xref: /openbmc/qemu/block.c (revision 6683d7bc)
1 /*
2  * QEMU System Emulator block driver
3  *
4  * Copyright (c) 2003 Fabrice Bellard
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 #include "config-host.h"
25 #include "qemu-common.h"
26 #include "trace.h"
27 #include "monitor/monitor.h"
28 #include "block/block_int.h"
29 #include "block/blockjob.h"
30 #include "qemu/module.h"
31 #include "qapi/qmp/qjson.h"
32 #include "sysemu/sysemu.h"
33 #include "qemu/notify.h"
34 #include "block/coroutine.h"
35 #include "qmp-commands.h"
36 #include "qemu/timer.h"
37 
38 #ifdef CONFIG_BSD
39 #include <sys/types.h>
40 #include <sys/stat.h>
41 #include <sys/ioctl.h>
42 #include <sys/queue.h>
43 #ifndef __DragonFly__
44 #include <sys/disk.h>
45 #endif
46 #endif
47 
48 #ifdef _WIN32
49 #include <windows.h>
50 #endif
51 
52 #define NOT_DONE 0x7fffffff /* used while emulated sync operation in progress */
53 
54 typedef enum {
55     BDRV_REQ_COPY_ON_READ = 0x1,
56     BDRV_REQ_ZERO_WRITE   = 0x2,
57 } BdrvRequestFlags;
58 
59 static void bdrv_dev_change_media_cb(BlockDriverState *bs, bool load);
60 static BlockDriverAIOCB *bdrv_aio_readv_em(BlockDriverState *bs,
61         int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
62         BlockDriverCompletionFunc *cb, void *opaque);
63 static BlockDriverAIOCB *bdrv_aio_writev_em(BlockDriverState *bs,
64         int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
65         BlockDriverCompletionFunc *cb, void *opaque);
66 static int coroutine_fn bdrv_co_readv_em(BlockDriverState *bs,
67                                          int64_t sector_num, int nb_sectors,
68                                          QEMUIOVector *iov);
69 static int coroutine_fn bdrv_co_writev_em(BlockDriverState *bs,
70                                          int64_t sector_num, int nb_sectors,
71                                          QEMUIOVector *iov);
72 static int coroutine_fn bdrv_co_do_readv(BlockDriverState *bs,
73     int64_t sector_num, int nb_sectors, QEMUIOVector *qiov,
74     BdrvRequestFlags flags);
75 static int coroutine_fn bdrv_co_do_writev(BlockDriverState *bs,
76     int64_t sector_num, int nb_sectors, QEMUIOVector *qiov,
77     BdrvRequestFlags flags);
78 static BlockDriverAIOCB *bdrv_co_aio_rw_vector(BlockDriverState *bs,
79                                                int64_t sector_num,
80                                                QEMUIOVector *qiov,
81                                                int nb_sectors,
82                                                BlockDriverCompletionFunc *cb,
83                                                void *opaque,
84                                                bool is_write);
85 static void coroutine_fn bdrv_co_do_rw(void *opaque);
86 static int coroutine_fn bdrv_co_do_write_zeroes(BlockDriverState *bs,
87     int64_t sector_num, int nb_sectors);
88 
89 static bool bdrv_exceed_bps_limits(BlockDriverState *bs, int nb_sectors,
90         bool is_write, double elapsed_time, uint64_t *wait);
91 static bool bdrv_exceed_iops_limits(BlockDriverState *bs, bool is_write,
92         double elapsed_time, uint64_t *wait);
93 static bool bdrv_exceed_io_limits(BlockDriverState *bs, int nb_sectors,
94         bool is_write, int64_t *wait);
95 
96 static QTAILQ_HEAD(, BlockDriverState) bdrv_states =
97     QTAILQ_HEAD_INITIALIZER(bdrv_states);
98 
99 static QLIST_HEAD(, BlockDriver) bdrv_drivers =
100     QLIST_HEAD_INITIALIZER(bdrv_drivers);
101 
102 /* The device to use for VM snapshots */
103 static BlockDriverState *bs_snapshots;
104 
105 /* If non-zero, use only whitelisted block drivers */
106 static int use_bdrv_whitelist;
107 
108 #ifdef _WIN32
109 static int is_windows_drive_prefix(const char *filename)
110 {
111     return (((filename[0] >= 'a' && filename[0] <= 'z') ||
112              (filename[0] >= 'A' && filename[0] <= 'Z')) &&
113             filename[1] == ':');
114 }
115 
116 int is_windows_drive(const char *filename)
117 {
118     if (is_windows_drive_prefix(filename) &&
119         filename[2] == '\0')
120         return 1;
121     if (strstart(filename, "\\\\.\\", NULL) ||
122         strstart(filename, "//./", NULL))
123         return 1;
124     return 0;
125 }
126 #endif
127 
128 /* throttling disk I/O limits */
129 void bdrv_io_limits_disable(BlockDriverState *bs)
130 {
131     bs->io_limits_enabled = false;
132 
133     while (qemu_co_queue_next(&bs->throttled_reqs));
134 
135     if (bs->block_timer) {
136         qemu_del_timer(bs->block_timer);
137         qemu_free_timer(bs->block_timer);
138         bs->block_timer = NULL;
139     }
140 
141     bs->slice_start = 0;
142     bs->slice_end   = 0;
143 }
144 
145 static void bdrv_block_timer(void *opaque)
146 {
147     BlockDriverState *bs = opaque;
148 
149     qemu_co_queue_next(&bs->throttled_reqs);
150 }
151 
152 void bdrv_io_limits_enable(BlockDriverState *bs)
153 {
154     qemu_co_queue_init(&bs->throttled_reqs);
155     bs->block_timer = qemu_new_timer_ns(vm_clock, bdrv_block_timer, bs);
156     bs->io_limits_enabled = true;
157 }
158 
159 bool bdrv_io_limits_enabled(BlockDriverState *bs)
160 {
161     BlockIOLimit *io_limits = &bs->io_limits;
162     return io_limits->bps[BLOCK_IO_LIMIT_READ]
163          || io_limits->bps[BLOCK_IO_LIMIT_WRITE]
164          || io_limits->bps[BLOCK_IO_LIMIT_TOTAL]
165          || io_limits->iops[BLOCK_IO_LIMIT_READ]
166          || io_limits->iops[BLOCK_IO_LIMIT_WRITE]
167          || io_limits->iops[BLOCK_IO_LIMIT_TOTAL];
168 }
169 
170 static void bdrv_io_limits_intercept(BlockDriverState *bs,
171                                      bool is_write, int nb_sectors)
172 {
173     int64_t wait_time = -1;
174 
175     if (!qemu_co_queue_empty(&bs->throttled_reqs)) {
176         qemu_co_queue_wait(&bs->throttled_reqs);
177     }
178 
179     /* In fact, we hope to keep each request's timing, in FIFO mode. The next
180      * throttled requests will not be dequeued until the current request is
181      * allowed to be serviced. So if the current request still exceeds the
182      * limits, it will be inserted to the head. All requests followed it will
183      * be still in throttled_reqs queue.
184      */
185 
186     while (bdrv_exceed_io_limits(bs, nb_sectors, is_write, &wait_time)) {
187         qemu_mod_timer(bs->block_timer,
188                        wait_time + qemu_get_clock_ns(vm_clock));
189         qemu_co_queue_wait_insert_head(&bs->throttled_reqs);
190     }
191 
192     qemu_co_queue_next(&bs->throttled_reqs);
193 }
194 
195 /* check if the path starts with "<protocol>:" */
196 static int path_has_protocol(const char *path)
197 {
198     const char *p;
199 
200 #ifdef _WIN32
201     if (is_windows_drive(path) ||
202         is_windows_drive_prefix(path)) {
203         return 0;
204     }
205     p = path + strcspn(path, ":/\\");
206 #else
207     p = path + strcspn(path, ":/");
208 #endif
209 
210     return *p == ':';
211 }
212 
213 int path_is_absolute(const char *path)
214 {
215 #ifdef _WIN32
216     /* specific case for names like: "\\.\d:" */
217     if (is_windows_drive(path) || is_windows_drive_prefix(path)) {
218         return 1;
219     }
220     return (*path == '/' || *path == '\\');
221 #else
222     return (*path == '/');
223 #endif
224 }
225 
226 /* if filename is absolute, just copy it to dest. Otherwise, build a
227    path to it by considering it is relative to base_path. URL are
228    supported. */
229 void path_combine(char *dest, int dest_size,
230                   const char *base_path,
231                   const char *filename)
232 {
233     const char *p, *p1;
234     int len;
235 
236     if (dest_size <= 0)
237         return;
238     if (path_is_absolute(filename)) {
239         pstrcpy(dest, dest_size, filename);
240     } else {
241         p = strchr(base_path, ':');
242         if (p)
243             p++;
244         else
245             p = base_path;
246         p1 = strrchr(base_path, '/');
247 #ifdef _WIN32
248         {
249             const char *p2;
250             p2 = strrchr(base_path, '\\');
251             if (!p1 || p2 > p1)
252                 p1 = p2;
253         }
254 #endif
255         if (p1)
256             p1++;
257         else
258             p1 = base_path;
259         if (p1 > p)
260             p = p1;
261         len = p - base_path;
262         if (len > dest_size - 1)
263             len = dest_size - 1;
264         memcpy(dest, base_path, len);
265         dest[len] = '\0';
266         pstrcat(dest, dest_size, filename);
267     }
268 }
269 
270 void bdrv_get_full_backing_filename(BlockDriverState *bs, char *dest, size_t sz)
271 {
272     if (bs->backing_file[0] == '\0' || path_has_protocol(bs->backing_file)) {
273         pstrcpy(dest, sz, bs->backing_file);
274     } else {
275         path_combine(dest, sz, bs->filename, bs->backing_file);
276     }
277 }
278 
279 void bdrv_register(BlockDriver *bdrv)
280 {
281     /* Block drivers without coroutine functions need emulation */
282     if (!bdrv->bdrv_co_readv) {
283         bdrv->bdrv_co_readv = bdrv_co_readv_em;
284         bdrv->bdrv_co_writev = bdrv_co_writev_em;
285 
286         /* bdrv_co_readv_em()/brdv_co_writev_em() work in terms of aio, so if
287          * the block driver lacks aio we need to emulate that too.
288          */
289         if (!bdrv->bdrv_aio_readv) {
290             /* add AIO emulation layer */
291             bdrv->bdrv_aio_readv = bdrv_aio_readv_em;
292             bdrv->bdrv_aio_writev = bdrv_aio_writev_em;
293         }
294     }
295 
296     QLIST_INSERT_HEAD(&bdrv_drivers, bdrv, list);
297 }
298 
299 /* create a new block device (by default it is empty) */
300 BlockDriverState *bdrv_new(const char *device_name)
301 {
302     BlockDriverState *bs;
303 
304     bs = g_malloc0(sizeof(BlockDriverState));
305     pstrcpy(bs->device_name, sizeof(bs->device_name), device_name);
306     if (device_name[0] != '\0') {
307         QTAILQ_INSERT_TAIL(&bdrv_states, bs, list);
308     }
309     bdrv_iostatus_disable(bs);
310     notifier_list_init(&bs->close_notifiers);
311 
312     return bs;
313 }
314 
315 void bdrv_add_close_notifier(BlockDriverState *bs, Notifier *notify)
316 {
317     notifier_list_add(&bs->close_notifiers, notify);
318 }
319 
320 BlockDriver *bdrv_find_format(const char *format_name)
321 {
322     BlockDriver *drv1;
323     QLIST_FOREACH(drv1, &bdrv_drivers, list) {
324         if (!strcmp(drv1->format_name, format_name)) {
325             return drv1;
326         }
327     }
328     return NULL;
329 }
330 
331 static int bdrv_is_whitelisted(BlockDriver *drv)
332 {
333     static const char *whitelist[] = {
334         CONFIG_BDRV_WHITELIST
335     };
336     const char **p;
337 
338     if (!whitelist[0])
339         return 1;               /* no whitelist, anything goes */
340 
341     for (p = whitelist; *p; p++) {
342         if (!strcmp(drv->format_name, *p)) {
343             return 1;
344         }
345     }
346     return 0;
347 }
348 
349 BlockDriver *bdrv_find_whitelisted_format(const char *format_name)
350 {
351     BlockDriver *drv = bdrv_find_format(format_name);
352     return drv && bdrv_is_whitelisted(drv) ? drv : NULL;
353 }
354 
355 typedef struct CreateCo {
356     BlockDriver *drv;
357     char *filename;
358     QEMUOptionParameter *options;
359     int ret;
360 } CreateCo;
361 
362 static void coroutine_fn bdrv_create_co_entry(void *opaque)
363 {
364     CreateCo *cco = opaque;
365     assert(cco->drv);
366 
367     cco->ret = cco->drv->bdrv_create(cco->filename, cco->options);
368 }
369 
370 int bdrv_create(BlockDriver *drv, const char* filename,
371     QEMUOptionParameter *options)
372 {
373     int ret;
374 
375     Coroutine *co;
376     CreateCo cco = {
377         .drv = drv,
378         .filename = g_strdup(filename),
379         .options = options,
380         .ret = NOT_DONE,
381     };
382 
383     if (!drv->bdrv_create) {
384         ret = -ENOTSUP;
385         goto out;
386     }
387 
388     if (qemu_in_coroutine()) {
389         /* Fast-path if already in coroutine context */
390         bdrv_create_co_entry(&cco);
391     } else {
392         co = qemu_coroutine_create(bdrv_create_co_entry);
393         qemu_coroutine_enter(co, &cco);
394         while (cco.ret == NOT_DONE) {
395             qemu_aio_wait();
396         }
397     }
398 
399     ret = cco.ret;
400 
401 out:
402     g_free(cco.filename);
403     return ret;
404 }
405 
406 int bdrv_create_file(const char* filename, QEMUOptionParameter *options)
407 {
408     BlockDriver *drv;
409 
410     drv = bdrv_find_protocol(filename);
411     if (drv == NULL) {
412         return -ENOENT;
413     }
414 
415     return bdrv_create(drv, filename, options);
416 }
417 
418 /*
419  * Create a uniquely-named empty temporary file.
420  * Return 0 upon success, otherwise a negative errno value.
421  */
422 int get_tmp_filename(char *filename, int size)
423 {
424 #ifdef _WIN32
425     char temp_dir[MAX_PATH];
426     /* GetTempFileName requires that its output buffer (4th param)
427        have length MAX_PATH or greater.  */
428     assert(size >= MAX_PATH);
429     return (GetTempPath(MAX_PATH, temp_dir)
430             && GetTempFileName(temp_dir, "qem", 0, filename)
431             ? 0 : -GetLastError());
432 #else
433     int fd;
434     const char *tmpdir;
435     tmpdir = getenv("TMPDIR");
436     if (!tmpdir)
437         tmpdir = "/tmp";
438     if (snprintf(filename, size, "%s/vl.XXXXXX", tmpdir) >= size) {
439         return -EOVERFLOW;
440     }
441     fd = mkstemp(filename);
442     if (fd < 0) {
443         return -errno;
444     }
445     if (close(fd) != 0) {
446         unlink(filename);
447         return -errno;
448     }
449     return 0;
450 #endif
451 }
452 
453 /*
454  * Detect host devices. By convention, /dev/cdrom[N] is always
455  * recognized as a host CDROM.
456  */
457 static BlockDriver *find_hdev_driver(const char *filename)
458 {
459     int score_max = 0, score;
460     BlockDriver *drv = NULL, *d;
461 
462     QLIST_FOREACH(d, &bdrv_drivers, list) {
463         if (d->bdrv_probe_device) {
464             score = d->bdrv_probe_device(filename);
465             if (score > score_max) {
466                 score_max = score;
467                 drv = d;
468             }
469         }
470     }
471 
472     return drv;
473 }
474 
475 BlockDriver *bdrv_find_protocol(const char *filename)
476 {
477     BlockDriver *drv1;
478     char protocol[128];
479     int len;
480     const char *p;
481 
482     /* TODO Drivers without bdrv_file_open must be specified explicitly */
483 
484     /*
485      * XXX(hch): we really should not let host device detection
486      * override an explicit protocol specification, but moving this
487      * later breaks access to device names with colons in them.
488      * Thanks to the brain-dead persistent naming schemes on udev-
489      * based Linux systems those actually are quite common.
490      */
491     drv1 = find_hdev_driver(filename);
492     if (drv1) {
493         return drv1;
494     }
495 
496     if (!path_has_protocol(filename)) {
497         return bdrv_find_format("file");
498     }
499     p = strchr(filename, ':');
500     assert(p != NULL);
501     len = p - filename;
502     if (len > sizeof(protocol) - 1)
503         len = sizeof(protocol) - 1;
504     memcpy(protocol, filename, len);
505     protocol[len] = '\0';
506     QLIST_FOREACH(drv1, &bdrv_drivers, list) {
507         if (drv1->protocol_name &&
508             !strcmp(drv1->protocol_name, protocol)) {
509             return drv1;
510         }
511     }
512     return NULL;
513 }
514 
515 static int find_image_format(BlockDriverState *bs, const char *filename,
516                              BlockDriver **pdrv)
517 {
518     int score, score_max;
519     BlockDriver *drv1, *drv;
520     uint8_t buf[2048];
521     int ret = 0;
522 
523     /* Return the raw BlockDriver * to scsi-generic devices or empty drives */
524     if (bs->sg || !bdrv_is_inserted(bs) || bdrv_getlength(bs) == 0) {
525         drv = bdrv_find_format("raw");
526         if (!drv) {
527             ret = -ENOENT;
528         }
529         *pdrv = drv;
530         return ret;
531     }
532 
533     ret = bdrv_pread(bs, 0, buf, sizeof(buf));
534     if (ret < 0) {
535         *pdrv = NULL;
536         return ret;
537     }
538 
539     score_max = 0;
540     drv = NULL;
541     QLIST_FOREACH(drv1, &bdrv_drivers, list) {
542         if (drv1->bdrv_probe) {
543             score = drv1->bdrv_probe(buf, ret, filename);
544             if (score > score_max) {
545                 score_max = score;
546                 drv = drv1;
547             }
548         }
549     }
550     if (!drv) {
551         ret = -ENOENT;
552     }
553     *pdrv = drv;
554     return ret;
555 }
556 
557 /**
558  * Set the current 'total_sectors' value
559  */
560 static int refresh_total_sectors(BlockDriverState *bs, int64_t hint)
561 {
562     BlockDriver *drv = bs->drv;
563 
564     /* Do not attempt drv->bdrv_getlength() on scsi-generic devices */
565     if (bs->sg)
566         return 0;
567 
568     /* query actual device if possible, otherwise just trust the hint */
569     if (drv->bdrv_getlength) {
570         int64_t length = drv->bdrv_getlength(bs);
571         if (length < 0) {
572             return length;
573         }
574         hint = length >> BDRV_SECTOR_BITS;
575     }
576 
577     bs->total_sectors = hint;
578     return 0;
579 }
580 
581 /**
582  * Set open flags for a given discard mode
583  *
584  * Return 0 on success, -1 if the discard mode was invalid.
585  */
586 int bdrv_parse_discard_flags(const char *mode, int *flags)
587 {
588     *flags &= ~BDRV_O_UNMAP;
589 
590     if (!strcmp(mode, "off") || !strcmp(mode, "ignore")) {
591         /* do nothing */
592     } else if (!strcmp(mode, "on") || !strcmp(mode, "unmap")) {
593         *flags |= BDRV_O_UNMAP;
594     } else {
595         return -1;
596     }
597 
598     return 0;
599 }
600 
601 /**
602  * Set open flags for a given cache mode
603  *
604  * Return 0 on success, -1 if the cache mode was invalid.
605  */
606 int bdrv_parse_cache_flags(const char *mode, int *flags)
607 {
608     *flags &= ~BDRV_O_CACHE_MASK;
609 
610     if (!strcmp(mode, "off") || !strcmp(mode, "none")) {
611         *flags |= BDRV_O_NOCACHE | BDRV_O_CACHE_WB;
612     } else if (!strcmp(mode, "directsync")) {
613         *flags |= BDRV_O_NOCACHE;
614     } else if (!strcmp(mode, "writeback")) {
615         *flags |= BDRV_O_CACHE_WB;
616     } else if (!strcmp(mode, "unsafe")) {
617         *flags |= BDRV_O_CACHE_WB;
618         *flags |= BDRV_O_NO_FLUSH;
619     } else if (!strcmp(mode, "writethrough")) {
620         /* this is the default */
621     } else {
622         return -1;
623     }
624 
625     return 0;
626 }
627 
628 /**
629  * The copy-on-read flag is actually a reference count so multiple users may
630  * use the feature without worrying about clobbering its previous state.
631  * Copy-on-read stays enabled until all users have called to disable it.
632  */
633 void bdrv_enable_copy_on_read(BlockDriverState *bs)
634 {
635     bs->copy_on_read++;
636 }
637 
638 void bdrv_disable_copy_on_read(BlockDriverState *bs)
639 {
640     assert(bs->copy_on_read > 0);
641     bs->copy_on_read--;
642 }
643 
644 static int bdrv_open_flags(BlockDriverState *bs, int flags)
645 {
646     int open_flags = flags | BDRV_O_CACHE_WB;
647 
648     /*
649      * Clear flags that are internal to the block layer before opening the
650      * image.
651      */
652     open_flags &= ~(BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING);
653 
654     /*
655      * Snapshots should be writable.
656      */
657     if (bs->is_temporary) {
658         open_flags |= BDRV_O_RDWR;
659     }
660 
661     return open_flags;
662 }
663 
664 /*
665  * Common part for opening disk images and files
666  *
667  * Removes all processed options from *options.
668  */
669 static int bdrv_open_common(BlockDriverState *bs, BlockDriverState *file,
670     QDict *options, int flags, BlockDriver *drv)
671 {
672     int ret, open_flags;
673     const char *filename;
674 
675     assert(drv != NULL);
676     assert(bs->file == NULL);
677     assert(options != NULL && bs->options != options);
678 
679     if (file != NULL) {
680         filename = file->filename;
681     } else {
682         filename = qdict_get_try_str(options, "filename");
683     }
684 
685     trace_bdrv_open_common(bs, filename ?: "", flags, drv->format_name);
686 
687     if (use_bdrv_whitelist && !bdrv_is_whitelisted(drv)) {
688         return -ENOTSUP;
689     }
690 
691     /* bdrv_open() with directly using a protocol as drv. This layer is already
692      * opened, so assign it to bs (while file becomes a closed BlockDriverState)
693      * and return immediately. */
694     if (file != NULL && drv->bdrv_file_open) {
695         bdrv_swap(file, bs);
696         return 0;
697     }
698 
699     bs->open_flags = flags;
700     bs->buffer_alignment = 512;
701 
702     assert(bs->copy_on_read == 0); /* bdrv_new() and bdrv_close() make it so */
703     if ((flags & BDRV_O_RDWR) && (flags & BDRV_O_COPY_ON_READ)) {
704         bdrv_enable_copy_on_read(bs);
705     }
706 
707     if (filename != NULL) {
708         pstrcpy(bs->filename, sizeof(bs->filename), filename);
709     } else {
710         bs->filename[0] = '\0';
711     }
712 
713     bs->drv = drv;
714     bs->opaque = g_malloc0(drv->instance_size);
715 
716     bs->enable_write_cache = !!(flags & BDRV_O_CACHE_WB);
717     open_flags = bdrv_open_flags(bs, flags);
718 
719     bs->read_only = !(open_flags & BDRV_O_RDWR);
720 
721     /* Open the image, either directly or using a protocol */
722     if (drv->bdrv_file_open) {
723         assert(file == NULL);
724         assert(drv->bdrv_parse_filename || filename != NULL);
725         ret = drv->bdrv_file_open(bs, options, open_flags);
726     } else {
727         if (file == NULL) {
728             qerror_report(ERROR_CLASS_GENERIC_ERROR, "Can't use '%s' as a "
729                           "block driver for the protocol level",
730                           drv->format_name);
731             ret = -EINVAL;
732             goto free_and_fail;
733         }
734         assert(file != NULL);
735         bs->file = file;
736         ret = drv->bdrv_open(bs, options, open_flags);
737     }
738 
739     if (ret < 0) {
740         goto free_and_fail;
741     }
742 
743     ret = refresh_total_sectors(bs, bs->total_sectors);
744     if (ret < 0) {
745         goto free_and_fail;
746     }
747 
748 #ifndef _WIN32
749     if (bs->is_temporary) {
750         assert(filename != NULL);
751         unlink(filename);
752     }
753 #endif
754     return 0;
755 
756 free_and_fail:
757     bs->file = NULL;
758     g_free(bs->opaque);
759     bs->opaque = NULL;
760     bs->drv = NULL;
761     return ret;
762 }
763 
764 /*
765  * Opens a file using a protocol (file, host_device, nbd, ...)
766  *
767  * options is a QDict of options to pass to the block drivers, or NULL for an
768  * empty set of options. The reference to the QDict belongs to the block layer
769  * after the call (even on failure), so if the caller intends to reuse the
770  * dictionary, it needs to use QINCREF() before calling bdrv_file_open.
771  */
772 int bdrv_file_open(BlockDriverState **pbs, const char *filename,
773                    QDict *options, int flags)
774 {
775     BlockDriverState *bs;
776     BlockDriver *drv;
777     const char *drvname;
778     int ret;
779 
780     /* NULL means an empty set of options */
781     if (options == NULL) {
782         options = qdict_new();
783     }
784 
785     bs = bdrv_new("");
786     bs->options = options;
787     options = qdict_clone_shallow(options);
788 
789     /* Fetch the file name from the options QDict if necessary */
790     if (!filename) {
791         filename = qdict_get_try_str(options, "filename");
792     } else if (filename && !qdict_haskey(options, "filename")) {
793         qdict_put(options, "filename", qstring_from_str(filename));
794     } else {
795         qerror_report(ERROR_CLASS_GENERIC_ERROR, "Can't specify 'file' and "
796                       "'filename' options at the same time");
797         ret = -EINVAL;
798         goto fail;
799     }
800 
801     /* Find the right block driver */
802     drvname = qdict_get_try_str(options, "driver");
803     if (drvname) {
804         drv = bdrv_find_whitelisted_format(drvname);
805         qdict_del(options, "driver");
806     } else if (filename) {
807         drv = bdrv_find_protocol(filename);
808     } else {
809         qerror_report(ERROR_CLASS_GENERIC_ERROR,
810                       "Must specify either driver or file");
811         drv = NULL;
812     }
813 
814     if (!drv) {
815         ret = -ENOENT;
816         goto fail;
817     }
818 
819     /* Parse the filename and open it */
820     if (drv->bdrv_parse_filename && filename) {
821         Error *local_err = NULL;
822         drv->bdrv_parse_filename(filename, options, &local_err);
823         if (error_is_set(&local_err)) {
824             qerror_report_err(local_err);
825             error_free(local_err);
826             ret = -EINVAL;
827             goto fail;
828         }
829         qdict_del(options, "filename");
830     } else if (!drv->bdrv_parse_filename && !filename) {
831         qerror_report(ERROR_CLASS_GENERIC_ERROR,
832                       "The '%s' block driver requires a file name",
833                       drv->format_name);
834         ret = -EINVAL;
835         goto fail;
836     }
837 
838     ret = bdrv_open_common(bs, NULL, options, flags, drv);
839     if (ret < 0) {
840         goto fail;
841     }
842 
843     /* Check if any unknown options were used */
844     if (qdict_size(options) != 0) {
845         const QDictEntry *entry = qdict_first(options);
846         qerror_report(ERROR_CLASS_GENERIC_ERROR, "Block protocol '%s' doesn't "
847                       "support the option '%s'",
848                       drv->format_name, entry->key);
849         ret = -EINVAL;
850         goto fail;
851     }
852     QDECREF(options);
853 
854     bs->growable = 1;
855     *pbs = bs;
856     return 0;
857 
858 fail:
859     QDECREF(options);
860     if (!bs->drv) {
861         QDECREF(bs->options);
862     }
863     bdrv_delete(bs);
864     return ret;
865 }
866 
867 /*
868  * Opens the backing file for a BlockDriverState if not yet open
869  *
870  * options is a QDict of options to pass to the block drivers, or NULL for an
871  * empty set of options. The reference to the QDict is transferred to this
872  * function (even on failure), so if the caller intends to reuse the dictionary,
873  * it needs to use QINCREF() before calling bdrv_file_open.
874  */
875 int bdrv_open_backing_file(BlockDriverState *bs, QDict *options)
876 {
877     char backing_filename[PATH_MAX];
878     int back_flags, ret;
879     BlockDriver *back_drv = NULL;
880 
881     if (bs->backing_hd != NULL) {
882         QDECREF(options);
883         return 0;
884     }
885 
886     /* NULL means an empty set of options */
887     if (options == NULL) {
888         options = qdict_new();
889     }
890 
891     bs->open_flags &= ~BDRV_O_NO_BACKING;
892     if (qdict_haskey(options, "file.filename")) {
893         backing_filename[0] = '\0';
894     } else if (bs->backing_file[0] == '\0' && qdict_size(options) == 0) {
895         QDECREF(options);
896         return 0;
897     }
898 
899     bs->backing_hd = bdrv_new("");
900     bdrv_get_full_backing_filename(bs, backing_filename,
901                                    sizeof(backing_filename));
902 
903     if (bs->backing_format[0] != '\0') {
904         back_drv = bdrv_find_format(bs->backing_format);
905     }
906 
907     /* backing files always opened read-only */
908     back_flags = bs->open_flags & ~(BDRV_O_RDWR | BDRV_O_SNAPSHOT);
909 
910     ret = bdrv_open(bs->backing_hd,
911                     *backing_filename ? backing_filename : NULL, options,
912                     back_flags, back_drv);
913     if (ret < 0) {
914         bdrv_delete(bs->backing_hd);
915         bs->backing_hd = NULL;
916         bs->open_flags |= BDRV_O_NO_BACKING;
917         return ret;
918     }
919     return 0;
920 }
921 
922 static void extract_subqdict(QDict *src, QDict **dst, const char *start)
923 {
924     const QDictEntry *entry, *next;
925     const char *p;
926 
927     *dst = qdict_new();
928     entry = qdict_first(src);
929 
930     while (entry != NULL) {
931         next = qdict_next(src, entry);
932         if (strstart(entry->key, start, &p)) {
933             qobject_incref(entry->value);
934             qdict_put_obj(*dst, p, entry->value);
935             qdict_del(src, entry->key);
936         }
937         entry = next;
938     }
939 }
940 
941 /*
942  * Opens a disk image (raw, qcow2, vmdk, ...)
943  *
944  * options is a QDict of options to pass to the block drivers, or NULL for an
945  * empty set of options. The reference to the QDict belongs to the block layer
946  * after the call (even on failure), so if the caller intends to reuse the
947  * dictionary, it needs to use QINCREF() before calling bdrv_open.
948  */
949 int bdrv_open(BlockDriverState *bs, const char *filename, QDict *options,
950               int flags, BlockDriver *drv)
951 {
952     int ret;
953     /* TODO: extra byte is a hack to ensure MAX_PATH space on Windows. */
954     char tmp_filename[PATH_MAX + 1];
955     BlockDriverState *file = NULL;
956     QDict *file_options = NULL;
957 
958     /* NULL means an empty set of options */
959     if (options == NULL) {
960         options = qdict_new();
961     }
962 
963     bs->options = options;
964     options = qdict_clone_shallow(options);
965 
966     /* For snapshot=on, create a temporary qcow2 overlay */
967     if (flags & BDRV_O_SNAPSHOT) {
968         BlockDriverState *bs1;
969         int64_t total_size;
970         BlockDriver *bdrv_qcow2;
971         QEMUOptionParameter *create_options;
972         char backing_filename[PATH_MAX];
973 
974         if (qdict_size(options) != 0) {
975             error_report("Can't use snapshot=on with driver-specific options");
976             ret = -EINVAL;
977             goto fail;
978         }
979         assert(filename != NULL);
980 
981         /* if snapshot, we create a temporary backing file and open it
982            instead of opening 'filename' directly */
983 
984         /* if there is a backing file, use it */
985         bs1 = bdrv_new("");
986         ret = bdrv_open(bs1, filename, NULL, 0, drv);
987         if (ret < 0) {
988             bdrv_delete(bs1);
989             goto fail;
990         }
991         total_size = bdrv_getlength(bs1) & BDRV_SECTOR_MASK;
992 
993         bdrv_delete(bs1);
994 
995         ret = get_tmp_filename(tmp_filename, sizeof(tmp_filename));
996         if (ret < 0) {
997             goto fail;
998         }
999 
1000         /* Real path is meaningless for protocols */
1001         if (path_has_protocol(filename)) {
1002             snprintf(backing_filename, sizeof(backing_filename),
1003                      "%s", filename);
1004         } else if (!realpath(filename, backing_filename)) {
1005             ret = -errno;
1006             goto fail;
1007         }
1008 
1009         bdrv_qcow2 = bdrv_find_format("qcow2");
1010         create_options = parse_option_parameters("", bdrv_qcow2->create_options,
1011                                                  NULL);
1012 
1013         set_option_parameter_int(create_options, BLOCK_OPT_SIZE, total_size);
1014         set_option_parameter(create_options, BLOCK_OPT_BACKING_FILE,
1015                              backing_filename);
1016         if (drv) {
1017             set_option_parameter(create_options, BLOCK_OPT_BACKING_FMT,
1018                 drv->format_name);
1019         }
1020 
1021         ret = bdrv_create(bdrv_qcow2, tmp_filename, create_options);
1022         free_option_parameters(create_options);
1023         if (ret < 0) {
1024             goto fail;
1025         }
1026 
1027         filename = tmp_filename;
1028         drv = bdrv_qcow2;
1029         bs->is_temporary = 1;
1030     }
1031 
1032     /* Open image file without format layer */
1033     if (flags & BDRV_O_RDWR) {
1034         flags |= BDRV_O_ALLOW_RDWR;
1035     }
1036 
1037     extract_subqdict(options, &file_options, "file.");
1038 
1039     ret = bdrv_file_open(&file, filename, file_options,
1040                          bdrv_open_flags(bs, flags));
1041     if (ret < 0) {
1042         goto fail;
1043     }
1044 
1045     /* Find the right image format driver */
1046     if (!drv) {
1047         ret = find_image_format(file, filename, &drv);
1048     }
1049 
1050     if (!drv) {
1051         goto unlink_and_fail;
1052     }
1053 
1054     /* Open the image */
1055     ret = bdrv_open_common(bs, file, options, flags, drv);
1056     if (ret < 0) {
1057         goto unlink_and_fail;
1058     }
1059 
1060     if (bs->file != file) {
1061         bdrv_delete(file);
1062         file = NULL;
1063     }
1064 
1065     /* If there is a backing file, use it */
1066     if ((flags & BDRV_O_NO_BACKING) == 0) {
1067         QDict *backing_options;
1068 
1069         extract_subqdict(options, &backing_options, "backing.");
1070         ret = bdrv_open_backing_file(bs, backing_options);
1071         if (ret < 0) {
1072             goto close_and_fail;
1073         }
1074     }
1075 
1076     /* Check if any unknown options were used */
1077     if (qdict_size(options) != 0) {
1078         const QDictEntry *entry = qdict_first(options);
1079         qerror_report(ERROR_CLASS_GENERIC_ERROR, "Block format '%s' used by "
1080             "device '%s' doesn't support the option '%s'",
1081             drv->format_name, bs->device_name, entry->key);
1082 
1083         ret = -EINVAL;
1084         goto close_and_fail;
1085     }
1086     QDECREF(options);
1087 
1088     if (!bdrv_key_required(bs)) {
1089         bdrv_dev_change_media_cb(bs, true);
1090     }
1091 
1092     /* throttling disk I/O limits */
1093     if (bs->io_limits_enabled) {
1094         bdrv_io_limits_enable(bs);
1095     }
1096 
1097     return 0;
1098 
1099 unlink_and_fail:
1100     if (file != NULL) {
1101         bdrv_delete(file);
1102     }
1103     if (bs->is_temporary) {
1104         unlink(filename);
1105     }
1106 fail:
1107     QDECREF(bs->options);
1108     QDECREF(options);
1109     bs->options = NULL;
1110     return ret;
1111 
1112 close_and_fail:
1113     bdrv_close(bs);
1114     QDECREF(options);
1115     return ret;
1116 }
1117 
1118 typedef struct BlockReopenQueueEntry {
1119      bool prepared;
1120      BDRVReopenState state;
1121      QSIMPLEQ_ENTRY(BlockReopenQueueEntry) entry;
1122 } BlockReopenQueueEntry;
1123 
1124 /*
1125  * Adds a BlockDriverState to a simple queue for an atomic, transactional
1126  * reopen of multiple devices.
1127  *
1128  * bs_queue can either be an existing BlockReopenQueue that has had QSIMPLE_INIT
1129  * already performed, or alternatively may be NULL a new BlockReopenQueue will
1130  * be created and initialized. This newly created BlockReopenQueue should be
1131  * passed back in for subsequent calls that are intended to be of the same
1132  * atomic 'set'.
1133  *
1134  * bs is the BlockDriverState to add to the reopen queue.
1135  *
1136  * flags contains the open flags for the associated bs
1137  *
1138  * returns a pointer to bs_queue, which is either the newly allocated
1139  * bs_queue, or the existing bs_queue being used.
1140  *
1141  */
1142 BlockReopenQueue *bdrv_reopen_queue(BlockReopenQueue *bs_queue,
1143                                     BlockDriverState *bs, int flags)
1144 {
1145     assert(bs != NULL);
1146 
1147     BlockReopenQueueEntry *bs_entry;
1148     if (bs_queue == NULL) {
1149         bs_queue = g_new0(BlockReopenQueue, 1);
1150         QSIMPLEQ_INIT(bs_queue);
1151     }
1152 
1153     if (bs->file) {
1154         bdrv_reopen_queue(bs_queue, bs->file, flags);
1155     }
1156 
1157     bs_entry = g_new0(BlockReopenQueueEntry, 1);
1158     QSIMPLEQ_INSERT_TAIL(bs_queue, bs_entry, entry);
1159 
1160     bs_entry->state.bs = bs;
1161     bs_entry->state.flags = flags;
1162 
1163     return bs_queue;
1164 }
1165 
1166 /*
1167  * Reopen multiple BlockDriverStates atomically & transactionally.
1168  *
1169  * The queue passed in (bs_queue) must have been built up previous
1170  * via bdrv_reopen_queue().
1171  *
1172  * Reopens all BDS specified in the queue, with the appropriate
1173  * flags.  All devices are prepared for reopen, and failure of any
1174  * device will cause all device changes to be abandonded, and intermediate
1175  * data cleaned up.
1176  *
1177  * If all devices prepare successfully, then the changes are committed
1178  * to all devices.
1179  *
1180  */
1181 int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
1182 {
1183     int ret = -1;
1184     BlockReopenQueueEntry *bs_entry, *next;
1185     Error *local_err = NULL;
1186 
1187     assert(bs_queue != NULL);
1188 
1189     bdrv_drain_all();
1190 
1191     QSIMPLEQ_FOREACH(bs_entry, bs_queue, entry) {
1192         if (bdrv_reopen_prepare(&bs_entry->state, bs_queue, &local_err)) {
1193             error_propagate(errp, local_err);
1194             goto cleanup;
1195         }
1196         bs_entry->prepared = true;
1197     }
1198 
1199     /* If we reach this point, we have success and just need to apply the
1200      * changes
1201      */
1202     QSIMPLEQ_FOREACH(bs_entry, bs_queue, entry) {
1203         bdrv_reopen_commit(&bs_entry->state);
1204     }
1205 
1206     ret = 0;
1207 
1208 cleanup:
1209     QSIMPLEQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) {
1210         if (ret && bs_entry->prepared) {
1211             bdrv_reopen_abort(&bs_entry->state);
1212         }
1213         g_free(bs_entry);
1214     }
1215     g_free(bs_queue);
1216     return ret;
1217 }
1218 
1219 
1220 /* Reopen a single BlockDriverState with the specified flags. */
1221 int bdrv_reopen(BlockDriverState *bs, int bdrv_flags, Error **errp)
1222 {
1223     int ret = -1;
1224     Error *local_err = NULL;
1225     BlockReopenQueue *queue = bdrv_reopen_queue(NULL, bs, bdrv_flags);
1226 
1227     ret = bdrv_reopen_multiple(queue, &local_err);
1228     if (local_err != NULL) {
1229         error_propagate(errp, local_err);
1230     }
1231     return ret;
1232 }
1233 
1234 
1235 /*
1236  * Prepares a BlockDriverState for reopen. All changes are staged in the
1237  * 'opaque' field of the BDRVReopenState, which is used and allocated by
1238  * the block driver layer .bdrv_reopen_prepare()
1239  *
1240  * bs is the BlockDriverState to reopen
1241  * flags are the new open flags
1242  * queue is the reopen queue
1243  *
1244  * Returns 0 on success, non-zero on error.  On error errp will be set
1245  * as well.
1246  *
1247  * On failure, bdrv_reopen_abort() will be called to clean up any data.
1248  * It is the responsibility of the caller to then call the abort() or
1249  * commit() for any other BDS that have been left in a prepare() state
1250  *
1251  */
1252 int bdrv_reopen_prepare(BDRVReopenState *reopen_state, BlockReopenQueue *queue,
1253                         Error **errp)
1254 {
1255     int ret = -1;
1256     Error *local_err = NULL;
1257     BlockDriver *drv;
1258 
1259     assert(reopen_state != NULL);
1260     assert(reopen_state->bs->drv != NULL);
1261     drv = reopen_state->bs->drv;
1262 
1263     /* if we are to stay read-only, do not allow permission change
1264      * to r/w */
1265     if (!(reopen_state->bs->open_flags & BDRV_O_ALLOW_RDWR) &&
1266         reopen_state->flags & BDRV_O_RDWR) {
1267         error_set(errp, QERR_DEVICE_IS_READ_ONLY,
1268                   reopen_state->bs->device_name);
1269         goto error;
1270     }
1271 
1272 
1273     ret = bdrv_flush(reopen_state->bs);
1274     if (ret) {
1275         error_set(errp, ERROR_CLASS_GENERIC_ERROR, "Error (%s) flushing drive",
1276                   strerror(-ret));
1277         goto error;
1278     }
1279 
1280     if (drv->bdrv_reopen_prepare) {
1281         ret = drv->bdrv_reopen_prepare(reopen_state, queue, &local_err);
1282         if (ret) {
1283             if (local_err != NULL) {
1284                 error_propagate(errp, local_err);
1285             } else {
1286                 error_set(errp, QERR_OPEN_FILE_FAILED,
1287                           reopen_state->bs->filename);
1288             }
1289             goto error;
1290         }
1291     } else {
1292         /* It is currently mandatory to have a bdrv_reopen_prepare()
1293          * handler for each supported drv. */
1294         error_set(errp, QERR_BLOCK_FORMAT_FEATURE_NOT_SUPPORTED,
1295                   drv->format_name, reopen_state->bs->device_name,
1296                  "reopening of file");
1297         ret = -1;
1298         goto error;
1299     }
1300 
1301     ret = 0;
1302 
1303 error:
1304     return ret;
1305 }
1306 
1307 /*
1308  * Takes the staged changes for the reopen from bdrv_reopen_prepare(), and
1309  * makes them final by swapping the staging BlockDriverState contents into
1310  * the active BlockDriverState contents.
1311  */
1312 void bdrv_reopen_commit(BDRVReopenState *reopen_state)
1313 {
1314     BlockDriver *drv;
1315 
1316     assert(reopen_state != NULL);
1317     drv = reopen_state->bs->drv;
1318     assert(drv != NULL);
1319 
1320     /* If there are any driver level actions to take */
1321     if (drv->bdrv_reopen_commit) {
1322         drv->bdrv_reopen_commit(reopen_state);
1323     }
1324 
1325     /* set BDS specific flags now */
1326     reopen_state->bs->open_flags         = reopen_state->flags;
1327     reopen_state->bs->enable_write_cache = !!(reopen_state->flags &
1328                                               BDRV_O_CACHE_WB);
1329     reopen_state->bs->read_only = !(reopen_state->flags & BDRV_O_RDWR);
1330 }
1331 
1332 /*
1333  * Abort the reopen, and delete and free the staged changes in
1334  * reopen_state
1335  */
1336 void bdrv_reopen_abort(BDRVReopenState *reopen_state)
1337 {
1338     BlockDriver *drv;
1339 
1340     assert(reopen_state != NULL);
1341     drv = reopen_state->bs->drv;
1342     assert(drv != NULL);
1343 
1344     if (drv->bdrv_reopen_abort) {
1345         drv->bdrv_reopen_abort(reopen_state);
1346     }
1347 }
1348 
1349 
1350 void bdrv_close(BlockDriverState *bs)
1351 {
1352     bdrv_flush(bs);
1353     if (bs->job) {
1354         block_job_cancel_sync(bs->job);
1355     }
1356     bdrv_drain_all();
1357     notifier_list_notify(&bs->close_notifiers, bs);
1358 
1359     if (bs->drv) {
1360         if (bs == bs_snapshots) {
1361             bs_snapshots = NULL;
1362         }
1363         if (bs->backing_hd) {
1364             bdrv_delete(bs->backing_hd);
1365             bs->backing_hd = NULL;
1366         }
1367         bs->drv->bdrv_close(bs);
1368         g_free(bs->opaque);
1369 #ifdef _WIN32
1370         if (bs->is_temporary) {
1371             unlink(bs->filename);
1372         }
1373 #endif
1374         bs->opaque = NULL;
1375         bs->drv = NULL;
1376         bs->copy_on_read = 0;
1377         bs->backing_file[0] = '\0';
1378         bs->backing_format[0] = '\0';
1379         bs->total_sectors = 0;
1380         bs->encrypted = 0;
1381         bs->valid_key = 0;
1382         bs->sg = 0;
1383         bs->growable = 0;
1384         QDECREF(bs->options);
1385         bs->options = NULL;
1386 
1387         if (bs->file != NULL) {
1388             bdrv_delete(bs->file);
1389             bs->file = NULL;
1390         }
1391     }
1392 
1393     bdrv_dev_change_media_cb(bs, false);
1394 
1395     /*throttling disk I/O limits*/
1396     if (bs->io_limits_enabled) {
1397         bdrv_io_limits_disable(bs);
1398     }
1399 }
1400 
1401 void bdrv_close_all(void)
1402 {
1403     BlockDriverState *bs;
1404 
1405     QTAILQ_FOREACH(bs, &bdrv_states, list) {
1406         bdrv_close(bs);
1407     }
1408 }
1409 
1410 /*
1411  * Wait for pending requests to complete across all BlockDriverStates
1412  *
1413  * This function does not flush data to disk, use bdrv_flush_all() for that
1414  * after calling this function.
1415  *
1416  * Note that completion of an asynchronous I/O operation can trigger any
1417  * number of other I/O operations on other devices---for example a coroutine
1418  * can be arbitrarily complex and a constant flow of I/O can come until the
1419  * coroutine is complete.  Because of this, it is not possible to have a
1420  * function to drain a single device's I/O queue.
1421  */
1422 void bdrv_drain_all(void)
1423 {
1424     BlockDriverState *bs;
1425     bool busy;
1426 
1427     do {
1428         busy = qemu_aio_wait();
1429 
1430         /* FIXME: We do not have timer support here, so this is effectively
1431          * a busy wait.
1432          */
1433         QTAILQ_FOREACH(bs, &bdrv_states, list) {
1434             if (!qemu_co_queue_empty(&bs->throttled_reqs)) {
1435                 qemu_co_queue_restart_all(&bs->throttled_reqs);
1436                 busy = true;
1437             }
1438         }
1439     } while (busy);
1440 
1441     /* If requests are still pending there is a bug somewhere */
1442     QTAILQ_FOREACH(bs, &bdrv_states, list) {
1443         assert(QLIST_EMPTY(&bs->tracked_requests));
1444         assert(qemu_co_queue_empty(&bs->throttled_reqs));
1445     }
1446 }
1447 
1448 /* make a BlockDriverState anonymous by removing from bdrv_state list.
1449    Also, NULL terminate the device_name to prevent double remove */
1450 void bdrv_make_anon(BlockDriverState *bs)
1451 {
1452     if (bs->device_name[0] != '\0') {
1453         QTAILQ_REMOVE(&bdrv_states, bs, list);
1454     }
1455     bs->device_name[0] = '\0';
1456 }
1457 
1458 static void bdrv_rebind(BlockDriverState *bs)
1459 {
1460     if (bs->drv && bs->drv->bdrv_rebind) {
1461         bs->drv->bdrv_rebind(bs);
1462     }
1463 }
1464 
1465 static void bdrv_move_feature_fields(BlockDriverState *bs_dest,
1466                                      BlockDriverState *bs_src)
1467 {
1468     /* move some fields that need to stay attached to the device */
1469     bs_dest->open_flags         = bs_src->open_flags;
1470 
1471     /* dev info */
1472     bs_dest->dev_ops            = bs_src->dev_ops;
1473     bs_dest->dev_opaque         = bs_src->dev_opaque;
1474     bs_dest->dev                = bs_src->dev;
1475     bs_dest->buffer_alignment   = bs_src->buffer_alignment;
1476     bs_dest->copy_on_read       = bs_src->copy_on_read;
1477 
1478     bs_dest->enable_write_cache = bs_src->enable_write_cache;
1479 
1480     /* i/o timing parameters */
1481     bs_dest->slice_start        = bs_src->slice_start;
1482     bs_dest->slice_end          = bs_src->slice_end;
1483     bs_dest->slice_submitted    = bs_src->slice_submitted;
1484     bs_dest->io_limits          = bs_src->io_limits;
1485     bs_dest->throttled_reqs     = bs_src->throttled_reqs;
1486     bs_dest->block_timer        = bs_src->block_timer;
1487     bs_dest->io_limits_enabled  = bs_src->io_limits_enabled;
1488 
1489     /* r/w error */
1490     bs_dest->on_read_error      = bs_src->on_read_error;
1491     bs_dest->on_write_error     = bs_src->on_write_error;
1492 
1493     /* i/o status */
1494     bs_dest->iostatus_enabled   = bs_src->iostatus_enabled;
1495     bs_dest->iostatus           = bs_src->iostatus;
1496 
1497     /* dirty bitmap */
1498     bs_dest->dirty_bitmap       = bs_src->dirty_bitmap;
1499 
1500     /* job */
1501     bs_dest->in_use             = bs_src->in_use;
1502     bs_dest->job                = bs_src->job;
1503 
1504     /* keep the same entry in bdrv_states */
1505     pstrcpy(bs_dest->device_name, sizeof(bs_dest->device_name),
1506             bs_src->device_name);
1507     bs_dest->list = bs_src->list;
1508 }
1509 
1510 /*
1511  * Swap bs contents for two image chains while they are live,
1512  * while keeping required fields on the BlockDriverState that is
1513  * actually attached to a device.
1514  *
1515  * This will modify the BlockDriverState fields, and swap contents
1516  * between bs_new and bs_old. Both bs_new and bs_old are modified.
1517  *
1518  * bs_new is required to be anonymous.
1519  *
1520  * This function does not create any image files.
1521  */
1522 void bdrv_swap(BlockDriverState *bs_new, BlockDriverState *bs_old)
1523 {
1524     BlockDriverState tmp;
1525 
1526     /* bs_new must be anonymous and shouldn't have anything fancy enabled */
1527     assert(bs_new->device_name[0] == '\0');
1528     assert(bs_new->dirty_bitmap == NULL);
1529     assert(bs_new->job == NULL);
1530     assert(bs_new->dev == NULL);
1531     assert(bs_new->in_use == 0);
1532     assert(bs_new->io_limits_enabled == false);
1533     assert(bs_new->block_timer == NULL);
1534 
1535     tmp = *bs_new;
1536     *bs_new = *bs_old;
1537     *bs_old = tmp;
1538 
1539     /* there are some fields that should not be swapped, move them back */
1540     bdrv_move_feature_fields(&tmp, bs_old);
1541     bdrv_move_feature_fields(bs_old, bs_new);
1542     bdrv_move_feature_fields(bs_new, &tmp);
1543 
1544     /* bs_new shouldn't be in bdrv_states even after the swap!  */
1545     assert(bs_new->device_name[0] == '\0');
1546 
1547     /* Check a few fields that should remain attached to the device */
1548     assert(bs_new->dev == NULL);
1549     assert(bs_new->job == NULL);
1550     assert(bs_new->in_use == 0);
1551     assert(bs_new->io_limits_enabled == false);
1552     assert(bs_new->block_timer == NULL);
1553 
1554     bdrv_rebind(bs_new);
1555     bdrv_rebind(bs_old);
1556 }
1557 
1558 /*
1559  * Add new bs contents at the top of an image chain while the chain is
1560  * live, while keeping required fields on the top layer.
1561  *
1562  * This will modify the BlockDriverState fields, and swap contents
1563  * between bs_new and bs_top. Both bs_new and bs_top are modified.
1564  *
1565  * bs_new is required to be anonymous.
1566  *
1567  * This function does not create any image files.
1568  */
1569 void bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top)
1570 {
1571     bdrv_swap(bs_new, bs_top);
1572 
1573     /* The contents of 'tmp' will become bs_top, as we are
1574      * swapping bs_new and bs_top contents. */
1575     bs_top->backing_hd = bs_new;
1576     bs_top->open_flags &= ~BDRV_O_NO_BACKING;
1577     pstrcpy(bs_top->backing_file, sizeof(bs_top->backing_file),
1578             bs_new->filename);
1579     pstrcpy(bs_top->backing_format, sizeof(bs_top->backing_format),
1580             bs_new->drv ? bs_new->drv->format_name : "");
1581 }
1582 
1583 void bdrv_delete(BlockDriverState *bs)
1584 {
1585     assert(!bs->dev);
1586     assert(!bs->job);
1587     assert(!bs->in_use);
1588 
1589     /* remove from list, if necessary */
1590     bdrv_make_anon(bs);
1591 
1592     bdrv_close(bs);
1593 
1594     assert(bs != bs_snapshots);
1595     g_free(bs);
1596 }
1597 
1598 int bdrv_attach_dev(BlockDriverState *bs, void *dev)
1599 /* TODO change to DeviceState *dev when all users are qdevified */
1600 {
1601     if (bs->dev) {
1602         return -EBUSY;
1603     }
1604     bs->dev = dev;
1605     bdrv_iostatus_reset(bs);
1606     return 0;
1607 }
1608 
1609 /* TODO qdevified devices don't use this, remove when devices are qdevified */
1610 void bdrv_attach_dev_nofail(BlockDriverState *bs, void *dev)
1611 {
1612     if (bdrv_attach_dev(bs, dev) < 0) {
1613         abort();
1614     }
1615 }
1616 
1617 void bdrv_detach_dev(BlockDriverState *bs, void *dev)
1618 /* TODO change to DeviceState *dev when all users are qdevified */
1619 {
1620     assert(bs->dev == dev);
1621     bs->dev = NULL;
1622     bs->dev_ops = NULL;
1623     bs->dev_opaque = NULL;
1624     bs->buffer_alignment = 512;
1625 }
1626 
1627 /* TODO change to return DeviceState * when all users are qdevified */
1628 void *bdrv_get_attached_dev(BlockDriverState *bs)
1629 {
1630     return bs->dev;
1631 }
1632 
1633 void bdrv_set_dev_ops(BlockDriverState *bs, const BlockDevOps *ops,
1634                       void *opaque)
1635 {
1636     bs->dev_ops = ops;
1637     bs->dev_opaque = opaque;
1638     if (bdrv_dev_has_removable_media(bs) && bs == bs_snapshots) {
1639         bs_snapshots = NULL;
1640     }
1641 }
1642 
1643 void bdrv_emit_qmp_error_event(const BlockDriverState *bdrv,
1644                                enum MonitorEvent ev,
1645                                BlockErrorAction action, bool is_read)
1646 {
1647     QObject *data;
1648     const char *action_str;
1649 
1650     switch (action) {
1651     case BDRV_ACTION_REPORT:
1652         action_str = "report";
1653         break;
1654     case BDRV_ACTION_IGNORE:
1655         action_str = "ignore";
1656         break;
1657     case BDRV_ACTION_STOP:
1658         action_str = "stop";
1659         break;
1660     default:
1661         abort();
1662     }
1663 
1664     data = qobject_from_jsonf("{ 'device': %s, 'action': %s, 'operation': %s }",
1665                               bdrv->device_name,
1666                               action_str,
1667                               is_read ? "read" : "write");
1668     monitor_protocol_event(ev, data);
1669 
1670     qobject_decref(data);
1671 }
1672 
1673 static void bdrv_emit_qmp_eject_event(BlockDriverState *bs, bool ejected)
1674 {
1675     QObject *data;
1676 
1677     data = qobject_from_jsonf("{ 'device': %s, 'tray-open': %i }",
1678                               bdrv_get_device_name(bs), ejected);
1679     monitor_protocol_event(QEVENT_DEVICE_TRAY_MOVED, data);
1680 
1681     qobject_decref(data);
1682 }
1683 
1684 static void bdrv_dev_change_media_cb(BlockDriverState *bs, bool load)
1685 {
1686     if (bs->dev_ops && bs->dev_ops->change_media_cb) {
1687         bool tray_was_closed = !bdrv_dev_is_tray_open(bs);
1688         bs->dev_ops->change_media_cb(bs->dev_opaque, load);
1689         if (tray_was_closed) {
1690             /* tray open */
1691             bdrv_emit_qmp_eject_event(bs, true);
1692         }
1693         if (load) {
1694             /* tray close */
1695             bdrv_emit_qmp_eject_event(bs, false);
1696         }
1697     }
1698 }
1699 
1700 bool bdrv_dev_has_removable_media(BlockDriverState *bs)
1701 {
1702     return !bs->dev || (bs->dev_ops && bs->dev_ops->change_media_cb);
1703 }
1704 
1705 void bdrv_dev_eject_request(BlockDriverState *bs, bool force)
1706 {
1707     if (bs->dev_ops && bs->dev_ops->eject_request_cb) {
1708         bs->dev_ops->eject_request_cb(bs->dev_opaque, force);
1709     }
1710 }
1711 
1712 bool bdrv_dev_is_tray_open(BlockDriverState *bs)
1713 {
1714     if (bs->dev_ops && bs->dev_ops->is_tray_open) {
1715         return bs->dev_ops->is_tray_open(bs->dev_opaque);
1716     }
1717     return false;
1718 }
1719 
1720 static void bdrv_dev_resize_cb(BlockDriverState *bs)
1721 {
1722     if (bs->dev_ops && bs->dev_ops->resize_cb) {
1723         bs->dev_ops->resize_cb(bs->dev_opaque);
1724     }
1725 }
1726 
1727 bool bdrv_dev_is_medium_locked(BlockDriverState *bs)
1728 {
1729     if (bs->dev_ops && bs->dev_ops->is_medium_locked) {
1730         return bs->dev_ops->is_medium_locked(bs->dev_opaque);
1731     }
1732     return false;
1733 }
1734 
1735 /*
1736  * Run consistency checks on an image
1737  *
1738  * Returns 0 if the check could be completed (it doesn't mean that the image is
1739  * free of errors) or -errno when an internal error occurred. The results of the
1740  * check are stored in res.
1741  */
1742 int bdrv_check(BlockDriverState *bs, BdrvCheckResult *res, BdrvCheckMode fix)
1743 {
1744     if (bs->drv->bdrv_check == NULL) {
1745         return -ENOTSUP;
1746     }
1747 
1748     memset(res, 0, sizeof(*res));
1749     return bs->drv->bdrv_check(bs, res, fix);
1750 }
1751 
1752 #define COMMIT_BUF_SECTORS 2048
1753 
1754 /* commit COW file into the raw image */
1755 int bdrv_commit(BlockDriverState *bs)
1756 {
1757     BlockDriver *drv = bs->drv;
1758     int64_t sector, total_sectors;
1759     int n, ro, open_flags;
1760     int ret = 0;
1761     uint8_t *buf;
1762     char filename[PATH_MAX];
1763 
1764     if (!drv)
1765         return -ENOMEDIUM;
1766 
1767     if (!bs->backing_hd) {
1768         return -ENOTSUP;
1769     }
1770 
1771     if (bdrv_in_use(bs) || bdrv_in_use(bs->backing_hd)) {
1772         return -EBUSY;
1773     }
1774 
1775     ro = bs->backing_hd->read_only;
1776     /* Use pstrcpy (not strncpy): filename must be NUL-terminated. */
1777     pstrcpy(filename, sizeof(filename), bs->backing_hd->filename);
1778     open_flags =  bs->backing_hd->open_flags;
1779 
1780     if (ro) {
1781         if (bdrv_reopen(bs->backing_hd, open_flags | BDRV_O_RDWR, NULL)) {
1782             return -EACCES;
1783         }
1784     }
1785 
1786     total_sectors = bdrv_getlength(bs) >> BDRV_SECTOR_BITS;
1787     buf = g_malloc(COMMIT_BUF_SECTORS * BDRV_SECTOR_SIZE);
1788 
1789     for (sector = 0; sector < total_sectors; sector += n) {
1790         if (bdrv_is_allocated(bs, sector, COMMIT_BUF_SECTORS, &n)) {
1791 
1792             if (bdrv_read(bs, sector, buf, n) != 0) {
1793                 ret = -EIO;
1794                 goto ro_cleanup;
1795             }
1796 
1797             if (bdrv_write(bs->backing_hd, sector, buf, n) != 0) {
1798                 ret = -EIO;
1799                 goto ro_cleanup;
1800             }
1801         }
1802     }
1803 
1804     if (drv->bdrv_make_empty) {
1805         ret = drv->bdrv_make_empty(bs);
1806         bdrv_flush(bs);
1807     }
1808 
1809     /*
1810      * Make sure all data we wrote to the backing device is actually
1811      * stable on disk.
1812      */
1813     if (bs->backing_hd)
1814         bdrv_flush(bs->backing_hd);
1815 
1816 ro_cleanup:
1817     g_free(buf);
1818 
1819     if (ro) {
1820         /* ignoring error return here */
1821         bdrv_reopen(bs->backing_hd, open_flags & ~BDRV_O_RDWR, NULL);
1822     }
1823 
1824     return ret;
1825 }
1826 
1827 int bdrv_commit_all(void)
1828 {
1829     BlockDriverState *bs;
1830 
1831     QTAILQ_FOREACH(bs, &bdrv_states, list) {
1832         if (bs->drv && bs->backing_hd) {
1833             int ret = bdrv_commit(bs);
1834             if (ret < 0) {
1835                 return ret;
1836             }
1837         }
1838     }
1839     return 0;
1840 }
1841 
1842 struct BdrvTrackedRequest {
1843     BlockDriverState *bs;
1844     int64_t sector_num;
1845     int nb_sectors;
1846     bool is_write;
1847     QLIST_ENTRY(BdrvTrackedRequest) list;
1848     Coroutine *co; /* owner, used for deadlock detection */
1849     CoQueue wait_queue; /* coroutines blocked on this request */
1850 };
1851 
1852 /**
1853  * Remove an active request from the tracked requests list
1854  *
1855  * This function should be called when a tracked request is completing.
1856  */
1857 static void tracked_request_end(BdrvTrackedRequest *req)
1858 {
1859     QLIST_REMOVE(req, list);
1860     qemu_co_queue_restart_all(&req->wait_queue);
1861 }
1862 
1863 /**
1864  * Add an active request to the tracked requests list
1865  */
1866 static void tracked_request_begin(BdrvTrackedRequest *req,
1867                                   BlockDriverState *bs,
1868                                   int64_t sector_num,
1869                                   int nb_sectors, bool is_write)
1870 {
1871     *req = (BdrvTrackedRequest){
1872         .bs = bs,
1873         .sector_num = sector_num,
1874         .nb_sectors = nb_sectors,
1875         .is_write = is_write,
1876         .co = qemu_coroutine_self(),
1877     };
1878 
1879     qemu_co_queue_init(&req->wait_queue);
1880 
1881     QLIST_INSERT_HEAD(&bs->tracked_requests, req, list);
1882 }
1883 
1884 /**
1885  * Round a region to cluster boundaries
1886  */
1887 void bdrv_round_to_clusters(BlockDriverState *bs,
1888                             int64_t sector_num, int nb_sectors,
1889                             int64_t *cluster_sector_num,
1890                             int *cluster_nb_sectors)
1891 {
1892     BlockDriverInfo bdi;
1893 
1894     if (bdrv_get_info(bs, &bdi) < 0 || bdi.cluster_size == 0) {
1895         *cluster_sector_num = sector_num;
1896         *cluster_nb_sectors = nb_sectors;
1897     } else {
1898         int64_t c = bdi.cluster_size / BDRV_SECTOR_SIZE;
1899         *cluster_sector_num = QEMU_ALIGN_DOWN(sector_num, c);
1900         *cluster_nb_sectors = QEMU_ALIGN_UP(sector_num - *cluster_sector_num +
1901                                             nb_sectors, c);
1902     }
1903 }
1904 
1905 static bool tracked_request_overlaps(BdrvTrackedRequest *req,
1906                                      int64_t sector_num, int nb_sectors) {
1907     /*        aaaa   bbbb */
1908     if (sector_num >= req->sector_num + req->nb_sectors) {
1909         return false;
1910     }
1911     /* bbbb   aaaa        */
1912     if (req->sector_num >= sector_num + nb_sectors) {
1913         return false;
1914     }
1915     return true;
1916 }
1917 
1918 static void coroutine_fn wait_for_overlapping_requests(BlockDriverState *bs,
1919         int64_t sector_num, int nb_sectors)
1920 {
1921     BdrvTrackedRequest *req;
1922     int64_t cluster_sector_num;
1923     int cluster_nb_sectors;
1924     bool retry;
1925 
1926     /* If we touch the same cluster it counts as an overlap.  This guarantees
1927      * that allocating writes will be serialized and not race with each other
1928      * for the same cluster.  For example, in copy-on-read it ensures that the
1929      * CoR read and write operations are atomic and guest writes cannot
1930      * interleave between them.
1931      */
1932     bdrv_round_to_clusters(bs, sector_num, nb_sectors,
1933                            &cluster_sector_num, &cluster_nb_sectors);
1934 
1935     do {
1936         retry = false;
1937         QLIST_FOREACH(req, &bs->tracked_requests, list) {
1938             if (tracked_request_overlaps(req, cluster_sector_num,
1939                                          cluster_nb_sectors)) {
1940                 /* Hitting this means there was a reentrant request, for
1941                  * example, a block driver issuing nested requests.  This must
1942                  * never happen since it means deadlock.
1943                  */
1944                 assert(qemu_coroutine_self() != req->co);
1945 
1946                 qemu_co_queue_wait(&req->wait_queue);
1947                 retry = true;
1948                 break;
1949             }
1950         }
1951     } while (retry);
1952 }
1953 
1954 /*
1955  * Return values:
1956  * 0        - success
1957  * -EINVAL  - backing format specified, but no file
1958  * -ENOSPC  - can't update the backing file because no space is left in the
1959  *            image file header
1960  * -ENOTSUP - format driver doesn't support changing the backing file
1961  */
1962 int bdrv_change_backing_file(BlockDriverState *bs,
1963     const char *backing_file, const char *backing_fmt)
1964 {
1965     BlockDriver *drv = bs->drv;
1966     int ret;
1967 
1968     /* Backing file format doesn't make sense without a backing file */
1969     if (backing_fmt && !backing_file) {
1970         return -EINVAL;
1971     }
1972 
1973     if (drv->bdrv_change_backing_file != NULL) {
1974         ret = drv->bdrv_change_backing_file(bs, backing_file, backing_fmt);
1975     } else {
1976         ret = -ENOTSUP;
1977     }
1978 
1979     if (ret == 0) {
1980         pstrcpy(bs->backing_file, sizeof(bs->backing_file), backing_file ?: "");
1981         pstrcpy(bs->backing_format, sizeof(bs->backing_format), backing_fmt ?: "");
1982     }
1983     return ret;
1984 }
1985 
1986 /*
1987  * Finds the image layer in the chain that has 'bs' as its backing file.
1988  *
1989  * active is the current topmost image.
1990  *
1991  * Returns NULL if bs is not found in active's image chain,
1992  * or if active == bs.
1993  */
1994 BlockDriverState *bdrv_find_overlay(BlockDriverState *active,
1995                                     BlockDriverState *bs)
1996 {
1997     BlockDriverState *overlay = NULL;
1998     BlockDriverState *intermediate;
1999 
2000     assert(active != NULL);
2001     assert(bs != NULL);
2002 
2003     /* if bs is the same as active, then by definition it has no overlay
2004      */
2005     if (active == bs) {
2006         return NULL;
2007     }
2008 
2009     intermediate = active;
2010     while (intermediate->backing_hd) {
2011         if (intermediate->backing_hd == bs) {
2012             overlay = intermediate;
2013             break;
2014         }
2015         intermediate = intermediate->backing_hd;
2016     }
2017 
2018     return overlay;
2019 }
2020 
2021 typedef struct BlkIntermediateStates {
2022     BlockDriverState *bs;
2023     QSIMPLEQ_ENTRY(BlkIntermediateStates) entry;
2024 } BlkIntermediateStates;
2025 
2026 
2027 /*
2028  * Drops images above 'base' up to and including 'top', and sets the image
2029  * above 'top' to have base as its backing file.
2030  *
2031  * Requires that the overlay to 'top' is opened r/w, so that the backing file
2032  * information in 'bs' can be properly updated.
2033  *
2034  * E.g., this will convert the following chain:
2035  * bottom <- base <- intermediate <- top <- active
2036  *
2037  * to
2038  *
2039  * bottom <- base <- active
2040  *
2041  * It is allowed for bottom==base, in which case it converts:
2042  *
2043  * base <- intermediate <- top <- active
2044  *
2045  * to
2046  *
2047  * base <- active
2048  *
2049  * Error conditions:
2050  *  if active == top, that is considered an error
2051  *
2052  */
2053 int bdrv_drop_intermediate(BlockDriverState *active, BlockDriverState *top,
2054                            BlockDriverState *base)
2055 {
2056     BlockDriverState *intermediate;
2057     BlockDriverState *base_bs = NULL;
2058     BlockDriverState *new_top_bs = NULL;
2059     BlkIntermediateStates *intermediate_state, *next;
2060     int ret = -EIO;
2061 
2062     QSIMPLEQ_HEAD(states_to_delete, BlkIntermediateStates) states_to_delete;
2063     QSIMPLEQ_INIT(&states_to_delete);
2064 
2065     if (!top->drv || !base->drv) {
2066         goto exit;
2067     }
2068 
2069     new_top_bs = bdrv_find_overlay(active, top);
2070 
2071     if (new_top_bs == NULL) {
2072         /* we could not find the image above 'top', this is an error */
2073         goto exit;
2074     }
2075 
2076     /* special case of new_top_bs->backing_hd already pointing to base - nothing
2077      * to do, no intermediate images */
2078     if (new_top_bs->backing_hd == base) {
2079         ret = 0;
2080         goto exit;
2081     }
2082 
2083     intermediate = top;
2084 
2085     /* now we will go down through the list, and add each BDS we find
2086      * into our deletion queue, until we hit the 'base'
2087      */
2088     while (intermediate) {
2089         intermediate_state = g_malloc0(sizeof(BlkIntermediateStates));
2090         intermediate_state->bs = intermediate;
2091         QSIMPLEQ_INSERT_TAIL(&states_to_delete, intermediate_state, entry);
2092 
2093         if (intermediate->backing_hd == base) {
2094             base_bs = intermediate->backing_hd;
2095             break;
2096         }
2097         intermediate = intermediate->backing_hd;
2098     }
2099     if (base_bs == NULL) {
2100         /* something went wrong, we did not end at the base. safely
2101          * unravel everything, and exit with error */
2102         goto exit;
2103     }
2104 
2105     /* success - we can delete the intermediate states, and link top->base */
2106     ret = bdrv_change_backing_file(new_top_bs, base_bs->filename,
2107                                    base_bs->drv ? base_bs->drv->format_name : "");
2108     if (ret) {
2109         goto exit;
2110     }
2111     new_top_bs->backing_hd = base_bs;
2112 
2113 
2114     QSIMPLEQ_FOREACH_SAFE(intermediate_state, &states_to_delete, entry, next) {
2115         /* so that bdrv_close() does not recursively close the chain */
2116         intermediate_state->bs->backing_hd = NULL;
2117         bdrv_delete(intermediate_state->bs);
2118     }
2119     ret = 0;
2120 
2121 exit:
2122     QSIMPLEQ_FOREACH_SAFE(intermediate_state, &states_to_delete, entry, next) {
2123         g_free(intermediate_state);
2124     }
2125     return ret;
2126 }
2127 
2128 
2129 static int bdrv_check_byte_request(BlockDriverState *bs, int64_t offset,
2130                                    size_t size)
2131 {
2132     int64_t len;
2133 
2134     if (!bdrv_is_inserted(bs))
2135         return -ENOMEDIUM;
2136 
2137     if (bs->growable)
2138         return 0;
2139 
2140     len = bdrv_getlength(bs);
2141 
2142     if (offset < 0)
2143         return -EIO;
2144 
2145     if ((offset > len) || (len - offset < size))
2146         return -EIO;
2147 
2148     return 0;
2149 }
2150 
2151 static int bdrv_check_request(BlockDriverState *bs, int64_t sector_num,
2152                               int nb_sectors)
2153 {
2154     return bdrv_check_byte_request(bs, sector_num * BDRV_SECTOR_SIZE,
2155                                    nb_sectors * BDRV_SECTOR_SIZE);
2156 }
2157 
2158 typedef struct RwCo {
2159     BlockDriverState *bs;
2160     int64_t sector_num;
2161     int nb_sectors;
2162     QEMUIOVector *qiov;
2163     bool is_write;
2164     int ret;
2165 } RwCo;
2166 
2167 static void coroutine_fn bdrv_rw_co_entry(void *opaque)
2168 {
2169     RwCo *rwco = opaque;
2170 
2171     if (!rwco->is_write) {
2172         rwco->ret = bdrv_co_do_readv(rwco->bs, rwco->sector_num,
2173                                      rwco->nb_sectors, rwco->qiov, 0);
2174     } else {
2175         rwco->ret = bdrv_co_do_writev(rwco->bs, rwco->sector_num,
2176                                       rwco->nb_sectors, rwco->qiov, 0);
2177     }
2178 }
2179 
2180 /*
2181  * Process a vectored synchronous request using coroutines
2182  */
2183 static int bdrv_rwv_co(BlockDriverState *bs, int64_t sector_num,
2184                        QEMUIOVector *qiov, bool is_write)
2185 {
2186     Coroutine *co;
2187     RwCo rwco = {
2188         .bs = bs,
2189         .sector_num = sector_num,
2190         .nb_sectors = qiov->size >> BDRV_SECTOR_BITS,
2191         .qiov = qiov,
2192         .is_write = is_write,
2193         .ret = NOT_DONE,
2194     };
2195     assert((qiov->size & (BDRV_SECTOR_SIZE - 1)) == 0);
2196 
2197     /**
2198      * In sync call context, when the vcpu is blocked, this throttling timer
2199      * will not fire; so the I/O throttling function has to be disabled here
2200      * if it has been enabled.
2201      */
2202     if (bs->io_limits_enabled) {
2203         fprintf(stderr, "Disabling I/O throttling on '%s' due "
2204                         "to synchronous I/O.\n", bdrv_get_device_name(bs));
2205         bdrv_io_limits_disable(bs);
2206     }
2207 
2208     if (qemu_in_coroutine()) {
2209         /* Fast-path if already in coroutine context */
2210         bdrv_rw_co_entry(&rwco);
2211     } else {
2212         co = qemu_coroutine_create(bdrv_rw_co_entry);
2213         qemu_coroutine_enter(co, &rwco);
2214         while (rwco.ret == NOT_DONE) {
2215             qemu_aio_wait();
2216         }
2217     }
2218     return rwco.ret;
2219 }
2220 
2221 /*
2222  * Process a synchronous request using coroutines
2223  */
2224 static int bdrv_rw_co(BlockDriverState *bs, int64_t sector_num, uint8_t *buf,
2225                       int nb_sectors, bool is_write)
2226 {
2227     QEMUIOVector qiov;
2228     struct iovec iov = {
2229         .iov_base = (void *)buf,
2230         .iov_len = nb_sectors * BDRV_SECTOR_SIZE,
2231     };
2232 
2233     qemu_iovec_init_external(&qiov, &iov, 1);
2234     return bdrv_rwv_co(bs, sector_num, &qiov, is_write);
2235 }
2236 
2237 /* return < 0 if error. See bdrv_write() for the return codes */
2238 int bdrv_read(BlockDriverState *bs, int64_t sector_num,
2239               uint8_t *buf, int nb_sectors)
2240 {
2241     return bdrv_rw_co(bs, sector_num, buf, nb_sectors, false);
2242 }
2243 
2244 /* Just like bdrv_read(), but with I/O throttling temporarily disabled */
2245 int bdrv_read_unthrottled(BlockDriverState *bs, int64_t sector_num,
2246                           uint8_t *buf, int nb_sectors)
2247 {
2248     bool enabled;
2249     int ret;
2250 
2251     enabled = bs->io_limits_enabled;
2252     bs->io_limits_enabled = false;
2253     ret = bdrv_read(bs, 0, buf, 1);
2254     bs->io_limits_enabled = enabled;
2255     return ret;
2256 }
2257 
2258 /* Return < 0 if error. Important errors are:
2259   -EIO         generic I/O error (may happen for all errors)
2260   -ENOMEDIUM   No media inserted.
2261   -EINVAL      Invalid sector number or nb_sectors
2262   -EACCES      Trying to write a read-only device
2263 */
2264 int bdrv_write(BlockDriverState *bs, int64_t sector_num,
2265                const uint8_t *buf, int nb_sectors)
2266 {
2267     return bdrv_rw_co(bs, sector_num, (uint8_t *)buf, nb_sectors, true);
2268 }
2269 
2270 int bdrv_writev(BlockDriverState *bs, int64_t sector_num, QEMUIOVector *qiov)
2271 {
2272     return bdrv_rwv_co(bs, sector_num, qiov, true);
2273 }
2274 
2275 int bdrv_pread(BlockDriverState *bs, int64_t offset,
2276                void *buf, int count1)
2277 {
2278     uint8_t tmp_buf[BDRV_SECTOR_SIZE];
2279     int len, nb_sectors, count;
2280     int64_t sector_num;
2281     int ret;
2282 
2283     count = count1;
2284     /* first read to align to sector start */
2285     len = (BDRV_SECTOR_SIZE - offset) & (BDRV_SECTOR_SIZE - 1);
2286     if (len > count)
2287         len = count;
2288     sector_num = offset >> BDRV_SECTOR_BITS;
2289     if (len > 0) {
2290         if ((ret = bdrv_read(bs, sector_num, tmp_buf, 1)) < 0)
2291             return ret;
2292         memcpy(buf, tmp_buf + (offset & (BDRV_SECTOR_SIZE - 1)), len);
2293         count -= len;
2294         if (count == 0)
2295             return count1;
2296         sector_num++;
2297         buf += len;
2298     }
2299 
2300     /* read the sectors "in place" */
2301     nb_sectors = count >> BDRV_SECTOR_BITS;
2302     if (nb_sectors > 0) {
2303         if ((ret = bdrv_read(bs, sector_num, buf, nb_sectors)) < 0)
2304             return ret;
2305         sector_num += nb_sectors;
2306         len = nb_sectors << BDRV_SECTOR_BITS;
2307         buf += len;
2308         count -= len;
2309     }
2310 
2311     /* add data from the last sector */
2312     if (count > 0) {
2313         if ((ret = bdrv_read(bs, sector_num, tmp_buf, 1)) < 0)
2314             return ret;
2315         memcpy(buf, tmp_buf, count);
2316     }
2317     return count1;
2318 }
2319 
2320 int bdrv_pwritev(BlockDriverState *bs, int64_t offset, QEMUIOVector *qiov)
2321 {
2322     uint8_t tmp_buf[BDRV_SECTOR_SIZE];
2323     int len, nb_sectors, count;
2324     int64_t sector_num;
2325     int ret;
2326 
2327     count = qiov->size;
2328 
2329     /* first write to align to sector start */
2330     len = (BDRV_SECTOR_SIZE - offset) & (BDRV_SECTOR_SIZE - 1);
2331     if (len > count)
2332         len = count;
2333     sector_num = offset >> BDRV_SECTOR_BITS;
2334     if (len > 0) {
2335         if ((ret = bdrv_read(bs, sector_num, tmp_buf, 1)) < 0)
2336             return ret;
2337         qemu_iovec_to_buf(qiov, 0, tmp_buf + (offset & (BDRV_SECTOR_SIZE - 1)),
2338                           len);
2339         if ((ret = bdrv_write(bs, sector_num, tmp_buf, 1)) < 0)
2340             return ret;
2341         count -= len;
2342         if (count == 0)
2343             return qiov->size;
2344         sector_num++;
2345     }
2346 
2347     /* write the sectors "in place" */
2348     nb_sectors = count >> BDRV_SECTOR_BITS;
2349     if (nb_sectors > 0) {
2350         QEMUIOVector qiov_inplace;
2351 
2352         qemu_iovec_init(&qiov_inplace, qiov->niov);
2353         qemu_iovec_concat(&qiov_inplace, qiov, len,
2354                           nb_sectors << BDRV_SECTOR_BITS);
2355         ret = bdrv_writev(bs, sector_num, &qiov_inplace);
2356         qemu_iovec_destroy(&qiov_inplace);
2357         if (ret < 0) {
2358             return ret;
2359         }
2360 
2361         sector_num += nb_sectors;
2362         len = nb_sectors << BDRV_SECTOR_BITS;
2363         count -= len;
2364     }
2365 
2366     /* add data from the last sector */
2367     if (count > 0) {
2368         if ((ret = bdrv_read(bs, sector_num, tmp_buf, 1)) < 0)
2369             return ret;
2370         qemu_iovec_to_buf(qiov, qiov->size - count, tmp_buf, count);
2371         if ((ret = bdrv_write(bs, sector_num, tmp_buf, 1)) < 0)
2372             return ret;
2373     }
2374     return qiov->size;
2375 }
2376 
2377 int bdrv_pwrite(BlockDriverState *bs, int64_t offset,
2378                 const void *buf, int count1)
2379 {
2380     QEMUIOVector qiov;
2381     struct iovec iov = {
2382         .iov_base   = (void *) buf,
2383         .iov_len    = count1,
2384     };
2385 
2386     qemu_iovec_init_external(&qiov, &iov, 1);
2387     return bdrv_pwritev(bs, offset, &qiov);
2388 }
2389 
2390 /*
2391  * Writes to the file and ensures that no writes are reordered across this
2392  * request (acts as a barrier)
2393  *
2394  * Returns 0 on success, -errno in error cases.
2395  */
2396 int bdrv_pwrite_sync(BlockDriverState *bs, int64_t offset,
2397     const void *buf, int count)
2398 {
2399     int ret;
2400 
2401     ret = bdrv_pwrite(bs, offset, buf, count);
2402     if (ret < 0) {
2403         return ret;
2404     }
2405 
2406     /* No flush needed for cache modes that already do it */
2407     if (bs->enable_write_cache) {
2408         bdrv_flush(bs);
2409     }
2410 
2411     return 0;
2412 }
2413 
2414 static int coroutine_fn bdrv_co_do_copy_on_readv(BlockDriverState *bs,
2415         int64_t sector_num, int nb_sectors, QEMUIOVector *qiov)
2416 {
2417     /* Perform I/O through a temporary buffer so that users who scribble over
2418      * their read buffer while the operation is in progress do not end up
2419      * modifying the image file.  This is critical for zero-copy guest I/O
2420      * where anything might happen inside guest memory.
2421      */
2422     void *bounce_buffer;
2423 
2424     BlockDriver *drv = bs->drv;
2425     struct iovec iov;
2426     QEMUIOVector bounce_qiov;
2427     int64_t cluster_sector_num;
2428     int cluster_nb_sectors;
2429     size_t skip_bytes;
2430     int ret;
2431 
2432     /* Cover entire cluster so no additional backing file I/O is required when
2433      * allocating cluster in the image file.
2434      */
2435     bdrv_round_to_clusters(bs, sector_num, nb_sectors,
2436                            &cluster_sector_num, &cluster_nb_sectors);
2437 
2438     trace_bdrv_co_do_copy_on_readv(bs, sector_num, nb_sectors,
2439                                    cluster_sector_num, cluster_nb_sectors);
2440 
2441     iov.iov_len = cluster_nb_sectors * BDRV_SECTOR_SIZE;
2442     iov.iov_base = bounce_buffer = qemu_blockalign(bs, iov.iov_len);
2443     qemu_iovec_init_external(&bounce_qiov, &iov, 1);
2444 
2445     ret = drv->bdrv_co_readv(bs, cluster_sector_num, cluster_nb_sectors,
2446                              &bounce_qiov);
2447     if (ret < 0) {
2448         goto err;
2449     }
2450 
2451     if (drv->bdrv_co_write_zeroes &&
2452         buffer_is_zero(bounce_buffer, iov.iov_len)) {
2453         ret = bdrv_co_do_write_zeroes(bs, cluster_sector_num,
2454                                       cluster_nb_sectors);
2455     } else {
2456         /* This does not change the data on the disk, it is not necessary
2457          * to flush even in cache=writethrough mode.
2458          */
2459         ret = drv->bdrv_co_writev(bs, cluster_sector_num, cluster_nb_sectors,
2460                                   &bounce_qiov);
2461     }
2462 
2463     if (ret < 0) {
2464         /* It might be okay to ignore write errors for guest requests.  If this
2465          * is a deliberate copy-on-read then we don't want to ignore the error.
2466          * Simply report it in all cases.
2467          */
2468         goto err;
2469     }
2470 
2471     skip_bytes = (sector_num - cluster_sector_num) * BDRV_SECTOR_SIZE;
2472     qemu_iovec_from_buf(qiov, 0, bounce_buffer + skip_bytes,
2473                         nb_sectors * BDRV_SECTOR_SIZE);
2474 
2475 err:
2476     qemu_vfree(bounce_buffer);
2477     return ret;
2478 }
2479 
2480 /*
2481  * Handle a read request in coroutine context
2482  */
2483 static int coroutine_fn bdrv_co_do_readv(BlockDriverState *bs,
2484     int64_t sector_num, int nb_sectors, QEMUIOVector *qiov,
2485     BdrvRequestFlags flags)
2486 {
2487     BlockDriver *drv = bs->drv;
2488     BdrvTrackedRequest req;
2489     int ret;
2490 
2491     if (!drv) {
2492         return -ENOMEDIUM;
2493     }
2494     if (bdrv_check_request(bs, sector_num, nb_sectors)) {
2495         return -EIO;
2496     }
2497 
2498     /* throttling disk read I/O */
2499     if (bs->io_limits_enabled) {
2500         bdrv_io_limits_intercept(bs, false, nb_sectors);
2501     }
2502 
2503     if (bs->copy_on_read) {
2504         flags |= BDRV_REQ_COPY_ON_READ;
2505     }
2506     if (flags & BDRV_REQ_COPY_ON_READ) {
2507         bs->copy_on_read_in_flight++;
2508     }
2509 
2510     if (bs->copy_on_read_in_flight) {
2511         wait_for_overlapping_requests(bs, sector_num, nb_sectors);
2512     }
2513 
2514     tracked_request_begin(&req, bs, sector_num, nb_sectors, false);
2515 
2516     if (flags & BDRV_REQ_COPY_ON_READ) {
2517         int pnum;
2518 
2519         ret = bdrv_co_is_allocated(bs, sector_num, nb_sectors, &pnum);
2520         if (ret < 0) {
2521             goto out;
2522         }
2523 
2524         if (!ret || pnum != nb_sectors) {
2525             ret = bdrv_co_do_copy_on_readv(bs, sector_num, nb_sectors, qiov);
2526             goto out;
2527         }
2528     }
2529 
2530     ret = drv->bdrv_co_readv(bs, sector_num, nb_sectors, qiov);
2531 
2532 out:
2533     tracked_request_end(&req);
2534 
2535     if (flags & BDRV_REQ_COPY_ON_READ) {
2536         bs->copy_on_read_in_flight--;
2537     }
2538 
2539     return ret;
2540 }
2541 
2542 int coroutine_fn bdrv_co_readv(BlockDriverState *bs, int64_t sector_num,
2543     int nb_sectors, QEMUIOVector *qiov)
2544 {
2545     trace_bdrv_co_readv(bs, sector_num, nb_sectors);
2546 
2547     return bdrv_co_do_readv(bs, sector_num, nb_sectors, qiov, 0);
2548 }
2549 
2550 int coroutine_fn bdrv_co_copy_on_readv(BlockDriverState *bs,
2551     int64_t sector_num, int nb_sectors, QEMUIOVector *qiov)
2552 {
2553     trace_bdrv_co_copy_on_readv(bs, sector_num, nb_sectors);
2554 
2555     return bdrv_co_do_readv(bs, sector_num, nb_sectors, qiov,
2556                             BDRV_REQ_COPY_ON_READ);
2557 }
2558 
2559 static int coroutine_fn bdrv_co_do_write_zeroes(BlockDriverState *bs,
2560     int64_t sector_num, int nb_sectors)
2561 {
2562     BlockDriver *drv = bs->drv;
2563     QEMUIOVector qiov;
2564     struct iovec iov;
2565     int ret;
2566 
2567     /* TODO Emulate only part of misaligned requests instead of letting block
2568      * drivers return -ENOTSUP and emulate everything */
2569 
2570     /* First try the efficient write zeroes operation */
2571     if (drv->bdrv_co_write_zeroes) {
2572         ret = drv->bdrv_co_write_zeroes(bs, sector_num, nb_sectors);
2573         if (ret != -ENOTSUP) {
2574             return ret;
2575         }
2576     }
2577 
2578     /* Fall back to bounce buffer if write zeroes is unsupported */
2579     iov.iov_len  = nb_sectors * BDRV_SECTOR_SIZE;
2580     iov.iov_base = qemu_blockalign(bs, iov.iov_len);
2581     memset(iov.iov_base, 0, iov.iov_len);
2582     qemu_iovec_init_external(&qiov, &iov, 1);
2583 
2584     ret = drv->bdrv_co_writev(bs, sector_num, nb_sectors, &qiov);
2585 
2586     qemu_vfree(iov.iov_base);
2587     return ret;
2588 }
2589 
2590 /*
2591  * Handle a write request in coroutine context
2592  */
2593 static int coroutine_fn bdrv_co_do_writev(BlockDriverState *bs,
2594     int64_t sector_num, int nb_sectors, QEMUIOVector *qiov,
2595     BdrvRequestFlags flags)
2596 {
2597     BlockDriver *drv = bs->drv;
2598     BdrvTrackedRequest req;
2599     int ret;
2600 
2601     if (!bs->drv) {
2602         return -ENOMEDIUM;
2603     }
2604     if (bs->read_only) {
2605         return -EACCES;
2606     }
2607     if (bdrv_check_request(bs, sector_num, nb_sectors)) {
2608         return -EIO;
2609     }
2610 
2611     /* throttling disk write I/O */
2612     if (bs->io_limits_enabled) {
2613         bdrv_io_limits_intercept(bs, true, nb_sectors);
2614     }
2615 
2616     if (bs->copy_on_read_in_flight) {
2617         wait_for_overlapping_requests(bs, sector_num, nb_sectors);
2618     }
2619 
2620     tracked_request_begin(&req, bs, sector_num, nb_sectors, true);
2621 
2622     if (flags & BDRV_REQ_ZERO_WRITE) {
2623         ret = bdrv_co_do_write_zeroes(bs, sector_num, nb_sectors);
2624     } else {
2625         ret = drv->bdrv_co_writev(bs, sector_num, nb_sectors, qiov);
2626     }
2627 
2628     if (ret == 0 && !bs->enable_write_cache) {
2629         ret = bdrv_co_flush(bs);
2630     }
2631 
2632     if (bs->dirty_bitmap) {
2633         bdrv_set_dirty(bs, sector_num, nb_sectors);
2634     }
2635 
2636     if (bs->wr_highest_sector < sector_num + nb_sectors - 1) {
2637         bs->wr_highest_sector = sector_num + nb_sectors - 1;
2638     }
2639 
2640     tracked_request_end(&req);
2641 
2642     return ret;
2643 }
2644 
2645 int coroutine_fn bdrv_co_writev(BlockDriverState *bs, int64_t sector_num,
2646     int nb_sectors, QEMUIOVector *qiov)
2647 {
2648     trace_bdrv_co_writev(bs, sector_num, nb_sectors);
2649 
2650     return bdrv_co_do_writev(bs, sector_num, nb_sectors, qiov, 0);
2651 }
2652 
2653 int coroutine_fn bdrv_co_write_zeroes(BlockDriverState *bs,
2654                                       int64_t sector_num, int nb_sectors)
2655 {
2656     trace_bdrv_co_write_zeroes(bs, sector_num, nb_sectors);
2657 
2658     return bdrv_co_do_writev(bs, sector_num, nb_sectors, NULL,
2659                              BDRV_REQ_ZERO_WRITE);
2660 }
2661 
2662 /**
2663  * Truncate file to 'offset' bytes (needed only for file protocols)
2664  */
2665 int bdrv_truncate(BlockDriverState *bs, int64_t offset)
2666 {
2667     BlockDriver *drv = bs->drv;
2668     int ret;
2669     if (!drv)
2670         return -ENOMEDIUM;
2671     if (!drv->bdrv_truncate)
2672         return -ENOTSUP;
2673     if (bs->read_only)
2674         return -EACCES;
2675     if (bdrv_in_use(bs))
2676         return -EBUSY;
2677     ret = drv->bdrv_truncate(bs, offset);
2678     if (ret == 0) {
2679         ret = refresh_total_sectors(bs, offset >> BDRV_SECTOR_BITS);
2680         bdrv_dev_resize_cb(bs);
2681     }
2682     return ret;
2683 }
2684 
2685 /**
2686  * Length of a allocated file in bytes. Sparse files are counted by actual
2687  * allocated space. Return < 0 if error or unknown.
2688  */
2689 int64_t bdrv_get_allocated_file_size(BlockDriverState *bs)
2690 {
2691     BlockDriver *drv = bs->drv;
2692     if (!drv) {
2693         return -ENOMEDIUM;
2694     }
2695     if (drv->bdrv_get_allocated_file_size) {
2696         return drv->bdrv_get_allocated_file_size(bs);
2697     }
2698     if (bs->file) {
2699         return bdrv_get_allocated_file_size(bs->file);
2700     }
2701     return -ENOTSUP;
2702 }
2703 
2704 /**
2705  * Length of a file in bytes. Return < 0 if error or unknown.
2706  */
2707 int64_t bdrv_getlength(BlockDriverState *bs)
2708 {
2709     BlockDriver *drv = bs->drv;
2710     if (!drv)
2711         return -ENOMEDIUM;
2712 
2713     if (bs->growable || bdrv_dev_has_removable_media(bs)) {
2714         if (drv->bdrv_getlength) {
2715             return drv->bdrv_getlength(bs);
2716         }
2717     }
2718     return bs->total_sectors * BDRV_SECTOR_SIZE;
2719 }
2720 
2721 /* return 0 as number of sectors if no device present or error */
2722 void bdrv_get_geometry(BlockDriverState *bs, uint64_t *nb_sectors_ptr)
2723 {
2724     int64_t length;
2725     length = bdrv_getlength(bs);
2726     if (length < 0)
2727         length = 0;
2728     else
2729         length = length >> BDRV_SECTOR_BITS;
2730     *nb_sectors_ptr = length;
2731 }
2732 
2733 /* throttling disk io limits */
2734 void bdrv_set_io_limits(BlockDriverState *bs,
2735                         BlockIOLimit *io_limits)
2736 {
2737     bs->io_limits = *io_limits;
2738     bs->io_limits_enabled = bdrv_io_limits_enabled(bs);
2739 }
2740 
2741 void bdrv_set_on_error(BlockDriverState *bs, BlockdevOnError on_read_error,
2742                        BlockdevOnError on_write_error)
2743 {
2744     bs->on_read_error = on_read_error;
2745     bs->on_write_error = on_write_error;
2746 }
2747 
2748 BlockdevOnError bdrv_get_on_error(BlockDriverState *bs, bool is_read)
2749 {
2750     return is_read ? bs->on_read_error : bs->on_write_error;
2751 }
2752 
2753 BlockErrorAction bdrv_get_error_action(BlockDriverState *bs, bool is_read, int error)
2754 {
2755     BlockdevOnError on_err = is_read ? bs->on_read_error : bs->on_write_error;
2756 
2757     switch (on_err) {
2758     case BLOCKDEV_ON_ERROR_ENOSPC:
2759         return (error == ENOSPC) ? BDRV_ACTION_STOP : BDRV_ACTION_REPORT;
2760     case BLOCKDEV_ON_ERROR_STOP:
2761         return BDRV_ACTION_STOP;
2762     case BLOCKDEV_ON_ERROR_REPORT:
2763         return BDRV_ACTION_REPORT;
2764     case BLOCKDEV_ON_ERROR_IGNORE:
2765         return BDRV_ACTION_IGNORE;
2766     default:
2767         abort();
2768     }
2769 }
2770 
2771 /* This is done by device models because, while the block layer knows
2772  * about the error, it does not know whether an operation comes from
2773  * the device or the block layer (from a job, for example).
2774  */
2775 void bdrv_error_action(BlockDriverState *bs, BlockErrorAction action,
2776                        bool is_read, int error)
2777 {
2778     assert(error >= 0);
2779     bdrv_emit_qmp_error_event(bs, QEVENT_BLOCK_IO_ERROR, action, is_read);
2780     if (action == BDRV_ACTION_STOP) {
2781         vm_stop(RUN_STATE_IO_ERROR);
2782         bdrv_iostatus_set_err(bs, error);
2783     }
2784 }
2785 
2786 int bdrv_is_read_only(BlockDriverState *bs)
2787 {
2788     return bs->read_only;
2789 }
2790 
2791 int bdrv_is_sg(BlockDriverState *bs)
2792 {
2793     return bs->sg;
2794 }
2795 
2796 int bdrv_enable_write_cache(BlockDriverState *bs)
2797 {
2798     return bs->enable_write_cache;
2799 }
2800 
2801 void bdrv_set_enable_write_cache(BlockDriverState *bs, bool wce)
2802 {
2803     bs->enable_write_cache = wce;
2804 
2805     /* so a reopen() will preserve wce */
2806     if (wce) {
2807         bs->open_flags |= BDRV_O_CACHE_WB;
2808     } else {
2809         bs->open_flags &= ~BDRV_O_CACHE_WB;
2810     }
2811 }
2812 
2813 int bdrv_is_encrypted(BlockDriverState *bs)
2814 {
2815     if (bs->backing_hd && bs->backing_hd->encrypted)
2816         return 1;
2817     return bs->encrypted;
2818 }
2819 
2820 int bdrv_key_required(BlockDriverState *bs)
2821 {
2822     BlockDriverState *backing_hd = bs->backing_hd;
2823 
2824     if (backing_hd && backing_hd->encrypted && !backing_hd->valid_key)
2825         return 1;
2826     return (bs->encrypted && !bs->valid_key);
2827 }
2828 
2829 int bdrv_set_key(BlockDriverState *bs, const char *key)
2830 {
2831     int ret;
2832     if (bs->backing_hd && bs->backing_hd->encrypted) {
2833         ret = bdrv_set_key(bs->backing_hd, key);
2834         if (ret < 0)
2835             return ret;
2836         if (!bs->encrypted)
2837             return 0;
2838     }
2839     if (!bs->encrypted) {
2840         return -EINVAL;
2841     } else if (!bs->drv || !bs->drv->bdrv_set_key) {
2842         return -ENOMEDIUM;
2843     }
2844     ret = bs->drv->bdrv_set_key(bs, key);
2845     if (ret < 0) {
2846         bs->valid_key = 0;
2847     } else if (!bs->valid_key) {
2848         bs->valid_key = 1;
2849         /* call the change callback now, we skipped it on open */
2850         bdrv_dev_change_media_cb(bs, true);
2851     }
2852     return ret;
2853 }
2854 
2855 const char *bdrv_get_format_name(BlockDriverState *bs)
2856 {
2857     return bs->drv ? bs->drv->format_name : NULL;
2858 }
2859 
2860 void bdrv_iterate_format(void (*it)(void *opaque, const char *name),
2861                          void *opaque)
2862 {
2863     BlockDriver *drv;
2864 
2865     QLIST_FOREACH(drv, &bdrv_drivers, list) {
2866         it(opaque, drv->format_name);
2867     }
2868 }
2869 
2870 BlockDriverState *bdrv_find(const char *name)
2871 {
2872     BlockDriverState *bs;
2873 
2874     QTAILQ_FOREACH(bs, &bdrv_states, list) {
2875         if (!strcmp(name, bs->device_name)) {
2876             return bs;
2877         }
2878     }
2879     return NULL;
2880 }
2881 
2882 BlockDriverState *bdrv_next(BlockDriverState *bs)
2883 {
2884     if (!bs) {
2885         return QTAILQ_FIRST(&bdrv_states);
2886     }
2887     return QTAILQ_NEXT(bs, list);
2888 }
2889 
2890 void bdrv_iterate(void (*it)(void *opaque, BlockDriverState *bs), void *opaque)
2891 {
2892     BlockDriverState *bs;
2893 
2894     QTAILQ_FOREACH(bs, &bdrv_states, list) {
2895         it(opaque, bs);
2896     }
2897 }
2898 
2899 const char *bdrv_get_device_name(BlockDriverState *bs)
2900 {
2901     return bs->device_name;
2902 }
2903 
2904 int bdrv_get_flags(BlockDriverState *bs)
2905 {
2906     return bs->open_flags;
2907 }
2908 
2909 void bdrv_flush_all(void)
2910 {
2911     BlockDriverState *bs;
2912 
2913     QTAILQ_FOREACH(bs, &bdrv_states, list) {
2914         bdrv_flush(bs);
2915     }
2916 }
2917 
2918 int bdrv_has_zero_init(BlockDriverState *bs)
2919 {
2920     assert(bs->drv);
2921 
2922     if (bs->drv->bdrv_has_zero_init) {
2923         return bs->drv->bdrv_has_zero_init(bs);
2924     }
2925 
2926     return 1;
2927 }
2928 
2929 typedef struct BdrvCoIsAllocatedData {
2930     BlockDriverState *bs;
2931     BlockDriverState *base;
2932     int64_t sector_num;
2933     int nb_sectors;
2934     int *pnum;
2935     int ret;
2936     bool done;
2937 } BdrvCoIsAllocatedData;
2938 
2939 /*
2940  * Returns true iff the specified sector is present in the disk image. Drivers
2941  * not implementing the functionality are assumed to not support backing files,
2942  * hence all their sectors are reported as allocated.
2943  *
2944  * If 'sector_num' is beyond the end of the disk image the return value is 0
2945  * and 'pnum' is set to 0.
2946  *
2947  * 'pnum' is set to the number of sectors (including and immediately following
2948  * the specified sector) that are known to be in the same
2949  * allocated/unallocated state.
2950  *
2951  * 'nb_sectors' is the max value 'pnum' should be set to.  If nb_sectors goes
2952  * beyond the end of the disk image it will be clamped.
2953  */
2954 int coroutine_fn bdrv_co_is_allocated(BlockDriverState *bs, int64_t sector_num,
2955                                       int nb_sectors, int *pnum)
2956 {
2957     int64_t n;
2958 
2959     if (sector_num >= bs->total_sectors) {
2960         *pnum = 0;
2961         return 0;
2962     }
2963 
2964     n = bs->total_sectors - sector_num;
2965     if (n < nb_sectors) {
2966         nb_sectors = n;
2967     }
2968 
2969     if (!bs->drv->bdrv_co_is_allocated) {
2970         *pnum = nb_sectors;
2971         return 1;
2972     }
2973 
2974     return bs->drv->bdrv_co_is_allocated(bs, sector_num, nb_sectors, pnum);
2975 }
2976 
2977 /* Coroutine wrapper for bdrv_is_allocated() */
2978 static void coroutine_fn bdrv_is_allocated_co_entry(void *opaque)
2979 {
2980     BdrvCoIsAllocatedData *data = opaque;
2981     BlockDriverState *bs = data->bs;
2982 
2983     data->ret = bdrv_co_is_allocated(bs, data->sector_num, data->nb_sectors,
2984                                      data->pnum);
2985     data->done = true;
2986 }
2987 
2988 /*
2989  * Synchronous wrapper around bdrv_co_is_allocated().
2990  *
2991  * See bdrv_co_is_allocated() for details.
2992  */
2993 int bdrv_is_allocated(BlockDriverState *bs, int64_t sector_num, int nb_sectors,
2994                       int *pnum)
2995 {
2996     Coroutine *co;
2997     BdrvCoIsAllocatedData data = {
2998         .bs = bs,
2999         .sector_num = sector_num,
3000         .nb_sectors = nb_sectors,
3001         .pnum = pnum,
3002         .done = false,
3003     };
3004 
3005     co = qemu_coroutine_create(bdrv_is_allocated_co_entry);
3006     qemu_coroutine_enter(co, &data);
3007     while (!data.done) {
3008         qemu_aio_wait();
3009     }
3010     return data.ret;
3011 }
3012 
3013 /*
3014  * Given an image chain: ... -> [BASE] -> [INTER1] -> [INTER2] -> [TOP]
3015  *
3016  * Return true if the given sector is allocated in any image between
3017  * BASE and TOP (inclusive).  BASE can be NULL to check if the given
3018  * sector is allocated in any image of the chain.  Return false otherwise.
3019  *
3020  * 'pnum' is set to the number of sectors (including and immediately following
3021  *  the specified sector) that are known to be in the same
3022  *  allocated/unallocated state.
3023  *
3024  */
3025 int coroutine_fn bdrv_co_is_allocated_above(BlockDriverState *top,
3026                                             BlockDriverState *base,
3027                                             int64_t sector_num,
3028                                             int nb_sectors, int *pnum)
3029 {
3030     BlockDriverState *intermediate;
3031     int ret, n = nb_sectors;
3032 
3033     intermediate = top;
3034     while (intermediate && intermediate != base) {
3035         int pnum_inter;
3036         ret = bdrv_co_is_allocated(intermediate, sector_num, nb_sectors,
3037                                    &pnum_inter);
3038         if (ret < 0) {
3039             return ret;
3040         } else if (ret) {
3041             *pnum = pnum_inter;
3042             return 1;
3043         }
3044 
3045         /*
3046          * [sector_num, nb_sectors] is unallocated on top but intermediate
3047          * might have
3048          *
3049          * [sector_num+x, nr_sectors] allocated.
3050          */
3051         if (n > pnum_inter &&
3052             (intermediate == top ||
3053              sector_num + pnum_inter < intermediate->total_sectors)) {
3054             n = pnum_inter;
3055         }
3056 
3057         intermediate = intermediate->backing_hd;
3058     }
3059 
3060     *pnum = n;
3061     return 0;
3062 }
3063 
3064 /* Coroutine wrapper for bdrv_is_allocated_above() */
3065 static void coroutine_fn bdrv_is_allocated_above_co_entry(void *opaque)
3066 {
3067     BdrvCoIsAllocatedData *data = opaque;
3068     BlockDriverState *top = data->bs;
3069     BlockDriverState *base = data->base;
3070 
3071     data->ret = bdrv_co_is_allocated_above(top, base, data->sector_num,
3072                                            data->nb_sectors, data->pnum);
3073     data->done = true;
3074 }
3075 
3076 /*
3077  * Synchronous wrapper around bdrv_co_is_allocated_above().
3078  *
3079  * See bdrv_co_is_allocated_above() for details.
3080  */
3081 int bdrv_is_allocated_above(BlockDriverState *top, BlockDriverState *base,
3082                             int64_t sector_num, int nb_sectors, int *pnum)
3083 {
3084     Coroutine *co;
3085     BdrvCoIsAllocatedData data = {
3086         .bs = top,
3087         .base = base,
3088         .sector_num = sector_num,
3089         .nb_sectors = nb_sectors,
3090         .pnum = pnum,
3091         .done = false,
3092     };
3093 
3094     co = qemu_coroutine_create(bdrv_is_allocated_above_co_entry);
3095     qemu_coroutine_enter(co, &data);
3096     while (!data.done) {
3097         qemu_aio_wait();
3098     }
3099     return data.ret;
3100 }
3101 
3102 BlockInfo *bdrv_query_info(BlockDriverState *bs)
3103 {
3104     BlockInfo *info = g_malloc0(sizeof(*info));
3105     info->device = g_strdup(bs->device_name);
3106     info->type = g_strdup("unknown");
3107     info->locked = bdrv_dev_is_medium_locked(bs);
3108     info->removable = bdrv_dev_has_removable_media(bs);
3109 
3110     if (bdrv_dev_has_removable_media(bs)) {
3111         info->has_tray_open = true;
3112         info->tray_open = bdrv_dev_is_tray_open(bs);
3113     }
3114 
3115     if (bdrv_iostatus_is_enabled(bs)) {
3116         info->has_io_status = true;
3117         info->io_status = bs->iostatus;
3118     }
3119 
3120     if (bs->dirty_bitmap) {
3121         info->has_dirty = true;
3122         info->dirty = g_malloc0(sizeof(*info->dirty));
3123         info->dirty->count = bdrv_get_dirty_count(bs) * BDRV_SECTOR_SIZE;
3124         info->dirty->granularity =
3125             ((int64_t) BDRV_SECTOR_SIZE << hbitmap_granularity(bs->dirty_bitmap));
3126     }
3127 
3128     if (bs->drv) {
3129         info->has_inserted = true;
3130         info->inserted = g_malloc0(sizeof(*info->inserted));
3131         info->inserted->file = g_strdup(bs->filename);
3132         info->inserted->ro = bs->read_only;
3133         info->inserted->drv = g_strdup(bs->drv->format_name);
3134         info->inserted->encrypted = bs->encrypted;
3135         info->inserted->encryption_key_missing = bdrv_key_required(bs);
3136 
3137         if (bs->backing_file[0]) {
3138             info->inserted->has_backing_file = true;
3139             info->inserted->backing_file = g_strdup(bs->backing_file);
3140         }
3141 
3142         info->inserted->backing_file_depth = bdrv_get_backing_file_depth(bs);
3143 
3144         if (bs->io_limits_enabled) {
3145             info->inserted->bps =
3146                            bs->io_limits.bps[BLOCK_IO_LIMIT_TOTAL];
3147             info->inserted->bps_rd =
3148                            bs->io_limits.bps[BLOCK_IO_LIMIT_READ];
3149             info->inserted->bps_wr =
3150                            bs->io_limits.bps[BLOCK_IO_LIMIT_WRITE];
3151             info->inserted->iops =
3152                            bs->io_limits.iops[BLOCK_IO_LIMIT_TOTAL];
3153             info->inserted->iops_rd =
3154                            bs->io_limits.iops[BLOCK_IO_LIMIT_READ];
3155             info->inserted->iops_wr =
3156                            bs->io_limits.iops[BLOCK_IO_LIMIT_WRITE];
3157         }
3158     }
3159     return info;
3160 }
3161 
3162 BlockInfoList *qmp_query_block(Error **errp)
3163 {
3164     BlockInfoList *head = NULL, **p_next = &head;
3165     BlockDriverState *bs;
3166 
3167     QTAILQ_FOREACH(bs, &bdrv_states, list) {
3168         BlockInfoList *info = g_malloc0(sizeof(*info));
3169         info->value = bdrv_query_info(bs);
3170 
3171         *p_next = info;
3172         p_next = &info->next;
3173     }
3174 
3175     return head;
3176 }
3177 
3178 BlockStats *bdrv_query_stats(const BlockDriverState *bs)
3179 {
3180     BlockStats *s;
3181 
3182     s = g_malloc0(sizeof(*s));
3183 
3184     if (bs->device_name[0]) {
3185         s->has_device = true;
3186         s->device = g_strdup(bs->device_name);
3187     }
3188 
3189     s->stats = g_malloc0(sizeof(*s->stats));
3190     s->stats->rd_bytes = bs->nr_bytes[BDRV_ACCT_READ];
3191     s->stats->wr_bytes = bs->nr_bytes[BDRV_ACCT_WRITE];
3192     s->stats->rd_operations = bs->nr_ops[BDRV_ACCT_READ];
3193     s->stats->wr_operations = bs->nr_ops[BDRV_ACCT_WRITE];
3194     s->stats->wr_highest_offset = bs->wr_highest_sector * BDRV_SECTOR_SIZE;
3195     s->stats->flush_operations = bs->nr_ops[BDRV_ACCT_FLUSH];
3196     s->stats->wr_total_time_ns = bs->total_time_ns[BDRV_ACCT_WRITE];
3197     s->stats->rd_total_time_ns = bs->total_time_ns[BDRV_ACCT_READ];
3198     s->stats->flush_total_time_ns = bs->total_time_ns[BDRV_ACCT_FLUSH];
3199 
3200     if (bs->file) {
3201         s->has_parent = true;
3202         s->parent = bdrv_query_stats(bs->file);
3203     }
3204 
3205     return s;
3206 }
3207 
3208 BlockStatsList *qmp_query_blockstats(Error **errp)
3209 {
3210     BlockStatsList *head = NULL, **p_next = &head;
3211     BlockDriverState *bs;
3212 
3213     QTAILQ_FOREACH(bs, &bdrv_states, list) {
3214         BlockStatsList *info = g_malloc0(sizeof(*info));
3215         info->value = bdrv_query_stats(bs);
3216 
3217         *p_next = info;
3218         p_next = &info->next;
3219     }
3220 
3221     return head;
3222 }
3223 
3224 const char *bdrv_get_encrypted_filename(BlockDriverState *bs)
3225 {
3226     if (bs->backing_hd && bs->backing_hd->encrypted)
3227         return bs->backing_file;
3228     else if (bs->encrypted)
3229         return bs->filename;
3230     else
3231         return NULL;
3232 }
3233 
3234 void bdrv_get_backing_filename(BlockDriverState *bs,
3235                                char *filename, int filename_size)
3236 {
3237     pstrcpy(filename, filename_size, bs->backing_file);
3238 }
3239 
3240 int bdrv_write_compressed(BlockDriverState *bs, int64_t sector_num,
3241                           const uint8_t *buf, int nb_sectors)
3242 {
3243     BlockDriver *drv = bs->drv;
3244     if (!drv)
3245         return -ENOMEDIUM;
3246     if (!drv->bdrv_write_compressed)
3247         return -ENOTSUP;
3248     if (bdrv_check_request(bs, sector_num, nb_sectors))
3249         return -EIO;
3250 
3251     assert(!bs->dirty_bitmap);
3252 
3253     return drv->bdrv_write_compressed(bs, sector_num, buf, nb_sectors);
3254 }
3255 
3256 int bdrv_get_info(BlockDriverState *bs, BlockDriverInfo *bdi)
3257 {
3258     BlockDriver *drv = bs->drv;
3259     if (!drv)
3260         return -ENOMEDIUM;
3261     if (!drv->bdrv_get_info)
3262         return -ENOTSUP;
3263     memset(bdi, 0, sizeof(*bdi));
3264     return drv->bdrv_get_info(bs, bdi);
3265 }
3266 
3267 int bdrv_save_vmstate(BlockDriverState *bs, const uint8_t *buf,
3268                       int64_t pos, int size)
3269 {
3270     QEMUIOVector qiov;
3271     struct iovec iov = {
3272         .iov_base   = (void *) buf,
3273         .iov_len    = size,
3274     };
3275 
3276     qemu_iovec_init_external(&qiov, &iov, 1);
3277     return bdrv_writev_vmstate(bs, &qiov, pos);
3278 }
3279 
3280 int bdrv_writev_vmstate(BlockDriverState *bs, QEMUIOVector *qiov, int64_t pos)
3281 {
3282     BlockDriver *drv = bs->drv;
3283 
3284     if (!drv) {
3285         return -ENOMEDIUM;
3286     } else if (drv->bdrv_save_vmstate) {
3287         return drv->bdrv_save_vmstate(bs, qiov, pos);
3288     } else if (bs->file) {
3289         return bdrv_writev_vmstate(bs->file, qiov, pos);
3290     }
3291 
3292     return -ENOTSUP;
3293 }
3294 
3295 int bdrv_load_vmstate(BlockDriverState *bs, uint8_t *buf,
3296                       int64_t pos, int size)
3297 {
3298     BlockDriver *drv = bs->drv;
3299     if (!drv)
3300         return -ENOMEDIUM;
3301     if (drv->bdrv_load_vmstate)
3302         return drv->bdrv_load_vmstate(bs, buf, pos, size);
3303     if (bs->file)
3304         return bdrv_load_vmstate(bs->file, buf, pos, size);
3305     return -ENOTSUP;
3306 }
3307 
3308 void bdrv_debug_event(BlockDriverState *bs, BlkDebugEvent event)
3309 {
3310     BlockDriver *drv = bs->drv;
3311 
3312     if (!drv || !drv->bdrv_debug_event) {
3313         return;
3314     }
3315 
3316     drv->bdrv_debug_event(bs, event);
3317 }
3318 
3319 int bdrv_debug_breakpoint(BlockDriverState *bs, const char *event,
3320                           const char *tag)
3321 {
3322     while (bs && bs->drv && !bs->drv->bdrv_debug_breakpoint) {
3323         bs = bs->file;
3324     }
3325 
3326     if (bs && bs->drv && bs->drv->bdrv_debug_breakpoint) {
3327         return bs->drv->bdrv_debug_breakpoint(bs, event, tag);
3328     }
3329 
3330     return -ENOTSUP;
3331 }
3332 
3333 int bdrv_debug_resume(BlockDriverState *bs, const char *tag)
3334 {
3335     while (bs && bs->drv && !bs->drv->bdrv_debug_resume) {
3336         bs = bs->file;
3337     }
3338 
3339     if (bs && bs->drv && bs->drv->bdrv_debug_resume) {
3340         return bs->drv->bdrv_debug_resume(bs, tag);
3341     }
3342 
3343     return -ENOTSUP;
3344 }
3345 
3346 bool bdrv_debug_is_suspended(BlockDriverState *bs, const char *tag)
3347 {
3348     while (bs && bs->drv && !bs->drv->bdrv_debug_is_suspended) {
3349         bs = bs->file;
3350     }
3351 
3352     if (bs && bs->drv && bs->drv->bdrv_debug_is_suspended) {
3353         return bs->drv->bdrv_debug_is_suspended(bs, tag);
3354     }
3355 
3356     return false;
3357 }
3358 
3359 /**************************************************************/
3360 /* handling of snapshots */
3361 
3362 int bdrv_can_snapshot(BlockDriverState *bs)
3363 {
3364     BlockDriver *drv = bs->drv;
3365     if (!drv || !bdrv_is_inserted(bs) || bdrv_is_read_only(bs)) {
3366         return 0;
3367     }
3368 
3369     if (!drv->bdrv_snapshot_create) {
3370         if (bs->file != NULL) {
3371             return bdrv_can_snapshot(bs->file);
3372         }
3373         return 0;
3374     }
3375 
3376     return 1;
3377 }
3378 
3379 int bdrv_is_snapshot(BlockDriverState *bs)
3380 {
3381     return !!(bs->open_flags & BDRV_O_SNAPSHOT);
3382 }
3383 
3384 BlockDriverState *bdrv_snapshots(void)
3385 {
3386     BlockDriverState *bs;
3387 
3388     if (bs_snapshots) {
3389         return bs_snapshots;
3390     }
3391 
3392     bs = NULL;
3393     while ((bs = bdrv_next(bs))) {
3394         if (bdrv_can_snapshot(bs)) {
3395             bs_snapshots = bs;
3396             return bs;
3397         }
3398     }
3399     return NULL;
3400 }
3401 
3402 int bdrv_snapshot_create(BlockDriverState *bs,
3403                          QEMUSnapshotInfo *sn_info)
3404 {
3405     BlockDriver *drv = bs->drv;
3406     if (!drv)
3407         return -ENOMEDIUM;
3408     if (drv->bdrv_snapshot_create)
3409         return drv->bdrv_snapshot_create(bs, sn_info);
3410     if (bs->file)
3411         return bdrv_snapshot_create(bs->file, sn_info);
3412     return -ENOTSUP;
3413 }
3414 
3415 int bdrv_snapshot_goto(BlockDriverState *bs,
3416                        const char *snapshot_id)
3417 {
3418     BlockDriver *drv = bs->drv;
3419     int ret, open_ret;
3420 
3421     if (!drv)
3422         return -ENOMEDIUM;
3423     if (drv->bdrv_snapshot_goto)
3424         return drv->bdrv_snapshot_goto(bs, snapshot_id);
3425 
3426     if (bs->file) {
3427         drv->bdrv_close(bs);
3428         ret = bdrv_snapshot_goto(bs->file, snapshot_id);
3429         open_ret = drv->bdrv_open(bs, NULL, bs->open_flags);
3430         if (open_ret < 0) {
3431             bdrv_delete(bs->file);
3432             bs->drv = NULL;
3433             return open_ret;
3434         }
3435         return ret;
3436     }
3437 
3438     return -ENOTSUP;
3439 }
3440 
3441 int bdrv_snapshot_delete(BlockDriverState *bs, const char *snapshot_id)
3442 {
3443     BlockDriver *drv = bs->drv;
3444     if (!drv)
3445         return -ENOMEDIUM;
3446     if (drv->bdrv_snapshot_delete)
3447         return drv->bdrv_snapshot_delete(bs, snapshot_id);
3448     if (bs->file)
3449         return bdrv_snapshot_delete(bs->file, snapshot_id);
3450     return -ENOTSUP;
3451 }
3452 
3453 int bdrv_snapshot_list(BlockDriverState *bs,
3454                        QEMUSnapshotInfo **psn_info)
3455 {
3456     BlockDriver *drv = bs->drv;
3457     if (!drv)
3458         return -ENOMEDIUM;
3459     if (drv->bdrv_snapshot_list)
3460         return drv->bdrv_snapshot_list(bs, psn_info);
3461     if (bs->file)
3462         return bdrv_snapshot_list(bs->file, psn_info);
3463     return -ENOTSUP;
3464 }
3465 
3466 int bdrv_snapshot_load_tmp(BlockDriverState *bs,
3467         const char *snapshot_name)
3468 {
3469     BlockDriver *drv = bs->drv;
3470     if (!drv) {
3471         return -ENOMEDIUM;
3472     }
3473     if (!bs->read_only) {
3474         return -EINVAL;
3475     }
3476     if (drv->bdrv_snapshot_load_tmp) {
3477         return drv->bdrv_snapshot_load_tmp(bs, snapshot_name);
3478     }
3479     return -ENOTSUP;
3480 }
3481 
3482 /* backing_file can either be relative, or absolute, or a protocol.  If it is
3483  * relative, it must be relative to the chain.  So, passing in bs->filename
3484  * from a BDS as backing_file should not be done, as that may be relative to
3485  * the CWD rather than the chain. */
3486 BlockDriverState *bdrv_find_backing_image(BlockDriverState *bs,
3487         const char *backing_file)
3488 {
3489     char *filename_full = NULL;
3490     char *backing_file_full = NULL;
3491     char *filename_tmp = NULL;
3492     int is_protocol = 0;
3493     BlockDriverState *curr_bs = NULL;
3494     BlockDriverState *retval = NULL;
3495 
3496     if (!bs || !bs->drv || !backing_file) {
3497         return NULL;
3498     }
3499 
3500     filename_full     = g_malloc(PATH_MAX);
3501     backing_file_full = g_malloc(PATH_MAX);
3502     filename_tmp      = g_malloc(PATH_MAX);
3503 
3504     is_protocol = path_has_protocol(backing_file);
3505 
3506     for (curr_bs = bs; curr_bs->backing_hd; curr_bs = curr_bs->backing_hd) {
3507 
3508         /* If either of the filename paths is actually a protocol, then
3509          * compare unmodified paths; otherwise make paths relative */
3510         if (is_protocol || path_has_protocol(curr_bs->backing_file)) {
3511             if (strcmp(backing_file, curr_bs->backing_file) == 0) {
3512                 retval = curr_bs->backing_hd;
3513                 break;
3514             }
3515         } else {
3516             /* If not an absolute filename path, make it relative to the current
3517              * image's filename path */
3518             path_combine(filename_tmp, PATH_MAX, curr_bs->filename,
3519                          backing_file);
3520 
3521             /* We are going to compare absolute pathnames */
3522             if (!realpath(filename_tmp, filename_full)) {
3523                 continue;
3524             }
3525 
3526             /* We need to make sure the backing filename we are comparing against
3527              * is relative to the current image filename (or absolute) */
3528             path_combine(filename_tmp, PATH_MAX, curr_bs->filename,
3529                          curr_bs->backing_file);
3530 
3531             if (!realpath(filename_tmp, backing_file_full)) {
3532                 continue;
3533             }
3534 
3535             if (strcmp(backing_file_full, filename_full) == 0) {
3536                 retval = curr_bs->backing_hd;
3537                 break;
3538             }
3539         }
3540     }
3541 
3542     g_free(filename_full);
3543     g_free(backing_file_full);
3544     g_free(filename_tmp);
3545     return retval;
3546 }
3547 
3548 int bdrv_get_backing_file_depth(BlockDriverState *bs)
3549 {
3550     if (!bs->drv) {
3551         return 0;
3552     }
3553 
3554     if (!bs->backing_hd) {
3555         return 0;
3556     }
3557 
3558     return 1 + bdrv_get_backing_file_depth(bs->backing_hd);
3559 }
3560 
3561 BlockDriverState *bdrv_find_base(BlockDriverState *bs)
3562 {
3563     BlockDriverState *curr_bs = NULL;
3564 
3565     if (!bs) {
3566         return NULL;
3567     }
3568 
3569     curr_bs = bs;
3570 
3571     while (curr_bs->backing_hd) {
3572         curr_bs = curr_bs->backing_hd;
3573     }
3574     return curr_bs;
3575 }
3576 
3577 #define NB_SUFFIXES 4
3578 
3579 char *get_human_readable_size(char *buf, int buf_size, int64_t size)
3580 {
3581     static const char suffixes[NB_SUFFIXES] = "KMGT";
3582     int64_t base;
3583     int i;
3584 
3585     if (size <= 999) {
3586         snprintf(buf, buf_size, "%" PRId64, size);
3587     } else {
3588         base = 1024;
3589         for(i = 0; i < NB_SUFFIXES; i++) {
3590             if (size < (10 * base)) {
3591                 snprintf(buf, buf_size, "%0.1f%c",
3592                          (double)size / base,
3593                          suffixes[i]);
3594                 break;
3595             } else if (size < (1000 * base) || i == (NB_SUFFIXES - 1)) {
3596                 snprintf(buf, buf_size, "%" PRId64 "%c",
3597                          ((size + (base >> 1)) / base),
3598                          suffixes[i]);
3599                 break;
3600             }
3601             base = base * 1024;
3602         }
3603     }
3604     return buf;
3605 }
3606 
3607 char *bdrv_snapshot_dump(char *buf, int buf_size, QEMUSnapshotInfo *sn)
3608 {
3609     char buf1[128], date_buf[128], clock_buf[128];
3610     struct tm tm;
3611     time_t ti;
3612     int64_t secs;
3613 
3614     if (!sn) {
3615         snprintf(buf, buf_size,
3616                  "%-10s%-20s%7s%20s%15s",
3617                  "ID", "TAG", "VM SIZE", "DATE", "VM CLOCK");
3618     } else {
3619         ti = sn->date_sec;
3620         localtime_r(&ti, &tm);
3621         strftime(date_buf, sizeof(date_buf),
3622                  "%Y-%m-%d %H:%M:%S", &tm);
3623         secs = sn->vm_clock_nsec / 1000000000;
3624         snprintf(clock_buf, sizeof(clock_buf),
3625                  "%02d:%02d:%02d.%03d",
3626                  (int)(secs / 3600),
3627                  (int)((secs / 60) % 60),
3628                  (int)(secs % 60),
3629                  (int)((sn->vm_clock_nsec / 1000000) % 1000));
3630         snprintf(buf, buf_size,
3631                  "%-10s%-20s%7s%20s%15s",
3632                  sn->id_str, sn->name,
3633                  get_human_readable_size(buf1, sizeof(buf1), sn->vm_state_size),
3634                  date_buf,
3635                  clock_buf);
3636     }
3637     return buf;
3638 }
3639 
3640 /**************************************************************/
3641 /* async I/Os */
3642 
3643 BlockDriverAIOCB *bdrv_aio_readv(BlockDriverState *bs, int64_t sector_num,
3644                                  QEMUIOVector *qiov, int nb_sectors,
3645                                  BlockDriverCompletionFunc *cb, void *opaque)
3646 {
3647     trace_bdrv_aio_readv(bs, sector_num, nb_sectors, opaque);
3648 
3649     return bdrv_co_aio_rw_vector(bs, sector_num, qiov, nb_sectors,
3650                                  cb, opaque, false);
3651 }
3652 
3653 BlockDriverAIOCB *bdrv_aio_writev(BlockDriverState *bs, int64_t sector_num,
3654                                   QEMUIOVector *qiov, int nb_sectors,
3655                                   BlockDriverCompletionFunc *cb, void *opaque)
3656 {
3657     trace_bdrv_aio_writev(bs, sector_num, nb_sectors, opaque);
3658 
3659     return bdrv_co_aio_rw_vector(bs, sector_num, qiov, nb_sectors,
3660                                  cb, opaque, true);
3661 }
3662 
3663 
3664 typedef struct MultiwriteCB {
3665     int error;
3666     int num_requests;
3667     int num_callbacks;
3668     struct {
3669         BlockDriverCompletionFunc *cb;
3670         void *opaque;
3671         QEMUIOVector *free_qiov;
3672     } callbacks[];
3673 } MultiwriteCB;
3674 
3675 static void multiwrite_user_cb(MultiwriteCB *mcb)
3676 {
3677     int i;
3678 
3679     for (i = 0; i < mcb->num_callbacks; i++) {
3680         mcb->callbacks[i].cb(mcb->callbacks[i].opaque, mcb->error);
3681         if (mcb->callbacks[i].free_qiov) {
3682             qemu_iovec_destroy(mcb->callbacks[i].free_qiov);
3683         }
3684         g_free(mcb->callbacks[i].free_qiov);
3685     }
3686 }
3687 
3688 static void multiwrite_cb(void *opaque, int ret)
3689 {
3690     MultiwriteCB *mcb = opaque;
3691 
3692     trace_multiwrite_cb(mcb, ret);
3693 
3694     if (ret < 0 && !mcb->error) {
3695         mcb->error = ret;
3696     }
3697 
3698     mcb->num_requests--;
3699     if (mcb->num_requests == 0) {
3700         multiwrite_user_cb(mcb);
3701         g_free(mcb);
3702     }
3703 }
3704 
3705 static int multiwrite_req_compare(const void *a, const void *b)
3706 {
3707     const BlockRequest *req1 = a, *req2 = b;
3708 
3709     /*
3710      * Note that we can't simply subtract req2->sector from req1->sector
3711      * here as that could overflow the return value.
3712      */
3713     if (req1->sector > req2->sector) {
3714         return 1;
3715     } else if (req1->sector < req2->sector) {
3716         return -1;
3717     } else {
3718         return 0;
3719     }
3720 }
3721 
3722 /*
3723  * Takes a bunch of requests and tries to merge them. Returns the number of
3724  * requests that remain after merging.
3725  */
3726 static int multiwrite_merge(BlockDriverState *bs, BlockRequest *reqs,
3727     int num_reqs, MultiwriteCB *mcb)
3728 {
3729     int i, outidx;
3730 
3731     // Sort requests by start sector
3732     qsort(reqs, num_reqs, sizeof(*reqs), &multiwrite_req_compare);
3733 
3734     // Check if adjacent requests touch the same clusters. If so, combine them,
3735     // filling up gaps with zero sectors.
3736     outidx = 0;
3737     for (i = 1; i < num_reqs; i++) {
3738         int merge = 0;
3739         int64_t oldreq_last = reqs[outidx].sector + reqs[outidx].nb_sectors;
3740 
3741         // Handle exactly sequential writes and overlapping writes.
3742         if (reqs[i].sector <= oldreq_last) {
3743             merge = 1;
3744         }
3745 
3746         if (reqs[outidx].qiov->niov + reqs[i].qiov->niov + 1 > IOV_MAX) {
3747             merge = 0;
3748         }
3749 
3750         if (merge) {
3751             size_t size;
3752             QEMUIOVector *qiov = g_malloc0(sizeof(*qiov));
3753             qemu_iovec_init(qiov,
3754                 reqs[outidx].qiov->niov + reqs[i].qiov->niov + 1);
3755 
3756             // Add the first request to the merged one. If the requests are
3757             // overlapping, drop the last sectors of the first request.
3758             size = (reqs[i].sector - reqs[outidx].sector) << 9;
3759             qemu_iovec_concat(qiov, reqs[outidx].qiov, 0, size);
3760 
3761             // We should need to add any zeros between the two requests
3762             assert (reqs[i].sector <= oldreq_last);
3763 
3764             // Add the second request
3765             qemu_iovec_concat(qiov, reqs[i].qiov, 0, reqs[i].qiov->size);
3766 
3767             reqs[outidx].nb_sectors = qiov->size >> 9;
3768             reqs[outidx].qiov = qiov;
3769 
3770             mcb->callbacks[i].free_qiov = reqs[outidx].qiov;
3771         } else {
3772             outidx++;
3773             reqs[outidx].sector     = reqs[i].sector;
3774             reqs[outidx].nb_sectors = reqs[i].nb_sectors;
3775             reqs[outidx].qiov       = reqs[i].qiov;
3776         }
3777     }
3778 
3779     return outidx + 1;
3780 }
3781 
3782 /*
3783  * Submit multiple AIO write requests at once.
3784  *
3785  * On success, the function returns 0 and all requests in the reqs array have
3786  * been submitted. In error case this function returns -1, and any of the
3787  * requests may or may not be submitted yet. In particular, this means that the
3788  * callback will be called for some of the requests, for others it won't. The
3789  * caller must check the error field of the BlockRequest to wait for the right
3790  * callbacks (if error != 0, no callback will be called).
3791  *
3792  * The implementation may modify the contents of the reqs array, e.g. to merge
3793  * requests. However, the fields opaque and error are left unmodified as they
3794  * are used to signal failure for a single request to the caller.
3795  */
3796 int bdrv_aio_multiwrite(BlockDriverState *bs, BlockRequest *reqs, int num_reqs)
3797 {
3798     MultiwriteCB *mcb;
3799     int i;
3800 
3801     /* don't submit writes if we don't have a medium */
3802     if (bs->drv == NULL) {
3803         for (i = 0; i < num_reqs; i++) {
3804             reqs[i].error = -ENOMEDIUM;
3805         }
3806         return -1;
3807     }
3808 
3809     if (num_reqs == 0) {
3810         return 0;
3811     }
3812 
3813     // Create MultiwriteCB structure
3814     mcb = g_malloc0(sizeof(*mcb) + num_reqs * sizeof(*mcb->callbacks));
3815     mcb->num_requests = 0;
3816     mcb->num_callbacks = num_reqs;
3817 
3818     for (i = 0; i < num_reqs; i++) {
3819         mcb->callbacks[i].cb = reqs[i].cb;
3820         mcb->callbacks[i].opaque = reqs[i].opaque;
3821     }
3822 
3823     // Check for mergable requests
3824     num_reqs = multiwrite_merge(bs, reqs, num_reqs, mcb);
3825 
3826     trace_bdrv_aio_multiwrite(mcb, mcb->num_callbacks, num_reqs);
3827 
3828     /* Run the aio requests. */
3829     mcb->num_requests = num_reqs;
3830     for (i = 0; i < num_reqs; i++) {
3831         bdrv_aio_writev(bs, reqs[i].sector, reqs[i].qiov,
3832             reqs[i].nb_sectors, multiwrite_cb, mcb);
3833     }
3834 
3835     return 0;
3836 }
3837 
3838 void bdrv_aio_cancel(BlockDriverAIOCB *acb)
3839 {
3840     acb->aiocb_info->cancel(acb);
3841 }
3842 
3843 /* block I/O throttling */
3844 static bool bdrv_exceed_bps_limits(BlockDriverState *bs, int nb_sectors,
3845                  bool is_write, double elapsed_time, uint64_t *wait)
3846 {
3847     uint64_t bps_limit = 0;
3848     uint64_t extension;
3849     double   bytes_limit, bytes_base, bytes_res;
3850     double   slice_time, wait_time;
3851 
3852     if (bs->io_limits.bps[BLOCK_IO_LIMIT_TOTAL]) {
3853         bps_limit = bs->io_limits.bps[BLOCK_IO_LIMIT_TOTAL];
3854     } else if (bs->io_limits.bps[is_write]) {
3855         bps_limit = bs->io_limits.bps[is_write];
3856     } else {
3857         if (wait) {
3858             *wait = 0;
3859         }
3860 
3861         return false;
3862     }
3863 
3864     slice_time = bs->slice_end - bs->slice_start;
3865     slice_time /= (NANOSECONDS_PER_SECOND);
3866     bytes_limit = bps_limit * slice_time;
3867     bytes_base  = bs->slice_submitted.bytes[is_write];
3868     if (bs->io_limits.bps[BLOCK_IO_LIMIT_TOTAL]) {
3869         bytes_base += bs->slice_submitted.bytes[!is_write];
3870     }
3871 
3872     /* bytes_base: the bytes of data which have been read/written; and
3873      *             it is obtained from the history statistic info.
3874      * bytes_res: the remaining bytes of data which need to be read/written.
3875      * (bytes_base + bytes_res) / bps_limit: used to calcuate
3876      *             the total time for completing reading/writting all data.
3877      */
3878     bytes_res   = (unsigned) nb_sectors * BDRV_SECTOR_SIZE;
3879 
3880     if (bytes_base + bytes_res <= bytes_limit) {
3881         if (wait) {
3882             *wait = 0;
3883         }
3884 
3885         return false;
3886     }
3887 
3888     /* Calc approx time to dispatch */
3889     wait_time = (bytes_base + bytes_res) / bps_limit - elapsed_time;
3890 
3891     /* When the I/O rate at runtime exceeds the limits,
3892      * bs->slice_end need to be extended in order that the current statistic
3893      * info can be kept until the timer fire, so it is increased and tuned
3894      * based on the result of experiment.
3895      */
3896     extension = wait_time * NANOSECONDS_PER_SECOND;
3897     extension = DIV_ROUND_UP(extension, BLOCK_IO_SLICE_TIME) *
3898                 BLOCK_IO_SLICE_TIME;
3899     bs->slice_end += extension;
3900     if (wait) {
3901         *wait = wait_time * NANOSECONDS_PER_SECOND;
3902     }
3903 
3904     return true;
3905 }
3906 
3907 static bool bdrv_exceed_iops_limits(BlockDriverState *bs, bool is_write,
3908                              double elapsed_time, uint64_t *wait)
3909 {
3910     uint64_t iops_limit = 0;
3911     double   ios_limit, ios_base;
3912     double   slice_time, wait_time;
3913 
3914     if (bs->io_limits.iops[BLOCK_IO_LIMIT_TOTAL]) {
3915         iops_limit = bs->io_limits.iops[BLOCK_IO_LIMIT_TOTAL];
3916     } else if (bs->io_limits.iops[is_write]) {
3917         iops_limit = bs->io_limits.iops[is_write];
3918     } else {
3919         if (wait) {
3920             *wait = 0;
3921         }
3922 
3923         return false;
3924     }
3925 
3926     slice_time = bs->slice_end - bs->slice_start;
3927     slice_time /= (NANOSECONDS_PER_SECOND);
3928     ios_limit  = iops_limit * slice_time;
3929     ios_base   = bs->slice_submitted.ios[is_write];
3930     if (bs->io_limits.iops[BLOCK_IO_LIMIT_TOTAL]) {
3931         ios_base += bs->slice_submitted.ios[!is_write];
3932     }
3933 
3934     if (ios_base + 1 <= ios_limit) {
3935         if (wait) {
3936             *wait = 0;
3937         }
3938 
3939         return false;
3940     }
3941 
3942     /* Calc approx time to dispatch, in seconds */
3943     wait_time = (ios_base + 1) / iops_limit;
3944     if (wait_time > elapsed_time) {
3945         wait_time = wait_time - elapsed_time;
3946     } else {
3947         wait_time = 0;
3948     }
3949 
3950     /* Exceeded current slice, extend it by another slice time */
3951     bs->slice_end += BLOCK_IO_SLICE_TIME;
3952     if (wait) {
3953         *wait = wait_time * NANOSECONDS_PER_SECOND;
3954     }
3955 
3956     return true;
3957 }
3958 
3959 static bool bdrv_exceed_io_limits(BlockDriverState *bs, int nb_sectors,
3960                            bool is_write, int64_t *wait)
3961 {
3962     int64_t  now, max_wait;
3963     uint64_t bps_wait = 0, iops_wait = 0;
3964     double   elapsed_time;
3965     int      bps_ret, iops_ret;
3966 
3967     now = qemu_get_clock_ns(vm_clock);
3968     if (now > bs->slice_end) {
3969         bs->slice_start = now;
3970         bs->slice_end   = now + BLOCK_IO_SLICE_TIME;
3971         memset(&bs->slice_submitted, 0, sizeof(bs->slice_submitted));
3972     }
3973 
3974     elapsed_time  = now - bs->slice_start;
3975     elapsed_time  /= (NANOSECONDS_PER_SECOND);
3976 
3977     bps_ret  = bdrv_exceed_bps_limits(bs, nb_sectors,
3978                                       is_write, elapsed_time, &bps_wait);
3979     iops_ret = bdrv_exceed_iops_limits(bs, is_write,
3980                                       elapsed_time, &iops_wait);
3981     if (bps_ret || iops_ret) {
3982         max_wait = bps_wait > iops_wait ? bps_wait : iops_wait;
3983         if (wait) {
3984             *wait = max_wait;
3985         }
3986 
3987         now = qemu_get_clock_ns(vm_clock);
3988         if (bs->slice_end < now + max_wait) {
3989             bs->slice_end = now + max_wait;
3990         }
3991 
3992         return true;
3993     }
3994 
3995     if (wait) {
3996         *wait = 0;
3997     }
3998 
3999     bs->slice_submitted.bytes[is_write] += (int64_t)nb_sectors *
4000                                            BDRV_SECTOR_SIZE;
4001     bs->slice_submitted.ios[is_write]++;
4002 
4003     return false;
4004 }
4005 
4006 /**************************************************************/
4007 /* async block device emulation */
4008 
4009 typedef struct BlockDriverAIOCBSync {
4010     BlockDriverAIOCB common;
4011     QEMUBH *bh;
4012     int ret;
4013     /* vector translation state */
4014     QEMUIOVector *qiov;
4015     uint8_t *bounce;
4016     int is_write;
4017 } BlockDriverAIOCBSync;
4018 
4019 static void bdrv_aio_cancel_em(BlockDriverAIOCB *blockacb)
4020 {
4021     BlockDriverAIOCBSync *acb =
4022         container_of(blockacb, BlockDriverAIOCBSync, common);
4023     qemu_bh_delete(acb->bh);
4024     acb->bh = NULL;
4025     qemu_aio_release(acb);
4026 }
4027 
4028 static const AIOCBInfo bdrv_em_aiocb_info = {
4029     .aiocb_size         = sizeof(BlockDriverAIOCBSync),
4030     .cancel             = bdrv_aio_cancel_em,
4031 };
4032 
4033 static void bdrv_aio_bh_cb(void *opaque)
4034 {
4035     BlockDriverAIOCBSync *acb = opaque;
4036 
4037     if (!acb->is_write)
4038         qemu_iovec_from_buf(acb->qiov, 0, acb->bounce, acb->qiov->size);
4039     qemu_vfree(acb->bounce);
4040     acb->common.cb(acb->common.opaque, acb->ret);
4041     qemu_bh_delete(acb->bh);
4042     acb->bh = NULL;
4043     qemu_aio_release(acb);
4044 }
4045 
4046 static BlockDriverAIOCB *bdrv_aio_rw_vector(BlockDriverState *bs,
4047                                             int64_t sector_num,
4048                                             QEMUIOVector *qiov,
4049                                             int nb_sectors,
4050                                             BlockDriverCompletionFunc *cb,
4051                                             void *opaque,
4052                                             int is_write)
4053 
4054 {
4055     BlockDriverAIOCBSync *acb;
4056 
4057     acb = qemu_aio_get(&bdrv_em_aiocb_info, bs, cb, opaque);
4058     acb->is_write = is_write;
4059     acb->qiov = qiov;
4060     acb->bounce = qemu_blockalign(bs, qiov->size);
4061     acb->bh = qemu_bh_new(bdrv_aio_bh_cb, acb);
4062 
4063     if (is_write) {
4064         qemu_iovec_to_buf(acb->qiov, 0, acb->bounce, qiov->size);
4065         acb->ret = bs->drv->bdrv_write(bs, sector_num, acb->bounce, nb_sectors);
4066     } else {
4067         acb->ret = bs->drv->bdrv_read(bs, sector_num, acb->bounce, nb_sectors);
4068     }
4069 
4070     qemu_bh_schedule(acb->bh);
4071 
4072     return &acb->common;
4073 }
4074 
4075 static BlockDriverAIOCB *bdrv_aio_readv_em(BlockDriverState *bs,
4076         int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
4077         BlockDriverCompletionFunc *cb, void *opaque)
4078 {
4079     return bdrv_aio_rw_vector(bs, sector_num, qiov, nb_sectors, cb, opaque, 0);
4080 }
4081 
4082 static BlockDriverAIOCB *bdrv_aio_writev_em(BlockDriverState *bs,
4083         int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
4084         BlockDriverCompletionFunc *cb, void *opaque)
4085 {
4086     return bdrv_aio_rw_vector(bs, sector_num, qiov, nb_sectors, cb, opaque, 1);
4087 }
4088 
4089 
4090 typedef struct BlockDriverAIOCBCoroutine {
4091     BlockDriverAIOCB common;
4092     BlockRequest req;
4093     bool is_write;
4094     bool *done;
4095     QEMUBH* bh;
4096 } BlockDriverAIOCBCoroutine;
4097 
4098 static void bdrv_aio_co_cancel_em(BlockDriverAIOCB *blockacb)
4099 {
4100     BlockDriverAIOCBCoroutine *acb =
4101         container_of(blockacb, BlockDriverAIOCBCoroutine, common);
4102     bool done = false;
4103 
4104     acb->done = &done;
4105     while (!done) {
4106         qemu_aio_wait();
4107     }
4108 }
4109 
4110 static const AIOCBInfo bdrv_em_co_aiocb_info = {
4111     .aiocb_size         = sizeof(BlockDriverAIOCBCoroutine),
4112     .cancel             = bdrv_aio_co_cancel_em,
4113 };
4114 
4115 static void bdrv_co_em_bh(void *opaque)
4116 {
4117     BlockDriverAIOCBCoroutine *acb = opaque;
4118 
4119     acb->common.cb(acb->common.opaque, acb->req.error);
4120 
4121     if (acb->done) {
4122         *acb->done = true;
4123     }
4124 
4125     qemu_bh_delete(acb->bh);
4126     qemu_aio_release(acb);
4127 }
4128 
4129 /* Invoke bdrv_co_do_readv/bdrv_co_do_writev */
4130 static void coroutine_fn bdrv_co_do_rw(void *opaque)
4131 {
4132     BlockDriverAIOCBCoroutine *acb = opaque;
4133     BlockDriverState *bs = acb->common.bs;
4134 
4135     if (!acb->is_write) {
4136         acb->req.error = bdrv_co_do_readv(bs, acb->req.sector,
4137             acb->req.nb_sectors, acb->req.qiov, 0);
4138     } else {
4139         acb->req.error = bdrv_co_do_writev(bs, acb->req.sector,
4140             acb->req.nb_sectors, acb->req.qiov, 0);
4141     }
4142 
4143     acb->bh = qemu_bh_new(bdrv_co_em_bh, acb);
4144     qemu_bh_schedule(acb->bh);
4145 }
4146 
4147 static BlockDriverAIOCB *bdrv_co_aio_rw_vector(BlockDriverState *bs,
4148                                                int64_t sector_num,
4149                                                QEMUIOVector *qiov,
4150                                                int nb_sectors,
4151                                                BlockDriverCompletionFunc *cb,
4152                                                void *opaque,
4153                                                bool is_write)
4154 {
4155     Coroutine *co;
4156     BlockDriverAIOCBCoroutine *acb;
4157 
4158     acb = qemu_aio_get(&bdrv_em_co_aiocb_info, bs, cb, opaque);
4159     acb->req.sector = sector_num;
4160     acb->req.nb_sectors = nb_sectors;
4161     acb->req.qiov = qiov;
4162     acb->is_write = is_write;
4163     acb->done = NULL;
4164 
4165     co = qemu_coroutine_create(bdrv_co_do_rw);
4166     qemu_coroutine_enter(co, acb);
4167 
4168     return &acb->common;
4169 }
4170 
4171 static void coroutine_fn bdrv_aio_flush_co_entry(void *opaque)
4172 {
4173     BlockDriverAIOCBCoroutine *acb = opaque;
4174     BlockDriverState *bs = acb->common.bs;
4175 
4176     acb->req.error = bdrv_co_flush(bs);
4177     acb->bh = qemu_bh_new(bdrv_co_em_bh, acb);
4178     qemu_bh_schedule(acb->bh);
4179 }
4180 
4181 BlockDriverAIOCB *bdrv_aio_flush(BlockDriverState *bs,
4182         BlockDriverCompletionFunc *cb, void *opaque)
4183 {
4184     trace_bdrv_aio_flush(bs, opaque);
4185 
4186     Coroutine *co;
4187     BlockDriverAIOCBCoroutine *acb;
4188 
4189     acb = qemu_aio_get(&bdrv_em_co_aiocb_info, bs, cb, opaque);
4190     acb->done = NULL;
4191 
4192     co = qemu_coroutine_create(bdrv_aio_flush_co_entry);
4193     qemu_coroutine_enter(co, acb);
4194 
4195     return &acb->common;
4196 }
4197 
4198 static void coroutine_fn bdrv_aio_discard_co_entry(void *opaque)
4199 {
4200     BlockDriverAIOCBCoroutine *acb = opaque;
4201     BlockDriverState *bs = acb->common.bs;
4202 
4203     acb->req.error = bdrv_co_discard(bs, acb->req.sector, acb->req.nb_sectors);
4204     acb->bh = qemu_bh_new(bdrv_co_em_bh, acb);
4205     qemu_bh_schedule(acb->bh);
4206 }
4207 
4208 BlockDriverAIOCB *bdrv_aio_discard(BlockDriverState *bs,
4209         int64_t sector_num, int nb_sectors,
4210         BlockDriverCompletionFunc *cb, void *opaque)
4211 {
4212     Coroutine *co;
4213     BlockDriverAIOCBCoroutine *acb;
4214 
4215     trace_bdrv_aio_discard(bs, sector_num, nb_sectors, opaque);
4216 
4217     acb = qemu_aio_get(&bdrv_em_co_aiocb_info, bs, cb, opaque);
4218     acb->req.sector = sector_num;
4219     acb->req.nb_sectors = nb_sectors;
4220     acb->done = NULL;
4221     co = qemu_coroutine_create(bdrv_aio_discard_co_entry);
4222     qemu_coroutine_enter(co, acb);
4223 
4224     return &acb->common;
4225 }
4226 
4227 void bdrv_init(void)
4228 {
4229     module_call_init(MODULE_INIT_BLOCK);
4230 }
4231 
4232 void bdrv_init_with_whitelist(void)
4233 {
4234     use_bdrv_whitelist = 1;
4235     bdrv_init();
4236 }
4237 
4238 void *qemu_aio_get(const AIOCBInfo *aiocb_info, BlockDriverState *bs,
4239                    BlockDriverCompletionFunc *cb, void *opaque)
4240 {
4241     BlockDriverAIOCB *acb;
4242 
4243     acb = g_slice_alloc(aiocb_info->aiocb_size);
4244     acb->aiocb_info = aiocb_info;
4245     acb->bs = bs;
4246     acb->cb = cb;
4247     acb->opaque = opaque;
4248     return acb;
4249 }
4250 
4251 void qemu_aio_release(void *p)
4252 {
4253     BlockDriverAIOCB *acb = p;
4254     g_slice_free1(acb->aiocb_info->aiocb_size, acb);
4255 }
4256 
4257 /**************************************************************/
4258 /* Coroutine block device emulation */
4259 
4260 typedef struct CoroutineIOCompletion {
4261     Coroutine *coroutine;
4262     int ret;
4263 } CoroutineIOCompletion;
4264 
4265 static void bdrv_co_io_em_complete(void *opaque, int ret)
4266 {
4267     CoroutineIOCompletion *co = opaque;
4268 
4269     co->ret = ret;
4270     qemu_coroutine_enter(co->coroutine, NULL);
4271 }
4272 
4273 static int coroutine_fn bdrv_co_io_em(BlockDriverState *bs, int64_t sector_num,
4274                                       int nb_sectors, QEMUIOVector *iov,
4275                                       bool is_write)
4276 {
4277     CoroutineIOCompletion co = {
4278         .coroutine = qemu_coroutine_self(),
4279     };
4280     BlockDriverAIOCB *acb;
4281 
4282     if (is_write) {
4283         acb = bs->drv->bdrv_aio_writev(bs, sector_num, iov, nb_sectors,
4284                                        bdrv_co_io_em_complete, &co);
4285     } else {
4286         acb = bs->drv->bdrv_aio_readv(bs, sector_num, iov, nb_sectors,
4287                                       bdrv_co_io_em_complete, &co);
4288     }
4289 
4290     trace_bdrv_co_io_em(bs, sector_num, nb_sectors, is_write, acb);
4291     if (!acb) {
4292         return -EIO;
4293     }
4294     qemu_coroutine_yield();
4295 
4296     return co.ret;
4297 }
4298 
4299 static int coroutine_fn bdrv_co_readv_em(BlockDriverState *bs,
4300                                          int64_t sector_num, int nb_sectors,
4301                                          QEMUIOVector *iov)
4302 {
4303     return bdrv_co_io_em(bs, sector_num, nb_sectors, iov, false);
4304 }
4305 
4306 static int coroutine_fn bdrv_co_writev_em(BlockDriverState *bs,
4307                                          int64_t sector_num, int nb_sectors,
4308                                          QEMUIOVector *iov)
4309 {
4310     return bdrv_co_io_em(bs, sector_num, nb_sectors, iov, true);
4311 }
4312 
4313 static void coroutine_fn bdrv_flush_co_entry(void *opaque)
4314 {
4315     RwCo *rwco = opaque;
4316 
4317     rwco->ret = bdrv_co_flush(rwco->bs);
4318 }
4319 
4320 int coroutine_fn bdrv_co_flush(BlockDriverState *bs)
4321 {
4322     int ret;
4323 
4324     if (!bs || !bdrv_is_inserted(bs) || bdrv_is_read_only(bs)) {
4325         return 0;
4326     }
4327 
4328     /* Write back cached data to the OS even with cache=unsafe */
4329     if (bs->drv->bdrv_co_flush_to_os) {
4330         ret = bs->drv->bdrv_co_flush_to_os(bs);
4331         if (ret < 0) {
4332             return ret;
4333         }
4334     }
4335 
4336     /* But don't actually force it to the disk with cache=unsafe */
4337     if (bs->open_flags & BDRV_O_NO_FLUSH) {
4338         goto flush_parent;
4339     }
4340 
4341     if (bs->drv->bdrv_co_flush_to_disk) {
4342         ret = bs->drv->bdrv_co_flush_to_disk(bs);
4343     } else if (bs->drv->bdrv_aio_flush) {
4344         BlockDriverAIOCB *acb;
4345         CoroutineIOCompletion co = {
4346             .coroutine = qemu_coroutine_self(),
4347         };
4348 
4349         acb = bs->drv->bdrv_aio_flush(bs, bdrv_co_io_em_complete, &co);
4350         if (acb == NULL) {
4351             ret = -EIO;
4352         } else {
4353             qemu_coroutine_yield();
4354             ret = co.ret;
4355         }
4356     } else {
4357         /*
4358          * Some block drivers always operate in either writethrough or unsafe
4359          * mode and don't support bdrv_flush therefore. Usually qemu doesn't
4360          * know how the server works (because the behaviour is hardcoded or
4361          * depends on server-side configuration), so we can't ensure that
4362          * everything is safe on disk. Returning an error doesn't work because
4363          * that would break guests even if the server operates in writethrough
4364          * mode.
4365          *
4366          * Let's hope the user knows what he's doing.
4367          */
4368         ret = 0;
4369     }
4370     if (ret < 0) {
4371         return ret;
4372     }
4373 
4374     /* Now flush the underlying protocol.  It will also have BDRV_O_NO_FLUSH
4375      * in the case of cache=unsafe, so there are no useless flushes.
4376      */
4377 flush_parent:
4378     return bdrv_co_flush(bs->file);
4379 }
4380 
4381 void bdrv_invalidate_cache(BlockDriverState *bs)
4382 {
4383     if (bs->drv && bs->drv->bdrv_invalidate_cache) {
4384         bs->drv->bdrv_invalidate_cache(bs);
4385     }
4386 }
4387 
4388 void bdrv_invalidate_cache_all(void)
4389 {
4390     BlockDriverState *bs;
4391 
4392     QTAILQ_FOREACH(bs, &bdrv_states, list) {
4393         bdrv_invalidate_cache(bs);
4394     }
4395 }
4396 
4397 void bdrv_clear_incoming_migration_all(void)
4398 {
4399     BlockDriverState *bs;
4400 
4401     QTAILQ_FOREACH(bs, &bdrv_states, list) {
4402         bs->open_flags = bs->open_flags & ~(BDRV_O_INCOMING);
4403     }
4404 }
4405 
4406 int bdrv_flush(BlockDriverState *bs)
4407 {
4408     Coroutine *co;
4409     RwCo rwco = {
4410         .bs = bs,
4411         .ret = NOT_DONE,
4412     };
4413 
4414     if (qemu_in_coroutine()) {
4415         /* Fast-path if already in coroutine context */
4416         bdrv_flush_co_entry(&rwco);
4417     } else {
4418         co = qemu_coroutine_create(bdrv_flush_co_entry);
4419         qemu_coroutine_enter(co, &rwco);
4420         while (rwco.ret == NOT_DONE) {
4421             qemu_aio_wait();
4422         }
4423     }
4424 
4425     return rwco.ret;
4426 }
4427 
4428 static void coroutine_fn bdrv_discard_co_entry(void *opaque)
4429 {
4430     RwCo *rwco = opaque;
4431 
4432     rwco->ret = bdrv_co_discard(rwco->bs, rwco->sector_num, rwco->nb_sectors);
4433 }
4434 
4435 int coroutine_fn bdrv_co_discard(BlockDriverState *bs, int64_t sector_num,
4436                                  int nb_sectors)
4437 {
4438     if (!bs->drv) {
4439         return -ENOMEDIUM;
4440     } else if (bdrv_check_request(bs, sector_num, nb_sectors)) {
4441         return -EIO;
4442     } else if (bs->read_only) {
4443         return -EROFS;
4444     }
4445 
4446     if (bs->dirty_bitmap) {
4447         bdrv_reset_dirty(bs, sector_num, nb_sectors);
4448     }
4449 
4450     /* Do nothing if disabled.  */
4451     if (!(bs->open_flags & BDRV_O_UNMAP)) {
4452         return 0;
4453     }
4454 
4455     if (bs->drv->bdrv_co_discard) {
4456         return bs->drv->bdrv_co_discard(bs, sector_num, nb_sectors);
4457     } else if (bs->drv->bdrv_aio_discard) {
4458         BlockDriverAIOCB *acb;
4459         CoroutineIOCompletion co = {
4460             .coroutine = qemu_coroutine_self(),
4461         };
4462 
4463         acb = bs->drv->bdrv_aio_discard(bs, sector_num, nb_sectors,
4464                                         bdrv_co_io_em_complete, &co);
4465         if (acb == NULL) {
4466             return -EIO;
4467         } else {
4468             qemu_coroutine_yield();
4469             return co.ret;
4470         }
4471     } else {
4472         return 0;
4473     }
4474 }
4475 
4476 int bdrv_discard(BlockDriverState *bs, int64_t sector_num, int nb_sectors)
4477 {
4478     Coroutine *co;
4479     RwCo rwco = {
4480         .bs = bs,
4481         .sector_num = sector_num,
4482         .nb_sectors = nb_sectors,
4483         .ret = NOT_DONE,
4484     };
4485 
4486     if (qemu_in_coroutine()) {
4487         /* Fast-path if already in coroutine context */
4488         bdrv_discard_co_entry(&rwco);
4489     } else {
4490         co = qemu_coroutine_create(bdrv_discard_co_entry);
4491         qemu_coroutine_enter(co, &rwco);
4492         while (rwco.ret == NOT_DONE) {
4493             qemu_aio_wait();
4494         }
4495     }
4496 
4497     return rwco.ret;
4498 }
4499 
4500 /**************************************************************/
4501 /* removable device support */
4502 
4503 /**
4504  * Return TRUE if the media is present
4505  */
4506 int bdrv_is_inserted(BlockDriverState *bs)
4507 {
4508     BlockDriver *drv = bs->drv;
4509 
4510     if (!drv)
4511         return 0;
4512     if (!drv->bdrv_is_inserted)
4513         return 1;
4514     return drv->bdrv_is_inserted(bs);
4515 }
4516 
4517 /**
4518  * Return whether the media changed since the last call to this
4519  * function, or -ENOTSUP if we don't know.  Most drivers don't know.
4520  */
4521 int bdrv_media_changed(BlockDriverState *bs)
4522 {
4523     BlockDriver *drv = bs->drv;
4524 
4525     if (drv && drv->bdrv_media_changed) {
4526         return drv->bdrv_media_changed(bs);
4527     }
4528     return -ENOTSUP;
4529 }
4530 
4531 /**
4532  * If eject_flag is TRUE, eject the media. Otherwise, close the tray
4533  */
4534 void bdrv_eject(BlockDriverState *bs, bool eject_flag)
4535 {
4536     BlockDriver *drv = bs->drv;
4537 
4538     if (drv && drv->bdrv_eject) {
4539         drv->bdrv_eject(bs, eject_flag);
4540     }
4541 
4542     if (bs->device_name[0] != '\0') {
4543         bdrv_emit_qmp_eject_event(bs, eject_flag);
4544     }
4545 }
4546 
4547 /**
4548  * Lock or unlock the media (if it is locked, the user won't be able
4549  * to eject it manually).
4550  */
4551 void bdrv_lock_medium(BlockDriverState *bs, bool locked)
4552 {
4553     BlockDriver *drv = bs->drv;
4554 
4555     trace_bdrv_lock_medium(bs, locked);
4556 
4557     if (drv && drv->bdrv_lock_medium) {
4558         drv->bdrv_lock_medium(bs, locked);
4559     }
4560 }
4561 
4562 /* needed for generic scsi interface */
4563 
4564 int bdrv_ioctl(BlockDriverState *bs, unsigned long int req, void *buf)
4565 {
4566     BlockDriver *drv = bs->drv;
4567 
4568     if (drv && drv->bdrv_ioctl)
4569         return drv->bdrv_ioctl(bs, req, buf);
4570     return -ENOTSUP;
4571 }
4572 
4573 BlockDriverAIOCB *bdrv_aio_ioctl(BlockDriverState *bs,
4574         unsigned long int req, void *buf,
4575         BlockDriverCompletionFunc *cb, void *opaque)
4576 {
4577     BlockDriver *drv = bs->drv;
4578 
4579     if (drv && drv->bdrv_aio_ioctl)
4580         return drv->bdrv_aio_ioctl(bs, req, buf, cb, opaque);
4581     return NULL;
4582 }
4583 
4584 void bdrv_set_buffer_alignment(BlockDriverState *bs, int align)
4585 {
4586     bs->buffer_alignment = align;
4587 }
4588 
4589 void *qemu_blockalign(BlockDriverState *bs, size_t size)
4590 {
4591     return qemu_memalign((bs && bs->buffer_alignment) ? bs->buffer_alignment : 512, size);
4592 }
4593 
4594 /*
4595  * Check if all memory in this vector is sector aligned.
4596  */
4597 bool bdrv_qiov_is_aligned(BlockDriverState *bs, QEMUIOVector *qiov)
4598 {
4599     int i;
4600 
4601     for (i = 0; i < qiov->niov; i++) {
4602         if ((uintptr_t) qiov->iov[i].iov_base % bs->buffer_alignment) {
4603             return false;
4604         }
4605     }
4606 
4607     return true;
4608 }
4609 
4610 void bdrv_set_dirty_tracking(BlockDriverState *bs, int granularity)
4611 {
4612     int64_t bitmap_size;
4613 
4614     assert((granularity & (granularity - 1)) == 0);
4615 
4616     if (granularity) {
4617         granularity >>= BDRV_SECTOR_BITS;
4618         assert(!bs->dirty_bitmap);
4619         bitmap_size = (bdrv_getlength(bs) >> BDRV_SECTOR_BITS);
4620         bs->dirty_bitmap = hbitmap_alloc(bitmap_size, ffs(granularity) - 1);
4621     } else {
4622         if (bs->dirty_bitmap) {
4623             hbitmap_free(bs->dirty_bitmap);
4624             bs->dirty_bitmap = NULL;
4625         }
4626     }
4627 }
4628 
4629 int bdrv_get_dirty(BlockDriverState *bs, int64_t sector)
4630 {
4631     if (bs->dirty_bitmap) {
4632         return hbitmap_get(bs->dirty_bitmap, sector);
4633     } else {
4634         return 0;
4635     }
4636 }
4637 
4638 void bdrv_dirty_iter_init(BlockDriverState *bs, HBitmapIter *hbi)
4639 {
4640     hbitmap_iter_init(hbi, bs->dirty_bitmap, 0);
4641 }
4642 
4643 void bdrv_set_dirty(BlockDriverState *bs, int64_t cur_sector,
4644                     int nr_sectors)
4645 {
4646     hbitmap_set(bs->dirty_bitmap, cur_sector, nr_sectors);
4647 }
4648 
4649 void bdrv_reset_dirty(BlockDriverState *bs, int64_t cur_sector,
4650                       int nr_sectors)
4651 {
4652     hbitmap_reset(bs->dirty_bitmap, cur_sector, nr_sectors);
4653 }
4654 
4655 int64_t bdrv_get_dirty_count(BlockDriverState *bs)
4656 {
4657     if (bs->dirty_bitmap) {
4658         return hbitmap_count(bs->dirty_bitmap);
4659     } else {
4660         return 0;
4661     }
4662 }
4663 
4664 void bdrv_set_in_use(BlockDriverState *bs, int in_use)
4665 {
4666     assert(bs->in_use != in_use);
4667     bs->in_use = in_use;
4668 }
4669 
4670 int bdrv_in_use(BlockDriverState *bs)
4671 {
4672     return bs->in_use;
4673 }
4674 
4675 void bdrv_iostatus_enable(BlockDriverState *bs)
4676 {
4677     bs->iostatus_enabled = true;
4678     bs->iostatus = BLOCK_DEVICE_IO_STATUS_OK;
4679 }
4680 
4681 /* The I/O status is only enabled if the drive explicitly
4682  * enables it _and_ the VM is configured to stop on errors */
4683 bool bdrv_iostatus_is_enabled(const BlockDriverState *bs)
4684 {
4685     return (bs->iostatus_enabled &&
4686            (bs->on_write_error == BLOCKDEV_ON_ERROR_ENOSPC ||
4687             bs->on_write_error == BLOCKDEV_ON_ERROR_STOP   ||
4688             bs->on_read_error == BLOCKDEV_ON_ERROR_STOP));
4689 }
4690 
4691 void bdrv_iostatus_disable(BlockDriverState *bs)
4692 {
4693     bs->iostatus_enabled = false;
4694 }
4695 
4696 void bdrv_iostatus_reset(BlockDriverState *bs)
4697 {
4698     if (bdrv_iostatus_is_enabled(bs)) {
4699         bs->iostatus = BLOCK_DEVICE_IO_STATUS_OK;
4700         if (bs->job) {
4701             block_job_iostatus_reset(bs->job);
4702         }
4703     }
4704 }
4705 
4706 void bdrv_iostatus_set_err(BlockDriverState *bs, int error)
4707 {
4708     assert(bdrv_iostatus_is_enabled(bs));
4709     if (bs->iostatus == BLOCK_DEVICE_IO_STATUS_OK) {
4710         bs->iostatus = error == ENOSPC ? BLOCK_DEVICE_IO_STATUS_NOSPACE :
4711                                          BLOCK_DEVICE_IO_STATUS_FAILED;
4712     }
4713 }
4714 
4715 void
4716 bdrv_acct_start(BlockDriverState *bs, BlockAcctCookie *cookie, int64_t bytes,
4717         enum BlockAcctType type)
4718 {
4719     assert(type < BDRV_MAX_IOTYPE);
4720 
4721     cookie->bytes = bytes;
4722     cookie->start_time_ns = get_clock();
4723     cookie->type = type;
4724 }
4725 
4726 void
4727 bdrv_acct_done(BlockDriverState *bs, BlockAcctCookie *cookie)
4728 {
4729     assert(cookie->type < BDRV_MAX_IOTYPE);
4730 
4731     bs->nr_bytes[cookie->type] += cookie->bytes;
4732     bs->nr_ops[cookie->type]++;
4733     bs->total_time_ns[cookie->type] += get_clock() - cookie->start_time_ns;
4734 }
4735 
4736 void bdrv_img_create(const char *filename, const char *fmt,
4737                      const char *base_filename, const char *base_fmt,
4738                      char *options, uint64_t img_size, int flags,
4739                      Error **errp, bool quiet)
4740 {
4741     QEMUOptionParameter *param = NULL, *create_options = NULL;
4742     QEMUOptionParameter *backing_fmt, *backing_file, *size;
4743     BlockDriverState *bs = NULL;
4744     BlockDriver *drv, *proto_drv;
4745     BlockDriver *backing_drv = NULL;
4746     int ret = 0;
4747 
4748     /* Find driver and parse its options */
4749     drv = bdrv_find_format(fmt);
4750     if (!drv) {
4751         error_setg(errp, "Unknown file format '%s'", fmt);
4752         return;
4753     }
4754 
4755     proto_drv = bdrv_find_protocol(filename);
4756     if (!proto_drv) {
4757         error_setg(errp, "Unknown protocol '%s'", filename);
4758         return;
4759     }
4760 
4761     create_options = append_option_parameters(create_options,
4762                                               drv->create_options);
4763     create_options = append_option_parameters(create_options,
4764                                               proto_drv->create_options);
4765 
4766     /* Create parameter list with default values */
4767     param = parse_option_parameters("", create_options, param);
4768 
4769     set_option_parameter_int(param, BLOCK_OPT_SIZE, img_size);
4770 
4771     /* Parse -o options */
4772     if (options) {
4773         param = parse_option_parameters(options, create_options, param);
4774         if (param == NULL) {
4775             error_setg(errp, "Invalid options for file format '%s'.", fmt);
4776             goto out;
4777         }
4778     }
4779 
4780     if (base_filename) {
4781         if (set_option_parameter(param, BLOCK_OPT_BACKING_FILE,
4782                                  base_filename)) {
4783             error_setg(errp, "Backing file not supported for file format '%s'",
4784                        fmt);
4785             goto out;
4786         }
4787     }
4788 
4789     if (base_fmt) {
4790         if (set_option_parameter(param, BLOCK_OPT_BACKING_FMT, base_fmt)) {
4791             error_setg(errp, "Backing file format not supported for file "
4792                              "format '%s'", fmt);
4793             goto out;
4794         }
4795     }
4796 
4797     backing_file = get_option_parameter(param, BLOCK_OPT_BACKING_FILE);
4798     if (backing_file && backing_file->value.s) {
4799         if (!strcmp(filename, backing_file->value.s)) {
4800             error_setg(errp, "Error: Trying to create an image with the "
4801                              "same filename as the backing file");
4802             goto out;
4803         }
4804     }
4805 
4806     backing_fmt = get_option_parameter(param, BLOCK_OPT_BACKING_FMT);
4807     if (backing_fmt && backing_fmt->value.s) {
4808         backing_drv = bdrv_find_format(backing_fmt->value.s);
4809         if (!backing_drv) {
4810             error_setg(errp, "Unknown backing file format '%s'",
4811                        backing_fmt->value.s);
4812             goto out;
4813         }
4814     }
4815 
4816     // The size for the image must always be specified, with one exception:
4817     // If we are using a backing file, we can obtain the size from there
4818     size = get_option_parameter(param, BLOCK_OPT_SIZE);
4819     if (size && size->value.n == -1) {
4820         if (backing_file && backing_file->value.s) {
4821             uint64_t size;
4822             char buf[32];
4823             int back_flags;
4824 
4825             /* backing files always opened read-only */
4826             back_flags =
4827                 flags & ~(BDRV_O_RDWR | BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING);
4828 
4829             bs = bdrv_new("");
4830 
4831             ret = bdrv_open(bs, backing_file->value.s, NULL, back_flags,
4832                             backing_drv);
4833             if (ret < 0) {
4834                 error_setg_errno(errp, -ret, "Could not open '%s'",
4835                                  backing_file->value.s);
4836                 goto out;
4837             }
4838             bdrv_get_geometry(bs, &size);
4839             size *= 512;
4840 
4841             snprintf(buf, sizeof(buf), "%" PRId64, size);
4842             set_option_parameter(param, BLOCK_OPT_SIZE, buf);
4843         } else {
4844             error_setg(errp, "Image creation needs a size parameter");
4845             goto out;
4846         }
4847     }
4848 
4849     if (!quiet) {
4850         printf("Formatting '%s', fmt=%s ", filename, fmt);
4851         print_option_parameters(param);
4852         puts("");
4853     }
4854     ret = bdrv_create(drv, filename, param);
4855     if (ret < 0) {
4856         if (ret == -ENOTSUP) {
4857             error_setg(errp,"Formatting or formatting option not supported for "
4858                             "file format '%s'", fmt);
4859         } else if (ret == -EFBIG) {
4860             const char *cluster_size_hint = "";
4861             if (get_option_parameter(create_options, BLOCK_OPT_CLUSTER_SIZE)) {
4862                 cluster_size_hint = " (try using a larger cluster size)";
4863             }
4864             error_setg(errp, "The image size is too large for file format '%s'%s",
4865                        fmt, cluster_size_hint);
4866         } else {
4867             error_setg(errp, "%s: error while creating %s: %s", filename, fmt,
4868                        strerror(-ret));
4869         }
4870     }
4871 
4872 out:
4873     free_option_parameters(create_options);
4874     free_option_parameters(param);
4875 
4876     if (bs) {
4877         bdrv_delete(bs);
4878     }
4879 }
4880 
4881 AioContext *bdrv_get_aio_context(BlockDriverState *bs)
4882 {
4883     /* Currently BlockDriverState always uses the main loop AioContext */
4884     return qemu_get_aio_context();
4885 }
4886