xref: /openbmc/qemu/block/mirror.c (revision 9f2130f58d5dd4e1fcb435cca08bf77e7c32e6c6)
1 /*
2  * Image mirroring
3  *
4  * Copyright Red Hat, Inc. 2012
5  *
6  * Authors:
7  *  Paolo Bonzini  <pbonzini@redhat.com>
8  *
9  * This work is licensed under the terms of the GNU LGPL, version 2 or later.
10  * See the COPYING.LIB file in the top-level directory.
11  *
12  */
13 
14 #include "qemu/osdep.h"
15 #include "qemu/cutils.h"
16 #include "trace.h"
17 #include "block/blockjob_int.h"
18 #include "block/block_int.h"
19 #include "sysemu/block-backend.h"
20 #include "qapi/error.h"
21 #include "qapi/qmp/qerror.h"
22 #include "qemu/ratelimit.h"
23 #include "qemu/bitmap.h"
24 
25 #define SLICE_TIME    100000000ULL /* ns */
26 #define MAX_IN_FLIGHT 16
27 #define MAX_IO_SECTORS ((1 << 20) >> BDRV_SECTOR_BITS) /* 1 Mb */
28 #define DEFAULT_MIRROR_BUF_SIZE \
29     (MAX_IN_FLIGHT * MAX_IO_SECTORS * BDRV_SECTOR_SIZE)
30 
31 /* The mirroring buffer is a list of granularity-sized chunks.
32  * Free chunks are organized in a list.
33  */
34 typedef struct MirrorBuffer {
35     QSIMPLEQ_ENTRY(MirrorBuffer) next;
36 } MirrorBuffer;
37 
38 typedef struct MirrorBlockJob {
39     BlockJob common;
40     RateLimit limit;
41     BlockBackend *target;
42     BlockDriverState *mirror_top_bs;
43     BlockDriverState *source;
44     BlockDriverState *base;
45 
46     /* The name of the graph node to replace */
47     char *replaces;
48     /* The BDS to replace */
49     BlockDriverState *to_replace;
50     /* Used to block operations on the drive-mirror-replace target */
51     Error *replace_blocker;
52     bool is_none_mode;
53     BlockMirrorBackingMode backing_mode;
54     BlockdevOnError on_source_error, on_target_error;
55     bool synced;
56     bool should_complete;
57     int64_t granularity;
58     size_t buf_size;
59     int64_t bdev_length;
60     unsigned long *cow_bitmap;
61     BdrvDirtyBitmap *dirty_bitmap;
62     BdrvDirtyBitmapIter *dbi;
63     uint8_t *buf;
64     QSIMPLEQ_HEAD(, MirrorBuffer) buf_free;
65     int buf_free_count;
66 
67     uint64_t last_pause_ns;
68     unsigned long *in_flight_bitmap;
69     int in_flight;
70     int64_t sectors_in_flight;
71     int ret;
72     bool unmap;
73     bool waiting_for_io;
74     int target_cluster_sectors;
75     int max_iov;
76     bool initial_zeroing_ongoing;
77 } MirrorBlockJob;
78 
79 typedef struct MirrorOp {
80     MirrorBlockJob *s;
81     QEMUIOVector qiov;
82     int64_t sector_num;
83     int nb_sectors;
84 } MirrorOp;
85 
86 static BlockErrorAction mirror_error_action(MirrorBlockJob *s, bool read,
87                                             int error)
88 {
89     s->synced = false;
90     if (read) {
91         return block_job_error_action(&s->common, s->on_source_error,
92                                       true, error);
93     } else {
94         return block_job_error_action(&s->common, s->on_target_error,
95                                       false, error);
96     }
97 }
98 
99 static void mirror_iteration_done(MirrorOp *op, int ret)
100 {
101     MirrorBlockJob *s = op->s;
102     struct iovec *iov;
103     int64_t chunk_num;
104     int i, nb_chunks, sectors_per_chunk;
105 
106     trace_mirror_iteration_done(s, op->sector_num, op->nb_sectors, ret);
107 
108     s->in_flight--;
109     s->sectors_in_flight -= op->nb_sectors;
110     iov = op->qiov.iov;
111     for (i = 0; i < op->qiov.niov; i++) {
112         MirrorBuffer *buf = (MirrorBuffer *) iov[i].iov_base;
113         QSIMPLEQ_INSERT_TAIL(&s->buf_free, buf, next);
114         s->buf_free_count++;
115     }
116 
117     sectors_per_chunk = s->granularity >> BDRV_SECTOR_BITS;
118     chunk_num = op->sector_num / sectors_per_chunk;
119     nb_chunks = DIV_ROUND_UP(op->nb_sectors, sectors_per_chunk);
120     bitmap_clear(s->in_flight_bitmap, chunk_num, nb_chunks);
121     if (ret >= 0) {
122         if (s->cow_bitmap) {
123             bitmap_set(s->cow_bitmap, chunk_num, nb_chunks);
124         }
125         if (!s->initial_zeroing_ongoing) {
126             s->common.offset += (uint64_t)op->nb_sectors * BDRV_SECTOR_SIZE;
127         }
128     }
129     qemu_iovec_destroy(&op->qiov);
130     g_free(op);
131 
132     if (s->waiting_for_io) {
133         qemu_coroutine_enter(s->common.co);
134     }
135 }
136 
137 static void mirror_write_complete(void *opaque, int ret)
138 {
139     MirrorOp *op = opaque;
140     MirrorBlockJob *s = op->s;
141 
142     aio_context_acquire(blk_get_aio_context(s->common.blk));
143     if (ret < 0) {
144         BlockErrorAction action;
145 
146         bdrv_set_dirty_bitmap(s->dirty_bitmap, op->sector_num, op->nb_sectors);
147         action = mirror_error_action(s, false, -ret);
148         if (action == BLOCK_ERROR_ACTION_REPORT && s->ret >= 0) {
149             s->ret = ret;
150         }
151     }
152     mirror_iteration_done(op, ret);
153     aio_context_release(blk_get_aio_context(s->common.blk));
154 }
155 
156 static void mirror_read_complete(void *opaque, int ret)
157 {
158     MirrorOp *op = opaque;
159     MirrorBlockJob *s = op->s;
160 
161     aio_context_acquire(blk_get_aio_context(s->common.blk));
162     if (ret < 0) {
163         BlockErrorAction action;
164 
165         bdrv_set_dirty_bitmap(s->dirty_bitmap, op->sector_num, op->nb_sectors);
166         action = mirror_error_action(s, true, -ret);
167         if (action == BLOCK_ERROR_ACTION_REPORT && s->ret >= 0) {
168             s->ret = ret;
169         }
170 
171         mirror_iteration_done(op, ret);
172     } else {
173         blk_aio_pwritev(s->target, op->sector_num * BDRV_SECTOR_SIZE, &op->qiov,
174                         0, mirror_write_complete, op);
175     }
176     aio_context_release(blk_get_aio_context(s->common.blk));
177 }
178 
179 static inline void mirror_clip_sectors(MirrorBlockJob *s,
180                                        int64_t sector_num,
181                                        int *nb_sectors)
182 {
183     *nb_sectors = MIN(*nb_sectors,
184                       s->bdev_length / BDRV_SECTOR_SIZE - sector_num);
185 }
186 
187 /* Round sector_num and/or nb_sectors to target cluster if COW is needed, and
188  * return the offset of the adjusted tail sector against original. */
189 static int mirror_cow_align(MirrorBlockJob *s,
190                             int64_t *sector_num,
191                             int *nb_sectors)
192 {
193     bool need_cow;
194     int ret = 0;
195     int chunk_sectors = s->granularity >> BDRV_SECTOR_BITS;
196     int64_t align_sector_num = *sector_num;
197     int align_nb_sectors = *nb_sectors;
198     int max_sectors = chunk_sectors * s->max_iov;
199 
200     need_cow = !test_bit(*sector_num / chunk_sectors, s->cow_bitmap);
201     need_cow |= !test_bit((*sector_num + *nb_sectors - 1) / chunk_sectors,
202                           s->cow_bitmap);
203     if (need_cow) {
204         bdrv_round_sectors_to_clusters(blk_bs(s->target), *sector_num,
205                                        *nb_sectors, &align_sector_num,
206                                        &align_nb_sectors);
207     }
208 
209     if (align_nb_sectors > max_sectors) {
210         align_nb_sectors = max_sectors;
211         if (need_cow) {
212             align_nb_sectors = QEMU_ALIGN_DOWN(align_nb_sectors,
213                                                s->target_cluster_sectors);
214         }
215     }
216     /* Clipping may result in align_nb_sectors unaligned to chunk boundary, but
217      * that doesn't matter because it's already the end of source image. */
218     mirror_clip_sectors(s, align_sector_num, &align_nb_sectors);
219 
220     ret = align_sector_num + align_nb_sectors - (*sector_num + *nb_sectors);
221     *sector_num = align_sector_num;
222     *nb_sectors = align_nb_sectors;
223     assert(ret >= 0);
224     return ret;
225 }
226 
227 static inline void mirror_wait_for_io(MirrorBlockJob *s)
228 {
229     assert(!s->waiting_for_io);
230     s->waiting_for_io = true;
231     qemu_coroutine_yield();
232     s->waiting_for_io = false;
233 }
234 
235 /* Submit async read while handling COW.
236  * Returns: The number of sectors copied after and including sector_num,
237  *          excluding any sectors copied prior to sector_num due to alignment.
238  *          This will be nb_sectors if no alignment is necessary, or
239  *          (new_end - sector_num) if tail is rounded up or down due to
240  *          alignment or buffer limit.
241  */
242 static int mirror_do_read(MirrorBlockJob *s, int64_t sector_num,
243                           int nb_sectors)
244 {
245     BlockBackend *source = s->common.blk;
246     int sectors_per_chunk, nb_chunks;
247     int ret;
248     MirrorOp *op;
249     int max_sectors;
250 
251     sectors_per_chunk = s->granularity >> BDRV_SECTOR_BITS;
252     max_sectors = sectors_per_chunk * s->max_iov;
253 
254     /* We can only handle as much as buf_size at a time. */
255     nb_sectors = MIN(s->buf_size >> BDRV_SECTOR_BITS, nb_sectors);
256     nb_sectors = MIN(max_sectors, nb_sectors);
257     assert(nb_sectors);
258     ret = nb_sectors;
259 
260     if (s->cow_bitmap) {
261         ret += mirror_cow_align(s, &sector_num, &nb_sectors);
262     }
263     assert(nb_sectors << BDRV_SECTOR_BITS <= s->buf_size);
264     /* The sector range must meet granularity because:
265      * 1) Caller passes in aligned values;
266      * 2) mirror_cow_align is used only when target cluster is larger. */
267     assert(!(sector_num % sectors_per_chunk));
268     nb_chunks = DIV_ROUND_UP(nb_sectors, sectors_per_chunk);
269 
270     while (s->buf_free_count < nb_chunks) {
271         trace_mirror_yield_in_flight(s, sector_num, s->in_flight);
272         mirror_wait_for_io(s);
273     }
274 
275     /* Allocate a MirrorOp that is used as an AIO callback.  */
276     op = g_new(MirrorOp, 1);
277     op->s = s;
278     op->sector_num = sector_num;
279     op->nb_sectors = nb_sectors;
280 
281     /* Now make a QEMUIOVector taking enough granularity-sized chunks
282      * from s->buf_free.
283      */
284     qemu_iovec_init(&op->qiov, nb_chunks);
285     while (nb_chunks-- > 0) {
286         MirrorBuffer *buf = QSIMPLEQ_FIRST(&s->buf_free);
287         size_t remaining = nb_sectors * BDRV_SECTOR_SIZE - op->qiov.size;
288 
289         QSIMPLEQ_REMOVE_HEAD(&s->buf_free, next);
290         s->buf_free_count--;
291         qemu_iovec_add(&op->qiov, buf, MIN(s->granularity, remaining));
292     }
293 
294     /* Copy the dirty cluster.  */
295     s->in_flight++;
296     s->sectors_in_flight += nb_sectors;
297     trace_mirror_one_iteration(s, sector_num, nb_sectors);
298 
299     blk_aio_preadv(source, sector_num * BDRV_SECTOR_SIZE, &op->qiov, 0,
300                    mirror_read_complete, op);
301     return ret;
302 }
303 
304 static void mirror_do_zero_or_discard(MirrorBlockJob *s,
305                                       int64_t sector_num,
306                                       int nb_sectors,
307                                       bool is_discard)
308 {
309     MirrorOp *op;
310 
311     /* Allocate a MirrorOp that is used as an AIO callback. The qiov is zeroed
312      * so the freeing in mirror_iteration_done is nop. */
313     op = g_new0(MirrorOp, 1);
314     op->s = s;
315     op->sector_num = sector_num;
316     op->nb_sectors = nb_sectors;
317 
318     s->in_flight++;
319     s->sectors_in_flight += nb_sectors;
320     if (is_discard) {
321         blk_aio_pdiscard(s->target, sector_num << BDRV_SECTOR_BITS,
322                          op->nb_sectors << BDRV_SECTOR_BITS,
323                          mirror_write_complete, op);
324     } else {
325         blk_aio_pwrite_zeroes(s->target, sector_num * BDRV_SECTOR_SIZE,
326                               op->nb_sectors * BDRV_SECTOR_SIZE,
327                               s->unmap ? BDRV_REQ_MAY_UNMAP : 0,
328                               mirror_write_complete, op);
329     }
330 }
331 
332 static uint64_t coroutine_fn mirror_iteration(MirrorBlockJob *s)
333 {
334     BlockDriverState *source = s->source;
335     int64_t sector_num, first_chunk;
336     uint64_t delay_ns = 0;
337     /* At least the first dirty chunk is mirrored in one iteration. */
338     int nb_chunks = 1;
339     int64_t end = s->bdev_length / BDRV_SECTOR_SIZE;
340     int sectors_per_chunk = s->granularity >> BDRV_SECTOR_BITS;
341     bool write_zeroes_ok = bdrv_can_write_zeroes_with_unmap(blk_bs(s->target));
342     int max_io_sectors = MAX((s->buf_size >> BDRV_SECTOR_BITS) / MAX_IN_FLIGHT,
343                              MAX_IO_SECTORS);
344 
345     bdrv_dirty_bitmap_lock(s->dirty_bitmap);
346     sector_num = bdrv_dirty_iter_next(s->dbi);
347     if (sector_num < 0) {
348         bdrv_set_dirty_iter(s->dbi, 0);
349         sector_num = bdrv_dirty_iter_next(s->dbi);
350         trace_mirror_restart_iter(s, bdrv_get_dirty_count(s->dirty_bitmap));
351         assert(sector_num >= 0);
352     }
353     bdrv_dirty_bitmap_unlock(s->dirty_bitmap);
354 
355     first_chunk = sector_num / sectors_per_chunk;
356     while (test_bit(first_chunk, s->in_flight_bitmap)) {
357         trace_mirror_yield_in_flight(s, sector_num, s->in_flight);
358         mirror_wait_for_io(s);
359     }
360 
361     block_job_pause_point(&s->common);
362 
363     /* Find the number of consective dirty chunks following the first dirty
364      * one, and wait for in flight requests in them. */
365     bdrv_dirty_bitmap_lock(s->dirty_bitmap);
366     while (nb_chunks * sectors_per_chunk < (s->buf_size >> BDRV_SECTOR_BITS)) {
367         int64_t next_dirty;
368         int64_t next_sector = sector_num + nb_chunks * sectors_per_chunk;
369         int64_t next_chunk = next_sector / sectors_per_chunk;
370         if (next_sector >= end ||
371             !bdrv_get_dirty_locked(source, s->dirty_bitmap, next_sector)) {
372             break;
373         }
374         if (test_bit(next_chunk, s->in_flight_bitmap)) {
375             break;
376         }
377 
378         next_dirty = bdrv_dirty_iter_next(s->dbi);
379         if (next_dirty > next_sector || next_dirty < 0) {
380             /* The bitmap iterator's cache is stale, refresh it */
381             bdrv_set_dirty_iter(s->dbi, next_sector);
382             next_dirty = bdrv_dirty_iter_next(s->dbi);
383         }
384         assert(next_dirty == next_sector);
385         nb_chunks++;
386     }
387 
388     /* Clear dirty bits before querying the block status, because
389      * calling bdrv_get_block_status_above could yield - if some blocks are
390      * marked dirty in this window, we need to know.
391      */
392     bdrv_reset_dirty_bitmap_locked(s->dirty_bitmap, sector_num,
393                                   nb_chunks * sectors_per_chunk);
394     bdrv_dirty_bitmap_unlock(s->dirty_bitmap);
395 
396     bitmap_set(s->in_flight_bitmap, sector_num / sectors_per_chunk, nb_chunks);
397     while (nb_chunks > 0 && sector_num < end) {
398         int64_t ret;
399         int io_sectors, io_sectors_acct;
400         BlockDriverState *file;
401         enum MirrorMethod {
402             MIRROR_METHOD_COPY,
403             MIRROR_METHOD_ZERO,
404             MIRROR_METHOD_DISCARD
405         } mirror_method = MIRROR_METHOD_COPY;
406 
407         assert(!(sector_num % sectors_per_chunk));
408         ret = bdrv_get_block_status_above(source, NULL, sector_num,
409                                           nb_chunks * sectors_per_chunk,
410                                           &io_sectors, &file);
411         if (ret < 0) {
412             io_sectors = MIN(nb_chunks * sectors_per_chunk, max_io_sectors);
413         } else if (ret & BDRV_BLOCK_DATA) {
414             io_sectors = MIN(io_sectors, max_io_sectors);
415         }
416 
417         io_sectors -= io_sectors % sectors_per_chunk;
418         if (io_sectors < sectors_per_chunk) {
419             io_sectors = sectors_per_chunk;
420         } else if (ret >= 0 && !(ret & BDRV_BLOCK_DATA)) {
421             int64_t target_sector_num;
422             int target_nb_sectors;
423             bdrv_round_sectors_to_clusters(blk_bs(s->target), sector_num,
424                                            io_sectors,  &target_sector_num,
425                                            &target_nb_sectors);
426             if (target_sector_num == sector_num &&
427                 target_nb_sectors == io_sectors) {
428                 mirror_method = ret & BDRV_BLOCK_ZERO ?
429                                     MIRROR_METHOD_ZERO :
430                                     MIRROR_METHOD_DISCARD;
431             }
432         }
433 
434         while (s->in_flight >= MAX_IN_FLIGHT) {
435             trace_mirror_yield_in_flight(s, sector_num, s->in_flight);
436             mirror_wait_for_io(s);
437         }
438 
439         if (s->ret < 0) {
440             return 0;
441         }
442 
443         mirror_clip_sectors(s, sector_num, &io_sectors);
444         switch (mirror_method) {
445         case MIRROR_METHOD_COPY:
446             io_sectors = mirror_do_read(s, sector_num, io_sectors);
447             io_sectors_acct = io_sectors;
448             break;
449         case MIRROR_METHOD_ZERO:
450         case MIRROR_METHOD_DISCARD:
451             mirror_do_zero_or_discard(s, sector_num, io_sectors,
452                                       mirror_method == MIRROR_METHOD_DISCARD);
453             if (write_zeroes_ok) {
454                 io_sectors_acct = 0;
455             } else {
456                 io_sectors_acct = io_sectors;
457             }
458             break;
459         default:
460             abort();
461         }
462         assert(io_sectors);
463         sector_num += io_sectors;
464         nb_chunks -= DIV_ROUND_UP(io_sectors, sectors_per_chunk);
465         if (s->common.speed) {
466             delay_ns = ratelimit_calculate_delay(&s->limit, io_sectors_acct);
467         }
468     }
469     return delay_ns;
470 }
471 
472 static void mirror_free_init(MirrorBlockJob *s)
473 {
474     int granularity = s->granularity;
475     size_t buf_size = s->buf_size;
476     uint8_t *buf = s->buf;
477 
478     assert(s->buf_free_count == 0);
479     QSIMPLEQ_INIT(&s->buf_free);
480     while (buf_size != 0) {
481         MirrorBuffer *cur = (MirrorBuffer *)buf;
482         QSIMPLEQ_INSERT_TAIL(&s->buf_free, cur, next);
483         s->buf_free_count++;
484         buf_size -= granularity;
485         buf += granularity;
486     }
487 }
488 
489 /* This is also used for the .pause callback. There is no matching
490  * mirror_resume() because mirror_run() will begin iterating again
491  * when the job is resumed.
492  */
493 static void mirror_wait_for_all_io(MirrorBlockJob *s)
494 {
495     while (s->in_flight > 0) {
496         mirror_wait_for_io(s);
497     }
498 }
499 
500 typedef struct {
501     int ret;
502 } MirrorExitData;
503 
504 static void mirror_exit(BlockJob *job, void *opaque)
505 {
506     MirrorBlockJob *s = container_of(job, MirrorBlockJob, common);
507     MirrorExitData *data = opaque;
508     AioContext *replace_aio_context = NULL;
509     BlockDriverState *src = s->source;
510     BlockDriverState *target_bs = blk_bs(s->target);
511     BlockDriverState *mirror_top_bs = s->mirror_top_bs;
512     Error *local_err = NULL;
513 
514     bdrv_release_dirty_bitmap(src, s->dirty_bitmap);
515 
516     /* Make sure that the source BDS doesn't go away before we called
517      * block_job_completed(). */
518     bdrv_ref(src);
519     bdrv_ref(mirror_top_bs);
520     bdrv_ref(target_bs);
521 
522     /* Remove target parent that still uses BLK_PERM_WRITE/RESIZE before
523      * inserting target_bs at s->to_replace, where we might not be able to get
524      * these permissions.
525      *
526      * Note that blk_unref() alone doesn't necessarily drop permissions because
527      * we might be running nested inside mirror_drain(), which takes an extra
528      * reference, so use an explicit blk_set_perm() first. */
529     blk_set_perm(s->target, 0, BLK_PERM_ALL, &error_abort);
530     blk_unref(s->target);
531     s->target = NULL;
532 
533     /* We don't access the source any more. Dropping any WRITE/RESIZE is
534      * required before it could become a backing file of target_bs. */
535     bdrv_child_try_set_perm(mirror_top_bs->backing, 0, BLK_PERM_ALL,
536                             &error_abort);
537     if (s->backing_mode == MIRROR_SOURCE_BACKING_CHAIN) {
538         BlockDriverState *backing = s->is_none_mode ? src : s->base;
539         if (backing_bs(target_bs) != backing) {
540             bdrv_set_backing_hd(target_bs, backing, &local_err);
541             if (local_err) {
542                 error_report_err(local_err);
543                 data->ret = -EPERM;
544             }
545         }
546     }
547 
548     if (s->to_replace) {
549         replace_aio_context = bdrv_get_aio_context(s->to_replace);
550         aio_context_acquire(replace_aio_context);
551     }
552 
553     if (s->should_complete && data->ret == 0) {
554         BlockDriverState *to_replace = src;
555         if (s->to_replace) {
556             to_replace = s->to_replace;
557         }
558 
559         if (bdrv_get_flags(target_bs) != bdrv_get_flags(to_replace)) {
560             bdrv_reopen(target_bs, bdrv_get_flags(to_replace), NULL);
561         }
562 
563         /* The mirror job has no requests in flight any more, but we need to
564          * drain potential other users of the BDS before changing the graph. */
565         bdrv_drained_begin(target_bs);
566         bdrv_replace_node(to_replace, target_bs, &local_err);
567         bdrv_drained_end(target_bs);
568         if (local_err) {
569             error_report_err(local_err);
570             data->ret = -EPERM;
571         }
572     }
573     if (s->to_replace) {
574         bdrv_op_unblock_all(s->to_replace, s->replace_blocker);
575         error_free(s->replace_blocker);
576         bdrv_unref(s->to_replace);
577     }
578     if (replace_aio_context) {
579         aio_context_release(replace_aio_context);
580     }
581     g_free(s->replaces);
582     bdrv_unref(target_bs);
583 
584     /* Remove the mirror filter driver from the graph. Before this, get rid of
585      * the blockers on the intermediate nodes so that the resulting state is
586      * valid. Also give up permissions on mirror_top_bs->backing, which might
587      * block the removal. */
588     block_job_remove_all_bdrv(job);
589     bdrv_child_try_set_perm(mirror_top_bs->backing, 0, BLK_PERM_ALL,
590                             &error_abort);
591     bdrv_replace_node(mirror_top_bs, backing_bs(mirror_top_bs), &error_abort);
592 
593     /* We just changed the BDS the job BB refers to (with either or both of the
594      * bdrv_replace_node() calls), so switch the BB back so the cleanup does
595      * the right thing. We don't need any permissions any more now. */
596     blk_remove_bs(job->blk);
597     blk_set_perm(job->blk, 0, BLK_PERM_ALL, &error_abort);
598     blk_insert_bs(job->blk, mirror_top_bs, &error_abort);
599 
600     block_job_completed(&s->common, data->ret);
601 
602     g_free(data);
603     bdrv_drained_end(src);
604     bdrv_unref(mirror_top_bs);
605     bdrv_unref(src);
606 }
607 
608 static void mirror_throttle(MirrorBlockJob *s)
609 {
610     int64_t now = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
611 
612     if (now - s->last_pause_ns > SLICE_TIME) {
613         s->last_pause_ns = now;
614         block_job_sleep_ns(&s->common, QEMU_CLOCK_REALTIME, 0);
615     } else {
616         block_job_pause_point(&s->common);
617     }
618 }
619 
620 static int coroutine_fn mirror_dirty_init(MirrorBlockJob *s)
621 {
622     int64_t sector_num, end;
623     BlockDriverState *base = s->base;
624     BlockDriverState *bs = s->source;
625     BlockDriverState *target_bs = blk_bs(s->target);
626     int ret, n;
627 
628     end = s->bdev_length / BDRV_SECTOR_SIZE;
629 
630     if (base == NULL && !bdrv_has_zero_init(target_bs)) {
631         if (!bdrv_can_write_zeroes_with_unmap(target_bs)) {
632             bdrv_set_dirty_bitmap(s->dirty_bitmap, 0, end);
633             return 0;
634         }
635 
636         s->initial_zeroing_ongoing = true;
637         for (sector_num = 0; sector_num < end; ) {
638             int nb_sectors = MIN(end - sector_num,
639                 QEMU_ALIGN_DOWN(INT_MAX, s->granularity) >> BDRV_SECTOR_BITS);
640 
641             mirror_throttle(s);
642 
643             if (block_job_is_cancelled(&s->common)) {
644                 s->initial_zeroing_ongoing = false;
645                 return 0;
646             }
647 
648             if (s->in_flight >= MAX_IN_FLIGHT) {
649                 trace_mirror_yield(s, UINT64_MAX, s->buf_free_count,
650                                    s->in_flight);
651                 mirror_wait_for_io(s);
652                 continue;
653             }
654 
655             mirror_do_zero_or_discard(s, sector_num, nb_sectors, false);
656             sector_num += nb_sectors;
657         }
658 
659         mirror_wait_for_all_io(s);
660         s->initial_zeroing_ongoing = false;
661     }
662 
663     /* First part, loop on the sectors and initialize the dirty bitmap.  */
664     for (sector_num = 0; sector_num < end; ) {
665         /* Just to make sure we are not exceeding int limit. */
666         int nb_sectors = MIN(INT_MAX >> BDRV_SECTOR_BITS,
667                              end - sector_num);
668 
669         mirror_throttle(s);
670 
671         if (block_job_is_cancelled(&s->common)) {
672             return 0;
673         }
674 
675         ret = bdrv_is_allocated_above(bs, base, sector_num, nb_sectors, &n);
676         if (ret < 0) {
677             return ret;
678         }
679 
680         assert(n > 0);
681         if (ret == 1) {
682             bdrv_set_dirty_bitmap(s->dirty_bitmap, sector_num, n);
683         }
684         sector_num += n;
685     }
686     return 0;
687 }
688 
689 /* Called when going out of the streaming phase to flush the bulk of the
690  * data to the medium, or just before completing.
691  */
692 static int mirror_flush(MirrorBlockJob *s)
693 {
694     int ret = blk_flush(s->target);
695     if (ret < 0) {
696         if (mirror_error_action(s, false, -ret) == BLOCK_ERROR_ACTION_REPORT) {
697             s->ret = ret;
698         }
699     }
700     return ret;
701 }
702 
703 static void coroutine_fn mirror_run(void *opaque)
704 {
705     MirrorBlockJob *s = opaque;
706     MirrorExitData *data;
707     BlockDriverState *bs = s->source;
708     BlockDriverState *target_bs = blk_bs(s->target);
709     bool need_drain = true;
710     int64_t length;
711     BlockDriverInfo bdi;
712     char backing_filename[2]; /* we only need 2 characters because we are only
713                                  checking for a NULL string */
714     int ret = 0;
715     int target_cluster_size = BDRV_SECTOR_SIZE;
716 
717     if (block_job_is_cancelled(&s->common)) {
718         goto immediate_exit;
719     }
720 
721     s->bdev_length = bdrv_getlength(bs);
722     if (s->bdev_length < 0) {
723         ret = s->bdev_length;
724         goto immediate_exit;
725     }
726 
727     /* Active commit must resize the base image if its size differs from the
728      * active layer. */
729     if (s->base == blk_bs(s->target)) {
730         int64_t base_length;
731 
732         base_length = blk_getlength(s->target);
733         if (base_length < 0) {
734             ret = base_length;
735             goto immediate_exit;
736         }
737 
738         if (s->bdev_length > base_length) {
739             ret = blk_truncate(s->target, s->bdev_length, NULL);
740             if (ret < 0) {
741                 goto immediate_exit;
742             }
743         }
744     }
745 
746     if (s->bdev_length == 0) {
747         /* Report BLOCK_JOB_READY and wait for complete. */
748         block_job_event_ready(&s->common);
749         s->synced = true;
750         while (!block_job_is_cancelled(&s->common) && !s->should_complete) {
751             block_job_yield(&s->common);
752         }
753         s->common.cancelled = false;
754         goto immediate_exit;
755     }
756 
757     length = DIV_ROUND_UP(s->bdev_length, s->granularity);
758     s->in_flight_bitmap = bitmap_new(length);
759 
760     /* If we have no backing file yet in the destination, we cannot let
761      * the destination do COW.  Instead, we copy sectors around the
762      * dirty data if needed.  We need a bitmap to do that.
763      */
764     bdrv_get_backing_filename(target_bs, backing_filename,
765                               sizeof(backing_filename));
766     if (!bdrv_get_info(target_bs, &bdi) && bdi.cluster_size) {
767         target_cluster_size = bdi.cluster_size;
768     }
769     if (backing_filename[0] && !target_bs->backing
770         && s->granularity < target_cluster_size) {
771         s->buf_size = MAX(s->buf_size, target_cluster_size);
772         s->cow_bitmap = bitmap_new(length);
773     }
774     s->target_cluster_sectors = target_cluster_size >> BDRV_SECTOR_BITS;
775     s->max_iov = MIN(bs->bl.max_iov, target_bs->bl.max_iov);
776 
777     s->buf = qemu_try_blockalign(bs, s->buf_size);
778     if (s->buf == NULL) {
779         ret = -ENOMEM;
780         goto immediate_exit;
781     }
782 
783     mirror_free_init(s);
784 
785     s->last_pause_ns = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
786     if (!s->is_none_mode) {
787         ret = mirror_dirty_init(s);
788         if (ret < 0 || block_job_is_cancelled(&s->common)) {
789             goto immediate_exit;
790         }
791     }
792 
793     assert(!s->dbi);
794     s->dbi = bdrv_dirty_iter_new(s->dirty_bitmap, 0);
795     for (;;) {
796         uint64_t delay_ns = 0;
797         int64_t cnt, delta;
798         bool should_complete;
799 
800         if (s->ret < 0) {
801             ret = s->ret;
802             goto immediate_exit;
803         }
804 
805         block_job_pause_point(&s->common);
806 
807         cnt = bdrv_get_dirty_count(s->dirty_bitmap);
808         /* s->common.offset contains the number of bytes already processed so
809          * far, cnt is the number of dirty sectors remaining and
810          * s->sectors_in_flight is the number of sectors currently being
811          * processed; together those are the current total operation length */
812         s->common.len = s->common.offset +
813                         (cnt + s->sectors_in_flight) * BDRV_SECTOR_SIZE;
814 
815         /* Note that even when no rate limit is applied we need to yield
816          * periodically with no pending I/O so that bdrv_drain_all() returns.
817          * We do so every SLICE_TIME nanoseconds, or when there is an error,
818          * or when the source is clean, whichever comes first.
819          */
820         delta = qemu_clock_get_ns(QEMU_CLOCK_REALTIME) - s->last_pause_ns;
821         if (delta < SLICE_TIME &&
822             s->common.iostatus == BLOCK_DEVICE_IO_STATUS_OK) {
823             if (s->in_flight >= MAX_IN_FLIGHT || s->buf_free_count == 0 ||
824                 (cnt == 0 && s->in_flight > 0)) {
825                 trace_mirror_yield(s, cnt, s->buf_free_count, s->in_flight);
826                 mirror_wait_for_io(s);
827                 continue;
828             } else if (cnt != 0) {
829                 delay_ns = mirror_iteration(s);
830             }
831         }
832 
833         should_complete = false;
834         if (s->in_flight == 0 && cnt == 0) {
835             trace_mirror_before_flush(s);
836             if (!s->synced) {
837                 if (mirror_flush(s) < 0) {
838                     /* Go check s->ret.  */
839                     continue;
840                 }
841                 /* We're out of the streaming phase.  From now on, if the job
842                  * is cancelled we will actually complete all pending I/O and
843                  * report completion.  This way, block-job-cancel will leave
844                  * the target in a consistent state.
845                  */
846                 block_job_event_ready(&s->common);
847                 s->synced = true;
848             }
849 
850             should_complete = s->should_complete ||
851                 block_job_is_cancelled(&s->common);
852             cnt = bdrv_get_dirty_count(s->dirty_bitmap);
853         }
854 
855         if (cnt == 0 && should_complete) {
856             /* The dirty bitmap is not updated while operations are pending.
857              * If we're about to exit, wait for pending operations before
858              * calling bdrv_get_dirty_count(bs), or we may exit while the
859              * source has dirty data to copy!
860              *
861              * Note that I/O can be submitted by the guest while
862              * mirror_populate runs, so pause it now.  Before deciding
863              * whether to switch to target check one last time if I/O has
864              * come in the meanwhile, and if not flush the data to disk.
865              */
866             trace_mirror_before_drain(s, cnt);
867 
868             bdrv_drained_begin(bs);
869             cnt = bdrv_get_dirty_count(s->dirty_bitmap);
870             if (cnt > 0 || mirror_flush(s) < 0) {
871                 bdrv_drained_end(bs);
872                 continue;
873             }
874 
875             /* The two disks are in sync.  Exit and report successful
876              * completion.
877              */
878             assert(QLIST_EMPTY(&bs->tracked_requests));
879             s->common.cancelled = false;
880             need_drain = false;
881             break;
882         }
883 
884         ret = 0;
885         trace_mirror_before_sleep(s, cnt, s->synced, delay_ns);
886         if (!s->synced) {
887             block_job_sleep_ns(&s->common, QEMU_CLOCK_REALTIME, delay_ns);
888             if (block_job_is_cancelled(&s->common)) {
889                 break;
890             }
891         } else if (!should_complete) {
892             delay_ns = (s->in_flight == 0 && cnt == 0 ? SLICE_TIME : 0);
893             block_job_sleep_ns(&s->common, QEMU_CLOCK_REALTIME, delay_ns);
894         }
895         s->last_pause_ns = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
896     }
897 
898 immediate_exit:
899     if (s->in_flight > 0) {
900         /* We get here only if something went wrong.  Either the job failed,
901          * or it was cancelled prematurely so that we do not guarantee that
902          * the target is a copy of the source.
903          */
904         assert(ret < 0 || (!s->synced && block_job_is_cancelled(&s->common)));
905         assert(need_drain);
906         mirror_wait_for_all_io(s);
907     }
908 
909     assert(s->in_flight == 0);
910     qemu_vfree(s->buf);
911     g_free(s->cow_bitmap);
912     g_free(s->in_flight_bitmap);
913     bdrv_dirty_iter_free(s->dbi);
914 
915     data = g_malloc(sizeof(*data));
916     data->ret = ret;
917 
918     if (need_drain) {
919         bdrv_drained_begin(bs);
920     }
921     block_job_defer_to_main_loop(&s->common, mirror_exit, data);
922 }
923 
924 static void mirror_set_speed(BlockJob *job, int64_t speed, Error **errp)
925 {
926     MirrorBlockJob *s = container_of(job, MirrorBlockJob, common);
927 
928     if (speed < 0) {
929         error_setg(errp, QERR_INVALID_PARAMETER, "speed");
930         return;
931     }
932     ratelimit_set_speed(&s->limit, speed / BDRV_SECTOR_SIZE, SLICE_TIME);
933 }
934 
935 static void mirror_complete(BlockJob *job, Error **errp)
936 {
937     MirrorBlockJob *s = container_of(job, MirrorBlockJob, common);
938     BlockDriverState *target;
939 
940     target = blk_bs(s->target);
941 
942     if (!s->synced) {
943         error_setg(errp, "The active block job '%s' cannot be completed",
944                    job->id);
945         return;
946     }
947 
948     if (s->backing_mode == MIRROR_OPEN_BACKING_CHAIN) {
949         int ret;
950 
951         assert(!target->backing);
952         ret = bdrv_open_backing_file(target, NULL, "backing", errp);
953         if (ret < 0) {
954             return;
955         }
956     }
957 
958     /* block all operations on to_replace bs */
959     if (s->replaces) {
960         AioContext *replace_aio_context;
961 
962         s->to_replace = bdrv_find_node(s->replaces);
963         if (!s->to_replace) {
964             error_setg(errp, "Node name '%s' not found", s->replaces);
965             return;
966         }
967 
968         replace_aio_context = bdrv_get_aio_context(s->to_replace);
969         aio_context_acquire(replace_aio_context);
970 
971         /* TODO Translate this into permission system. Current definition of
972          * GRAPH_MOD would require to request it for the parents; they might
973          * not even be BlockDriverStates, however, so a BdrvChild can't address
974          * them. May need redefinition of GRAPH_MOD. */
975         error_setg(&s->replace_blocker,
976                    "block device is in use by block-job-complete");
977         bdrv_op_block_all(s->to_replace, s->replace_blocker);
978         bdrv_ref(s->to_replace);
979 
980         aio_context_release(replace_aio_context);
981     }
982 
983     s->should_complete = true;
984     block_job_enter(&s->common);
985 }
986 
987 static void mirror_pause(BlockJob *job)
988 {
989     MirrorBlockJob *s = container_of(job, MirrorBlockJob, common);
990 
991     mirror_wait_for_all_io(s);
992 }
993 
994 static void mirror_attached_aio_context(BlockJob *job, AioContext *new_context)
995 {
996     MirrorBlockJob *s = container_of(job, MirrorBlockJob, common);
997 
998     blk_set_aio_context(s->target, new_context);
999 }
1000 
1001 static void mirror_drain(BlockJob *job)
1002 {
1003     MirrorBlockJob *s = container_of(job, MirrorBlockJob, common);
1004 
1005     /* Need to keep a reference in case blk_drain triggers execution
1006      * of mirror_complete...
1007      */
1008     if (s->target) {
1009         BlockBackend *target = s->target;
1010         blk_ref(target);
1011         blk_drain(target);
1012         blk_unref(target);
1013     }
1014 }
1015 
1016 static const BlockJobDriver mirror_job_driver = {
1017     .instance_size          = sizeof(MirrorBlockJob),
1018     .job_type               = BLOCK_JOB_TYPE_MIRROR,
1019     .set_speed              = mirror_set_speed,
1020     .start                  = mirror_run,
1021     .complete               = mirror_complete,
1022     .pause                  = mirror_pause,
1023     .attached_aio_context   = mirror_attached_aio_context,
1024     .drain                  = mirror_drain,
1025 };
1026 
1027 static const BlockJobDriver commit_active_job_driver = {
1028     .instance_size          = sizeof(MirrorBlockJob),
1029     .job_type               = BLOCK_JOB_TYPE_COMMIT,
1030     .set_speed              = mirror_set_speed,
1031     .start                  = mirror_run,
1032     .complete               = mirror_complete,
1033     .pause                  = mirror_pause,
1034     .attached_aio_context   = mirror_attached_aio_context,
1035     .drain                  = mirror_drain,
1036 };
1037 
1038 static int coroutine_fn bdrv_mirror_top_preadv(BlockDriverState *bs,
1039     uint64_t offset, uint64_t bytes, QEMUIOVector *qiov, int flags)
1040 {
1041     return bdrv_co_preadv(bs->backing, offset, bytes, qiov, flags);
1042 }
1043 
1044 static int coroutine_fn bdrv_mirror_top_pwritev(BlockDriverState *bs,
1045     uint64_t offset, uint64_t bytes, QEMUIOVector *qiov, int flags)
1046 {
1047     return bdrv_co_pwritev(bs->backing, offset, bytes, qiov, flags);
1048 }
1049 
1050 static int coroutine_fn bdrv_mirror_top_flush(BlockDriverState *bs)
1051 {
1052     return bdrv_co_flush(bs->backing->bs);
1053 }
1054 
1055 static int64_t coroutine_fn bdrv_mirror_top_get_block_status(
1056     BlockDriverState *bs, int64_t sector_num, int nb_sectors, int *pnum,
1057     BlockDriverState **file)
1058 {
1059     *pnum = nb_sectors;
1060     *file = bs->backing->bs;
1061     return BDRV_BLOCK_RAW | BDRV_BLOCK_OFFSET_VALID | BDRV_BLOCK_DATA |
1062            (sector_num << BDRV_SECTOR_BITS);
1063 }
1064 
1065 static int coroutine_fn bdrv_mirror_top_pwrite_zeroes(BlockDriverState *bs,
1066     int64_t offset, int bytes, BdrvRequestFlags flags)
1067 {
1068     return bdrv_co_pwrite_zeroes(bs->backing, offset, bytes, flags);
1069 }
1070 
1071 static int coroutine_fn bdrv_mirror_top_pdiscard(BlockDriverState *bs,
1072     int64_t offset, int bytes)
1073 {
1074     return bdrv_co_pdiscard(bs->backing->bs, offset, bytes);
1075 }
1076 
1077 static void bdrv_mirror_top_refresh_filename(BlockDriverState *bs, QDict *opts)
1078 {
1079     bdrv_refresh_filename(bs->backing->bs);
1080     pstrcpy(bs->exact_filename, sizeof(bs->exact_filename),
1081             bs->backing->bs->filename);
1082 }
1083 
1084 static void bdrv_mirror_top_close(BlockDriverState *bs)
1085 {
1086 }
1087 
1088 static void bdrv_mirror_top_child_perm(BlockDriverState *bs, BdrvChild *c,
1089                                        const BdrvChildRole *role,
1090                                        uint64_t perm, uint64_t shared,
1091                                        uint64_t *nperm, uint64_t *nshared)
1092 {
1093     /* Must be able to forward guest writes to the real image */
1094     *nperm = 0;
1095     if (perm & BLK_PERM_WRITE) {
1096         *nperm |= BLK_PERM_WRITE;
1097     }
1098 
1099     *nshared = BLK_PERM_ALL;
1100 }
1101 
1102 /* Dummy node that provides consistent read to its users without requiring it
1103  * from its backing file and that allows writes on the backing file chain. */
1104 static BlockDriver bdrv_mirror_top = {
1105     .format_name                = "mirror_top",
1106     .bdrv_co_preadv             = bdrv_mirror_top_preadv,
1107     .bdrv_co_pwritev            = bdrv_mirror_top_pwritev,
1108     .bdrv_co_pwrite_zeroes      = bdrv_mirror_top_pwrite_zeroes,
1109     .bdrv_co_pdiscard           = bdrv_mirror_top_pdiscard,
1110     .bdrv_co_flush              = bdrv_mirror_top_flush,
1111     .bdrv_co_get_block_status   = bdrv_mirror_top_get_block_status,
1112     .bdrv_refresh_filename      = bdrv_mirror_top_refresh_filename,
1113     .bdrv_close                 = bdrv_mirror_top_close,
1114     .bdrv_child_perm            = bdrv_mirror_top_child_perm,
1115 };
1116 
1117 static void mirror_start_job(const char *job_id, BlockDriverState *bs,
1118                              int creation_flags, BlockDriverState *target,
1119                              const char *replaces, int64_t speed,
1120                              uint32_t granularity, int64_t buf_size,
1121                              BlockMirrorBackingMode backing_mode,
1122                              BlockdevOnError on_source_error,
1123                              BlockdevOnError on_target_error,
1124                              bool unmap,
1125                              BlockCompletionFunc *cb,
1126                              void *opaque,
1127                              const BlockJobDriver *driver,
1128                              bool is_none_mode, BlockDriverState *base,
1129                              bool auto_complete, const char *filter_node_name,
1130                              Error **errp)
1131 {
1132     MirrorBlockJob *s;
1133     BlockDriverState *mirror_top_bs;
1134     bool target_graph_mod;
1135     bool target_is_backing;
1136     Error *local_err = NULL;
1137     int ret;
1138 
1139     if (granularity == 0) {
1140         granularity = bdrv_get_default_bitmap_granularity(target);
1141     }
1142 
1143     assert ((granularity & (granularity - 1)) == 0);
1144 
1145     if (buf_size < 0) {
1146         error_setg(errp, "Invalid parameter 'buf-size'");
1147         return;
1148     }
1149 
1150     if (buf_size == 0) {
1151         buf_size = DEFAULT_MIRROR_BUF_SIZE;
1152     }
1153 
1154     /* In the case of active commit, add dummy driver to provide consistent
1155      * reads on the top, while disabling it in the intermediate nodes, and make
1156      * the backing chain writable. */
1157     mirror_top_bs = bdrv_new_open_driver(&bdrv_mirror_top, filter_node_name,
1158                                          BDRV_O_RDWR, errp);
1159     if (mirror_top_bs == NULL) {
1160         return;
1161     }
1162     mirror_top_bs->total_sectors = bs->total_sectors;
1163     bdrv_set_aio_context(mirror_top_bs, bdrv_get_aio_context(bs));
1164 
1165     /* bdrv_append takes ownership of the mirror_top_bs reference, need to keep
1166      * it alive until block_job_create() succeeds even if bs has no parent. */
1167     bdrv_ref(mirror_top_bs);
1168     bdrv_drained_begin(bs);
1169     bdrv_append(mirror_top_bs, bs, &local_err);
1170     bdrv_drained_end(bs);
1171 
1172     if (local_err) {
1173         bdrv_unref(mirror_top_bs);
1174         error_propagate(errp, local_err);
1175         return;
1176     }
1177 
1178     /* Make sure that the source is not resized while the job is running */
1179     s = block_job_create(job_id, driver, mirror_top_bs,
1180                          BLK_PERM_CONSISTENT_READ,
1181                          BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE_UNCHANGED |
1182                          BLK_PERM_WRITE | BLK_PERM_GRAPH_MOD, speed,
1183                          creation_flags, cb, opaque, errp);
1184     if (!s) {
1185         goto fail;
1186     }
1187     /* The block job now has a reference to this node */
1188     bdrv_unref(mirror_top_bs);
1189 
1190     s->source = bs;
1191     s->mirror_top_bs = mirror_top_bs;
1192 
1193     /* No resize for the target either; while the mirror is still running, a
1194      * consistent read isn't necessarily possible. We could possibly allow
1195      * writes and graph modifications, though it would likely defeat the
1196      * purpose of a mirror, so leave them blocked for now.
1197      *
1198      * In the case of active commit, things look a bit different, though,
1199      * because the target is an already populated backing file in active use.
1200      * We can allow anything except resize there.*/
1201     target_is_backing = bdrv_chain_contains(bs, target);
1202     target_graph_mod = (backing_mode != MIRROR_LEAVE_BACKING_CHAIN);
1203     s->target = blk_new(BLK_PERM_WRITE | BLK_PERM_RESIZE |
1204                         (target_graph_mod ? BLK_PERM_GRAPH_MOD : 0),
1205                         BLK_PERM_WRITE_UNCHANGED |
1206                         (target_is_backing ? BLK_PERM_CONSISTENT_READ |
1207                                              BLK_PERM_WRITE |
1208                                              BLK_PERM_GRAPH_MOD : 0));
1209     ret = blk_insert_bs(s->target, target, errp);
1210     if (ret < 0) {
1211         goto fail;
1212     }
1213 
1214     s->replaces = g_strdup(replaces);
1215     s->on_source_error = on_source_error;
1216     s->on_target_error = on_target_error;
1217     s->is_none_mode = is_none_mode;
1218     s->backing_mode = backing_mode;
1219     s->base = base;
1220     s->granularity = granularity;
1221     s->buf_size = ROUND_UP(buf_size, granularity);
1222     s->unmap = unmap;
1223     if (auto_complete) {
1224         s->should_complete = true;
1225     }
1226 
1227     s->dirty_bitmap = bdrv_create_dirty_bitmap(bs, granularity, NULL, errp);
1228     if (!s->dirty_bitmap) {
1229         goto fail;
1230     }
1231 
1232     /* Required permissions are already taken with blk_new() */
1233     block_job_add_bdrv(&s->common, "target", target, 0, BLK_PERM_ALL,
1234                        &error_abort);
1235 
1236     /* In commit_active_start() all intermediate nodes disappear, so
1237      * any jobs in them must be blocked */
1238     if (target_is_backing) {
1239         BlockDriverState *iter;
1240         for (iter = backing_bs(bs); iter != target; iter = backing_bs(iter)) {
1241             /* XXX BLK_PERM_WRITE needs to be allowed so we don't block
1242              * ourselves at s->base (if writes are blocked for a node, they are
1243              * also blocked for its backing file). The other options would be a
1244              * second filter driver above s->base (== target). */
1245             ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
1246                                      BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE,
1247                                      errp);
1248             if (ret < 0) {
1249                 goto fail;
1250             }
1251         }
1252     }
1253 
1254     trace_mirror_start(bs, s, opaque);
1255     block_job_start(&s->common);
1256     return;
1257 
1258 fail:
1259     if (s) {
1260         /* Make sure this BDS does not go away until we have completed the graph
1261          * changes below */
1262         bdrv_ref(mirror_top_bs);
1263 
1264         g_free(s->replaces);
1265         blk_unref(s->target);
1266         block_job_early_fail(&s->common);
1267     }
1268 
1269     bdrv_child_try_set_perm(mirror_top_bs->backing, 0, BLK_PERM_ALL,
1270                             &error_abort);
1271     bdrv_replace_node(mirror_top_bs, backing_bs(mirror_top_bs), &error_abort);
1272 
1273     bdrv_unref(mirror_top_bs);
1274 }
1275 
1276 void mirror_start(const char *job_id, BlockDriverState *bs,
1277                   BlockDriverState *target, const char *replaces,
1278                   int64_t speed, uint32_t granularity, int64_t buf_size,
1279                   MirrorSyncMode mode, BlockMirrorBackingMode backing_mode,
1280                   BlockdevOnError on_source_error,
1281                   BlockdevOnError on_target_error,
1282                   bool unmap, const char *filter_node_name, Error **errp)
1283 {
1284     bool is_none_mode;
1285     BlockDriverState *base;
1286 
1287     if (mode == MIRROR_SYNC_MODE_INCREMENTAL) {
1288         error_setg(errp, "Sync mode 'incremental' not supported");
1289         return;
1290     }
1291     is_none_mode = mode == MIRROR_SYNC_MODE_NONE;
1292     base = mode == MIRROR_SYNC_MODE_TOP ? backing_bs(bs) : NULL;
1293     mirror_start_job(job_id, bs, BLOCK_JOB_DEFAULT, target, replaces,
1294                      speed, granularity, buf_size, backing_mode,
1295                      on_source_error, on_target_error, unmap, NULL, NULL,
1296                      &mirror_job_driver, is_none_mode, base, false,
1297                      filter_node_name, errp);
1298 }
1299 
1300 void commit_active_start(const char *job_id, BlockDriverState *bs,
1301                          BlockDriverState *base, int creation_flags,
1302                          int64_t speed, BlockdevOnError on_error,
1303                          const char *filter_node_name,
1304                          BlockCompletionFunc *cb, void *opaque,
1305                          bool auto_complete, Error **errp)
1306 {
1307     int orig_base_flags;
1308     Error *local_err = NULL;
1309 
1310     orig_base_flags = bdrv_get_flags(base);
1311 
1312     if (bdrv_reopen(base, bs->open_flags, errp)) {
1313         return;
1314     }
1315 
1316     mirror_start_job(job_id, bs, creation_flags, base, NULL, speed, 0, 0,
1317                      MIRROR_LEAVE_BACKING_CHAIN,
1318                      on_error, on_error, true, cb, opaque,
1319                      &commit_active_job_driver, false, base, auto_complete,
1320                      filter_node_name, &local_err);
1321     if (local_err) {
1322         error_propagate(errp, local_err);
1323         goto error_restore_flags;
1324     }
1325 
1326     return;
1327 
1328 error_restore_flags:
1329     /* ignore error and errp for bdrv_reopen, because we want to propagate
1330      * the original error */
1331     bdrv_reopen(base, orig_base_flags, NULL);
1332     return;
1333 }
1334