xref: /openbmc/qemu/block/backup.c (revision c2387413)
1 /*
2  * QEMU backup
3  *
4  * Copyright (C) 2013 Proxmox Server Solutions
5  * Copyright (c) 2019 Virtuozzo International GmbH.
6  *
7  * Authors:
8  *  Dietmar Maurer (dietmar@proxmox.com)
9  *
10  * This work is licensed under the terms of the GNU GPL, version 2 or later.
11  * See the COPYING file in the top-level directory.
12  *
13  */
14 
15 #include "qemu/osdep.h"
16 
17 #include "trace.h"
18 #include "block/block.h"
19 #include "block/block_int.h"
20 #include "block/blockjob_int.h"
21 #include "block/block_backup.h"
22 #include "block/block-copy.h"
23 #include "qapi/error.h"
24 #include "qapi/qmp/qerror.h"
25 #include "qemu/cutils.h"
26 #include "sysemu/block-backend.h"
27 #include "qemu/bitmap.h"
28 #include "qemu/error-report.h"
29 
30 #include "block/backup-top.h"
31 
32 #define BACKUP_CLUSTER_SIZE_DEFAULT (1 << 16)
33 
34 typedef struct BackupBlockJob {
35     BlockJob common;
36     BlockDriverState *backup_top;
37     BlockDriverState *source_bs;
38     BlockDriverState *target_bs;
39 
40     BdrvDirtyBitmap *sync_bitmap;
41 
42     MirrorSyncMode sync_mode;
43     BitmapSyncMode bitmap_mode;
44     BlockdevOnError on_source_error;
45     BlockdevOnError on_target_error;
46     uint64_t len;
47     int64_t cluster_size;
48     BackupPerf perf;
49 
50     BlockCopyState *bcs;
51 
52     bool wait;
53     BlockCopyCallState *bg_bcs_call;
54 } BackupBlockJob;
55 
56 static const BlockJobDriver backup_job_driver;
57 
58 static void backup_cleanup_sync_bitmap(BackupBlockJob *job, int ret)
59 {
60     BdrvDirtyBitmap *bm;
61     bool sync = (((ret == 0) || (job->bitmap_mode == BITMAP_SYNC_MODE_ALWAYS)) \
62                  && (job->bitmap_mode != BITMAP_SYNC_MODE_NEVER));
63 
64     if (sync) {
65         /*
66          * We succeeded, or we always intended to sync the bitmap.
67          * Delete this bitmap and install the child.
68          */
69         bm = bdrv_dirty_bitmap_abdicate(job->sync_bitmap, NULL);
70     } else {
71         /*
72          * We failed, or we never intended to sync the bitmap anyway.
73          * Merge the successor back into the parent, keeping all data.
74          */
75         bm = bdrv_reclaim_dirty_bitmap(job->sync_bitmap, NULL);
76     }
77 
78     assert(bm);
79 
80     if (ret < 0 && job->bitmap_mode == BITMAP_SYNC_MODE_ALWAYS) {
81         /* If we failed and synced, merge in the bits we didn't copy: */
82         bdrv_dirty_bitmap_merge_internal(bm, block_copy_dirty_bitmap(job->bcs),
83                                          NULL, true);
84     }
85 }
86 
87 static void backup_commit(Job *job)
88 {
89     BackupBlockJob *s = container_of(job, BackupBlockJob, common.job);
90     if (s->sync_bitmap) {
91         backup_cleanup_sync_bitmap(s, 0);
92     }
93 }
94 
95 static void backup_abort(Job *job)
96 {
97     BackupBlockJob *s = container_of(job, BackupBlockJob, common.job);
98     if (s->sync_bitmap) {
99         backup_cleanup_sync_bitmap(s, -1);
100     }
101 }
102 
103 static void backup_clean(Job *job)
104 {
105     BackupBlockJob *s = container_of(job, BackupBlockJob, common.job);
106     bdrv_backup_top_drop(s->backup_top);
107 }
108 
109 void backup_do_checkpoint(BlockJob *job, Error **errp)
110 {
111     BackupBlockJob *backup_job = container_of(job, BackupBlockJob, common);
112 
113     assert(block_job_driver(job) == &backup_job_driver);
114 
115     if (backup_job->sync_mode != MIRROR_SYNC_MODE_NONE) {
116         error_setg(errp, "The backup job only supports block checkpoint in"
117                    " sync=none mode");
118         return;
119     }
120 
121     bdrv_set_dirty_bitmap(block_copy_dirty_bitmap(backup_job->bcs), 0,
122                           backup_job->len);
123 }
124 
125 static BlockErrorAction backup_error_action(BackupBlockJob *job,
126                                             bool read, int error)
127 {
128     if (read) {
129         return block_job_error_action(&job->common, job->on_source_error,
130                                       true, error);
131     } else {
132         return block_job_error_action(&job->common, job->on_target_error,
133                                       false, error);
134     }
135 }
136 
137 static void coroutine_fn backup_block_copy_callback(void *opaque)
138 {
139     BackupBlockJob *s = opaque;
140 
141     if (s->wait) {
142         s->wait = false;
143         aio_co_wake(s->common.job.co);
144     } else {
145         job_enter(&s->common.job);
146     }
147 }
148 
149 static int coroutine_fn backup_loop(BackupBlockJob *job)
150 {
151     BlockCopyCallState *s = NULL;
152     int ret = 0;
153     bool error_is_read;
154     BlockErrorAction act;
155 
156     while (true) { /* retry loop */
157         job->bg_bcs_call = s = block_copy_async(job->bcs, 0,
158                 QEMU_ALIGN_UP(job->len, job->cluster_size),
159                 job->perf.max_workers, job->perf.max_chunk,
160                 backup_block_copy_callback, job);
161 
162         while (!block_copy_call_finished(s) &&
163                !job_is_cancelled(&job->common.job))
164         {
165             job_yield(&job->common.job);
166         }
167 
168         if (!block_copy_call_finished(s)) {
169             assert(job_is_cancelled(&job->common.job));
170             /*
171              * Note that we can't use job_yield() here, as it doesn't work for
172              * cancelled job.
173              */
174             block_copy_call_cancel(s);
175             job->wait = true;
176             qemu_coroutine_yield();
177             assert(block_copy_call_finished(s));
178             ret = 0;
179             goto out;
180         }
181 
182         if (job_is_cancelled(&job->common.job) ||
183             block_copy_call_succeeded(s))
184         {
185             ret = 0;
186             goto out;
187         }
188 
189         if (block_copy_call_cancelled(s)) {
190             /*
191              * Job is not cancelled but only block-copy call. This is possible
192              * after job pause. Now the pause is finished, start new block-copy
193              * iteration.
194              */
195             block_copy_call_free(s);
196             continue;
197         }
198 
199         /* The only remaining case is failed block-copy call. */
200         assert(block_copy_call_failed(s));
201 
202         ret = block_copy_call_status(s, &error_is_read);
203         act = backup_error_action(job, error_is_read, -ret);
204         switch (act) {
205         case BLOCK_ERROR_ACTION_REPORT:
206             goto out;
207         case BLOCK_ERROR_ACTION_STOP:
208             /*
209              * Go to pause prior to starting new block-copy call on the next
210              * iteration.
211              */
212             job_pause_point(&job->common.job);
213             break;
214         case BLOCK_ERROR_ACTION_IGNORE:
215             /* Proceed to new block-copy call to retry. */
216             break;
217         default:
218             abort();
219         }
220 
221         block_copy_call_free(s);
222     }
223 
224 out:
225     block_copy_call_free(s);
226     job->bg_bcs_call = NULL;
227     return ret;
228 }
229 
230 static void backup_init_bcs_bitmap(BackupBlockJob *job)
231 {
232     bool ret;
233     uint64_t estimate;
234     BdrvDirtyBitmap *bcs_bitmap = block_copy_dirty_bitmap(job->bcs);
235 
236     if (job->sync_mode == MIRROR_SYNC_MODE_BITMAP) {
237         ret = bdrv_dirty_bitmap_merge_internal(bcs_bitmap, job->sync_bitmap,
238                                                NULL, true);
239         assert(ret);
240     } else {
241         if (job->sync_mode == MIRROR_SYNC_MODE_TOP) {
242             /*
243              * We can't hog the coroutine to initialize this thoroughly.
244              * Set a flag and resume work when we are able to yield safely.
245              */
246             block_copy_set_skip_unallocated(job->bcs, true);
247         }
248         bdrv_set_dirty_bitmap(bcs_bitmap, 0, job->len);
249     }
250 
251     estimate = bdrv_get_dirty_count(bcs_bitmap);
252     job_progress_set_remaining(&job->common.job, estimate);
253 }
254 
255 static int coroutine_fn backup_run(Job *job, Error **errp)
256 {
257     BackupBlockJob *s = container_of(job, BackupBlockJob, common.job);
258     int ret;
259 
260     backup_init_bcs_bitmap(s);
261 
262     if (s->sync_mode == MIRROR_SYNC_MODE_TOP) {
263         int64_t offset = 0;
264         int64_t count;
265 
266         for (offset = 0; offset < s->len; ) {
267             if (job_is_cancelled(job)) {
268                 return -ECANCELED;
269             }
270 
271             job_pause_point(job);
272 
273             if (job_is_cancelled(job)) {
274                 return -ECANCELED;
275             }
276 
277             ret = block_copy_reset_unallocated(s->bcs, offset, &count);
278             if (ret < 0) {
279                 return ret;
280             }
281 
282             offset += count;
283         }
284         block_copy_set_skip_unallocated(s->bcs, false);
285     }
286 
287     if (s->sync_mode == MIRROR_SYNC_MODE_NONE) {
288         /*
289          * All bits are set in bcs bitmap to allow any cluster to be copied.
290          * This does not actually require them to be copied.
291          */
292         while (!job_is_cancelled(job)) {
293             /*
294              * Yield until the job is cancelled.  We just let our before_write
295              * notify callback service CoW requests.
296              */
297             job_yield(job);
298         }
299     } else {
300         return backup_loop(s);
301     }
302 
303     return 0;
304 }
305 
306 static void coroutine_fn backup_pause(Job *job)
307 {
308     BackupBlockJob *s = container_of(job, BackupBlockJob, common.job);
309 
310     if (s->bg_bcs_call && !block_copy_call_finished(s->bg_bcs_call)) {
311         block_copy_call_cancel(s->bg_bcs_call);
312         s->wait = true;
313         qemu_coroutine_yield();
314     }
315 }
316 
317 static void coroutine_fn backup_set_speed(BlockJob *job, int64_t speed)
318 {
319     BackupBlockJob *s = container_of(job, BackupBlockJob, common);
320 
321     /*
322      * block_job_set_speed() is called first from block_job_create(), when we
323      * don't yet have s->bcs.
324      */
325     if (s->bcs) {
326         block_copy_set_speed(s->bcs, speed);
327         if (s->bg_bcs_call) {
328             block_copy_kick(s->bg_bcs_call);
329         }
330     }
331 }
332 
333 static void backup_cancel(Job *job)
334 {
335     BackupBlockJob *s = container_of(job, BackupBlockJob, common.job);
336 
337     bdrv_cancel_in_flight(s->target_bs);
338 }
339 
340 static const BlockJobDriver backup_job_driver = {
341     .job_driver = {
342         .instance_size          = sizeof(BackupBlockJob),
343         .job_type               = JOB_TYPE_BACKUP,
344         .free                   = block_job_free,
345         .user_resume            = block_job_user_resume,
346         .run                    = backup_run,
347         .commit                 = backup_commit,
348         .abort                  = backup_abort,
349         .clean                  = backup_clean,
350         .pause                  = backup_pause,
351         .cancel                 = backup_cancel,
352     },
353     .set_speed = backup_set_speed,
354 };
355 
356 static int64_t backup_calculate_cluster_size(BlockDriverState *target,
357                                              Error **errp)
358 {
359     int ret;
360     BlockDriverInfo bdi;
361     bool target_does_cow = bdrv_backing_chain_next(target);
362 
363     /*
364      * If there is no backing file on the target, we cannot rely on COW if our
365      * backup cluster size is smaller than the target cluster size. Even for
366      * targets with a backing file, try to avoid COW if possible.
367      */
368     ret = bdrv_get_info(target, &bdi);
369     if (ret == -ENOTSUP && !target_does_cow) {
370         /* Cluster size is not defined */
371         warn_report("The target block device doesn't provide "
372                     "information about the block size and it doesn't have a "
373                     "backing file. The default block size of %u bytes is "
374                     "used. If the actual block size of the target exceeds "
375                     "this default, the backup may be unusable",
376                     BACKUP_CLUSTER_SIZE_DEFAULT);
377         return BACKUP_CLUSTER_SIZE_DEFAULT;
378     } else if (ret < 0 && !target_does_cow) {
379         error_setg_errno(errp, -ret,
380             "Couldn't determine the cluster size of the target image, "
381             "which has no backing file");
382         error_append_hint(errp,
383             "Aborting, since this may create an unusable destination image\n");
384         return ret;
385     } else if (ret < 0 && target_does_cow) {
386         /* Not fatal; just trudge on ahead. */
387         return BACKUP_CLUSTER_SIZE_DEFAULT;
388     }
389 
390     return MAX(BACKUP_CLUSTER_SIZE_DEFAULT, bdi.cluster_size);
391 }
392 
393 BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
394                   BlockDriverState *target, int64_t speed,
395                   MirrorSyncMode sync_mode, BdrvDirtyBitmap *sync_bitmap,
396                   BitmapSyncMode bitmap_mode,
397                   bool compress,
398                   const char *filter_node_name,
399                   BackupPerf *perf,
400                   BlockdevOnError on_source_error,
401                   BlockdevOnError on_target_error,
402                   int creation_flags,
403                   BlockCompletionFunc *cb, void *opaque,
404                   JobTxn *txn, Error **errp)
405 {
406     int64_t len, target_len;
407     BackupBlockJob *job = NULL;
408     int64_t cluster_size;
409     BdrvRequestFlags write_flags;
410     BlockDriverState *backup_top = NULL;
411     BlockCopyState *bcs = NULL;
412 
413     assert(bs);
414     assert(target);
415 
416     /* QMP interface protects us from these cases */
417     assert(sync_mode != MIRROR_SYNC_MODE_INCREMENTAL);
418     assert(sync_bitmap || sync_mode != MIRROR_SYNC_MODE_BITMAP);
419 
420     if (bs == target) {
421         error_setg(errp, "Source and target cannot be the same");
422         return NULL;
423     }
424 
425     if (!bdrv_is_inserted(bs)) {
426         error_setg(errp, "Device is not inserted: %s",
427                    bdrv_get_device_name(bs));
428         return NULL;
429     }
430 
431     if (!bdrv_is_inserted(target)) {
432         error_setg(errp, "Device is not inserted: %s",
433                    bdrv_get_device_name(target));
434         return NULL;
435     }
436 
437     if (compress && !bdrv_supports_compressed_writes(target)) {
438         error_setg(errp, "Compression is not supported for this drive %s",
439                    bdrv_get_device_name(target));
440         return NULL;
441     }
442 
443     if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_BACKUP_SOURCE, errp)) {
444         return NULL;
445     }
446 
447     if (bdrv_op_is_blocked(target, BLOCK_OP_TYPE_BACKUP_TARGET, errp)) {
448         return NULL;
449     }
450 
451     cluster_size = backup_calculate_cluster_size(target, errp);
452     if (cluster_size < 0) {
453         goto error;
454     }
455 
456     if (perf->max_workers < 1) {
457         error_setg(errp, "max-workers must be greater than zero");
458         return NULL;
459     }
460 
461     if (perf->max_chunk < 0) {
462         error_setg(errp, "max-chunk must be zero (which means no limit) or "
463                    "positive");
464         return NULL;
465     }
466 
467     if (perf->max_chunk && perf->max_chunk < cluster_size) {
468         error_setg(errp, "Required max-chunk (%" PRIi64 ") is less than backup "
469                    "cluster size (%" PRIi64 ")", perf->max_chunk, cluster_size);
470         return NULL;
471     }
472 
473 
474     if (sync_bitmap) {
475         /* If we need to write to this bitmap, check that we can: */
476         if (bitmap_mode != BITMAP_SYNC_MODE_NEVER &&
477             bdrv_dirty_bitmap_check(sync_bitmap, BDRV_BITMAP_DEFAULT, errp)) {
478             return NULL;
479         }
480 
481         /* Create a new bitmap, and freeze/disable this one. */
482         if (bdrv_dirty_bitmap_create_successor(sync_bitmap, errp) < 0) {
483             return NULL;
484         }
485     }
486 
487     len = bdrv_getlength(bs);
488     if (len < 0) {
489         error_setg_errno(errp, -len, "Unable to get length for '%s'",
490                          bdrv_get_device_or_node_name(bs));
491         goto error;
492     }
493 
494     target_len = bdrv_getlength(target);
495     if (target_len < 0) {
496         error_setg_errno(errp, -target_len, "Unable to get length for '%s'",
497                          bdrv_get_device_or_node_name(bs));
498         goto error;
499     }
500 
501     if (target_len != len) {
502         error_setg(errp, "Source and target image have different sizes");
503         goto error;
504     }
505 
506     /*
507      * If source is in backing chain of target assume that target is going to be
508      * used for "image fleecing", i.e. it should represent a kind of snapshot of
509      * source at backup-start point in time. And target is going to be read by
510      * somebody (for example, used as NBD export) during backup job.
511      *
512      * In this case, we need to add BDRV_REQ_SERIALISING write flag to avoid
513      * intersection of backup writes and third party reads from target,
514      * otherwise reading from target we may occasionally read already updated by
515      * guest data.
516      *
517      * For more information see commit f8d59dfb40bb and test
518      * tests/qemu-iotests/222
519      */
520     write_flags = (bdrv_chain_contains(target, bs) ? BDRV_REQ_SERIALISING : 0) |
521                   (compress ? BDRV_REQ_WRITE_COMPRESSED : 0),
522 
523     backup_top = bdrv_backup_top_append(bs, target, filter_node_name,
524                                         cluster_size, perf,
525                                         write_flags, &bcs, errp);
526     if (!backup_top) {
527         goto error;
528     }
529 
530     /* job->len is fixed, so we can't allow resize */
531     job = block_job_create(job_id, &backup_job_driver, txn, backup_top,
532                            0, BLK_PERM_ALL,
533                            speed, creation_flags, cb, opaque, errp);
534     if (!job) {
535         goto error;
536     }
537 
538     job->backup_top = backup_top;
539     job->source_bs = bs;
540     job->target_bs = target;
541     job->on_source_error = on_source_error;
542     job->on_target_error = on_target_error;
543     job->sync_mode = sync_mode;
544     job->sync_bitmap = sync_bitmap;
545     job->bitmap_mode = bitmap_mode;
546     job->bcs = bcs;
547     job->cluster_size = cluster_size;
548     job->len = len;
549     job->perf = *perf;
550 
551     block_copy_set_progress_meter(bcs, &job->common.job.progress);
552     block_copy_set_speed(bcs, speed);
553 
554     /* Required permissions are already taken by backup-top target */
555     block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL,
556                        &error_abort);
557 
558     return &job->common;
559 
560  error:
561     if (sync_bitmap) {
562         bdrv_reclaim_dirty_bitmap(sync_bitmap, NULL);
563     }
564     if (backup_top) {
565         bdrv_backup_top_drop(backup_top);
566     }
567 
568     return NULL;
569 }
570