xref: /openbmc/qemu/qemu-img.c (revision c5a5839856119a3644dcc0775a046ed0ee3081c3)
1 /*
2  * QEMU disk image utility
3  *
4  * Copyright (c) 2003-2008 Fabrice Bellard
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 
25 #include "qemu/osdep.h"
26 #include <getopt.h>
27 
28 #include "qemu-common.h"
29 #include "qemu-version.h"
30 #include "qapi/error.h"
31 #include "qapi/qapi-commands-block-core.h"
32 #include "qapi/qapi-visit-block-core.h"
33 #include "qapi/qobject-output-visitor.h"
34 #include "qapi/qmp/qjson.h"
35 #include "qapi/qmp/qdict.h"
36 #include "qapi/qmp/qstring.h"
37 #include "qemu/cutils.h"
38 #include "qemu/config-file.h"
39 #include "qemu/option.h"
40 #include "qemu/error-report.h"
41 #include "qemu/log.h"
42 #include "qemu/main-loop.h"
43 #include "qemu/module.h"
44 #include "qemu/units.h"
45 #include "qom/object_interfaces.h"
46 #include "sysemu/block-backend.h"
47 #include "block/block_int.h"
48 #include "block/blockjob.h"
49 #include "block/qapi.h"
50 #include "crypto/init.h"
51 #include "trace/control.h"
52 
53 #define QEMU_IMG_VERSION "qemu-img version " QEMU_FULL_VERSION \
54                           "\n" QEMU_COPYRIGHT "\n"
55 
56 typedef struct img_cmd_t {
57     const char *name;
58     int (*handler)(int argc, char **argv);
59 } img_cmd_t;
60 
61 enum {
62     OPTION_OUTPUT = 256,
63     OPTION_BACKING_CHAIN = 257,
64     OPTION_OBJECT = 258,
65     OPTION_IMAGE_OPTS = 259,
66     OPTION_PATTERN = 260,
67     OPTION_FLUSH_INTERVAL = 261,
68     OPTION_NO_DRAIN = 262,
69     OPTION_TARGET_IMAGE_OPTS = 263,
70     OPTION_SIZE = 264,
71     OPTION_PREALLOCATION = 265,
72     OPTION_SHRINK = 266,
73     OPTION_SALVAGE = 267,
74     OPTION_TARGET_IS_ZERO = 268,
75     OPTION_ADD = 269,
76     OPTION_REMOVE = 270,
77     OPTION_CLEAR = 271,
78     OPTION_ENABLE = 272,
79     OPTION_DISABLE = 273,
80     OPTION_MERGE = 274,
81     OPTION_BITMAPS = 275,
82 };
83 
84 typedef enum OutputFormat {
85     OFORMAT_JSON,
86     OFORMAT_HUMAN,
87 } OutputFormat;
88 
89 /* Default to cache=writeback as data integrity is not important for qemu-img */
90 #define BDRV_DEFAULT_CACHE "writeback"
91 
92 static void format_print(void *opaque, const char *name)
93 {
94     printf(" %s", name);
95 }
96 
97 static void QEMU_NORETURN GCC_FMT_ATTR(1, 2) error_exit(const char *fmt, ...)
98 {
99     va_list ap;
100 
101     va_start(ap, fmt);
102     error_vreport(fmt, ap);
103     va_end(ap);
104 
105     error_printf("Try 'qemu-img --help' for more information\n");
106     exit(EXIT_FAILURE);
107 }
108 
109 static void QEMU_NORETURN missing_argument(const char *option)
110 {
111     error_exit("missing argument for option '%s'", option);
112 }
113 
114 static void QEMU_NORETURN unrecognized_option(const char *option)
115 {
116     error_exit("unrecognized option '%s'", option);
117 }
118 
119 /* Please keep in synch with docs/tools/qemu-img.rst */
120 static void QEMU_NORETURN help(void)
121 {
122     const char *help_msg =
123            QEMU_IMG_VERSION
124            "usage: qemu-img [standard options] command [command options]\n"
125            "QEMU disk image utility\n"
126            "\n"
127            "    '-h', '--help'       display this help and exit\n"
128            "    '-V', '--version'    output version information and exit\n"
129            "    '-T', '--trace'      [[enable=]<pattern>][,events=<file>][,file=<file>]\n"
130            "                         specify tracing options\n"
131            "\n"
132            "Command syntax:\n"
133 #define DEF(option, callback, arg_string)        \
134            "  " arg_string "\n"
135 #include "qemu-img-cmds.h"
136 #undef DEF
137            "\n"
138            "Command parameters:\n"
139            "  'filename' is a disk image filename\n"
140            "  'objectdef' is a QEMU user creatable object definition. See the qemu(1)\n"
141            "    manual page for a description of the object properties. The most common\n"
142            "    object type is a 'secret', which is used to supply passwords and/or\n"
143            "    encryption keys.\n"
144            "  'fmt' is the disk image format. It is guessed automatically in most cases\n"
145            "  'cache' is the cache mode used to write the output disk image, the valid\n"
146            "    options are: 'none', 'writeback' (default, except for convert), 'writethrough',\n"
147            "    'directsync' and 'unsafe' (default for convert)\n"
148            "  'src_cache' is the cache mode used to read input disk images, the valid\n"
149            "    options are the same as for the 'cache' option\n"
150            "  'size' is the disk image size in bytes. Optional suffixes\n"
151            "    'k' or 'K' (kilobyte, 1024), 'M' (megabyte, 1024k), 'G' (gigabyte, 1024M),\n"
152            "    'T' (terabyte, 1024G), 'P' (petabyte, 1024T) and 'E' (exabyte, 1024P)  are\n"
153            "    supported. 'b' is ignored.\n"
154            "  'output_filename' is the destination disk image filename\n"
155            "  'output_fmt' is the destination format\n"
156            "  'options' is a comma separated list of format specific options in a\n"
157            "    name=value format. Use -o ? for an overview of the options supported by the\n"
158            "    used format\n"
159            "  'snapshot_param' is param used for internal snapshot, format\n"
160            "    is 'snapshot.id=[ID],snapshot.name=[NAME]', or\n"
161            "    '[ID_OR_NAME]'\n"
162            "  '-c' indicates that target image must be compressed (qcow format only)\n"
163            "  '-u' allows unsafe backing chains. For rebasing, it is assumed that old and\n"
164            "       new backing file match exactly. The image doesn't need a working\n"
165            "       backing file before rebasing in this case (useful for renaming the\n"
166            "       backing file). For image creation, allow creating without attempting\n"
167            "       to open the backing file.\n"
168            "  '-h' with or without a command shows this help and lists the supported formats\n"
169            "  '-p' show progress of command (only certain commands)\n"
170            "  '-q' use Quiet mode - do not print any output (except errors)\n"
171            "  '-S' indicates the consecutive number of bytes (defaults to 4k) that must\n"
172            "       contain only zeros for qemu-img to create a sparse image during\n"
173            "       conversion. If the number of bytes is 0, the source will not be scanned for\n"
174            "       unallocated or zero sectors, and the destination image will always be\n"
175            "       fully allocated\n"
176            "  '--output' takes the format in which the output must be done (human or json)\n"
177            "  '-n' skips the target volume creation (useful if the volume is created\n"
178            "       prior to running qemu-img)\n"
179            "\n"
180            "Parameters to bitmap subcommand:\n"
181            "  'bitmap' is the name of the bitmap to manipulate, through one or more\n"
182            "       actions from '--add', '--remove', '--clear', '--enable', '--disable',\n"
183            "       or '--merge source'\n"
184            "  '-g granularity' sets the granularity for '--add' actions\n"
185            "  '-b source' and '-F src_fmt' tell '--merge' actions to find the source\n"
186            "       bitmaps from an alternative file\n"
187            "\n"
188            "Parameters to check subcommand:\n"
189            "  '-r' tries to repair any inconsistencies that are found during the check.\n"
190            "       '-r leaks' repairs only cluster leaks, whereas '-r all' fixes all\n"
191            "       kinds of errors, with a higher risk of choosing the wrong fix or\n"
192            "       hiding corruption that has already occurred.\n"
193            "\n"
194            "Parameters to convert subcommand:\n"
195            "  '--bitmaps' copies all top-level persistent bitmaps to destination\n"
196            "  '-m' specifies how many coroutines work in parallel during the convert\n"
197            "       process (defaults to 8)\n"
198            "  '-W' allow to write to the target out of order rather than sequential\n"
199            "\n"
200            "Parameters to snapshot subcommand:\n"
201            "  'snapshot' is the name of the snapshot to create, apply or delete\n"
202            "  '-a' applies a snapshot (revert disk to saved state)\n"
203            "  '-c' creates a snapshot\n"
204            "  '-d' deletes a snapshot\n"
205            "  '-l' lists all snapshots in the given image\n"
206            "\n"
207            "Parameters to compare subcommand:\n"
208            "  '-f' first image format\n"
209            "  '-F' second image format\n"
210            "  '-s' run in Strict mode - fail on different image size or sector allocation\n"
211            "\n"
212            "Parameters to dd subcommand:\n"
213            "  'bs=BYTES' read and write up to BYTES bytes at a time "
214            "(default: 512)\n"
215            "  'count=N' copy only N input blocks\n"
216            "  'if=FILE' read from FILE\n"
217            "  'of=FILE' write to FILE\n"
218            "  'skip=N' skip N bs-sized blocks at the start of input\n";
219 
220     printf("%s\nSupported formats:", help_msg);
221     bdrv_iterate_format(format_print, NULL, false);
222     printf("\n\n" QEMU_HELP_BOTTOM "\n");
223     exit(EXIT_SUCCESS);
224 }
225 
226 static QemuOptsList qemu_object_opts = {
227     .name = "object",
228     .implied_opt_name = "qom-type",
229     .head = QTAILQ_HEAD_INITIALIZER(qemu_object_opts.head),
230     .desc = {
231         { }
232     },
233 };
234 
235 static bool qemu_img_object_print_help(const char *type, QemuOpts *opts)
236 {
237     if (user_creatable_print_help(type, opts)) {
238         exit(0);
239     }
240     return true;
241 }
242 
243 /*
244  * Is @optarg safe for accumulate_options()?
245  * It is when multiple of them can be joined together separated by ','.
246  * To make that work, @optarg must not start with ',' (or else a
247  * separating ',' preceding it gets escaped), and it must not end with
248  * an odd number of ',' (or else a separating ',' following it gets
249  * escaped), or be empty (or else a separating ',' preceding it can
250  * escape a separating ',' following it).
251  *
252  */
253 static bool is_valid_option_list(const char *optarg)
254 {
255     size_t len = strlen(optarg);
256     size_t i;
257 
258     if (!optarg[0] || optarg[0] == ',') {
259         return false;
260     }
261 
262     for (i = len; i > 0 && optarg[i - 1] == ','; i--) {
263     }
264     if ((len - i) % 2) {
265         return false;
266     }
267 
268     return true;
269 }
270 
271 static int accumulate_options(char **options, char *optarg)
272 {
273     char *new_options;
274 
275     if (!is_valid_option_list(optarg)) {
276         error_report("Invalid option list: %s", optarg);
277         return -1;
278     }
279 
280     if (!*options) {
281         *options = g_strdup(optarg);
282     } else {
283         new_options = g_strdup_printf("%s,%s", *options, optarg);
284         g_free(*options);
285         *options = new_options;
286     }
287     return 0;
288 }
289 
290 static QemuOptsList qemu_source_opts = {
291     .name = "source",
292     .implied_opt_name = "file",
293     .head = QTAILQ_HEAD_INITIALIZER(qemu_source_opts.head),
294     .desc = {
295         { }
296     },
297 };
298 
299 static int GCC_FMT_ATTR(2, 3) qprintf(bool quiet, const char *fmt, ...)
300 {
301     int ret = 0;
302     if (!quiet) {
303         va_list args;
304         va_start(args, fmt);
305         ret = vprintf(fmt, args);
306         va_end(args);
307     }
308     return ret;
309 }
310 
311 
312 static int print_block_option_help(const char *filename, const char *fmt)
313 {
314     BlockDriver *drv, *proto_drv;
315     QemuOptsList *create_opts = NULL;
316     Error *local_err = NULL;
317 
318     /* Find driver and parse its options */
319     drv = bdrv_find_format(fmt);
320     if (!drv) {
321         error_report("Unknown file format '%s'", fmt);
322         return 1;
323     }
324 
325     if (!drv->create_opts) {
326         error_report("Format driver '%s' does not support image creation", fmt);
327         return 1;
328     }
329 
330     create_opts = qemu_opts_append(create_opts, drv->create_opts);
331     if (filename) {
332         proto_drv = bdrv_find_protocol(filename, true, &local_err);
333         if (!proto_drv) {
334             error_report_err(local_err);
335             qemu_opts_free(create_opts);
336             return 1;
337         }
338         if (!proto_drv->create_opts) {
339             error_report("Protocol driver '%s' does not support image creation",
340                          proto_drv->format_name);
341             qemu_opts_free(create_opts);
342             return 1;
343         }
344         create_opts = qemu_opts_append(create_opts, proto_drv->create_opts);
345     }
346 
347     if (filename) {
348         printf("Supported options:\n");
349     } else {
350         printf("Supported %s options:\n", fmt);
351     }
352     qemu_opts_print_help(create_opts, false);
353     qemu_opts_free(create_opts);
354 
355     if (!filename) {
356         printf("\n"
357                "The protocol level may support further options.\n"
358                "Specify the target filename to include those options.\n");
359     }
360 
361     return 0;
362 }
363 
364 
365 static BlockBackend *img_open_opts(const char *optstr,
366                                    QemuOpts *opts, int flags, bool writethrough,
367                                    bool quiet, bool force_share)
368 {
369     QDict *options;
370     Error *local_err = NULL;
371     BlockBackend *blk;
372     options = qemu_opts_to_qdict(opts, NULL);
373     if (force_share) {
374         if (qdict_haskey(options, BDRV_OPT_FORCE_SHARE)
375             && strcmp(qdict_get_str(options, BDRV_OPT_FORCE_SHARE), "on")) {
376             error_report("--force-share/-U conflicts with image options");
377             qobject_unref(options);
378             return NULL;
379         }
380         qdict_put_str(options, BDRV_OPT_FORCE_SHARE, "on");
381     }
382     blk = blk_new_open(NULL, NULL, options, flags, &local_err);
383     if (!blk) {
384         error_reportf_err(local_err, "Could not open '%s': ", optstr);
385         return NULL;
386     }
387     blk_set_enable_write_cache(blk, !writethrough);
388 
389     return blk;
390 }
391 
392 static BlockBackend *img_open_file(const char *filename,
393                                    QDict *options,
394                                    const char *fmt, int flags,
395                                    bool writethrough, bool quiet,
396                                    bool force_share)
397 {
398     BlockBackend *blk;
399     Error *local_err = NULL;
400 
401     if (!options) {
402         options = qdict_new();
403     }
404     if (fmt) {
405         qdict_put_str(options, "driver", fmt);
406     }
407 
408     if (force_share) {
409         qdict_put_bool(options, BDRV_OPT_FORCE_SHARE, true);
410     }
411     blk = blk_new_open(filename, NULL, options, flags, &local_err);
412     if (!blk) {
413         error_reportf_err(local_err, "Could not open '%s': ", filename);
414         return NULL;
415     }
416     blk_set_enable_write_cache(blk, !writethrough);
417 
418     return blk;
419 }
420 
421 
422 static int img_add_key_secrets(void *opaque,
423                                const char *name, const char *value,
424                                Error **errp)
425 {
426     QDict *options = opaque;
427 
428     if (g_str_has_suffix(name, "key-secret")) {
429         qdict_put_str(options, name, value);
430     }
431 
432     return 0;
433 }
434 
435 
436 static BlockBackend *img_open(bool image_opts,
437                               const char *filename,
438                               const char *fmt, int flags, bool writethrough,
439                               bool quiet, bool force_share)
440 {
441     BlockBackend *blk;
442     if (image_opts) {
443         QemuOpts *opts;
444         if (fmt) {
445             error_report("--image-opts and --format are mutually exclusive");
446             return NULL;
447         }
448         opts = qemu_opts_parse_noisily(qemu_find_opts("source"),
449                                        filename, true);
450         if (!opts) {
451             return NULL;
452         }
453         blk = img_open_opts(filename, opts, flags, writethrough, quiet,
454                             force_share);
455     } else {
456         blk = img_open_file(filename, NULL, fmt, flags, writethrough, quiet,
457                             force_share);
458     }
459     return blk;
460 }
461 
462 
463 static int add_old_style_options(const char *fmt, QemuOpts *opts,
464                                  const char *base_filename,
465                                  const char *base_fmt)
466 {
467     Error *err = NULL;
468 
469     if (base_filename) {
470         qemu_opt_set(opts, BLOCK_OPT_BACKING_FILE, base_filename, &err);
471         if (err) {
472             error_report("Backing file not supported for file format '%s'",
473                          fmt);
474             error_free(err);
475             return -1;
476         }
477     }
478     if (base_fmt) {
479         qemu_opt_set(opts, BLOCK_OPT_BACKING_FMT, base_fmt, &err);
480         if (err) {
481             error_report("Backing file format not supported for file "
482                          "format '%s'", fmt);
483             error_free(err);
484             return -1;
485         }
486     }
487     return 0;
488 }
489 
490 static int64_t cvtnum_full(const char *name, const char *value, int64_t min,
491                            int64_t max)
492 {
493     int err;
494     uint64_t res;
495 
496     err = qemu_strtosz(value, NULL, &res);
497     if (err < 0 && err != -ERANGE) {
498         error_report("Invalid %s specified. You may use "
499                      "k, M, G, T, P or E suffixes for", name);
500         error_report("kilobytes, megabytes, gigabytes, terabytes, "
501                      "petabytes and exabytes.");
502         return err;
503     }
504     if (err == -ERANGE || res > max || res < min) {
505         error_report("Invalid %s specified. Must be between %" PRId64
506                      " and %" PRId64 ".", name, min, max);
507         return -ERANGE;
508     }
509     return res;
510 }
511 
512 static int64_t cvtnum(const char *name, const char *value)
513 {
514     return cvtnum_full(name, value, 0, INT64_MAX);
515 }
516 
517 static int img_create(int argc, char **argv)
518 {
519     int c;
520     uint64_t img_size = -1;
521     const char *fmt = "raw";
522     const char *base_fmt = NULL;
523     const char *filename;
524     const char *base_filename = NULL;
525     char *options = NULL;
526     Error *local_err = NULL;
527     bool quiet = false;
528     int flags = 0;
529 
530     for(;;) {
531         static const struct option long_options[] = {
532             {"help", no_argument, 0, 'h'},
533             {"object", required_argument, 0, OPTION_OBJECT},
534             {0, 0, 0, 0}
535         };
536         c = getopt_long(argc, argv, ":F:b:f:ho:qu",
537                         long_options, NULL);
538         if (c == -1) {
539             break;
540         }
541         switch(c) {
542         case ':':
543             missing_argument(argv[optind - 1]);
544             break;
545         case '?':
546             unrecognized_option(argv[optind - 1]);
547             break;
548         case 'h':
549             help();
550             break;
551         case 'F':
552             base_fmt = optarg;
553             break;
554         case 'b':
555             base_filename = optarg;
556             break;
557         case 'f':
558             fmt = optarg;
559             break;
560         case 'o':
561             if (accumulate_options(&options, optarg) < 0) {
562                 goto fail;
563             }
564             break;
565         case 'q':
566             quiet = true;
567             break;
568         case 'u':
569             flags |= BDRV_O_NO_BACKING;
570             break;
571         case OPTION_OBJECT: {
572             QemuOpts *opts;
573             opts = qemu_opts_parse_noisily(&qemu_object_opts,
574                                            optarg, true);
575             if (!opts) {
576                 goto fail;
577             }
578         }   break;
579         }
580     }
581 
582     /* Get the filename */
583     filename = (optind < argc) ? argv[optind] : NULL;
584     if (options && has_help_option(options)) {
585         g_free(options);
586         return print_block_option_help(filename, fmt);
587     }
588 
589     if (optind >= argc) {
590         error_exit("Expecting image file name");
591     }
592     optind++;
593 
594     if (qemu_opts_foreach(&qemu_object_opts,
595                           user_creatable_add_opts_foreach,
596                           qemu_img_object_print_help, &error_fatal)) {
597         goto fail;
598     }
599 
600     /* Get image size, if specified */
601     if (optind < argc) {
602         int64_t sval;
603 
604         sval = cvtnum("image size", argv[optind++]);
605         if (sval < 0) {
606             goto fail;
607         }
608         img_size = (uint64_t)sval;
609     }
610     if (optind != argc) {
611         error_exit("Unexpected argument: %s", argv[optind]);
612     }
613 
614     bdrv_img_create(filename, fmt, base_filename, base_fmt,
615                     options, img_size, flags, quiet, &local_err);
616     if (local_err) {
617         error_reportf_err(local_err, "%s: ", filename);
618         goto fail;
619     }
620 
621     g_free(options);
622     return 0;
623 
624 fail:
625     g_free(options);
626     return 1;
627 }
628 
629 static void dump_json_image_check(ImageCheck *check, bool quiet)
630 {
631     QString *str;
632     QObject *obj;
633     Visitor *v = qobject_output_visitor_new(&obj);
634 
635     visit_type_ImageCheck(v, NULL, &check, &error_abort);
636     visit_complete(v, &obj);
637     str = qobject_to_json_pretty(obj);
638     assert(str != NULL);
639     qprintf(quiet, "%s\n", qstring_get_str(str));
640     qobject_unref(obj);
641     visit_free(v);
642     qobject_unref(str);
643 }
644 
645 static void dump_human_image_check(ImageCheck *check, bool quiet)
646 {
647     if (!(check->corruptions || check->leaks || check->check_errors)) {
648         qprintf(quiet, "No errors were found on the image.\n");
649     } else {
650         if (check->corruptions) {
651             qprintf(quiet, "\n%" PRId64 " errors were found on the image.\n"
652                     "Data may be corrupted, or further writes to the image "
653                     "may corrupt it.\n",
654                     check->corruptions);
655         }
656 
657         if (check->leaks) {
658             qprintf(quiet,
659                     "\n%" PRId64 " leaked clusters were found on the image.\n"
660                     "This means waste of disk space, but no harm to data.\n",
661                     check->leaks);
662         }
663 
664         if (check->check_errors) {
665             qprintf(quiet,
666                     "\n%" PRId64
667                     " internal errors have occurred during the check.\n",
668                     check->check_errors);
669         }
670     }
671 
672     if (check->total_clusters != 0 && check->allocated_clusters != 0) {
673         qprintf(quiet, "%" PRId64 "/%" PRId64 " = %0.2f%% allocated, "
674                 "%0.2f%% fragmented, %0.2f%% compressed clusters\n",
675                 check->allocated_clusters, check->total_clusters,
676                 check->allocated_clusters * 100.0 / check->total_clusters,
677                 check->fragmented_clusters * 100.0 / check->allocated_clusters,
678                 check->compressed_clusters * 100.0 /
679                 check->allocated_clusters);
680     }
681 
682     if (check->image_end_offset) {
683         qprintf(quiet,
684                 "Image end offset: %" PRId64 "\n", check->image_end_offset);
685     }
686 }
687 
688 static int collect_image_check(BlockDriverState *bs,
689                    ImageCheck *check,
690                    const char *filename,
691                    const char *fmt,
692                    int fix)
693 {
694     int ret;
695     BdrvCheckResult result;
696 
697     ret = bdrv_check(bs, &result, fix);
698     if (ret < 0) {
699         return ret;
700     }
701 
702     check->filename                 = g_strdup(filename);
703     check->format                   = g_strdup(bdrv_get_format_name(bs));
704     check->check_errors             = result.check_errors;
705     check->corruptions              = result.corruptions;
706     check->has_corruptions          = result.corruptions != 0;
707     check->leaks                    = result.leaks;
708     check->has_leaks                = result.leaks != 0;
709     check->corruptions_fixed        = result.corruptions_fixed;
710     check->has_corruptions_fixed    = result.corruptions_fixed != 0;
711     check->leaks_fixed              = result.leaks_fixed;
712     check->has_leaks_fixed          = result.leaks_fixed != 0;
713     check->image_end_offset         = result.image_end_offset;
714     check->has_image_end_offset     = result.image_end_offset != 0;
715     check->total_clusters           = result.bfi.total_clusters;
716     check->has_total_clusters       = result.bfi.total_clusters != 0;
717     check->allocated_clusters       = result.bfi.allocated_clusters;
718     check->has_allocated_clusters   = result.bfi.allocated_clusters != 0;
719     check->fragmented_clusters      = result.bfi.fragmented_clusters;
720     check->has_fragmented_clusters  = result.bfi.fragmented_clusters != 0;
721     check->compressed_clusters      = result.bfi.compressed_clusters;
722     check->has_compressed_clusters  = result.bfi.compressed_clusters != 0;
723 
724     return 0;
725 }
726 
727 /*
728  * Checks an image for consistency. Exit codes:
729  *
730  *  0 - Check completed, image is good
731  *  1 - Check not completed because of internal errors
732  *  2 - Check completed, image is corrupted
733  *  3 - Check completed, image has leaked clusters, but is good otherwise
734  * 63 - Checks are not supported by the image format
735  */
736 static int img_check(int argc, char **argv)
737 {
738     int c, ret;
739     OutputFormat output_format = OFORMAT_HUMAN;
740     const char *filename, *fmt, *output, *cache;
741     BlockBackend *blk;
742     BlockDriverState *bs;
743     int fix = 0;
744     int flags = BDRV_O_CHECK;
745     bool writethrough;
746     ImageCheck *check;
747     bool quiet = false;
748     bool image_opts = false;
749     bool force_share = false;
750 
751     fmt = NULL;
752     output = NULL;
753     cache = BDRV_DEFAULT_CACHE;
754 
755     for(;;) {
756         int option_index = 0;
757         static const struct option long_options[] = {
758             {"help", no_argument, 0, 'h'},
759             {"format", required_argument, 0, 'f'},
760             {"repair", required_argument, 0, 'r'},
761             {"output", required_argument, 0, OPTION_OUTPUT},
762             {"object", required_argument, 0, OPTION_OBJECT},
763             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
764             {"force-share", no_argument, 0, 'U'},
765             {0, 0, 0, 0}
766         };
767         c = getopt_long(argc, argv, ":hf:r:T:qU",
768                         long_options, &option_index);
769         if (c == -1) {
770             break;
771         }
772         switch(c) {
773         case ':':
774             missing_argument(argv[optind - 1]);
775             break;
776         case '?':
777             unrecognized_option(argv[optind - 1]);
778             break;
779         case 'h':
780             help();
781             break;
782         case 'f':
783             fmt = optarg;
784             break;
785         case 'r':
786             flags |= BDRV_O_RDWR;
787 
788             if (!strcmp(optarg, "leaks")) {
789                 fix = BDRV_FIX_LEAKS;
790             } else if (!strcmp(optarg, "all")) {
791                 fix = BDRV_FIX_LEAKS | BDRV_FIX_ERRORS;
792             } else {
793                 error_exit("Unknown option value for -r "
794                            "(expecting 'leaks' or 'all'): %s", optarg);
795             }
796             break;
797         case OPTION_OUTPUT:
798             output = optarg;
799             break;
800         case 'T':
801             cache = optarg;
802             break;
803         case 'q':
804             quiet = true;
805             break;
806         case 'U':
807             force_share = true;
808             break;
809         case OPTION_OBJECT: {
810             QemuOpts *opts;
811             opts = qemu_opts_parse_noisily(&qemu_object_opts,
812                                            optarg, true);
813             if (!opts) {
814                 return 1;
815             }
816         }   break;
817         case OPTION_IMAGE_OPTS:
818             image_opts = true;
819             break;
820         }
821     }
822     if (optind != argc - 1) {
823         error_exit("Expecting one image file name");
824     }
825     filename = argv[optind++];
826 
827     if (output && !strcmp(output, "json")) {
828         output_format = OFORMAT_JSON;
829     } else if (output && !strcmp(output, "human")) {
830         output_format = OFORMAT_HUMAN;
831     } else if (output) {
832         error_report("--output must be used with human or json as argument.");
833         return 1;
834     }
835 
836     if (qemu_opts_foreach(&qemu_object_opts,
837                           user_creatable_add_opts_foreach,
838                           qemu_img_object_print_help, &error_fatal)) {
839         return 1;
840     }
841 
842     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
843     if (ret < 0) {
844         error_report("Invalid source cache option: %s", cache);
845         return 1;
846     }
847 
848     blk = img_open(image_opts, filename, fmt, flags, writethrough, quiet,
849                    force_share);
850     if (!blk) {
851         return 1;
852     }
853     bs = blk_bs(blk);
854 
855     check = g_new0(ImageCheck, 1);
856     ret = collect_image_check(bs, check, filename, fmt, fix);
857 
858     if (ret == -ENOTSUP) {
859         error_report("This image format does not support checks");
860         ret = 63;
861         goto fail;
862     }
863 
864     if (check->corruptions_fixed || check->leaks_fixed) {
865         int corruptions_fixed, leaks_fixed;
866         bool has_leaks_fixed, has_corruptions_fixed;
867 
868         leaks_fixed         = check->leaks_fixed;
869         has_leaks_fixed     = check->has_leaks_fixed;
870         corruptions_fixed   = check->corruptions_fixed;
871         has_corruptions_fixed = check->has_corruptions_fixed;
872 
873         if (output_format == OFORMAT_HUMAN) {
874             qprintf(quiet,
875                     "The following inconsistencies were found and repaired:\n\n"
876                     "    %" PRId64 " leaked clusters\n"
877                     "    %" PRId64 " corruptions\n\n"
878                     "Double checking the fixed image now...\n",
879                     check->leaks_fixed,
880                     check->corruptions_fixed);
881         }
882 
883         qapi_free_ImageCheck(check);
884         check = g_new0(ImageCheck, 1);
885         ret = collect_image_check(bs, check, filename, fmt, 0);
886 
887         check->leaks_fixed          = leaks_fixed;
888         check->has_leaks_fixed      = has_leaks_fixed;
889         check->corruptions_fixed    = corruptions_fixed;
890         check->has_corruptions_fixed = has_corruptions_fixed;
891     }
892 
893     if (!ret) {
894         switch (output_format) {
895         case OFORMAT_HUMAN:
896             dump_human_image_check(check, quiet);
897             break;
898         case OFORMAT_JSON:
899             dump_json_image_check(check, quiet);
900             break;
901         }
902     }
903 
904     if (ret || check->check_errors) {
905         if (ret) {
906             error_report("Check failed: %s", strerror(-ret));
907         } else {
908             error_report("Check failed");
909         }
910         ret = 1;
911         goto fail;
912     }
913 
914     if (check->corruptions) {
915         ret = 2;
916     } else if (check->leaks) {
917         ret = 3;
918     } else {
919         ret = 0;
920     }
921 
922 fail:
923     qapi_free_ImageCheck(check);
924     blk_unref(blk);
925     return ret;
926 }
927 
928 typedef struct CommonBlockJobCBInfo {
929     BlockDriverState *bs;
930     Error **errp;
931 } CommonBlockJobCBInfo;
932 
933 static void common_block_job_cb(void *opaque, int ret)
934 {
935     CommonBlockJobCBInfo *cbi = opaque;
936 
937     if (ret < 0) {
938         error_setg_errno(cbi->errp, -ret, "Block job failed");
939     }
940 }
941 
942 static void run_block_job(BlockJob *job, Error **errp)
943 {
944     AioContext *aio_context = blk_get_aio_context(job->blk);
945     int ret = 0;
946 
947     aio_context_acquire(aio_context);
948     job_ref(&job->job);
949     do {
950         float progress = 0.0f;
951         aio_poll(aio_context, true);
952         if (job->job.progress.total) {
953             progress = (float)job->job.progress.current /
954                        job->job.progress.total * 100.f;
955         }
956         qemu_progress_print(progress, 0);
957     } while (!job_is_ready(&job->job) && !job_is_completed(&job->job));
958 
959     if (!job_is_completed(&job->job)) {
960         ret = job_complete_sync(&job->job, errp);
961     } else {
962         ret = job->job.ret;
963     }
964     job_unref(&job->job);
965     aio_context_release(aio_context);
966 
967     /* publish completion progress only when success */
968     if (!ret) {
969         qemu_progress_print(100.f, 0);
970     }
971 }
972 
973 static int img_commit(int argc, char **argv)
974 {
975     int c, ret, flags;
976     const char *filename, *fmt, *cache, *base;
977     BlockBackend *blk;
978     BlockDriverState *bs, *base_bs;
979     BlockJob *job;
980     bool progress = false, quiet = false, drop = false;
981     bool writethrough;
982     Error *local_err = NULL;
983     CommonBlockJobCBInfo cbi;
984     bool image_opts = false;
985     AioContext *aio_context;
986 
987     fmt = NULL;
988     cache = BDRV_DEFAULT_CACHE;
989     base = NULL;
990     for(;;) {
991         static const struct option long_options[] = {
992             {"help", no_argument, 0, 'h'},
993             {"object", required_argument, 0, OPTION_OBJECT},
994             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
995             {0, 0, 0, 0}
996         };
997         c = getopt_long(argc, argv, ":f:ht:b:dpq",
998                         long_options, NULL);
999         if (c == -1) {
1000             break;
1001         }
1002         switch(c) {
1003         case ':':
1004             missing_argument(argv[optind - 1]);
1005             break;
1006         case '?':
1007             unrecognized_option(argv[optind - 1]);
1008             break;
1009         case 'h':
1010             help();
1011             break;
1012         case 'f':
1013             fmt = optarg;
1014             break;
1015         case 't':
1016             cache = optarg;
1017             break;
1018         case 'b':
1019             base = optarg;
1020             /* -b implies -d */
1021             drop = true;
1022             break;
1023         case 'd':
1024             drop = true;
1025             break;
1026         case 'p':
1027             progress = true;
1028             break;
1029         case 'q':
1030             quiet = true;
1031             break;
1032         case OPTION_OBJECT: {
1033             QemuOpts *opts;
1034             opts = qemu_opts_parse_noisily(&qemu_object_opts,
1035                                            optarg, true);
1036             if (!opts) {
1037                 return 1;
1038             }
1039         }   break;
1040         case OPTION_IMAGE_OPTS:
1041             image_opts = true;
1042             break;
1043         }
1044     }
1045 
1046     /* Progress is not shown in Quiet mode */
1047     if (quiet) {
1048         progress = false;
1049     }
1050 
1051     if (optind != argc - 1) {
1052         error_exit("Expecting one image file name");
1053     }
1054     filename = argv[optind++];
1055 
1056     if (qemu_opts_foreach(&qemu_object_opts,
1057                           user_creatable_add_opts_foreach,
1058                           qemu_img_object_print_help, &error_fatal)) {
1059         return 1;
1060     }
1061 
1062     flags = BDRV_O_RDWR | BDRV_O_UNMAP;
1063     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
1064     if (ret < 0) {
1065         error_report("Invalid cache option: %s", cache);
1066         return 1;
1067     }
1068 
1069     blk = img_open(image_opts, filename, fmt, flags, writethrough, quiet,
1070                    false);
1071     if (!blk) {
1072         return 1;
1073     }
1074     bs = blk_bs(blk);
1075 
1076     qemu_progress_init(progress, 1.f);
1077     qemu_progress_print(0.f, 100);
1078 
1079     if (base) {
1080         base_bs = bdrv_find_backing_image(bs, base);
1081         if (!base_bs) {
1082             error_setg(&local_err,
1083                        "Did not find '%s' in the backing chain of '%s'",
1084                        base, filename);
1085             goto done;
1086         }
1087     } else {
1088         /* This is different from QMP, which by default uses the deepest file in
1089          * the backing chain (i.e., the very base); however, the traditional
1090          * behavior of qemu-img commit is using the immediate backing file. */
1091         base_bs = backing_bs(bs);
1092         if (!base_bs) {
1093             error_setg(&local_err, "Image does not have a backing file");
1094             goto done;
1095         }
1096     }
1097 
1098     cbi = (CommonBlockJobCBInfo){
1099         .errp = &local_err,
1100         .bs   = bs,
1101     };
1102 
1103     aio_context = bdrv_get_aio_context(bs);
1104     aio_context_acquire(aio_context);
1105     commit_active_start("commit", bs, base_bs, JOB_DEFAULT, 0,
1106                         BLOCKDEV_ON_ERROR_REPORT, NULL, common_block_job_cb,
1107                         &cbi, false, &local_err);
1108     aio_context_release(aio_context);
1109     if (local_err) {
1110         goto done;
1111     }
1112 
1113     /* When the block job completes, the BlockBackend reference will point to
1114      * the old backing file. In order to avoid that the top image is already
1115      * deleted, so we can still empty it afterwards, increment the reference
1116      * counter here preemptively. */
1117     if (!drop) {
1118         bdrv_ref(bs);
1119     }
1120 
1121     job = block_job_get("commit");
1122     assert(job);
1123     run_block_job(job, &local_err);
1124     if (local_err) {
1125         goto unref_backing;
1126     }
1127 
1128     if (!drop) {
1129         BlockBackend *old_backing_blk;
1130 
1131         old_backing_blk = blk_new_with_bs(bs, BLK_PERM_WRITE, BLK_PERM_ALL,
1132                                           &local_err);
1133         if (!old_backing_blk) {
1134             goto unref_backing;
1135         }
1136         ret = blk_make_empty(old_backing_blk, &local_err);
1137         blk_unref(old_backing_blk);
1138         if (ret == -ENOTSUP) {
1139             error_free(local_err);
1140             local_err = NULL;
1141         } else if (ret < 0) {
1142             goto unref_backing;
1143         }
1144     }
1145 
1146 unref_backing:
1147     if (!drop) {
1148         bdrv_unref(bs);
1149     }
1150 
1151 done:
1152     qemu_progress_end();
1153 
1154     blk_unref(blk);
1155 
1156     if (local_err) {
1157         error_report_err(local_err);
1158         return 1;
1159     }
1160 
1161     qprintf(quiet, "Image committed.\n");
1162     return 0;
1163 }
1164 
1165 /*
1166  * Returns -1 if 'buf' contains only zeroes, otherwise the byte index
1167  * of the first sector boundary within buf where the sector contains a
1168  * non-zero byte.  This function is robust to a buffer that is not
1169  * sector-aligned.
1170  */
1171 static int64_t find_nonzero(const uint8_t *buf, int64_t n)
1172 {
1173     int64_t i;
1174     int64_t end = QEMU_ALIGN_DOWN(n, BDRV_SECTOR_SIZE);
1175 
1176     for (i = 0; i < end; i += BDRV_SECTOR_SIZE) {
1177         if (!buffer_is_zero(buf + i, BDRV_SECTOR_SIZE)) {
1178             return i;
1179         }
1180     }
1181     if (i < n && !buffer_is_zero(buf + i, n - end)) {
1182         return i;
1183     }
1184     return -1;
1185 }
1186 
1187 /*
1188  * Returns true iff the first sector pointed to by 'buf' contains at least
1189  * a non-NUL byte.
1190  *
1191  * 'pnum' is set to the number of sectors (including and immediately following
1192  * the first one) that are known to be in the same allocated/unallocated state.
1193  * The function will try to align the end offset to alignment boundaries so
1194  * that the request will at least end aligned and consequtive requests will
1195  * also start at an aligned offset.
1196  */
1197 static int is_allocated_sectors(const uint8_t *buf, int n, int *pnum,
1198                                 int64_t sector_num, int alignment)
1199 {
1200     bool is_zero;
1201     int i, tail;
1202 
1203     if (n <= 0) {
1204         *pnum = 0;
1205         return 0;
1206     }
1207     is_zero = buffer_is_zero(buf, 512);
1208     for(i = 1; i < n; i++) {
1209         buf += 512;
1210         if (is_zero != buffer_is_zero(buf, 512)) {
1211             break;
1212         }
1213     }
1214 
1215     tail = (sector_num + i) & (alignment - 1);
1216     if (tail) {
1217         if (is_zero && i <= tail) {
1218             /* treat unallocated areas which only consist
1219              * of a small tail as allocated. */
1220             is_zero = false;
1221         }
1222         if (!is_zero) {
1223             /* align up end offset of allocated areas. */
1224             i += alignment - tail;
1225             i = MIN(i, n);
1226         } else {
1227             /* align down end offset of zero areas. */
1228             i -= tail;
1229         }
1230     }
1231     *pnum = i;
1232     return !is_zero;
1233 }
1234 
1235 /*
1236  * Like is_allocated_sectors, but if the buffer starts with a used sector,
1237  * up to 'min' consecutive sectors containing zeros are ignored. This avoids
1238  * breaking up write requests for only small sparse areas.
1239  */
1240 static int is_allocated_sectors_min(const uint8_t *buf, int n, int *pnum,
1241     int min, int64_t sector_num, int alignment)
1242 {
1243     int ret;
1244     int num_checked, num_used;
1245 
1246     if (n < min) {
1247         min = n;
1248     }
1249 
1250     ret = is_allocated_sectors(buf, n, pnum, sector_num, alignment);
1251     if (!ret) {
1252         return ret;
1253     }
1254 
1255     num_used = *pnum;
1256     buf += BDRV_SECTOR_SIZE * *pnum;
1257     n -= *pnum;
1258     sector_num += *pnum;
1259     num_checked = num_used;
1260 
1261     while (n > 0) {
1262         ret = is_allocated_sectors(buf, n, pnum, sector_num, alignment);
1263 
1264         buf += BDRV_SECTOR_SIZE * *pnum;
1265         n -= *pnum;
1266         sector_num += *pnum;
1267         num_checked += *pnum;
1268         if (ret) {
1269             num_used = num_checked;
1270         } else if (*pnum >= min) {
1271             break;
1272         }
1273     }
1274 
1275     *pnum = num_used;
1276     return 1;
1277 }
1278 
1279 /*
1280  * Compares two buffers sector by sector. Returns 0 if the first
1281  * sector of each buffer matches, non-zero otherwise.
1282  *
1283  * pnum is set to the sector-aligned size of the buffer prefix that
1284  * has the same matching status as the first sector.
1285  */
1286 static int compare_buffers(const uint8_t *buf1, const uint8_t *buf2,
1287                            int64_t bytes, int64_t *pnum)
1288 {
1289     bool res;
1290     int64_t i = MIN(bytes, BDRV_SECTOR_SIZE);
1291 
1292     assert(bytes > 0);
1293 
1294     res = !!memcmp(buf1, buf2, i);
1295     while (i < bytes) {
1296         int64_t len = MIN(bytes - i, BDRV_SECTOR_SIZE);
1297 
1298         if (!!memcmp(buf1 + i, buf2 + i, len) != res) {
1299             break;
1300         }
1301         i += len;
1302     }
1303 
1304     *pnum = i;
1305     return res;
1306 }
1307 
1308 #define IO_BUF_SIZE (2 * MiB)
1309 
1310 /*
1311  * Check if passed sectors are empty (not allocated or contain only 0 bytes)
1312  *
1313  * Intended for use by 'qemu-img compare': Returns 0 in case sectors are
1314  * filled with 0, 1 if sectors contain non-zero data (this is a comparison
1315  * failure), and 4 on error (the exit status for read errors), after emitting
1316  * an error message.
1317  *
1318  * @param blk:  BlockBackend for the image
1319  * @param offset: Starting offset to check
1320  * @param bytes: Number of bytes to check
1321  * @param filename: Name of disk file we are checking (logging purpose)
1322  * @param buffer: Allocated buffer for storing read data
1323  * @param quiet: Flag for quiet mode
1324  */
1325 static int check_empty_sectors(BlockBackend *blk, int64_t offset,
1326                                int64_t bytes, const char *filename,
1327                                uint8_t *buffer, bool quiet)
1328 {
1329     int ret = 0;
1330     int64_t idx;
1331 
1332     ret = blk_pread(blk, offset, buffer, bytes);
1333     if (ret < 0) {
1334         error_report("Error while reading offset %" PRId64 " of %s: %s",
1335                      offset, filename, strerror(-ret));
1336         return 4;
1337     }
1338     idx = find_nonzero(buffer, bytes);
1339     if (idx >= 0) {
1340         qprintf(quiet, "Content mismatch at offset %" PRId64 "!\n",
1341                 offset + idx);
1342         return 1;
1343     }
1344 
1345     return 0;
1346 }
1347 
1348 /*
1349  * Compares two images. Exit codes:
1350  *
1351  * 0 - Images are identical
1352  * 1 - Images differ
1353  * >1 - Error occurred
1354  */
1355 static int img_compare(int argc, char **argv)
1356 {
1357     const char *fmt1 = NULL, *fmt2 = NULL, *cache, *filename1, *filename2;
1358     BlockBackend *blk1, *blk2;
1359     BlockDriverState *bs1, *bs2;
1360     int64_t total_size1, total_size2;
1361     uint8_t *buf1 = NULL, *buf2 = NULL;
1362     int64_t pnum1, pnum2;
1363     int allocated1, allocated2;
1364     int ret = 0; /* return value - 0 Ident, 1 Different, >1 Error */
1365     bool progress = false, quiet = false, strict = false;
1366     int flags;
1367     bool writethrough;
1368     int64_t total_size;
1369     int64_t offset = 0;
1370     int64_t chunk;
1371     int c;
1372     uint64_t progress_base;
1373     bool image_opts = false;
1374     bool force_share = false;
1375 
1376     cache = BDRV_DEFAULT_CACHE;
1377     for (;;) {
1378         static const struct option long_options[] = {
1379             {"help", no_argument, 0, 'h'},
1380             {"object", required_argument, 0, OPTION_OBJECT},
1381             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
1382             {"force-share", no_argument, 0, 'U'},
1383             {0, 0, 0, 0}
1384         };
1385         c = getopt_long(argc, argv, ":hf:F:T:pqsU",
1386                         long_options, NULL);
1387         if (c == -1) {
1388             break;
1389         }
1390         switch (c) {
1391         case ':':
1392             missing_argument(argv[optind - 1]);
1393             break;
1394         case '?':
1395             unrecognized_option(argv[optind - 1]);
1396             break;
1397         case 'h':
1398             help();
1399             break;
1400         case 'f':
1401             fmt1 = optarg;
1402             break;
1403         case 'F':
1404             fmt2 = optarg;
1405             break;
1406         case 'T':
1407             cache = optarg;
1408             break;
1409         case 'p':
1410             progress = true;
1411             break;
1412         case 'q':
1413             quiet = true;
1414             break;
1415         case 's':
1416             strict = true;
1417             break;
1418         case 'U':
1419             force_share = true;
1420             break;
1421         case OPTION_OBJECT: {
1422             QemuOpts *opts;
1423             opts = qemu_opts_parse_noisily(&qemu_object_opts,
1424                                            optarg, true);
1425             if (!opts) {
1426                 ret = 2;
1427                 goto out4;
1428             }
1429         }   break;
1430         case OPTION_IMAGE_OPTS:
1431             image_opts = true;
1432             break;
1433         }
1434     }
1435 
1436     /* Progress is not shown in Quiet mode */
1437     if (quiet) {
1438         progress = false;
1439     }
1440 
1441 
1442     if (optind != argc - 2) {
1443         error_exit("Expecting two image file names");
1444     }
1445     filename1 = argv[optind++];
1446     filename2 = argv[optind++];
1447 
1448     if (qemu_opts_foreach(&qemu_object_opts,
1449                           user_creatable_add_opts_foreach,
1450                           qemu_img_object_print_help, &error_fatal)) {
1451         ret = 2;
1452         goto out4;
1453     }
1454 
1455     /* Initialize before goto out */
1456     qemu_progress_init(progress, 2.0);
1457 
1458     flags = 0;
1459     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
1460     if (ret < 0) {
1461         error_report("Invalid source cache option: %s", cache);
1462         ret = 2;
1463         goto out3;
1464     }
1465 
1466     blk1 = img_open(image_opts, filename1, fmt1, flags, writethrough, quiet,
1467                     force_share);
1468     if (!blk1) {
1469         ret = 2;
1470         goto out3;
1471     }
1472 
1473     blk2 = img_open(image_opts, filename2, fmt2, flags, writethrough, quiet,
1474                     force_share);
1475     if (!blk2) {
1476         ret = 2;
1477         goto out2;
1478     }
1479     bs1 = blk_bs(blk1);
1480     bs2 = blk_bs(blk2);
1481 
1482     buf1 = blk_blockalign(blk1, IO_BUF_SIZE);
1483     buf2 = blk_blockalign(blk2, IO_BUF_SIZE);
1484     total_size1 = blk_getlength(blk1);
1485     if (total_size1 < 0) {
1486         error_report("Can't get size of %s: %s",
1487                      filename1, strerror(-total_size1));
1488         ret = 4;
1489         goto out;
1490     }
1491     total_size2 = blk_getlength(blk2);
1492     if (total_size2 < 0) {
1493         error_report("Can't get size of %s: %s",
1494                      filename2, strerror(-total_size2));
1495         ret = 4;
1496         goto out;
1497     }
1498     total_size = MIN(total_size1, total_size2);
1499     progress_base = MAX(total_size1, total_size2);
1500 
1501     qemu_progress_print(0, 100);
1502 
1503     if (strict && total_size1 != total_size2) {
1504         ret = 1;
1505         qprintf(quiet, "Strict mode: Image size mismatch!\n");
1506         goto out;
1507     }
1508 
1509     while (offset < total_size) {
1510         int status1, status2;
1511 
1512         status1 = bdrv_block_status_above(bs1, NULL, offset,
1513                                           total_size1 - offset, &pnum1, NULL,
1514                                           NULL);
1515         if (status1 < 0) {
1516             ret = 3;
1517             error_report("Sector allocation test failed for %s", filename1);
1518             goto out;
1519         }
1520         allocated1 = status1 & BDRV_BLOCK_ALLOCATED;
1521 
1522         status2 = bdrv_block_status_above(bs2, NULL, offset,
1523                                           total_size2 - offset, &pnum2, NULL,
1524                                           NULL);
1525         if (status2 < 0) {
1526             ret = 3;
1527             error_report("Sector allocation test failed for %s", filename2);
1528             goto out;
1529         }
1530         allocated2 = status2 & BDRV_BLOCK_ALLOCATED;
1531 
1532         assert(pnum1 && pnum2);
1533         chunk = MIN(pnum1, pnum2);
1534 
1535         if (strict) {
1536             if (status1 != status2) {
1537                 ret = 1;
1538                 qprintf(quiet, "Strict mode: Offset %" PRId64
1539                         " block status mismatch!\n", offset);
1540                 goto out;
1541             }
1542         }
1543         if ((status1 & BDRV_BLOCK_ZERO) && (status2 & BDRV_BLOCK_ZERO)) {
1544             /* nothing to do */
1545         } else if (allocated1 == allocated2) {
1546             if (allocated1) {
1547                 int64_t pnum;
1548 
1549                 chunk = MIN(chunk, IO_BUF_SIZE);
1550                 ret = blk_pread(blk1, offset, buf1, chunk);
1551                 if (ret < 0) {
1552                     error_report("Error while reading offset %" PRId64
1553                                  " of %s: %s",
1554                                  offset, filename1, strerror(-ret));
1555                     ret = 4;
1556                     goto out;
1557                 }
1558                 ret = blk_pread(blk2, offset, buf2, chunk);
1559                 if (ret < 0) {
1560                     error_report("Error while reading offset %" PRId64
1561                                  " of %s: %s",
1562                                  offset, filename2, strerror(-ret));
1563                     ret = 4;
1564                     goto out;
1565                 }
1566                 ret = compare_buffers(buf1, buf2, chunk, &pnum);
1567                 if (ret || pnum != chunk) {
1568                     qprintf(quiet, "Content mismatch at offset %" PRId64 "!\n",
1569                             offset + (ret ? 0 : pnum));
1570                     ret = 1;
1571                     goto out;
1572                 }
1573             }
1574         } else {
1575             chunk = MIN(chunk, IO_BUF_SIZE);
1576             if (allocated1) {
1577                 ret = check_empty_sectors(blk1, offset, chunk,
1578                                           filename1, buf1, quiet);
1579             } else {
1580                 ret = check_empty_sectors(blk2, offset, chunk,
1581                                           filename2, buf1, quiet);
1582             }
1583             if (ret) {
1584                 goto out;
1585             }
1586         }
1587         offset += chunk;
1588         qemu_progress_print(((float) chunk / progress_base) * 100, 100);
1589     }
1590 
1591     if (total_size1 != total_size2) {
1592         BlockBackend *blk_over;
1593         const char *filename_over;
1594 
1595         qprintf(quiet, "Warning: Image size mismatch!\n");
1596         if (total_size1 > total_size2) {
1597             blk_over = blk1;
1598             filename_over = filename1;
1599         } else {
1600             blk_over = blk2;
1601             filename_over = filename2;
1602         }
1603 
1604         while (offset < progress_base) {
1605             ret = bdrv_block_status_above(blk_bs(blk_over), NULL, offset,
1606                                           progress_base - offset, &chunk,
1607                                           NULL, NULL);
1608             if (ret < 0) {
1609                 ret = 3;
1610                 error_report("Sector allocation test failed for %s",
1611                              filename_over);
1612                 goto out;
1613 
1614             }
1615             if (ret & BDRV_BLOCK_ALLOCATED && !(ret & BDRV_BLOCK_ZERO)) {
1616                 chunk = MIN(chunk, IO_BUF_SIZE);
1617                 ret = check_empty_sectors(blk_over, offset, chunk,
1618                                           filename_over, buf1, quiet);
1619                 if (ret) {
1620                     goto out;
1621                 }
1622             }
1623             offset += chunk;
1624             qemu_progress_print(((float) chunk / progress_base) * 100, 100);
1625         }
1626     }
1627 
1628     qprintf(quiet, "Images are identical.\n");
1629     ret = 0;
1630 
1631 out:
1632     qemu_vfree(buf1);
1633     qemu_vfree(buf2);
1634     blk_unref(blk2);
1635 out2:
1636     blk_unref(blk1);
1637 out3:
1638     qemu_progress_end();
1639 out4:
1640     return ret;
1641 }
1642 
1643 /* Convenience wrapper around qmp_block_dirty_bitmap_merge */
1644 static void do_dirty_bitmap_merge(const char *dst_node, const char *dst_name,
1645                                   const char *src_node, const char *src_name,
1646                                   Error **errp)
1647 {
1648     BlockDirtyBitmapMergeSource *merge_src;
1649     BlockDirtyBitmapMergeSourceList *list;
1650 
1651     merge_src = g_new0(BlockDirtyBitmapMergeSource, 1);
1652     merge_src->type = QTYPE_QDICT;
1653     merge_src->u.external.node = g_strdup(src_node);
1654     merge_src->u.external.name = g_strdup(src_name);
1655     list = g_new0(BlockDirtyBitmapMergeSourceList, 1);
1656     list->value = merge_src;
1657     qmp_block_dirty_bitmap_merge(dst_node, dst_name, list, errp);
1658     qapi_free_BlockDirtyBitmapMergeSourceList(list);
1659 }
1660 
1661 enum ImgConvertBlockStatus {
1662     BLK_DATA,
1663     BLK_ZERO,
1664     BLK_BACKING_FILE,
1665 };
1666 
1667 #define MAX_COROUTINES 16
1668 
1669 typedef struct ImgConvertState {
1670     BlockBackend **src;
1671     int64_t *src_sectors;
1672     int src_num;
1673     int64_t total_sectors;
1674     int64_t allocated_sectors;
1675     int64_t allocated_done;
1676     int64_t sector_num;
1677     int64_t wr_offs;
1678     enum ImgConvertBlockStatus status;
1679     int64_t sector_next_status;
1680     BlockBackend *target;
1681     bool has_zero_init;
1682     bool compressed;
1683     bool unallocated_blocks_are_zero;
1684     bool target_is_new;
1685     bool target_has_backing;
1686     int64_t target_backing_sectors; /* negative if unknown */
1687     bool wr_in_order;
1688     bool copy_range;
1689     bool salvage;
1690     bool quiet;
1691     int min_sparse;
1692     int alignment;
1693     size_t cluster_sectors;
1694     size_t buf_sectors;
1695     long num_coroutines;
1696     int running_coroutines;
1697     Coroutine *co[MAX_COROUTINES];
1698     int64_t wait_sector_num[MAX_COROUTINES];
1699     CoMutex lock;
1700     int ret;
1701 } ImgConvertState;
1702 
1703 static void convert_select_part(ImgConvertState *s, int64_t sector_num,
1704                                 int *src_cur, int64_t *src_cur_offset)
1705 {
1706     *src_cur = 0;
1707     *src_cur_offset = 0;
1708     while (sector_num - *src_cur_offset >= s->src_sectors[*src_cur]) {
1709         *src_cur_offset += s->src_sectors[*src_cur];
1710         (*src_cur)++;
1711         assert(*src_cur < s->src_num);
1712     }
1713 }
1714 
1715 static int convert_iteration_sectors(ImgConvertState *s, int64_t sector_num)
1716 {
1717     int64_t src_cur_offset;
1718     int ret, n, src_cur;
1719     bool post_backing_zero = false;
1720 
1721     convert_select_part(s, sector_num, &src_cur, &src_cur_offset);
1722 
1723     assert(s->total_sectors > sector_num);
1724     n = MIN(s->total_sectors - sector_num, BDRV_REQUEST_MAX_SECTORS);
1725 
1726     if (s->target_backing_sectors >= 0) {
1727         if (sector_num >= s->target_backing_sectors) {
1728             post_backing_zero = s->unallocated_blocks_are_zero;
1729         } else if (sector_num + n > s->target_backing_sectors) {
1730             /* Split requests around target_backing_sectors (because
1731              * starting from there, zeros are handled differently) */
1732             n = s->target_backing_sectors - sector_num;
1733         }
1734     }
1735 
1736     if (s->sector_next_status <= sector_num) {
1737         uint64_t offset = (sector_num - src_cur_offset) * BDRV_SECTOR_SIZE;
1738         int64_t count;
1739 
1740         do {
1741             count = n * BDRV_SECTOR_SIZE;
1742 
1743             if (s->target_has_backing) {
1744                 ret = bdrv_block_status(blk_bs(s->src[src_cur]), offset,
1745                                         count, &count, NULL, NULL);
1746             } else {
1747                 ret = bdrv_block_status_above(blk_bs(s->src[src_cur]), NULL,
1748                                               offset, count, &count, NULL,
1749                                               NULL);
1750             }
1751 
1752             if (ret < 0) {
1753                 if (s->salvage) {
1754                     if (n == 1) {
1755                         if (!s->quiet) {
1756                             warn_report("error while reading block status at "
1757                                         "offset %" PRIu64 ": %s", offset,
1758                                         strerror(-ret));
1759                         }
1760                         /* Just try to read the data, then */
1761                         ret = BDRV_BLOCK_DATA;
1762                         count = BDRV_SECTOR_SIZE;
1763                     } else {
1764                         /* Retry on a shorter range */
1765                         n = DIV_ROUND_UP(n, 4);
1766                     }
1767                 } else {
1768                     error_report("error while reading block status at offset "
1769                                  "%" PRIu64 ": %s", offset, strerror(-ret));
1770                     return ret;
1771                 }
1772             }
1773         } while (ret < 0);
1774 
1775         n = DIV_ROUND_UP(count, BDRV_SECTOR_SIZE);
1776 
1777         if (ret & BDRV_BLOCK_ZERO) {
1778             s->status = post_backing_zero ? BLK_BACKING_FILE : BLK_ZERO;
1779         } else if (ret & BDRV_BLOCK_DATA) {
1780             s->status = BLK_DATA;
1781         } else {
1782             s->status = s->target_has_backing ? BLK_BACKING_FILE : BLK_DATA;
1783         }
1784 
1785         s->sector_next_status = sector_num + n;
1786     }
1787 
1788     n = MIN(n, s->sector_next_status - sector_num);
1789     if (s->status == BLK_DATA) {
1790         n = MIN(n, s->buf_sectors);
1791     }
1792 
1793     /* We need to write complete clusters for compressed images, so if an
1794      * unallocated area is shorter than that, we must consider the whole
1795      * cluster allocated. */
1796     if (s->compressed) {
1797         if (n < s->cluster_sectors) {
1798             n = MIN(s->cluster_sectors, s->total_sectors - sector_num);
1799             s->status = BLK_DATA;
1800         } else {
1801             n = QEMU_ALIGN_DOWN(n, s->cluster_sectors);
1802         }
1803     }
1804 
1805     return n;
1806 }
1807 
1808 static int coroutine_fn convert_co_read(ImgConvertState *s, int64_t sector_num,
1809                                         int nb_sectors, uint8_t *buf)
1810 {
1811     uint64_t single_read_until = 0;
1812     int n, ret;
1813 
1814     assert(nb_sectors <= s->buf_sectors);
1815     while (nb_sectors > 0) {
1816         BlockBackend *blk;
1817         int src_cur;
1818         int64_t bs_sectors, src_cur_offset;
1819         uint64_t offset;
1820 
1821         /* In the case of compression with multiple source files, we can get a
1822          * nb_sectors that spreads into the next part. So we must be able to
1823          * read across multiple BDSes for one convert_read() call. */
1824         convert_select_part(s, sector_num, &src_cur, &src_cur_offset);
1825         blk = s->src[src_cur];
1826         bs_sectors = s->src_sectors[src_cur];
1827 
1828         offset = (sector_num - src_cur_offset) << BDRV_SECTOR_BITS;
1829 
1830         n = MIN(nb_sectors, bs_sectors - (sector_num - src_cur_offset));
1831         if (single_read_until > offset) {
1832             n = 1;
1833         }
1834 
1835         ret = blk_co_pread(blk, offset, n << BDRV_SECTOR_BITS, buf, 0);
1836         if (ret < 0) {
1837             if (s->salvage) {
1838                 if (n > 1) {
1839                     single_read_until = offset + (n << BDRV_SECTOR_BITS);
1840                     continue;
1841                 } else {
1842                     if (!s->quiet) {
1843                         warn_report("error while reading offset %" PRIu64
1844                                     ": %s", offset, strerror(-ret));
1845                     }
1846                     memset(buf, 0, BDRV_SECTOR_SIZE);
1847                 }
1848             } else {
1849                 return ret;
1850             }
1851         }
1852 
1853         sector_num += n;
1854         nb_sectors -= n;
1855         buf += n * BDRV_SECTOR_SIZE;
1856     }
1857 
1858     return 0;
1859 }
1860 
1861 
1862 static int coroutine_fn convert_co_write(ImgConvertState *s, int64_t sector_num,
1863                                          int nb_sectors, uint8_t *buf,
1864                                          enum ImgConvertBlockStatus status)
1865 {
1866     int ret;
1867 
1868     while (nb_sectors > 0) {
1869         int n = nb_sectors;
1870         BdrvRequestFlags flags = s->compressed ? BDRV_REQ_WRITE_COMPRESSED : 0;
1871 
1872         switch (status) {
1873         case BLK_BACKING_FILE:
1874             /* If we have a backing file, leave clusters unallocated that are
1875              * unallocated in the source image, so that the backing file is
1876              * visible at the respective offset. */
1877             assert(s->target_has_backing);
1878             break;
1879 
1880         case BLK_DATA:
1881             /* If we're told to keep the target fully allocated (-S 0) or there
1882              * is real non-zero data, we must write it. Otherwise we can treat
1883              * it as zero sectors.
1884              * Compressed clusters need to be written as a whole, so in that
1885              * case we can only save the write if the buffer is completely
1886              * zeroed. */
1887             if (!s->min_sparse ||
1888                 (!s->compressed &&
1889                  is_allocated_sectors_min(buf, n, &n, s->min_sparse,
1890                                           sector_num, s->alignment)) ||
1891                 (s->compressed &&
1892                  !buffer_is_zero(buf, n * BDRV_SECTOR_SIZE)))
1893             {
1894                 ret = blk_co_pwrite(s->target, sector_num << BDRV_SECTOR_BITS,
1895                                     n << BDRV_SECTOR_BITS, buf, flags);
1896                 if (ret < 0) {
1897                     return ret;
1898                 }
1899                 break;
1900             }
1901             /* fall-through */
1902 
1903         case BLK_ZERO:
1904             if (s->has_zero_init) {
1905                 assert(!s->target_has_backing);
1906                 break;
1907             }
1908             ret = blk_co_pwrite_zeroes(s->target,
1909                                        sector_num << BDRV_SECTOR_BITS,
1910                                        n << BDRV_SECTOR_BITS,
1911                                        BDRV_REQ_MAY_UNMAP);
1912             if (ret < 0) {
1913                 return ret;
1914             }
1915             break;
1916         }
1917 
1918         sector_num += n;
1919         nb_sectors -= n;
1920         buf += n * BDRV_SECTOR_SIZE;
1921     }
1922 
1923     return 0;
1924 }
1925 
1926 static int coroutine_fn convert_co_copy_range(ImgConvertState *s, int64_t sector_num,
1927                                               int nb_sectors)
1928 {
1929     int n, ret;
1930 
1931     while (nb_sectors > 0) {
1932         BlockBackend *blk;
1933         int src_cur;
1934         int64_t bs_sectors, src_cur_offset;
1935         int64_t offset;
1936 
1937         convert_select_part(s, sector_num, &src_cur, &src_cur_offset);
1938         offset = (sector_num - src_cur_offset) << BDRV_SECTOR_BITS;
1939         blk = s->src[src_cur];
1940         bs_sectors = s->src_sectors[src_cur];
1941 
1942         n = MIN(nb_sectors, bs_sectors - (sector_num - src_cur_offset));
1943 
1944         ret = blk_co_copy_range(blk, offset, s->target,
1945                                 sector_num << BDRV_SECTOR_BITS,
1946                                 n << BDRV_SECTOR_BITS, 0, 0);
1947         if (ret < 0) {
1948             return ret;
1949         }
1950 
1951         sector_num += n;
1952         nb_sectors -= n;
1953     }
1954     return 0;
1955 }
1956 
1957 static void coroutine_fn convert_co_do_copy(void *opaque)
1958 {
1959     ImgConvertState *s = opaque;
1960     uint8_t *buf = NULL;
1961     int ret, i;
1962     int index = -1;
1963 
1964     for (i = 0; i < s->num_coroutines; i++) {
1965         if (s->co[i] == qemu_coroutine_self()) {
1966             index = i;
1967             break;
1968         }
1969     }
1970     assert(index >= 0);
1971 
1972     s->running_coroutines++;
1973     buf = blk_blockalign(s->target, s->buf_sectors * BDRV_SECTOR_SIZE);
1974 
1975     while (1) {
1976         int n;
1977         int64_t sector_num;
1978         enum ImgConvertBlockStatus status;
1979         bool copy_range;
1980 
1981         qemu_co_mutex_lock(&s->lock);
1982         if (s->ret != -EINPROGRESS || s->sector_num >= s->total_sectors) {
1983             qemu_co_mutex_unlock(&s->lock);
1984             break;
1985         }
1986         n = convert_iteration_sectors(s, s->sector_num);
1987         if (n < 0) {
1988             qemu_co_mutex_unlock(&s->lock);
1989             s->ret = n;
1990             break;
1991         }
1992         /* save current sector and allocation status to local variables */
1993         sector_num = s->sector_num;
1994         status = s->status;
1995         if (!s->min_sparse && s->status == BLK_ZERO) {
1996             n = MIN(n, s->buf_sectors);
1997         }
1998         /* increment global sector counter so that other coroutines can
1999          * already continue reading beyond this request */
2000         s->sector_num += n;
2001         qemu_co_mutex_unlock(&s->lock);
2002 
2003         if (status == BLK_DATA || (!s->min_sparse && status == BLK_ZERO)) {
2004             s->allocated_done += n;
2005             qemu_progress_print(100.0 * s->allocated_done /
2006                                         s->allocated_sectors, 0);
2007         }
2008 
2009 retry:
2010         copy_range = s->copy_range && s->status == BLK_DATA;
2011         if (status == BLK_DATA && !copy_range) {
2012             ret = convert_co_read(s, sector_num, n, buf);
2013             if (ret < 0) {
2014                 error_report("error while reading at byte %lld: %s",
2015                              sector_num * BDRV_SECTOR_SIZE, strerror(-ret));
2016                 s->ret = ret;
2017             }
2018         } else if (!s->min_sparse && status == BLK_ZERO) {
2019             status = BLK_DATA;
2020             memset(buf, 0x00, n * BDRV_SECTOR_SIZE);
2021         }
2022 
2023         if (s->wr_in_order) {
2024             /* keep writes in order */
2025             while (s->wr_offs != sector_num && s->ret == -EINPROGRESS) {
2026                 s->wait_sector_num[index] = sector_num;
2027                 qemu_coroutine_yield();
2028             }
2029             s->wait_sector_num[index] = -1;
2030         }
2031 
2032         if (s->ret == -EINPROGRESS) {
2033             if (copy_range) {
2034                 ret = convert_co_copy_range(s, sector_num, n);
2035                 if (ret) {
2036                     s->copy_range = false;
2037                     goto retry;
2038                 }
2039             } else {
2040                 ret = convert_co_write(s, sector_num, n, buf, status);
2041             }
2042             if (ret < 0) {
2043                 error_report("error while writing at byte %lld: %s",
2044                              sector_num * BDRV_SECTOR_SIZE, strerror(-ret));
2045                 s->ret = ret;
2046             }
2047         }
2048 
2049         if (s->wr_in_order) {
2050             /* reenter the coroutine that might have waited
2051              * for this write to complete */
2052             s->wr_offs = sector_num + n;
2053             for (i = 0; i < s->num_coroutines; i++) {
2054                 if (s->co[i] && s->wait_sector_num[i] == s->wr_offs) {
2055                     /*
2056                      * A -> B -> A cannot occur because A has
2057                      * s->wait_sector_num[i] == -1 during A -> B.  Therefore
2058                      * B will never enter A during this time window.
2059                      */
2060                     qemu_coroutine_enter(s->co[i]);
2061                     break;
2062                 }
2063             }
2064         }
2065     }
2066 
2067     qemu_vfree(buf);
2068     s->co[index] = NULL;
2069     s->running_coroutines--;
2070     if (!s->running_coroutines && s->ret == -EINPROGRESS) {
2071         /* the convert job finished successfully */
2072         s->ret = 0;
2073     }
2074 }
2075 
2076 static int convert_do_copy(ImgConvertState *s)
2077 {
2078     int ret, i, n;
2079     int64_t sector_num = 0;
2080 
2081     /* Check whether we have zero initialisation or can get it efficiently */
2082     if (!s->has_zero_init && s->target_is_new && s->min_sparse &&
2083         !s->target_has_backing) {
2084         s->has_zero_init = bdrv_has_zero_init(blk_bs(s->target));
2085     }
2086 
2087     if (!s->has_zero_init && !s->target_has_backing &&
2088         bdrv_can_write_zeroes_with_unmap(blk_bs(s->target)))
2089     {
2090         ret = blk_make_zero(s->target, BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK);
2091         if (ret == 0) {
2092             s->has_zero_init = true;
2093         }
2094     }
2095 
2096     /* Allocate buffer for copied data. For compressed images, only one cluster
2097      * can be copied at a time. */
2098     if (s->compressed) {
2099         if (s->cluster_sectors <= 0 || s->cluster_sectors > s->buf_sectors) {
2100             error_report("invalid cluster size");
2101             return -EINVAL;
2102         }
2103         s->buf_sectors = s->cluster_sectors;
2104     }
2105 
2106     while (sector_num < s->total_sectors) {
2107         n = convert_iteration_sectors(s, sector_num);
2108         if (n < 0) {
2109             return n;
2110         }
2111         if (s->status == BLK_DATA || (!s->min_sparse && s->status == BLK_ZERO))
2112         {
2113             s->allocated_sectors += n;
2114         }
2115         sector_num += n;
2116     }
2117 
2118     /* Do the copy */
2119     s->sector_next_status = 0;
2120     s->ret = -EINPROGRESS;
2121 
2122     qemu_co_mutex_init(&s->lock);
2123     for (i = 0; i < s->num_coroutines; i++) {
2124         s->co[i] = qemu_coroutine_create(convert_co_do_copy, s);
2125         s->wait_sector_num[i] = -1;
2126         qemu_coroutine_enter(s->co[i]);
2127     }
2128 
2129     while (s->running_coroutines) {
2130         main_loop_wait(false);
2131     }
2132 
2133     if (s->compressed && !s->ret) {
2134         /* signal EOF to align */
2135         ret = blk_pwrite_compressed(s->target, 0, NULL, 0);
2136         if (ret < 0) {
2137             return ret;
2138         }
2139     }
2140 
2141     return s->ret;
2142 }
2143 
2144 static int convert_copy_bitmaps(BlockDriverState *src, BlockDriverState *dst)
2145 {
2146     BdrvDirtyBitmap *bm;
2147     Error *err = NULL;
2148 
2149     FOR_EACH_DIRTY_BITMAP(src, bm) {
2150         const char *name;
2151 
2152         if (!bdrv_dirty_bitmap_get_persistence(bm)) {
2153             continue;
2154         }
2155         name = bdrv_dirty_bitmap_name(bm);
2156         qmp_block_dirty_bitmap_add(dst->node_name, name,
2157                                    true, bdrv_dirty_bitmap_granularity(bm),
2158                                    true, true,
2159                                    true, !bdrv_dirty_bitmap_enabled(bm),
2160                                    &err);
2161         if (err) {
2162             error_reportf_err(err, "Failed to create bitmap %s: ", name);
2163             return -1;
2164         }
2165 
2166         do_dirty_bitmap_merge(dst->node_name, name, src->node_name, name,
2167                               &err);
2168         if (err) {
2169             error_reportf_err(err, "Failed to populate bitmap %s: ", name);
2170             return -1;
2171         }
2172     }
2173 
2174     return 0;
2175 }
2176 
2177 #define MAX_BUF_SECTORS 32768
2178 
2179 static int img_convert(int argc, char **argv)
2180 {
2181     int c, bs_i, flags, src_flags = 0;
2182     const char *fmt = NULL, *out_fmt = NULL, *cache = "unsafe",
2183                *src_cache = BDRV_DEFAULT_CACHE, *out_baseimg = NULL,
2184                *out_filename, *out_baseimg_param, *snapshot_name = NULL;
2185     BlockDriver *drv = NULL, *proto_drv = NULL;
2186     BlockDriverInfo bdi;
2187     BlockDriverState *out_bs;
2188     QemuOpts *opts = NULL, *sn_opts = NULL;
2189     QemuOptsList *create_opts = NULL;
2190     QDict *open_opts = NULL;
2191     char *options = NULL;
2192     Error *local_err = NULL;
2193     bool writethrough, src_writethrough, image_opts = false,
2194          skip_create = false, progress = false, tgt_image_opts = false;
2195     int64_t ret = -EINVAL;
2196     bool force_share = false;
2197     bool explict_min_sparse = false;
2198     bool bitmaps = false;
2199 
2200     ImgConvertState s = (ImgConvertState) {
2201         /* Need at least 4k of zeros for sparse detection */
2202         .min_sparse         = 8,
2203         .copy_range         = false,
2204         .buf_sectors        = IO_BUF_SIZE / BDRV_SECTOR_SIZE,
2205         .wr_in_order        = true,
2206         .num_coroutines     = 8,
2207     };
2208 
2209     for(;;) {
2210         static const struct option long_options[] = {
2211             {"help", no_argument, 0, 'h'},
2212             {"object", required_argument, 0, OPTION_OBJECT},
2213             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
2214             {"force-share", no_argument, 0, 'U'},
2215             {"target-image-opts", no_argument, 0, OPTION_TARGET_IMAGE_OPTS},
2216             {"salvage", no_argument, 0, OPTION_SALVAGE},
2217             {"target-is-zero", no_argument, 0, OPTION_TARGET_IS_ZERO},
2218             {"bitmaps", no_argument, 0, OPTION_BITMAPS},
2219             {0, 0, 0, 0}
2220         };
2221         c = getopt_long(argc, argv, ":hf:O:B:Cco:l:S:pt:T:qnm:WU",
2222                         long_options, NULL);
2223         if (c == -1) {
2224             break;
2225         }
2226         switch(c) {
2227         case ':':
2228             missing_argument(argv[optind - 1]);
2229             break;
2230         case '?':
2231             unrecognized_option(argv[optind - 1]);
2232             break;
2233         case 'h':
2234             help();
2235             break;
2236         case 'f':
2237             fmt = optarg;
2238             break;
2239         case 'O':
2240             out_fmt = optarg;
2241             break;
2242         case 'B':
2243             out_baseimg = optarg;
2244             break;
2245         case 'C':
2246             s.copy_range = true;
2247             break;
2248         case 'c':
2249             s.compressed = true;
2250             break;
2251         case 'o':
2252             if (accumulate_options(&options, optarg) < 0) {
2253                 goto fail_getopt;
2254             }
2255             break;
2256         case 'l':
2257             if (strstart(optarg, SNAPSHOT_OPT_BASE, NULL)) {
2258                 sn_opts = qemu_opts_parse_noisily(&internal_snapshot_opts,
2259                                                   optarg, false);
2260                 if (!sn_opts) {
2261                     error_report("Failed in parsing snapshot param '%s'",
2262                                  optarg);
2263                     goto fail_getopt;
2264                 }
2265             } else {
2266                 snapshot_name = optarg;
2267             }
2268             break;
2269         case 'S':
2270         {
2271             int64_t sval;
2272 
2273             sval = cvtnum("buffer size for sparse output", optarg);
2274             if (sval < 0) {
2275                 goto fail_getopt;
2276             } else if (!QEMU_IS_ALIGNED(sval, BDRV_SECTOR_SIZE) ||
2277                 sval / BDRV_SECTOR_SIZE > MAX_BUF_SECTORS) {
2278                 error_report("Invalid buffer size for sparse output specified. "
2279                     "Valid sizes are multiples of %llu up to %llu. Select "
2280                     "0 to disable sparse detection (fully allocates output).",
2281                     BDRV_SECTOR_SIZE, MAX_BUF_SECTORS * BDRV_SECTOR_SIZE);
2282                 goto fail_getopt;
2283             }
2284 
2285             s.min_sparse = sval / BDRV_SECTOR_SIZE;
2286             explict_min_sparse = true;
2287             break;
2288         }
2289         case 'p':
2290             progress = true;
2291             break;
2292         case 't':
2293             cache = optarg;
2294             break;
2295         case 'T':
2296             src_cache = optarg;
2297             break;
2298         case 'q':
2299             s.quiet = true;
2300             break;
2301         case 'n':
2302             skip_create = true;
2303             break;
2304         case 'm':
2305             if (qemu_strtol(optarg, NULL, 0, &s.num_coroutines) ||
2306                 s.num_coroutines < 1 || s.num_coroutines > MAX_COROUTINES) {
2307                 error_report("Invalid number of coroutines. Allowed number of"
2308                              " coroutines is between 1 and %d", MAX_COROUTINES);
2309                 goto fail_getopt;
2310             }
2311             break;
2312         case 'W':
2313             s.wr_in_order = false;
2314             break;
2315         case 'U':
2316             force_share = true;
2317             break;
2318         case OPTION_OBJECT: {
2319             QemuOpts *object_opts;
2320             object_opts = qemu_opts_parse_noisily(&qemu_object_opts,
2321                                                   optarg, true);
2322             if (!object_opts) {
2323                 goto fail_getopt;
2324             }
2325             break;
2326         }
2327         case OPTION_IMAGE_OPTS:
2328             image_opts = true;
2329             break;
2330         case OPTION_SALVAGE:
2331             s.salvage = true;
2332             break;
2333         case OPTION_TARGET_IMAGE_OPTS:
2334             tgt_image_opts = true;
2335             break;
2336         case OPTION_TARGET_IS_ZERO:
2337             /*
2338              * The user asserting that the target is blank has the
2339              * same effect as the target driver supporting zero
2340              * initialisation.
2341              */
2342             s.has_zero_init = true;
2343             break;
2344         case OPTION_BITMAPS:
2345             bitmaps = true;
2346             break;
2347         }
2348     }
2349 
2350     if (!out_fmt && !tgt_image_opts) {
2351         out_fmt = "raw";
2352     }
2353 
2354     if (qemu_opts_foreach(&qemu_object_opts,
2355                           user_creatable_add_opts_foreach,
2356                           qemu_img_object_print_help, &error_fatal)) {
2357         goto fail_getopt;
2358     }
2359 
2360     if (s.compressed && s.copy_range) {
2361         error_report("Cannot enable copy offloading when -c is used");
2362         goto fail_getopt;
2363     }
2364 
2365     if (explict_min_sparse && s.copy_range) {
2366         error_report("Cannot enable copy offloading when -S is used");
2367         goto fail_getopt;
2368     }
2369 
2370     if (s.copy_range && s.salvage) {
2371         error_report("Cannot use copy offloading in salvaging mode");
2372         goto fail_getopt;
2373     }
2374 
2375     if (tgt_image_opts && !skip_create) {
2376         error_report("--target-image-opts requires use of -n flag");
2377         goto fail_getopt;
2378     }
2379 
2380     if (skip_create && options) {
2381         warn_report("-o has no effect when skipping image creation");
2382         warn_report("This will become an error in future QEMU versions.");
2383     }
2384 
2385     if (s.has_zero_init && !skip_create) {
2386         error_report("--target-is-zero requires use of -n flag");
2387         goto fail_getopt;
2388     }
2389 
2390     s.src_num = argc - optind - 1;
2391     out_filename = s.src_num >= 1 ? argv[argc - 1] : NULL;
2392 
2393     if (options && has_help_option(options)) {
2394         if (out_fmt) {
2395             ret = print_block_option_help(out_filename, out_fmt);
2396             goto fail_getopt;
2397         } else {
2398             error_report("Option help requires a format be specified");
2399             goto fail_getopt;
2400         }
2401     }
2402 
2403     if (s.src_num < 1) {
2404         error_report("Must specify image file name");
2405         goto fail_getopt;
2406     }
2407 
2408     /* ret is still -EINVAL until here */
2409     ret = bdrv_parse_cache_mode(src_cache, &src_flags, &src_writethrough);
2410     if (ret < 0) {
2411         error_report("Invalid source cache option: %s", src_cache);
2412         goto fail_getopt;
2413     }
2414 
2415     /* Initialize before goto out */
2416     if (s.quiet) {
2417         progress = false;
2418     }
2419     qemu_progress_init(progress, 1.0);
2420     qemu_progress_print(0, 100);
2421 
2422     s.src = g_new0(BlockBackend *, s.src_num);
2423     s.src_sectors = g_new(int64_t, s.src_num);
2424 
2425     for (bs_i = 0; bs_i < s.src_num; bs_i++) {
2426         s.src[bs_i] = img_open(image_opts, argv[optind + bs_i],
2427                                fmt, src_flags, src_writethrough, s.quiet,
2428                                force_share);
2429         if (!s.src[bs_i]) {
2430             ret = -1;
2431             goto out;
2432         }
2433         s.src_sectors[bs_i] = blk_nb_sectors(s.src[bs_i]);
2434         if (s.src_sectors[bs_i] < 0) {
2435             error_report("Could not get size of %s: %s",
2436                          argv[optind + bs_i], strerror(-s.src_sectors[bs_i]));
2437             ret = -1;
2438             goto out;
2439         }
2440         s.total_sectors += s.src_sectors[bs_i];
2441     }
2442 
2443     if (sn_opts) {
2444         bdrv_snapshot_load_tmp(blk_bs(s.src[0]),
2445                                qemu_opt_get(sn_opts, SNAPSHOT_OPT_ID),
2446                                qemu_opt_get(sn_opts, SNAPSHOT_OPT_NAME),
2447                                &local_err);
2448     } else if (snapshot_name != NULL) {
2449         if (s.src_num > 1) {
2450             error_report("No support for concatenating multiple snapshot");
2451             ret = -1;
2452             goto out;
2453         }
2454 
2455         bdrv_snapshot_load_tmp_by_id_or_name(blk_bs(s.src[0]), snapshot_name,
2456                                              &local_err);
2457     }
2458     if (local_err) {
2459         error_reportf_err(local_err, "Failed to load snapshot: ");
2460         ret = -1;
2461         goto out;
2462     }
2463 
2464     if (!skip_create) {
2465         /* Find driver and parse its options */
2466         drv = bdrv_find_format(out_fmt);
2467         if (!drv) {
2468             error_report("Unknown file format '%s'", out_fmt);
2469             ret = -1;
2470             goto out;
2471         }
2472 
2473         proto_drv = bdrv_find_protocol(out_filename, true, &local_err);
2474         if (!proto_drv) {
2475             error_report_err(local_err);
2476             ret = -1;
2477             goto out;
2478         }
2479 
2480         if (!drv->create_opts) {
2481             error_report("Format driver '%s' does not support image creation",
2482                          drv->format_name);
2483             ret = -1;
2484             goto out;
2485         }
2486 
2487         if (!proto_drv->create_opts) {
2488             error_report("Protocol driver '%s' does not support image creation",
2489                          proto_drv->format_name);
2490             ret = -1;
2491             goto out;
2492         }
2493 
2494         create_opts = qemu_opts_append(create_opts, drv->create_opts);
2495         create_opts = qemu_opts_append(create_opts, proto_drv->create_opts);
2496 
2497         opts = qemu_opts_create(create_opts, NULL, 0, &error_abort);
2498         if (options) {
2499             qemu_opts_do_parse(opts, options, NULL, &local_err);
2500             if (local_err) {
2501                 error_report_err(local_err);
2502                 ret = -1;
2503                 goto out;
2504             }
2505         }
2506 
2507         qemu_opt_set_number(opts, BLOCK_OPT_SIZE, s.total_sectors * 512,
2508                             &error_abort);
2509         ret = add_old_style_options(out_fmt, opts, out_baseimg, NULL);
2510         if (ret < 0) {
2511             goto out;
2512         }
2513     }
2514 
2515     /* Get backing file name if -o backing_file was used */
2516     out_baseimg_param = qemu_opt_get(opts, BLOCK_OPT_BACKING_FILE);
2517     if (out_baseimg_param) {
2518         out_baseimg = out_baseimg_param;
2519     }
2520     s.target_has_backing = (bool) out_baseimg;
2521 
2522     if (s.has_zero_init && s.target_has_backing) {
2523         error_report("Cannot use --target-is-zero when the destination "
2524                      "image has a backing file");
2525         goto out;
2526     }
2527 
2528     if (s.src_num > 1 && out_baseimg) {
2529         error_report("Having a backing file for the target makes no sense when "
2530                      "concatenating multiple input images");
2531         ret = -1;
2532         goto out;
2533     }
2534 
2535     /* Check if compression is supported */
2536     if (s.compressed) {
2537         bool encryption =
2538             qemu_opt_get_bool(opts, BLOCK_OPT_ENCRYPT, false);
2539         const char *encryptfmt =
2540             qemu_opt_get(opts, BLOCK_OPT_ENCRYPT_FORMAT);
2541         const char *preallocation =
2542             qemu_opt_get(opts, BLOCK_OPT_PREALLOC);
2543 
2544         if (drv && !block_driver_can_compress(drv)) {
2545             error_report("Compression not supported for this file format");
2546             ret = -1;
2547             goto out;
2548         }
2549 
2550         if (encryption || encryptfmt) {
2551             error_report("Compression and encryption not supported at "
2552                          "the same time");
2553             ret = -1;
2554             goto out;
2555         }
2556 
2557         if (preallocation
2558             && strcmp(preallocation, "off"))
2559         {
2560             error_report("Compression and preallocation not supported at "
2561                          "the same time");
2562             ret = -1;
2563             goto out;
2564         }
2565     }
2566 
2567     /* Determine if bitmaps need copying */
2568     if (bitmaps) {
2569         if (s.src_num > 1) {
2570             error_report("Copying bitmaps only possible with single source");
2571             ret = -1;
2572             goto out;
2573         }
2574         if (!bdrv_supports_persistent_dirty_bitmap(blk_bs(s.src[0]))) {
2575             error_report("Source lacks bitmap support");
2576             ret = -1;
2577             goto out;
2578         }
2579     }
2580 
2581     /*
2582      * The later open call will need any decryption secrets, and
2583      * bdrv_create() will purge "opts", so extract them now before
2584      * they are lost.
2585      */
2586     if (!skip_create) {
2587         open_opts = qdict_new();
2588         qemu_opt_foreach(opts, img_add_key_secrets, open_opts, &error_abort);
2589 
2590         /* Create the new image */
2591         ret = bdrv_create(drv, out_filename, opts, &local_err);
2592         if (ret < 0) {
2593             error_reportf_err(local_err, "%s: error while converting %s: ",
2594                               out_filename, out_fmt);
2595             goto out;
2596         }
2597     }
2598 
2599     s.target_is_new = !skip_create;
2600 
2601     flags = s.min_sparse ? (BDRV_O_RDWR | BDRV_O_UNMAP) : BDRV_O_RDWR;
2602     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
2603     if (ret < 0) {
2604         error_report("Invalid cache option: %s", cache);
2605         goto out;
2606     }
2607 
2608     if (skip_create) {
2609         s.target = img_open(tgt_image_opts, out_filename, out_fmt,
2610                             flags, writethrough, s.quiet, false);
2611     } else {
2612         /* TODO ultimately we should allow --target-image-opts
2613          * to be used even when -n is not given.
2614          * That has to wait for bdrv_create to be improved
2615          * to allow filenames in option syntax
2616          */
2617         s.target = img_open_file(out_filename, open_opts, out_fmt,
2618                                  flags, writethrough, s.quiet, false);
2619         open_opts = NULL; /* blk_new_open will have freed it */
2620     }
2621     if (!s.target) {
2622         ret = -1;
2623         goto out;
2624     }
2625     out_bs = blk_bs(s.target);
2626 
2627     if (bitmaps && !bdrv_supports_persistent_dirty_bitmap(out_bs)) {
2628         error_report("Format driver '%s' does not support bitmaps",
2629                      out_bs->drv->format_name);
2630         ret = -1;
2631         goto out;
2632     }
2633 
2634     if (s.compressed && !block_driver_can_compress(out_bs->drv)) {
2635         error_report("Compression not supported for this file format");
2636         ret = -1;
2637         goto out;
2638     }
2639 
2640     /* increase bufsectors from the default 4096 (2M) if opt_transfer
2641      * or discard_alignment of the out_bs is greater. Limit to
2642      * MAX_BUF_SECTORS as maximum which is currently 32768 (16MB). */
2643     s.buf_sectors = MIN(MAX_BUF_SECTORS,
2644                         MAX(s.buf_sectors,
2645                             MAX(out_bs->bl.opt_transfer >> BDRV_SECTOR_BITS,
2646                                 out_bs->bl.pdiscard_alignment >>
2647                                 BDRV_SECTOR_BITS)));
2648 
2649     /* try to align the write requests to the destination to avoid unnecessary
2650      * RMW cycles. */
2651     s.alignment = MAX(pow2floor(s.min_sparse),
2652                       DIV_ROUND_UP(out_bs->bl.request_alignment,
2653                                    BDRV_SECTOR_SIZE));
2654     assert(is_power_of_2(s.alignment));
2655 
2656     if (skip_create) {
2657         int64_t output_sectors = blk_nb_sectors(s.target);
2658         if (output_sectors < 0) {
2659             error_report("unable to get output image length: %s",
2660                          strerror(-output_sectors));
2661             ret = -1;
2662             goto out;
2663         } else if (output_sectors < s.total_sectors) {
2664             error_report("output file is smaller than input file");
2665             ret = -1;
2666             goto out;
2667         }
2668     }
2669 
2670     if (s.target_has_backing && s.target_is_new) {
2671         /* Errors are treated as "backing length unknown" (which means
2672          * s.target_backing_sectors has to be negative, which it will
2673          * be automatically).  The backing file length is used only
2674          * for optimizations, so such a case is not fatal. */
2675         s.target_backing_sectors = bdrv_nb_sectors(out_bs->backing->bs);
2676     } else {
2677         s.target_backing_sectors = -1;
2678     }
2679 
2680     ret = bdrv_get_info(out_bs, &bdi);
2681     if (ret < 0) {
2682         if (s.compressed) {
2683             error_report("could not get block driver info");
2684             goto out;
2685         }
2686     } else {
2687         s.compressed = s.compressed || bdi.needs_compressed_writes;
2688         s.cluster_sectors = bdi.cluster_size / BDRV_SECTOR_SIZE;
2689         s.unallocated_blocks_are_zero = bdi.unallocated_blocks_are_zero;
2690     }
2691 
2692     ret = convert_do_copy(&s);
2693 
2694     /* Now copy the bitmaps */
2695     if (bitmaps && ret == 0) {
2696         ret = convert_copy_bitmaps(blk_bs(s.src[0]), out_bs);
2697     }
2698 
2699 out:
2700     if (!ret) {
2701         qemu_progress_print(100, 0);
2702     }
2703     qemu_progress_end();
2704     qemu_opts_del(opts);
2705     qemu_opts_free(create_opts);
2706     qemu_opts_del(sn_opts);
2707     qobject_unref(open_opts);
2708     blk_unref(s.target);
2709     if (s.src) {
2710         for (bs_i = 0; bs_i < s.src_num; bs_i++) {
2711             blk_unref(s.src[bs_i]);
2712         }
2713         g_free(s.src);
2714     }
2715     g_free(s.src_sectors);
2716 fail_getopt:
2717     g_free(options);
2718 
2719     return !!ret;
2720 }
2721 
2722 
2723 static void dump_snapshots(BlockDriverState *bs)
2724 {
2725     QEMUSnapshotInfo *sn_tab, *sn;
2726     int nb_sns, i;
2727 
2728     nb_sns = bdrv_snapshot_list(bs, &sn_tab);
2729     if (nb_sns <= 0)
2730         return;
2731     printf("Snapshot list:\n");
2732     bdrv_snapshot_dump(NULL);
2733     printf("\n");
2734     for(i = 0; i < nb_sns; i++) {
2735         sn = &sn_tab[i];
2736         bdrv_snapshot_dump(sn);
2737         printf("\n");
2738     }
2739     g_free(sn_tab);
2740 }
2741 
2742 static void dump_json_image_info_list(ImageInfoList *list)
2743 {
2744     QString *str;
2745     QObject *obj;
2746     Visitor *v = qobject_output_visitor_new(&obj);
2747 
2748     visit_type_ImageInfoList(v, NULL, &list, &error_abort);
2749     visit_complete(v, &obj);
2750     str = qobject_to_json_pretty(obj);
2751     assert(str != NULL);
2752     printf("%s\n", qstring_get_str(str));
2753     qobject_unref(obj);
2754     visit_free(v);
2755     qobject_unref(str);
2756 }
2757 
2758 static void dump_json_image_info(ImageInfo *info)
2759 {
2760     QString *str;
2761     QObject *obj;
2762     Visitor *v = qobject_output_visitor_new(&obj);
2763 
2764     visit_type_ImageInfo(v, NULL, &info, &error_abort);
2765     visit_complete(v, &obj);
2766     str = qobject_to_json_pretty(obj);
2767     assert(str != NULL);
2768     printf("%s\n", qstring_get_str(str));
2769     qobject_unref(obj);
2770     visit_free(v);
2771     qobject_unref(str);
2772 }
2773 
2774 static void dump_human_image_info_list(ImageInfoList *list)
2775 {
2776     ImageInfoList *elem;
2777     bool delim = false;
2778 
2779     for (elem = list; elem; elem = elem->next) {
2780         if (delim) {
2781             printf("\n");
2782         }
2783         delim = true;
2784 
2785         bdrv_image_info_dump(elem->value);
2786     }
2787 }
2788 
2789 static gboolean str_equal_func(gconstpointer a, gconstpointer b)
2790 {
2791     return strcmp(a, b) == 0;
2792 }
2793 
2794 /**
2795  * Open an image file chain and return an ImageInfoList
2796  *
2797  * @filename: topmost image filename
2798  * @fmt: topmost image format (may be NULL to autodetect)
2799  * @chain: true  - enumerate entire backing file chain
2800  *         false - only topmost image file
2801  *
2802  * Returns a list of ImageInfo objects or NULL if there was an error opening an
2803  * image file.  If there was an error a message will have been printed to
2804  * stderr.
2805  */
2806 static ImageInfoList *collect_image_info_list(bool image_opts,
2807                                               const char *filename,
2808                                               const char *fmt,
2809                                               bool chain, bool force_share)
2810 {
2811     ImageInfoList *head = NULL;
2812     ImageInfoList **last = &head;
2813     GHashTable *filenames;
2814     Error *err = NULL;
2815 
2816     filenames = g_hash_table_new_full(g_str_hash, str_equal_func, NULL, NULL);
2817 
2818     while (filename) {
2819         BlockBackend *blk;
2820         BlockDriverState *bs;
2821         ImageInfo *info;
2822         ImageInfoList *elem;
2823 
2824         if (g_hash_table_lookup_extended(filenames, filename, NULL, NULL)) {
2825             error_report("Backing file '%s' creates an infinite loop.",
2826                          filename);
2827             goto err;
2828         }
2829         g_hash_table_insert(filenames, (gpointer)filename, NULL);
2830 
2831         blk = img_open(image_opts, filename, fmt,
2832                        BDRV_O_NO_BACKING | BDRV_O_NO_IO, false, false,
2833                        force_share);
2834         if (!blk) {
2835             goto err;
2836         }
2837         bs = blk_bs(blk);
2838 
2839         bdrv_query_image_info(bs, &info, &err);
2840         if (err) {
2841             error_report_err(err);
2842             blk_unref(blk);
2843             goto err;
2844         }
2845 
2846         elem = g_new0(ImageInfoList, 1);
2847         elem->value = info;
2848         *last = elem;
2849         last = &elem->next;
2850 
2851         blk_unref(blk);
2852 
2853         /* Clear parameters that only apply to the topmost image */
2854         filename = fmt = NULL;
2855         image_opts = false;
2856 
2857         if (chain) {
2858             if (info->has_full_backing_filename) {
2859                 filename = info->full_backing_filename;
2860             } else if (info->has_backing_filename) {
2861                 error_report("Could not determine absolute backing filename,"
2862                              " but backing filename '%s' present",
2863                              info->backing_filename);
2864                 goto err;
2865             }
2866             if (info->has_backing_filename_format) {
2867                 fmt = info->backing_filename_format;
2868             }
2869         }
2870     }
2871     g_hash_table_destroy(filenames);
2872     return head;
2873 
2874 err:
2875     qapi_free_ImageInfoList(head);
2876     g_hash_table_destroy(filenames);
2877     return NULL;
2878 }
2879 
2880 static int img_info(int argc, char **argv)
2881 {
2882     int c;
2883     OutputFormat output_format = OFORMAT_HUMAN;
2884     bool chain = false;
2885     const char *filename, *fmt, *output;
2886     ImageInfoList *list;
2887     bool image_opts = false;
2888     bool force_share = false;
2889 
2890     fmt = NULL;
2891     output = NULL;
2892     for(;;) {
2893         int option_index = 0;
2894         static const struct option long_options[] = {
2895             {"help", no_argument, 0, 'h'},
2896             {"format", required_argument, 0, 'f'},
2897             {"output", required_argument, 0, OPTION_OUTPUT},
2898             {"backing-chain", no_argument, 0, OPTION_BACKING_CHAIN},
2899             {"object", required_argument, 0, OPTION_OBJECT},
2900             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
2901             {"force-share", no_argument, 0, 'U'},
2902             {0, 0, 0, 0}
2903         };
2904         c = getopt_long(argc, argv, ":f:hU",
2905                         long_options, &option_index);
2906         if (c == -1) {
2907             break;
2908         }
2909         switch(c) {
2910         case ':':
2911             missing_argument(argv[optind - 1]);
2912             break;
2913         case '?':
2914             unrecognized_option(argv[optind - 1]);
2915             break;
2916         case 'h':
2917             help();
2918             break;
2919         case 'f':
2920             fmt = optarg;
2921             break;
2922         case 'U':
2923             force_share = true;
2924             break;
2925         case OPTION_OUTPUT:
2926             output = optarg;
2927             break;
2928         case OPTION_BACKING_CHAIN:
2929             chain = true;
2930             break;
2931         case OPTION_OBJECT: {
2932             QemuOpts *opts;
2933             opts = qemu_opts_parse_noisily(&qemu_object_opts,
2934                                            optarg, true);
2935             if (!opts) {
2936                 return 1;
2937             }
2938         }   break;
2939         case OPTION_IMAGE_OPTS:
2940             image_opts = true;
2941             break;
2942         }
2943     }
2944     if (optind != argc - 1) {
2945         error_exit("Expecting one image file name");
2946     }
2947     filename = argv[optind++];
2948 
2949     if (output && !strcmp(output, "json")) {
2950         output_format = OFORMAT_JSON;
2951     } else if (output && !strcmp(output, "human")) {
2952         output_format = OFORMAT_HUMAN;
2953     } else if (output) {
2954         error_report("--output must be used with human or json as argument.");
2955         return 1;
2956     }
2957 
2958     if (qemu_opts_foreach(&qemu_object_opts,
2959                           user_creatable_add_opts_foreach,
2960                           qemu_img_object_print_help, &error_fatal)) {
2961         return 1;
2962     }
2963 
2964     list = collect_image_info_list(image_opts, filename, fmt, chain,
2965                                    force_share);
2966     if (!list) {
2967         return 1;
2968     }
2969 
2970     switch (output_format) {
2971     case OFORMAT_HUMAN:
2972         dump_human_image_info_list(list);
2973         break;
2974     case OFORMAT_JSON:
2975         if (chain) {
2976             dump_json_image_info_list(list);
2977         } else {
2978             dump_json_image_info(list->value);
2979         }
2980         break;
2981     }
2982 
2983     qapi_free_ImageInfoList(list);
2984     return 0;
2985 }
2986 
2987 static int dump_map_entry(OutputFormat output_format, MapEntry *e,
2988                           MapEntry *next)
2989 {
2990     switch (output_format) {
2991     case OFORMAT_HUMAN:
2992         if (e->data && !e->has_offset) {
2993             error_report("File contains external, encrypted or compressed clusters.");
2994             return -1;
2995         }
2996         if (e->data && !e->zero) {
2997             printf("%#-16"PRIx64"%#-16"PRIx64"%#-16"PRIx64"%s\n",
2998                    e->start, e->length,
2999                    e->has_offset ? e->offset : 0,
3000                    e->has_filename ? e->filename : "");
3001         }
3002         /* This format ignores the distinction between 0, ZERO and ZERO|DATA.
3003          * Modify the flags here to allow more coalescing.
3004          */
3005         if (next && (!next->data || next->zero)) {
3006             next->data = false;
3007             next->zero = true;
3008         }
3009         break;
3010     case OFORMAT_JSON:
3011         printf("{ \"start\": %"PRId64", \"length\": %"PRId64","
3012                " \"depth\": %"PRId64", \"zero\": %s, \"data\": %s",
3013                e->start, e->length, e->depth,
3014                e->zero ? "true" : "false",
3015                e->data ? "true" : "false");
3016         if (e->has_offset) {
3017             printf(", \"offset\": %"PRId64"", e->offset);
3018         }
3019         putchar('}');
3020 
3021         if (next) {
3022             puts(",");
3023         }
3024         break;
3025     }
3026     return 0;
3027 }
3028 
3029 static int get_block_status(BlockDriverState *bs, int64_t offset,
3030                             int64_t bytes, MapEntry *e)
3031 {
3032     int ret;
3033     int depth;
3034     BlockDriverState *file;
3035     bool has_offset;
3036     int64_t map;
3037     char *filename = NULL;
3038 
3039     /* As an optimization, we could cache the current range of unallocated
3040      * clusters in each file of the chain, and avoid querying the same
3041      * range repeatedly.
3042      */
3043 
3044     depth = 0;
3045     for (;;) {
3046         ret = bdrv_block_status(bs, offset, bytes, &bytes, &map, &file);
3047         if (ret < 0) {
3048             return ret;
3049         }
3050         assert(bytes);
3051         if (ret & (BDRV_BLOCK_ZERO|BDRV_BLOCK_DATA)) {
3052             break;
3053         }
3054         bs = backing_bs(bs);
3055         if (bs == NULL) {
3056             ret = 0;
3057             break;
3058         }
3059 
3060         depth++;
3061     }
3062 
3063     has_offset = !!(ret & BDRV_BLOCK_OFFSET_VALID);
3064 
3065     if (file && has_offset) {
3066         bdrv_refresh_filename(file);
3067         filename = file->filename;
3068     }
3069 
3070     *e = (MapEntry) {
3071         .start = offset,
3072         .length = bytes,
3073         .data = !!(ret & BDRV_BLOCK_DATA),
3074         .zero = !!(ret & BDRV_BLOCK_ZERO),
3075         .offset = map,
3076         .has_offset = has_offset,
3077         .depth = depth,
3078         .has_filename = filename,
3079         .filename = filename,
3080     };
3081 
3082     return 0;
3083 }
3084 
3085 static inline bool entry_mergeable(const MapEntry *curr, const MapEntry *next)
3086 {
3087     if (curr->length == 0) {
3088         return false;
3089     }
3090     if (curr->zero != next->zero ||
3091         curr->data != next->data ||
3092         curr->depth != next->depth ||
3093         curr->has_filename != next->has_filename ||
3094         curr->has_offset != next->has_offset) {
3095         return false;
3096     }
3097     if (curr->has_filename && strcmp(curr->filename, next->filename)) {
3098         return false;
3099     }
3100     if (curr->has_offset && curr->offset + curr->length != next->offset) {
3101         return false;
3102     }
3103     return true;
3104 }
3105 
3106 static int img_map(int argc, char **argv)
3107 {
3108     int c;
3109     OutputFormat output_format = OFORMAT_HUMAN;
3110     BlockBackend *blk;
3111     BlockDriverState *bs;
3112     const char *filename, *fmt, *output;
3113     int64_t length;
3114     MapEntry curr = { .length = 0 }, next;
3115     int ret = 0;
3116     bool image_opts = false;
3117     bool force_share = false;
3118     int64_t start_offset = 0;
3119     int64_t max_length = -1;
3120 
3121     fmt = NULL;
3122     output = NULL;
3123     for (;;) {
3124         int option_index = 0;
3125         static const struct option long_options[] = {
3126             {"help", no_argument, 0, 'h'},
3127             {"format", required_argument, 0, 'f'},
3128             {"output", required_argument, 0, OPTION_OUTPUT},
3129             {"object", required_argument, 0, OPTION_OBJECT},
3130             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
3131             {"force-share", no_argument, 0, 'U'},
3132             {"start-offset", required_argument, 0, 's'},
3133             {"max-length", required_argument, 0, 'l'},
3134             {0, 0, 0, 0}
3135         };
3136         c = getopt_long(argc, argv, ":f:s:l:hU",
3137                         long_options, &option_index);
3138         if (c == -1) {
3139             break;
3140         }
3141         switch (c) {
3142         case ':':
3143             missing_argument(argv[optind - 1]);
3144             break;
3145         case '?':
3146             unrecognized_option(argv[optind - 1]);
3147             break;
3148         case 'h':
3149             help();
3150             break;
3151         case 'f':
3152             fmt = optarg;
3153             break;
3154         case 'U':
3155             force_share = true;
3156             break;
3157         case OPTION_OUTPUT:
3158             output = optarg;
3159             break;
3160         case 's':
3161             start_offset = cvtnum("start offset", optarg);
3162             if (start_offset < 0) {
3163                 return 1;
3164             }
3165             break;
3166         case 'l':
3167             max_length = cvtnum("max length", optarg);
3168             if (max_length < 0) {
3169                 return 1;
3170             }
3171             break;
3172         case OPTION_OBJECT: {
3173             QemuOpts *opts;
3174             opts = qemu_opts_parse_noisily(&qemu_object_opts,
3175                                            optarg, true);
3176             if (!opts) {
3177                 return 1;
3178             }
3179         }   break;
3180         case OPTION_IMAGE_OPTS:
3181             image_opts = true;
3182             break;
3183         }
3184     }
3185     if (optind != argc - 1) {
3186         error_exit("Expecting one image file name");
3187     }
3188     filename = argv[optind];
3189 
3190     if (output && !strcmp(output, "json")) {
3191         output_format = OFORMAT_JSON;
3192     } else if (output && !strcmp(output, "human")) {
3193         output_format = OFORMAT_HUMAN;
3194     } else if (output) {
3195         error_report("--output must be used with human or json as argument.");
3196         return 1;
3197     }
3198 
3199     if (qemu_opts_foreach(&qemu_object_opts,
3200                           user_creatable_add_opts_foreach,
3201                           qemu_img_object_print_help, &error_fatal)) {
3202         return 1;
3203     }
3204 
3205     blk = img_open(image_opts, filename, fmt, 0, false, false, force_share);
3206     if (!blk) {
3207         return 1;
3208     }
3209     bs = blk_bs(blk);
3210 
3211     if (output_format == OFORMAT_HUMAN) {
3212         printf("%-16s%-16s%-16s%s\n", "Offset", "Length", "Mapped to", "File");
3213     } else if (output_format == OFORMAT_JSON) {
3214         putchar('[');
3215     }
3216 
3217     length = blk_getlength(blk);
3218     if (length < 0) {
3219         error_report("Failed to get size for '%s'", filename);
3220         return 1;
3221     }
3222     if (max_length != -1) {
3223         length = MIN(start_offset + max_length, length);
3224     }
3225 
3226     curr.start = start_offset;
3227     while (curr.start + curr.length < length) {
3228         int64_t offset = curr.start + curr.length;
3229         int64_t n;
3230 
3231         /* Probe up to 1 GiB at a time.  */
3232         n = MIN(1 * GiB, length - offset);
3233         ret = get_block_status(bs, offset, n, &next);
3234 
3235         if (ret < 0) {
3236             error_report("Could not read file metadata: %s", strerror(-ret));
3237             goto out;
3238         }
3239 
3240         if (entry_mergeable(&curr, &next)) {
3241             curr.length += next.length;
3242             continue;
3243         }
3244 
3245         if (curr.length > 0) {
3246             ret = dump_map_entry(output_format, &curr, &next);
3247             if (ret < 0) {
3248                 goto out;
3249             }
3250         }
3251         curr = next;
3252     }
3253 
3254     ret = dump_map_entry(output_format, &curr, NULL);
3255     if (output_format == OFORMAT_JSON) {
3256         puts("]");
3257     }
3258 
3259 out:
3260     blk_unref(blk);
3261     return ret < 0;
3262 }
3263 
3264 #define SNAPSHOT_LIST   1
3265 #define SNAPSHOT_CREATE 2
3266 #define SNAPSHOT_APPLY  3
3267 #define SNAPSHOT_DELETE 4
3268 
3269 static int img_snapshot(int argc, char **argv)
3270 {
3271     BlockBackend *blk;
3272     BlockDriverState *bs;
3273     QEMUSnapshotInfo sn;
3274     char *filename, *snapshot_name = NULL;
3275     int c, ret = 0, bdrv_oflags;
3276     int action = 0;
3277     qemu_timeval tv;
3278     bool quiet = false;
3279     Error *err = NULL;
3280     bool image_opts = false;
3281     bool force_share = false;
3282 
3283     bdrv_oflags = BDRV_O_RDWR;
3284     /* Parse commandline parameters */
3285     for(;;) {
3286         static const struct option long_options[] = {
3287             {"help", no_argument, 0, 'h'},
3288             {"object", required_argument, 0, OPTION_OBJECT},
3289             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
3290             {"force-share", no_argument, 0, 'U'},
3291             {0, 0, 0, 0}
3292         };
3293         c = getopt_long(argc, argv, ":la:c:d:hqU",
3294                         long_options, NULL);
3295         if (c == -1) {
3296             break;
3297         }
3298         switch(c) {
3299         case ':':
3300             missing_argument(argv[optind - 1]);
3301             break;
3302         case '?':
3303             unrecognized_option(argv[optind - 1]);
3304             break;
3305         case 'h':
3306             help();
3307             return 0;
3308         case 'l':
3309             if (action) {
3310                 error_exit("Cannot mix '-l', '-a', '-c', '-d'");
3311                 return 0;
3312             }
3313             action = SNAPSHOT_LIST;
3314             bdrv_oflags &= ~BDRV_O_RDWR; /* no need for RW */
3315             break;
3316         case 'a':
3317             if (action) {
3318                 error_exit("Cannot mix '-l', '-a', '-c', '-d'");
3319                 return 0;
3320             }
3321             action = SNAPSHOT_APPLY;
3322             snapshot_name = optarg;
3323             break;
3324         case 'c':
3325             if (action) {
3326                 error_exit("Cannot mix '-l', '-a', '-c', '-d'");
3327                 return 0;
3328             }
3329             action = SNAPSHOT_CREATE;
3330             snapshot_name = optarg;
3331             break;
3332         case 'd':
3333             if (action) {
3334                 error_exit("Cannot mix '-l', '-a', '-c', '-d'");
3335                 return 0;
3336             }
3337             action = SNAPSHOT_DELETE;
3338             snapshot_name = optarg;
3339             break;
3340         case 'q':
3341             quiet = true;
3342             break;
3343         case 'U':
3344             force_share = true;
3345             break;
3346         case OPTION_OBJECT: {
3347             QemuOpts *opts;
3348             opts = qemu_opts_parse_noisily(&qemu_object_opts,
3349                                            optarg, true);
3350             if (!opts) {
3351                 return 1;
3352             }
3353         }   break;
3354         case OPTION_IMAGE_OPTS:
3355             image_opts = true;
3356             break;
3357         }
3358     }
3359 
3360     if (optind != argc - 1) {
3361         error_exit("Expecting one image file name");
3362     }
3363     filename = argv[optind++];
3364 
3365     if (qemu_opts_foreach(&qemu_object_opts,
3366                           user_creatable_add_opts_foreach,
3367                           qemu_img_object_print_help, &error_fatal)) {
3368         return 1;
3369     }
3370 
3371     /* Open the image */
3372     blk = img_open(image_opts, filename, NULL, bdrv_oflags, false, quiet,
3373                    force_share);
3374     if (!blk) {
3375         return 1;
3376     }
3377     bs = blk_bs(blk);
3378 
3379     /* Perform the requested action */
3380     switch(action) {
3381     case SNAPSHOT_LIST:
3382         dump_snapshots(bs);
3383         break;
3384 
3385     case SNAPSHOT_CREATE:
3386         memset(&sn, 0, sizeof(sn));
3387         pstrcpy(sn.name, sizeof(sn.name), snapshot_name);
3388 
3389         qemu_gettimeofday(&tv);
3390         sn.date_sec = tv.tv_sec;
3391         sn.date_nsec = tv.tv_usec * 1000;
3392 
3393         ret = bdrv_snapshot_create(bs, &sn);
3394         if (ret) {
3395             error_report("Could not create snapshot '%s': %d (%s)",
3396                 snapshot_name, ret, strerror(-ret));
3397         }
3398         break;
3399 
3400     case SNAPSHOT_APPLY:
3401         ret = bdrv_snapshot_goto(bs, snapshot_name, &err);
3402         if (ret) {
3403             error_reportf_err(err, "Could not apply snapshot '%s': ",
3404                               snapshot_name);
3405         }
3406         break;
3407 
3408     case SNAPSHOT_DELETE:
3409         ret = bdrv_snapshot_find(bs, &sn, snapshot_name);
3410         if (ret < 0) {
3411             error_report("Could not delete snapshot '%s': snapshot not "
3412                          "found", snapshot_name);
3413             ret = 1;
3414         } else {
3415             ret = bdrv_snapshot_delete(bs, sn.id_str, sn.name, &err);
3416             if (ret < 0) {
3417                 error_reportf_err(err, "Could not delete snapshot '%s': ",
3418                                   snapshot_name);
3419                 ret = 1;
3420             }
3421         }
3422         break;
3423     }
3424 
3425     /* Cleanup */
3426     blk_unref(blk);
3427     if (ret) {
3428         return 1;
3429     }
3430     return 0;
3431 }
3432 
3433 static int img_rebase(int argc, char **argv)
3434 {
3435     BlockBackend *blk = NULL, *blk_old_backing = NULL, *blk_new_backing = NULL;
3436     uint8_t *buf_old = NULL;
3437     uint8_t *buf_new = NULL;
3438     BlockDriverState *bs = NULL, *prefix_chain_bs = NULL;
3439     char *filename;
3440     const char *fmt, *cache, *src_cache, *out_basefmt, *out_baseimg;
3441     int c, flags, src_flags, ret;
3442     bool writethrough, src_writethrough;
3443     int unsafe = 0;
3444     bool force_share = false;
3445     int progress = 0;
3446     bool quiet = false;
3447     Error *local_err = NULL;
3448     bool image_opts = false;
3449 
3450     /* Parse commandline parameters */
3451     fmt = NULL;
3452     cache = BDRV_DEFAULT_CACHE;
3453     src_cache = BDRV_DEFAULT_CACHE;
3454     out_baseimg = NULL;
3455     out_basefmt = NULL;
3456     for(;;) {
3457         static const struct option long_options[] = {
3458             {"help", no_argument, 0, 'h'},
3459             {"object", required_argument, 0, OPTION_OBJECT},
3460             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
3461             {"force-share", no_argument, 0, 'U'},
3462             {0, 0, 0, 0}
3463         };
3464         c = getopt_long(argc, argv, ":hf:F:b:upt:T:qU",
3465                         long_options, NULL);
3466         if (c == -1) {
3467             break;
3468         }
3469         switch(c) {
3470         case ':':
3471             missing_argument(argv[optind - 1]);
3472             break;
3473         case '?':
3474             unrecognized_option(argv[optind - 1]);
3475             break;
3476         case 'h':
3477             help();
3478             return 0;
3479         case 'f':
3480             fmt = optarg;
3481             break;
3482         case 'F':
3483             out_basefmt = optarg;
3484             break;
3485         case 'b':
3486             out_baseimg = optarg;
3487             break;
3488         case 'u':
3489             unsafe = 1;
3490             break;
3491         case 'p':
3492             progress = 1;
3493             break;
3494         case 't':
3495             cache = optarg;
3496             break;
3497         case 'T':
3498             src_cache = optarg;
3499             break;
3500         case 'q':
3501             quiet = true;
3502             break;
3503         case OPTION_OBJECT: {
3504             QemuOpts *opts;
3505             opts = qemu_opts_parse_noisily(&qemu_object_opts,
3506                                            optarg, true);
3507             if (!opts) {
3508                 return 1;
3509             }
3510         }   break;
3511         case OPTION_IMAGE_OPTS:
3512             image_opts = true;
3513             break;
3514         case 'U':
3515             force_share = true;
3516             break;
3517         }
3518     }
3519 
3520     if (quiet) {
3521         progress = 0;
3522     }
3523 
3524     if (optind != argc - 1) {
3525         error_exit("Expecting one image file name");
3526     }
3527     if (!unsafe && !out_baseimg) {
3528         error_exit("Must specify backing file (-b) or use unsafe mode (-u)");
3529     }
3530     filename = argv[optind++];
3531 
3532     if (qemu_opts_foreach(&qemu_object_opts,
3533                           user_creatable_add_opts_foreach,
3534                           qemu_img_object_print_help, &error_fatal)) {
3535         return 1;
3536     }
3537 
3538     qemu_progress_init(progress, 2.0);
3539     qemu_progress_print(0, 100);
3540 
3541     flags = BDRV_O_RDWR | (unsafe ? BDRV_O_NO_BACKING : 0);
3542     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
3543     if (ret < 0) {
3544         error_report("Invalid cache option: %s", cache);
3545         goto out;
3546     }
3547 
3548     src_flags = 0;
3549     ret = bdrv_parse_cache_mode(src_cache, &src_flags, &src_writethrough);
3550     if (ret < 0) {
3551         error_report("Invalid source cache option: %s", src_cache);
3552         goto out;
3553     }
3554 
3555     /* The source files are opened read-only, don't care about WCE */
3556     assert((src_flags & BDRV_O_RDWR) == 0);
3557     (void) src_writethrough;
3558 
3559     /*
3560      * Open the images.
3561      *
3562      * Ignore the old backing file for unsafe rebase in case we want to correct
3563      * the reference to a renamed or moved backing file.
3564      */
3565     blk = img_open(image_opts, filename, fmt, flags, writethrough, quiet,
3566                    false);
3567     if (!blk) {
3568         ret = -1;
3569         goto out;
3570     }
3571     bs = blk_bs(blk);
3572 
3573     if (out_basefmt != NULL) {
3574         if (bdrv_find_format(out_basefmt) == NULL) {
3575             error_report("Invalid format name: '%s'", out_basefmt);
3576             ret = -1;
3577             goto out;
3578         }
3579     }
3580 
3581     /* For safe rebasing we need to compare old and new backing file */
3582     if (!unsafe) {
3583         QDict *options = NULL;
3584         BlockDriverState *base_bs = backing_bs(bs);
3585 
3586         if (base_bs) {
3587             blk_old_backing = blk_new(qemu_get_aio_context(),
3588                                       BLK_PERM_CONSISTENT_READ,
3589                                       BLK_PERM_ALL);
3590             ret = blk_insert_bs(blk_old_backing, base_bs,
3591                                 &local_err);
3592             if (ret < 0) {
3593                 error_reportf_err(local_err,
3594                                   "Could not reuse old backing file '%s': ",
3595                                   base_bs->filename);
3596                 goto out;
3597             }
3598         } else {
3599             blk_old_backing = NULL;
3600         }
3601 
3602         if (out_baseimg[0]) {
3603             const char *overlay_filename;
3604             char *out_real_path;
3605 
3606             options = qdict_new();
3607             if (out_basefmt) {
3608                 qdict_put_str(options, "driver", out_basefmt);
3609             }
3610             if (force_share) {
3611                 qdict_put_bool(options, BDRV_OPT_FORCE_SHARE, true);
3612             }
3613 
3614             bdrv_refresh_filename(bs);
3615             overlay_filename = bs->exact_filename[0] ? bs->exact_filename
3616                                                      : bs->filename;
3617             out_real_path =
3618                 bdrv_get_full_backing_filename_from_filename(overlay_filename,
3619                                                              out_baseimg,
3620                                                              &local_err);
3621             if (local_err) {
3622                 qobject_unref(options);
3623                 error_reportf_err(local_err,
3624                                   "Could not resolve backing filename: ");
3625                 ret = -1;
3626                 goto out;
3627             }
3628 
3629             /*
3630              * Find out whether we rebase an image on top of a previous image
3631              * in its chain.
3632              */
3633             prefix_chain_bs = bdrv_find_backing_image(bs, out_real_path);
3634             if (prefix_chain_bs) {
3635                 qobject_unref(options);
3636                 g_free(out_real_path);
3637 
3638                 blk_new_backing = blk_new(qemu_get_aio_context(),
3639                                           BLK_PERM_CONSISTENT_READ,
3640                                           BLK_PERM_ALL);
3641                 ret = blk_insert_bs(blk_new_backing, prefix_chain_bs,
3642                                     &local_err);
3643                 if (ret < 0) {
3644                     error_reportf_err(local_err,
3645                                       "Could not reuse backing file '%s': ",
3646                                       out_baseimg);
3647                     goto out;
3648                 }
3649             } else {
3650                 blk_new_backing = blk_new_open(out_real_path, NULL,
3651                                                options, src_flags, &local_err);
3652                 g_free(out_real_path);
3653                 if (!blk_new_backing) {
3654                     error_reportf_err(local_err,
3655                                       "Could not open new backing file '%s': ",
3656                                       out_baseimg);
3657                     ret = -1;
3658                     goto out;
3659                 }
3660             }
3661         }
3662     }
3663 
3664     /*
3665      * Check each unallocated cluster in the COW file. If it is unallocated,
3666      * accesses go to the backing file. We must therefore compare this cluster
3667      * in the old and new backing file, and if they differ we need to copy it
3668      * from the old backing file into the COW file.
3669      *
3670      * If qemu-img crashes during this step, no harm is done. The content of
3671      * the image is the same as the original one at any time.
3672      */
3673     if (!unsafe) {
3674         int64_t size;
3675         int64_t old_backing_size = 0;
3676         int64_t new_backing_size = 0;
3677         uint64_t offset;
3678         int64_t n;
3679         float local_progress = 0;
3680 
3681         buf_old = blk_blockalign(blk, IO_BUF_SIZE);
3682         buf_new = blk_blockalign(blk, IO_BUF_SIZE);
3683 
3684         size = blk_getlength(blk);
3685         if (size < 0) {
3686             error_report("Could not get size of '%s': %s",
3687                          filename, strerror(-size));
3688             ret = -1;
3689             goto out;
3690         }
3691         if (blk_old_backing) {
3692             old_backing_size = blk_getlength(blk_old_backing);
3693             if (old_backing_size < 0) {
3694                 char backing_name[PATH_MAX];
3695 
3696                 bdrv_get_backing_filename(bs, backing_name,
3697                                           sizeof(backing_name));
3698                 error_report("Could not get size of '%s': %s",
3699                              backing_name, strerror(-old_backing_size));
3700                 ret = -1;
3701                 goto out;
3702             }
3703         }
3704         if (blk_new_backing) {
3705             new_backing_size = blk_getlength(blk_new_backing);
3706             if (new_backing_size < 0) {
3707                 error_report("Could not get size of '%s': %s",
3708                              out_baseimg, strerror(-new_backing_size));
3709                 ret = -1;
3710                 goto out;
3711             }
3712         }
3713 
3714         if (size != 0) {
3715             local_progress = (float)100 / (size / MIN(size, IO_BUF_SIZE));
3716         }
3717 
3718         for (offset = 0; offset < size; offset += n) {
3719             bool buf_old_is_zero = false;
3720 
3721             /* How many bytes can we handle with the next read? */
3722             n = MIN(IO_BUF_SIZE, size - offset);
3723 
3724             /* If the cluster is allocated, we don't need to take action */
3725             ret = bdrv_is_allocated(bs, offset, n, &n);
3726             if (ret < 0) {
3727                 error_report("error while reading image metadata: %s",
3728                              strerror(-ret));
3729                 goto out;
3730             }
3731             if (ret) {
3732                 continue;
3733             }
3734 
3735             if (prefix_chain_bs) {
3736                 /*
3737                  * If cluster wasn't changed since prefix_chain, we don't need
3738                  * to take action
3739                  */
3740                 ret = bdrv_is_allocated_above(backing_bs(bs), prefix_chain_bs,
3741                                               false, offset, n, &n);
3742                 if (ret < 0) {
3743                     error_report("error while reading image metadata: %s",
3744                                  strerror(-ret));
3745                     goto out;
3746                 }
3747                 if (!ret) {
3748                     continue;
3749                 }
3750             }
3751 
3752             /*
3753              * Read old and new backing file and take into consideration that
3754              * backing files may be smaller than the COW image.
3755              */
3756             if (offset >= old_backing_size) {
3757                 memset(buf_old, 0, n);
3758                 buf_old_is_zero = true;
3759             } else {
3760                 if (offset + n > old_backing_size) {
3761                     n = old_backing_size - offset;
3762                 }
3763 
3764                 ret = blk_pread(blk_old_backing, offset, buf_old, n);
3765                 if (ret < 0) {
3766                     error_report("error while reading from old backing file");
3767                     goto out;
3768                 }
3769             }
3770 
3771             if (offset >= new_backing_size || !blk_new_backing) {
3772                 memset(buf_new, 0, n);
3773             } else {
3774                 if (offset + n > new_backing_size) {
3775                     n = new_backing_size - offset;
3776                 }
3777 
3778                 ret = blk_pread(blk_new_backing, offset, buf_new, n);
3779                 if (ret < 0) {
3780                     error_report("error while reading from new backing file");
3781                     goto out;
3782                 }
3783             }
3784 
3785             /* If they differ, we need to write to the COW file */
3786             uint64_t written = 0;
3787 
3788             while (written < n) {
3789                 int64_t pnum;
3790 
3791                 if (compare_buffers(buf_old + written, buf_new + written,
3792                                     n - written, &pnum))
3793                 {
3794                     if (buf_old_is_zero) {
3795                         ret = blk_pwrite_zeroes(blk, offset + written, pnum, 0);
3796                     } else {
3797                         ret = blk_pwrite(blk, offset + written,
3798                                          buf_old + written, pnum, 0);
3799                     }
3800                     if (ret < 0) {
3801                         error_report("Error while writing to COW image: %s",
3802                             strerror(-ret));
3803                         goto out;
3804                     }
3805                 }
3806 
3807                 written += pnum;
3808             }
3809             qemu_progress_print(local_progress, 100);
3810         }
3811     }
3812 
3813     /*
3814      * Change the backing file. All clusters that are different from the old
3815      * backing file are overwritten in the COW file now, so the visible content
3816      * doesn't change when we switch the backing file.
3817      */
3818     if (out_baseimg && *out_baseimg) {
3819         ret = bdrv_change_backing_file(bs, out_baseimg, out_basefmt);
3820     } else {
3821         ret = bdrv_change_backing_file(bs, NULL, NULL);
3822     }
3823 
3824     if (ret == -ENOSPC) {
3825         error_report("Could not change the backing file to '%s': No "
3826                      "space left in the file header", out_baseimg);
3827     } else if (ret < 0) {
3828         error_report("Could not change the backing file to '%s': %s",
3829             out_baseimg, strerror(-ret));
3830     }
3831 
3832     qemu_progress_print(100, 0);
3833     /*
3834      * TODO At this point it is possible to check if any clusters that are
3835      * allocated in the COW file are the same in the backing file. If so, they
3836      * could be dropped from the COW file. Don't do this before switching the
3837      * backing file, in case of a crash this would lead to corruption.
3838      */
3839 out:
3840     qemu_progress_end();
3841     /* Cleanup */
3842     if (!unsafe) {
3843         blk_unref(blk_old_backing);
3844         blk_unref(blk_new_backing);
3845     }
3846     qemu_vfree(buf_old);
3847     qemu_vfree(buf_new);
3848 
3849     blk_unref(blk);
3850     if (ret) {
3851         return 1;
3852     }
3853     return 0;
3854 }
3855 
3856 static int img_resize(int argc, char **argv)
3857 {
3858     Error *err = NULL;
3859     int c, ret, relative;
3860     const char *filename, *fmt, *size;
3861     int64_t n, total_size, current_size;
3862     bool quiet = false;
3863     BlockBackend *blk = NULL;
3864     PreallocMode prealloc = PREALLOC_MODE_OFF;
3865     QemuOpts *param;
3866 
3867     static QemuOptsList resize_options = {
3868         .name = "resize_options",
3869         .head = QTAILQ_HEAD_INITIALIZER(resize_options.head),
3870         .desc = {
3871             {
3872                 .name = BLOCK_OPT_SIZE,
3873                 .type = QEMU_OPT_SIZE,
3874                 .help = "Virtual disk size"
3875             }, {
3876                 /* end of list */
3877             }
3878         },
3879     };
3880     bool image_opts = false;
3881     bool shrink = false;
3882 
3883     /* Remove size from argv manually so that negative numbers are not treated
3884      * as options by getopt. */
3885     if (argc < 3) {
3886         error_exit("Not enough arguments");
3887         return 1;
3888     }
3889 
3890     size = argv[--argc];
3891 
3892     /* Parse getopt arguments */
3893     fmt = NULL;
3894     for(;;) {
3895         static const struct option long_options[] = {
3896             {"help", no_argument, 0, 'h'},
3897             {"object", required_argument, 0, OPTION_OBJECT},
3898             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
3899             {"preallocation", required_argument, 0, OPTION_PREALLOCATION},
3900             {"shrink", no_argument, 0, OPTION_SHRINK},
3901             {0, 0, 0, 0}
3902         };
3903         c = getopt_long(argc, argv, ":f:hq",
3904                         long_options, NULL);
3905         if (c == -1) {
3906             break;
3907         }
3908         switch(c) {
3909         case ':':
3910             missing_argument(argv[optind - 1]);
3911             break;
3912         case '?':
3913             unrecognized_option(argv[optind - 1]);
3914             break;
3915         case 'h':
3916             help();
3917             break;
3918         case 'f':
3919             fmt = optarg;
3920             break;
3921         case 'q':
3922             quiet = true;
3923             break;
3924         case OPTION_OBJECT: {
3925             QemuOpts *opts;
3926             opts = qemu_opts_parse_noisily(&qemu_object_opts,
3927                                            optarg, true);
3928             if (!opts) {
3929                 return 1;
3930             }
3931         }   break;
3932         case OPTION_IMAGE_OPTS:
3933             image_opts = true;
3934             break;
3935         case OPTION_PREALLOCATION:
3936             prealloc = qapi_enum_parse(&PreallocMode_lookup, optarg,
3937                                        PREALLOC_MODE__MAX, NULL);
3938             if (prealloc == PREALLOC_MODE__MAX) {
3939                 error_report("Invalid preallocation mode '%s'", optarg);
3940                 return 1;
3941             }
3942             break;
3943         case OPTION_SHRINK:
3944             shrink = true;
3945             break;
3946         }
3947     }
3948     if (optind != argc - 1) {
3949         error_exit("Expecting image file name and size");
3950     }
3951     filename = argv[optind++];
3952 
3953     if (qemu_opts_foreach(&qemu_object_opts,
3954                           user_creatable_add_opts_foreach,
3955                           qemu_img_object_print_help, &error_fatal)) {
3956         return 1;
3957     }
3958 
3959     /* Choose grow, shrink, or absolute resize mode */
3960     switch (size[0]) {
3961     case '+':
3962         relative = 1;
3963         size++;
3964         break;
3965     case '-':
3966         relative = -1;
3967         size++;
3968         break;
3969     default:
3970         relative = 0;
3971         break;
3972     }
3973 
3974     /* Parse size */
3975     param = qemu_opts_create(&resize_options, NULL, 0, &error_abort);
3976     qemu_opt_set(param, BLOCK_OPT_SIZE, size, &err);
3977     if (err) {
3978         error_report_err(err);
3979         ret = -1;
3980         qemu_opts_del(param);
3981         goto out;
3982     }
3983     n = qemu_opt_get_size(param, BLOCK_OPT_SIZE, 0);
3984     qemu_opts_del(param);
3985 
3986     blk = img_open(image_opts, filename, fmt,
3987                    BDRV_O_RDWR | BDRV_O_RESIZE, false, quiet,
3988                    false);
3989     if (!blk) {
3990         ret = -1;
3991         goto out;
3992     }
3993 
3994     current_size = blk_getlength(blk);
3995     if (current_size < 0) {
3996         error_report("Failed to inquire current image length: %s",
3997                      strerror(-current_size));
3998         ret = -1;
3999         goto out;
4000     }
4001 
4002     if (relative) {
4003         total_size = current_size + n * relative;
4004     } else {
4005         total_size = n;
4006     }
4007     if (total_size <= 0) {
4008         error_report("New image size must be positive");
4009         ret = -1;
4010         goto out;
4011     }
4012 
4013     if (total_size <= current_size && prealloc != PREALLOC_MODE_OFF) {
4014         error_report("Preallocation can only be used for growing images");
4015         ret = -1;
4016         goto out;
4017     }
4018 
4019     if (total_size < current_size && !shrink) {
4020         warn_report("Shrinking an image will delete all data beyond the "
4021                     "shrunken image's end. Before performing such an "
4022                     "operation, make sure there is no important data there.");
4023 
4024         if (g_strcmp0(bdrv_get_format_name(blk_bs(blk)), "raw") != 0) {
4025             error_report(
4026               "Use the --shrink option to perform a shrink operation.");
4027             ret = -1;
4028             goto out;
4029         } else {
4030             warn_report("Using the --shrink option will suppress this message. "
4031                         "Note that future versions of qemu-img may refuse to "
4032                         "shrink images without this option.");
4033         }
4034     }
4035 
4036     /*
4037      * The user expects the image to have the desired size after
4038      * resizing, so pass @exact=true.  It is of no use to report
4039      * success when the image has not actually been resized.
4040      */
4041     ret = blk_truncate(blk, total_size, true, prealloc, 0, &err);
4042     if (!ret) {
4043         qprintf(quiet, "Image resized.\n");
4044     } else {
4045         error_report_err(err);
4046     }
4047 out:
4048     blk_unref(blk);
4049     if (ret) {
4050         return 1;
4051     }
4052     return 0;
4053 }
4054 
4055 static void amend_status_cb(BlockDriverState *bs,
4056                             int64_t offset, int64_t total_work_size,
4057                             void *opaque)
4058 {
4059     qemu_progress_print(100.f * offset / total_work_size, 0);
4060 }
4061 
4062 static int print_amend_option_help(const char *format)
4063 {
4064     BlockDriver *drv;
4065 
4066     /* Find driver and parse its options */
4067     drv = bdrv_find_format(format);
4068     if (!drv) {
4069         error_report("Unknown file format '%s'", format);
4070         return 1;
4071     }
4072 
4073     if (!drv->bdrv_amend_options) {
4074         error_report("Format driver '%s' does not support option amendment",
4075                      format);
4076         return 1;
4077     }
4078 
4079     /* Every driver supporting amendment must have create_opts */
4080     assert(drv->create_opts);
4081 
4082     printf("Creation options for '%s':\n", format);
4083     qemu_opts_print_help(drv->create_opts, false);
4084     printf("\nNote that not all of these options may be amendable.\n");
4085     return 0;
4086 }
4087 
4088 static int img_amend(int argc, char **argv)
4089 {
4090     Error *err = NULL;
4091     int c, ret = 0;
4092     char *options = NULL;
4093     QemuOptsList *create_opts = NULL;
4094     QemuOpts *opts = NULL;
4095     const char *fmt = NULL, *filename, *cache;
4096     int flags;
4097     bool writethrough;
4098     bool quiet = false, progress = false;
4099     BlockBackend *blk = NULL;
4100     BlockDriverState *bs = NULL;
4101     bool image_opts = false;
4102 
4103     cache = BDRV_DEFAULT_CACHE;
4104     for (;;) {
4105         static const struct option long_options[] = {
4106             {"help", no_argument, 0, 'h'},
4107             {"object", required_argument, 0, OPTION_OBJECT},
4108             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
4109             {0, 0, 0, 0}
4110         };
4111         c = getopt_long(argc, argv, ":ho:f:t:pq",
4112                         long_options, NULL);
4113         if (c == -1) {
4114             break;
4115         }
4116 
4117         switch (c) {
4118         case ':':
4119             missing_argument(argv[optind - 1]);
4120             break;
4121         case '?':
4122             unrecognized_option(argv[optind - 1]);
4123             break;
4124         case 'h':
4125             help();
4126             break;
4127         case 'o':
4128             if (accumulate_options(&options, optarg) < 0) {
4129                 ret = -1;
4130                 goto out_no_progress;
4131             }
4132             break;
4133         case 'f':
4134             fmt = optarg;
4135             break;
4136         case 't':
4137             cache = optarg;
4138             break;
4139         case 'p':
4140             progress = true;
4141             break;
4142         case 'q':
4143             quiet = true;
4144             break;
4145         case OPTION_OBJECT:
4146             opts = qemu_opts_parse_noisily(&qemu_object_opts,
4147                                            optarg, true);
4148             if (!opts) {
4149                 ret = -1;
4150                 goto out_no_progress;
4151             }
4152             break;
4153         case OPTION_IMAGE_OPTS:
4154             image_opts = true;
4155             break;
4156         }
4157     }
4158 
4159     if (!options) {
4160         error_exit("Must specify options (-o)");
4161     }
4162 
4163     if (qemu_opts_foreach(&qemu_object_opts,
4164                           user_creatable_add_opts_foreach,
4165                           qemu_img_object_print_help, &error_fatal)) {
4166         ret = -1;
4167         goto out_no_progress;
4168     }
4169 
4170     if (quiet) {
4171         progress = false;
4172     }
4173     qemu_progress_init(progress, 1.0);
4174 
4175     filename = (optind == argc - 1) ? argv[argc - 1] : NULL;
4176     if (fmt && has_help_option(options)) {
4177         /* If a format is explicitly specified (and possibly no filename is
4178          * given), print option help here */
4179         ret = print_amend_option_help(fmt);
4180         goto out;
4181     }
4182 
4183     if (optind != argc - 1) {
4184         error_report("Expecting one image file name");
4185         ret = -1;
4186         goto out;
4187     }
4188 
4189     flags = BDRV_O_RDWR;
4190     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
4191     if (ret < 0) {
4192         error_report("Invalid cache option: %s", cache);
4193         goto out;
4194     }
4195 
4196     blk = img_open(image_opts, filename, fmt, flags, writethrough, quiet,
4197                    false);
4198     if (!blk) {
4199         ret = -1;
4200         goto out;
4201     }
4202     bs = blk_bs(blk);
4203 
4204     fmt = bs->drv->format_name;
4205 
4206     if (has_help_option(options)) {
4207         /* If the format was auto-detected, print option help here */
4208         ret = print_amend_option_help(fmt);
4209         goto out;
4210     }
4211 
4212     if (!bs->drv->bdrv_amend_options) {
4213         error_report("Format driver '%s' does not support option amendment",
4214                      fmt);
4215         ret = -1;
4216         goto out;
4217     }
4218 
4219     /* Every driver supporting amendment must have create_opts */
4220     assert(bs->drv->create_opts);
4221 
4222     create_opts = qemu_opts_append(create_opts, bs->drv->create_opts);
4223     opts = qemu_opts_create(create_opts, NULL, 0, &error_abort);
4224     qemu_opts_do_parse(opts, options, NULL, &err);
4225     if (err) {
4226         error_report_err(err);
4227         ret = -1;
4228         goto out;
4229     }
4230 
4231     /* In case the driver does not call amend_status_cb() */
4232     qemu_progress_print(0.f, 0);
4233     ret = bdrv_amend_options(bs, opts, &amend_status_cb, NULL, &err);
4234     qemu_progress_print(100.f, 0);
4235     if (ret < 0) {
4236         error_report_err(err);
4237         goto out;
4238     }
4239 
4240 out:
4241     qemu_progress_end();
4242 
4243 out_no_progress:
4244     blk_unref(blk);
4245     qemu_opts_del(opts);
4246     qemu_opts_free(create_opts);
4247     g_free(options);
4248 
4249     if (ret) {
4250         return 1;
4251     }
4252     return 0;
4253 }
4254 
4255 typedef struct BenchData {
4256     BlockBackend *blk;
4257     uint64_t image_size;
4258     bool write;
4259     int bufsize;
4260     int step;
4261     int nrreq;
4262     int n;
4263     int flush_interval;
4264     bool drain_on_flush;
4265     uint8_t *buf;
4266     QEMUIOVector *qiov;
4267 
4268     int in_flight;
4269     bool in_flush;
4270     uint64_t offset;
4271 } BenchData;
4272 
4273 static void bench_undrained_flush_cb(void *opaque, int ret)
4274 {
4275     if (ret < 0) {
4276         error_report("Failed flush request: %s", strerror(-ret));
4277         exit(EXIT_FAILURE);
4278     }
4279 }
4280 
4281 static void bench_cb(void *opaque, int ret)
4282 {
4283     BenchData *b = opaque;
4284     BlockAIOCB *acb;
4285 
4286     if (ret < 0) {
4287         error_report("Failed request: %s", strerror(-ret));
4288         exit(EXIT_FAILURE);
4289     }
4290 
4291     if (b->in_flush) {
4292         /* Just finished a flush with drained queue: Start next requests */
4293         assert(b->in_flight == 0);
4294         b->in_flush = false;
4295     } else if (b->in_flight > 0) {
4296         int remaining = b->n - b->in_flight;
4297 
4298         b->n--;
4299         b->in_flight--;
4300 
4301         /* Time for flush? Drain queue if requested, then flush */
4302         if (b->flush_interval && remaining % b->flush_interval == 0) {
4303             if (!b->in_flight || !b->drain_on_flush) {
4304                 BlockCompletionFunc *cb;
4305 
4306                 if (b->drain_on_flush) {
4307                     b->in_flush = true;
4308                     cb = bench_cb;
4309                 } else {
4310                     cb = bench_undrained_flush_cb;
4311                 }
4312 
4313                 acb = blk_aio_flush(b->blk, cb, b);
4314                 if (!acb) {
4315                     error_report("Failed to issue flush request");
4316                     exit(EXIT_FAILURE);
4317                 }
4318             }
4319             if (b->drain_on_flush) {
4320                 return;
4321             }
4322         }
4323     }
4324 
4325     while (b->n > b->in_flight && b->in_flight < b->nrreq) {
4326         int64_t offset = b->offset;
4327         /* blk_aio_* might look for completed I/Os and kick bench_cb
4328          * again, so make sure this operation is counted by in_flight
4329          * and b->offset is ready for the next submission.
4330          */
4331         b->in_flight++;
4332         b->offset += b->step;
4333         b->offset %= b->image_size;
4334         if (b->write) {
4335             acb = blk_aio_pwritev(b->blk, offset, b->qiov, 0, bench_cb, b);
4336         } else {
4337             acb = blk_aio_preadv(b->blk, offset, b->qiov, 0, bench_cb, b);
4338         }
4339         if (!acb) {
4340             error_report("Failed to issue request");
4341             exit(EXIT_FAILURE);
4342         }
4343     }
4344 }
4345 
4346 static int img_bench(int argc, char **argv)
4347 {
4348     int c, ret = 0;
4349     const char *fmt = NULL, *filename;
4350     bool quiet = false;
4351     bool image_opts = false;
4352     bool is_write = false;
4353     int count = 75000;
4354     int depth = 64;
4355     int64_t offset = 0;
4356     size_t bufsize = 4096;
4357     int pattern = 0;
4358     size_t step = 0;
4359     int flush_interval = 0;
4360     bool drain_on_flush = true;
4361     int64_t image_size;
4362     BlockBackend *blk = NULL;
4363     BenchData data = {};
4364     int flags = 0;
4365     bool writethrough = false;
4366     struct timeval t1, t2;
4367     int i;
4368     bool force_share = false;
4369     size_t buf_size;
4370 
4371     for (;;) {
4372         static const struct option long_options[] = {
4373             {"help", no_argument, 0, 'h'},
4374             {"flush-interval", required_argument, 0, OPTION_FLUSH_INTERVAL},
4375             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
4376             {"pattern", required_argument, 0, OPTION_PATTERN},
4377             {"no-drain", no_argument, 0, OPTION_NO_DRAIN},
4378             {"force-share", no_argument, 0, 'U'},
4379             {0, 0, 0, 0}
4380         };
4381         c = getopt_long(argc, argv, ":hc:d:f:ni:o:qs:S:t:wU", long_options,
4382                         NULL);
4383         if (c == -1) {
4384             break;
4385         }
4386 
4387         switch (c) {
4388         case ':':
4389             missing_argument(argv[optind - 1]);
4390             break;
4391         case '?':
4392             unrecognized_option(argv[optind - 1]);
4393             break;
4394         case 'h':
4395             help();
4396             break;
4397         case 'c':
4398         {
4399             unsigned long res;
4400 
4401             if (qemu_strtoul(optarg, NULL, 0, &res) < 0 || res > INT_MAX) {
4402                 error_report("Invalid request count specified");
4403                 return 1;
4404             }
4405             count = res;
4406             break;
4407         }
4408         case 'd':
4409         {
4410             unsigned long res;
4411 
4412             if (qemu_strtoul(optarg, NULL, 0, &res) < 0 || res > INT_MAX) {
4413                 error_report("Invalid queue depth specified");
4414                 return 1;
4415             }
4416             depth = res;
4417             break;
4418         }
4419         case 'f':
4420             fmt = optarg;
4421             break;
4422         case 'n':
4423             flags |= BDRV_O_NATIVE_AIO;
4424             break;
4425         case 'i':
4426             ret = bdrv_parse_aio(optarg, &flags);
4427             if (ret < 0) {
4428                 error_report("Invalid aio option: %s", optarg);
4429                 ret = -1;
4430                 goto out;
4431             }
4432             break;
4433         case 'o':
4434         {
4435             offset = cvtnum("offset", optarg);
4436             if (offset < 0) {
4437                 return 1;
4438             }
4439             break;
4440         }
4441             break;
4442         case 'q':
4443             quiet = true;
4444             break;
4445         case 's':
4446         {
4447             int64_t sval;
4448 
4449             sval = cvtnum_full("buffer size", optarg, 0, INT_MAX);
4450             if (sval < 0) {
4451                 return 1;
4452             }
4453 
4454             bufsize = sval;
4455             break;
4456         }
4457         case 'S':
4458         {
4459             int64_t sval;
4460 
4461             sval = cvtnum_full("step_size", optarg, 0, INT_MAX);
4462             if (sval < 0) {
4463                 return 1;
4464             }
4465 
4466             step = sval;
4467             break;
4468         }
4469         case 't':
4470             ret = bdrv_parse_cache_mode(optarg, &flags, &writethrough);
4471             if (ret < 0) {
4472                 error_report("Invalid cache mode");
4473                 ret = -1;
4474                 goto out;
4475             }
4476             break;
4477         case 'w':
4478             flags |= BDRV_O_RDWR;
4479             is_write = true;
4480             break;
4481         case 'U':
4482             force_share = true;
4483             break;
4484         case OPTION_PATTERN:
4485         {
4486             unsigned long res;
4487 
4488             if (qemu_strtoul(optarg, NULL, 0, &res) < 0 || res > 0xff) {
4489                 error_report("Invalid pattern byte specified");
4490                 return 1;
4491             }
4492             pattern = res;
4493             break;
4494         }
4495         case OPTION_FLUSH_INTERVAL:
4496         {
4497             unsigned long res;
4498 
4499             if (qemu_strtoul(optarg, NULL, 0, &res) < 0 || res > INT_MAX) {
4500                 error_report("Invalid flush interval specified");
4501                 return 1;
4502             }
4503             flush_interval = res;
4504             break;
4505         }
4506         case OPTION_NO_DRAIN:
4507             drain_on_flush = false;
4508             break;
4509         case OPTION_IMAGE_OPTS:
4510             image_opts = true;
4511             break;
4512         }
4513     }
4514 
4515     if (optind != argc - 1) {
4516         error_exit("Expecting one image file name");
4517     }
4518     filename = argv[argc - 1];
4519 
4520     if (!is_write && flush_interval) {
4521         error_report("--flush-interval is only available in write tests");
4522         ret = -1;
4523         goto out;
4524     }
4525     if (flush_interval && flush_interval < depth) {
4526         error_report("Flush interval can't be smaller than depth");
4527         ret = -1;
4528         goto out;
4529     }
4530 
4531     blk = img_open(image_opts, filename, fmt, flags, writethrough, quiet,
4532                    force_share);
4533     if (!blk) {
4534         ret = -1;
4535         goto out;
4536     }
4537 
4538     image_size = blk_getlength(blk);
4539     if (image_size < 0) {
4540         ret = image_size;
4541         goto out;
4542     }
4543 
4544     data = (BenchData) {
4545         .blk            = blk,
4546         .image_size     = image_size,
4547         .bufsize        = bufsize,
4548         .step           = step ?: bufsize,
4549         .nrreq          = depth,
4550         .n              = count,
4551         .offset         = offset,
4552         .write          = is_write,
4553         .flush_interval = flush_interval,
4554         .drain_on_flush = drain_on_flush,
4555     };
4556     printf("Sending %d %s requests, %d bytes each, %d in parallel "
4557            "(starting at offset %" PRId64 ", step size %d)\n",
4558            data.n, data.write ? "write" : "read", data.bufsize, data.nrreq,
4559            data.offset, data.step);
4560     if (flush_interval) {
4561         printf("Sending flush every %d requests\n", flush_interval);
4562     }
4563 
4564     buf_size = data.nrreq * data.bufsize;
4565     data.buf = blk_blockalign(blk, buf_size);
4566     memset(data.buf, pattern, data.nrreq * data.bufsize);
4567 
4568     blk_register_buf(blk, data.buf, buf_size);
4569 
4570     data.qiov = g_new(QEMUIOVector, data.nrreq);
4571     for (i = 0; i < data.nrreq; i++) {
4572         qemu_iovec_init(&data.qiov[i], 1);
4573         qemu_iovec_add(&data.qiov[i],
4574                        data.buf + i * data.bufsize, data.bufsize);
4575     }
4576 
4577     gettimeofday(&t1, NULL);
4578     bench_cb(&data, 0);
4579 
4580     while (data.n > 0) {
4581         main_loop_wait(false);
4582     }
4583     gettimeofday(&t2, NULL);
4584 
4585     printf("Run completed in %3.3f seconds.\n",
4586            (t2.tv_sec - t1.tv_sec)
4587            + ((double)(t2.tv_usec - t1.tv_usec) / 1000000));
4588 
4589 out:
4590     if (data.buf) {
4591         blk_unregister_buf(blk, data.buf);
4592     }
4593     qemu_vfree(data.buf);
4594     blk_unref(blk);
4595 
4596     if (ret) {
4597         return 1;
4598     }
4599     return 0;
4600 }
4601 
4602 enum ImgBitmapAct {
4603     BITMAP_ADD,
4604     BITMAP_REMOVE,
4605     BITMAP_CLEAR,
4606     BITMAP_ENABLE,
4607     BITMAP_DISABLE,
4608     BITMAP_MERGE,
4609 };
4610 typedef struct ImgBitmapAction {
4611     enum ImgBitmapAct act;
4612     const char *src; /* only used for merge */
4613     QSIMPLEQ_ENTRY(ImgBitmapAction) next;
4614 } ImgBitmapAction;
4615 
4616 static int img_bitmap(int argc, char **argv)
4617 {
4618     Error *err = NULL;
4619     int c, ret = 1;
4620     QemuOpts *opts = NULL;
4621     const char *fmt = NULL, *src_fmt = NULL, *src_filename = NULL;
4622     const char *filename, *bitmap;
4623     BlockBackend *blk = NULL, *src = NULL;
4624     BlockDriverState *bs = NULL, *src_bs = NULL;
4625     bool image_opts = false;
4626     int64_t granularity = 0;
4627     bool add = false, merge = false;
4628     QSIMPLEQ_HEAD(, ImgBitmapAction) actions;
4629     ImgBitmapAction *act, *act_next;
4630     const char *op;
4631 
4632     QSIMPLEQ_INIT(&actions);
4633 
4634     for (;;) {
4635         static const struct option long_options[] = {
4636             {"help", no_argument, 0, 'h'},
4637             {"object", required_argument, 0, OPTION_OBJECT},
4638             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
4639             {"add", no_argument, 0, OPTION_ADD},
4640             {"remove", no_argument, 0, OPTION_REMOVE},
4641             {"clear", no_argument, 0, OPTION_CLEAR},
4642             {"enable", no_argument, 0, OPTION_ENABLE},
4643             {"disable", no_argument, 0, OPTION_DISABLE},
4644             {"merge", required_argument, 0, OPTION_MERGE},
4645             {"granularity", required_argument, 0, 'g'},
4646             {"source-file", required_argument, 0, 'b'},
4647             {"source-format", required_argument, 0, 'F'},
4648             {0, 0, 0, 0}
4649         };
4650         c = getopt_long(argc, argv, ":b:f:F:g:h", long_options, NULL);
4651         if (c == -1) {
4652             break;
4653         }
4654 
4655         switch (c) {
4656         case ':':
4657             missing_argument(argv[optind - 1]);
4658             break;
4659         case '?':
4660             unrecognized_option(argv[optind - 1]);
4661             break;
4662         case 'h':
4663             help();
4664             break;
4665         case 'b':
4666             src_filename = optarg;
4667             break;
4668         case 'f':
4669             fmt = optarg;
4670             break;
4671         case 'F':
4672             src_fmt = optarg;
4673             break;
4674         case 'g':
4675             granularity = cvtnum("granularity", optarg);
4676             if (granularity < 0) {
4677                 return 1;
4678             }
4679             break;
4680         case OPTION_ADD:
4681             act = g_new0(ImgBitmapAction, 1);
4682             act->act = BITMAP_ADD;
4683             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4684             add = true;
4685             break;
4686         case OPTION_REMOVE:
4687             act = g_new0(ImgBitmapAction, 1);
4688             act->act = BITMAP_REMOVE;
4689             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4690             break;
4691         case OPTION_CLEAR:
4692             act = g_new0(ImgBitmapAction, 1);
4693             act->act = BITMAP_CLEAR;
4694             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4695             break;
4696         case OPTION_ENABLE:
4697             act = g_new0(ImgBitmapAction, 1);
4698             act->act = BITMAP_ENABLE;
4699             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4700             break;
4701         case OPTION_DISABLE:
4702             act = g_new0(ImgBitmapAction, 1);
4703             act->act = BITMAP_DISABLE;
4704             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4705             break;
4706         case OPTION_MERGE:
4707             act = g_new0(ImgBitmapAction, 1);
4708             act->act = BITMAP_MERGE;
4709             act->src = optarg;
4710             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4711             merge = true;
4712             break;
4713         case OPTION_OBJECT:
4714             opts = qemu_opts_parse_noisily(&qemu_object_opts, optarg, true);
4715             if (!opts) {
4716                 goto out;
4717             }
4718             break;
4719         case OPTION_IMAGE_OPTS:
4720             image_opts = true;
4721             break;
4722         }
4723     }
4724 
4725     if (qemu_opts_foreach(&qemu_object_opts,
4726                           user_creatable_add_opts_foreach,
4727                           qemu_img_object_print_help, &error_fatal)) {
4728         goto out;
4729     }
4730 
4731     if (QSIMPLEQ_EMPTY(&actions)) {
4732         error_report("Need at least one of --add, --remove, --clear, "
4733                      "--enable, --disable, or --merge");
4734         goto out;
4735     }
4736 
4737     if (granularity && !add) {
4738         error_report("granularity only supported with --add");
4739         goto out;
4740     }
4741     if (src_fmt && !src_filename) {
4742         error_report("-F only supported with -b");
4743         goto out;
4744     }
4745     if (src_filename && !merge) {
4746         error_report("Merge bitmap source file only supported with "
4747                      "--merge");
4748         goto out;
4749     }
4750 
4751     if (optind != argc - 2) {
4752         error_report("Expecting filename and bitmap name");
4753         goto out;
4754     }
4755 
4756     filename = argv[optind];
4757     bitmap = argv[optind + 1];
4758 
4759     blk = img_open(image_opts, filename, fmt, BDRV_O_RDWR, false, false,
4760                    false);
4761     if (!blk) {
4762         goto out;
4763     }
4764     bs = blk_bs(blk);
4765     if (src_filename) {
4766         src = img_open(false, src_filename, src_fmt, 0, false, false, false);
4767         if (!src) {
4768             goto out;
4769         }
4770         src_bs = blk_bs(src);
4771     } else {
4772         src_bs = bs;
4773     }
4774 
4775     QSIMPLEQ_FOREACH_SAFE(act, &actions, next, act_next) {
4776         switch (act->act) {
4777         case BITMAP_ADD:
4778             qmp_block_dirty_bitmap_add(bs->node_name, bitmap,
4779                                        !!granularity, granularity, true, true,
4780                                        false, false, &err);
4781             op = "add";
4782             break;
4783         case BITMAP_REMOVE:
4784             qmp_block_dirty_bitmap_remove(bs->node_name, bitmap, &err);
4785             op = "remove";
4786             break;
4787         case BITMAP_CLEAR:
4788             qmp_block_dirty_bitmap_clear(bs->node_name, bitmap, &err);
4789             op = "clear";
4790             break;
4791         case BITMAP_ENABLE:
4792             qmp_block_dirty_bitmap_enable(bs->node_name, bitmap, &err);
4793             op = "enable";
4794             break;
4795         case BITMAP_DISABLE:
4796             qmp_block_dirty_bitmap_disable(bs->node_name, bitmap, &err);
4797             op = "disable";
4798             break;
4799         case BITMAP_MERGE:
4800             do_dirty_bitmap_merge(bs->node_name, bitmap, src_bs->node_name,
4801                                   act->src, &err);
4802             op = "merge";
4803             break;
4804         default:
4805             g_assert_not_reached();
4806         }
4807 
4808         if (err) {
4809             error_reportf_err(err, "Operation %s on bitmap %s failed: ",
4810                               op, bitmap);
4811             goto out;
4812         }
4813         g_free(act);
4814     }
4815 
4816     ret = 0;
4817 
4818  out:
4819     blk_unref(src);
4820     blk_unref(blk);
4821     qemu_opts_del(opts);
4822     return ret;
4823 }
4824 
4825 #define C_BS      01
4826 #define C_COUNT   02
4827 #define C_IF      04
4828 #define C_OF      010
4829 #define C_SKIP    020
4830 
4831 struct DdInfo {
4832     unsigned int flags;
4833     int64_t count;
4834 };
4835 
4836 struct DdIo {
4837     int bsz;    /* Block size */
4838     char *filename;
4839     uint8_t *buf;
4840     int64_t offset;
4841 };
4842 
4843 struct DdOpts {
4844     const char *name;
4845     int (*f)(const char *, struct DdIo *, struct DdIo *, struct DdInfo *);
4846     unsigned int flag;
4847 };
4848 
4849 static int img_dd_bs(const char *arg,
4850                      struct DdIo *in, struct DdIo *out,
4851                      struct DdInfo *dd)
4852 {
4853     int64_t res;
4854 
4855     res = cvtnum_full("bs", arg, 1, INT_MAX);
4856 
4857     if (res < 0) {
4858         return 1;
4859     }
4860     in->bsz = out->bsz = res;
4861 
4862     return 0;
4863 }
4864 
4865 static int img_dd_count(const char *arg,
4866                         struct DdIo *in, struct DdIo *out,
4867                         struct DdInfo *dd)
4868 {
4869     dd->count = cvtnum("count", arg);
4870 
4871     if (dd->count < 0) {
4872         return 1;
4873     }
4874 
4875     return 0;
4876 }
4877 
4878 static int img_dd_if(const char *arg,
4879                      struct DdIo *in, struct DdIo *out,
4880                      struct DdInfo *dd)
4881 {
4882     in->filename = g_strdup(arg);
4883 
4884     return 0;
4885 }
4886 
4887 static int img_dd_of(const char *arg,
4888                      struct DdIo *in, struct DdIo *out,
4889                      struct DdInfo *dd)
4890 {
4891     out->filename = g_strdup(arg);
4892 
4893     return 0;
4894 }
4895 
4896 static int img_dd_skip(const char *arg,
4897                        struct DdIo *in, struct DdIo *out,
4898                        struct DdInfo *dd)
4899 {
4900     in->offset = cvtnum("skip", arg);
4901 
4902     if (in->offset < 0) {
4903         return 1;
4904     }
4905 
4906     return 0;
4907 }
4908 
4909 static int img_dd(int argc, char **argv)
4910 {
4911     int ret = 0;
4912     char *arg = NULL;
4913     char *tmp;
4914     BlockDriver *drv = NULL, *proto_drv = NULL;
4915     BlockBackend *blk1 = NULL, *blk2 = NULL;
4916     QemuOpts *opts = NULL;
4917     QemuOptsList *create_opts = NULL;
4918     Error *local_err = NULL;
4919     bool image_opts = false;
4920     int c, i;
4921     const char *out_fmt = "raw";
4922     const char *fmt = NULL;
4923     int64_t size = 0;
4924     int64_t block_count = 0, out_pos, in_pos;
4925     bool force_share = false;
4926     struct DdInfo dd = {
4927         .flags = 0,
4928         .count = 0,
4929     };
4930     struct DdIo in = {
4931         .bsz = 512, /* Block size is by default 512 bytes */
4932         .filename = NULL,
4933         .buf = NULL,
4934         .offset = 0
4935     };
4936     struct DdIo out = {
4937         .bsz = 512,
4938         .filename = NULL,
4939         .buf = NULL,
4940         .offset = 0
4941     };
4942 
4943     const struct DdOpts options[] = {
4944         { "bs", img_dd_bs, C_BS },
4945         { "count", img_dd_count, C_COUNT },
4946         { "if", img_dd_if, C_IF },
4947         { "of", img_dd_of, C_OF },
4948         { "skip", img_dd_skip, C_SKIP },
4949         { NULL, NULL, 0 }
4950     };
4951     const struct option long_options[] = {
4952         { "help", no_argument, 0, 'h'},
4953         { "object", required_argument, 0, OPTION_OBJECT},
4954         { "image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
4955         { "force-share", no_argument, 0, 'U'},
4956         { 0, 0, 0, 0 }
4957     };
4958 
4959     while ((c = getopt_long(argc, argv, ":hf:O:U", long_options, NULL))) {
4960         if (c == EOF) {
4961             break;
4962         }
4963         switch (c) {
4964         case 'O':
4965             out_fmt = optarg;
4966             break;
4967         case 'f':
4968             fmt = optarg;
4969             break;
4970         case ':':
4971             missing_argument(argv[optind - 1]);
4972             break;
4973         case '?':
4974             unrecognized_option(argv[optind - 1]);
4975             break;
4976         case 'h':
4977             help();
4978             break;
4979         case 'U':
4980             force_share = true;
4981             break;
4982         case OPTION_OBJECT:
4983             if (!qemu_opts_parse_noisily(&qemu_object_opts, optarg, true)) {
4984                 ret = -1;
4985                 goto out;
4986             }
4987             break;
4988         case OPTION_IMAGE_OPTS:
4989             image_opts = true;
4990             break;
4991         }
4992     }
4993 
4994     for (i = optind; i < argc; i++) {
4995         int j;
4996         arg = g_strdup(argv[i]);
4997 
4998         tmp = strchr(arg, '=');
4999         if (tmp == NULL) {
5000             error_report("unrecognized operand %s", arg);
5001             ret = -1;
5002             goto out;
5003         }
5004 
5005         *tmp++ = '\0';
5006 
5007         for (j = 0; options[j].name != NULL; j++) {
5008             if (!strcmp(arg, options[j].name)) {
5009                 break;
5010             }
5011         }
5012         if (options[j].name == NULL) {
5013             error_report("unrecognized operand %s", arg);
5014             ret = -1;
5015             goto out;
5016         }
5017 
5018         if (options[j].f(tmp, &in, &out, &dd) != 0) {
5019             ret = -1;
5020             goto out;
5021         }
5022         dd.flags |= options[j].flag;
5023         g_free(arg);
5024         arg = NULL;
5025     }
5026 
5027     if (!(dd.flags & C_IF && dd.flags & C_OF)) {
5028         error_report("Must specify both input and output files");
5029         ret = -1;
5030         goto out;
5031     }
5032 
5033     if (qemu_opts_foreach(&qemu_object_opts,
5034                           user_creatable_add_opts_foreach,
5035                           qemu_img_object_print_help, &error_fatal)) {
5036         ret = -1;
5037         goto out;
5038     }
5039 
5040     blk1 = img_open(image_opts, in.filename, fmt, 0, false, false,
5041                     force_share);
5042 
5043     if (!blk1) {
5044         ret = -1;
5045         goto out;
5046     }
5047 
5048     drv = bdrv_find_format(out_fmt);
5049     if (!drv) {
5050         error_report("Unknown file format");
5051         ret = -1;
5052         goto out;
5053     }
5054     proto_drv = bdrv_find_protocol(out.filename, true, &local_err);
5055 
5056     if (!proto_drv) {
5057         error_report_err(local_err);
5058         ret = -1;
5059         goto out;
5060     }
5061     if (!drv->create_opts) {
5062         error_report("Format driver '%s' does not support image creation",
5063                      drv->format_name);
5064         ret = -1;
5065         goto out;
5066     }
5067     if (!proto_drv->create_opts) {
5068         error_report("Protocol driver '%s' does not support image creation",
5069                      proto_drv->format_name);
5070         ret = -1;
5071         goto out;
5072     }
5073     create_opts = qemu_opts_append(create_opts, drv->create_opts);
5074     create_opts = qemu_opts_append(create_opts, proto_drv->create_opts);
5075 
5076     opts = qemu_opts_create(create_opts, NULL, 0, &error_abort);
5077 
5078     size = blk_getlength(blk1);
5079     if (size < 0) {
5080         error_report("Failed to get size for '%s'", in.filename);
5081         ret = -1;
5082         goto out;
5083     }
5084 
5085     if (dd.flags & C_COUNT && dd.count <= INT64_MAX / in.bsz &&
5086         dd.count * in.bsz < size) {
5087         size = dd.count * in.bsz;
5088     }
5089 
5090     /* Overflow means the specified offset is beyond input image's size */
5091     if (dd.flags & C_SKIP && (in.offset > INT64_MAX / in.bsz ||
5092                               size < in.bsz * in.offset)) {
5093         qemu_opt_set_number(opts, BLOCK_OPT_SIZE, 0, &error_abort);
5094     } else {
5095         qemu_opt_set_number(opts, BLOCK_OPT_SIZE,
5096                             size - in.bsz * in.offset, &error_abort);
5097     }
5098 
5099     ret = bdrv_create(drv, out.filename, opts, &local_err);
5100     if (ret < 0) {
5101         error_reportf_err(local_err,
5102                           "%s: error while creating output image: ",
5103                           out.filename);
5104         ret = -1;
5105         goto out;
5106     }
5107 
5108     /* TODO, we can't honour --image-opts for the target,
5109      * since it needs to be given in a format compatible
5110      * with the bdrv_create() call above which does not
5111      * support image-opts style.
5112      */
5113     blk2 = img_open_file(out.filename, NULL, out_fmt, BDRV_O_RDWR,
5114                          false, false, false);
5115 
5116     if (!blk2) {
5117         ret = -1;
5118         goto out;
5119     }
5120 
5121     if (dd.flags & C_SKIP && (in.offset > INT64_MAX / in.bsz ||
5122                               size < in.offset * in.bsz)) {
5123         /* We give a warning if the skip option is bigger than the input
5124          * size and create an empty output disk image (i.e. like dd(1)).
5125          */
5126         error_report("%s: cannot skip to specified offset", in.filename);
5127         in_pos = size;
5128     } else {
5129         in_pos = in.offset * in.bsz;
5130     }
5131 
5132     in.buf = g_new(uint8_t, in.bsz);
5133 
5134     for (out_pos = 0; in_pos < size; block_count++) {
5135         int in_ret, out_ret;
5136 
5137         if (in_pos + in.bsz > size) {
5138             in_ret = blk_pread(blk1, in_pos, in.buf, size - in_pos);
5139         } else {
5140             in_ret = blk_pread(blk1, in_pos, in.buf, in.bsz);
5141         }
5142         if (in_ret < 0) {
5143             error_report("error while reading from input image file: %s",
5144                          strerror(-in_ret));
5145             ret = -1;
5146             goto out;
5147         }
5148         in_pos += in_ret;
5149 
5150         out_ret = blk_pwrite(blk2, out_pos, in.buf, in_ret, 0);
5151 
5152         if (out_ret < 0) {
5153             error_report("error while writing to output image file: %s",
5154                          strerror(-out_ret));
5155             ret = -1;
5156             goto out;
5157         }
5158         out_pos += out_ret;
5159     }
5160 
5161 out:
5162     g_free(arg);
5163     qemu_opts_del(opts);
5164     qemu_opts_free(create_opts);
5165     blk_unref(blk1);
5166     blk_unref(blk2);
5167     g_free(in.filename);
5168     g_free(out.filename);
5169     g_free(in.buf);
5170     g_free(out.buf);
5171 
5172     if (ret) {
5173         return 1;
5174     }
5175     return 0;
5176 }
5177 
5178 static void dump_json_block_measure_info(BlockMeasureInfo *info)
5179 {
5180     QString *str;
5181     QObject *obj;
5182     Visitor *v = qobject_output_visitor_new(&obj);
5183 
5184     visit_type_BlockMeasureInfo(v, NULL, &info, &error_abort);
5185     visit_complete(v, &obj);
5186     str = qobject_to_json_pretty(obj);
5187     assert(str != NULL);
5188     printf("%s\n", qstring_get_str(str));
5189     qobject_unref(obj);
5190     visit_free(v);
5191     qobject_unref(str);
5192 }
5193 
5194 static int img_measure(int argc, char **argv)
5195 {
5196     static const struct option long_options[] = {
5197         {"help", no_argument, 0, 'h'},
5198         {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
5199         {"object", required_argument, 0, OPTION_OBJECT},
5200         {"output", required_argument, 0, OPTION_OUTPUT},
5201         {"size", required_argument, 0, OPTION_SIZE},
5202         {"force-share", no_argument, 0, 'U'},
5203         {0, 0, 0, 0}
5204     };
5205     OutputFormat output_format = OFORMAT_HUMAN;
5206     BlockBackend *in_blk = NULL;
5207     BlockDriver *drv;
5208     const char *filename = NULL;
5209     const char *fmt = NULL;
5210     const char *out_fmt = "raw";
5211     char *options = NULL;
5212     char *snapshot_name = NULL;
5213     bool force_share = false;
5214     QemuOpts *opts = NULL;
5215     QemuOpts *object_opts = NULL;
5216     QemuOpts *sn_opts = NULL;
5217     QemuOptsList *create_opts = NULL;
5218     bool image_opts = false;
5219     uint64_t img_size = UINT64_MAX;
5220     BlockMeasureInfo *info = NULL;
5221     Error *local_err = NULL;
5222     int ret = 1;
5223     int c;
5224 
5225     while ((c = getopt_long(argc, argv, "hf:O:o:l:U",
5226                             long_options, NULL)) != -1) {
5227         switch (c) {
5228         case '?':
5229         case 'h':
5230             help();
5231             break;
5232         case 'f':
5233             fmt = optarg;
5234             break;
5235         case 'O':
5236             out_fmt = optarg;
5237             break;
5238         case 'o':
5239             if (accumulate_options(&options, optarg) < 0) {
5240                 goto out;
5241             }
5242             break;
5243         case 'l':
5244             if (strstart(optarg, SNAPSHOT_OPT_BASE, NULL)) {
5245                 sn_opts = qemu_opts_parse_noisily(&internal_snapshot_opts,
5246                                                   optarg, false);
5247                 if (!sn_opts) {
5248                     error_report("Failed in parsing snapshot param '%s'",
5249                                  optarg);
5250                     goto out;
5251                 }
5252             } else {
5253                 snapshot_name = optarg;
5254             }
5255             break;
5256         case 'U':
5257             force_share = true;
5258             break;
5259         case OPTION_OBJECT:
5260             object_opts = qemu_opts_parse_noisily(&qemu_object_opts,
5261                                                   optarg, true);
5262             if (!object_opts) {
5263                 goto out;
5264             }
5265             break;
5266         case OPTION_IMAGE_OPTS:
5267             image_opts = true;
5268             break;
5269         case OPTION_OUTPUT:
5270             if (!strcmp(optarg, "json")) {
5271                 output_format = OFORMAT_JSON;
5272             } else if (!strcmp(optarg, "human")) {
5273                 output_format = OFORMAT_HUMAN;
5274             } else {
5275                 error_report("--output must be used with human or json "
5276                              "as argument.");
5277                 goto out;
5278             }
5279             break;
5280         case OPTION_SIZE:
5281         {
5282             int64_t sval;
5283 
5284             sval = cvtnum("image size", optarg);
5285             if (sval < 0) {
5286                 goto out;
5287             }
5288             img_size = (uint64_t)sval;
5289         }
5290         break;
5291         }
5292     }
5293 
5294     if (qemu_opts_foreach(&qemu_object_opts,
5295                           user_creatable_add_opts_foreach,
5296                           qemu_img_object_print_help, &error_fatal)) {
5297         goto out;
5298     }
5299 
5300     if (argc - optind > 1) {
5301         error_report("At most one filename argument is allowed.");
5302         goto out;
5303     } else if (argc - optind == 1) {
5304         filename = argv[optind];
5305     }
5306 
5307     if (!filename && (image_opts || fmt || snapshot_name || sn_opts)) {
5308         error_report("--image-opts, -f, and -l require a filename argument.");
5309         goto out;
5310     }
5311     if (filename && img_size != UINT64_MAX) {
5312         error_report("--size N cannot be used together with a filename.");
5313         goto out;
5314     }
5315     if (!filename && img_size == UINT64_MAX) {
5316         error_report("Either --size N or one filename must be specified.");
5317         goto out;
5318     }
5319 
5320     if (filename) {
5321         in_blk = img_open(image_opts, filename, fmt, 0,
5322                           false, false, force_share);
5323         if (!in_blk) {
5324             goto out;
5325         }
5326 
5327         if (sn_opts) {
5328             bdrv_snapshot_load_tmp(blk_bs(in_blk),
5329                     qemu_opt_get(sn_opts, SNAPSHOT_OPT_ID),
5330                     qemu_opt_get(sn_opts, SNAPSHOT_OPT_NAME),
5331                     &local_err);
5332         } else if (snapshot_name != NULL) {
5333             bdrv_snapshot_load_tmp_by_id_or_name(blk_bs(in_blk),
5334                     snapshot_name, &local_err);
5335         }
5336         if (local_err) {
5337             error_reportf_err(local_err, "Failed to load snapshot: ");
5338             goto out;
5339         }
5340     }
5341 
5342     drv = bdrv_find_format(out_fmt);
5343     if (!drv) {
5344         error_report("Unknown file format '%s'", out_fmt);
5345         goto out;
5346     }
5347     if (!drv->create_opts) {
5348         error_report("Format driver '%s' does not support image creation",
5349                      drv->format_name);
5350         goto out;
5351     }
5352 
5353     create_opts = qemu_opts_append(create_opts, drv->create_opts);
5354     create_opts = qemu_opts_append(create_opts, bdrv_file.create_opts);
5355     opts = qemu_opts_create(create_opts, NULL, 0, &error_abort);
5356     if (options) {
5357         qemu_opts_do_parse(opts, options, NULL, &local_err);
5358         if (local_err) {
5359             error_report_err(local_err);
5360             error_report("Invalid options for file format '%s'", out_fmt);
5361             goto out;
5362         }
5363     }
5364     if (img_size != UINT64_MAX) {
5365         qemu_opt_set_number(opts, BLOCK_OPT_SIZE, img_size, &error_abort);
5366     }
5367 
5368     info = bdrv_measure(drv, opts, in_blk ? blk_bs(in_blk) : NULL, &local_err);
5369     if (local_err) {
5370         error_report_err(local_err);
5371         goto out;
5372     }
5373 
5374     if (output_format == OFORMAT_HUMAN) {
5375         printf("required size: %" PRIu64 "\n", info->required);
5376         printf("fully allocated size: %" PRIu64 "\n", info->fully_allocated);
5377         if (info->has_bitmaps) {
5378             printf("bitmaps size: %" PRIu64 "\n", info->bitmaps);
5379         }
5380     } else {
5381         dump_json_block_measure_info(info);
5382     }
5383 
5384     ret = 0;
5385 
5386 out:
5387     qapi_free_BlockMeasureInfo(info);
5388     qemu_opts_del(object_opts);
5389     qemu_opts_del(opts);
5390     qemu_opts_del(sn_opts);
5391     qemu_opts_free(create_opts);
5392     g_free(options);
5393     blk_unref(in_blk);
5394     return ret;
5395 }
5396 
5397 static const img_cmd_t img_cmds[] = {
5398 #define DEF(option, callback, arg_string)        \
5399     { option, callback },
5400 #include "qemu-img-cmds.h"
5401 #undef DEF
5402     { NULL, NULL, },
5403 };
5404 
5405 int main(int argc, char **argv)
5406 {
5407     const img_cmd_t *cmd;
5408     const char *cmdname;
5409     Error *local_error = NULL;
5410     char *trace_file = NULL;
5411     int c;
5412     static const struct option long_options[] = {
5413         {"help", no_argument, 0, 'h'},
5414         {"version", no_argument, 0, 'V'},
5415         {"trace", required_argument, NULL, 'T'},
5416         {0, 0, 0, 0}
5417     };
5418 
5419 #ifdef CONFIG_POSIX
5420     signal(SIGPIPE, SIG_IGN);
5421 #endif
5422 
5423     error_init(argv[0]);
5424     module_call_init(MODULE_INIT_TRACE);
5425     qemu_init_exec_dir(argv[0]);
5426 
5427     if (qemu_init_main_loop(&local_error)) {
5428         error_report_err(local_error);
5429         exit(EXIT_FAILURE);
5430     }
5431 
5432     qcrypto_init(&error_fatal);
5433 
5434     module_call_init(MODULE_INIT_QOM);
5435     bdrv_init();
5436     if (argc < 2) {
5437         error_exit("Not enough arguments");
5438     }
5439 
5440     qemu_add_opts(&qemu_object_opts);
5441     qemu_add_opts(&qemu_source_opts);
5442     qemu_add_opts(&qemu_trace_opts);
5443 
5444     while ((c = getopt_long(argc, argv, "+:hVT:", long_options, NULL)) != -1) {
5445         switch (c) {
5446         case ':':
5447             missing_argument(argv[optind - 1]);
5448             return 0;
5449         case '?':
5450             unrecognized_option(argv[optind - 1]);
5451             return 0;
5452         case 'h':
5453             help();
5454             return 0;
5455         case 'V':
5456             printf(QEMU_IMG_VERSION);
5457             return 0;
5458         case 'T':
5459             g_free(trace_file);
5460             trace_file = trace_opt_parse(optarg);
5461             break;
5462         }
5463     }
5464 
5465     cmdname = argv[optind];
5466 
5467     /* reset getopt_long scanning */
5468     argc -= optind;
5469     if (argc < 1) {
5470         return 0;
5471     }
5472     argv += optind;
5473     qemu_reset_optind();
5474 
5475     if (!trace_init_backends()) {
5476         exit(1);
5477     }
5478     trace_init_file(trace_file);
5479     qemu_set_log(LOG_TRACE);
5480 
5481     /* find the command */
5482     for (cmd = img_cmds; cmd->name != NULL; cmd++) {
5483         if (!strcmp(cmdname, cmd->name)) {
5484             return cmd->handler(argc, argv);
5485         }
5486     }
5487 
5488     /* not found */
5489     error_exit("Command not found: %s", cmdname);
5490 }
5491