xref: /openbmc/qemu/block/copy-before-write.c (revision 7d87775f)
1 /*
2  * copy-before-write filter driver
3  *
4  * The driver performs Copy-Before-Write (CBW) operation: it is injected above
5  * some node, and before each write it copies _old_ data to the target node.
6  *
7  * Copyright (c) 2018-2021 Virtuozzo International GmbH.
8  *
9  * Author:
10  *  Sementsov-Ogievskiy Vladimir <vsementsov@virtuozzo.com>
11  *
12  * This program is free software; you can redistribute it and/or modify
13  * it under the terms of the GNU General Public License as published by
14  * the Free Software Foundation; either version 2 of the License, or
15  * (at your option) any later version.
16  *
17  * This program is distributed in the hope that it will be useful,
18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20  * GNU General Public License for more details.
21  *
22  * You should have received a copy of the GNU General Public License
23  * along with this program. If not, see <http://www.gnu.org/licenses/>.
24  */
25 
26 #include "qemu/osdep.h"
27 #include "qapi/qmp/qjson.h"
28 
29 #include "sysemu/block-backend.h"
30 #include "qemu/cutils.h"
31 #include "qapi/error.h"
32 #include "block/block_int.h"
33 #include "block/qdict.h"
34 #include "block/block-copy.h"
35 #include "block/dirty-bitmap.h"
36 
37 #include "block/copy-before-write.h"
38 #include "block/reqlist.h"
39 
40 #include "qapi/qapi-visit-block-core.h"
41 
42 typedef struct BDRVCopyBeforeWriteState {
43     BlockCopyState *bcs;
44     BdrvChild *target;
45     OnCbwError on_cbw_error;
46     uint64_t cbw_timeout_ns;
47     bool discard_source;
48 
49     /*
50      * @lock: protects access to @access_bitmap, @done_bitmap and
51      * @frozen_read_reqs
52      */
53     CoMutex lock;
54 
55     /*
56      * @access_bitmap: represents areas allowed for reading by fleecing user.
57      * Reading from non-dirty areas leads to -EACCES.
58      */
59     BdrvDirtyBitmap *access_bitmap;
60 
61     /*
62      * @done_bitmap: represents areas that was successfully copied to @target by
63      * copy-before-write operations.
64      */
65     BdrvDirtyBitmap *done_bitmap;
66 
67     /*
68      * @frozen_read_reqs: current read requests for fleecing user in bs->file
69      * node. These areas must not be rewritten by guest. There can be multiple
70      * overlapping read requests.
71      */
72     BlockReqList frozen_read_reqs;
73 
74     /*
75      * @snapshot_error is normally zero. But on first copy-before-write failure
76      * when @on_cbw_error == ON_CBW_ERROR_BREAK_SNAPSHOT, @snapshot_error takes
77      * value of this error (<0). After that all in-flight and further
78      * snapshot-API requests will fail with that error.
79      */
80     int snapshot_error;
81 } BDRVCopyBeforeWriteState;
82 
83 static int coroutine_fn GRAPH_RDLOCK
84 cbw_co_preadv(BlockDriverState *bs, int64_t offset, int64_t bytes,
85               QEMUIOVector *qiov, BdrvRequestFlags flags)
86 {
87     return bdrv_co_preadv(bs->file, offset, bytes, qiov, flags);
88 }
89 
90 static void block_copy_cb(void *opaque)
91 {
92     BlockDriverState *bs = opaque;
93 
94     bdrv_dec_in_flight(bs);
95 }
96 
97 /*
98  * Do copy-before-write operation.
99  *
100  * On failure guest request must be failed too.
101  *
102  * On success, we also wait for all in-flight fleecing read requests in source
103  * node, and it's guaranteed that after cbw_do_copy_before_write() successful
104  * return there are no such requests and they will never appear.
105  */
106 static coroutine_fn int cbw_do_copy_before_write(BlockDriverState *bs,
107         uint64_t offset, uint64_t bytes, BdrvRequestFlags flags)
108 {
109     BDRVCopyBeforeWriteState *s = bs->opaque;
110     int ret;
111     uint64_t off, end;
112     int64_t cluster_size = block_copy_cluster_size(s->bcs);
113 
114     if (flags & BDRV_REQ_WRITE_UNCHANGED) {
115         return 0;
116     }
117 
118     if (s->snapshot_error) {
119         return 0;
120     }
121 
122     off = QEMU_ALIGN_DOWN(offset, cluster_size);
123     end = QEMU_ALIGN_UP(offset + bytes, cluster_size);
124 
125     /*
126      * Increase in_flight, so that in case of timed-out block-copy, the
127      * remaining background block_copy() request (which can't be immediately
128      * cancelled by timeout) is presented in bs->in_flight. This way we are
129      * sure that on bs close() we'll previously wait for all timed-out but yet
130      * running block_copy calls.
131      */
132     bdrv_inc_in_flight(bs);
133     ret = block_copy(s->bcs, off, end - off, true, s->cbw_timeout_ns,
134                      block_copy_cb, bs);
135     if (ret < 0 && s->on_cbw_error == ON_CBW_ERROR_BREAK_GUEST_WRITE) {
136         return ret;
137     }
138 
139     WITH_QEMU_LOCK_GUARD(&s->lock) {
140         if (ret < 0) {
141             assert(s->on_cbw_error == ON_CBW_ERROR_BREAK_SNAPSHOT);
142             if (!s->snapshot_error) {
143                 s->snapshot_error = ret;
144             }
145         } else {
146             bdrv_set_dirty_bitmap(s->done_bitmap, off, end - off);
147         }
148         reqlist_wait_all(&s->frozen_read_reqs, off, end - off, &s->lock);
149     }
150 
151     return 0;
152 }
153 
154 static int coroutine_fn GRAPH_RDLOCK
155 cbw_co_pdiscard(BlockDriverState *bs, int64_t offset, int64_t bytes)
156 {
157     int ret = cbw_do_copy_before_write(bs, offset, bytes, 0);
158     if (ret < 0) {
159         return ret;
160     }
161 
162     return bdrv_co_pdiscard(bs->file, offset, bytes);
163 }
164 
165 static int coroutine_fn GRAPH_RDLOCK
166 cbw_co_pwrite_zeroes(BlockDriverState *bs, int64_t offset, int64_t bytes,
167                      BdrvRequestFlags flags)
168 {
169     int ret = cbw_do_copy_before_write(bs, offset, bytes, flags);
170     if (ret < 0) {
171         return ret;
172     }
173 
174     return bdrv_co_pwrite_zeroes(bs->file, offset, bytes, flags);
175 }
176 
177 static coroutine_fn GRAPH_RDLOCK
178 int cbw_co_pwritev(BlockDriverState *bs, int64_t offset, int64_t bytes,
179                    QEMUIOVector *qiov, BdrvRequestFlags flags)
180 {
181     int ret = cbw_do_copy_before_write(bs, offset, bytes, flags);
182     if (ret < 0) {
183         return ret;
184     }
185 
186     return bdrv_co_pwritev(bs->file, offset, bytes, qiov, flags);
187 }
188 
189 static int coroutine_fn GRAPH_RDLOCK cbw_co_flush(BlockDriverState *bs)
190 {
191     if (!bs->file) {
192         return 0;
193     }
194 
195     return bdrv_co_flush(bs->file->bs);
196 }
197 
198 /*
199  * If @offset not accessible - return NULL.
200  *
201  * Otherwise, set @pnum to some bytes that accessible from @file (@file is set
202  * to bs->file or to s->target). Return newly allocated BlockReq object that
203  * should be than passed to cbw_snapshot_read_unlock().
204  *
205  * It's guaranteed that guest writes will not interact in the region until
206  * cbw_snapshot_read_unlock() called.
207  */
208 static BlockReq * coroutine_fn GRAPH_RDLOCK
209 cbw_snapshot_read_lock(BlockDriverState *bs, int64_t offset, int64_t bytes,
210                        int64_t *pnum, BdrvChild **file)
211 {
212     BDRVCopyBeforeWriteState *s = bs->opaque;
213     BlockReq *req = g_new(BlockReq, 1);
214     bool done;
215 
216     QEMU_LOCK_GUARD(&s->lock);
217 
218     if (s->snapshot_error) {
219         g_free(req);
220         return NULL;
221     }
222 
223     if (bdrv_dirty_bitmap_next_zero(s->access_bitmap, offset, bytes) != -1) {
224         g_free(req);
225         return NULL;
226     }
227 
228     done = bdrv_dirty_bitmap_status(s->done_bitmap, offset, bytes, pnum);
229     if (done) {
230         /*
231          * Special invalid BlockReq, that is handled in
232          * cbw_snapshot_read_unlock(). We don't need to lock something to read
233          * from s->target.
234          */
235         *req = (BlockReq) {.offset = -1, .bytes = -1};
236         *file = s->target;
237     } else {
238         reqlist_init_req(&s->frozen_read_reqs, req, offset, bytes);
239         *file = bs->file;
240     }
241 
242     return req;
243 }
244 
245 static coroutine_fn void
246 cbw_snapshot_read_unlock(BlockDriverState *bs, BlockReq *req)
247 {
248     BDRVCopyBeforeWriteState *s = bs->opaque;
249 
250     if (req->offset == -1 && req->bytes == -1) {
251         g_free(req);
252         return;
253     }
254 
255     QEMU_LOCK_GUARD(&s->lock);
256 
257     reqlist_remove_req(req);
258     g_free(req);
259 }
260 
261 static int coroutine_fn GRAPH_RDLOCK
262 cbw_co_preadv_snapshot(BlockDriverState *bs, int64_t offset, int64_t bytes,
263                        QEMUIOVector *qiov, size_t qiov_offset)
264 {
265     BlockReq *req;
266     BdrvChild *file;
267     int ret;
268 
269     /* TODO: upgrade to async loop using AioTask */
270     while (bytes) {
271         int64_t cur_bytes;
272 
273         req = cbw_snapshot_read_lock(bs, offset, bytes, &cur_bytes, &file);
274         if (!req) {
275             return -EACCES;
276         }
277 
278         ret = bdrv_co_preadv_part(file, offset, cur_bytes,
279                                   qiov, qiov_offset, 0);
280         cbw_snapshot_read_unlock(bs, req);
281         if (ret < 0) {
282             return ret;
283         }
284 
285         bytes -= cur_bytes;
286         offset += cur_bytes;
287         qiov_offset += cur_bytes;
288     }
289 
290     return 0;
291 }
292 
293 static int coroutine_fn GRAPH_RDLOCK
294 cbw_co_snapshot_block_status(BlockDriverState *bs,
295                              bool want_zero, int64_t offset, int64_t bytes,
296                              int64_t *pnum, int64_t *map,
297                              BlockDriverState **file)
298 {
299     BDRVCopyBeforeWriteState *s = bs->opaque;
300     BlockReq *req;
301     int ret;
302     int64_t cur_bytes;
303     BdrvChild *child;
304 
305     req = cbw_snapshot_read_lock(bs, offset, bytes, &cur_bytes, &child);
306     if (!req) {
307         return -EACCES;
308     }
309 
310     ret = bdrv_co_block_status(child->bs, offset, cur_bytes, pnum, map, file);
311     if (child == s->target) {
312         /*
313          * We refer to s->target only for areas that we've written to it.
314          * And we can not report unallocated blocks in s->target: this will
315          * break generic block-status-above logic, that will go to
316          * copy-before-write filtered child in this case.
317          */
318         assert(ret & BDRV_BLOCK_ALLOCATED);
319     }
320 
321     cbw_snapshot_read_unlock(bs, req);
322 
323     return ret;
324 }
325 
326 static int coroutine_fn GRAPH_RDLOCK
327 cbw_co_pdiscard_snapshot(BlockDriverState *bs, int64_t offset, int64_t bytes)
328 {
329     BDRVCopyBeforeWriteState *s = bs->opaque;
330     uint32_t cluster_size = block_copy_cluster_size(s->bcs);
331     int64_t aligned_offset = QEMU_ALIGN_UP(offset, cluster_size);
332     int64_t aligned_end = QEMU_ALIGN_DOWN(offset + bytes, cluster_size);
333     int64_t aligned_bytes;
334 
335     if (aligned_end <= aligned_offset) {
336         return 0;
337     }
338     aligned_bytes = aligned_end - aligned_offset;
339 
340     WITH_QEMU_LOCK_GUARD(&s->lock) {
341         bdrv_reset_dirty_bitmap(s->access_bitmap, aligned_offset,
342                                 aligned_bytes);
343     }
344 
345     block_copy_reset(s->bcs, aligned_offset, aligned_bytes);
346 
347     return bdrv_co_pdiscard(s->target, aligned_offset, aligned_bytes);
348 }
349 
350 static void GRAPH_RDLOCK cbw_refresh_filename(BlockDriverState *bs)
351 {
352     pstrcpy(bs->exact_filename, sizeof(bs->exact_filename),
353             bs->file->bs->filename);
354 }
355 
356 static void GRAPH_RDLOCK
357 cbw_child_perm(BlockDriverState *bs, BdrvChild *c, BdrvChildRole role,
358                BlockReopenQueue *reopen_queue,
359                uint64_t perm, uint64_t shared,
360                uint64_t *nperm, uint64_t *nshared)
361 {
362     BDRVCopyBeforeWriteState *s = bs->opaque;
363 
364     if (!(role & BDRV_CHILD_FILTERED)) {
365         /*
366          * Target child
367          *
368          * Share write to target (child_file), to not interfere
369          * with guest writes to its disk which may be in target backing chain.
370          * Can't resize during a backup block job because we check the size
371          * only upfront.
372          */
373         *nshared = BLK_PERM_ALL & ~BLK_PERM_RESIZE;
374         *nperm = BLK_PERM_WRITE;
375     } else {
376         /* Source child */
377         bdrv_default_perms(bs, c, role, reopen_queue,
378                            perm, shared, nperm, nshared);
379 
380         if (!QLIST_EMPTY(&bs->parents)) {
381             /*
382              * Note, that source child may be shared with backup job. Backup job
383              * does create own blk parent on copy-before-write node, so this
384              * works even if source node does not have any parents before backup
385              * start
386              */
387             *nperm = *nperm | BLK_PERM_CONSISTENT_READ;
388             if (s->discard_source) {
389                 *nperm = *nperm | BLK_PERM_WRITE;
390             }
391 
392             *nshared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
393         }
394     }
395 }
396 
397 static BlockdevOptions *cbw_parse_options(QDict *options, Error **errp)
398 {
399     BlockdevOptions *opts = NULL;
400     Visitor *v = NULL;
401 
402     qdict_put_str(options, "driver", "copy-before-write");
403 
404     v = qobject_input_visitor_new_flat_confused(options, errp);
405     if (!v) {
406         goto out;
407     }
408 
409     visit_type_BlockdevOptions(v, NULL, &opts, errp);
410     if (!opts) {
411         goto out;
412     }
413 
414     /*
415      * Delete options which we are going to parse through BlockdevOptions
416      * object for original options.
417      */
418     qdict_extract_subqdict(options, NULL, "bitmap");
419     qdict_del(options, "on-cbw-error");
420     qdict_del(options, "cbw-timeout");
421     qdict_del(options, "min-cluster-size");
422 
423 out:
424     visit_free(v);
425     qdict_del(options, "driver");
426 
427     return opts;
428 }
429 
430 static int cbw_open(BlockDriverState *bs, QDict *options, int flags,
431                     Error **errp)
432 {
433     ERRP_GUARD();
434     BDRVCopyBeforeWriteState *s = bs->opaque;
435     BdrvDirtyBitmap *bitmap = NULL;
436     int64_t cluster_size;
437     g_autoptr(BlockdevOptions) full_opts = NULL;
438     BlockdevOptionsCbw *opts;
439     int ret;
440 
441     full_opts = cbw_parse_options(options, errp);
442     if (!full_opts) {
443         return -EINVAL;
444     }
445     assert(full_opts->driver == BLOCKDEV_DRIVER_COPY_BEFORE_WRITE);
446     opts = &full_opts->u.copy_before_write;
447 
448     ret = bdrv_open_file_child(NULL, options, "file", bs, errp);
449     if (ret < 0) {
450         return ret;
451     }
452 
453     s->target = bdrv_open_child(NULL, options, "target", bs, &child_of_bds,
454                                 BDRV_CHILD_DATA, false, errp);
455     if (!s->target) {
456         return -EINVAL;
457     }
458 
459     GRAPH_RDLOCK_GUARD_MAINLOOP();
460 
461     if (opts->bitmap) {
462         bitmap = block_dirty_bitmap_lookup(opts->bitmap->node,
463                                            opts->bitmap->name, NULL, errp);
464         if (!bitmap) {
465             return -EINVAL;
466         }
467     }
468     s->on_cbw_error = opts->has_on_cbw_error ? opts->on_cbw_error :
469             ON_CBW_ERROR_BREAK_GUEST_WRITE;
470     s->cbw_timeout_ns = opts->has_cbw_timeout ?
471         opts->cbw_timeout * NANOSECONDS_PER_SECOND : 0;
472 
473     bs->total_sectors = bs->file->bs->total_sectors;
474     bs->supported_write_flags = BDRV_REQ_WRITE_UNCHANGED |
475             (BDRV_REQ_FUA & bs->file->bs->supported_write_flags);
476     bs->supported_zero_flags = BDRV_REQ_WRITE_UNCHANGED |
477             ((BDRV_REQ_FUA | BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK) &
478              bs->file->bs->supported_zero_flags);
479 
480     s->discard_source = flags & BDRV_O_CBW_DISCARD_SOURCE;
481 
482     s->bcs = block_copy_state_new(bs->file, s->target, bs, bitmap,
483                                   flags & BDRV_O_CBW_DISCARD_SOURCE,
484                                   opts->min_cluster_size, errp);
485     if (!s->bcs) {
486         error_prepend(errp, "Cannot create block-copy-state: ");
487         return -EINVAL;
488     }
489 
490     cluster_size = block_copy_cluster_size(s->bcs);
491 
492     s->done_bitmap = bdrv_create_dirty_bitmap(bs, cluster_size, NULL, errp);
493     if (!s->done_bitmap) {
494         return -EINVAL;
495     }
496     bdrv_disable_dirty_bitmap(s->done_bitmap);
497 
498     /* s->access_bitmap starts equal to bcs bitmap */
499     s->access_bitmap = bdrv_create_dirty_bitmap(bs, cluster_size, NULL, errp);
500     if (!s->access_bitmap) {
501         return -EINVAL;
502     }
503     bdrv_disable_dirty_bitmap(s->access_bitmap);
504     bdrv_dirty_bitmap_merge_internal(s->access_bitmap,
505                                      block_copy_dirty_bitmap(s->bcs), NULL,
506                                      true);
507 
508     qemu_co_mutex_init(&s->lock);
509     QLIST_INIT(&s->frozen_read_reqs);
510     return 0;
511 }
512 
513 static void cbw_close(BlockDriverState *bs)
514 {
515     BDRVCopyBeforeWriteState *s = bs->opaque;
516 
517     bdrv_release_dirty_bitmap(s->access_bitmap);
518     bdrv_release_dirty_bitmap(s->done_bitmap);
519 
520     block_copy_state_free(s->bcs);
521     s->bcs = NULL;
522 }
523 
524 static BlockDriver bdrv_cbw_filter = {
525     .format_name = "copy-before-write",
526     .instance_size = sizeof(BDRVCopyBeforeWriteState),
527 
528     .bdrv_open                  = cbw_open,
529     .bdrv_close                 = cbw_close,
530 
531     .bdrv_co_preadv             = cbw_co_preadv,
532     .bdrv_co_pwritev            = cbw_co_pwritev,
533     .bdrv_co_pwrite_zeroes      = cbw_co_pwrite_zeroes,
534     .bdrv_co_pdiscard           = cbw_co_pdiscard,
535     .bdrv_co_flush              = cbw_co_flush,
536 
537     .bdrv_co_preadv_snapshot       = cbw_co_preadv_snapshot,
538     .bdrv_co_pdiscard_snapshot     = cbw_co_pdiscard_snapshot,
539     .bdrv_co_snapshot_block_status = cbw_co_snapshot_block_status,
540 
541     .bdrv_refresh_filename      = cbw_refresh_filename,
542 
543     .bdrv_child_perm            = cbw_child_perm,
544 
545     .is_filter = true,
546 };
547 
548 BlockDriverState *bdrv_cbw_append(BlockDriverState *source,
549                                   BlockDriverState *target,
550                                   const char *filter_node_name,
551                                   bool discard_source,
552                                   uint64_t min_cluster_size,
553                                   BlockCopyState **bcs,
554                                   Error **errp)
555 {
556     BDRVCopyBeforeWriteState *state;
557     BlockDriverState *top;
558     QDict *opts;
559     int flags = BDRV_O_RDWR | (discard_source ? BDRV_O_CBW_DISCARD_SOURCE : 0);
560 
561     assert(source->total_sectors == target->total_sectors);
562     GLOBAL_STATE_CODE();
563 
564     opts = qdict_new();
565     qdict_put_str(opts, "driver", "copy-before-write");
566     if (filter_node_name) {
567         qdict_put_str(opts, "node-name", filter_node_name);
568     }
569     qdict_put_str(opts, "file", bdrv_get_node_name(source));
570     qdict_put_str(opts, "target", bdrv_get_node_name(target));
571 
572     if (min_cluster_size > INT64_MAX) {
573         error_setg(errp, "min-cluster-size too large: %" PRIu64 " > %" PRIi64,
574                    min_cluster_size, INT64_MAX);
575         qobject_unref(opts);
576         return NULL;
577     }
578     qdict_put_int(opts, "min-cluster-size", (int64_t)min_cluster_size);
579 
580     top = bdrv_insert_node(source, opts, flags, errp);
581     if (!top) {
582         return NULL;
583     }
584 
585     state = top->opaque;
586     *bcs = state->bcs;
587 
588     return top;
589 }
590 
591 void bdrv_cbw_drop(BlockDriverState *bs)
592 {
593     GLOBAL_STATE_CODE();
594     bdrv_drop_filter(bs, &error_abort);
595     bdrv_unref(bs);
596 }
597 
598 static void cbw_init(void)
599 {
600     bdrv_register(&bdrv_cbw_filter);
601 }
602 
603 block_init(cbw_init);
604