1 /* 2 * QEMU backup 3 * 4 * Copyright (C) 2013 Proxmox Server Solutions 5 * Copyright (c) 2019 Virtuozzo International GmbH. 6 * 7 * Authors: 8 * Dietmar Maurer (dietmar@proxmox.com) 9 * 10 * This work is licensed under the terms of the GNU GPL, version 2 or later. 11 * See the COPYING file in the top-level directory. 12 * 13 */ 14 15 #include "qemu/osdep.h" 16 17 #include "trace.h" 18 #include "block/block.h" 19 #include "block/block_int.h" 20 #include "block/blockjob_int.h" 21 #include "block/block_backup.h" 22 #include "block/block-copy.h" 23 #include "qapi/error.h" 24 #include "qapi/qmp/qerror.h" 25 #include "qemu/ratelimit.h" 26 #include "qemu/cutils.h" 27 #include "sysemu/block-backend.h" 28 #include "qemu/bitmap.h" 29 #include "qemu/error-report.h" 30 31 #include "block/backup-top.h" 32 33 #define BACKUP_CLUSTER_SIZE_DEFAULT (1 << 16) 34 35 typedef struct BackupBlockJob { 36 BlockJob common; 37 BlockDriverState *backup_top; 38 BlockDriverState *source_bs; 39 40 BdrvDirtyBitmap *sync_bitmap; 41 42 MirrorSyncMode sync_mode; 43 BitmapSyncMode bitmap_mode; 44 BlockdevOnError on_source_error; 45 BlockdevOnError on_target_error; 46 uint64_t len; 47 uint64_t bytes_read; 48 int64_t cluster_size; 49 50 BlockCopyState *bcs; 51 } BackupBlockJob; 52 53 static const BlockJobDriver backup_job_driver; 54 55 static void backup_progress_bytes_callback(int64_t bytes, void *opaque) 56 { 57 BackupBlockJob *s = opaque; 58 59 s->bytes_read += bytes; 60 job_progress_update(&s->common.job, bytes); 61 } 62 63 static void backup_progress_reset_callback(void *opaque) 64 { 65 BackupBlockJob *s = opaque; 66 uint64_t estimate = bdrv_get_dirty_count(s->bcs->copy_bitmap); 67 68 job_progress_set_remaining(&s->common.job, estimate); 69 } 70 71 static int coroutine_fn backup_do_cow(BackupBlockJob *job, 72 int64_t offset, uint64_t bytes, 73 bool *error_is_read) 74 { 75 int ret = 0; 76 int64_t start, end; /* bytes */ 77 78 start = QEMU_ALIGN_DOWN(offset, job->cluster_size); 79 end = QEMU_ALIGN_UP(bytes + offset, job->cluster_size); 80 81 trace_backup_do_cow_enter(job, start, offset, bytes); 82 83 ret = block_copy(job->bcs, start, end - start, error_is_read); 84 85 trace_backup_do_cow_return(job, offset, bytes, ret); 86 87 return ret; 88 } 89 90 static void backup_cleanup_sync_bitmap(BackupBlockJob *job, int ret) 91 { 92 BdrvDirtyBitmap *bm; 93 bool sync = (((ret == 0) || (job->bitmap_mode == BITMAP_SYNC_MODE_ALWAYS)) \ 94 && (job->bitmap_mode != BITMAP_SYNC_MODE_NEVER)); 95 96 if (sync) { 97 /* 98 * We succeeded, or we always intended to sync the bitmap. 99 * Delete this bitmap and install the child. 100 */ 101 bm = bdrv_dirty_bitmap_abdicate(job->sync_bitmap, NULL); 102 } else { 103 /* 104 * We failed, or we never intended to sync the bitmap anyway. 105 * Merge the successor back into the parent, keeping all data. 106 */ 107 bm = bdrv_reclaim_dirty_bitmap(job->sync_bitmap, NULL); 108 } 109 110 assert(bm); 111 112 if (ret < 0 && job->bitmap_mode == BITMAP_SYNC_MODE_ALWAYS) { 113 /* If we failed and synced, merge in the bits we didn't copy: */ 114 bdrv_dirty_bitmap_merge_internal(bm, job->bcs->copy_bitmap, 115 NULL, true); 116 } 117 } 118 119 static void backup_commit(Job *job) 120 { 121 BackupBlockJob *s = container_of(job, BackupBlockJob, common.job); 122 if (s->sync_bitmap) { 123 backup_cleanup_sync_bitmap(s, 0); 124 } 125 } 126 127 static void backup_abort(Job *job) 128 { 129 BackupBlockJob *s = container_of(job, BackupBlockJob, common.job); 130 if (s->sync_bitmap) { 131 backup_cleanup_sync_bitmap(s, -1); 132 } 133 } 134 135 static void backup_clean(Job *job) 136 { 137 BackupBlockJob *s = container_of(job, BackupBlockJob, common.job); 138 AioContext *aio_context = bdrv_get_aio_context(s->backup_top); 139 140 aio_context_acquire(aio_context); 141 bdrv_backup_top_drop(s->backup_top); 142 aio_context_release(aio_context); 143 } 144 145 void backup_do_checkpoint(BlockJob *job, Error **errp) 146 { 147 BackupBlockJob *backup_job = container_of(job, BackupBlockJob, common); 148 149 assert(block_job_driver(job) == &backup_job_driver); 150 151 if (backup_job->sync_mode != MIRROR_SYNC_MODE_NONE) { 152 error_setg(errp, "The backup job only supports block checkpoint in" 153 " sync=none mode"); 154 return; 155 } 156 157 bdrv_set_dirty_bitmap(backup_job->bcs->copy_bitmap, 0, backup_job->len); 158 } 159 160 static BlockErrorAction backup_error_action(BackupBlockJob *job, 161 bool read, int error) 162 { 163 if (read) { 164 return block_job_error_action(&job->common, job->on_source_error, 165 true, error); 166 } else { 167 return block_job_error_action(&job->common, job->on_target_error, 168 false, error); 169 } 170 } 171 172 static bool coroutine_fn yield_and_check(BackupBlockJob *job) 173 { 174 uint64_t delay_ns; 175 176 if (job_is_cancelled(&job->common.job)) { 177 return true; 178 } 179 180 /* 181 * We need to yield even for delay_ns = 0 so that bdrv_drain_all() can 182 * return. Without a yield, the VM would not reboot. 183 */ 184 delay_ns = block_job_ratelimit_get_delay(&job->common, job->bytes_read); 185 job->bytes_read = 0; 186 job_sleep_ns(&job->common.job, delay_ns); 187 188 if (job_is_cancelled(&job->common.job)) { 189 return true; 190 } 191 192 return false; 193 } 194 195 static int coroutine_fn backup_loop(BackupBlockJob *job) 196 { 197 bool error_is_read; 198 int64_t offset; 199 BdrvDirtyBitmapIter *bdbi; 200 int ret = 0; 201 202 bdbi = bdrv_dirty_iter_new(job->bcs->copy_bitmap); 203 while ((offset = bdrv_dirty_iter_next(bdbi)) != -1) { 204 do { 205 if (yield_and_check(job)) { 206 goto out; 207 } 208 ret = backup_do_cow(job, offset, job->cluster_size, &error_is_read); 209 if (ret < 0 && backup_error_action(job, error_is_read, -ret) == 210 BLOCK_ERROR_ACTION_REPORT) 211 { 212 goto out; 213 } 214 } while (ret < 0); 215 } 216 217 out: 218 bdrv_dirty_iter_free(bdbi); 219 return ret; 220 } 221 222 static void backup_init_copy_bitmap(BackupBlockJob *job) 223 { 224 bool ret; 225 uint64_t estimate; 226 227 if (job->sync_mode == MIRROR_SYNC_MODE_BITMAP) { 228 ret = bdrv_dirty_bitmap_merge_internal(job->bcs->copy_bitmap, 229 job->sync_bitmap, 230 NULL, true); 231 assert(ret); 232 } else { 233 if (job->sync_mode == MIRROR_SYNC_MODE_TOP) { 234 /* 235 * We can't hog the coroutine to initialize this thoroughly. 236 * Set a flag and resume work when we are able to yield safely. 237 */ 238 job->bcs->skip_unallocated = true; 239 } 240 bdrv_set_dirty_bitmap(job->bcs->copy_bitmap, 0, job->len); 241 } 242 243 estimate = bdrv_get_dirty_count(job->bcs->copy_bitmap); 244 job_progress_set_remaining(&job->common.job, estimate); 245 } 246 247 static int coroutine_fn backup_run(Job *job, Error **errp) 248 { 249 BackupBlockJob *s = container_of(job, BackupBlockJob, common.job); 250 int ret = 0; 251 252 backup_init_copy_bitmap(s); 253 254 if (s->sync_mode == MIRROR_SYNC_MODE_TOP) { 255 int64_t offset = 0; 256 int64_t count; 257 258 for (offset = 0; offset < s->len; ) { 259 if (yield_and_check(s)) { 260 ret = -ECANCELED; 261 goto out; 262 } 263 264 ret = block_copy_reset_unallocated(s->bcs, offset, &count); 265 if (ret < 0) { 266 goto out; 267 } 268 269 offset += count; 270 } 271 s->bcs->skip_unallocated = false; 272 } 273 274 if (s->sync_mode == MIRROR_SYNC_MODE_NONE) { 275 /* 276 * All bits are set in copy_bitmap to allow any cluster to be copied. 277 * This does not actually require them to be copied. 278 */ 279 while (!job_is_cancelled(job)) { 280 /* 281 * Yield until the job is cancelled. We just let our before_write 282 * notify callback service CoW requests. 283 */ 284 job_yield(job); 285 } 286 } else { 287 ret = backup_loop(s); 288 } 289 290 out: 291 return ret; 292 } 293 294 static const BlockJobDriver backup_job_driver = { 295 .job_driver = { 296 .instance_size = sizeof(BackupBlockJob), 297 .job_type = JOB_TYPE_BACKUP, 298 .free = block_job_free, 299 .user_resume = block_job_user_resume, 300 .run = backup_run, 301 .commit = backup_commit, 302 .abort = backup_abort, 303 .clean = backup_clean, 304 } 305 }; 306 307 static int64_t backup_calculate_cluster_size(BlockDriverState *target, 308 Error **errp) 309 { 310 int ret; 311 BlockDriverInfo bdi; 312 313 /* 314 * If there is no backing file on the target, we cannot rely on COW if our 315 * backup cluster size is smaller than the target cluster size. Even for 316 * targets with a backing file, try to avoid COW if possible. 317 */ 318 ret = bdrv_get_info(target, &bdi); 319 if (ret == -ENOTSUP && !target->backing) { 320 /* Cluster size is not defined */ 321 warn_report("The target block device doesn't provide " 322 "information about the block size and it doesn't have a " 323 "backing file. The default block size of %u bytes is " 324 "used. If the actual block size of the target exceeds " 325 "this default, the backup may be unusable", 326 BACKUP_CLUSTER_SIZE_DEFAULT); 327 return BACKUP_CLUSTER_SIZE_DEFAULT; 328 } else if (ret < 0 && !target->backing) { 329 error_setg_errno(errp, -ret, 330 "Couldn't determine the cluster size of the target image, " 331 "which has no backing file"); 332 error_append_hint(errp, 333 "Aborting, since this may create an unusable destination image\n"); 334 return ret; 335 } else if (ret < 0 && target->backing) { 336 /* Not fatal; just trudge on ahead. */ 337 return BACKUP_CLUSTER_SIZE_DEFAULT; 338 } 339 340 return MAX(BACKUP_CLUSTER_SIZE_DEFAULT, bdi.cluster_size); 341 } 342 343 BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs, 344 BlockDriverState *target, int64_t speed, 345 MirrorSyncMode sync_mode, BdrvDirtyBitmap *sync_bitmap, 346 BitmapSyncMode bitmap_mode, 347 bool compress, 348 const char *filter_node_name, 349 BlockdevOnError on_source_error, 350 BlockdevOnError on_target_error, 351 int creation_flags, 352 BlockCompletionFunc *cb, void *opaque, 353 JobTxn *txn, Error **errp) 354 { 355 int64_t len; 356 BackupBlockJob *job = NULL; 357 int64_t cluster_size; 358 BdrvRequestFlags write_flags; 359 BlockDriverState *backup_top = NULL; 360 BlockCopyState *bcs = NULL; 361 362 assert(bs); 363 assert(target); 364 365 /* QMP interface protects us from these cases */ 366 assert(sync_mode != MIRROR_SYNC_MODE_INCREMENTAL); 367 assert(sync_bitmap || sync_mode != MIRROR_SYNC_MODE_BITMAP); 368 369 if (bs == target) { 370 error_setg(errp, "Source and target cannot be the same"); 371 return NULL; 372 } 373 374 if (!bdrv_is_inserted(bs)) { 375 error_setg(errp, "Device is not inserted: %s", 376 bdrv_get_device_name(bs)); 377 return NULL; 378 } 379 380 if (!bdrv_is_inserted(target)) { 381 error_setg(errp, "Device is not inserted: %s", 382 bdrv_get_device_name(target)); 383 return NULL; 384 } 385 386 if (compress && !block_driver_can_compress(target->drv)) { 387 error_setg(errp, "Compression is not supported for this drive %s", 388 bdrv_get_device_name(target)); 389 return NULL; 390 } 391 392 if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_BACKUP_SOURCE, errp)) { 393 return NULL; 394 } 395 396 if (bdrv_op_is_blocked(target, BLOCK_OP_TYPE_BACKUP_TARGET, errp)) { 397 return NULL; 398 } 399 400 if (sync_bitmap) { 401 /* If we need to write to this bitmap, check that we can: */ 402 if (bitmap_mode != BITMAP_SYNC_MODE_NEVER && 403 bdrv_dirty_bitmap_check(sync_bitmap, BDRV_BITMAP_DEFAULT, errp)) { 404 return NULL; 405 } 406 407 /* Create a new bitmap, and freeze/disable this one. */ 408 if (bdrv_dirty_bitmap_create_successor(sync_bitmap, errp) < 0) { 409 return NULL; 410 } 411 } 412 413 len = bdrv_getlength(bs); 414 if (len < 0) { 415 error_setg_errno(errp, -len, "unable to get length for '%s'", 416 bdrv_get_device_name(bs)); 417 goto error; 418 } 419 420 cluster_size = backup_calculate_cluster_size(target, errp); 421 if (cluster_size < 0) { 422 goto error; 423 } 424 425 /* 426 * If source is in backing chain of target assume that target is going to be 427 * used for "image fleecing", i.e. it should represent a kind of snapshot of 428 * source at backup-start point in time. And target is going to be read by 429 * somebody (for example, used as NBD export) during backup job. 430 * 431 * In this case, we need to add BDRV_REQ_SERIALISING write flag to avoid 432 * intersection of backup writes and third party reads from target, 433 * otherwise reading from target we may occasionally read already updated by 434 * guest data. 435 * 436 * For more information see commit f8d59dfb40bb and test 437 * tests/qemu-iotests/222 438 */ 439 write_flags = (bdrv_chain_contains(target, bs) ? BDRV_REQ_SERIALISING : 0) | 440 (compress ? BDRV_REQ_WRITE_COMPRESSED : 0), 441 442 backup_top = bdrv_backup_top_append(bs, target, filter_node_name, 443 cluster_size, write_flags, &bcs, errp); 444 if (!backup_top) { 445 goto error; 446 } 447 448 /* job->len is fixed, so we can't allow resize */ 449 job = block_job_create(job_id, &backup_job_driver, txn, backup_top, 450 0, BLK_PERM_ALL, 451 speed, creation_flags, cb, opaque, errp); 452 if (!job) { 453 goto error; 454 } 455 456 job->backup_top = backup_top; 457 job->source_bs = bs; 458 job->on_source_error = on_source_error; 459 job->on_target_error = on_target_error; 460 job->sync_mode = sync_mode; 461 job->sync_bitmap = sync_bitmap; 462 job->bitmap_mode = bitmap_mode; 463 job->bcs = bcs; 464 job->cluster_size = cluster_size; 465 job->len = len; 466 467 block_copy_set_callbacks(bcs, backup_progress_bytes_callback, 468 backup_progress_reset_callback, job); 469 470 /* Required permissions are already taken by backup-top target */ 471 block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL, 472 &error_abort); 473 474 return &job->common; 475 476 error: 477 if (sync_bitmap) { 478 bdrv_reclaim_dirty_bitmap(sync_bitmap, NULL); 479 } 480 if (backup_top) { 481 bdrv_backup_top_drop(backup_top); 482 } 483 484 return NULL; 485 } 486