/+3
The block job API uses -errno return values internally and we convert these to Error in the QMP functions. This is ugly because the Error should be created at the point where we still have all the relevant information. More importantly, it is hard to add new error cases to this case since we quickly run out of -errno values without losing information. Go ahead and use Error directly and don't convert later. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Acked-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2012-04-20qcow2: Zero write supportKevin Wolf1-3/+11
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-04-20qemu-img: let 'qemu-img convert' flush dataLiu Yuan1-0/+1
The 'qemu-img convert -h' advertise that the default cache mode is 'writeback', while in fact it is 'unsafe'. This patch 1) fix the help manual and 2) let bdrv_close() call bdrv_flush() 2) is needed because some backend storage doesn't have a self-flush mechanism(for e.g., sheepdog), so we need to call bdrv_flush() to make sure the image is really writen to the storage instead of hanging around writeback cache forever. Signed-off-by: Liu Yuan <tailai.ly@taobao.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-04-19block: Drain requests in bdrv_closeKevin Wolf1-0/+2
If an AIO request is in flight that refers to a BlockDriverState that has been closed and possibly even freed, more or less anything could happen. I have seen segfaults, -EBADF return values and qcow2 sometimes actually catches the situation in bdrv_close() and abort()s. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
2012-04-05block: add a function to clear incoming live migration flagsBenoît Canet1-0/+9
This function will clear all BDRV_O_INCOMING flags. Signed-off-by: Benoit Canet <benoit.canet@gmail.com> Reviewed-by: Stefan Hajnoczi <stefanha@gmail.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-04-05block: bdrv_append() fixesJeff Cody1-2/+11
A few fixups for bdrv_append(): The new bs (bs_new) passed into bdrv_append() should be anonymous. Rather than call bdrv_make_anon() to enforce this, use an assert to catch when a caller is passing in a bs_new that is not anonymous. Also, the new top layer should have its backing_format reflect the original top's format. And last, after the swap of bs contents, the device_name will have been copied down. This needs to be cleared to reflect the anonymity of the bs that was pushed down. Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-04-05block: set job->speed in block_set_speedPaolo Bonzini1-1/+7
There is no need to do this in every implementation of set_speed (even though there is only one right now). Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-04-05block: fix streaming/closing racePaolo Bonzini1-0/+16
Streaming can issue I/O while qcow2_close is running. This causes the L2 caches to become very confused or, alternatively, could cause a segfault when the streaming coroutine is reentered after closing its block device. The fix is to cancel streaming jobs when closing their underlying device. The cancellation must be synchronous, on the other hand qemu_aio_wait will not restart a coroutine that is sleeping in co_sleep. So add a flag saying whether streaming has in-flight I/O. If the busy flag is false, the coroutine is quiescent and, when cancelled, will not issue any new I/O. This protects streaming against closing, but not against deleting. We have a reference count protecting us against concurrent deletion, but I still added an assertion to ensure nothing bad happens. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-04-05block: disable I/O throttling on sync apiZhi Yong Wu1-0/+20
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-04-05block: push recursive flushing up from driversPaolo Bonzini1-8/+14
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-03-12block: handle -EBUSY in bdrv_commit_all()Stefan Hajnoczi1-2/+6
Monitor operations that manipulate image files must not execute while a background job (like image streaming) is in progress. This prevents corruptions from happening when two pieces of code are manipulating the image file without knowledge of each other. The monitor "commit" command raises QERR_DEVICE_IN_USE when bdrv_commit() returns -EBUSY but "commit all" has no error handling. This is easy to fix, although note that we do not deliver a detailed error about which device was busy in the "commit all" case. Suggested-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-02-29qapi: Introduce blockdev-group-snapshot-sync commandJeff Cody1-0/+81
This is a QAPI/QMP only command to take a snapshot of a group of devices. This is similar to the blockdev-snapshot-sync command, except blockdev-group-snapshot-sync accepts a list devices, filenames, and formats. It is attempted to keep the snapshot of the group atomic; if the creation or open of any of the new snapshots fails, then all of the new snapshots are abandoned, and the name of the snapshot image that failed is returned. The failure case should not interrupt any operations. Rather than use bdrv_close() along with a subsequent bdrv_open() to perform the pivot, the original image is never closed and the new image is placed 'in front' of the original image via manipulation of the BlockDriverState fields. Thus, once the new snapshot image has been successfully created, there are no more failure points before pivoting to the new snapshot. This allows the group of disks to remain consistent with each other, even across snapshot failures. Signed-off-by: Jeff Cody <jcody@redhat.com> Acked-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-02-29block: drop aio_multiwrite in BlockDriverPaolo Bonzini1-20/+3
These were never used. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-02-29block: add a transfer rate for floppy typesHervé Poussineau1-35/+39
Floppies must be read at a specific transfer rate, depending of its own format. Update floppy description table to include required transfer rate. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-02-22qmp: add DEVICE_TRAY_MOVED eventLuiz Capitulino1-0/+24
It's emitted whenever the tray is moved by the guest or by HMP/QMP commands. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Acked-by: Kevin Wolf <kwolf@redhat.com>
2012-02-22block: bdrv_eject(): Make eject_flag a real boolLuiz Capitulino1-1/+1
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Acked-by: Kevin Wolf <kwolf@redhat.com>
2012-02-22block: Rename bdrv_mon_event() & BlockMonEventActionLuiz Capitulino1-29/+29
They are QMP events, not monitor events. Rename them accordingly. Also, move bdrv_emit_qmp_error_event() up in the file. A new event will be added soon and it's good to have them next each other. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Acked-by: Kevin Wolf <kwolf@redhat.com>
2012-02-09block: perform zero-detection during copy-on-readStefan Hajnoczi1-3/+11
Copy-on-Read populates the image file with data read from a backing image. In order to avoid bloating the image file when all zeroes are read we should scan the buffer and perform an optimized zero write operation. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-02-09block: add .bdrv_co_write_zeroes() interfaceStefan Hajnoczi1-6/+47
The ability to zero regions of an image file is a useful primitive for higher-level features such as image streaming or zero write detection. Image formats may support an optimized metadata representation instead of writing zeroes into the image file. This allows zero writes to be potentially faster than regular write operations and also preserve sparseness of the image file. The .bdrv_co_write_zeroes() interface should be implemented by block drivers that wish to provide efficient zeroing. Note that this operation is different from the discard operation, which may leave the contents of the region indeterminate. That means discarded blocks are not guaranteed to contain zeroes and may contain junk data instead. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-01-26block: add bdrv_find_backing_imageMarcelo Tosatti1-0/+18
Add bdrv_find_backing_image: given a BlockDriverState pointer, and an id, traverse the backing image chain to locate the id. Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-01-26block: add BlockJob interface for long-running operationsStefan Hajnoczi1-0/+48
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2012-01-26block: make copy-on-read a per-request flagStefan Hajnoczi1-11/+38
Previously copy-on-read could only be enabled for all requests to a block device. This means requests coming from the guest as well as QEMU's internal requests would perform copy-on-read when enabled. For image streaming we want to support finer-grained behavior than just populating the image file from its backing image. Image streaming supports partial streaming where a common backing image is preserved. In this case guest requests should not perform copy-on-read because they would indiscriminately copy data which should be left in a backing image from the backing chain. Introduce a per-request flag for copy-on-read so that a block device can process both regular and copy-on-read requests. Overlapping reads and writes still need to be serialized for correctness when copy-on-read is happening, so add an in-flight reference count to track this. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>