1 /* 2 * copy-before-write filter driver 3 * 4 * The driver performs Copy-Before-Write (CBW) operation: it is injected above 5 * some node, and before each write it copies _old_ data to the target node. 6 * 7 * Copyright (c) 2018-2021 Virtuozzo International GmbH. 8 * 9 * Author: 10 * Sementsov-Ogievskiy Vladimir <vsementsov@virtuozzo.com> 11 * 12 * This program is free software; you can redistribute it and/or modify 13 * it under the terms of the GNU General Public License as published by 14 * the Free Software Foundation; either version 2 of the License, or 15 * (at your option) any later version. 16 * 17 * This program is distributed in the hope that it will be useful, 18 * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 * GNU General Public License for more details. 21 * 22 * You should have received a copy of the GNU General Public License 23 * along with this program. If not, see <http://www.gnu.org/licenses/>. 24 */ 25 26 #include "qemu/osdep.h" 27 #include "qapi/qmp/qjson.h" 28 29 #include "sysemu/block-backend.h" 30 #include "qemu/cutils.h" 31 #include "qapi/error.h" 32 #include "block/block_int.h" 33 #include "block/qdict.h" 34 #include "block/block-copy.h" 35 #include "block/dirty-bitmap.h" 36 37 #include "block/copy-before-write.h" 38 #include "block/reqlist.h" 39 40 #include "qapi/qapi-visit-block-core.h" 41 42 typedef struct BDRVCopyBeforeWriteState { 43 BlockCopyState *bcs; 44 BdrvChild *target; 45 OnCbwError on_cbw_error; 46 uint64_t cbw_timeout_ns; 47 bool discard_source; 48 49 /* 50 * @lock: protects access to @access_bitmap, @done_bitmap and 51 * @frozen_read_reqs 52 */ 53 CoMutex lock; 54 55 /* 56 * @access_bitmap: represents areas allowed for reading by fleecing user. 57 * Reading from non-dirty areas leads to -EACCES. 58 */ 59 BdrvDirtyBitmap *access_bitmap; 60 61 /* 62 * @done_bitmap: represents areas that was successfully copied to @target by 63 * copy-before-write operations. 64 */ 65 BdrvDirtyBitmap *done_bitmap; 66 67 /* 68 * @frozen_read_reqs: current read requests for fleecing user in bs->file 69 * node. These areas must not be rewritten by guest. 70 */ 71 BlockReqList frozen_read_reqs; 72 73 /* 74 * @snapshot_error is normally zero. But on first copy-before-write failure 75 * when @on_cbw_error == ON_CBW_ERROR_BREAK_SNAPSHOT, @snapshot_error takes 76 * value of this error (<0). After that all in-flight and further 77 * snapshot-API requests will fail with that error. 78 */ 79 int snapshot_error; 80 } BDRVCopyBeforeWriteState; 81 82 static int coroutine_fn GRAPH_RDLOCK 83 cbw_co_preadv(BlockDriverState *bs, int64_t offset, int64_t bytes, 84 QEMUIOVector *qiov, BdrvRequestFlags flags) 85 { 86 return bdrv_co_preadv(bs->file, offset, bytes, qiov, flags); 87 } 88 89 static void block_copy_cb(void *opaque) 90 { 91 BlockDriverState *bs = opaque; 92 93 bdrv_dec_in_flight(bs); 94 } 95 96 /* 97 * Do copy-before-write operation. 98 * 99 * On failure guest request must be failed too. 100 * 101 * On success, we also wait for all in-flight fleecing read requests in source 102 * node, and it's guaranteed that after cbw_do_copy_before_write() successful 103 * return there are no such requests and they will never appear. 104 */ 105 static coroutine_fn int cbw_do_copy_before_write(BlockDriverState *bs, 106 uint64_t offset, uint64_t bytes, BdrvRequestFlags flags) 107 { 108 BDRVCopyBeforeWriteState *s = bs->opaque; 109 int ret; 110 uint64_t off, end; 111 int64_t cluster_size = block_copy_cluster_size(s->bcs); 112 113 if (flags & BDRV_REQ_WRITE_UNCHANGED) { 114 return 0; 115 } 116 117 if (s->snapshot_error) { 118 return 0; 119 } 120 121 off = QEMU_ALIGN_DOWN(offset, cluster_size); 122 end = QEMU_ALIGN_UP(offset + bytes, cluster_size); 123 124 /* 125 * Increase in_flight, so that in case of timed-out block-copy, the 126 * remaining background block_copy() request (which can't be immediately 127 * cancelled by timeout) is presented in bs->in_flight. This way we are 128 * sure that on bs close() we'll previously wait for all timed-out but yet 129 * running block_copy calls. 130 */ 131 bdrv_inc_in_flight(bs); 132 ret = block_copy(s->bcs, off, end - off, true, s->cbw_timeout_ns, 133 block_copy_cb, bs); 134 if (ret < 0 && s->on_cbw_error == ON_CBW_ERROR_BREAK_GUEST_WRITE) { 135 return ret; 136 } 137 138 WITH_QEMU_LOCK_GUARD(&s->lock) { 139 if (ret < 0) { 140 assert(s->on_cbw_error == ON_CBW_ERROR_BREAK_SNAPSHOT); 141 if (!s->snapshot_error) { 142 s->snapshot_error = ret; 143 } 144 } else { 145 bdrv_set_dirty_bitmap(s->done_bitmap, off, end - off); 146 } 147 reqlist_wait_all(&s->frozen_read_reqs, off, end - off, &s->lock); 148 } 149 150 return 0; 151 } 152 153 static int coroutine_fn GRAPH_RDLOCK 154 cbw_co_pdiscard(BlockDriverState *bs, int64_t offset, int64_t bytes) 155 { 156 int ret = cbw_do_copy_before_write(bs, offset, bytes, 0); 157 if (ret < 0) { 158 return ret; 159 } 160 161 return bdrv_co_pdiscard(bs->file, offset, bytes); 162 } 163 164 static int coroutine_fn GRAPH_RDLOCK 165 cbw_co_pwrite_zeroes(BlockDriverState *bs, int64_t offset, int64_t bytes, 166 BdrvRequestFlags flags) 167 { 168 int ret = cbw_do_copy_before_write(bs, offset, bytes, flags); 169 if (ret < 0) { 170 return ret; 171 } 172 173 return bdrv_co_pwrite_zeroes(bs->file, offset, bytes, flags); 174 } 175 176 static coroutine_fn GRAPH_RDLOCK 177 int cbw_co_pwritev(BlockDriverState *bs, int64_t offset, int64_t bytes, 178 QEMUIOVector *qiov, BdrvRequestFlags flags) 179 { 180 int ret = cbw_do_copy_before_write(bs, offset, bytes, flags); 181 if (ret < 0) { 182 return ret; 183 } 184 185 return bdrv_co_pwritev(bs->file, offset, bytes, qiov, flags); 186 } 187 188 static int coroutine_fn GRAPH_RDLOCK cbw_co_flush(BlockDriverState *bs) 189 { 190 if (!bs->file) { 191 return 0; 192 } 193 194 return bdrv_co_flush(bs->file->bs); 195 } 196 197 /* 198 * If @offset not accessible - return NULL. 199 * 200 * Otherwise, set @pnum to some bytes that accessible from @file (@file is set 201 * to bs->file or to s->target). Return newly allocated BlockReq object that 202 * should be than passed to cbw_snapshot_read_unlock(). 203 * 204 * It's guaranteed that guest writes will not interact in the region until 205 * cbw_snapshot_read_unlock() called. 206 */ 207 static BlockReq * coroutine_fn GRAPH_RDLOCK 208 cbw_snapshot_read_lock(BlockDriverState *bs, int64_t offset, int64_t bytes, 209 int64_t *pnum, BdrvChild **file) 210 { 211 BDRVCopyBeforeWriteState *s = bs->opaque; 212 BlockReq *req = g_new(BlockReq, 1); 213 bool done; 214 215 QEMU_LOCK_GUARD(&s->lock); 216 217 if (s->snapshot_error) { 218 g_free(req); 219 return NULL; 220 } 221 222 if (bdrv_dirty_bitmap_next_zero(s->access_bitmap, offset, bytes) != -1) { 223 g_free(req); 224 return NULL; 225 } 226 227 done = bdrv_dirty_bitmap_status(s->done_bitmap, offset, bytes, pnum); 228 if (done) { 229 /* 230 * Special invalid BlockReq, that is handled in 231 * cbw_snapshot_read_unlock(). We don't need to lock something to read 232 * from s->target. 233 */ 234 *req = (BlockReq) {.offset = -1, .bytes = -1}; 235 *file = s->target; 236 } else { 237 reqlist_init_req(&s->frozen_read_reqs, req, offset, bytes); 238 *file = bs->file; 239 } 240 241 return req; 242 } 243 244 static coroutine_fn void 245 cbw_snapshot_read_unlock(BlockDriverState *bs, BlockReq *req) 246 { 247 BDRVCopyBeforeWriteState *s = bs->opaque; 248 249 if (req->offset == -1 && req->bytes == -1) { 250 g_free(req); 251 return; 252 } 253 254 QEMU_LOCK_GUARD(&s->lock); 255 256 reqlist_remove_req(req); 257 g_free(req); 258 } 259 260 static int coroutine_fn GRAPH_RDLOCK 261 cbw_co_preadv_snapshot(BlockDriverState *bs, int64_t offset, int64_t bytes, 262 QEMUIOVector *qiov, size_t qiov_offset) 263 { 264 BlockReq *req; 265 BdrvChild *file; 266 int ret; 267 268 /* TODO: upgrade to async loop using AioTask */ 269 while (bytes) { 270 int64_t cur_bytes; 271 272 req = cbw_snapshot_read_lock(bs, offset, bytes, &cur_bytes, &file); 273 if (!req) { 274 return -EACCES; 275 } 276 277 ret = bdrv_co_preadv_part(file, offset, cur_bytes, 278 qiov, qiov_offset, 0); 279 cbw_snapshot_read_unlock(bs, req); 280 if (ret < 0) { 281 return ret; 282 } 283 284 bytes -= cur_bytes; 285 offset += cur_bytes; 286 qiov_offset += cur_bytes; 287 } 288 289 return 0; 290 } 291 292 static int coroutine_fn GRAPH_RDLOCK 293 cbw_co_snapshot_block_status(BlockDriverState *bs, 294 bool want_zero, int64_t offset, int64_t bytes, 295 int64_t *pnum, int64_t *map, 296 BlockDriverState **file) 297 { 298 BDRVCopyBeforeWriteState *s = bs->opaque; 299 BlockReq *req; 300 int ret; 301 int64_t cur_bytes; 302 BdrvChild *child; 303 304 req = cbw_snapshot_read_lock(bs, offset, bytes, &cur_bytes, &child); 305 if (!req) { 306 return -EACCES; 307 } 308 309 ret = bdrv_co_block_status(child->bs, offset, cur_bytes, pnum, map, file); 310 if (child == s->target) { 311 /* 312 * We refer to s->target only for areas that we've written to it. 313 * And we can not report unallocated blocks in s->target: this will 314 * break generic block-status-above logic, that will go to 315 * copy-before-write filtered child in this case. 316 */ 317 assert(ret & BDRV_BLOCK_ALLOCATED); 318 } 319 320 cbw_snapshot_read_unlock(bs, req); 321 322 return ret; 323 } 324 325 static int coroutine_fn GRAPH_RDLOCK 326 cbw_co_pdiscard_snapshot(BlockDriverState *bs, int64_t offset, int64_t bytes) 327 { 328 BDRVCopyBeforeWriteState *s = bs->opaque; 329 uint32_t cluster_size = block_copy_cluster_size(s->bcs); 330 int64_t aligned_offset = QEMU_ALIGN_UP(offset, cluster_size); 331 int64_t aligned_end = QEMU_ALIGN_DOWN(offset + bytes, cluster_size); 332 int64_t aligned_bytes; 333 334 if (aligned_end <= aligned_offset) { 335 return 0; 336 } 337 aligned_bytes = aligned_end - aligned_offset; 338 339 WITH_QEMU_LOCK_GUARD(&s->lock) { 340 bdrv_reset_dirty_bitmap(s->access_bitmap, aligned_offset, 341 aligned_bytes); 342 } 343 344 block_copy_reset(s->bcs, aligned_offset, aligned_bytes); 345 346 return bdrv_co_pdiscard(s->target, aligned_offset, aligned_bytes); 347 } 348 349 static void GRAPH_RDLOCK cbw_refresh_filename(BlockDriverState *bs) 350 { 351 pstrcpy(bs->exact_filename, sizeof(bs->exact_filename), 352 bs->file->bs->filename); 353 } 354 355 static void GRAPH_RDLOCK 356 cbw_child_perm(BlockDriverState *bs, BdrvChild *c, BdrvChildRole role, 357 BlockReopenQueue *reopen_queue, 358 uint64_t perm, uint64_t shared, 359 uint64_t *nperm, uint64_t *nshared) 360 { 361 BDRVCopyBeforeWriteState *s = bs->opaque; 362 363 if (!(role & BDRV_CHILD_FILTERED)) { 364 /* 365 * Target child 366 * 367 * Share write to target (child_file), to not interfere 368 * with guest writes to its disk which may be in target backing chain. 369 * Can't resize during a backup block job because we check the size 370 * only upfront. 371 */ 372 *nshared = BLK_PERM_ALL & ~BLK_PERM_RESIZE; 373 *nperm = BLK_PERM_WRITE; 374 } else { 375 /* Source child */ 376 bdrv_default_perms(bs, c, role, reopen_queue, 377 perm, shared, nperm, nshared); 378 379 if (!QLIST_EMPTY(&bs->parents)) { 380 /* 381 * Note, that source child may be shared with backup job. Backup job 382 * does create own blk parent on copy-before-write node, so this 383 * works even if source node does not have any parents before backup 384 * start 385 */ 386 *nperm = *nperm | BLK_PERM_CONSISTENT_READ; 387 if (s->discard_source) { 388 *nperm = *nperm | BLK_PERM_WRITE; 389 } 390 391 *nshared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE); 392 } 393 } 394 } 395 396 static BlockdevOptions *cbw_parse_options(QDict *options, Error **errp) 397 { 398 BlockdevOptions *opts = NULL; 399 Visitor *v = NULL; 400 401 qdict_put_str(options, "driver", "copy-before-write"); 402 403 v = qobject_input_visitor_new_flat_confused(options, errp); 404 if (!v) { 405 goto out; 406 } 407 408 visit_type_BlockdevOptions(v, NULL, &opts, errp); 409 if (!opts) { 410 goto out; 411 } 412 413 /* 414 * Delete options which we are going to parse through BlockdevOptions 415 * object for original options. 416 */ 417 qdict_extract_subqdict(options, NULL, "bitmap"); 418 qdict_del(options, "on-cbw-error"); 419 qdict_del(options, "cbw-timeout"); 420 421 out: 422 visit_free(v); 423 qdict_del(options, "driver"); 424 425 return opts; 426 } 427 428 static int cbw_open(BlockDriverState *bs, QDict *options, int flags, 429 Error **errp) 430 { 431 ERRP_GUARD(); 432 BDRVCopyBeforeWriteState *s = bs->opaque; 433 BdrvDirtyBitmap *bitmap = NULL; 434 int64_t cluster_size; 435 g_autoptr(BlockdevOptions) full_opts = NULL; 436 BlockdevOptionsCbw *opts; 437 int ret; 438 439 full_opts = cbw_parse_options(options, errp); 440 if (!full_opts) { 441 return -EINVAL; 442 } 443 assert(full_opts->driver == BLOCKDEV_DRIVER_COPY_BEFORE_WRITE); 444 opts = &full_opts->u.copy_before_write; 445 446 ret = bdrv_open_file_child(NULL, options, "file", bs, errp); 447 if (ret < 0) { 448 return ret; 449 } 450 451 s->target = bdrv_open_child(NULL, options, "target", bs, &child_of_bds, 452 BDRV_CHILD_DATA, false, errp); 453 if (!s->target) { 454 return -EINVAL; 455 } 456 457 GRAPH_RDLOCK_GUARD_MAINLOOP(); 458 459 if (opts->bitmap) { 460 bitmap = block_dirty_bitmap_lookup(opts->bitmap->node, 461 opts->bitmap->name, NULL, errp); 462 if (!bitmap) { 463 return -EINVAL; 464 } 465 } 466 s->on_cbw_error = opts->has_on_cbw_error ? opts->on_cbw_error : 467 ON_CBW_ERROR_BREAK_GUEST_WRITE; 468 s->cbw_timeout_ns = opts->has_cbw_timeout ? 469 opts->cbw_timeout * NANOSECONDS_PER_SECOND : 0; 470 471 bs->total_sectors = bs->file->bs->total_sectors; 472 bs->supported_write_flags = BDRV_REQ_WRITE_UNCHANGED | 473 (BDRV_REQ_FUA & bs->file->bs->supported_write_flags); 474 bs->supported_zero_flags = BDRV_REQ_WRITE_UNCHANGED | 475 ((BDRV_REQ_FUA | BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK) & 476 bs->file->bs->supported_zero_flags); 477 478 s->discard_source = flags & BDRV_O_CBW_DISCARD_SOURCE; 479 s->bcs = block_copy_state_new(bs->file, s->target, bs, bitmap, 480 flags & BDRV_O_CBW_DISCARD_SOURCE, errp); 481 if (!s->bcs) { 482 error_prepend(errp, "Cannot create block-copy-state: "); 483 return -EINVAL; 484 } 485 486 cluster_size = block_copy_cluster_size(s->bcs); 487 488 s->done_bitmap = bdrv_create_dirty_bitmap(bs, cluster_size, NULL, errp); 489 if (!s->done_bitmap) { 490 return -EINVAL; 491 } 492 bdrv_disable_dirty_bitmap(s->done_bitmap); 493 494 /* s->access_bitmap starts equal to bcs bitmap */ 495 s->access_bitmap = bdrv_create_dirty_bitmap(bs, cluster_size, NULL, errp); 496 if (!s->access_bitmap) { 497 return -EINVAL; 498 } 499 bdrv_disable_dirty_bitmap(s->access_bitmap); 500 bdrv_dirty_bitmap_merge_internal(s->access_bitmap, 501 block_copy_dirty_bitmap(s->bcs), NULL, 502 true); 503 504 qemu_co_mutex_init(&s->lock); 505 QLIST_INIT(&s->frozen_read_reqs); 506 return 0; 507 } 508 509 static void cbw_close(BlockDriverState *bs) 510 { 511 BDRVCopyBeforeWriteState *s = bs->opaque; 512 513 bdrv_release_dirty_bitmap(s->access_bitmap); 514 bdrv_release_dirty_bitmap(s->done_bitmap); 515 516 block_copy_state_free(s->bcs); 517 s->bcs = NULL; 518 } 519 520 static BlockDriver bdrv_cbw_filter = { 521 .format_name = "copy-before-write", 522 .instance_size = sizeof(BDRVCopyBeforeWriteState), 523 524 .bdrv_open = cbw_open, 525 .bdrv_close = cbw_close, 526 527 .bdrv_co_preadv = cbw_co_preadv, 528 .bdrv_co_pwritev = cbw_co_pwritev, 529 .bdrv_co_pwrite_zeroes = cbw_co_pwrite_zeroes, 530 .bdrv_co_pdiscard = cbw_co_pdiscard, 531 .bdrv_co_flush = cbw_co_flush, 532 533 .bdrv_co_preadv_snapshot = cbw_co_preadv_snapshot, 534 .bdrv_co_pdiscard_snapshot = cbw_co_pdiscard_snapshot, 535 .bdrv_co_snapshot_block_status = cbw_co_snapshot_block_status, 536 537 .bdrv_refresh_filename = cbw_refresh_filename, 538 539 .bdrv_child_perm = cbw_child_perm, 540 541 .is_filter = true, 542 }; 543 544 BlockDriverState *bdrv_cbw_append(BlockDriverState *source, 545 BlockDriverState *target, 546 const char *filter_node_name, 547 bool discard_source, 548 BlockCopyState **bcs, 549 Error **errp) 550 { 551 BDRVCopyBeforeWriteState *state; 552 BlockDriverState *top; 553 QDict *opts; 554 int flags = BDRV_O_RDWR | (discard_source ? BDRV_O_CBW_DISCARD_SOURCE : 0); 555 556 assert(source->total_sectors == target->total_sectors); 557 GLOBAL_STATE_CODE(); 558 559 opts = qdict_new(); 560 qdict_put_str(opts, "driver", "copy-before-write"); 561 if (filter_node_name) { 562 qdict_put_str(opts, "node-name", filter_node_name); 563 } 564 qdict_put_str(opts, "file", bdrv_get_node_name(source)); 565 qdict_put_str(opts, "target", bdrv_get_node_name(target)); 566 567 top = bdrv_insert_node(source, opts, flags, errp); 568 if (!top) { 569 return NULL; 570 } 571 572 state = top->opaque; 573 *bcs = state->bcs; 574 575 return top; 576 } 577 578 void bdrv_cbw_drop(BlockDriverState *bs) 579 { 580 GLOBAL_STATE_CODE(); 581 bdrv_drop_filter(bs, &error_abort); 582 bdrv_unref(bs); 583 } 584 585 static void cbw_init(void) 586 { 587 bdrv_register(&bdrv_cbw_filter); 588 } 589 590 block_init(cbw_init); 591