1 /* 2 * QEMU backup 3 * 4 * Copyright (C) 2013 Proxmox Server Solutions 5 * 6 * Authors: 7 * Dietmar Maurer (dietmar@proxmox.com) 8 * 9 * This work is licensed under the terms of the GNU GPL, version 2 or later. 10 * See the COPYING file in the top-level directory. 11 * 12 */ 13 14 #include "qemu/osdep.h" 15 16 #include "trace.h" 17 #include "block/block.h" 18 #include "block/block_int.h" 19 #include "block/blockjob_int.h" 20 #include "block/block_backup.h" 21 #include "qapi/error.h" 22 #include "qapi/qmp/qerror.h" 23 #include "qemu/ratelimit.h" 24 #include "qemu/cutils.h" 25 #include "sysemu/block-backend.h" 26 #include "qemu/bitmap.h" 27 #include "qemu/error-report.h" 28 29 #define BACKUP_CLUSTER_SIZE_DEFAULT (1 << 16) 30 #define SLICE_TIME 100000000ULL /* ns */ 31 32 typedef struct BackupBlockJob { 33 BlockJob common; 34 BlockBackend *target; 35 /* bitmap for sync=incremental */ 36 BdrvDirtyBitmap *sync_bitmap; 37 MirrorSyncMode sync_mode; 38 RateLimit limit; 39 BlockdevOnError on_source_error; 40 BlockdevOnError on_target_error; 41 CoRwlock flush_rwlock; 42 uint64_t bytes_read; 43 unsigned long *done_bitmap; 44 int64_t cluster_size; 45 bool compress; 46 NotifierWithReturn before_write; 47 QLIST_HEAD(, CowRequest) inflight_reqs; 48 } BackupBlockJob; 49 50 /* See if in-flight requests overlap and wait for them to complete */ 51 static void coroutine_fn wait_for_overlapping_requests(BackupBlockJob *job, 52 int64_t start, 53 int64_t end) 54 { 55 CowRequest *req; 56 bool retry; 57 58 do { 59 retry = false; 60 QLIST_FOREACH(req, &job->inflight_reqs, list) { 61 if (end > req->start_byte && start < req->end_byte) { 62 qemu_co_queue_wait(&req->wait_queue, NULL); 63 retry = true; 64 break; 65 } 66 } 67 } while (retry); 68 } 69 70 /* Keep track of an in-flight request */ 71 static void cow_request_begin(CowRequest *req, BackupBlockJob *job, 72 int64_t start, int64_t end) 73 { 74 req->start_byte = start; 75 req->end_byte = end; 76 qemu_co_queue_init(&req->wait_queue); 77 QLIST_INSERT_HEAD(&job->inflight_reqs, req, list); 78 } 79 80 /* Forget about a completed request */ 81 static void cow_request_end(CowRequest *req) 82 { 83 QLIST_REMOVE(req, list); 84 qemu_co_queue_restart_all(&req->wait_queue); 85 } 86 87 static int coroutine_fn backup_do_cow(BackupBlockJob *job, 88 int64_t offset, uint64_t bytes, 89 bool *error_is_read, 90 bool is_write_notifier) 91 { 92 BlockBackend *blk = job->common.blk; 93 CowRequest cow_request; 94 struct iovec iov; 95 QEMUIOVector bounce_qiov; 96 void *bounce_buffer = NULL; 97 int ret = 0; 98 int64_t start, end; /* bytes */ 99 int n; /* bytes */ 100 101 qemu_co_rwlock_rdlock(&job->flush_rwlock); 102 103 start = QEMU_ALIGN_DOWN(offset, job->cluster_size); 104 end = QEMU_ALIGN_UP(bytes + offset, job->cluster_size); 105 106 trace_backup_do_cow_enter(job, start, offset, bytes); 107 108 wait_for_overlapping_requests(job, start, end); 109 cow_request_begin(&cow_request, job, start, end); 110 111 for (; start < end; start += job->cluster_size) { 112 if (test_bit(start / job->cluster_size, job->done_bitmap)) { 113 trace_backup_do_cow_skip(job, start); 114 continue; /* already copied */ 115 } 116 117 trace_backup_do_cow_process(job, start); 118 119 n = MIN(job->cluster_size, job->common.len - start); 120 121 if (!bounce_buffer) { 122 bounce_buffer = blk_blockalign(blk, job->cluster_size); 123 } 124 iov.iov_base = bounce_buffer; 125 iov.iov_len = n; 126 qemu_iovec_init_external(&bounce_qiov, &iov, 1); 127 128 ret = blk_co_preadv(blk, start, bounce_qiov.size, &bounce_qiov, 129 is_write_notifier ? BDRV_REQ_NO_SERIALISING : 0); 130 if (ret < 0) { 131 trace_backup_do_cow_read_fail(job, start, ret); 132 if (error_is_read) { 133 *error_is_read = true; 134 } 135 goto out; 136 } 137 138 if (buffer_is_zero(iov.iov_base, iov.iov_len)) { 139 ret = blk_co_pwrite_zeroes(job->target, start, 140 bounce_qiov.size, BDRV_REQ_MAY_UNMAP); 141 } else { 142 ret = blk_co_pwritev(job->target, start, 143 bounce_qiov.size, &bounce_qiov, 144 job->compress ? BDRV_REQ_WRITE_COMPRESSED : 0); 145 } 146 if (ret < 0) { 147 trace_backup_do_cow_write_fail(job, start, ret); 148 if (error_is_read) { 149 *error_is_read = false; 150 } 151 goto out; 152 } 153 154 set_bit(start / job->cluster_size, job->done_bitmap); 155 156 /* Publish progress, guest I/O counts as progress too. Note that the 157 * offset field is an opaque progress value, it is not a disk offset. 158 */ 159 job->bytes_read += n; 160 job->common.offset += n; 161 } 162 163 out: 164 if (bounce_buffer) { 165 qemu_vfree(bounce_buffer); 166 } 167 168 cow_request_end(&cow_request); 169 170 trace_backup_do_cow_return(job, offset, bytes, ret); 171 172 qemu_co_rwlock_unlock(&job->flush_rwlock); 173 174 return ret; 175 } 176 177 static int coroutine_fn backup_before_write_notify( 178 NotifierWithReturn *notifier, 179 void *opaque) 180 { 181 BackupBlockJob *job = container_of(notifier, BackupBlockJob, before_write); 182 BdrvTrackedRequest *req = opaque; 183 184 assert(req->bs == blk_bs(job->common.blk)); 185 assert(QEMU_IS_ALIGNED(req->offset, BDRV_SECTOR_SIZE)); 186 assert(QEMU_IS_ALIGNED(req->bytes, BDRV_SECTOR_SIZE)); 187 188 return backup_do_cow(job, req->offset, req->bytes, NULL, true); 189 } 190 191 static void backup_set_speed(BlockJob *job, int64_t speed, Error **errp) 192 { 193 BackupBlockJob *s = container_of(job, BackupBlockJob, common); 194 195 if (speed < 0) { 196 error_setg(errp, QERR_INVALID_PARAMETER, "speed"); 197 return; 198 } 199 ratelimit_set_speed(&s->limit, speed, SLICE_TIME); 200 } 201 202 static void backup_cleanup_sync_bitmap(BackupBlockJob *job, int ret) 203 { 204 BdrvDirtyBitmap *bm; 205 BlockDriverState *bs = blk_bs(job->common.blk); 206 207 if (ret < 0 || block_job_is_cancelled(&job->common)) { 208 /* Merge the successor back into the parent, delete nothing. */ 209 bm = bdrv_reclaim_dirty_bitmap(bs, job->sync_bitmap, NULL); 210 assert(bm); 211 } else { 212 /* Everything is fine, delete this bitmap and install the backup. */ 213 bm = bdrv_dirty_bitmap_abdicate(bs, job->sync_bitmap, NULL); 214 assert(bm); 215 } 216 } 217 218 static void backup_commit(BlockJob *job) 219 { 220 BackupBlockJob *s = container_of(job, BackupBlockJob, common); 221 if (s->sync_bitmap) { 222 backup_cleanup_sync_bitmap(s, 0); 223 } 224 } 225 226 static void backup_abort(BlockJob *job) 227 { 228 BackupBlockJob *s = container_of(job, BackupBlockJob, common); 229 if (s->sync_bitmap) { 230 backup_cleanup_sync_bitmap(s, -1); 231 } 232 } 233 234 static void backup_clean(BlockJob *job) 235 { 236 BackupBlockJob *s = container_of(job, BackupBlockJob, common); 237 assert(s->target); 238 blk_unref(s->target); 239 s->target = NULL; 240 } 241 242 static void backup_attached_aio_context(BlockJob *job, AioContext *aio_context) 243 { 244 BackupBlockJob *s = container_of(job, BackupBlockJob, common); 245 246 blk_set_aio_context(s->target, aio_context); 247 } 248 249 void backup_do_checkpoint(BlockJob *job, Error **errp) 250 { 251 BackupBlockJob *backup_job = container_of(job, BackupBlockJob, common); 252 int64_t len; 253 254 assert(job->driver->job_type == BLOCK_JOB_TYPE_BACKUP); 255 256 if (backup_job->sync_mode != MIRROR_SYNC_MODE_NONE) { 257 error_setg(errp, "The backup job only supports block checkpoint in" 258 " sync=none mode"); 259 return; 260 } 261 262 len = DIV_ROUND_UP(backup_job->common.len, backup_job->cluster_size); 263 bitmap_zero(backup_job->done_bitmap, len); 264 } 265 266 void backup_wait_for_overlapping_requests(BlockJob *job, int64_t offset, 267 uint64_t bytes) 268 { 269 BackupBlockJob *backup_job = container_of(job, BackupBlockJob, common); 270 int64_t start, end; 271 272 assert(job->driver->job_type == BLOCK_JOB_TYPE_BACKUP); 273 274 start = QEMU_ALIGN_DOWN(offset, backup_job->cluster_size); 275 end = QEMU_ALIGN_UP(offset + bytes, backup_job->cluster_size); 276 wait_for_overlapping_requests(backup_job, start, end); 277 } 278 279 void backup_cow_request_begin(CowRequest *req, BlockJob *job, 280 int64_t offset, uint64_t bytes) 281 { 282 BackupBlockJob *backup_job = container_of(job, BackupBlockJob, common); 283 int64_t start, end; 284 285 assert(job->driver->job_type == BLOCK_JOB_TYPE_BACKUP); 286 287 start = QEMU_ALIGN_DOWN(offset, backup_job->cluster_size); 288 end = QEMU_ALIGN_UP(offset + bytes, backup_job->cluster_size); 289 cow_request_begin(req, backup_job, start, end); 290 } 291 292 void backup_cow_request_end(CowRequest *req) 293 { 294 cow_request_end(req); 295 } 296 297 static void backup_drain(BlockJob *job) 298 { 299 BackupBlockJob *s = container_of(job, BackupBlockJob, common); 300 301 /* Need to keep a reference in case blk_drain triggers execution 302 * of backup_complete... 303 */ 304 if (s->target) { 305 BlockBackend *target = s->target; 306 blk_ref(target); 307 blk_drain(target); 308 blk_unref(target); 309 } 310 } 311 312 static BlockErrorAction backup_error_action(BackupBlockJob *job, 313 bool read, int error) 314 { 315 if (read) { 316 return block_job_error_action(&job->common, job->on_source_error, 317 true, error); 318 } else { 319 return block_job_error_action(&job->common, job->on_target_error, 320 false, error); 321 } 322 } 323 324 typedef struct { 325 int ret; 326 } BackupCompleteData; 327 328 static void backup_complete(BlockJob *job, void *opaque) 329 { 330 BackupCompleteData *data = opaque; 331 332 block_job_completed(job, data->ret); 333 g_free(data); 334 } 335 336 static bool coroutine_fn yield_and_check(BackupBlockJob *job) 337 { 338 if (block_job_is_cancelled(&job->common)) { 339 return true; 340 } 341 342 /* we need to yield so that bdrv_drain_all() returns. 343 * (without, VM does not reboot) 344 */ 345 if (job->common.speed) { 346 uint64_t delay_ns = ratelimit_calculate_delay(&job->limit, 347 job->bytes_read); 348 job->bytes_read = 0; 349 block_job_sleep_ns(&job->common, QEMU_CLOCK_REALTIME, delay_ns); 350 } else { 351 block_job_sleep_ns(&job->common, QEMU_CLOCK_REALTIME, 0); 352 } 353 354 if (block_job_is_cancelled(&job->common)) { 355 return true; 356 } 357 358 return false; 359 } 360 361 static int coroutine_fn backup_run_incremental(BackupBlockJob *job) 362 { 363 bool error_is_read; 364 int ret = 0; 365 int clusters_per_iter; 366 uint32_t granularity; 367 int64_t offset; 368 int64_t cluster; 369 int64_t end; 370 int64_t last_cluster = -1; 371 BdrvDirtyBitmapIter *dbi; 372 373 granularity = bdrv_dirty_bitmap_granularity(job->sync_bitmap); 374 clusters_per_iter = MAX((granularity / job->cluster_size), 1); 375 dbi = bdrv_dirty_iter_new(job->sync_bitmap); 376 377 /* Find the next dirty sector(s) */ 378 while ((offset = bdrv_dirty_iter_next(dbi)) >= 0) { 379 cluster = offset / job->cluster_size; 380 381 /* Fake progress updates for any clusters we skipped */ 382 if (cluster != last_cluster + 1) { 383 job->common.offset += ((cluster - last_cluster - 1) * 384 job->cluster_size); 385 } 386 387 for (end = cluster + clusters_per_iter; cluster < end; cluster++) { 388 do { 389 if (yield_and_check(job)) { 390 goto out; 391 } 392 ret = backup_do_cow(job, cluster * job->cluster_size, 393 job->cluster_size, &error_is_read, 394 false); 395 if ((ret < 0) && 396 backup_error_action(job, error_is_read, -ret) == 397 BLOCK_ERROR_ACTION_REPORT) { 398 goto out; 399 } 400 } while (ret < 0); 401 } 402 403 /* If the bitmap granularity is smaller than the backup granularity, 404 * we need to advance the iterator pointer to the next cluster. */ 405 if (granularity < job->cluster_size) { 406 bdrv_set_dirty_iter(dbi, cluster * job->cluster_size); 407 } 408 409 last_cluster = cluster - 1; 410 } 411 412 /* Play some final catchup with the progress meter */ 413 end = DIV_ROUND_UP(job->common.len, job->cluster_size); 414 if (last_cluster + 1 < end) { 415 job->common.offset += ((end - last_cluster - 1) * job->cluster_size); 416 } 417 418 out: 419 bdrv_dirty_iter_free(dbi); 420 return ret; 421 } 422 423 static void coroutine_fn backup_run(void *opaque) 424 { 425 BackupBlockJob *job = opaque; 426 BackupCompleteData *data; 427 BlockDriverState *bs = blk_bs(job->common.blk); 428 int64_t offset; 429 int ret = 0; 430 431 QLIST_INIT(&job->inflight_reqs); 432 qemu_co_rwlock_init(&job->flush_rwlock); 433 434 job->done_bitmap = bitmap_new(DIV_ROUND_UP(job->common.len, 435 job->cluster_size)); 436 437 job->before_write.notify = backup_before_write_notify; 438 bdrv_add_before_write_notifier(bs, &job->before_write); 439 440 if (job->sync_mode == MIRROR_SYNC_MODE_NONE) { 441 while (!block_job_is_cancelled(&job->common)) { 442 /* Yield until the job is cancelled. We just let our before_write 443 * notify callback service CoW requests. */ 444 block_job_yield(&job->common); 445 } 446 } else if (job->sync_mode == MIRROR_SYNC_MODE_INCREMENTAL) { 447 ret = backup_run_incremental(job); 448 } else { 449 /* Both FULL and TOP SYNC_MODE's require copying.. */ 450 for (offset = 0; offset < job->common.len; 451 offset += job->cluster_size) { 452 bool error_is_read; 453 int alloced = 0; 454 455 if (yield_and_check(job)) { 456 break; 457 } 458 459 if (job->sync_mode == MIRROR_SYNC_MODE_TOP) { 460 int i; 461 int64_t n; 462 463 /* Check to see if these blocks are already in the 464 * backing file. */ 465 466 for (i = 0; i < job->cluster_size;) { 467 /* bdrv_is_allocated() only returns true/false based 468 * on the first set of sectors it comes across that 469 * are are all in the same state. 470 * For that reason we must verify each sector in the 471 * backup cluster length. We end up copying more than 472 * needed but at some point that is always the case. */ 473 alloced = 474 bdrv_is_allocated(bs, offset + i, 475 job->cluster_size - i, &n); 476 i += n; 477 478 if (alloced || n == 0) { 479 break; 480 } 481 } 482 483 /* If the above loop never found any sectors that are in 484 * the topmost image, skip this backup. */ 485 if (alloced == 0) { 486 continue; 487 } 488 } 489 /* FULL sync mode we copy the whole drive. */ 490 if (alloced < 0) { 491 ret = alloced; 492 } else { 493 ret = backup_do_cow(job, offset, job->cluster_size, 494 &error_is_read, false); 495 } 496 if (ret < 0) { 497 /* Depending on error action, fail now or retry cluster */ 498 BlockErrorAction action = 499 backup_error_action(job, error_is_read, -ret); 500 if (action == BLOCK_ERROR_ACTION_REPORT) { 501 break; 502 } else { 503 offset -= job->cluster_size; 504 continue; 505 } 506 } 507 } 508 } 509 510 notifier_with_return_remove(&job->before_write); 511 512 /* wait until pending backup_do_cow() calls have completed */ 513 qemu_co_rwlock_wrlock(&job->flush_rwlock); 514 qemu_co_rwlock_unlock(&job->flush_rwlock); 515 g_free(job->done_bitmap); 516 517 data = g_malloc(sizeof(*data)); 518 data->ret = ret; 519 block_job_defer_to_main_loop(&job->common, backup_complete, data); 520 } 521 522 static const BlockJobDriver backup_job_driver = { 523 .instance_size = sizeof(BackupBlockJob), 524 .job_type = BLOCK_JOB_TYPE_BACKUP, 525 .start = backup_run, 526 .set_speed = backup_set_speed, 527 .commit = backup_commit, 528 .abort = backup_abort, 529 .clean = backup_clean, 530 .attached_aio_context = backup_attached_aio_context, 531 .drain = backup_drain, 532 }; 533 534 BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs, 535 BlockDriverState *target, int64_t speed, 536 MirrorSyncMode sync_mode, BdrvDirtyBitmap *sync_bitmap, 537 bool compress, 538 BlockdevOnError on_source_error, 539 BlockdevOnError on_target_error, 540 int creation_flags, 541 BlockCompletionFunc *cb, void *opaque, 542 BlockJobTxn *txn, Error **errp) 543 { 544 int64_t len; 545 BlockDriverInfo bdi; 546 BackupBlockJob *job = NULL; 547 int ret; 548 549 assert(bs); 550 assert(target); 551 552 if (bs == target) { 553 error_setg(errp, "Source and target cannot be the same"); 554 return NULL; 555 } 556 557 if (!bdrv_is_inserted(bs)) { 558 error_setg(errp, "Device is not inserted: %s", 559 bdrv_get_device_name(bs)); 560 return NULL; 561 } 562 563 if (!bdrv_is_inserted(target)) { 564 error_setg(errp, "Device is not inserted: %s", 565 bdrv_get_device_name(target)); 566 return NULL; 567 } 568 569 if (compress && target->drv->bdrv_co_pwritev_compressed == NULL) { 570 error_setg(errp, "Compression is not supported for this drive %s", 571 bdrv_get_device_name(target)); 572 return NULL; 573 } 574 575 if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_BACKUP_SOURCE, errp)) { 576 return NULL; 577 } 578 579 if (bdrv_op_is_blocked(target, BLOCK_OP_TYPE_BACKUP_TARGET, errp)) { 580 return NULL; 581 } 582 583 if (sync_mode == MIRROR_SYNC_MODE_INCREMENTAL) { 584 if (!sync_bitmap) { 585 error_setg(errp, "must provide a valid bitmap name for " 586 "\"incremental\" sync mode"); 587 return NULL; 588 } 589 590 /* Create a new bitmap, and freeze/disable this one. */ 591 if (bdrv_dirty_bitmap_create_successor(bs, sync_bitmap, errp) < 0) { 592 return NULL; 593 } 594 } else if (sync_bitmap) { 595 error_setg(errp, 596 "a sync_bitmap was provided to backup_run, " 597 "but received an incompatible sync_mode (%s)", 598 MirrorSyncMode_str(sync_mode)); 599 return NULL; 600 } 601 602 len = bdrv_getlength(bs); 603 if (len < 0) { 604 error_setg_errno(errp, -len, "unable to get length for '%s'", 605 bdrv_get_device_name(bs)); 606 goto error; 607 } 608 609 /* job->common.len is fixed, so we can't allow resize */ 610 job = block_job_create(job_id, &backup_job_driver, bs, 611 BLK_PERM_CONSISTENT_READ, 612 BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE | 613 BLK_PERM_WRITE_UNCHANGED | BLK_PERM_GRAPH_MOD, 614 speed, creation_flags, cb, opaque, errp); 615 if (!job) { 616 goto error; 617 } 618 619 /* The target must match the source in size, so no resize here either */ 620 job->target = blk_new(BLK_PERM_WRITE, 621 BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE | 622 BLK_PERM_WRITE_UNCHANGED | BLK_PERM_GRAPH_MOD); 623 ret = blk_insert_bs(job->target, target, errp); 624 if (ret < 0) { 625 goto error; 626 } 627 628 job->on_source_error = on_source_error; 629 job->on_target_error = on_target_error; 630 job->sync_mode = sync_mode; 631 job->sync_bitmap = sync_mode == MIRROR_SYNC_MODE_INCREMENTAL ? 632 sync_bitmap : NULL; 633 job->compress = compress; 634 635 /* If there is no backing file on the target, we cannot rely on COW if our 636 * backup cluster size is smaller than the target cluster size. Even for 637 * targets with a backing file, try to avoid COW if possible. */ 638 ret = bdrv_get_info(target, &bdi); 639 if (ret == -ENOTSUP && !target->backing) { 640 /* Cluster size is not defined */ 641 warn_report("The target block device doesn't provide " 642 "information about the block size and it doesn't have a " 643 "backing file. The default block size of %u bytes is " 644 "used. If the actual block size of the target exceeds " 645 "this default, the backup may be unusable", 646 BACKUP_CLUSTER_SIZE_DEFAULT); 647 job->cluster_size = BACKUP_CLUSTER_SIZE_DEFAULT; 648 } else if (ret < 0 && !target->backing) { 649 error_setg_errno(errp, -ret, 650 "Couldn't determine the cluster size of the target image, " 651 "which has no backing file"); 652 error_append_hint(errp, 653 "Aborting, since this may create an unusable destination image\n"); 654 goto error; 655 } else if (ret < 0 && target->backing) { 656 /* Not fatal; just trudge on ahead. */ 657 job->cluster_size = BACKUP_CLUSTER_SIZE_DEFAULT; 658 } else { 659 job->cluster_size = MAX(BACKUP_CLUSTER_SIZE_DEFAULT, bdi.cluster_size); 660 } 661 662 /* Required permissions are already taken with target's blk_new() */ 663 block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL, 664 &error_abort); 665 job->common.len = len; 666 block_job_txn_add_job(txn, &job->common); 667 668 return &job->common; 669 670 error: 671 if (sync_bitmap) { 672 bdrv_reclaim_dirty_bitmap(bs, sync_bitmap, NULL); 673 } 674 if (job) { 675 backup_clean(&job->common); 676 block_job_early_fail(&job->common); 677 } 678 679 return NULL; 680 } 681