xref: /openbmc/qemu/qemu-img.c (revision 30b5707c269cac1ad80b72f777e52c8e08b2ff19)
1 /*
2  * QEMU disk image utility
3  *
4  * Copyright (c) 2003-2008 Fabrice Bellard
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 
25 #include "qemu/osdep.h"
26 #include <getopt.h>
27 
28 #include "qemu-common.h"
29 #include "qemu-version.h"
30 #include "qapi/error.h"
31 #include "qapi/qapi-commands-block-core.h"
32 #include "qapi/qapi-visit-block-core.h"
33 #include "qapi/qobject-output-visitor.h"
34 #include "qapi/qmp/qjson.h"
35 #include "qapi/qmp/qdict.h"
36 #include "qapi/qmp/qstring.h"
37 #include "qemu/cutils.h"
38 #include "qemu/config-file.h"
39 #include "qemu/option.h"
40 #include "qemu/error-report.h"
41 #include "qemu/log.h"
42 #include "qemu/main-loop.h"
43 #include "qemu/module.h"
44 #include "qemu/sockets.h"
45 #include "qemu/units.h"
46 #include "qom/object_interfaces.h"
47 #include "sysemu/block-backend.h"
48 #include "block/block_int.h"
49 #include "block/blockjob.h"
50 #include "block/qapi.h"
51 #include "crypto/init.h"
52 #include "trace/control.h"
53 
54 #define QEMU_IMG_VERSION "qemu-img version " QEMU_FULL_VERSION \
55                           "\n" QEMU_COPYRIGHT "\n"
56 
57 typedef struct img_cmd_t {
58     const char *name;
59     int (*handler)(int argc, char **argv);
60 } img_cmd_t;
61 
62 enum {
63     OPTION_OUTPUT = 256,
64     OPTION_BACKING_CHAIN = 257,
65     OPTION_OBJECT = 258,
66     OPTION_IMAGE_OPTS = 259,
67     OPTION_PATTERN = 260,
68     OPTION_FLUSH_INTERVAL = 261,
69     OPTION_NO_DRAIN = 262,
70     OPTION_TARGET_IMAGE_OPTS = 263,
71     OPTION_SIZE = 264,
72     OPTION_PREALLOCATION = 265,
73     OPTION_SHRINK = 266,
74     OPTION_SALVAGE = 267,
75     OPTION_TARGET_IS_ZERO = 268,
76     OPTION_ADD = 269,
77     OPTION_REMOVE = 270,
78     OPTION_CLEAR = 271,
79     OPTION_ENABLE = 272,
80     OPTION_DISABLE = 273,
81     OPTION_MERGE = 274,
82     OPTION_BITMAPS = 275,
83     OPTION_FORCE = 276,
84 };
85 
86 typedef enum OutputFormat {
87     OFORMAT_JSON,
88     OFORMAT_HUMAN,
89 } OutputFormat;
90 
91 /* Default to cache=writeback as data integrity is not important for qemu-img */
92 #define BDRV_DEFAULT_CACHE "writeback"
93 
94 static void format_print(void *opaque, const char *name)
95 {
96     printf(" %s", name);
97 }
98 
99 static void QEMU_NORETURN GCC_FMT_ATTR(1, 2) error_exit(const char *fmt, ...)
100 {
101     va_list ap;
102 
103     va_start(ap, fmt);
104     error_vreport(fmt, ap);
105     va_end(ap);
106 
107     error_printf("Try 'qemu-img --help' for more information\n");
108     exit(EXIT_FAILURE);
109 }
110 
111 static void QEMU_NORETURN missing_argument(const char *option)
112 {
113     error_exit("missing argument for option '%s'", option);
114 }
115 
116 static void QEMU_NORETURN unrecognized_option(const char *option)
117 {
118     error_exit("unrecognized option '%s'", option);
119 }
120 
121 /* Please keep in synch with docs/tools/qemu-img.rst */
122 static void QEMU_NORETURN help(void)
123 {
124     const char *help_msg =
125            QEMU_IMG_VERSION
126            "usage: qemu-img [standard options] command [command options]\n"
127            "QEMU disk image utility\n"
128            "\n"
129            "    '-h', '--help'       display this help and exit\n"
130            "    '-V', '--version'    output version information and exit\n"
131            "    '-T', '--trace'      [[enable=]<pattern>][,events=<file>][,file=<file>]\n"
132            "                         specify tracing options\n"
133            "\n"
134            "Command syntax:\n"
135 #define DEF(option, callback, arg_string)        \
136            "  " arg_string "\n"
137 #include "qemu-img-cmds.h"
138 #undef DEF
139            "\n"
140            "Command parameters:\n"
141            "  'filename' is a disk image filename\n"
142            "  'objectdef' is a QEMU user creatable object definition. See the qemu(1)\n"
143            "    manual page for a description of the object properties. The most common\n"
144            "    object type is a 'secret', which is used to supply passwords and/or\n"
145            "    encryption keys.\n"
146            "  'fmt' is the disk image format. It is guessed automatically in most cases\n"
147            "  'cache' is the cache mode used to write the output disk image, the valid\n"
148            "    options are: 'none', 'writeback' (default, except for convert), 'writethrough',\n"
149            "    'directsync' and 'unsafe' (default for convert)\n"
150            "  'src_cache' is the cache mode used to read input disk images, the valid\n"
151            "    options are the same as for the 'cache' option\n"
152            "  'size' is the disk image size in bytes. Optional suffixes\n"
153            "    'k' or 'K' (kilobyte, 1024), 'M' (megabyte, 1024k), 'G' (gigabyte, 1024M),\n"
154            "    'T' (terabyte, 1024G), 'P' (petabyte, 1024T) and 'E' (exabyte, 1024P)  are\n"
155            "    supported. 'b' is ignored.\n"
156            "  'output_filename' is the destination disk image filename\n"
157            "  'output_fmt' is the destination format\n"
158            "  'options' is a comma separated list of format specific options in a\n"
159            "    name=value format. Use -o ? for an overview of the options supported by the\n"
160            "    used format\n"
161            "  'snapshot_param' is param used for internal snapshot, format\n"
162            "    is 'snapshot.id=[ID],snapshot.name=[NAME]', or\n"
163            "    '[ID_OR_NAME]'\n"
164            "  '-c' indicates that target image must be compressed (qcow format only)\n"
165            "  '-u' allows unsafe backing chains. For rebasing, it is assumed that old and\n"
166            "       new backing file match exactly. The image doesn't need a working\n"
167            "       backing file before rebasing in this case (useful for renaming the\n"
168            "       backing file). For image creation, allow creating without attempting\n"
169            "       to open the backing file.\n"
170            "  '-h' with or without a command shows this help and lists the supported formats\n"
171            "  '-p' show progress of command (only certain commands)\n"
172            "  '-q' use Quiet mode - do not print any output (except errors)\n"
173            "  '-S' indicates the consecutive number of bytes (defaults to 4k) that must\n"
174            "       contain only zeros for qemu-img to create a sparse image during\n"
175            "       conversion. If the number of bytes is 0, the source will not be scanned for\n"
176            "       unallocated or zero sectors, and the destination image will always be\n"
177            "       fully allocated\n"
178            "  '--output' takes the format in which the output must be done (human or json)\n"
179            "  '-n' skips the target volume creation (useful if the volume is created\n"
180            "       prior to running qemu-img)\n"
181            "\n"
182            "Parameters to bitmap subcommand:\n"
183            "  'bitmap' is the name of the bitmap to manipulate, through one or more\n"
184            "       actions from '--add', '--remove', '--clear', '--enable', '--disable',\n"
185            "       or '--merge source'\n"
186            "  '-g granularity' sets the granularity for '--add' actions\n"
187            "  '-b source' and '-F src_fmt' tell '--merge' actions to find the source\n"
188            "       bitmaps from an alternative file\n"
189            "\n"
190            "Parameters to check subcommand:\n"
191            "  '-r' tries to repair any inconsistencies that are found during the check.\n"
192            "       '-r leaks' repairs only cluster leaks, whereas '-r all' fixes all\n"
193            "       kinds of errors, with a higher risk of choosing the wrong fix or\n"
194            "       hiding corruption that has already occurred.\n"
195            "\n"
196            "Parameters to convert subcommand:\n"
197            "  '--bitmaps' copies all top-level persistent bitmaps to destination\n"
198            "  '-m' specifies how many coroutines work in parallel during the convert\n"
199            "       process (defaults to 8)\n"
200            "  '-W' allow to write to the target out of order rather than sequential\n"
201            "\n"
202            "Parameters to snapshot subcommand:\n"
203            "  'snapshot' is the name of the snapshot to create, apply or delete\n"
204            "  '-a' applies a snapshot (revert disk to saved state)\n"
205            "  '-c' creates a snapshot\n"
206            "  '-d' deletes a snapshot\n"
207            "  '-l' lists all snapshots in the given image\n"
208            "\n"
209            "Parameters to compare subcommand:\n"
210            "  '-f' first image format\n"
211            "  '-F' second image format\n"
212            "  '-s' run in Strict mode - fail on different image size or sector allocation\n"
213            "\n"
214            "Parameters to dd subcommand:\n"
215            "  'bs=BYTES' read and write up to BYTES bytes at a time "
216            "(default: 512)\n"
217            "  'count=N' copy only N input blocks\n"
218            "  'if=FILE' read from FILE\n"
219            "  'of=FILE' write to FILE\n"
220            "  'skip=N' skip N bs-sized blocks at the start of input\n";
221 
222     printf("%s\nSupported formats:", help_msg);
223     bdrv_iterate_format(format_print, NULL, false);
224     printf("\n\n" QEMU_HELP_BOTTOM "\n");
225     exit(EXIT_SUCCESS);
226 }
227 
228 static QemuOptsList qemu_object_opts = {
229     .name = "object",
230     .implied_opt_name = "qom-type",
231     .head = QTAILQ_HEAD_INITIALIZER(qemu_object_opts.head),
232     .desc = {
233         { }
234     },
235 };
236 
237 static bool qemu_img_object_print_help(const char *type, QemuOpts *opts)
238 {
239     if (user_creatable_print_help(type, opts)) {
240         exit(0);
241     }
242     return true;
243 }
244 
245 /*
246  * Is @optarg safe for accumulate_options()?
247  * It is when multiple of them can be joined together separated by ','.
248  * To make that work, @optarg must not start with ',' (or else a
249  * separating ',' preceding it gets escaped), and it must not end with
250  * an odd number of ',' (or else a separating ',' following it gets
251  * escaped), or be empty (or else a separating ',' preceding it can
252  * escape a separating ',' following it).
253  *
254  */
255 static bool is_valid_option_list(const char *optarg)
256 {
257     size_t len = strlen(optarg);
258     size_t i;
259 
260     if (!optarg[0] || optarg[0] == ',') {
261         return false;
262     }
263 
264     for (i = len; i > 0 && optarg[i - 1] == ','; i--) {
265     }
266     if ((len - i) % 2) {
267         return false;
268     }
269 
270     return true;
271 }
272 
273 static int accumulate_options(char **options, char *optarg)
274 {
275     char *new_options;
276 
277     if (!is_valid_option_list(optarg)) {
278         error_report("Invalid option list: %s", optarg);
279         return -1;
280     }
281 
282     if (!*options) {
283         *options = g_strdup(optarg);
284     } else {
285         new_options = g_strdup_printf("%s,%s", *options, optarg);
286         g_free(*options);
287         *options = new_options;
288     }
289     return 0;
290 }
291 
292 static QemuOptsList qemu_source_opts = {
293     .name = "source",
294     .implied_opt_name = "file",
295     .head = QTAILQ_HEAD_INITIALIZER(qemu_source_opts.head),
296     .desc = {
297         { }
298     },
299 };
300 
301 static int GCC_FMT_ATTR(2, 3) qprintf(bool quiet, const char *fmt, ...)
302 {
303     int ret = 0;
304     if (!quiet) {
305         va_list args;
306         va_start(args, fmt);
307         ret = vprintf(fmt, args);
308         va_end(args);
309     }
310     return ret;
311 }
312 
313 
314 static int print_block_option_help(const char *filename, const char *fmt)
315 {
316     BlockDriver *drv, *proto_drv;
317     QemuOptsList *create_opts = NULL;
318     Error *local_err = NULL;
319 
320     /* Find driver and parse its options */
321     drv = bdrv_find_format(fmt);
322     if (!drv) {
323         error_report("Unknown file format '%s'", fmt);
324         return 1;
325     }
326 
327     if (!drv->create_opts) {
328         error_report("Format driver '%s' does not support image creation", fmt);
329         return 1;
330     }
331 
332     create_opts = qemu_opts_append(create_opts, drv->create_opts);
333     if (filename) {
334         proto_drv = bdrv_find_protocol(filename, true, &local_err);
335         if (!proto_drv) {
336             error_report_err(local_err);
337             qemu_opts_free(create_opts);
338             return 1;
339         }
340         if (!proto_drv->create_opts) {
341             error_report("Protocol driver '%s' does not support image creation",
342                          proto_drv->format_name);
343             qemu_opts_free(create_opts);
344             return 1;
345         }
346         create_opts = qemu_opts_append(create_opts, proto_drv->create_opts);
347     }
348 
349     if (filename) {
350         printf("Supported options:\n");
351     } else {
352         printf("Supported %s options:\n", fmt);
353     }
354     qemu_opts_print_help(create_opts, false);
355     qemu_opts_free(create_opts);
356 
357     if (!filename) {
358         printf("\n"
359                "The protocol level may support further options.\n"
360                "Specify the target filename to include those options.\n");
361     }
362 
363     return 0;
364 }
365 
366 
367 static BlockBackend *img_open_opts(const char *optstr,
368                                    QemuOpts *opts, int flags, bool writethrough,
369                                    bool quiet, bool force_share)
370 {
371     QDict *options;
372     Error *local_err = NULL;
373     BlockBackend *blk;
374     options = qemu_opts_to_qdict(opts, NULL);
375     if (force_share) {
376         if (qdict_haskey(options, BDRV_OPT_FORCE_SHARE)
377             && strcmp(qdict_get_str(options, BDRV_OPT_FORCE_SHARE), "on")) {
378             error_report("--force-share/-U conflicts with image options");
379             qobject_unref(options);
380             return NULL;
381         }
382         qdict_put_str(options, BDRV_OPT_FORCE_SHARE, "on");
383     }
384     blk = blk_new_open(NULL, NULL, options, flags, &local_err);
385     if (!blk) {
386         error_reportf_err(local_err, "Could not open '%s': ", optstr);
387         return NULL;
388     }
389     blk_set_enable_write_cache(blk, !writethrough);
390 
391     return blk;
392 }
393 
394 static BlockBackend *img_open_file(const char *filename,
395                                    QDict *options,
396                                    const char *fmt, int flags,
397                                    bool writethrough, bool quiet,
398                                    bool force_share)
399 {
400     BlockBackend *blk;
401     Error *local_err = NULL;
402 
403     if (!options) {
404         options = qdict_new();
405     }
406     if (fmt) {
407         qdict_put_str(options, "driver", fmt);
408     }
409 
410     if (force_share) {
411         qdict_put_bool(options, BDRV_OPT_FORCE_SHARE, true);
412     }
413     blk = blk_new_open(filename, NULL, options, flags, &local_err);
414     if (!blk) {
415         error_reportf_err(local_err, "Could not open '%s': ", filename);
416         return NULL;
417     }
418     blk_set_enable_write_cache(blk, !writethrough);
419 
420     return blk;
421 }
422 
423 
424 static int img_add_key_secrets(void *opaque,
425                                const char *name, const char *value,
426                                Error **errp)
427 {
428     QDict *options = opaque;
429 
430     if (g_str_has_suffix(name, "key-secret")) {
431         qdict_put_str(options, name, value);
432     }
433 
434     return 0;
435 }
436 
437 
438 static BlockBackend *img_open(bool image_opts,
439                               const char *filename,
440                               const char *fmt, int flags, bool writethrough,
441                               bool quiet, bool force_share)
442 {
443     BlockBackend *blk;
444     if (image_opts) {
445         QemuOpts *opts;
446         if (fmt) {
447             error_report("--image-opts and --format are mutually exclusive");
448             return NULL;
449         }
450         opts = qemu_opts_parse_noisily(qemu_find_opts("source"),
451                                        filename, true);
452         if (!opts) {
453             return NULL;
454         }
455         blk = img_open_opts(filename, opts, flags, writethrough, quiet,
456                             force_share);
457     } else {
458         blk = img_open_file(filename, NULL, fmt, flags, writethrough, quiet,
459                             force_share);
460     }
461     return blk;
462 }
463 
464 
465 static int add_old_style_options(const char *fmt, QemuOpts *opts,
466                                  const char *base_filename,
467                                  const char *base_fmt)
468 {
469     if (base_filename) {
470         if (!qemu_opt_set(opts, BLOCK_OPT_BACKING_FILE, base_filename,
471                           NULL)) {
472             error_report("Backing file not supported for file format '%s'",
473                          fmt);
474             return -1;
475         }
476     }
477     if (base_fmt) {
478         if (!qemu_opt_set(opts, BLOCK_OPT_BACKING_FMT, base_fmt, NULL)) {
479             error_report("Backing file format not supported for file "
480                          "format '%s'", fmt);
481             return -1;
482         }
483     }
484     return 0;
485 }
486 
487 static int64_t cvtnum_full(const char *name, const char *value, int64_t min,
488                            int64_t max)
489 {
490     int err;
491     uint64_t res;
492 
493     err = qemu_strtosz(value, NULL, &res);
494     if (err < 0 && err != -ERANGE) {
495         error_report("Invalid %s specified. You may use "
496                      "k, M, G, T, P or E suffixes for", name);
497         error_report("kilobytes, megabytes, gigabytes, terabytes, "
498                      "petabytes and exabytes.");
499         return err;
500     }
501     if (err == -ERANGE || res > max || res < min) {
502         error_report("Invalid %s specified. Must be between %" PRId64
503                      " and %" PRId64 ".", name, min, max);
504         return -ERANGE;
505     }
506     return res;
507 }
508 
509 static int64_t cvtnum(const char *name, const char *value)
510 {
511     return cvtnum_full(name, value, 0, INT64_MAX);
512 }
513 
514 static int img_create(int argc, char **argv)
515 {
516     int c;
517     uint64_t img_size = -1;
518     const char *fmt = "raw";
519     const char *base_fmt = NULL;
520     const char *filename;
521     const char *base_filename = NULL;
522     char *options = NULL;
523     Error *local_err = NULL;
524     bool quiet = false;
525     int flags = 0;
526 
527     for(;;) {
528         static const struct option long_options[] = {
529             {"help", no_argument, 0, 'h'},
530             {"object", required_argument, 0, OPTION_OBJECT},
531             {0, 0, 0, 0}
532         };
533         c = getopt_long(argc, argv, ":F:b:f:ho:qu",
534                         long_options, NULL);
535         if (c == -1) {
536             break;
537         }
538         switch(c) {
539         case ':':
540             missing_argument(argv[optind - 1]);
541             break;
542         case '?':
543             unrecognized_option(argv[optind - 1]);
544             break;
545         case 'h':
546             help();
547             break;
548         case 'F':
549             base_fmt = optarg;
550             break;
551         case 'b':
552             base_filename = optarg;
553             break;
554         case 'f':
555             fmt = optarg;
556             break;
557         case 'o':
558             if (accumulate_options(&options, optarg) < 0) {
559                 goto fail;
560             }
561             break;
562         case 'q':
563             quiet = true;
564             break;
565         case 'u':
566             flags |= BDRV_O_NO_BACKING;
567             break;
568         case OPTION_OBJECT: {
569             QemuOpts *opts;
570             opts = qemu_opts_parse_noisily(&qemu_object_opts,
571                                            optarg, true);
572             if (!opts) {
573                 goto fail;
574             }
575         }   break;
576         }
577     }
578 
579     /* Get the filename */
580     filename = (optind < argc) ? argv[optind] : NULL;
581     if (options && has_help_option(options)) {
582         g_free(options);
583         return print_block_option_help(filename, fmt);
584     }
585 
586     if (optind >= argc) {
587         error_exit("Expecting image file name");
588     }
589     optind++;
590 
591     if (qemu_opts_foreach(&qemu_object_opts,
592                           user_creatable_add_opts_foreach,
593                           qemu_img_object_print_help, &error_fatal)) {
594         goto fail;
595     }
596 
597     /* Get image size, if specified */
598     if (optind < argc) {
599         int64_t sval;
600 
601         sval = cvtnum("image size", argv[optind++]);
602         if (sval < 0) {
603             goto fail;
604         }
605         img_size = (uint64_t)sval;
606     }
607     if (optind != argc) {
608         error_exit("Unexpected argument: %s", argv[optind]);
609     }
610 
611     bdrv_img_create(filename, fmt, base_filename, base_fmt,
612                     options, img_size, flags, quiet, &local_err);
613     if (local_err) {
614         error_reportf_err(local_err, "%s: ", filename);
615         goto fail;
616     }
617 
618     g_free(options);
619     return 0;
620 
621 fail:
622     g_free(options);
623     return 1;
624 }
625 
626 static void dump_json_image_check(ImageCheck *check, bool quiet)
627 {
628     QString *str;
629     QObject *obj;
630     Visitor *v = qobject_output_visitor_new(&obj);
631 
632     visit_type_ImageCheck(v, NULL, &check, &error_abort);
633     visit_complete(v, &obj);
634     str = qobject_to_json_pretty(obj);
635     assert(str != NULL);
636     qprintf(quiet, "%s\n", qstring_get_str(str));
637     qobject_unref(obj);
638     visit_free(v);
639     qobject_unref(str);
640 }
641 
642 static void dump_human_image_check(ImageCheck *check, bool quiet)
643 {
644     if (!(check->corruptions || check->leaks || check->check_errors)) {
645         qprintf(quiet, "No errors were found on the image.\n");
646     } else {
647         if (check->corruptions) {
648             qprintf(quiet, "\n%" PRId64 " errors were found on the image.\n"
649                     "Data may be corrupted, or further writes to the image "
650                     "may corrupt it.\n",
651                     check->corruptions);
652         }
653 
654         if (check->leaks) {
655             qprintf(quiet,
656                     "\n%" PRId64 " leaked clusters were found on the image.\n"
657                     "This means waste of disk space, but no harm to data.\n",
658                     check->leaks);
659         }
660 
661         if (check->check_errors) {
662             qprintf(quiet,
663                     "\n%" PRId64
664                     " internal errors have occurred during the check.\n",
665                     check->check_errors);
666         }
667     }
668 
669     if (check->total_clusters != 0 && check->allocated_clusters != 0) {
670         qprintf(quiet, "%" PRId64 "/%" PRId64 " = %0.2f%% allocated, "
671                 "%0.2f%% fragmented, %0.2f%% compressed clusters\n",
672                 check->allocated_clusters, check->total_clusters,
673                 check->allocated_clusters * 100.0 / check->total_clusters,
674                 check->fragmented_clusters * 100.0 / check->allocated_clusters,
675                 check->compressed_clusters * 100.0 /
676                 check->allocated_clusters);
677     }
678 
679     if (check->image_end_offset) {
680         qprintf(quiet,
681                 "Image end offset: %" PRId64 "\n", check->image_end_offset);
682     }
683 }
684 
685 static int collect_image_check(BlockDriverState *bs,
686                    ImageCheck *check,
687                    const char *filename,
688                    const char *fmt,
689                    int fix)
690 {
691     int ret;
692     BdrvCheckResult result;
693 
694     ret = bdrv_check(bs, &result, fix);
695     if (ret < 0) {
696         return ret;
697     }
698 
699     check->filename                 = g_strdup(filename);
700     check->format                   = g_strdup(bdrv_get_format_name(bs));
701     check->check_errors             = result.check_errors;
702     check->corruptions              = result.corruptions;
703     check->has_corruptions          = result.corruptions != 0;
704     check->leaks                    = result.leaks;
705     check->has_leaks                = result.leaks != 0;
706     check->corruptions_fixed        = result.corruptions_fixed;
707     check->has_corruptions_fixed    = result.corruptions_fixed != 0;
708     check->leaks_fixed              = result.leaks_fixed;
709     check->has_leaks_fixed          = result.leaks_fixed != 0;
710     check->image_end_offset         = result.image_end_offset;
711     check->has_image_end_offset     = result.image_end_offset != 0;
712     check->total_clusters           = result.bfi.total_clusters;
713     check->has_total_clusters       = result.bfi.total_clusters != 0;
714     check->allocated_clusters       = result.bfi.allocated_clusters;
715     check->has_allocated_clusters   = result.bfi.allocated_clusters != 0;
716     check->fragmented_clusters      = result.bfi.fragmented_clusters;
717     check->has_fragmented_clusters  = result.bfi.fragmented_clusters != 0;
718     check->compressed_clusters      = result.bfi.compressed_clusters;
719     check->has_compressed_clusters  = result.bfi.compressed_clusters != 0;
720 
721     return 0;
722 }
723 
724 /*
725  * Checks an image for consistency. Exit codes:
726  *
727  *  0 - Check completed, image is good
728  *  1 - Check not completed because of internal errors
729  *  2 - Check completed, image is corrupted
730  *  3 - Check completed, image has leaked clusters, but is good otherwise
731  * 63 - Checks are not supported by the image format
732  */
733 static int img_check(int argc, char **argv)
734 {
735     int c, ret;
736     OutputFormat output_format = OFORMAT_HUMAN;
737     const char *filename, *fmt, *output, *cache;
738     BlockBackend *blk;
739     BlockDriverState *bs;
740     int fix = 0;
741     int flags = BDRV_O_CHECK;
742     bool writethrough;
743     ImageCheck *check;
744     bool quiet = false;
745     bool image_opts = false;
746     bool force_share = false;
747 
748     fmt = NULL;
749     output = NULL;
750     cache = BDRV_DEFAULT_CACHE;
751 
752     for(;;) {
753         int option_index = 0;
754         static const struct option long_options[] = {
755             {"help", no_argument, 0, 'h'},
756             {"format", required_argument, 0, 'f'},
757             {"repair", required_argument, 0, 'r'},
758             {"output", required_argument, 0, OPTION_OUTPUT},
759             {"object", required_argument, 0, OPTION_OBJECT},
760             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
761             {"force-share", no_argument, 0, 'U'},
762             {0, 0, 0, 0}
763         };
764         c = getopt_long(argc, argv, ":hf:r:T:qU",
765                         long_options, &option_index);
766         if (c == -1) {
767             break;
768         }
769         switch(c) {
770         case ':':
771             missing_argument(argv[optind - 1]);
772             break;
773         case '?':
774             unrecognized_option(argv[optind - 1]);
775             break;
776         case 'h':
777             help();
778             break;
779         case 'f':
780             fmt = optarg;
781             break;
782         case 'r':
783             flags |= BDRV_O_RDWR;
784 
785             if (!strcmp(optarg, "leaks")) {
786                 fix = BDRV_FIX_LEAKS;
787             } else if (!strcmp(optarg, "all")) {
788                 fix = BDRV_FIX_LEAKS | BDRV_FIX_ERRORS;
789             } else {
790                 error_exit("Unknown option value for -r "
791                            "(expecting 'leaks' or 'all'): %s", optarg);
792             }
793             break;
794         case OPTION_OUTPUT:
795             output = optarg;
796             break;
797         case 'T':
798             cache = optarg;
799             break;
800         case 'q':
801             quiet = true;
802             break;
803         case 'U':
804             force_share = true;
805             break;
806         case OPTION_OBJECT: {
807             QemuOpts *opts;
808             opts = qemu_opts_parse_noisily(&qemu_object_opts,
809                                            optarg, true);
810             if (!opts) {
811                 return 1;
812             }
813         }   break;
814         case OPTION_IMAGE_OPTS:
815             image_opts = true;
816             break;
817         }
818     }
819     if (optind != argc - 1) {
820         error_exit("Expecting one image file name");
821     }
822     filename = argv[optind++];
823 
824     if (output && !strcmp(output, "json")) {
825         output_format = OFORMAT_JSON;
826     } else if (output && !strcmp(output, "human")) {
827         output_format = OFORMAT_HUMAN;
828     } else if (output) {
829         error_report("--output must be used with human or json as argument.");
830         return 1;
831     }
832 
833     if (qemu_opts_foreach(&qemu_object_opts,
834                           user_creatable_add_opts_foreach,
835                           qemu_img_object_print_help, &error_fatal)) {
836         return 1;
837     }
838 
839     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
840     if (ret < 0) {
841         error_report("Invalid source cache option: %s", cache);
842         return 1;
843     }
844 
845     blk = img_open(image_opts, filename, fmt, flags, writethrough, quiet,
846                    force_share);
847     if (!blk) {
848         return 1;
849     }
850     bs = blk_bs(blk);
851 
852     check = g_new0(ImageCheck, 1);
853     ret = collect_image_check(bs, check, filename, fmt, fix);
854 
855     if (ret == -ENOTSUP) {
856         error_report("This image format does not support checks");
857         ret = 63;
858         goto fail;
859     }
860 
861     if (check->corruptions_fixed || check->leaks_fixed) {
862         int corruptions_fixed, leaks_fixed;
863         bool has_leaks_fixed, has_corruptions_fixed;
864 
865         leaks_fixed         = check->leaks_fixed;
866         has_leaks_fixed     = check->has_leaks_fixed;
867         corruptions_fixed   = check->corruptions_fixed;
868         has_corruptions_fixed = check->has_corruptions_fixed;
869 
870         if (output_format == OFORMAT_HUMAN) {
871             qprintf(quiet,
872                     "The following inconsistencies were found and repaired:\n\n"
873                     "    %" PRId64 " leaked clusters\n"
874                     "    %" PRId64 " corruptions\n\n"
875                     "Double checking the fixed image now...\n",
876                     check->leaks_fixed,
877                     check->corruptions_fixed);
878         }
879 
880         qapi_free_ImageCheck(check);
881         check = g_new0(ImageCheck, 1);
882         ret = collect_image_check(bs, check, filename, fmt, 0);
883 
884         check->leaks_fixed          = leaks_fixed;
885         check->has_leaks_fixed      = has_leaks_fixed;
886         check->corruptions_fixed    = corruptions_fixed;
887         check->has_corruptions_fixed = has_corruptions_fixed;
888     }
889 
890     if (!ret) {
891         switch (output_format) {
892         case OFORMAT_HUMAN:
893             dump_human_image_check(check, quiet);
894             break;
895         case OFORMAT_JSON:
896             dump_json_image_check(check, quiet);
897             break;
898         }
899     }
900 
901     if (ret || check->check_errors) {
902         if (ret) {
903             error_report("Check failed: %s", strerror(-ret));
904         } else {
905             error_report("Check failed");
906         }
907         ret = 1;
908         goto fail;
909     }
910 
911     if (check->corruptions) {
912         ret = 2;
913     } else if (check->leaks) {
914         ret = 3;
915     } else {
916         ret = 0;
917     }
918 
919 fail:
920     qapi_free_ImageCheck(check);
921     blk_unref(blk);
922     return ret;
923 }
924 
925 typedef struct CommonBlockJobCBInfo {
926     BlockDriverState *bs;
927     Error **errp;
928 } CommonBlockJobCBInfo;
929 
930 static void common_block_job_cb(void *opaque, int ret)
931 {
932     CommonBlockJobCBInfo *cbi = opaque;
933 
934     if (ret < 0) {
935         error_setg_errno(cbi->errp, -ret, "Block job failed");
936     }
937 }
938 
939 static void run_block_job(BlockJob *job, Error **errp)
940 {
941     AioContext *aio_context = blk_get_aio_context(job->blk);
942     int ret = 0;
943 
944     aio_context_acquire(aio_context);
945     job_ref(&job->job);
946     do {
947         float progress = 0.0f;
948         aio_poll(aio_context, true);
949         if (job->job.progress.total) {
950             progress = (float)job->job.progress.current /
951                        job->job.progress.total * 100.f;
952         }
953         qemu_progress_print(progress, 0);
954     } while (!job_is_ready(&job->job) && !job_is_completed(&job->job));
955 
956     if (!job_is_completed(&job->job)) {
957         ret = job_complete_sync(&job->job, errp);
958     } else {
959         ret = job->job.ret;
960     }
961     job_unref(&job->job);
962     aio_context_release(aio_context);
963 
964     /* publish completion progress only when success */
965     if (!ret) {
966         qemu_progress_print(100.f, 0);
967     }
968 }
969 
970 static int img_commit(int argc, char **argv)
971 {
972     int c, ret, flags;
973     const char *filename, *fmt, *cache, *base;
974     BlockBackend *blk;
975     BlockDriverState *bs, *base_bs;
976     BlockJob *job;
977     bool progress = false, quiet = false, drop = false;
978     bool writethrough;
979     Error *local_err = NULL;
980     CommonBlockJobCBInfo cbi;
981     bool image_opts = false;
982     AioContext *aio_context;
983 
984     fmt = NULL;
985     cache = BDRV_DEFAULT_CACHE;
986     base = NULL;
987     for(;;) {
988         static const struct option long_options[] = {
989             {"help", no_argument, 0, 'h'},
990             {"object", required_argument, 0, OPTION_OBJECT},
991             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
992             {0, 0, 0, 0}
993         };
994         c = getopt_long(argc, argv, ":f:ht:b:dpq",
995                         long_options, NULL);
996         if (c == -1) {
997             break;
998         }
999         switch(c) {
1000         case ':':
1001             missing_argument(argv[optind - 1]);
1002             break;
1003         case '?':
1004             unrecognized_option(argv[optind - 1]);
1005             break;
1006         case 'h':
1007             help();
1008             break;
1009         case 'f':
1010             fmt = optarg;
1011             break;
1012         case 't':
1013             cache = optarg;
1014             break;
1015         case 'b':
1016             base = optarg;
1017             /* -b implies -d */
1018             drop = true;
1019             break;
1020         case 'd':
1021             drop = true;
1022             break;
1023         case 'p':
1024             progress = true;
1025             break;
1026         case 'q':
1027             quiet = true;
1028             break;
1029         case OPTION_OBJECT: {
1030             QemuOpts *opts;
1031             opts = qemu_opts_parse_noisily(&qemu_object_opts,
1032                                            optarg, true);
1033             if (!opts) {
1034                 return 1;
1035             }
1036         }   break;
1037         case OPTION_IMAGE_OPTS:
1038             image_opts = true;
1039             break;
1040         }
1041     }
1042 
1043     /* Progress is not shown in Quiet mode */
1044     if (quiet) {
1045         progress = false;
1046     }
1047 
1048     if (optind != argc - 1) {
1049         error_exit("Expecting one image file name");
1050     }
1051     filename = argv[optind++];
1052 
1053     if (qemu_opts_foreach(&qemu_object_opts,
1054                           user_creatable_add_opts_foreach,
1055                           qemu_img_object_print_help, &error_fatal)) {
1056         return 1;
1057     }
1058 
1059     flags = BDRV_O_RDWR | BDRV_O_UNMAP;
1060     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
1061     if (ret < 0) {
1062         error_report("Invalid cache option: %s", cache);
1063         return 1;
1064     }
1065 
1066     blk = img_open(image_opts, filename, fmt, flags, writethrough, quiet,
1067                    false);
1068     if (!blk) {
1069         return 1;
1070     }
1071     bs = blk_bs(blk);
1072 
1073     qemu_progress_init(progress, 1.f);
1074     qemu_progress_print(0.f, 100);
1075 
1076     if (base) {
1077         base_bs = bdrv_find_backing_image(bs, base);
1078         if (!base_bs) {
1079             error_setg(&local_err,
1080                        "Did not find '%s' in the backing chain of '%s'",
1081                        base, filename);
1082             goto done;
1083         }
1084     } else {
1085         /* This is different from QMP, which by default uses the deepest file in
1086          * the backing chain (i.e., the very base); however, the traditional
1087          * behavior of qemu-img commit is using the immediate backing file. */
1088         base_bs = bdrv_backing_chain_next(bs);
1089         if (!base_bs) {
1090             error_setg(&local_err, "Image does not have a backing file");
1091             goto done;
1092         }
1093     }
1094 
1095     cbi = (CommonBlockJobCBInfo){
1096         .errp = &local_err,
1097         .bs   = bs,
1098     };
1099 
1100     aio_context = bdrv_get_aio_context(bs);
1101     aio_context_acquire(aio_context);
1102     commit_active_start("commit", bs, base_bs, JOB_DEFAULT, 0,
1103                         BLOCKDEV_ON_ERROR_REPORT, NULL, common_block_job_cb,
1104                         &cbi, false, &local_err);
1105     aio_context_release(aio_context);
1106     if (local_err) {
1107         goto done;
1108     }
1109 
1110     /* When the block job completes, the BlockBackend reference will point to
1111      * the old backing file. In order to avoid that the top image is already
1112      * deleted, so we can still empty it afterwards, increment the reference
1113      * counter here preemptively. */
1114     if (!drop) {
1115         bdrv_ref(bs);
1116     }
1117 
1118     job = block_job_get("commit");
1119     assert(job);
1120     run_block_job(job, &local_err);
1121     if (local_err) {
1122         goto unref_backing;
1123     }
1124 
1125     if (!drop) {
1126         BlockBackend *old_backing_blk;
1127 
1128         old_backing_blk = blk_new_with_bs(bs, BLK_PERM_WRITE, BLK_PERM_ALL,
1129                                           &local_err);
1130         if (!old_backing_blk) {
1131             goto unref_backing;
1132         }
1133         ret = blk_make_empty(old_backing_blk, &local_err);
1134         blk_unref(old_backing_blk);
1135         if (ret == -ENOTSUP) {
1136             error_free(local_err);
1137             local_err = NULL;
1138         } else if (ret < 0) {
1139             goto unref_backing;
1140         }
1141     }
1142 
1143 unref_backing:
1144     if (!drop) {
1145         bdrv_unref(bs);
1146     }
1147 
1148 done:
1149     qemu_progress_end();
1150 
1151     blk_unref(blk);
1152 
1153     if (local_err) {
1154         error_report_err(local_err);
1155         return 1;
1156     }
1157 
1158     qprintf(quiet, "Image committed.\n");
1159     return 0;
1160 }
1161 
1162 /*
1163  * Returns -1 if 'buf' contains only zeroes, otherwise the byte index
1164  * of the first sector boundary within buf where the sector contains a
1165  * non-zero byte.  This function is robust to a buffer that is not
1166  * sector-aligned.
1167  */
1168 static int64_t find_nonzero(const uint8_t *buf, int64_t n)
1169 {
1170     int64_t i;
1171     int64_t end = QEMU_ALIGN_DOWN(n, BDRV_SECTOR_SIZE);
1172 
1173     for (i = 0; i < end; i += BDRV_SECTOR_SIZE) {
1174         if (!buffer_is_zero(buf + i, BDRV_SECTOR_SIZE)) {
1175             return i;
1176         }
1177     }
1178     if (i < n && !buffer_is_zero(buf + i, n - end)) {
1179         return i;
1180     }
1181     return -1;
1182 }
1183 
1184 /*
1185  * Returns true iff the first sector pointed to by 'buf' contains at least
1186  * a non-NUL byte.
1187  *
1188  * 'pnum' is set to the number of sectors (including and immediately following
1189  * the first one) that are known to be in the same allocated/unallocated state.
1190  * The function will try to align the end offset to alignment boundaries so
1191  * that the request will at least end aligned and consequtive requests will
1192  * also start at an aligned offset.
1193  */
1194 static int is_allocated_sectors(const uint8_t *buf, int n, int *pnum,
1195                                 int64_t sector_num, int alignment)
1196 {
1197     bool is_zero;
1198     int i, tail;
1199 
1200     if (n <= 0) {
1201         *pnum = 0;
1202         return 0;
1203     }
1204     is_zero = buffer_is_zero(buf, BDRV_SECTOR_SIZE);
1205     for(i = 1; i < n; i++) {
1206         buf += BDRV_SECTOR_SIZE;
1207         if (is_zero != buffer_is_zero(buf, BDRV_SECTOR_SIZE)) {
1208             break;
1209         }
1210     }
1211 
1212     tail = (sector_num + i) & (alignment - 1);
1213     if (tail) {
1214         if (is_zero && i <= tail) {
1215             /* treat unallocated areas which only consist
1216              * of a small tail as allocated. */
1217             is_zero = false;
1218         }
1219         if (!is_zero) {
1220             /* align up end offset of allocated areas. */
1221             i += alignment - tail;
1222             i = MIN(i, n);
1223         } else {
1224             /* align down end offset of zero areas. */
1225             i -= tail;
1226         }
1227     }
1228     *pnum = i;
1229     return !is_zero;
1230 }
1231 
1232 /*
1233  * Like is_allocated_sectors, but if the buffer starts with a used sector,
1234  * up to 'min' consecutive sectors containing zeros are ignored. This avoids
1235  * breaking up write requests for only small sparse areas.
1236  */
1237 static int is_allocated_sectors_min(const uint8_t *buf, int n, int *pnum,
1238     int min, int64_t sector_num, int alignment)
1239 {
1240     int ret;
1241     int num_checked, num_used;
1242 
1243     if (n < min) {
1244         min = n;
1245     }
1246 
1247     ret = is_allocated_sectors(buf, n, pnum, sector_num, alignment);
1248     if (!ret) {
1249         return ret;
1250     }
1251 
1252     num_used = *pnum;
1253     buf += BDRV_SECTOR_SIZE * *pnum;
1254     n -= *pnum;
1255     sector_num += *pnum;
1256     num_checked = num_used;
1257 
1258     while (n > 0) {
1259         ret = is_allocated_sectors(buf, n, pnum, sector_num, alignment);
1260 
1261         buf += BDRV_SECTOR_SIZE * *pnum;
1262         n -= *pnum;
1263         sector_num += *pnum;
1264         num_checked += *pnum;
1265         if (ret) {
1266             num_used = num_checked;
1267         } else if (*pnum >= min) {
1268             break;
1269         }
1270     }
1271 
1272     *pnum = num_used;
1273     return 1;
1274 }
1275 
1276 /*
1277  * Compares two buffers sector by sector. Returns 0 if the first
1278  * sector of each buffer matches, non-zero otherwise.
1279  *
1280  * pnum is set to the sector-aligned size of the buffer prefix that
1281  * has the same matching status as the first sector.
1282  */
1283 static int compare_buffers(const uint8_t *buf1, const uint8_t *buf2,
1284                            int64_t bytes, int64_t *pnum)
1285 {
1286     bool res;
1287     int64_t i = MIN(bytes, BDRV_SECTOR_SIZE);
1288 
1289     assert(bytes > 0);
1290 
1291     res = !!memcmp(buf1, buf2, i);
1292     while (i < bytes) {
1293         int64_t len = MIN(bytes - i, BDRV_SECTOR_SIZE);
1294 
1295         if (!!memcmp(buf1 + i, buf2 + i, len) != res) {
1296             break;
1297         }
1298         i += len;
1299     }
1300 
1301     *pnum = i;
1302     return res;
1303 }
1304 
1305 #define IO_BUF_SIZE (2 * MiB)
1306 
1307 /*
1308  * Check if passed sectors are empty (not allocated or contain only 0 bytes)
1309  *
1310  * Intended for use by 'qemu-img compare': Returns 0 in case sectors are
1311  * filled with 0, 1 if sectors contain non-zero data (this is a comparison
1312  * failure), and 4 on error (the exit status for read errors), after emitting
1313  * an error message.
1314  *
1315  * @param blk:  BlockBackend for the image
1316  * @param offset: Starting offset to check
1317  * @param bytes: Number of bytes to check
1318  * @param filename: Name of disk file we are checking (logging purpose)
1319  * @param buffer: Allocated buffer for storing read data
1320  * @param quiet: Flag for quiet mode
1321  */
1322 static int check_empty_sectors(BlockBackend *blk, int64_t offset,
1323                                int64_t bytes, const char *filename,
1324                                uint8_t *buffer, bool quiet)
1325 {
1326     int ret = 0;
1327     int64_t idx;
1328 
1329     ret = blk_pread(blk, offset, buffer, bytes);
1330     if (ret < 0) {
1331         error_report("Error while reading offset %" PRId64 " of %s: %s",
1332                      offset, filename, strerror(-ret));
1333         return 4;
1334     }
1335     idx = find_nonzero(buffer, bytes);
1336     if (idx >= 0) {
1337         qprintf(quiet, "Content mismatch at offset %" PRId64 "!\n",
1338                 offset + idx);
1339         return 1;
1340     }
1341 
1342     return 0;
1343 }
1344 
1345 /*
1346  * Compares two images. Exit codes:
1347  *
1348  * 0 - Images are identical
1349  * 1 - Images differ
1350  * >1 - Error occurred
1351  */
1352 static int img_compare(int argc, char **argv)
1353 {
1354     const char *fmt1 = NULL, *fmt2 = NULL, *cache, *filename1, *filename2;
1355     BlockBackend *blk1, *blk2;
1356     BlockDriverState *bs1, *bs2;
1357     int64_t total_size1, total_size2;
1358     uint8_t *buf1 = NULL, *buf2 = NULL;
1359     int64_t pnum1, pnum2;
1360     int allocated1, allocated2;
1361     int ret = 0; /* return value - 0 Ident, 1 Different, >1 Error */
1362     bool progress = false, quiet = false, strict = false;
1363     int flags;
1364     bool writethrough;
1365     int64_t total_size;
1366     int64_t offset = 0;
1367     int64_t chunk;
1368     int c;
1369     uint64_t progress_base;
1370     bool image_opts = false;
1371     bool force_share = false;
1372 
1373     cache = BDRV_DEFAULT_CACHE;
1374     for (;;) {
1375         static const struct option long_options[] = {
1376             {"help", no_argument, 0, 'h'},
1377             {"object", required_argument, 0, OPTION_OBJECT},
1378             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
1379             {"force-share", no_argument, 0, 'U'},
1380             {0, 0, 0, 0}
1381         };
1382         c = getopt_long(argc, argv, ":hf:F:T:pqsU",
1383                         long_options, NULL);
1384         if (c == -1) {
1385             break;
1386         }
1387         switch (c) {
1388         case ':':
1389             missing_argument(argv[optind - 1]);
1390             break;
1391         case '?':
1392             unrecognized_option(argv[optind - 1]);
1393             break;
1394         case 'h':
1395             help();
1396             break;
1397         case 'f':
1398             fmt1 = optarg;
1399             break;
1400         case 'F':
1401             fmt2 = optarg;
1402             break;
1403         case 'T':
1404             cache = optarg;
1405             break;
1406         case 'p':
1407             progress = true;
1408             break;
1409         case 'q':
1410             quiet = true;
1411             break;
1412         case 's':
1413             strict = true;
1414             break;
1415         case 'U':
1416             force_share = true;
1417             break;
1418         case OPTION_OBJECT: {
1419             QemuOpts *opts;
1420             opts = qemu_opts_parse_noisily(&qemu_object_opts,
1421                                            optarg, true);
1422             if (!opts) {
1423                 ret = 2;
1424                 goto out4;
1425             }
1426         }   break;
1427         case OPTION_IMAGE_OPTS:
1428             image_opts = true;
1429             break;
1430         }
1431     }
1432 
1433     /* Progress is not shown in Quiet mode */
1434     if (quiet) {
1435         progress = false;
1436     }
1437 
1438 
1439     if (optind != argc - 2) {
1440         error_exit("Expecting two image file names");
1441     }
1442     filename1 = argv[optind++];
1443     filename2 = argv[optind++];
1444 
1445     if (qemu_opts_foreach(&qemu_object_opts,
1446                           user_creatable_add_opts_foreach,
1447                           qemu_img_object_print_help, &error_fatal)) {
1448         ret = 2;
1449         goto out4;
1450     }
1451 
1452     /* Initialize before goto out */
1453     qemu_progress_init(progress, 2.0);
1454 
1455     flags = 0;
1456     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
1457     if (ret < 0) {
1458         error_report("Invalid source cache option: %s", cache);
1459         ret = 2;
1460         goto out3;
1461     }
1462 
1463     blk1 = img_open(image_opts, filename1, fmt1, flags, writethrough, quiet,
1464                     force_share);
1465     if (!blk1) {
1466         ret = 2;
1467         goto out3;
1468     }
1469 
1470     blk2 = img_open(image_opts, filename2, fmt2, flags, writethrough, quiet,
1471                     force_share);
1472     if (!blk2) {
1473         ret = 2;
1474         goto out2;
1475     }
1476     bs1 = blk_bs(blk1);
1477     bs2 = blk_bs(blk2);
1478 
1479     buf1 = blk_blockalign(blk1, IO_BUF_SIZE);
1480     buf2 = blk_blockalign(blk2, IO_BUF_SIZE);
1481     total_size1 = blk_getlength(blk1);
1482     if (total_size1 < 0) {
1483         error_report("Can't get size of %s: %s",
1484                      filename1, strerror(-total_size1));
1485         ret = 4;
1486         goto out;
1487     }
1488     total_size2 = blk_getlength(blk2);
1489     if (total_size2 < 0) {
1490         error_report("Can't get size of %s: %s",
1491                      filename2, strerror(-total_size2));
1492         ret = 4;
1493         goto out;
1494     }
1495     total_size = MIN(total_size1, total_size2);
1496     progress_base = MAX(total_size1, total_size2);
1497 
1498     qemu_progress_print(0, 100);
1499 
1500     if (strict && total_size1 != total_size2) {
1501         ret = 1;
1502         qprintf(quiet, "Strict mode: Image size mismatch!\n");
1503         goto out;
1504     }
1505 
1506     while (offset < total_size) {
1507         int status1, status2;
1508 
1509         status1 = bdrv_block_status_above(bs1, NULL, offset,
1510                                           total_size1 - offset, &pnum1, NULL,
1511                                           NULL);
1512         if (status1 < 0) {
1513             ret = 3;
1514             error_report("Sector allocation test failed for %s", filename1);
1515             goto out;
1516         }
1517         allocated1 = status1 & BDRV_BLOCK_ALLOCATED;
1518 
1519         status2 = bdrv_block_status_above(bs2, NULL, offset,
1520                                           total_size2 - offset, &pnum2, NULL,
1521                                           NULL);
1522         if (status2 < 0) {
1523             ret = 3;
1524             error_report("Sector allocation test failed for %s", filename2);
1525             goto out;
1526         }
1527         allocated2 = status2 & BDRV_BLOCK_ALLOCATED;
1528 
1529         assert(pnum1 && pnum2);
1530         chunk = MIN(pnum1, pnum2);
1531 
1532         if (strict) {
1533             if (status1 != status2) {
1534                 ret = 1;
1535                 qprintf(quiet, "Strict mode: Offset %" PRId64
1536                         " block status mismatch!\n", offset);
1537                 goto out;
1538             }
1539         }
1540         if ((status1 & BDRV_BLOCK_ZERO) && (status2 & BDRV_BLOCK_ZERO)) {
1541             /* nothing to do */
1542         } else if (allocated1 == allocated2) {
1543             if (allocated1) {
1544                 int64_t pnum;
1545 
1546                 chunk = MIN(chunk, IO_BUF_SIZE);
1547                 ret = blk_pread(blk1, offset, buf1, chunk);
1548                 if (ret < 0) {
1549                     error_report("Error while reading offset %" PRId64
1550                                  " of %s: %s",
1551                                  offset, filename1, strerror(-ret));
1552                     ret = 4;
1553                     goto out;
1554                 }
1555                 ret = blk_pread(blk2, offset, buf2, chunk);
1556                 if (ret < 0) {
1557                     error_report("Error while reading offset %" PRId64
1558                                  " of %s: %s",
1559                                  offset, filename2, strerror(-ret));
1560                     ret = 4;
1561                     goto out;
1562                 }
1563                 ret = compare_buffers(buf1, buf2, chunk, &pnum);
1564                 if (ret || pnum != chunk) {
1565                     qprintf(quiet, "Content mismatch at offset %" PRId64 "!\n",
1566                             offset + (ret ? 0 : pnum));
1567                     ret = 1;
1568                     goto out;
1569                 }
1570             }
1571         } else {
1572             chunk = MIN(chunk, IO_BUF_SIZE);
1573             if (allocated1) {
1574                 ret = check_empty_sectors(blk1, offset, chunk,
1575                                           filename1, buf1, quiet);
1576             } else {
1577                 ret = check_empty_sectors(blk2, offset, chunk,
1578                                           filename2, buf1, quiet);
1579             }
1580             if (ret) {
1581                 goto out;
1582             }
1583         }
1584         offset += chunk;
1585         qemu_progress_print(((float) chunk / progress_base) * 100, 100);
1586     }
1587 
1588     if (total_size1 != total_size2) {
1589         BlockBackend *blk_over;
1590         const char *filename_over;
1591 
1592         qprintf(quiet, "Warning: Image size mismatch!\n");
1593         if (total_size1 > total_size2) {
1594             blk_over = blk1;
1595             filename_over = filename1;
1596         } else {
1597             blk_over = blk2;
1598             filename_over = filename2;
1599         }
1600 
1601         while (offset < progress_base) {
1602             ret = bdrv_block_status_above(blk_bs(blk_over), NULL, offset,
1603                                           progress_base - offset, &chunk,
1604                                           NULL, NULL);
1605             if (ret < 0) {
1606                 ret = 3;
1607                 error_report("Sector allocation test failed for %s",
1608                              filename_over);
1609                 goto out;
1610 
1611             }
1612             if (ret & BDRV_BLOCK_ALLOCATED && !(ret & BDRV_BLOCK_ZERO)) {
1613                 chunk = MIN(chunk, IO_BUF_SIZE);
1614                 ret = check_empty_sectors(blk_over, offset, chunk,
1615                                           filename_over, buf1, quiet);
1616                 if (ret) {
1617                     goto out;
1618                 }
1619             }
1620             offset += chunk;
1621             qemu_progress_print(((float) chunk / progress_base) * 100, 100);
1622         }
1623     }
1624 
1625     qprintf(quiet, "Images are identical.\n");
1626     ret = 0;
1627 
1628 out:
1629     qemu_vfree(buf1);
1630     qemu_vfree(buf2);
1631     blk_unref(blk2);
1632 out2:
1633     blk_unref(blk1);
1634 out3:
1635     qemu_progress_end();
1636 out4:
1637     return ret;
1638 }
1639 
1640 /* Convenience wrapper around qmp_block_dirty_bitmap_merge */
1641 static void do_dirty_bitmap_merge(const char *dst_node, const char *dst_name,
1642                                   const char *src_node, const char *src_name,
1643                                   Error **errp)
1644 {
1645     BlockDirtyBitmapMergeSource *merge_src;
1646     BlockDirtyBitmapMergeSourceList *list;
1647 
1648     merge_src = g_new0(BlockDirtyBitmapMergeSource, 1);
1649     merge_src->type = QTYPE_QDICT;
1650     merge_src->u.external.node = g_strdup(src_node);
1651     merge_src->u.external.name = g_strdup(src_name);
1652     list = g_new0(BlockDirtyBitmapMergeSourceList, 1);
1653     list->value = merge_src;
1654     qmp_block_dirty_bitmap_merge(dst_node, dst_name, list, errp);
1655     qapi_free_BlockDirtyBitmapMergeSourceList(list);
1656 }
1657 
1658 enum ImgConvertBlockStatus {
1659     BLK_DATA,
1660     BLK_ZERO,
1661     BLK_BACKING_FILE,
1662 };
1663 
1664 #define MAX_COROUTINES 16
1665 
1666 typedef struct ImgConvertState {
1667     BlockBackend **src;
1668     int64_t *src_sectors;
1669     int *src_alignment;
1670     int src_num;
1671     int64_t total_sectors;
1672     int64_t allocated_sectors;
1673     int64_t allocated_done;
1674     int64_t sector_num;
1675     int64_t wr_offs;
1676     enum ImgConvertBlockStatus status;
1677     int64_t sector_next_status;
1678     BlockBackend *target;
1679     bool has_zero_init;
1680     bool compressed;
1681     bool target_is_new;
1682     bool target_has_backing;
1683     int64_t target_backing_sectors; /* negative if unknown */
1684     bool wr_in_order;
1685     bool copy_range;
1686     bool salvage;
1687     bool quiet;
1688     int min_sparse;
1689     int alignment;
1690     size_t cluster_sectors;
1691     size_t buf_sectors;
1692     long num_coroutines;
1693     int running_coroutines;
1694     Coroutine *co[MAX_COROUTINES];
1695     int64_t wait_sector_num[MAX_COROUTINES];
1696     CoMutex lock;
1697     int ret;
1698 } ImgConvertState;
1699 
1700 static void convert_select_part(ImgConvertState *s, int64_t sector_num,
1701                                 int *src_cur, int64_t *src_cur_offset)
1702 {
1703     *src_cur = 0;
1704     *src_cur_offset = 0;
1705     while (sector_num - *src_cur_offset >= s->src_sectors[*src_cur]) {
1706         *src_cur_offset += s->src_sectors[*src_cur];
1707         (*src_cur)++;
1708         assert(*src_cur < s->src_num);
1709     }
1710 }
1711 
1712 static int convert_iteration_sectors(ImgConvertState *s, int64_t sector_num)
1713 {
1714     int64_t src_cur_offset;
1715     int ret, n, src_cur;
1716     bool post_backing_zero = false;
1717 
1718     convert_select_part(s, sector_num, &src_cur, &src_cur_offset);
1719 
1720     assert(s->total_sectors > sector_num);
1721     n = MIN(s->total_sectors - sector_num, BDRV_REQUEST_MAX_SECTORS);
1722 
1723     if (s->target_backing_sectors >= 0) {
1724         if (sector_num >= s->target_backing_sectors) {
1725             post_backing_zero = true;
1726         } else if (sector_num + n > s->target_backing_sectors) {
1727             /* Split requests around target_backing_sectors (because
1728              * starting from there, zeros are handled differently) */
1729             n = s->target_backing_sectors - sector_num;
1730         }
1731     }
1732 
1733     if (s->sector_next_status <= sector_num) {
1734         uint64_t offset = (sector_num - src_cur_offset) * BDRV_SECTOR_SIZE;
1735         int64_t count;
1736         int tail;
1737         BlockDriverState *src_bs = blk_bs(s->src[src_cur]);
1738         BlockDriverState *base;
1739 
1740         if (s->target_has_backing) {
1741             base = bdrv_cow_bs(bdrv_skip_filters(src_bs));
1742         } else {
1743             base = NULL;
1744         }
1745 
1746         do {
1747             count = n * BDRV_SECTOR_SIZE;
1748 
1749             ret = bdrv_block_status_above(src_bs, base, offset, count, &count,
1750                                           NULL, NULL);
1751 
1752             if (ret < 0) {
1753                 if (s->salvage) {
1754                     if (n == 1) {
1755                         if (!s->quiet) {
1756                             warn_report("error while reading block status at "
1757                                         "offset %" PRIu64 ": %s", offset,
1758                                         strerror(-ret));
1759                         }
1760                         /* Just try to read the data, then */
1761                         ret = BDRV_BLOCK_DATA;
1762                         count = BDRV_SECTOR_SIZE;
1763                     } else {
1764                         /* Retry on a shorter range */
1765                         n = DIV_ROUND_UP(n, 4);
1766                     }
1767                 } else {
1768                     error_report("error while reading block status at offset "
1769                                  "%" PRIu64 ": %s", offset, strerror(-ret));
1770                     return ret;
1771                 }
1772             }
1773         } while (ret < 0);
1774 
1775         n = DIV_ROUND_UP(count, BDRV_SECTOR_SIZE);
1776 
1777         /*
1778          * Avoid that s->sector_next_status becomes unaligned to the source
1779          * request alignment and/or cluster size to avoid unnecessary read
1780          * cycles.
1781          */
1782         tail = (sector_num - src_cur_offset + n) % s->src_alignment[src_cur];
1783         if (n > tail) {
1784             n -= tail;
1785         }
1786 
1787         if (ret & BDRV_BLOCK_ZERO) {
1788             s->status = post_backing_zero ? BLK_BACKING_FILE : BLK_ZERO;
1789         } else if (ret & BDRV_BLOCK_DATA) {
1790             s->status = BLK_DATA;
1791         } else {
1792             s->status = s->target_has_backing ? BLK_BACKING_FILE : BLK_DATA;
1793         }
1794 
1795         s->sector_next_status = sector_num + n;
1796     }
1797 
1798     n = MIN(n, s->sector_next_status - sector_num);
1799     if (s->status == BLK_DATA) {
1800         n = MIN(n, s->buf_sectors);
1801     }
1802 
1803     /* We need to write complete clusters for compressed images, so if an
1804      * unallocated area is shorter than that, we must consider the whole
1805      * cluster allocated. */
1806     if (s->compressed) {
1807         if (n < s->cluster_sectors) {
1808             n = MIN(s->cluster_sectors, s->total_sectors - sector_num);
1809             s->status = BLK_DATA;
1810         } else {
1811             n = QEMU_ALIGN_DOWN(n, s->cluster_sectors);
1812         }
1813     }
1814 
1815     return n;
1816 }
1817 
1818 static int coroutine_fn convert_co_read(ImgConvertState *s, int64_t sector_num,
1819                                         int nb_sectors, uint8_t *buf)
1820 {
1821     uint64_t single_read_until = 0;
1822     int n, ret;
1823 
1824     assert(nb_sectors <= s->buf_sectors);
1825     while (nb_sectors > 0) {
1826         BlockBackend *blk;
1827         int src_cur;
1828         int64_t bs_sectors, src_cur_offset;
1829         uint64_t offset;
1830 
1831         /* In the case of compression with multiple source files, we can get a
1832          * nb_sectors that spreads into the next part. So we must be able to
1833          * read across multiple BDSes for one convert_read() call. */
1834         convert_select_part(s, sector_num, &src_cur, &src_cur_offset);
1835         blk = s->src[src_cur];
1836         bs_sectors = s->src_sectors[src_cur];
1837 
1838         offset = (sector_num - src_cur_offset) << BDRV_SECTOR_BITS;
1839 
1840         n = MIN(nb_sectors, bs_sectors - (sector_num - src_cur_offset));
1841         if (single_read_until > offset) {
1842             n = 1;
1843         }
1844 
1845         ret = blk_co_pread(blk, offset, n << BDRV_SECTOR_BITS, buf, 0);
1846         if (ret < 0) {
1847             if (s->salvage) {
1848                 if (n > 1) {
1849                     single_read_until = offset + (n << BDRV_SECTOR_BITS);
1850                     continue;
1851                 } else {
1852                     if (!s->quiet) {
1853                         warn_report("error while reading offset %" PRIu64
1854                                     ": %s", offset, strerror(-ret));
1855                     }
1856                     memset(buf, 0, BDRV_SECTOR_SIZE);
1857                 }
1858             } else {
1859                 return ret;
1860             }
1861         }
1862 
1863         sector_num += n;
1864         nb_sectors -= n;
1865         buf += n * BDRV_SECTOR_SIZE;
1866     }
1867 
1868     return 0;
1869 }
1870 
1871 
1872 static int coroutine_fn convert_co_write(ImgConvertState *s, int64_t sector_num,
1873                                          int nb_sectors, uint8_t *buf,
1874                                          enum ImgConvertBlockStatus status)
1875 {
1876     int ret;
1877 
1878     while (nb_sectors > 0) {
1879         int n = nb_sectors;
1880         BdrvRequestFlags flags = s->compressed ? BDRV_REQ_WRITE_COMPRESSED : 0;
1881 
1882         switch (status) {
1883         case BLK_BACKING_FILE:
1884             /* If we have a backing file, leave clusters unallocated that are
1885              * unallocated in the source image, so that the backing file is
1886              * visible at the respective offset. */
1887             assert(s->target_has_backing);
1888             break;
1889 
1890         case BLK_DATA:
1891             /* If we're told to keep the target fully allocated (-S 0) or there
1892              * is real non-zero data, we must write it. Otherwise we can treat
1893              * it as zero sectors.
1894              * Compressed clusters need to be written as a whole, so in that
1895              * case we can only save the write if the buffer is completely
1896              * zeroed. */
1897             if (!s->min_sparse ||
1898                 (!s->compressed &&
1899                  is_allocated_sectors_min(buf, n, &n, s->min_sparse,
1900                                           sector_num, s->alignment)) ||
1901                 (s->compressed &&
1902                  !buffer_is_zero(buf, n * BDRV_SECTOR_SIZE)))
1903             {
1904                 ret = blk_co_pwrite(s->target, sector_num << BDRV_SECTOR_BITS,
1905                                     n << BDRV_SECTOR_BITS, buf, flags);
1906                 if (ret < 0) {
1907                     return ret;
1908                 }
1909                 break;
1910             }
1911             /* fall-through */
1912 
1913         case BLK_ZERO:
1914             if (s->has_zero_init) {
1915                 assert(!s->target_has_backing);
1916                 break;
1917             }
1918             ret = blk_co_pwrite_zeroes(s->target,
1919                                        sector_num << BDRV_SECTOR_BITS,
1920                                        n << BDRV_SECTOR_BITS,
1921                                        BDRV_REQ_MAY_UNMAP);
1922             if (ret < 0) {
1923                 return ret;
1924             }
1925             break;
1926         }
1927 
1928         sector_num += n;
1929         nb_sectors -= n;
1930         buf += n * BDRV_SECTOR_SIZE;
1931     }
1932 
1933     return 0;
1934 }
1935 
1936 static int coroutine_fn convert_co_copy_range(ImgConvertState *s, int64_t sector_num,
1937                                               int nb_sectors)
1938 {
1939     int n, ret;
1940 
1941     while (nb_sectors > 0) {
1942         BlockBackend *blk;
1943         int src_cur;
1944         int64_t bs_sectors, src_cur_offset;
1945         int64_t offset;
1946 
1947         convert_select_part(s, sector_num, &src_cur, &src_cur_offset);
1948         offset = (sector_num - src_cur_offset) << BDRV_SECTOR_BITS;
1949         blk = s->src[src_cur];
1950         bs_sectors = s->src_sectors[src_cur];
1951 
1952         n = MIN(nb_sectors, bs_sectors - (sector_num - src_cur_offset));
1953 
1954         ret = blk_co_copy_range(blk, offset, s->target,
1955                                 sector_num << BDRV_SECTOR_BITS,
1956                                 n << BDRV_SECTOR_BITS, 0, 0);
1957         if (ret < 0) {
1958             return ret;
1959         }
1960 
1961         sector_num += n;
1962         nb_sectors -= n;
1963     }
1964     return 0;
1965 }
1966 
1967 static void coroutine_fn convert_co_do_copy(void *opaque)
1968 {
1969     ImgConvertState *s = opaque;
1970     uint8_t *buf = NULL;
1971     int ret, i;
1972     int index = -1;
1973 
1974     for (i = 0; i < s->num_coroutines; i++) {
1975         if (s->co[i] == qemu_coroutine_self()) {
1976             index = i;
1977             break;
1978         }
1979     }
1980     assert(index >= 0);
1981 
1982     s->running_coroutines++;
1983     buf = blk_blockalign(s->target, s->buf_sectors * BDRV_SECTOR_SIZE);
1984 
1985     while (1) {
1986         int n;
1987         int64_t sector_num;
1988         enum ImgConvertBlockStatus status;
1989         bool copy_range;
1990 
1991         qemu_co_mutex_lock(&s->lock);
1992         if (s->ret != -EINPROGRESS || s->sector_num >= s->total_sectors) {
1993             qemu_co_mutex_unlock(&s->lock);
1994             break;
1995         }
1996         n = convert_iteration_sectors(s, s->sector_num);
1997         if (n < 0) {
1998             qemu_co_mutex_unlock(&s->lock);
1999             s->ret = n;
2000             break;
2001         }
2002         /* save current sector and allocation status to local variables */
2003         sector_num = s->sector_num;
2004         status = s->status;
2005         if (!s->min_sparse && s->status == BLK_ZERO) {
2006             n = MIN(n, s->buf_sectors);
2007         }
2008         /* increment global sector counter so that other coroutines can
2009          * already continue reading beyond this request */
2010         s->sector_num += n;
2011         qemu_co_mutex_unlock(&s->lock);
2012 
2013         if (status == BLK_DATA || (!s->min_sparse && status == BLK_ZERO)) {
2014             s->allocated_done += n;
2015             qemu_progress_print(100.0 * s->allocated_done /
2016                                         s->allocated_sectors, 0);
2017         }
2018 
2019 retry:
2020         copy_range = s->copy_range && s->status == BLK_DATA;
2021         if (status == BLK_DATA && !copy_range) {
2022             ret = convert_co_read(s, sector_num, n, buf);
2023             if (ret < 0) {
2024                 error_report("error while reading at byte %lld: %s",
2025                              sector_num * BDRV_SECTOR_SIZE, strerror(-ret));
2026                 s->ret = ret;
2027             }
2028         } else if (!s->min_sparse && status == BLK_ZERO) {
2029             status = BLK_DATA;
2030             memset(buf, 0x00, n * BDRV_SECTOR_SIZE);
2031         }
2032 
2033         if (s->wr_in_order) {
2034             /* keep writes in order */
2035             while (s->wr_offs != sector_num && s->ret == -EINPROGRESS) {
2036                 s->wait_sector_num[index] = sector_num;
2037                 qemu_coroutine_yield();
2038             }
2039             s->wait_sector_num[index] = -1;
2040         }
2041 
2042         if (s->ret == -EINPROGRESS) {
2043             if (copy_range) {
2044                 ret = convert_co_copy_range(s, sector_num, n);
2045                 if (ret) {
2046                     s->copy_range = false;
2047                     goto retry;
2048                 }
2049             } else {
2050                 ret = convert_co_write(s, sector_num, n, buf, status);
2051             }
2052             if (ret < 0) {
2053                 error_report("error while writing at byte %lld: %s",
2054                              sector_num * BDRV_SECTOR_SIZE, strerror(-ret));
2055                 s->ret = ret;
2056             }
2057         }
2058 
2059         if (s->wr_in_order) {
2060             /* reenter the coroutine that might have waited
2061              * for this write to complete */
2062             s->wr_offs = sector_num + n;
2063             for (i = 0; i < s->num_coroutines; i++) {
2064                 if (s->co[i] && s->wait_sector_num[i] == s->wr_offs) {
2065                     /*
2066                      * A -> B -> A cannot occur because A has
2067                      * s->wait_sector_num[i] == -1 during A -> B.  Therefore
2068                      * B will never enter A during this time window.
2069                      */
2070                     qemu_coroutine_enter(s->co[i]);
2071                     break;
2072                 }
2073             }
2074         }
2075     }
2076 
2077     qemu_vfree(buf);
2078     s->co[index] = NULL;
2079     s->running_coroutines--;
2080     if (!s->running_coroutines && s->ret == -EINPROGRESS) {
2081         /* the convert job finished successfully */
2082         s->ret = 0;
2083     }
2084 }
2085 
2086 static int convert_do_copy(ImgConvertState *s)
2087 {
2088     int ret, i, n;
2089     int64_t sector_num = 0;
2090 
2091     /* Check whether we have zero initialisation or can get it efficiently */
2092     if (!s->has_zero_init && s->target_is_new && s->min_sparse &&
2093         !s->target_has_backing) {
2094         s->has_zero_init = bdrv_has_zero_init(blk_bs(s->target));
2095     }
2096 
2097     /* Allocate buffer for copied data. For compressed images, only one cluster
2098      * can be copied at a time. */
2099     if (s->compressed) {
2100         if (s->cluster_sectors <= 0 || s->cluster_sectors > s->buf_sectors) {
2101             error_report("invalid cluster size");
2102             return -EINVAL;
2103         }
2104         s->buf_sectors = s->cluster_sectors;
2105     }
2106 
2107     while (sector_num < s->total_sectors) {
2108         n = convert_iteration_sectors(s, sector_num);
2109         if (n < 0) {
2110             return n;
2111         }
2112         if (s->status == BLK_DATA || (!s->min_sparse && s->status == BLK_ZERO))
2113         {
2114             s->allocated_sectors += n;
2115         }
2116         sector_num += n;
2117     }
2118 
2119     /* Do the copy */
2120     s->sector_next_status = 0;
2121     s->ret = -EINPROGRESS;
2122 
2123     qemu_co_mutex_init(&s->lock);
2124     for (i = 0; i < s->num_coroutines; i++) {
2125         s->co[i] = qemu_coroutine_create(convert_co_do_copy, s);
2126         s->wait_sector_num[i] = -1;
2127         qemu_coroutine_enter(s->co[i]);
2128     }
2129 
2130     while (s->running_coroutines) {
2131         main_loop_wait(false);
2132     }
2133 
2134     if (s->compressed && !s->ret) {
2135         /* signal EOF to align */
2136         ret = blk_pwrite_compressed(s->target, 0, NULL, 0);
2137         if (ret < 0) {
2138             return ret;
2139         }
2140     }
2141 
2142     return s->ret;
2143 }
2144 
2145 static int convert_copy_bitmaps(BlockDriverState *src, BlockDriverState *dst)
2146 {
2147     BdrvDirtyBitmap *bm;
2148     Error *err = NULL;
2149 
2150     FOR_EACH_DIRTY_BITMAP(src, bm) {
2151         const char *name;
2152 
2153         if (!bdrv_dirty_bitmap_get_persistence(bm)) {
2154             continue;
2155         }
2156         name = bdrv_dirty_bitmap_name(bm);
2157         qmp_block_dirty_bitmap_add(dst->node_name, name,
2158                                    true, bdrv_dirty_bitmap_granularity(bm),
2159                                    true, true,
2160                                    true, !bdrv_dirty_bitmap_enabled(bm),
2161                                    &err);
2162         if (err) {
2163             error_reportf_err(err, "Failed to create bitmap %s: ", name);
2164             return -1;
2165         }
2166 
2167         do_dirty_bitmap_merge(dst->node_name, name, src->node_name, name,
2168                               &err);
2169         if (err) {
2170             error_reportf_err(err, "Failed to populate bitmap %s: ", name);
2171             return -1;
2172         }
2173     }
2174 
2175     return 0;
2176 }
2177 
2178 #define MAX_BUF_SECTORS 32768
2179 
2180 static int img_convert(int argc, char **argv)
2181 {
2182     int c, bs_i, flags, src_flags = 0;
2183     const char *fmt = NULL, *out_fmt = NULL, *cache = "unsafe",
2184                *src_cache = BDRV_DEFAULT_CACHE, *out_baseimg = NULL,
2185                *out_filename, *out_baseimg_param, *snapshot_name = NULL;
2186     BlockDriver *drv = NULL, *proto_drv = NULL;
2187     BlockDriverInfo bdi;
2188     BlockDriverState *out_bs;
2189     QemuOpts *opts = NULL, *sn_opts = NULL;
2190     QemuOptsList *create_opts = NULL;
2191     QDict *open_opts = NULL;
2192     char *options = NULL;
2193     Error *local_err = NULL;
2194     bool writethrough, src_writethrough, image_opts = false,
2195          skip_create = false, progress = false, tgt_image_opts = false;
2196     int64_t ret = -EINVAL;
2197     bool force_share = false;
2198     bool explict_min_sparse = false;
2199     bool bitmaps = false;
2200 
2201     ImgConvertState s = (ImgConvertState) {
2202         /* Need at least 4k of zeros for sparse detection */
2203         .min_sparse         = 8,
2204         .copy_range         = false,
2205         .buf_sectors        = IO_BUF_SIZE / BDRV_SECTOR_SIZE,
2206         .wr_in_order        = true,
2207         .num_coroutines     = 8,
2208     };
2209 
2210     for(;;) {
2211         static const struct option long_options[] = {
2212             {"help", no_argument, 0, 'h'},
2213             {"object", required_argument, 0, OPTION_OBJECT},
2214             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
2215             {"force-share", no_argument, 0, 'U'},
2216             {"target-image-opts", no_argument, 0, OPTION_TARGET_IMAGE_OPTS},
2217             {"salvage", no_argument, 0, OPTION_SALVAGE},
2218             {"target-is-zero", no_argument, 0, OPTION_TARGET_IS_ZERO},
2219             {"bitmaps", no_argument, 0, OPTION_BITMAPS},
2220             {0, 0, 0, 0}
2221         };
2222         c = getopt_long(argc, argv, ":hf:O:B:Cco:l:S:pt:T:qnm:WU",
2223                         long_options, NULL);
2224         if (c == -1) {
2225             break;
2226         }
2227         switch(c) {
2228         case ':':
2229             missing_argument(argv[optind - 1]);
2230             break;
2231         case '?':
2232             unrecognized_option(argv[optind - 1]);
2233             break;
2234         case 'h':
2235             help();
2236             break;
2237         case 'f':
2238             fmt = optarg;
2239             break;
2240         case 'O':
2241             out_fmt = optarg;
2242             break;
2243         case 'B':
2244             out_baseimg = optarg;
2245             break;
2246         case 'C':
2247             s.copy_range = true;
2248             break;
2249         case 'c':
2250             s.compressed = true;
2251             break;
2252         case 'o':
2253             if (accumulate_options(&options, optarg) < 0) {
2254                 goto fail_getopt;
2255             }
2256             break;
2257         case 'l':
2258             if (strstart(optarg, SNAPSHOT_OPT_BASE, NULL)) {
2259                 sn_opts = qemu_opts_parse_noisily(&internal_snapshot_opts,
2260                                                   optarg, false);
2261                 if (!sn_opts) {
2262                     error_report("Failed in parsing snapshot param '%s'",
2263                                  optarg);
2264                     goto fail_getopt;
2265                 }
2266             } else {
2267                 snapshot_name = optarg;
2268             }
2269             break;
2270         case 'S':
2271         {
2272             int64_t sval;
2273 
2274             sval = cvtnum("buffer size for sparse output", optarg);
2275             if (sval < 0) {
2276                 goto fail_getopt;
2277             } else if (!QEMU_IS_ALIGNED(sval, BDRV_SECTOR_SIZE) ||
2278                 sval / BDRV_SECTOR_SIZE > MAX_BUF_SECTORS) {
2279                 error_report("Invalid buffer size for sparse output specified. "
2280                     "Valid sizes are multiples of %llu up to %llu. Select "
2281                     "0 to disable sparse detection (fully allocates output).",
2282                     BDRV_SECTOR_SIZE, MAX_BUF_SECTORS * BDRV_SECTOR_SIZE);
2283                 goto fail_getopt;
2284             }
2285 
2286             s.min_sparse = sval / BDRV_SECTOR_SIZE;
2287             explict_min_sparse = true;
2288             break;
2289         }
2290         case 'p':
2291             progress = true;
2292             break;
2293         case 't':
2294             cache = optarg;
2295             break;
2296         case 'T':
2297             src_cache = optarg;
2298             break;
2299         case 'q':
2300             s.quiet = true;
2301             break;
2302         case 'n':
2303             skip_create = true;
2304             break;
2305         case 'm':
2306             if (qemu_strtol(optarg, NULL, 0, &s.num_coroutines) ||
2307                 s.num_coroutines < 1 || s.num_coroutines > MAX_COROUTINES) {
2308                 error_report("Invalid number of coroutines. Allowed number of"
2309                              " coroutines is between 1 and %d", MAX_COROUTINES);
2310                 goto fail_getopt;
2311             }
2312             break;
2313         case 'W':
2314             s.wr_in_order = false;
2315             break;
2316         case 'U':
2317             force_share = true;
2318             break;
2319         case OPTION_OBJECT: {
2320             QemuOpts *object_opts;
2321             object_opts = qemu_opts_parse_noisily(&qemu_object_opts,
2322                                                   optarg, true);
2323             if (!object_opts) {
2324                 goto fail_getopt;
2325             }
2326             break;
2327         }
2328         case OPTION_IMAGE_OPTS:
2329             image_opts = true;
2330             break;
2331         case OPTION_SALVAGE:
2332             s.salvage = true;
2333             break;
2334         case OPTION_TARGET_IMAGE_OPTS:
2335             tgt_image_opts = true;
2336             break;
2337         case OPTION_TARGET_IS_ZERO:
2338             /*
2339              * The user asserting that the target is blank has the
2340              * same effect as the target driver supporting zero
2341              * initialisation.
2342              */
2343             s.has_zero_init = true;
2344             break;
2345         case OPTION_BITMAPS:
2346             bitmaps = true;
2347             break;
2348         }
2349     }
2350 
2351     if (!out_fmt && !tgt_image_opts) {
2352         out_fmt = "raw";
2353     }
2354 
2355     if (qemu_opts_foreach(&qemu_object_opts,
2356                           user_creatable_add_opts_foreach,
2357                           qemu_img_object_print_help, &error_fatal)) {
2358         goto fail_getopt;
2359     }
2360 
2361     if (s.compressed && s.copy_range) {
2362         error_report("Cannot enable copy offloading when -c is used");
2363         goto fail_getopt;
2364     }
2365 
2366     if (explict_min_sparse && s.copy_range) {
2367         error_report("Cannot enable copy offloading when -S is used");
2368         goto fail_getopt;
2369     }
2370 
2371     if (s.copy_range && s.salvage) {
2372         error_report("Cannot use copy offloading in salvaging mode");
2373         goto fail_getopt;
2374     }
2375 
2376     if (tgt_image_opts && !skip_create) {
2377         error_report("--target-image-opts requires use of -n flag");
2378         goto fail_getopt;
2379     }
2380 
2381     if (skip_create && options) {
2382         error_report("-o has no effect when skipping image creation");
2383         goto fail_getopt;
2384     }
2385 
2386     if (s.has_zero_init && !skip_create) {
2387         error_report("--target-is-zero requires use of -n flag");
2388         goto fail_getopt;
2389     }
2390 
2391     s.src_num = argc - optind - 1;
2392     out_filename = s.src_num >= 1 ? argv[argc - 1] : NULL;
2393 
2394     if (options && has_help_option(options)) {
2395         if (out_fmt) {
2396             ret = print_block_option_help(out_filename, out_fmt);
2397             goto fail_getopt;
2398         } else {
2399             error_report("Option help requires a format be specified");
2400             goto fail_getopt;
2401         }
2402     }
2403 
2404     if (s.src_num < 1) {
2405         error_report("Must specify image file name");
2406         goto fail_getopt;
2407     }
2408 
2409     /* ret is still -EINVAL until here */
2410     ret = bdrv_parse_cache_mode(src_cache, &src_flags, &src_writethrough);
2411     if (ret < 0) {
2412         error_report("Invalid source cache option: %s", src_cache);
2413         goto fail_getopt;
2414     }
2415 
2416     /* Initialize before goto out */
2417     if (s.quiet) {
2418         progress = false;
2419     }
2420     qemu_progress_init(progress, 1.0);
2421     qemu_progress_print(0, 100);
2422 
2423     s.src = g_new0(BlockBackend *, s.src_num);
2424     s.src_sectors = g_new(int64_t, s.src_num);
2425     s.src_alignment = g_new(int, s.src_num);
2426 
2427     for (bs_i = 0; bs_i < s.src_num; bs_i++) {
2428         BlockDriverState *src_bs;
2429         s.src[bs_i] = img_open(image_opts, argv[optind + bs_i],
2430                                fmt, src_flags, src_writethrough, s.quiet,
2431                                force_share);
2432         if (!s.src[bs_i]) {
2433             ret = -1;
2434             goto out;
2435         }
2436         s.src_sectors[bs_i] = blk_nb_sectors(s.src[bs_i]);
2437         if (s.src_sectors[bs_i] < 0) {
2438             error_report("Could not get size of %s: %s",
2439                          argv[optind + bs_i], strerror(-s.src_sectors[bs_i]));
2440             ret = -1;
2441             goto out;
2442         }
2443         src_bs = blk_bs(s.src[bs_i]);
2444         s.src_alignment[bs_i] = DIV_ROUND_UP(src_bs->bl.request_alignment,
2445                                              BDRV_SECTOR_SIZE);
2446         if (!bdrv_get_info(src_bs, &bdi)) {
2447             s.src_alignment[bs_i] = MAX(s.src_alignment[bs_i],
2448                                         bdi.cluster_size / BDRV_SECTOR_SIZE);
2449         }
2450         s.total_sectors += s.src_sectors[bs_i];
2451     }
2452 
2453     if (sn_opts) {
2454         bdrv_snapshot_load_tmp(blk_bs(s.src[0]),
2455                                qemu_opt_get(sn_opts, SNAPSHOT_OPT_ID),
2456                                qemu_opt_get(sn_opts, SNAPSHOT_OPT_NAME),
2457                                &local_err);
2458     } else if (snapshot_name != NULL) {
2459         if (s.src_num > 1) {
2460             error_report("No support for concatenating multiple snapshot");
2461             ret = -1;
2462             goto out;
2463         }
2464 
2465         bdrv_snapshot_load_tmp_by_id_or_name(blk_bs(s.src[0]), snapshot_name,
2466                                              &local_err);
2467     }
2468     if (local_err) {
2469         error_reportf_err(local_err, "Failed to load snapshot: ");
2470         ret = -1;
2471         goto out;
2472     }
2473 
2474     if (!skip_create) {
2475         /* Find driver and parse its options */
2476         drv = bdrv_find_format(out_fmt);
2477         if (!drv) {
2478             error_report("Unknown file format '%s'", out_fmt);
2479             ret = -1;
2480             goto out;
2481         }
2482 
2483         proto_drv = bdrv_find_protocol(out_filename, true, &local_err);
2484         if (!proto_drv) {
2485             error_report_err(local_err);
2486             ret = -1;
2487             goto out;
2488         }
2489 
2490         if (!drv->create_opts) {
2491             error_report("Format driver '%s' does not support image creation",
2492                          drv->format_name);
2493             ret = -1;
2494             goto out;
2495         }
2496 
2497         if (!proto_drv->create_opts) {
2498             error_report("Protocol driver '%s' does not support image creation",
2499                          proto_drv->format_name);
2500             ret = -1;
2501             goto out;
2502         }
2503 
2504         create_opts = qemu_opts_append(create_opts, drv->create_opts);
2505         create_opts = qemu_opts_append(create_opts, proto_drv->create_opts);
2506 
2507         opts = qemu_opts_create(create_opts, NULL, 0, &error_abort);
2508         if (options) {
2509             if (!qemu_opts_do_parse(opts, options, NULL, &local_err)) {
2510                 error_report_err(local_err);
2511                 ret = -1;
2512                 goto out;
2513             }
2514         }
2515 
2516         qemu_opt_set_number(opts, BLOCK_OPT_SIZE,
2517                             s.total_sectors * BDRV_SECTOR_SIZE, &error_abort);
2518         ret = add_old_style_options(out_fmt, opts, out_baseimg, NULL);
2519         if (ret < 0) {
2520             goto out;
2521         }
2522     }
2523 
2524     /* Get backing file name if -o backing_file was used */
2525     out_baseimg_param = qemu_opt_get(opts, BLOCK_OPT_BACKING_FILE);
2526     if (out_baseimg_param) {
2527         out_baseimg = out_baseimg_param;
2528     }
2529     s.target_has_backing = (bool) out_baseimg;
2530 
2531     if (s.has_zero_init && s.target_has_backing) {
2532         error_report("Cannot use --target-is-zero when the destination "
2533                      "image has a backing file");
2534         goto out;
2535     }
2536 
2537     if (s.src_num > 1 && out_baseimg) {
2538         error_report("Having a backing file for the target makes no sense when "
2539                      "concatenating multiple input images");
2540         ret = -1;
2541         goto out;
2542     }
2543 
2544     if (out_baseimg_param) {
2545         if (!qemu_opt_get(opts, BLOCK_OPT_BACKING_FMT)) {
2546             warn_report("Deprecated use of backing file without explicit "
2547                         "backing format");
2548         }
2549     }
2550 
2551     /* Check if compression is supported */
2552     if (s.compressed) {
2553         bool encryption =
2554             qemu_opt_get_bool(opts, BLOCK_OPT_ENCRYPT, false);
2555         const char *encryptfmt =
2556             qemu_opt_get(opts, BLOCK_OPT_ENCRYPT_FORMAT);
2557         const char *preallocation =
2558             qemu_opt_get(opts, BLOCK_OPT_PREALLOC);
2559 
2560         if (drv && !block_driver_can_compress(drv)) {
2561             error_report("Compression not supported for this file format");
2562             ret = -1;
2563             goto out;
2564         }
2565 
2566         if (encryption || encryptfmt) {
2567             error_report("Compression and encryption not supported at "
2568                          "the same time");
2569             ret = -1;
2570             goto out;
2571         }
2572 
2573         if (preallocation
2574             && strcmp(preallocation, "off"))
2575         {
2576             error_report("Compression and preallocation not supported at "
2577                          "the same time");
2578             ret = -1;
2579             goto out;
2580         }
2581     }
2582 
2583     /* Determine if bitmaps need copying */
2584     if (bitmaps) {
2585         if (s.src_num > 1) {
2586             error_report("Copying bitmaps only possible with single source");
2587             ret = -1;
2588             goto out;
2589         }
2590         if (!bdrv_supports_persistent_dirty_bitmap(blk_bs(s.src[0]))) {
2591             error_report("Source lacks bitmap support");
2592             ret = -1;
2593             goto out;
2594         }
2595     }
2596 
2597     /*
2598      * The later open call will need any decryption secrets, and
2599      * bdrv_create() will purge "opts", so extract them now before
2600      * they are lost.
2601      */
2602     if (!skip_create) {
2603         open_opts = qdict_new();
2604         qemu_opt_foreach(opts, img_add_key_secrets, open_opts, &error_abort);
2605 
2606         /* Create the new image */
2607         ret = bdrv_create(drv, out_filename, opts, &local_err);
2608         if (ret < 0) {
2609             error_reportf_err(local_err, "%s: error while converting %s: ",
2610                               out_filename, out_fmt);
2611             goto out;
2612         }
2613     }
2614 
2615     s.target_is_new = !skip_create;
2616 
2617     flags = s.min_sparse ? (BDRV_O_RDWR | BDRV_O_UNMAP) : BDRV_O_RDWR;
2618     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
2619     if (ret < 0) {
2620         error_report("Invalid cache option: %s", cache);
2621         goto out;
2622     }
2623 
2624     if (skip_create) {
2625         s.target = img_open(tgt_image_opts, out_filename, out_fmt,
2626                             flags, writethrough, s.quiet, false);
2627     } else {
2628         /* TODO ultimately we should allow --target-image-opts
2629          * to be used even when -n is not given.
2630          * That has to wait for bdrv_create to be improved
2631          * to allow filenames in option syntax
2632          */
2633         s.target = img_open_file(out_filename, open_opts, out_fmt,
2634                                  flags, writethrough, s.quiet, false);
2635         open_opts = NULL; /* blk_new_open will have freed it */
2636     }
2637     if (!s.target) {
2638         ret = -1;
2639         goto out;
2640     }
2641     out_bs = blk_bs(s.target);
2642 
2643     if (bitmaps && !bdrv_supports_persistent_dirty_bitmap(out_bs)) {
2644         error_report("Format driver '%s' does not support bitmaps",
2645                      out_bs->drv->format_name);
2646         ret = -1;
2647         goto out;
2648     }
2649 
2650     if (s.compressed && !block_driver_can_compress(out_bs->drv)) {
2651         error_report("Compression not supported for this file format");
2652         ret = -1;
2653         goto out;
2654     }
2655 
2656     /* increase bufsectors from the default 4096 (2M) if opt_transfer
2657      * or discard_alignment of the out_bs is greater. Limit to
2658      * MAX_BUF_SECTORS as maximum which is currently 32768 (16MB). */
2659     s.buf_sectors = MIN(MAX_BUF_SECTORS,
2660                         MAX(s.buf_sectors,
2661                             MAX(out_bs->bl.opt_transfer >> BDRV_SECTOR_BITS,
2662                                 out_bs->bl.pdiscard_alignment >>
2663                                 BDRV_SECTOR_BITS)));
2664 
2665     /* try to align the write requests to the destination to avoid unnecessary
2666      * RMW cycles. */
2667     s.alignment = MAX(pow2floor(s.min_sparse),
2668                       DIV_ROUND_UP(out_bs->bl.request_alignment,
2669                                    BDRV_SECTOR_SIZE));
2670     assert(is_power_of_2(s.alignment));
2671 
2672     if (skip_create) {
2673         int64_t output_sectors = blk_nb_sectors(s.target);
2674         if (output_sectors < 0) {
2675             error_report("unable to get output image length: %s",
2676                          strerror(-output_sectors));
2677             ret = -1;
2678             goto out;
2679         } else if (output_sectors < s.total_sectors) {
2680             error_report("output file is smaller than input file");
2681             ret = -1;
2682             goto out;
2683         }
2684     }
2685 
2686     if (s.target_has_backing && s.target_is_new) {
2687         /* Errors are treated as "backing length unknown" (which means
2688          * s.target_backing_sectors has to be negative, which it will
2689          * be automatically).  The backing file length is used only
2690          * for optimizations, so such a case is not fatal. */
2691         s.target_backing_sectors =
2692             bdrv_nb_sectors(bdrv_backing_chain_next(out_bs));
2693     } else {
2694         s.target_backing_sectors = -1;
2695     }
2696 
2697     ret = bdrv_get_info(out_bs, &bdi);
2698     if (ret < 0) {
2699         if (s.compressed) {
2700             error_report("could not get block driver info");
2701             goto out;
2702         }
2703     } else {
2704         s.compressed = s.compressed || bdi.needs_compressed_writes;
2705         s.cluster_sectors = bdi.cluster_size / BDRV_SECTOR_SIZE;
2706     }
2707 
2708     ret = convert_do_copy(&s);
2709 
2710     /* Now copy the bitmaps */
2711     if (bitmaps && ret == 0) {
2712         ret = convert_copy_bitmaps(blk_bs(s.src[0]), out_bs);
2713     }
2714 
2715 out:
2716     if (!ret) {
2717         qemu_progress_print(100, 0);
2718     }
2719     qemu_progress_end();
2720     qemu_opts_del(opts);
2721     qemu_opts_free(create_opts);
2722     qemu_opts_del(sn_opts);
2723     qobject_unref(open_opts);
2724     blk_unref(s.target);
2725     if (s.src) {
2726         for (bs_i = 0; bs_i < s.src_num; bs_i++) {
2727             blk_unref(s.src[bs_i]);
2728         }
2729         g_free(s.src);
2730     }
2731     g_free(s.src_sectors);
2732     g_free(s.src_alignment);
2733 fail_getopt:
2734     g_free(options);
2735 
2736     return !!ret;
2737 }
2738 
2739 
2740 static void dump_snapshots(BlockDriverState *bs)
2741 {
2742     QEMUSnapshotInfo *sn_tab, *sn;
2743     int nb_sns, i;
2744 
2745     nb_sns = bdrv_snapshot_list(bs, &sn_tab);
2746     if (nb_sns <= 0)
2747         return;
2748     printf("Snapshot list:\n");
2749     bdrv_snapshot_dump(NULL);
2750     printf("\n");
2751     for(i = 0; i < nb_sns; i++) {
2752         sn = &sn_tab[i];
2753         bdrv_snapshot_dump(sn);
2754         printf("\n");
2755     }
2756     g_free(sn_tab);
2757 }
2758 
2759 static void dump_json_image_info_list(ImageInfoList *list)
2760 {
2761     QString *str;
2762     QObject *obj;
2763     Visitor *v = qobject_output_visitor_new(&obj);
2764 
2765     visit_type_ImageInfoList(v, NULL, &list, &error_abort);
2766     visit_complete(v, &obj);
2767     str = qobject_to_json_pretty(obj);
2768     assert(str != NULL);
2769     printf("%s\n", qstring_get_str(str));
2770     qobject_unref(obj);
2771     visit_free(v);
2772     qobject_unref(str);
2773 }
2774 
2775 static void dump_json_image_info(ImageInfo *info)
2776 {
2777     QString *str;
2778     QObject *obj;
2779     Visitor *v = qobject_output_visitor_new(&obj);
2780 
2781     visit_type_ImageInfo(v, NULL, &info, &error_abort);
2782     visit_complete(v, &obj);
2783     str = qobject_to_json_pretty(obj);
2784     assert(str != NULL);
2785     printf("%s\n", qstring_get_str(str));
2786     qobject_unref(obj);
2787     visit_free(v);
2788     qobject_unref(str);
2789 }
2790 
2791 static void dump_human_image_info_list(ImageInfoList *list)
2792 {
2793     ImageInfoList *elem;
2794     bool delim = false;
2795 
2796     for (elem = list; elem; elem = elem->next) {
2797         if (delim) {
2798             printf("\n");
2799         }
2800         delim = true;
2801 
2802         bdrv_image_info_dump(elem->value);
2803     }
2804 }
2805 
2806 static gboolean str_equal_func(gconstpointer a, gconstpointer b)
2807 {
2808     return strcmp(a, b) == 0;
2809 }
2810 
2811 /**
2812  * Open an image file chain and return an ImageInfoList
2813  *
2814  * @filename: topmost image filename
2815  * @fmt: topmost image format (may be NULL to autodetect)
2816  * @chain: true  - enumerate entire backing file chain
2817  *         false - only topmost image file
2818  *
2819  * Returns a list of ImageInfo objects or NULL if there was an error opening an
2820  * image file.  If there was an error a message will have been printed to
2821  * stderr.
2822  */
2823 static ImageInfoList *collect_image_info_list(bool image_opts,
2824                                               const char *filename,
2825                                               const char *fmt,
2826                                               bool chain, bool force_share)
2827 {
2828     ImageInfoList *head = NULL;
2829     ImageInfoList **last = &head;
2830     GHashTable *filenames;
2831     Error *err = NULL;
2832 
2833     filenames = g_hash_table_new_full(g_str_hash, str_equal_func, NULL, NULL);
2834 
2835     while (filename) {
2836         BlockBackend *blk;
2837         BlockDriverState *bs;
2838         ImageInfo *info;
2839         ImageInfoList *elem;
2840 
2841         if (g_hash_table_lookup_extended(filenames, filename, NULL, NULL)) {
2842             error_report("Backing file '%s' creates an infinite loop.",
2843                          filename);
2844             goto err;
2845         }
2846         g_hash_table_insert(filenames, (gpointer)filename, NULL);
2847 
2848         blk = img_open(image_opts, filename, fmt,
2849                        BDRV_O_NO_BACKING | BDRV_O_NO_IO, false, false,
2850                        force_share);
2851         if (!blk) {
2852             goto err;
2853         }
2854         bs = blk_bs(blk);
2855 
2856         bdrv_query_image_info(bs, &info, &err);
2857         if (err) {
2858             error_report_err(err);
2859             blk_unref(blk);
2860             goto err;
2861         }
2862 
2863         elem = g_new0(ImageInfoList, 1);
2864         elem->value = info;
2865         *last = elem;
2866         last = &elem->next;
2867 
2868         blk_unref(blk);
2869 
2870         /* Clear parameters that only apply to the topmost image */
2871         filename = fmt = NULL;
2872         image_opts = false;
2873 
2874         if (chain) {
2875             if (info->has_full_backing_filename) {
2876                 filename = info->full_backing_filename;
2877             } else if (info->has_backing_filename) {
2878                 error_report("Could not determine absolute backing filename,"
2879                              " but backing filename '%s' present",
2880                              info->backing_filename);
2881                 goto err;
2882             }
2883             if (info->has_backing_filename_format) {
2884                 fmt = info->backing_filename_format;
2885             }
2886         }
2887     }
2888     g_hash_table_destroy(filenames);
2889     return head;
2890 
2891 err:
2892     qapi_free_ImageInfoList(head);
2893     g_hash_table_destroy(filenames);
2894     return NULL;
2895 }
2896 
2897 static int img_info(int argc, char **argv)
2898 {
2899     int c;
2900     OutputFormat output_format = OFORMAT_HUMAN;
2901     bool chain = false;
2902     const char *filename, *fmt, *output;
2903     ImageInfoList *list;
2904     bool image_opts = false;
2905     bool force_share = false;
2906 
2907     fmt = NULL;
2908     output = NULL;
2909     for(;;) {
2910         int option_index = 0;
2911         static const struct option long_options[] = {
2912             {"help", no_argument, 0, 'h'},
2913             {"format", required_argument, 0, 'f'},
2914             {"output", required_argument, 0, OPTION_OUTPUT},
2915             {"backing-chain", no_argument, 0, OPTION_BACKING_CHAIN},
2916             {"object", required_argument, 0, OPTION_OBJECT},
2917             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
2918             {"force-share", no_argument, 0, 'U'},
2919             {0, 0, 0, 0}
2920         };
2921         c = getopt_long(argc, argv, ":f:hU",
2922                         long_options, &option_index);
2923         if (c == -1) {
2924             break;
2925         }
2926         switch(c) {
2927         case ':':
2928             missing_argument(argv[optind - 1]);
2929             break;
2930         case '?':
2931             unrecognized_option(argv[optind - 1]);
2932             break;
2933         case 'h':
2934             help();
2935             break;
2936         case 'f':
2937             fmt = optarg;
2938             break;
2939         case 'U':
2940             force_share = true;
2941             break;
2942         case OPTION_OUTPUT:
2943             output = optarg;
2944             break;
2945         case OPTION_BACKING_CHAIN:
2946             chain = true;
2947             break;
2948         case OPTION_OBJECT: {
2949             QemuOpts *opts;
2950             opts = qemu_opts_parse_noisily(&qemu_object_opts,
2951                                            optarg, true);
2952             if (!opts) {
2953                 return 1;
2954             }
2955         }   break;
2956         case OPTION_IMAGE_OPTS:
2957             image_opts = true;
2958             break;
2959         }
2960     }
2961     if (optind != argc - 1) {
2962         error_exit("Expecting one image file name");
2963     }
2964     filename = argv[optind++];
2965 
2966     if (output && !strcmp(output, "json")) {
2967         output_format = OFORMAT_JSON;
2968     } else if (output && !strcmp(output, "human")) {
2969         output_format = OFORMAT_HUMAN;
2970     } else if (output) {
2971         error_report("--output must be used with human or json as argument.");
2972         return 1;
2973     }
2974 
2975     if (qemu_opts_foreach(&qemu_object_opts,
2976                           user_creatable_add_opts_foreach,
2977                           qemu_img_object_print_help, &error_fatal)) {
2978         return 1;
2979     }
2980 
2981     list = collect_image_info_list(image_opts, filename, fmt, chain,
2982                                    force_share);
2983     if (!list) {
2984         return 1;
2985     }
2986 
2987     switch (output_format) {
2988     case OFORMAT_HUMAN:
2989         dump_human_image_info_list(list);
2990         break;
2991     case OFORMAT_JSON:
2992         if (chain) {
2993             dump_json_image_info_list(list);
2994         } else {
2995             dump_json_image_info(list->value);
2996         }
2997         break;
2998     }
2999 
3000     qapi_free_ImageInfoList(list);
3001     return 0;
3002 }
3003 
3004 static int dump_map_entry(OutputFormat output_format, MapEntry *e,
3005                           MapEntry *next)
3006 {
3007     switch (output_format) {
3008     case OFORMAT_HUMAN:
3009         if (e->data && !e->has_offset) {
3010             error_report("File contains external, encrypted or compressed clusters.");
3011             return -1;
3012         }
3013         if (e->data && !e->zero) {
3014             printf("%#-16"PRIx64"%#-16"PRIx64"%#-16"PRIx64"%s\n",
3015                    e->start, e->length,
3016                    e->has_offset ? e->offset : 0,
3017                    e->has_filename ? e->filename : "");
3018         }
3019         /* This format ignores the distinction between 0, ZERO and ZERO|DATA.
3020          * Modify the flags here to allow more coalescing.
3021          */
3022         if (next && (!next->data || next->zero)) {
3023             next->data = false;
3024             next->zero = true;
3025         }
3026         break;
3027     case OFORMAT_JSON:
3028         printf("{ \"start\": %"PRId64", \"length\": %"PRId64","
3029                " \"depth\": %"PRId64", \"zero\": %s, \"data\": %s",
3030                e->start, e->length, e->depth,
3031                e->zero ? "true" : "false",
3032                e->data ? "true" : "false");
3033         if (e->has_offset) {
3034             printf(", \"offset\": %"PRId64"", e->offset);
3035         }
3036         putchar('}');
3037 
3038         if (next) {
3039             puts(",");
3040         }
3041         break;
3042     }
3043     return 0;
3044 }
3045 
3046 static int get_block_status(BlockDriverState *bs, int64_t offset,
3047                             int64_t bytes, MapEntry *e)
3048 {
3049     int ret;
3050     int depth;
3051     BlockDriverState *file;
3052     bool has_offset;
3053     int64_t map;
3054     char *filename = NULL;
3055 
3056     /* As an optimization, we could cache the current range of unallocated
3057      * clusters in each file of the chain, and avoid querying the same
3058      * range repeatedly.
3059      */
3060 
3061     depth = 0;
3062     for (;;) {
3063         bs = bdrv_skip_filters(bs);
3064         ret = bdrv_block_status(bs, offset, bytes, &bytes, &map, &file);
3065         if (ret < 0) {
3066             return ret;
3067         }
3068         assert(bytes);
3069         if (ret & (BDRV_BLOCK_ZERO|BDRV_BLOCK_DATA)) {
3070             break;
3071         }
3072         bs = bdrv_cow_bs(bs);
3073         if (bs == NULL) {
3074             ret = 0;
3075             break;
3076         }
3077 
3078         depth++;
3079     }
3080 
3081     has_offset = !!(ret & BDRV_BLOCK_OFFSET_VALID);
3082 
3083     if (file && has_offset) {
3084         bdrv_refresh_filename(file);
3085         filename = file->filename;
3086     }
3087 
3088     *e = (MapEntry) {
3089         .start = offset,
3090         .length = bytes,
3091         .data = !!(ret & BDRV_BLOCK_DATA),
3092         .zero = !!(ret & BDRV_BLOCK_ZERO),
3093         .offset = map,
3094         .has_offset = has_offset,
3095         .depth = depth,
3096         .has_filename = filename,
3097         .filename = filename,
3098     };
3099 
3100     return 0;
3101 }
3102 
3103 static inline bool entry_mergeable(const MapEntry *curr, const MapEntry *next)
3104 {
3105     if (curr->length == 0) {
3106         return false;
3107     }
3108     if (curr->zero != next->zero ||
3109         curr->data != next->data ||
3110         curr->depth != next->depth ||
3111         curr->has_filename != next->has_filename ||
3112         curr->has_offset != next->has_offset) {
3113         return false;
3114     }
3115     if (curr->has_filename && strcmp(curr->filename, next->filename)) {
3116         return false;
3117     }
3118     if (curr->has_offset && curr->offset + curr->length != next->offset) {
3119         return false;
3120     }
3121     return true;
3122 }
3123 
3124 static int img_map(int argc, char **argv)
3125 {
3126     int c;
3127     OutputFormat output_format = OFORMAT_HUMAN;
3128     BlockBackend *blk;
3129     BlockDriverState *bs;
3130     const char *filename, *fmt, *output;
3131     int64_t length;
3132     MapEntry curr = { .length = 0 }, next;
3133     int ret = 0;
3134     bool image_opts = false;
3135     bool force_share = false;
3136     int64_t start_offset = 0;
3137     int64_t max_length = -1;
3138 
3139     fmt = NULL;
3140     output = NULL;
3141     for (;;) {
3142         int option_index = 0;
3143         static const struct option long_options[] = {
3144             {"help", no_argument, 0, 'h'},
3145             {"format", required_argument, 0, 'f'},
3146             {"output", required_argument, 0, OPTION_OUTPUT},
3147             {"object", required_argument, 0, OPTION_OBJECT},
3148             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
3149             {"force-share", no_argument, 0, 'U'},
3150             {"start-offset", required_argument, 0, 's'},
3151             {"max-length", required_argument, 0, 'l'},
3152             {0, 0, 0, 0}
3153         };
3154         c = getopt_long(argc, argv, ":f:s:l:hU",
3155                         long_options, &option_index);
3156         if (c == -1) {
3157             break;
3158         }
3159         switch (c) {
3160         case ':':
3161             missing_argument(argv[optind - 1]);
3162             break;
3163         case '?':
3164             unrecognized_option(argv[optind - 1]);
3165             break;
3166         case 'h':
3167             help();
3168             break;
3169         case 'f':
3170             fmt = optarg;
3171             break;
3172         case 'U':
3173             force_share = true;
3174             break;
3175         case OPTION_OUTPUT:
3176             output = optarg;
3177             break;
3178         case 's':
3179             start_offset = cvtnum("start offset", optarg);
3180             if (start_offset < 0) {
3181                 return 1;
3182             }
3183             break;
3184         case 'l':
3185             max_length = cvtnum("max length", optarg);
3186             if (max_length < 0) {
3187                 return 1;
3188             }
3189             break;
3190         case OPTION_OBJECT: {
3191             QemuOpts *opts;
3192             opts = qemu_opts_parse_noisily(&qemu_object_opts,
3193                                            optarg, true);
3194             if (!opts) {
3195                 return 1;
3196             }
3197         }   break;
3198         case OPTION_IMAGE_OPTS:
3199             image_opts = true;
3200             break;
3201         }
3202     }
3203     if (optind != argc - 1) {
3204         error_exit("Expecting one image file name");
3205     }
3206     filename = argv[optind];
3207 
3208     if (output && !strcmp(output, "json")) {
3209         output_format = OFORMAT_JSON;
3210     } else if (output && !strcmp(output, "human")) {
3211         output_format = OFORMAT_HUMAN;
3212     } else if (output) {
3213         error_report("--output must be used with human or json as argument.");
3214         return 1;
3215     }
3216 
3217     if (qemu_opts_foreach(&qemu_object_opts,
3218                           user_creatable_add_opts_foreach,
3219                           qemu_img_object_print_help, &error_fatal)) {
3220         return 1;
3221     }
3222 
3223     blk = img_open(image_opts, filename, fmt, 0, false, false, force_share);
3224     if (!blk) {
3225         return 1;
3226     }
3227     bs = blk_bs(blk);
3228 
3229     if (output_format == OFORMAT_HUMAN) {
3230         printf("%-16s%-16s%-16s%s\n", "Offset", "Length", "Mapped to", "File");
3231     } else if (output_format == OFORMAT_JSON) {
3232         putchar('[');
3233     }
3234 
3235     length = blk_getlength(blk);
3236     if (length < 0) {
3237         error_report("Failed to get size for '%s'", filename);
3238         return 1;
3239     }
3240     if (max_length != -1) {
3241         length = MIN(start_offset + max_length, length);
3242     }
3243 
3244     curr.start = start_offset;
3245     while (curr.start + curr.length < length) {
3246         int64_t offset = curr.start + curr.length;
3247         int64_t n = length - offset;
3248 
3249         ret = get_block_status(bs, offset, n, &next);
3250         if (ret < 0) {
3251             error_report("Could not read file metadata: %s", strerror(-ret));
3252             goto out;
3253         }
3254 
3255         if (entry_mergeable(&curr, &next)) {
3256             curr.length += next.length;
3257             continue;
3258         }
3259 
3260         if (curr.length > 0) {
3261             ret = dump_map_entry(output_format, &curr, &next);
3262             if (ret < 0) {
3263                 goto out;
3264             }
3265         }
3266         curr = next;
3267     }
3268 
3269     ret = dump_map_entry(output_format, &curr, NULL);
3270     if (output_format == OFORMAT_JSON) {
3271         puts("]");
3272     }
3273 
3274 out:
3275     blk_unref(blk);
3276     return ret < 0;
3277 }
3278 
3279 #define SNAPSHOT_LIST   1
3280 #define SNAPSHOT_CREATE 2
3281 #define SNAPSHOT_APPLY  3
3282 #define SNAPSHOT_DELETE 4
3283 
3284 static int img_snapshot(int argc, char **argv)
3285 {
3286     BlockBackend *blk;
3287     BlockDriverState *bs;
3288     QEMUSnapshotInfo sn;
3289     char *filename, *snapshot_name = NULL;
3290     int c, ret = 0, bdrv_oflags;
3291     int action = 0;
3292     qemu_timeval tv;
3293     bool quiet = false;
3294     Error *err = NULL;
3295     bool image_opts = false;
3296     bool force_share = false;
3297 
3298     bdrv_oflags = BDRV_O_RDWR;
3299     /* Parse commandline parameters */
3300     for(;;) {
3301         static const struct option long_options[] = {
3302             {"help", no_argument, 0, 'h'},
3303             {"object", required_argument, 0, OPTION_OBJECT},
3304             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
3305             {"force-share", no_argument, 0, 'U'},
3306             {0, 0, 0, 0}
3307         };
3308         c = getopt_long(argc, argv, ":la:c:d:hqU",
3309                         long_options, NULL);
3310         if (c == -1) {
3311             break;
3312         }
3313         switch(c) {
3314         case ':':
3315             missing_argument(argv[optind - 1]);
3316             break;
3317         case '?':
3318             unrecognized_option(argv[optind - 1]);
3319             break;
3320         case 'h':
3321             help();
3322             return 0;
3323         case 'l':
3324             if (action) {
3325                 error_exit("Cannot mix '-l', '-a', '-c', '-d'");
3326                 return 0;
3327             }
3328             action = SNAPSHOT_LIST;
3329             bdrv_oflags &= ~BDRV_O_RDWR; /* no need for RW */
3330             break;
3331         case 'a':
3332             if (action) {
3333                 error_exit("Cannot mix '-l', '-a', '-c', '-d'");
3334                 return 0;
3335             }
3336             action = SNAPSHOT_APPLY;
3337             snapshot_name = optarg;
3338             break;
3339         case 'c':
3340             if (action) {
3341                 error_exit("Cannot mix '-l', '-a', '-c', '-d'");
3342                 return 0;
3343             }
3344             action = SNAPSHOT_CREATE;
3345             snapshot_name = optarg;
3346             break;
3347         case 'd':
3348             if (action) {
3349                 error_exit("Cannot mix '-l', '-a', '-c', '-d'");
3350                 return 0;
3351             }
3352             action = SNAPSHOT_DELETE;
3353             snapshot_name = optarg;
3354             break;
3355         case 'q':
3356             quiet = true;
3357             break;
3358         case 'U':
3359             force_share = true;
3360             break;
3361         case OPTION_OBJECT: {
3362             QemuOpts *opts;
3363             opts = qemu_opts_parse_noisily(&qemu_object_opts,
3364                                            optarg, true);
3365             if (!opts) {
3366                 return 1;
3367             }
3368         }   break;
3369         case OPTION_IMAGE_OPTS:
3370             image_opts = true;
3371             break;
3372         }
3373     }
3374 
3375     if (optind != argc - 1) {
3376         error_exit("Expecting one image file name");
3377     }
3378     filename = argv[optind++];
3379 
3380     if (qemu_opts_foreach(&qemu_object_opts,
3381                           user_creatable_add_opts_foreach,
3382                           qemu_img_object_print_help, &error_fatal)) {
3383         return 1;
3384     }
3385 
3386     /* Open the image */
3387     blk = img_open(image_opts, filename, NULL, bdrv_oflags, false, quiet,
3388                    force_share);
3389     if (!blk) {
3390         return 1;
3391     }
3392     bs = blk_bs(blk);
3393 
3394     /* Perform the requested action */
3395     switch(action) {
3396     case SNAPSHOT_LIST:
3397         dump_snapshots(bs);
3398         break;
3399 
3400     case SNAPSHOT_CREATE:
3401         memset(&sn, 0, sizeof(sn));
3402         pstrcpy(sn.name, sizeof(sn.name), snapshot_name);
3403 
3404         qemu_gettimeofday(&tv);
3405         sn.date_sec = tv.tv_sec;
3406         sn.date_nsec = tv.tv_usec * 1000;
3407 
3408         ret = bdrv_snapshot_create(bs, &sn);
3409         if (ret) {
3410             error_report("Could not create snapshot '%s': %d (%s)",
3411                 snapshot_name, ret, strerror(-ret));
3412         }
3413         break;
3414 
3415     case SNAPSHOT_APPLY:
3416         ret = bdrv_snapshot_goto(bs, snapshot_name, &err);
3417         if (ret) {
3418             error_reportf_err(err, "Could not apply snapshot '%s': ",
3419                               snapshot_name);
3420         }
3421         break;
3422 
3423     case SNAPSHOT_DELETE:
3424         ret = bdrv_snapshot_find(bs, &sn, snapshot_name);
3425         if (ret < 0) {
3426             error_report("Could not delete snapshot '%s': snapshot not "
3427                          "found", snapshot_name);
3428             ret = 1;
3429         } else {
3430             ret = bdrv_snapshot_delete(bs, sn.id_str, sn.name, &err);
3431             if (ret < 0) {
3432                 error_reportf_err(err, "Could not delete snapshot '%s': ",
3433                                   snapshot_name);
3434                 ret = 1;
3435             }
3436         }
3437         break;
3438     }
3439 
3440     /* Cleanup */
3441     blk_unref(blk);
3442     if (ret) {
3443         return 1;
3444     }
3445     return 0;
3446 }
3447 
3448 static int img_rebase(int argc, char **argv)
3449 {
3450     BlockBackend *blk = NULL, *blk_old_backing = NULL, *blk_new_backing = NULL;
3451     uint8_t *buf_old = NULL;
3452     uint8_t *buf_new = NULL;
3453     BlockDriverState *bs = NULL, *prefix_chain_bs = NULL;
3454     BlockDriverState *unfiltered_bs;
3455     char *filename;
3456     const char *fmt, *cache, *src_cache, *out_basefmt, *out_baseimg;
3457     int c, flags, src_flags, ret;
3458     bool writethrough, src_writethrough;
3459     int unsafe = 0;
3460     bool force_share = false;
3461     int progress = 0;
3462     bool quiet = false;
3463     Error *local_err = NULL;
3464     bool image_opts = false;
3465 
3466     /* Parse commandline parameters */
3467     fmt = NULL;
3468     cache = BDRV_DEFAULT_CACHE;
3469     src_cache = BDRV_DEFAULT_CACHE;
3470     out_baseimg = NULL;
3471     out_basefmt = NULL;
3472     for(;;) {
3473         static const struct option long_options[] = {
3474             {"help", no_argument, 0, 'h'},
3475             {"object", required_argument, 0, OPTION_OBJECT},
3476             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
3477             {"force-share", no_argument, 0, 'U'},
3478             {0, 0, 0, 0}
3479         };
3480         c = getopt_long(argc, argv, ":hf:F:b:upt:T:qU",
3481                         long_options, NULL);
3482         if (c == -1) {
3483             break;
3484         }
3485         switch(c) {
3486         case ':':
3487             missing_argument(argv[optind - 1]);
3488             break;
3489         case '?':
3490             unrecognized_option(argv[optind - 1]);
3491             break;
3492         case 'h':
3493             help();
3494             return 0;
3495         case 'f':
3496             fmt = optarg;
3497             break;
3498         case 'F':
3499             out_basefmt = optarg;
3500             break;
3501         case 'b':
3502             out_baseimg = optarg;
3503             break;
3504         case 'u':
3505             unsafe = 1;
3506             break;
3507         case 'p':
3508             progress = 1;
3509             break;
3510         case 't':
3511             cache = optarg;
3512             break;
3513         case 'T':
3514             src_cache = optarg;
3515             break;
3516         case 'q':
3517             quiet = true;
3518             break;
3519         case OPTION_OBJECT: {
3520             QemuOpts *opts;
3521             opts = qemu_opts_parse_noisily(&qemu_object_opts,
3522                                            optarg, true);
3523             if (!opts) {
3524                 return 1;
3525             }
3526         }   break;
3527         case OPTION_IMAGE_OPTS:
3528             image_opts = true;
3529             break;
3530         case 'U':
3531             force_share = true;
3532             break;
3533         }
3534     }
3535 
3536     if (quiet) {
3537         progress = 0;
3538     }
3539 
3540     if (optind != argc - 1) {
3541         error_exit("Expecting one image file name");
3542     }
3543     if (!unsafe && !out_baseimg) {
3544         error_exit("Must specify backing file (-b) or use unsafe mode (-u)");
3545     }
3546     filename = argv[optind++];
3547 
3548     if (qemu_opts_foreach(&qemu_object_opts,
3549                           user_creatable_add_opts_foreach,
3550                           qemu_img_object_print_help, &error_fatal)) {
3551         return 1;
3552     }
3553 
3554     qemu_progress_init(progress, 2.0);
3555     qemu_progress_print(0, 100);
3556 
3557     flags = BDRV_O_RDWR | (unsafe ? BDRV_O_NO_BACKING : 0);
3558     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
3559     if (ret < 0) {
3560         error_report("Invalid cache option: %s", cache);
3561         goto out;
3562     }
3563 
3564     src_flags = 0;
3565     ret = bdrv_parse_cache_mode(src_cache, &src_flags, &src_writethrough);
3566     if (ret < 0) {
3567         error_report("Invalid source cache option: %s", src_cache);
3568         goto out;
3569     }
3570 
3571     /* The source files are opened read-only, don't care about WCE */
3572     assert((src_flags & BDRV_O_RDWR) == 0);
3573     (void) src_writethrough;
3574 
3575     /*
3576      * Open the images.
3577      *
3578      * Ignore the old backing file for unsafe rebase in case we want to correct
3579      * the reference to a renamed or moved backing file.
3580      */
3581     blk = img_open(image_opts, filename, fmt, flags, writethrough, quiet,
3582                    false);
3583     if (!blk) {
3584         ret = -1;
3585         goto out;
3586     }
3587     bs = blk_bs(blk);
3588 
3589     unfiltered_bs = bdrv_skip_filters(bs);
3590 
3591     if (out_basefmt != NULL) {
3592         if (bdrv_find_format(out_basefmt) == NULL) {
3593             error_report("Invalid format name: '%s'", out_basefmt);
3594             ret = -1;
3595             goto out;
3596         }
3597     }
3598 
3599     /* For safe rebasing we need to compare old and new backing file */
3600     if (!unsafe) {
3601         QDict *options = NULL;
3602         BlockDriverState *base_bs = bdrv_cow_bs(unfiltered_bs);
3603 
3604         if (base_bs) {
3605             blk_old_backing = blk_new(qemu_get_aio_context(),
3606                                       BLK_PERM_CONSISTENT_READ,
3607                                       BLK_PERM_ALL);
3608             ret = blk_insert_bs(blk_old_backing, base_bs,
3609                                 &local_err);
3610             if (ret < 0) {
3611                 error_reportf_err(local_err,
3612                                   "Could not reuse old backing file '%s': ",
3613                                   base_bs->filename);
3614                 goto out;
3615             }
3616         } else {
3617             blk_old_backing = NULL;
3618         }
3619 
3620         if (out_baseimg[0]) {
3621             const char *overlay_filename;
3622             char *out_real_path;
3623 
3624             options = qdict_new();
3625             if (out_basefmt) {
3626                 qdict_put_str(options, "driver", out_basefmt);
3627             }
3628             if (force_share) {
3629                 qdict_put_bool(options, BDRV_OPT_FORCE_SHARE, true);
3630             }
3631 
3632             bdrv_refresh_filename(bs);
3633             overlay_filename = bs->exact_filename[0] ? bs->exact_filename
3634                                                      : bs->filename;
3635             out_real_path =
3636                 bdrv_get_full_backing_filename_from_filename(overlay_filename,
3637                                                              out_baseimg,
3638                                                              &local_err);
3639             if (local_err) {
3640                 qobject_unref(options);
3641                 error_reportf_err(local_err,
3642                                   "Could not resolve backing filename: ");
3643                 ret = -1;
3644                 goto out;
3645             }
3646 
3647             /*
3648              * Find out whether we rebase an image on top of a previous image
3649              * in its chain.
3650              */
3651             prefix_chain_bs = bdrv_find_backing_image(bs, out_real_path);
3652             if (prefix_chain_bs) {
3653                 qobject_unref(options);
3654                 g_free(out_real_path);
3655 
3656                 blk_new_backing = blk_new(qemu_get_aio_context(),
3657                                           BLK_PERM_CONSISTENT_READ,
3658                                           BLK_PERM_ALL);
3659                 ret = blk_insert_bs(blk_new_backing, prefix_chain_bs,
3660                                     &local_err);
3661                 if (ret < 0) {
3662                     error_reportf_err(local_err,
3663                                       "Could not reuse backing file '%s': ",
3664                                       out_baseimg);
3665                     goto out;
3666                 }
3667             } else {
3668                 blk_new_backing = blk_new_open(out_real_path, NULL,
3669                                                options, src_flags, &local_err);
3670                 g_free(out_real_path);
3671                 if (!blk_new_backing) {
3672                     error_reportf_err(local_err,
3673                                       "Could not open new backing file '%s': ",
3674                                       out_baseimg);
3675                     ret = -1;
3676                     goto out;
3677                 }
3678             }
3679         }
3680     }
3681 
3682     /*
3683      * Check each unallocated cluster in the COW file. If it is unallocated,
3684      * accesses go to the backing file. We must therefore compare this cluster
3685      * in the old and new backing file, and if they differ we need to copy it
3686      * from the old backing file into the COW file.
3687      *
3688      * If qemu-img crashes during this step, no harm is done. The content of
3689      * the image is the same as the original one at any time.
3690      */
3691     if (!unsafe) {
3692         int64_t size;
3693         int64_t old_backing_size = 0;
3694         int64_t new_backing_size = 0;
3695         uint64_t offset;
3696         int64_t n;
3697         float local_progress = 0;
3698 
3699         buf_old = blk_blockalign(blk, IO_BUF_SIZE);
3700         buf_new = blk_blockalign(blk, IO_BUF_SIZE);
3701 
3702         size = blk_getlength(blk);
3703         if (size < 0) {
3704             error_report("Could not get size of '%s': %s",
3705                          filename, strerror(-size));
3706             ret = -1;
3707             goto out;
3708         }
3709         if (blk_old_backing) {
3710             old_backing_size = blk_getlength(blk_old_backing);
3711             if (old_backing_size < 0) {
3712                 char backing_name[PATH_MAX];
3713 
3714                 bdrv_get_backing_filename(bs, backing_name,
3715                                           sizeof(backing_name));
3716                 error_report("Could not get size of '%s': %s",
3717                              backing_name, strerror(-old_backing_size));
3718                 ret = -1;
3719                 goto out;
3720             }
3721         }
3722         if (blk_new_backing) {
3723             new_backing_size = blk_getlength(blk_new_backing);
3724             if (new_backing_size < 0) {
3725                 error_report("Could not get size of '%s': %s",
3726                              out_baseimg, strerror(-new_backing_size));
3727                 ret = -1;
3728                 goto out;
3729             }
3730         }
3731 
3732         if (size != 0) {
3733             local_progress = (float)100 / (size / MIN(size, IO_BUF_SIZE));
3734         }
3735 
3736         for (offset = 0; offset < size; offset += n) {
3737             bool buf_old_is_zero = false;
3738 
3739             /* How many bytes can we handle with the next read? */
3740             n = MIN(IO_BUF_SIZE, size - offset);
3741 
3742             /* If the cluster is allocated, we don't need to take action */
3743             ret = bdrv_is_allocated(unfiltered_bs, offset, n, &n);
3744             if (ret < 0) {
3745                 error_report("error while reading image metadata: %s",
3746                              strerror(-ret));
3747                 goto out;
3748             }
3749             if (ret) {
3750                 continue;
3751             }
3752 
3753             if (prefix_chain_bs) {
3754                 /*
3755                  * If cluster wasn't changed since prefix_chain, we don't need
3756                  * to take action
3757                  */
3758                 ret = bdrv_is_allocated_above(bdrv_cow_bs(unfiltered_bs),
3759                                               prefix_chain_bs, false,
3760                                               offset, n, &n);
3761                 if (ret < 0) {
3762                     error_report("error while reading image metadata: %s",
3763                                  strerror(-ret));
3764                     goto out;
3765                 }
3766                 if (!ret) {
3767                     continue;
3768                 }
3769             }
3770 
3771             /*
3772              * Read old and new backing file and take into consideration that
3773              * backing files may be smaller than the COW image.
3774              */
3775             if (offset >= old_backing_size) {
3776                 memset(buf_old, 0, n);
3777                 buf_old_is_zero = true;
3778             } else {
3779                 if (offset + n > old_backing_size) {
3780                     n = old_backing_size - offset;
3781                 }
3782 
3783                 ret = blk_pread(blk_old_backing, offset, buf_old, n);
3784                 if (ret < 0) {
3785                     error_report("error while reading from old backing file");
3786                     goto out;
3787                 }
3788             }
3789 
3790             if (offset >= new_backing_size || !blk_new_backing) {
3791                 memset(buf_new, 0, n);
3792             } else {
3793                 if (offset + n > new_backing_size) {
3794                     n = new_backing_size - offset;
3795                 }
3796 
3797                 ret = blk_pread(blk_new_backing, offset, buf_new, n);
3798                 if (ret < 0) {
3799                     error_report("error while reading from new backing file");
3800                     goto out;
3801                 }
3802             }
3803 
3804             /* If they differ, we need to write to the COW file */
3805             uint64_t written = 0;
3806 
3807             while (written < n) {
3808                 int64_t pnum;
3809 
3810                 if (compare_buffers(buf_old + written, buf_new + written,
3811                                     n - written, &pnum))
3812                 {
3813                     if (buf_old_is_zero) {
3814                         ret = blk_pwrite_zeroes(blk, offset + written, pnum, 0);
3815                     } else {
3816                         ret = blk_pwrite(blk, offset + written,
3817                                          buf_old + written, pnum, 0);
3818                     }
3819                     if (ret < 0) {
3820                         error_report("Error while writing to COW image: %s",
3821                             strerror(-ret));
3822                         goto out;
3823                     }
3824                 }
3825 
3826                 written += pnum;
3827             }
3828             qemu_progress_print(local_progress, 100);
3829         }
3830     }
3831 
3832     /*
3833      * Change the backing file. All clusters that are different from the old
3834      * backing file are overwritten in the COW file now, so the visible content
3835      * doesn't change when we switch the backing file.
3836      */
3837     if (out_baseimg && *out_baseimg) {
3838         ret = bdrv_change_backing_file(unfiltered_bs, out_baseimg, out_basefmt,
3839                                        true);
3840     } else {
3841         ret = bdrv_change_backing_file(unfiltered_bs, NULL, NULL, false);
3842     }
3843 
3844     if (ret == -ENOSPC) {
3845         error_report("Could not change the backing file to '%s': No "
3846                      "space left in the file header", out_baseimg);
3847     } else if (ret < 0) {
3848         error_report("Could not change the backing file to '%s': %s",
3849             out_baseimg, strerror(-ret));
3850     }
3851 
3852     qemu_progress_print(100, 0);
3853     /*
3854      * TODO At this point it is possible to check if any clusters that are
3855      * allocated in the COW file are the same in the backing file. If so, they
3856      * could be dropped from the COW file. Don't do this before switching the
3857      * backing file, in case of a crash this would lead to corruption.
3858      */
3859 out:
3860     qemu_progress_end();
3861     /* Cleanup */
3862     if (!unsafe) {
3863         blk_unref(blk_old_backing);
3864         blk_unref(blk_new_backing);
3865     }
3866     qemu_vfree(buf_old);
3867     qemu_vfree(buf_new);
3868 
3869     blk_unref(blk);
3870     if (ret) {
3871         return 1;
3872     }
3873     return 0;
3874 }
3875 
3876 static int img_resize(int argc, char **argv)
3877 {
3878     Error *err = NULL;
3879     int c, ret, relative;
3880     const char *filename, *fmt, *size;
3881     int64_t n, total_size, current_size;
3882     bool quiet = false;
3883     BlockBackend *blk = NULL;
3884     PreallocMode prealloc = PREALLOC_MODE_OFF;
3885     QemuOpts *param;
3886 
3887     static QemuOptsList resize_options = {
3888         .name = "resize_options",
3889         .head = QTAILQ_HEAD_INITIALIZER(resize_options.head),
3890         .desc = {
3891             {
3892                 .name = BLOCK_OPT_SIZE,
3893                 .type = QEMU_OPT_SIZE,
3894                 .help = "Virtual disk size"
3895             }, {
3896                 /* end of list */
3897             }
3898         },
3899     };
3900     bool image_opts = false;
3901     bool shrink = false;
3902 
3903     /* Remove size from argv manually so that negative numbers are not treated
3904      * as options by getopt. */
3905     if (argc < 3) {
3906         error_exit("Not enough arguments");
3907         return 1;
3908     }
3909 
3910     size = argv[--argc];
3911 
3912     /* Parse getopt arguments */
3913     fmt = NULL;
3914     for(;;) {
3915         static const struct option long_options[] = {
3916             {"help", no_argument, 0, 'h'},
3917             {"object", required_argument, 0, OPTION_OBJECT},
3918             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
3919             {"preallocation", required_argument, 0, OPTION_PREALLOCATION},
3920             {"shrink", no_argument, 0, OPTION_SHRINK},
3921             {0, 0, 0, 0}
3922         };
3923         c = getopt_long(argc, argv, ":f:hq",
3924                         long_options, NULL);
3925         if (c == -1) {
3926             break;
3927         }
3928         switch(c) {
3929         case ':':
3930             missing_argument(argv[optind - 1]);
3931             break;
3932         case '?':
3933             unrecognized_option(argv[optind - 1]);
3934             break;
3935         case 'h':
3936             help();
3937             break;
3938         case 'f':
3939             fmt = optarg;
3940             break;
3941         case 'q':
3942             quiet = true;
3943             break;
3944         case OPTION_OBJECT: {
3945             QemuOpts *opts;
3946             opts = qemu_opts_parse_noisily(&qemu_object_opts,
3947                                            optarg, true);
3948             if (!opts) {
3949                 return 1;
3950             }
3951         }   break;
3952         case OPTION_IMAGE_OPTS:
3953             image_opts = true;
3954             break;
3955         case OPTION_PREALLOCATION:
3956             prealloc = qapi_enum_parse(&PreallocMode_lookup, optarg,
3957                                        PREALLOC_MODE__MAX, NULL);
3958             if (prealloc == PREALLOC_MODE__MAX) {
3959                 error_report("Invalid preallocation mode '%s'", optarg);
3960                 return 1;
3961             }
3962             break;
3963         case OPTION_SHRINK:
3964             shrink = true;
3965             break;
3966         }
3967     }
3968     if (optind != argc - 1) {
3969         error_exit("Expecting image file name and size");
3970     }
3971     filename = argv[optind++];
3972 
3973     if (qemu_opts_foreach(&qemu_object_opts,
3974                           user_creatable_add_opts_foreach,
3975                           qemu_img_object_print_help, &error_fatal)) {
3976         return 1;
3977     }
3978 
3979     /* Choose grow, shrink, or absolute resize mode */
3980     switch (size[0]) {
3981     case '+':
3982         relative = 1;
3983         size++;
3984         break;
3985     case '-':
3986         relative = -1;
3987         size++;
3988         break;
3989     default:
3990         relative = 0;
3991         break;
3992     }
3993 
3994     /* Parse size */
3995     param = qemu_opts_create(&resize_options, NULL, 0, &error_abort);
3996     if (!qemu_opt_set(param, BLOCK_OPT_SIZE, size, &err)) {
3997         error_report_err(err);
3998         ret = -1;
3999         qemu_opts_del(param);
4000         goto out;
4001     }
4002     n = qemu_opt_get_size(param, BLOCK_OPT_SIZE, 0);
4003     qemu_opts_del(param);
4004 
4005     blk = img_open(image_opts, filename, fmt,
4006                    BDRV_O_RDWR | BDRV_O_RESIZE, false, quiet,
4007                    false);
4008     if (!blk) {
4009         ret = -1;
4010         goto out;
4011     }
4012 
4013     current_size = blk_getlength(blk);
4014     if (current_size < 0) {
4015         error_report("Failed to inquire current image length: %s",
4016                      strerror(-current_size));
4017         ret = -1;
4018         goto out;
4019     }
4020 
4021     if (relative) {
4022         total_size = current_size + n * relative;
4023     } else {
4024         total_size = n;
4025     }
4026     if (total_size <= 0) {
4027         error_report("New image size must be positive");
4028         ret = -1;
4029         goto out;
4030     }
4031 
4032     if (total_size <= current_size && prealloc != PREALLOC_MODE_OFF) {
4033         error_report("Preallocation can only be used for growing images");
4034         ret = -1;
4035         goto out;
4036     }
4037 
4038     if (total_size < current_size && !shrink) {
4039         error_report("Use the --shrink option to perform a shrink operation.");
4040         warn_report("Shrinking an image will delete all data beyond the "
4041                     "shrunken image's end. Before performing such an "
4042                     "operation, make sure there is no important data there.");
4043         ret = -1;
4044         goto out;
4045     }
4046 
4047     /*
4048      * The user expects the image to have the desired size after
4049      * resizing, so pass @exact=true.  It is of no use to report
4050      * success when the image has not actually been resized.
4051      */
4052     ret = blk_truncate(blk, total_size, true, prealloc, 0, &err);
4053     if (!ret) {
4054         qprintf(quiet, "Image resized.\n");
4055     } else {
4056         error_report_err(err);
4057     }
4058 out:
4059     blk_unref(blk);
4060     if (ret) {
4061         return 1;
4062     }
4063     return 0;
4064 }
4065 
4066 static void amend_status_cb(BlockDriverState *bs,
4067                             int64_t offset, int64_t total_work_size,
4068                             void *opaque)
4069 {
4070     qemu_progress_print(100.f * offset / total_work_size, 0);
4071 }
4072 
4073 static int print_amend_option_help(const char *format)
4074 {
4075     BlockDriver *drv;
4076 
4077     /* Find driver and parse its options */
4078     drv = bdrv_find_format(format);
4079     if (!drv) {
4080         error_report("Unknown file format '%s'", format);
4081         return 1;
4082     }
4083 
4084     if (!drv->bdrv_amend_options) {
4085         error_report("Format driver '%s' does not support option amendment",
4086                      format);
4087         return 1;
4088     }
4089 
4090     /* Every driver supporting amendment must have amend_opts */
4091     assert(drv->amend_opts);
4092 
4093     printf("Amend options for '%s':\n", format);
4094     qemu_opts_print_help(drv->amend_opts, false);
4095     return 0;
4096 }
4097 
4098 static int img_amend(int argc, char **argv)
4099 {
4100     Error *err = NULL;
4101     int c, ret = 0;
4102     char *options = NULL;
4103     QemuOptsList *amend_opts = NULL;
4104     QemuOpts *opts = NULL;
4105     const char *fmt = NULL, *filename, *cache;
4106     int flags;
4107     bool writethrough;
4108     bool quiet = false, progress = false;
4109     BlockBackend *blk = NULL;
4110     BlockDriverState *bs = NULL;
4111     bool image_opts = false;
4112     bool force = false;
4113 
4114     cache = BDRV_DEFAULT_CACHE;
4115     for (;;) {
4116         static const struct option long_options[] = {
4117             {"help", no_argument, 0, 'h'},
4118             {"object", required_argument, 0, OPTION_OBJECT},
4119             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
4120             {"force", no_argument, 0, OPTION_FORCE},
4121             {0, 0, 0, 0}
4122         };
4123         c = getopt_long(argc, argv, ":ho:f:t:pq",
4124                         long_options, NULL);
4125         if (c == -1) {
4126             break;
4127         }
4128 
4129         switch (c) {
4130         case ':':
4131             missing_argument(argv[optind - 1]);
4132             break;
4133         case '?':
4134             unrecognized_option(argv[optind - 1]);
4135             break;
4136         case 'h':
4137             help();
4138             break;
4139         case 'o':
4140             if (accumulate_options(&options, optarg) < 0) {
4141                 ret = -1;
4142                 goto out_no_progress;
4143             }
4144             break;
4145         case 'f':
4146             fmt = optarg;
4147             break;
4148         case 't':
4149             cache = optarg;
4150             break;
4151         case 'p':
4152             progress = true;
4153             break;
4154         case 'q':
4155             quiet = true;
4156             break;
4157         case OPTION_OBJECT:
4158             opts = qemu_opts_parse_noisily(&qemu_object_opts,
4159                                            optarg, true);
4160             if (!opts) {
4161                 ret = -1;
4162                 goto out_no_progress;
4163             }
4164             break;
4165         case OPTION_IMAGE_OPTS:
4166             image_opts = true;
4167             break;
4168         case OPTION_FORCE:
4169             force = true;
4170             break;
4171         }
4172     }
4173 
4174     if (!options) {
4175         error_exit("Must specify options (-o)");
4176     }
4177 
4178     if (qemu_opts_foreach(&qemu_object_opts,
4179                           user_creatable_add_opts_foreach,
4180                           qemu_img_object_print_help, &error_fatal)) {
4181         ret = -1;
4182         goto out_no_progress;
4183     }
4184 
4185     if (quiet) {
4186         progress = false;
4187     }
4188     qemu_progress_init(progress, 1.0);
4189 
4190     filename = (optind == argc - 1) ? argv[argc - 1] : NULL;
4191     if (fmt && has_help_option(options)) {
4192         /* If a format is explicitly specified (and possibly no filename is
4193          * given), print option help here */
4194         ret = print_amend_option_help(fmt);
4195         goto out;
4196     }
4197 
4198     if (optind != argc - 1) {
4199         error_report("Expecting one image file name");
4200         ret = -1;
4201         goto out;
4202     }
4203 
4204     flags = BDRV_O_RDWR;
4205     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
4206     if (ret < 0) {
4207         error_report("Invalid cache option: %s", cache);
4208         goto out;
4209     }
4210 
4211     blk = img_open(image_opts, filename, fmt, flags, writethrough, quiet,
4212                    false);
4213     if (!blk) {
4214         ret = -1;
4215         goto out;
4216     }
4217     bs = blk_bs(blk);
4218 
4219     fmt = bs->drv->format_name;
4220 
4221     if (has_help_option(options)) {
4222         /* If the format was auto-detected, print option help here */
4223         ret = print_amend_option_help(fmt);
4224         goto out;
4225     }
4226 
4227     if (!bs->drv->bdrv_amend_options) {
4228         error_report("Format driver '%s' does not support option amendment",
4229                      fmt);
4230         ret = -1;
4231         goto out;
4232     }
4233 
4234     /* Every driver supporting amendment must have amend_opts */
4235     assert(bs->drv->amend_opts);
4236 
4237     amend_opts = qemu_opts_append(amend_opts, bs->drv->amend_opts);
4238     opts = qemu_opts_create(amend_opts, NULL, 0, &error_abort);
4239     if (!qemu_opts_do_parse(opts, options, NULL, &err)) {
4240         /* Try to parse options using the create options */
4241         amend_opts = qemu_opts_append(amend_opts, bs->drv->create_opts);
4242         qemu_opts_del(opts);
4243         opts = qemu_opts_create(amend_opts, NULL, 0, &error_abort);
4244         if (qemu_opts_do_parse(opts, options, NULL, NULL)) {
4245             error_append_hint(&err,
4246                               "This option is only supported for image creation\n");
4247         }
4248 
4249         error_report_err(err);
4250         ret = -1;
4251         goto out;
4252     }
4253 
4254     /* In case the driver does not call amend_status_cb() */
4255     qemu_progress_print(0.f, 0);
4256     ret = bdrv_amend_options(bs, opts, &amend_status_cb, NULL, force, &err);
4257     qemu_progress_print(100.f, 0);
4258     if (ret < 0) {
4259         error_report_err(err);
4260         goto out;
4261     }
4262 
4263 out:
4264     qemu_progress_end();
4265 
4266 out_no_progress:
4267     blk_unref(blk);
4268     qemu_opts_del(opts);
4269     qemu_opts_free(amend_opts);
4270     g_free(options);
4271 
4272     if (ret) {
4273         return 1;
4274     }
4275     return 0;
4276 }
4277 
4278 typedef struct BenchData {
4279     BlockBackend *blk;
4280     uint64_t image_size;
4281     bool write;
4282     int bufsize;
4283     int step;
4284     int nrreq;
4285     int n;
4286     int flush_interval;
4287     bool drain_on_flush;
4288     uint8_t *buf;
4289     QEMUIOVector *qiov;
4290 
4291     int in_flight;
4292     bool in_flush;
4293     uint64_t offset;
4294 } BenchData;
4295 
4296 static void bench_undrained_flush_cb(void *opaque, int ret)
4297 {
4298     if (ret < 0) {
4299         error_report("Failed flush request: %s", strerror(-ret));
4300         exit(EXIT_FAILURE);
4301     }
4302 }
4303 
4304 static void bench_cb(void *opaque, int ret)
4305 {
4306     BenchData *b = opaque;
4307     BlockAIOCB *acb;
4308 
4309     if (ret < 0) {
4310         error_report("Failed request: %s", strerror(-ret));
4311         exit(EXIT_FAILURE);
4312     }
4313 
4314     if (b->in_flush) {
4315         /* Just finished a flush with drained queue: Start next requests */
4316         assert(b->in_flight == 0);
4317         b->in_flush = false;
4318     } else if (b->in_flight > 0) {
4319         int remaining = b->n - b->in_flight;
4320 
4321         b->n--;
4322         b->in_flight--;
4323 
4324         /* Time for flush? Drain queue if requested, then flush */
4325         if (b->flush_interval && remaining % b->flush_interval == 0) {
4326             if (!b->in_flight || !b->drain_on_flush) {
4327                 BlockCompletionFunc *cb;
4328 
4329                 if (b->drain_on_flush) {
4330                     b->in_flush = true;
4331                     cb = bench_cb;
4332                 } else {
4333                     cb = bench_undrained_flush_cb;
4334                 }
4335 
4336                 acb = blk_aio_flush(b->blk, cb, b);
4337                 if (!acb) {
4338                     error_report("Failed to issue flush request");
4339                     exit(EXIT_FAILURE);
4340                 }
4341             }
4342             if (b->drain_on_flush) {
4343                 return;
4344             }
4345         }
4346     }
4347 
4348     while (b->n > b->in_flight && b->in_flight < b->nrreq) {
4349         int64_t offset = b->offset;
4350         /* blk_aio_* might look for completed I/Os and kick bench_cb
4351          * again, so make sure this operation is counted by in_flight
4352          * and b->offset is ready for the next submission.
4353          */
4354         b->in_flight++;
4355         b->offset += b->step;
4356         b->offset %= b->image_size;
4357         if (b->write) {
4358             acb = blk_aio_pwritev(b->blk, offset, b->qiov, 0, bench_cb, b);
4359         } else {
4360             acb = blk_aio_preadv(b->blk, offset, b->qiov, 0, bench_cb, b);
4361         }
4362         if (!acb) {
4363             error_report("Failed to issue request");
4364             exit(EXIT_FAILURE);
4365         }
4366     }
4367 }
4368 
4369 static int img_bench(int argc, char **argv)
4370 {
4371     int c, ret = 0;
4372     const char *fmt = NULL, *filename;
4373     bool quiet = false;
4374     bool image_opts = false;
4375     bool is_write = false;
4376     int count = 75000;
4377     int depth = 64;
4378     int64_t offset = 0;
4379     size_t bufsize = 4096;
4380     int pattern = 0;
4381     size_t step = 0;
4382     int flush_interval = 0;
4383     bool drain_on_flush = true;
4384     int64_t image_size;
4385     BlockBackend *blk = NULL;
4386     BenchData data = {};
4387     int flags = 0;
4388     bool writethrough = false;
4389     struct timeval t1, t2;
4390     int i;
4391     bool force_share = false;
4392     size_t buf_size;
4393 
4394     for (;;) {
4395         static const struct option long_options[] = {
4396             {"help", no_argument, 0, 'h'},
4397             {"flush-interval", required_argument, 0, OPTION_FLUSH_INTERVAL},
4398             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
4399             {"pattern", required_argument, 0, OPTION_PATTERN},
4400             {"no-drain", no_argument, 0, OPTION_NO_DRAIN},
4401             {"force-share", no_argument, 0, 'U'},
4402             {0, 0, 0, 0}
4403         };
4404         c = getopt_long(argc, argv, ":hc:d:f:ni:o:qs:S:t:wU", long_options,
4405                         NULL);
4406         if (c == -1) {
4407             break;
4408         }
4409 
4410         switch (c) {
4411         case ':':
4412             missing_argument(argv[optind - 1]);
4413             break;
4414         case '?':
4415             unrecognized_option(argv[optind - 1]);
4416             break;
4417         case 'h':
4418             help();
4419             break;
4420         case 'c':
4421         {
4422             unsigned long res;
4423 
4424             if (qemu_strtoul(optarg, NULL, 0, &res) < 0 || res > INT_MAX) {
4425                 error_report("Invalid request count specified");
4426                 return 1;
4427             }
4428             count = res;
4429             break;
4430         }
4431         case 'd':
4432         {
4433             unsigned long res;
4434 
4435             if (qemu_strtoul(optarg, NULL, 0, &res) < 0 || res > INT_MAX) {
4436                 error_report("Invalid queue depth specified");
4437                 return 1;
4438             }
4439             depth = res;
4440             break;
4441         }
4442         case 'f':
4443             fmt = optarg;
4444             break;
4445         case 'n':
4446             flags |= BDRV_O_NATIVE_AIO;
4447             break;
4448         case 'i':
4449             ret = bdrv_parse_aio(optarg, &flags);
4450             if (ret < 0) {
4451                 error_report("Invalid aio option: %s", optarg);
4452                 ret = -1;
4453                 goto out;
4454             }
4455             break;
4456         case 'o':
4457         {
4458             offset = cvtnum("offset", optarg);
4459             if (offset < 0) {
4460                 return 1;
4461             }
4462             break;
4463         }
4464             break;
4465         case 'q':
4466             quiet = true;
4467             break;
4468         case 's':
4469         {
4470             int64_t sval;
4471 
4472             sval = cvtnum_full("buffer size", optarg, 0, INT_MAX);
4473             if (sval < 0) {
4474                 return 1;
4475             }
4476 
4477             bufsize = sval;
4478             break;
4479         }
4480         case 'S':
4481         {
4482             int64_t sval;
4483 
4484             sval = cvtnum_full("step_size", optarg, 0, INT_MAX);
4485             if (sval < 0) {
4486                 return 1;
4487             }
4488 
4489             step = sval;
4490             break;
4491         }
4492         case 't':
4493             ret = bdrv_parse_cache_mode(optarg, &flags, &writethrough);
4494             if (ret < 0) {
4495                 error_report("Invalid cache mode");
4496                 ret = -1;
4497                 goto out;
4498             }
4499             break;
4500         case 'w':
4501             flags |= BDRV_O_RDWR;
4502             is_write = true;
4503             break;
4504         case 'U':
4505             force_share = true;
4506             break;
4507         case OPTION_PATTERN:
4508         {
4509             unsigned long res;
4510 
4511             if (qemu_strtoul(optarg, NULL, 0, &res) < 0 || res > 0xff) {
4512                 error_report("Invalid pattern byte specified");
4513                 return 1;
4514             }
4515             pattern = res;
4516             break;
4517         }
4518         case OPTION_FLUSH_INTERVAL:
4519         {
4520             unsigned long res;
4521 
4522             if (qemu_strtoul(optarg, NULL, 0, &res) < 0 || res > INT_MAX) {
4523                 error_report("Invalid flush interval specified");
4524                 return 1;
4525             }
4526             flush_interval = res;
4527             break;
4528         }
4529         case OPTION_NO_DRAIN:
4530             drain_on_flush = false;
4531             break;
4532         case OPTION_IMAGE_OPTS:
4533             image_opts = true;
4534             break;
4535         }
4536     }
4537 
4538     if (optind != argc - 1) {
4539         error_exit("Expecting one image file name");
4540     }
4541     filename = argv[argc - 1];
4542 
4543     if (!is_write && flush_interval) {
4544         error_report("--flush-interval is only available in write tests");
4545         ret = -1;
4546         goto out;
4547     }
4548     if (flush_interval && flush_interval < depth) {
4549         error_report("Flush interval can't be smaller than depth");
4550         ret = -1;
4551         goto out;
4552     }
4553 
4554     blk = img_open(image_opts, filename, fmt, flags, writethrough, quiet,
4555                    force_share);
4556     if (!blk) {
4557         ret = -1;
4558         goto out;
4559     }
4560 
4561     image_size = blk_getlength(blk);
4562     if (image_size < 0) {
4563         ret = image_size;
4564         goto out;
4565     }
4566 
4567     data = (BenchData) {
4568         .blk            = blk,
4569         .image_size     = image_size,
4570         .bufsize        = bufsize,
4571         .step           = step ?: bufsize,
4572         .nrreq          = depth,
4573         .n              = count,
4574         .offset         = offset,
4575         .write          = is_write,
4576         .flush_interval = flush_interval,
4577         .drain_on_flush = drain_on_flush,
4578     };
4579     printf("Sending %d %s requests, %d bytes each, %d in parallel "
4580            "(starting at offset %" PRId64 ", step size %d)\n",
4581            data.n, data.write ? "write" : "read", data.bufsize, data.nrreq,
4582            data.offset, data.step);
4583     if (flush_interval) {
4584         printf("Sending flush every %d requests\n", flush_interval);
4585     }
4586 
4587     buf_size = data.nrreq * data.bufsize;
4588     data.buf = blk_blockalign(blk, buf_size);
4589     memset(data.buf, pattern, data.nrreq * data.bufsize);
4590 
4591     blk_register_buf(blk, data.buf, buf_size);
4592 
4593     data.qiov = g_new(QEMUIOVector, data.nrreq);
4594     for (i = 0; i < data.nrreq; i++) {
4595         qemu_iovec_init(&data.qiov[i], 1);
4596         qemu_iovec_add(&data.qiov[i],
4597                        data.buf + i * data.bufsize, data.bufsize);
4598     }
4599 
4600     gettimeofday(&t1, NULL);
4601     bench_cb(&data, 0);
4602 
4603     while (data.n > 0) {
4604         main_loop_wait(false);
4605     }
4606     gettimeofday(&t2, NULL);
4607 
4608     printf("Run completed in %3.3f seconds.\n",
4609            (t2.tv_sec - t1.tv_sec)
4610            + ((double)(t2.tv_usec - t1.tv_usec) / 1000000));
4611 
4612 out:
4613     if (data.buf) {
4614         blk_unregister_buf(blk, data.buf);
4615     }
4616     qemu_vfree(data.buf);
4617     blk_unref(blk);
4618 
4619     if (ret) {
4620         return 1;
4621     }
4622     return 0;
4623 }
4624 
4625 enum ImgBitmapAct {
4626     BITMAP_ADD,
4627     BITMAP_REMOVE,
4628     BITMAP_CLEAR,
4629     BITMAP_ENABLE,
4630     BITMAP_DISABLE,
4631     BITMAP_MERGE,
4632 };
4633 typedef struct ImgBitmapAction {
4634     enum ImgBitmapAct act;
4635     const char *src; /* only used for merge */
4636     QSIMPLEQ_ENTRY(ImgBitmapAction) next;
4637 } ImgBitmapAction;
4638 
4639 static int img_bitmap(int argc, char **argv)
4640 {
4641     Error *err = NULL;
4642     int c, ret = 1;
4643     QemuOpts *opts = NULL;
4644     const char *fmt = NULL, *src_fmt = NULL, *src_filename = NULL;
4645     const char *filename, *bitmap;
4646     BlockBackend *blk = NULL, *src = NULL;
4647     BlockDriverState *bs = NULL, *src_bs = NULL;
4648     bool image_opts = false;
4649     int64_t granularity = 0;
4650     bool add = false, merge = false;
4651     QSIMPLEQ_HEAD(, ImgBitmapAction) actions;
4652     ImgBitmapAction *act, *act_next;
4653     const char *op;
4654 
4655     QSIMPLEQ_INIT(&actions);
4656 
4657     for (;;) {
4658         static const struct option long_options[] = {
4659             {"help", no_argument, 0, 'h'},
4660             {"object", required_argument, 0, OPTION_OBJECT},
4661             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
4662             {"add", no_argument, 0, OPTION_ADD},
4663             {"remove", no_argument, 0, OPTION_REMOVE},
4664             {"clear", no_argument, 0, OPTION_CLEAR},
4665             {"enable", no_argument, 0, OPTION_ENABLE},
4666             {"disable", no_argument, 0, OPTION_DISABLE},
4667             {"merge", required_argument, 0, OPTION_MERGE},
4668             {"granularity", required_argument, 0, 'g'},
4669             {"source-file", required_argument, 0, 'b'},
4670             {"source-format", required_argument, 0, 'F'},
4671             {0, 0, 0, 0}
4672         };
4673         c = getopt_long(argc, argv, ":b:f:F:g:h", long_options, NULL);
4674         if (c == -1) {
4675             break;
4676         }
4677 
4678         switch (c) {
4679         case ':':
4680             missing_argument(argv[optind - 1]);
4681             break;
4682         case '?':
4683             unrecognized_option(argv[optind - 1]);
4684             break;
4685         case 'h':
4686             help();
4687             break;
4688         case 'b':
4689             src_filename = optarg;
4690             break;
4691         case 'f':
4692             fmt = optarg;
4693             break;
4694         case 'F':
4695             src_fmt = optarg;
4696             break;
4697         case 'g':
4698             granularity = cvtnum("granularity", optarg);
4699             if (granularity < 0) {
4700                 return 1;
4701             }
4702             break;
4703         case OPTION_ADD:
4704             act = g_new0(ImgBitmapAction, 1);
4705             act->act = BITMAP_ADD;
4706             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4707             add = true;
4708             break;
4709         case OPTION_REMOVE:
4710             act = g_new0(ImgBitmapAction, 1);
4711             act->act = BITMAP_REMOVE;
4712             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4713             break;
4714         case OPTION_CLEAR:
4715             act = g_new0(ImgBitmapAction, 1);
4716             act->act = BITMAP_CLEAR;
4717             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4718             break;
4719         case OPTION_ENABLE:
4720             act = g_new0(ImgBitmapAction, 1);
4721             act->act = BITMAP_ENABLE;
4722             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4723             break;
4724         case OPTION_DISABLE:
4725             act = g_new0(ImgBitmapAction, 1);
4726             act->act = BITMAP_DISABLE;
4727             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4728             break;
4729         case OPTION_MERGE:
4730             act = g_new0(ImgBitmapAction, 1);
4731             act->act = BITMAP_MERGE;
4732             act->src = optarg;
4733             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4734             merge = true;
4735             break;
4736         case OPTION_OBJECT:
4737             opts = qemu_opts_parse_noisily(&qemu_object_opts, optarg, true);
4738             if (!opts) {
4739                 goto out;
4740             }
4741             break;
4742         case OPTION_IMAGE_OPTS:
4743             image_opts = true;
4744             break;
4745         }
4746     }
4747 
4748     if (qemu_opts_foreach(&qemu_object_opts,
4749                           user_creatable_add_opts_foreach,
4750                           qemu_img_object_print_help, &error_fatal)) {
4751         goto out;
4752     }
4753 
4754     if (QSIMPLEQ_EMPTY(&actions)) {
4755         error_report("Need at least one of --add, --remove, --clear, "
4756                      "--enable, --disable, or --merge");
4757         goto out;
4758     }
4759 
4760     if (granularity && !add) {
4761         error_report("granularity only supported with --add");
4762         goto out;
4763     }
4764     if (src_fmt && !src_filename) {
4765         error_report("-F only supported with -b");
4766         goto out;
4767     }
4768     if (src_filename && !merge) {
4769         error_report("Merge bitmap source file only supported with "
4770                      "--merge");
4771         goto out;
4772     }
4773 
4774     if (optind != argc - 2) {
4775         error_report("Expecting filename and bitmap name");
4776         goto out;
4777     }
4778 
4779     filename = argv[optind];
4780     bitmap = argv[optind + 1];
4781 
4782     blk = img_open(image_opts, filename, fmt, BDRV_O_RDWR, false, false,
4783                    false);
4784     if (!blk) {
4785         goto out;
4786     }
4787     bs = blk_bs(blk);
4788     if (src_filename) {
4789         src = img_open(false, src_filename, src_fmt, 0, false, false, false);
4790         if (!src) {
4791             goto out;
4792         }
4793         src_bs = blk_bs(src);
4794     } else {
4795         src_bs = bs;
4796     }
4797 
4798     QSIMPLEQ_FOREACH_SAFE(act, &actions, next, act_next) {
4799         switch (act->act) {
4800         case BITMAP_ADD:
4801             qmp_block_dirty_bitmap_add(bs->node_name, bitmap,
4802                                        !!granularity, granularity, true, true,
4803                                        false, false, &err);
4804             op = "add";
4805             break;
4806         case BITMAP_REMOVE:
4807             qmp_block_dirty_bitmap_remove(bs->node_name, bitmap, &err);
4808             op = "remove";
4809             break;
4810         case BITMAP_CLEAR:
4811             qmp_block_dirty_bitmap_clear(bs->node_name, bitmap, &err);
4812             op = "clear";
4813             break;
4814         case BITMAP_ENABLE:
4815             qmp_block_dirty_bitmap_enable(bs->node_name, bitmap, &err);
4816             op = "enable";
4817             break;
4818         case BITMAP_DISABLE:
4819             qmp_block_dirty_bitmap_disable(bs->node_name, bitmap, &err);
4820             op = "disable";
4821             break;
4822         case BITMAP_MERGE:
4823             do_dirty_bitmap_merge(bs->node_name, bitmap, src_bs->node_name,
4824                                   act->src, &err);
4825             op = "merge";
4826             break;
4827         default:
4828             g_assert_not_reached();
4829         }
4830 
4831         if (err) {
4832             error_reportf_err(err, "Operation %s on bitmap %s failed: ",
4833                               op, bitmap);
4834             goto out;
4835         }
4836         g_free(act);
4837     }
4838 
4839     ret = 0;
4840 
4841  out:
4842     blk_unref(src);
4843     blk_unref(blk);
4844     qemu_opts_del(opts);
4845     return ret;
4846 }
4847 
4848 #define C_BS      01
4849 #define C_COUNT   02
4850 #define C_IF      04
4851 #define C_OF      010
4852 #define C_SKIP    020
4853 
4854 struct DdInfo {
4855     unsigned int flags;
4856     int64_t count;
4857 };
4858 
4859 struct DdIo {
4860     int bsz;    /* Block size */
4861     char *filename;
4862     uint8_t *buf;
4863     int64_t offset;
4864 };
4865 
4866 struct DdOpts {
4867     const char *name;
4868     int (*f)(const char *, struct DdIo *, struct DdIo *, struct DdInfo *);
4869     unsigned int flag;
4870 };
4871 
4872 static int img_dd_bs(const char *arg,
4873                      struct DdIo *in, struct DdIo *out,
4874                      struct DdInfo *dd)
4875 {
4876     int64_t res;
4877 
4878     res = cvtnum_full("bs", arg, 1, INT_MAX);
4879 
4880     if (res < 0) {
4881         return 1;
4882     }
4883     in->bsz = out->bsz = res;
4884 
4885     return 0;
4886 }
4887 
4888 static int img_dd_count(const char *arg,
4889                         struct DdIo *in, struct DdIo *out,
4890                         struct DdInfo *dd)
4891 {
4892     dd->count = cvtnum("count", arg);
4893 
4894     if (dd->count < 0) {
4895         return 1;
4896     }
4897 
4898     return 0;
4899 }
4900 
4901 static int img_dd_if(const char *arg,
4902                      struct DdIo *in, struct DdIo *out,
4903                      struct DdInfo *dd)
4904 {
4905     in->filename = g_strdup(arg);
4906 
4907     return 0;
4908 }
4909 
4910 static int img_dd_of(const char *arg,
4911                      struct DdIo *in, struct DdIo *out,
4912                      struct DdInfo *dd)
4913 {
4914     out->filename = g_strdup(arg);
4915 
4916     return 0;
4917 }
4918 
4919 static int img_dd_skip(const char *arg,
4920                        struct DdIo *in, struct DdIo *out,
4921                        struct DdInfo *dd)
4922 {
4923     in->offset = cvtnum("skip", arg);
4924 
4925     if (in->offset < 0) {
4926         return 1;
4927     }
4928 
4929     return 0;
4930 }
4931 
4932 static int img_dd(int argc, char **argv)
4933 {
4934     int ret = 0;
4935     char *arg = NULL;
4936     char *tmp;
4937     BlockDriver *drv = NULL, *proto_drv = NULL;
4938     BlockBackend *blk1 = NULL, *blk2 = NULL;
4939     QemuOpts *opts = NULL;
4940     QemuOptsList *create_opts = NULL;
4941     Error *local_err = NULL;
4942     bool image_opts = false;
4943     int c, i;
4944     const char *out_fmt = "raw";
4945     const char *fmt = NULL;
4946     int64_t size = 0;
4947     int64_t block_count = 0, out_pos, in_pos;
4948     bool force_share = false;
4949     struct DdInfo dd = {
4950         .flags = 0,
4951         .count = 0,
4952     };
4953     struct DdIo in = {
4954         .bsz = 512, /* Block size is by default 512 bytes */
4955         .filename = NULL,
4956         .buf = NULL,
4957         .offset = 0
4958     };
4959     struct DdIo out = {
4960         .bsz = 512,
4961         .filename = NULL,
4962         .buf = NULL,
4963         .offset = 0
4964     };
4965 
4966     const struct DdOpts options[] = {
4967         { "bs", img_dd_bs, C_BS },
4968         { "count", img_dd_count, C_COUNT },
4969         { "if", img_dd_if, C_IF },
4970         { "of", img_dd_of, C_OF },
4971         { "skip", img_dd_skip, C_SKIP },
4972         { NULL, NULL, 0 }
4973     };
4974     const struct option long_options[] = {
4975         { "help", no_argument, 0, 'h'},
4976         { "object", required_argument, 0, OPTION_OBJECT},
4977         { "image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
4978         { "force-share", no_argument, 0, 'U'},
4979         { 0, 0, 0, 0 }
4980     };
4981 
4982     while ((c = getopt_long(argc, argv, ":hf:O:U", long_options, NULL))) {
4983         if (c == EOF) {
4984             break;
4985         }
4986         switch (c) {
4987         case 'O':
4988             out_fmt = optarg;
4989             break;
4990         case 'f':
4991             fmt = optarg;
4992             break;
4993         case ':':
4994             missing_argument(argv[optind - 1]);
4995             break;
4996         case '?':
4997             unrecognized_option(argv[optind - 1]);
4998             break;
4999         case 'h':
5000             help();
5001             break;
5002         case 'U':
5003             force_share = true;
5004             break;
5005         case OPTION_OBJECT:
5006             if (!qemu_opts_parse_noisily(&qemu_object_opts, optarg, true)) {
5007                 ret = -1;
5008                 goto out;
5009             }
5010             break;
5011         case OPTION_IMAGE_OPTS:
5012             image_opts = true;
5013             break;
5014         }
5015     }
5016 
5017     for (i = optind; i < argc; i++) {
5018         int j;
5019         arg = g_strdup(argv[i]);
5020 
5021         tmp = strchr(arg, '=');
5022         if (tmp == NULL) {
5023             error_report("unrecognized operand %s", arg);
5024             ret = -1;
5025             goto out;
5026         }
5027 
5028         *tmp++ = '\0';
5029 
5030         for (j = 0; options[j].name != NULL; j++) {
5031             if (!strcmp(arg, options[j].name)) {
5032                 break;
5033             }
5034         }
5035         if (options[j].name == NULL) {
5036             error_report("unrecognized operand %s", arg);
5037             ret = -1;
5038             goto out;
5039         }
5040 
5041         if (options[j].f(tmp, &in, &out, &dd) != 0) {
5042             ret = -1;
5043             goto out;
5044         }
5045         dd.flags |= options[j].flag;
5046         g_free(arg);
5047         arg = NULL;
5048     }
5049 
5050     if (!(dd.flags & C_IF && dd.flags & C_OF)) {
5051         error_report("Must specify both input and output files");
5052         ret = -1;
5053         goto out;
5054     }
5055 
5056     if (qemu_opts_foreach(&qemu_object_opts,
5057                           user_creatable_add_opts_foreach,
5058                           qemu_img_object_print_help, &error_fatal)) {
5059         ret = -1;
5060         goto out;
5061     }
5062 
5063     blk1 = img_open(image_opts, in.filename, fmt, 0, false, false,
5064                     force_share);
5065 
5066     if (!blk1) {
5067         ret = -1;
5068         goto out;
5069     }
5070 
5071     drv = bdrv_find_format(out_fmt);
5072     if (!drv) {
5073         error_report("Unknown file format");
5074         ret = -1;
5075         goto out;
5076     }
5077     proto_drv = bdrv_find_protocol(out.filename, true, &local_err);
5078 
5079     if (!proto_drv) {
5080         error_report_err(local_err);
5081         ret = -1;
5082         goto out;
5083     }
5084     if (!drv->create_opts) {
5085         error_report("Format driver '%s' does not support image creation",
5086                      drv->format_name);
5087         ret = -1;
5088         goto out;
5089     }
5090     if (!proto_drv->create_opts) {
5091         error_report("Protocol driver '%s' does not support image creation",
5092                      proto_drv->format_name);
5093         ret = -1;
5094         goto out;
5095     }
5096     create_opts = qemu_opts_append(create_opts, drv->create_opts);
5097     create_opts = qemu_opts_append(create_opts, proto_drv->create_opts);
5098 
5099     opts = qemu_opts_create(create_opts, NULL, 0, &error_abort);
5100 
5101     size = blk_getlength(blk1);
5102     if (size < 0) {
5103         error_report("Failed to get size for '%s'", in.filename);
5104         ret = -1;
5105         goto out;
5106     }
5107 
5108     if (dd.flags & C_COUNT && dd.count <= INT64_MAX / in.bsz &&
5109         dd.count * in.bsz < size) {
5110         size = dd.count * in.bsz;
5111     }
5112 
5113     /* Overflow means the specified offset is beyond input image's size */
5114     if (dd.flags & C_SKIP && (in.offset > INT64_MAX / in.bsz ||
5115                               size < in.bsz * in.offset)) {
5116         qemu_opt_set_number(opts, BLOCK_OPT_SIZE, 0, &error_abort);
5117     } else {
5118         qemu_opt_set_number(opts, BLOCK_OPT_SIZE,
5119                             size - in.bsz * in.offset, &error_abort);
5120     }
5121 
5122     ret = bdrv_create(drv, out.filename, opts, &local_err);
5123     if (ret < 0) {
5124         error_reportf_err(local_err,
5125                           "%s: error while creating output image: ",
5126                           out.filename);
5127         ret = -1;
5128         goto out;
5129     }
5130 
5131     /* TODO, we can't honour --image-opts for the target,
5132      * since it needs to be given in a format compatible
5133      * with the bdrv_create() call above which does not
5134      * support image-opts style.
5135      */
5136     blk2 = img_open_file(out.filename, NULL, out_fmt, BDRV_O_RDWR,
5137                          false, false, false);
5138 
5139     if (!blk2) {
5140         ret = -1;
5141         goto out;
5142     }
5143 
5144     if (dd.flags & C_SKIP && (in.offset > INT64_MAX / in.bsz ||
5145                               size < in.offset * in.bsz)) {
5146         /* We give a warning if the skip option is bigger than the input
5147          * size and create an empty output disk image (i.e. like dd(1)).
5148          */
5149         error_report("%s: cannot skip to specified offset", in.filename);
5150         in_pos = size;
5151     } else {
5152         in_pos = in.offset * in.bsz;
5153     }
5154 
5155     in.buf = g_new(uint8_t, in.bsz);
5156 
5157     for (out_pos = 0; in_pos < size; block_count++) {
5158         int in_ret, out_ret;
5159 
5160         if (in_pos + in.bsz > size) {
5161             in_ret = blk_pread(blk1, in_pos, in.buf, size - in_pos);
5162         } else {
5163             in_ret = blk_pread(blk1, in_pos, in.buf, in.bsz);
5164         }
5165         if (in_ret < 0) {
5166             error_report("error while reading from input image file: %s",
5167                          strerror(-in_ret));
5168             ret = -1;
5169             goto out;
5170         }
5171         in_pos += in_ret;
5172 
5173         out_ret = blk_pwrite(blk2, out_pos, in.buf, in_ret, 0);
5174 
5175         if (out_ret < 0) {
5176             error_report("error while writing to output image file: %s",
5177                          strerror(-out_ret));
5178             ret = -1;
5179             goto out;
5180         }
5181         out_pos += out_ret;
5182     }
5183 
5184 out:
5185     g_free(arg);
5186     qemu_opts_del(opts);
5187     qemu_opts_free(create_opts);
5188     blk_unref(blk1);
5189     blk_unref(blk2);
5190     g_free(in.filename);
5191     g_free(out.filename);
5192     g_free(in.buf);
5193     g_free(out.buf);
5194 
5195     if (ret) {
5196         return 1;
5197     }
5198     return 0;
5199 }
5200 
5201 static void dump_json_block_measure_info(BlockMeasureInfo *info)
5202 {
5203     QString *str;
5204     QObject *obj;
5205     Visitor *v = qobject_output_visitor_new(&obj);
5206 
5207     visit_type_BlockMeasureInfo(v, NULL, &info, &error_abort);
5208     visit_complete(v, &obj);
5209     str = qobject_to_json_pretty(obj);
5210     assert(str != NULL);
5211     printf("%s\n", qstring_get_str(str));
5212     qobject_unref(obj);
5213     visit_free(v);
5214     qobject_unref(str);
5215 }
5216 
5217 static int img_measure(int argc, char **argv)
5218 {
5219     static const struct option long_options[] = {
5220         {"help", no_argument, 0, 'h'},
5221         {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
5222         {"object", required_argument, 0, OPTION_OBJECT},
5223         {"output", required_argument, 0, OPTION_OUTPUT},
5224         {"size", required_argument, 0, OPTION_SIZE},
5225         {"force-share", no_argument, 0, 'U'},
5226         {0, 0, 0, 0}
5227     };
5228     OutputFormat output_format = OFORMAT_HUMAN;
5229     BlockBackend *in_blk = NULL;
5230     BlockDriver *drv;
5231     const char *filename = NULL;
5232     const char *fmt = NULL;
5233     const char *out_fmt = "raw";
5234     char *options = NULL;
5235     char *snapshot_name = NULL;
5236     bool force_share = false;
5237     QemuOpts *opts = NULL;
5238     QemuOpts *object_opts = NULL;
5239     QemuOpts *sn_opts = NULL;
5240     QemuOptsList *create_opts = NULL;
5241     bool image_opts = false;
5242     uint64_t img_size = UINT64_MAX;
5243     BlockMeasureInfo *info = NULL;
5244     Error *local_err = NULL;
5245     int ret = 1;
5246     int c;
5247 
5248     while ((c = getopt_long(argc, argv, "hf:O:o:l:U",
5249                             long_options, NULL)) != -1) {
5250         switch (c) {
5251         case '?':
5252         case 'h':
5253             help();
5254             break;
5255         case 'f':
5256             fmt = optarg;
5257             break;
5258         case 'O':
5259             out_fmt = optarg;
5260             break;
5261         case 'o':
5262             if (accumulate_options(&options, optarg) < 0) {
5263                 goto out;
5264             }
5265             break;
5266         case 'l':
5267             if (strstart(optarg, SNAPSHOT_OPT_BASE, NULL)) {
5268                 sn_opts = qemu_opts_parse_noisily(&internal_snapshot_opts,
5269                                                   optarg, false);
5270                 if (!sn_opts) {
5271                     error_report("Failed in parsing snapshot param '%s'",
5272                                  optarg);
5273                     goto out;
5274                 }
5275             } else {
5276                 snapshot_name = optarg;
5277             }
5278             break;
5279         case 'U':
5280             force_share = true;
5281             break;
5282         case OPTION_OBJECT:
5283             object_opts = qemu_opts_parse_noisily(&qemu_object_opts,
5284                                                   optarg, true);
5285             if (!object_opts) {
5286                 goto out;
5287             }
5288             break;
5289         case OPTION_IMAGE_OPTS:
5290             image_opts = true;
5291             break;
5292         case OPTION_OUTPUT:
5293             if (!strcmp(optarg, "json")) {
5294                 output_format = OFORMAT_JSON;
5295             } else if (!strcmp(optarg, "human")) {
5296                 output_format = OFORMAT_HUMAN;
5297             } else {
5298                 error_report("--output must be used with human or json "
5299                              "as argument.");
5300                 goto out;
5301             }
5302             break;
5303         case OPTION_SIZE:
5304         {
5305             int64_t sval;
5306 
5307             sval = cvtnum("image size", optarg);
5308             if (sval < 0) {
5309                 goto out;
5310             }
5311             img_size = (uint64_t)sval;
5312         }
5313         break;
5314         }
5315     }
5316 
5317     if (qemu_opts_foreach(&qemu_object_opts,
5318                           user_creatable_add_opts_foreach,
5319                           qemu_img_object_print_help, &error_fatal)) {
5320         goto out;
5321     }
5322 
5323     if (argc - optind > 1) {
5324         error_report("At most one filename argument is allowed.");
5325         goto out;
5326     } else if (argc - optind == 1) {
5327         filename = argv[optind];
5328     }
5329 
5330     if (!filename && (image_opts || fmt || snapshot_name || sn_opts)) {
5331         error_report("--image-opts, -f, and -l require a filename argument.");
5332         goto out;
5333     }
5334     if (filename && img_size != UINT64_MAX) {
5335         error_report("--size N cannot be used together with a filename.");
5336         goto out;
5337     }
5338     if (!filename && img_size == UINT64_MAX) {
5339         error_report("Either --size N or one filename must be specified.");
5340         goto out;
5341     }
5342 
5343     if (filename) {
5344         in_blk = img_open(image_opts, filename, fmt, 0,
5345                           false, false, force_share);
5346         if (!in_blk) {
5347             goto out;
5348         }
5349 
5350         if (sn_opts) {
5351             bdrv_snapshot_load_tmp(blk_bs(in_blk),
5352                     qemu_opt_get(sn_opts, SNAPSHOT_OPT_ID),
5353                     qemu_opt_get(sn_opts, SNAPSHOT_OPT_NAME),
5354                     &local_err);
5355         } else if (snapshot_name != NULL) {
5356             bdrv_snapshot_load_tmp_by_id_or_name(blk_bs(in_blk),
5357                     snapshot_name, &local_err);
5358         }
5359         if (local_err) {
5360             error_reportf_err(local_err, "Failed to load snapshot: ");
5361             goto out;
5362         }
5363     }
5364 
5365     drv = bdrv_find_format(out_fmt);
5366     if (!drv) {
5367         error_report("Unknown file format '%s'", out_fmt);
5368         goto out;
5369     }
5370     if (!drv->create_opts) {
5371         error_report("Format driver '%s' does not support image creation",
5372                      drv->format_name);
5373         goto out;
5374     }
5375 
5376     create_opts = qemu_opts_append(create_opts, drv->create_opts);
5377     create_opts = qemu_opts_append(create_opts, bdrv_file.create_opts);
5378     opts = qemu_opts_create(create_opts, NULL, 0, &error_abort);
5379     if (options) {
5380         if (!qemu_opts_do_parse(opts, options, NULL, &local_err)) {
5381             error_report_err(local_err);
5382             error_report("Invalid options for file format '%s'", out_fmt);
5383             goto out;
5384         }
5385     }
5386     if (img_size != UINT64_MAX) {
5387         qemu_opt_set_number(opts, BLOCK_OPT_SIZE, img_size, &error_abort);
5388     }
5389 
5390     info = bdrv_measure(drv, opts, in_blk ? blk_bs(in_blk) : NULL, &local_err);
5391     if (local_err) {
5392         error_report_err(local_err);
5393         goto out;
5394     }
5395 
5396     if (output_format == OFORMAT_HUMAN) {
5397         printf("required size: %" PRIu64 "\n", info->required);
5398         printf("fully allocated size: %" PRIu64 "\n", info->fully_allocated);
5399         if (info->has_bitmaps) {
5400             printf("bitmaps size: %" PRIu64 "\n", info->bitmaps);
5401         }
5402     } else {
5403         dump_json_block_measure_info(info);
5404     }
5405 
5406     ret = 0;
5407 
5408 out:
5409     qapi_free_BlockMeasureInfo(info);
5410     qemu_opts_del(object_opts);
5411     qemu_opts_del(opts);
5412     qemu_opts_del(sn_opts);
5413     qemu_opts_free(create_opts);
5414     g_free(options);
5415     blk_unref(in_blk);
5416     return ret;
5417 }
5418 
5419 static const img_cmd_t img_cmds[] = {
5420 #define DEF(option, callback, arg_string)        \
5421     { option, callback },
5422 #include "qemu-img-cmds.h"
5423 #undef DEF
5424     { NULL, NULL, },
5425 };
5426 
5427 int main(int argc, char **argv)
5428 {
5429     const img_cmd_t *cmd;
5430     const char *cmdname;
5431     Error *local_error = NULL;
5432     char *trace_file = NULL;
5433     int c;
5434     static const struct option long_options[] = {
5435         {"help", no_argument, 0, 'h'},
5436         {"version", no_argument, 0, 'V'},
5437         {"trace", required_argument, NULL, 'T'},
5438         {0, 0, 0, 0}
5439     };
5440 
5441 #ifdef CONFIG_POSIX
5442     signal(SIGPIPE, SIG_IGN);
5443 #endif
5444 
5445     socket_init();
5446     error_init(argv[0]);
5447     module_call_init(MODULE_INIT_TRACE);
5448     qemu_init_exec_dir(argv[0]);
5449 
5450     if (qemu_init_main_loop(&local_error)) {
5451         error_report_err(local_error);
5452         exit(EXIT_FAILURE);
5453     }
5454 
5455     qcrypto_init(&error_fatal);
5456 
5457     module_call_init(MODULE_INIT_QOM);
5458     bdrv_init();
5459     if (argc < 2) {
5460         error_exit("Not enough arguments");
5461     }
5462 
5463     qemu_add_opts(&qemu_object_opts);
5464     qemu_add_opts(&qemu_source_opts);
5465     qemu_add_opts(&qemu_trace_opts);
5466 
5467     while ((c = getopt_long(argc, argv, "+:hVT:", long_options, NULL)) != -1) {
5468         switch (c) {
5469         case ':':
5470             missing_argument(argv[optind - 1]);
5471             return 0;
5472         case '?':
5473             unrecognized_option(argv[optind - 1]);
5474             return 0;
5475         case 'h':
5476             help();
5477             return 0;
5478         case 'V':
5479             printf(QEMU_IMG_VERSION);
5480             return 0;
5481         case 'T':
5482             g_free(trace_file);
5483             trace_file = trace_opt_parse(optarg);
5484             break;
5485         }
5486     }
5487 
5488     cmdname = argv[optind];
5489 
5490     /* reset getopt_long scanning */
5491     argc -= optind;
5492     if (argc < 1) {
5493         return 0;
5494     }
5495     argv += optind;
5496     qemu_reset_optind();
5497 
5498     if (!trace_init_backends()) {
5499         exit(1);
5500     }
5501     trace_init_file(trace_file);
5502     qemu_set_log(LOG_TRACE);
5503 
5504     /* find the command */
5505     for (cmd = img_cmds; cmd->name != NULL; cmd++) {
5506         if (!strcmp(cmdname, cmd->name)) {
5507             return cmd->handler(argc, argv);
5508         }
5509     }
5510 
5511     /* not found */
5512     error_exit("Command not found: %s", cmdname);
5513 }
5514