aboutsummaryrefslogtreecommitdiff
path: root/block/vhdx.c
AgeCommit message (Collapse)AuthorFilesLines
2014-08-15vhdx: Handle failure for potentially large allocationsKevin Wolf1-2/+11
Some code in the block layer makes potentially huge allocations. Failure is not completely unexpected there, so avoid aborting qemu and handle out-of-memory situations gracefully. This patch addresses the allocations in the vhdx block driver. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net>
2014-08-15block: VHDX endian fixesJeff Cody1-36/+53
This patch contains several changes for endian conversion fixes for VHDX, particularly for big-endian machines (multibyte values in VHDX are all on disk in LE format). Tests were done with existing qemu-iotests on an IBM POWER7 (8406-71Y). This includes sample images created by Hyper-V, both with dirty logs and without. In addition, VHDX image files created (and written to) on a BE machine were tested on a LE machine, and vice-versa. Reported-by: Markus Armburster <armbru@redhat.com> Reported-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Jeff Cody <jcody@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-06-16cleanup QEMUOptionParameterChunyan Liu1-2/+2
Now that all backend drivers are using QemuOpts, remove all QEMUOptionParameter related codes. Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com> Signed-off-by: Chunyan Liu <cyliu@suse.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-16vhdx.c: replace QEMUOptionParameter with QemuOptsChunyan Liu1-52/+47
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com> Signed-off-by: Chunyan Liu <cyliu@suse.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-16change block layer to support both QemuOpts and QEMUOptionParamterChunyan Liu1-1/+1
Change block layer to support both QemuOpts and QEMUOptionParameter. After this patch, it will change backend drivers one by one. At the end, QEMUOptionParameter will be removed and only QemuOpts is kept. Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com> Signed-off-by: Chunyan Liu <cyliu@suse.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-05-19block: vhdx - account for identical header sectionsJeff Cody1-1/+8
The VHDX spec v1.00 declares that "a header is current if it is the only valid header or if it is valid and its SequenceNumber field is greater than the other header’s SequenceNumber field. The parser must only use data from the current header. If there is no current header, then the VHDX file is corrupt." However, the Disk2VHD tool from Microsoft creates a VHDX image file that has 2 identical headers, including matching checksums and matching sequence numbers. Likely, as a shortcut the tool is just writing the header twice, for the active and inactive headers, during the image creation. Technically, this should be considered a corrupt VHDX file (at least per the 1.00 spec, and that is how we currently treat it). But in order to accomodate images created with Disk2VHD, we can safely create an exception for this case. If we find identical sequence numbers, then we check the VHDXHeader-sized chunks of each 64KB header sections (we won't rely just on the crc32c to indicate the headers are the same). If they are identical, then we go ahead and use the first one. Reported-by: Nerijus Baliūnas <nerijus@users.sourceforge.net> Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-04-01vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148)Jeff Cody1-2/+10
Other variables (e.g. sectors_per_block) are calculated using these variables, and if not range-checked illegal values could be obtained causing infinite loops and other potential issues when calculating BAT entries. The 1.00 VHDX spec requires BlockSize to be min 1MB, max 256MB. LogicalSectorSize is required to be either 512 or 4096 bytes. Reported-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-02-21vhdx: correctly propagate errorsPaolo Bonzini1-12/+9
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-02-21block: Make bdrv_file_open() staticMax Reitz1-1/+3
Add the bdrv_open() option BDRV_O_PROTOCOL which results in passing the call to bdrv_file_open(). Additionally, make bdrv_file_open() static and therefore bdrv_open() the only way to call it. Consequently, all existing calls to bdrv_file_open() have to be adjusted to use bdrv_open() with the BDRV_O_PROTOCOL flag instead. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Benoit Canet <benoit@irqsave.net> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-01-31block/vhdx: Error checking fixesMarkus Armbruster1-4/+4
Errors are inadvertently ignored in a few places. Has always been broken. Spotted by Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-01-22block: Allow reference for bdrv_file_open()Max Reitz1-1/+1
Allow specifying a reference to an existing block device (by name) for bdrv_file_open() instead of a filename and/or options. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-12-20block: vhdx - improve error message, and .bdrv_check implementationJeff Cody1-2/+20
If there is a dirty log file to be replayed in a VHDX image, it is replayed in .vhdx_open(). However, if the file is opened read-only, then a somewhat cryptic error message results. This adds a more helpful error message for the user. If an image file contains a log to be replayed, and is opened read-only, the user is instructed to run 'qemu-img check -r all' on the image file. Running qemu-img check -r all will cause the image file to be opened r/w, which will replay the log file. If a log file replay is detected, this is flagged, and bdrv_check will increase the corruptions_fixed count for the image. [Fixed typo in error message that was pointed out by Eric Blake <eblake@redhat.com>. --Stefan] Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-12-03block drivers: add discard/write_zeroes properties to bdrv_get_info ↵Paolo Bonzini1-0/+3
implementation Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Peter Lieven <pl@kamp.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-12-03vpc, vhdx: add get_infoPaolo Bonzini1-0/+10
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Peter Lieven <pl@kamp.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-11-07block: vhdx - add .bdrv_create() supportJeff Cody1-0/+558
This adds support for VHDX image creation, for images of type "Fixed" and "Dynamic". "Differencing" types (i.e., VHDX images with backing files) are currently not supported. Options for image creation include: * log size: The size of the journaling log for VHDX. Minimum is 1MB, and it must be a multiple of 1MB. Invalid log sizes will be silently fixed by rounding up to the nearest MB. Default is 1MB. * block size: This is the size of a payload block. The range is 1MB to 256MB, inclusive, and must be a multiple of 1MB as well. Invalid sizes and multiples will be silently fixed. If '0' is passed, then a sane size is chosen (depending on virtual image size). Default is 0 (Auto-select). * subformat: - "dynamic" An image without data pre-allocated. - "fixed" An image with data pre-allocated. Default is "dynamic" When creating the image file, the lettered sections are created: -----------------------------------------------------------------. | (A) | (B) | (C) | (D) | (E) | File ID | Header1 | Header 2 | Region Tbl 1 | Region Tbl 2 | | | | | .-----------------------------------------------------------------. 0 64KB 128KB 192KB 256KB 320KB .---- ~ ----------- ~ ------------ ~ ---------------- ~ -----------. | (F) | (G) | (H) | | Journal Log | BAT / Bitmap | Metadata | .... data ...... | | | | .---- ~ ----------- ~ ------------ ~ ---------------- ~ -----------. 1MB (var.) (var.) (var.) Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-11-07block: vhdx - break out code operations to functionsJeff Cody1-41/+80
This is preperation for vhdx_create(). The ability to write headers, and calculate the number of BAT entries will be needed within the create() functions, so move this relevant code into helper functions. Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-11-07block: vhdx - move more endian translations to vhdx-endian.cJeff Cody1-16/+4
In preparation for vhdx_create(), move more endian translation functions out to vhdx-endian.c. Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-11-07block: vhdx - remove BAT file offset bit shiftingJeff Cody1-4/+2
Bit shifting can be fun, but in this case it was unnecessary. The upper 44 bits of the 64-bit BAT entry is specifies the File Offset, so we shifted the bits to get access to the value. However, per the spec the value is in MB. So we dutifully shifted back to the left by 20 bits, to convert to a true uint64_t file offset. This replaces those steps with just a bit mask, to get rid of the lower 20 bits instead. Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-11-07block: vhdx write supportJeff Cody1-4/+208
This adds support for writing to VHDX image files, using coroutines. Writes into the BAT table goes through the VHDX log. Currently, BAT table writes occur when expanding a dynamic VHDX file, and allocating a new BAT entry. Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-11-07block: vhdx - add region overlap detection for image filesJeff Cody1-0/+82
Regions in the image file cannot overlap - the log, region tables, and metdata must all be unique and non-overlapping. This adds region checking by means of a QLIST; there can be a variable number of regions and metadata (there may be metadata or region tables that we do not recognize / know about, but are not required). This adds the capability to register a region for later checking, and to check against registered regions for any overlap. Also, if neither the BAT or Metadata region tables are found, return error. Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-11-07block: vhdx - log parsing, replay, and flush supportJeff Cody1-51/+14
This adds support for VHDX v0 logs, as specified in Microsoft's VHDX Specification Format v1.00: https://www.microsoft.com/en-us/download/details.aspx?id=34750 The following support is added: * Log parsing, and validation - validate that an existing log is correct. * Log search - search through an existing log, to find any valid sequence of entries. * Log replay and flush - replay an existing log, and flush/clear the log when complete. The VHDX log is a circular buffer, with elements (sectors) of 4KB. A log entry is a variably-length number of sectors, that is comprised of a header and 'descriptors', that describe each sector. A log may contain multiple entries, know as a log sequence. In a log sequence, each log entry immediately follows the previous entry, with an incrementing sequence number. There can only ever be one active and valid sequence in the log. Each log entry must match the file log GUID in order to be valid (along with other criteria). Once we have flushed all valid log entries, we marked the file log GUID to be zero, which indicates a buffer with no valid entries. Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-11-07block: vhdx code movement - move vhdx_close() above vhdx_open()Jeff Cody1-11/+11
Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-11-07block: vhdx - update log guid in header, and first write trackerJeff Cody1-6/+24
Allow tracking of first file write in the VHDX image, as well as the ability to update the GUID in the header. This is in preparation for log support. Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-11-07block: vhdx - break endian translation functions outJeff Cody1-43/+0
This moves the endian translation functions out from the vhdx.c source, into a separate source file. In addition to the previously defined endian functions, new endian translation functions for log support are added as well. Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-11-07block: vhdx code movement - VHDXMetadataEntries and BDRVVHDXState to header.Jeff Cody1-52/+0
In preparation for VHDX log support, move these structures to the header. Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-11-07block: vhdx - add header update capability.Jeff Cody1-2/+159
This adds the ability to update the headers in a VHDX image, including generating a new MS-compatible GUID. As VHDX depends on uuid.h, VHDX is now a configurable build option. If VHDX support is enabled, that will also enable uuid as well. The default is to have VHDX enabled. To enable/disable VHDX: --enable-vhdx, --disable-vhdx Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-11-07block: vhdx - minor comments and typo correction.Jeff Cody1-2/+4
Just a couple of minor comments to help note where allocated buffers are freed, and a typo fix. Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-10-02block: vhdx - add migration blockerJeff Cody1-0/+10
This blocks migration for VHDX image files, until the functionality can be supported. Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-09-12bdrv: Use "Error" for opening imagesMax Reitz1-1/+2
Add an Error ** parameter to BlockDriver.bdrv_open and BlockDriver.bdrv_file_open to allow more specific error messages. Signed-off-by: Max Reitz <mreitz@redhat.com>
2013-05-03block: add read-only support to VHDX image format.Jeff Cody1-2/+121
This adds in read-only support to the VHDX image format. This supports reads for fixed-size, and dynamic sized VHDX images. Differencing files are still unsupported. The image must be opened without BDRV_O_RDWR set, because we do not yet update the headers. I.e., pass 'readonly=on' in the drive image options from the QEMU commandline. Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-05-03block: initial VHDX driver support framework - supports open and probeJeff Cody1-0/+853
This is the initial block driver framework for VHDX image support (i.e. Hyper-V image file formats), that supports opening VHDX files, and parsing the headers. This commit does not yet enable: - reading - writing - updating the header - differencing files (images with parents) - log replay / dirty logs (only clean images) This is based on Microsoft's VHDX specification: "VHDX Format Specification v0.95", published 4/12/2012 https://www.microsoft.com/en-us/download/details.aspx?id=29681 Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>