1 /* 2 * QEMU backup 3 * 4 * Copyright (C) 2013 Proxmox Server Solutions 5 * Copyright (c) 2019 Virtuozzo International GmbH. 6 * 7 * Authors: 8 * Dietmar Maurer (dietmar@proxmox.com) 9 * 10 * This work is licensed under the terms of the GNU GPL, version 2 or later. 11 * See the COPYING file in the top-level directory. 12 * 13 */ 14 15 #include "qemu/osdep.h" 16 17 #include "trace.h" 18 #include "block/block.h" 19 #include "block/block_int.h" 20 #include "block/blockjob_int.h" 21 #include "block/block_backup.h" 22 #include "block/block-copy.h" 23 #include "qapi/error.h" 24 #include "qapi/qmp/qerror.h" 25 #include "qemu/cutils.h" 26 #include "sysemu/block-backend.h" 27 #include "qemu/bitmap.h" 28 #include "qemu/error-report.h" 29 30 #include "block/backup-top.h" 31 32 #define BACKUP_CLUSTER_SIZE_DEFAULT (1 << 16) 33 34 typedef struct BackupBlockJob { 35 BlockJob common; 36 BlockDriverState *backup_top; 37 BlockDriverState *source_bs; 38 BlockDriverState *target_bs; 39 40 BdrvDirtyBitmap *sync_bitmap; 41 42 MirrorSyncMode sync_mode; 43 BitmapSyncMode bitmap_mode; 44 BlockdevOnError on_source_error; 45 BlockdevOnError on_target_error; 46 uint64_t len; 47 int64_t cluster_size; 48 BackupPerf perf; 49 50 BlockCopyState *bcs; 51 52 bool wait; 53 BlockCopyCallState *bg_bcs_call; 54 } BackupBlockJob; 55 56 static const BlockJobDriver backup_job_driver; 57 58 static void backup_cleanup_sync_bitmap(BackupBlockJob *job, int ret) 59 { 60 BdrvDirtyBitmap *bm; 61 bool sync = (((ret == 0) || (job->bitmap_mode == BITMAP_SYNC_MODE_ALWAYS)) \ 62 && (job->bitmap_mode != BITMAP_SYNC_MODE_NEVER)); 63 64 if (sync) { 65 /* 66 * We succeeded, or we always intended to sync the bitmap. 67 * Delete this bitmap and install the child. 68 */ 69 bm = bdrv_dirty_bitmap_abdicate(job->sync_bitmap, NULL); 70 } else { 71 /* 72 * We failed, or we never intended to sync the bitmap anyway. 73 * Merge the successor back into the parent, keeping all data. 74 */ 75 bm = bdrv_reclaim_dirty_bitmap(job->sync_bitmap, NULL); 76 } 77 78 assert(bm); 79 80 if (ret < 0 && job->bitmap_mode == BITMAP_SYNC_MODE_ALWAYS) { 81 /* If we failed and synced, merge in the bits we didn't copy: */ 82 bdrv_dirty_bitmap_merge_internal(bm, block_copy_dirty_bitmap(job->bcs), 83 NULL, true); 84 } 85 } 86 87 static void backup_commit(Job *job) 88 { 89 BackupBlockJob *s = container_of(job, BackupBlockJob, common.job); 90 if (s->sync_bitmap) { 91 backup_cleanup_sync_bitmap(s, 0); 92 } 93 } 94 95 static void backup_abort(Job *job) 96 { 97 BackupBlockJob *s = container_of(job, BackupBlockJob, common.job); 98 if (s->sync_bitmap) { 99 backup_cleanup_sync_bitmap(s, -1); 100 } 101 } 102 103 static void backup_clean(Job *job) 104 { 105 BackupBlockJob *s = container_of(job, BackupBlockJob, common.job); 106 bdrv_backup_top_drop(s->backup_top); 107 } 108 109 void backup_do_checkpoint(BlockJob *job, Error **errp) 110 { 111 BackupBlockJob *backup_job = container_of(job, BackupBlockJob, common); 112 113 assert(block_job_driver(job) == &backup_job_driver); 114 115 if (backup_job->sync_mode != MIRROR_SYNC_MODE_NONE) { 116 error_setg(errp, "The backup job only supports block checkpoint in" 117 " sync=none mode"); 118 return; 119 } 120 121 bdrv_set_dirty_bitmap(block_copy_dirty_bitmap(backup_job->bcs), 0, 122 backup_job->len); 123 } 124 125 static BlockErrorAction backup_error_action(BackupBlockJob *job, 126 bool read, int error) 127 { 128 if (read) { 129 return block_job_error_action(&job->common, job->on_source_error, 130 true, error); 131 } else { 132 return block_job_error_action(&job->common, job->on_target_error, 133 false, error); 134 } 135 } 136 137 static void coroutine_fn backup_block_copy_callback(void *opaque) 138 { 139 BackupBlockJob *s = opaque; 140 141 if (s->wait) { 142 s->wait = false; 143 aio_co_wake(s->common.job.co); 144 } else { 145 job_enter(&s->common.job); 146 } 147 } 148 149 static int coroutine_fn backup_loop(BackupBlockJob *job) 150 { 151 BlockCopyCallState *s = NULL; 152 int ret = 0; 153 bool error_is_read; 154 BlockErrorAction act; 155 156 while (true) { /* retry loop */ 157 job->bg_bcs_call = s = block_copy_async(job->bcs, 0, 158 QEMU_ALIGN_UP(job->len, job->cluster_size), 159 job->perf.max_workers, job->perf.max_chunk, 160 backup_block_copy_callback, job); 161 162 while (!block_copy_call_finished(s) && 163 !job_is_cancelled(&job->common.job)) 164 { 165 job_yield(&job->common.job); 166 } 167 168 if (!block_copy_call_finished(s)) { 169 assert(job_is_cancelled(&job->common.job)); 170 /* 171 * Note that we can't use job_yield() here, as it doesn't work for 172 * cancelled job. 173 */ 174 block_copy_call_cancel(s); 175 job->wait = true; 176 qemu_coroutine_yield(); 177 assert(block_copy_call_finished(s)); 178 ret = 0; 179 goto out; 180 } 181 182 if (job_is_cancelled(&job->common.job) || 183 block_copy_call_succeeded(s)) 184 { 185 ret = 0; 186 goto out; 187 } 188 189 if (block_copy_call_cancelled(s)) { 190 /* 191 * Job is not cancelled but only block-copy call. This is possible 192 * after job pause. Now the pause is finished, start new block-copy 193 * iteration. 194 */ 195 block_copy_call_free(s); 196 continue; 197 } 198 199 /* The only remaining case is failed block-copy call. */ 200 assert(block_copy_call_failed(s)); 201 202 ret = block_copy_call_status(s, &error_is_read); 203 act = backup_error_action(job, error_is_read, -ret); 204 switch (act) { 205 case BLOCK_ERROR_ACTION_REPORT: 206 goto out; 207 case BLOCK_ERROR_ACTION_STOP: 208 /* 209 * Go to pause prior to starting new block-copy call on the next 210 * iteration. 211 */ 212 job_pause_point(&job->common.job); 213 break; 214 case BLOCK_ERROR_ACTION_IGNORE: 215 /* Proceed to new block-copy call to retry. */ 216 break; 217 default: 218 abort(); 219 } 220 221 block_copy_call_free(s); 222 } 223 224 out: 225 block_copy_call_free(s); 226 job->bg_bcs_call = NULL; 227 return ret; 228 } 229 230 static void backup_init_bcs_bitmap(BackupBlockJob *job) 231 { 232 bool ret; 233 uint64_t estimate; 234 BdrvDirtyBitmap *bcs_bitmap = block_copy_dirty_bitmap(job->bcs); 235 236 if (job->sync_mode == MIRROR_SYNC_MODE_BITMAP) { 237 ret = bdrv_dirty_bitmap_merge_internal(bcs_bitmap, job->sync_bitmap, 238 NULL, true); 239 assert(ret); 240 } else { 241 if (job->sync_mode == MIRROR_SYNC_MODE_TOP) { 242 /* 243 * We can't hog the coroutine to initialize this thoroughly. 244 * Set a flag and resume work when we are able to yield safely. 245 */ 246 block_copy_set_skip_unallocated(job->bcs, true); 247 } 248 bdrv_set_dirty_bitmap(bcs_bitmap, 0, job->len); 249 } 250 251 estimate = bdrv_get_dirty_count(bcs_bitmap); 252 job_progress_set_remaining(&job->common.job, estimate); 253 } 254 255 static int coroutine_fn backup_run(Job *job, Error **errp) 256 { 257 BackupBlockJob *s = container_of(job, BackupBlockJob, common.job); 258 int ret; 259 260 backup_init_bcs_bitmap(s); 261 262 if (s->sync_mode == MIRROR_SYNC_MODE_TOP) { 263 int64_t offset = 0; 264 int64_t count; 265 266 for (offset = 0; offset < s->len; ) { 267 if (job_is_cancelled(job)) { 268 return -ECANCELED; 269 } 270 271 job_pause_point(job); 272 273 if (job_is_cancelled(job)) { 274 return -ECANCELED; 275 } 276 277 ret = block_copy_reset_unallocated(s->bcs, offset, &count); 278 if (ret < 0) { 279 return ret; 280 } 281 282 offset += count; 283 } 284 block_copy_set_skip_unallocated(s->bcs, false); 285 } 286 287 if (s->sync_mode == MIRROR_SYNC_MODE_NONE) { 288 /* 289 * All bits are set in bcs bitmap to allow any cluster to be copied. 290 * This does not actually require them to be copied. 291 */ 292 while (!job_is_cancelled(job)) { 293 /* 294 * Yield until the job is cancelled. We just let our before_write 295 * notify callback service CoW requests. 296 */ 297 job_yield(job); 298 } 299 } else { 300 return backup_loop(s); 301 } 302 303 return 0; 304 } 305 306 static void coroutine_fn backup_pause(Job *job) 307 { 308 BackupBlockJob *s = container_of(job, BackupBlockJob, common.job); 309 310 if (s->bg_bcs_call && !block_copy_call_finished(s->bg_bcs_call)) { 311 block_copy_call_cancel(s->bg_bcs_call); 312 s->wait = true; 313 qemu_coroutine_yield(); 314 } 315 } 316 317 static void coroutine_fn backup_set_speed(BlockJob *job, int64_t speed) 318 { 319 BackupBlockJob *s = container_of(job, BackupBlockJob, common); 320 321 /* 322 * block_job_set_speed() is called first from block_job_create(), when we 323 * don't yet have s->bcs. 324 */ 325 if (s->bcs) { 326 block_copy_set_speed(s->bcs, speed); 327 if (s->bg_bcs_call) { 328 block_copy_kick(s->bg_bcs_call); 329 } 330 } 331 } 332 333 static void backup_cancel(Job *job) 334 { 335 BackupBlockJob *s = container_of(job, BackupBlockJob, common.job); 336 337 bdrv_cancel_in_flight(s->target_bs); 338 } 339 340 static const BlockJobDriver backup_job_driver = { 341 .job_driver = { 342 .instance_size = sizeof(BackupBlockJob), 343 .job_type = JOB_TYPE_BACKUP, 344 .free = block_job_free, 345 .user_resume = block_job_user_resume, 346 .run = backup_run, 347 .commit = backup_commit, 348 .abort = backup_abort, 349 .clean = backup_clean, 350 .pause = backup_pause, 351 .cancel = backup_cancel, 352 }, 353 .set_speed = backup_set_speed, 354 }; 355 356 static int64_t backup_calculate_cluster_size(BlockDriverState *target, 357 Error **errp) 358 { 359 int ret; 360 BlockDriverInfo bdi; 361 bool target_does_cow = bdrv_backing_chain_next(target); 362 363 /* 364 * If there is no backing file on the target, we cannot rely on COW if our 365 * backup cluster size is smaller than the target cluster size. Even for 366 * targets with a backing file, try to avoid COW if possible. 367 */ 368 ret = bdrv_get_info(target, &bdi); 369 if (ret == -ENOTSUP && !target_does_cow) { 370 /* Cluster size is not defined */ 371 warn_report("The target block device doesn't provide " 372 "information about the block size and it doesn't have a " 373 "backing file. The default block size of %u bytes is " 374 "used. If the actual block size of the target exceeds " 375 "this default, the backup may be unusable", 376 BACKUP_CLUSTER_SIZE_DEFAULT); 377 return BACKUP_CLUSTER_SIZE_DEFAULT; 378 } else if (ret < 0 && !target_does_cow) { 379 error_setg_errno(errp, -ret, 380 "Couldn't determine the cluster size of the target image, " 381 "which has no backing file"); 382 error_append_hint(errp, 383 "Aborting, since this may create an unusable destination image\n"); 384 return ret; 385 } else if (ret < 0 && target_does_cow) { 386 /* Not fatal; just trudge on ahead. */ 387 return BACKUP_CLUSTER_SIZE_DEFAULT; 388 } 389 390 return MAX(BACKUP_CLUSTER_SIZE_DEFAULT, bdi.cluster_size); 391 } 392 393 BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs, 394 BlockDriverState *target, int64_t speed, 395 MirrorSyncMode sync_mode, BdrvDirtyBitmap *sync_bitmap, 396 BitmapSyncMode bitmap_mode, 397 bool compress, 398 const char *filter_node_name, 399 BackupPerf *perf, 400 BlockdevOnError on_source_error, 401 BlockdevOnError on_target_error, 402 int creation_flags, 403 BlockCompletionFunc *cb, void *opaque, 404 JobTxn *txn, Error **errp) 405 { 406 int64_t len, target_len; 407 BackupBlockJob *job = NULL; 408 int64_t cluster_size; 409 BdrvRequestFlags write_flags; 410 BlockDriverState *backup_top = NULL; 411 BlockCopyState *bcs = NULL; 412 413 assert(bs); 414 assert(target); 415 416 /* QMP interface protects us from these cases */ 417 assert(sync_mode != MIRROR_SYNC_MODE_INCREMENTAL); 418 assert(sync_bitmap || sync_mode != MIRROR_SYNC_MODE_BITMAP); 419 420 if (bs == target) { 421 error_setg(errp, "Source and target cannot be the same"); 422 return NULL; 423 } 424 425 if (!bdrv_is_inserted(bs)) { 426 error_setg(errp, "Device is not inserted: %s", 427 bdrv_get_device_name(bs)); 428 return NULL; 429 } 430 431 if (!bdrv_is_inserted(target)) { 432 error_setg(errp, "Device is not inserted: %s", 433 bdrv_get_device_name(target)); 434 return NULL; 435 } 436 437 if (compress && !bdrv_supports_compressed_writes(target)) { 438 error_setg(errp, "Compression is not supported for this drive %s", 439 bdrv_get_device_name(target)); 440 return NULL; 441 } 442 443 if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_BACKUP_SOURCE, errp)) { 444 return NULL; 445 } 446 447 if (bdrv_op_is_blocked(target, BLOCK_OP_TYPE_BACKUP_TARGET, errp)) { 448 return NULL; 449 } 450 451 cluster_size = backup_calculate_cluster_size(target, errp); 452 if (cluster_size < 0) { 453 goto error; 454 } 455 456 if (perf->max_workers < 1) { 457 error_setg(errp, "max-workers must be greater than zero"); 458 return NULL; 459 } 460 461 if (perf->max_chunk < 0) { 462 error_setg(errp, "max-chunk must be zero (which means no limit) or " 463 "positive"); 464 return NULL; 465 } 466 467 if (perf->max_chunk && perf->max_chunk < cluster_size) { 468 error_setg(errp, "Required max-chunk (%" PRIi64 ") is less than backup " 469 "cluster size (%" PRIi64 ")", perf->max_chunk, cluster_size); 470 return NULL; 471 } 472 473 474 if (sync_bitmap) { 475 /* If we need to write to this bitmap, check that we can: */ 476 if (bitmap_mode != BITMAP_SYNC_MODE_NEVER && 477 bdrv_dirty_bitmap_check(sync_bitmap, BDRV_BITMAP_DEFAULT, errp)) { 478 return NULL; 479 } 480 481 /* Create a new bitmap, and freeze/disable this one. */ 482 if (bdrv_dirty_bitmap_create_successor(sync_bitmap, errp) < 0) { 483 return NULL; 484 } 485 } 486 487 len = bdrv_getlength(bs); 488 if (len < 0) { 489 error_setg_errno(errp, -len, "Unable to get length for '%s'", 490 bdrv_get_device_or_node_name(bs)); 491 goto error; 492 } 493 494 target_len = bdrv_getlength(target); 495 if (target_len < 0) { 496 error_setg_errno(errp, -target_len, "Unable to get length for '%s'", 497 bdrv_get_device_or_node_name(bs)); 498 goto error; 499 } 500 501 if (target_len != len) { 502 error_setg(errp, "Source and target image have different sizes"); 503 goto error; 504 } 505 506 /* 507 * If source is in backing chain of target assume that target is going to be 508 * used for "image fleecing", i.e. it should represent a kind of snapshot of 509 * source at backup-start point in time. And target is going to be read by 510 * somebody (for example, used as NBD export) during backup job. 511 * 512 * In this case, we need to add BDRV_REQ_SERIALISING write flag to avoid 513 * intersection of backup writes and third party reads from target, 514 * otherwise reading from target we may occasionally read already updated by 515 * guest data. 516 * 517 * For more information see commit f8d59dfb40bb and test 518 * tests/qemu-iotests/222 519 */ 520 write_flags = (bdrv_chain_contains(target, bs) ? BDRV_REQ_SERIALISING : 0) | 521 (compress ? BDRV_REQ_WRITE_COMPRESSED : 0), 522 523 backup_top = bdrv_backup_top_append(bs, target, filter_node_name, 524 cluster_size, perf, 525 write_flags, &bcs, errp); 526 if (!backup_top) { 527 goto error; 528 } 529 530 /* job->len is fixed, so we can't allow resize */ 531 job = block_job_create(job_id, &backup_job_driver, txn, backup_top, 532 0, BLK_PERM_ALL, 533 speed, creation_flags, cb, opaque, errp); 534 if (!job) { 535 goto error; 536 } 537 538 job->backup_top = backup_top; 539 job->source_bs = bs; 540 job->target_bs = target; 541 job->on_source_error = on_source_error; 542 job->on_target_error = on_target_error; 543 job->sync_mode = sync_mode; 544 job->sync_bitmap = sync_bitmap; 545 job->bitmap_mode = bitmap_mode; 546 job->bcs = bcs; 547 job->cluster_size = cluster_size; 548 job->len = len; 549 job->perf = *perf; 550 551 block_copy_set_progress_meter(bcs, &job->common.job.progress); 552 block_copy_set_speed(bcs, speed); 553 554 /* Required permissions are already taken by backup-top target */ 555 block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL, 556 &error_abort); 557 558 return &job->common; 559 560 error: 561 if (sync_bitmap) { 562 bdrv_reclaim_dirty_bitmap(sync_bitmap, NULL); 563 } 564 if (backup_top) { 565 bdrv_backup_top_drop(backup_top); 566 } 567 568 return NULL; 569 } 570