1 /* 2 * Block driver for the QCOW version 2 format 3 * 4 * Copyright (c) 2004-2006 Fabrice Bellard 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "sysemu/block-backend.h" 27 #include "qapi/error.h" 28 #include "qcow2.h" 29 #include "qemu/bswap.h" 30 #include "qemu/error-report.h" 31 #include "qemu/cutils.h" 32 #include "qemu/memalign.h" 33 34 static void qcow2_free_single_snapshot(BlockDriverState *bs, int i) 35 { 36 BDRVQcow2State *s = bs->opaque; 37 38 assert(i >= 0 && i < s->nb_snapshots); 39 g_free(s->snapshots[i].name); 40 g_free(s->snapshots[i].id_str); 41 g_free(s->snapshots[i].unknown_extra_data); 42 memset(&s->snapshots[i], 0, sizeof(s->snapshots[i])); 43 } 44 45 void qcow2_free_snapshots(BlockDriverState *bs) 46 { 47 BDRVQcow2State *s = bs->opaque; 48 int i; 49 50 for(i = 0; i < s->nb_snapshots; i++) { 51 qcow2_free_single_snapshot(bs, i); 52 } 53 g_free(s->snapshots); 54 s->snapshots = NULL; 55 s->nb_snapshots = 0; 56 } 57 58 /* 59 * If @repair is true, try to repair a broken snapshot table instead 60 * of just returning an error: 61 * 62 * - If the snapshot table was too long, set *nb_clusters_reduced to 63 * the number of snapshots removed off the end. 64 * The caller will update the on-disk nb_snapshots accordingly; 65 * this leaks clusters, but is safe. 66 * (The on-disk information must be updated before 67 * qcow2_check_refcounts(), because that function relies on 68 * s->nb_snapshots to reflect the on-disk value.) 69 * 70 * - If there were snapshots with too much extra metadata, increment 71 * *extra_data_dropped for each. 72 * This requires the caller to eventually rewrite the whole snapshot 73 * table, which requires cluster allocation. Therefore, this should 74 * be done only after qcow2_check_refcounts() made sure the refcount 75 * structures are valid. 76 * (In the meantime, the image is still valid because 77 * qcow2_check_refcounts() does not do anything with snapshots' 78 * extra data.) 79 */ 80 static coroutine_fn GRAPH_RDLOCK 81 int qcow2_do_read_snapshots(BlockDriverState *bs, bool repair, 82 int *nb_clusters_reduced, 83 int *extra_data_dropped, 84 Error **errp) 85 { 86 BDRVQcow2State *s = bs->opaque; 87 QCowSnapshotHeader h; 88 QCowSnapshotExtraData extra; 89 QCowSnapshot *sn; 90 int i, id_str_size, name_size; 91 int64_t offset, pre_sn_offset; 92 uint64_t table_length = 0; 93 int ret; 94 95 if (!s->nb_snapshots) { 96 s->snapshots = NULL; 97 s->snapshots_size = 0; 98 return 0; 99 } 100 101 offset = s->snapshots_offset; 102 s->snapshots = g_new0(QCowSnapshot, s->nb_snapshots); 103 104 for(i = 0; i < s->nb_snapshots; i++) { 105 bool truncate_unknown_extra_data = false; 106 107 pre_sn_offset = offset; 108 table_length = ROUND_UP(table_length, 8); 109 110 /* Read statically sized part of the snapshot header */ 111 offset = ROUND_UP(offset, 8); 112 ret = bdrv_co_pread(bs->file, offset, sizeof(h), &h, 0); 113 if (ret < 0) { 114 error_setg_errno(errp, -ret, "Failed to read snapshot table"); 115 goto fail; 116 } 117 118 offset += sizeof(h); 119 sn = s->snapshots + i; 120 sn->l1_table_offset = be64_to_cpu(h.l1_table_offset); 121 sn->l1_size = be32_to_cpu(h.l1_size); 122 sn->vm_state_size = be32_to_cpu(h.vm_state_size); 123 sn->date_sec = be32_to_cpu(h.date_sec); 124 sn->date_nsec = be32_to_cpu(h.date_nsec); 125 sn->vm_clock_nsec = be64_to_cpu(h.vm_clock_nsec); 126 sn->extra_data_size = be32_to_cpu(h.extra_data_size); 127 128 id_str_size = be16_to_cpu(h.id_str_size); 129 name_size = be16_to_cpu(h.name_size); 130 131 if (sn->extra_data_size > QCOW_MAX_SNAPSHOT_EXTRA_DATA) { 132 if (!repair) { 133 ret = -EFBIG; 134 error_setg(errp, "Too much extra metadata in snapshot table " 135 "entry %i", i); 136 error_append_hint(errp, "You can force-remove this extra " 137 "metadata with qemu-img check -r all\n"); 138 goto fail; 139 } 140 141 fprintf(stderr, "Discarding too much extra metadata in snapshot " 142 "table entry %i (%" PRIu32 " > %u)\n", 143 i, sn->extra_data_size, QCOW_MAX_SNAPSHOT_EXTRA_DATA); 144 145 (*extra_data_dropped)++; 146 truncate_unknown_extra_data = true; 147 } 148 149 /* Read known extra data */ 150 ret = bdrv_co_pread(bs->file, offset, 151 MIN(sizeof(extra), sn->extra_data_size), &extra, 0); 152 if (ret < 0) { 153 error_setg_errno(errp, -ret, "Failed to read snapshot table"); 154 goto fail; 155 } 156 offset += MIN(sizeof(extra), sn->extra_data_size); 157 158 if (sn->extra_data_size >= endof(QCowSnapshotExtraData, 159 vm_state_size_large)) { 160 sn->vm_state_size = be64_to_cpu(extra.vm_state_size_large); 161 } 162 163 if (sn->extra_data_size >= endof(QCowSnapshotExtraData, disk_size)) { 164 sn->disk_size = be64_to_cpu(extra.disk_size); 165 } else { 166 sn->disk_size = bs->total_sectors * BDRV_SECTOR_SIZE; 167 } 168 169 if (sn->extra_data_size >= endof(QCowSnapshotExtraData, icount)) { 170 sn->icount = be64_to_cpu(extra.icount); 171 } else { 172 sn->icount = -1ULL; 173 } 174 175 if (sn->extra_data_size > sizeof(extra)) { 176 uint64_t extra_data_end; 177 size_t unknown_extra_data_size; 178 179 extra_data_end = offset + sn->extra_data_size - sizeof(extra); 180 181 if (truncate_unknown_extra_data) { 182 sn->extra_data_size = QCOW_MAX_SNAPSHOT_EXTRA_DATA; 183 } 184 185 /* Store unknown extra data */ 186 unknown_extra_data_size = sn->extra_data_size - sizeof(extra); 187 sn->unknown_extra_data = g_malloc(unknown_extra_data_size); 188 ret = bdrv_co_pread(bs->file, offset, unknown_extra_data_size, 189 sn->unknown_extra_data, 0); 190 if (ret < 0) { 191 error_setg_errno(errp, -ret, 192 "Failed to read snapshot table"); 193 goto fail; 194 } 195 offset = extra_data_end; 196 } 197 198 /* Read snapshot ID */ 199 sn->id_str = g_malloc(id_str_size + 1); 200 ret = bdrv_co_pread(bs->file, offset, id_str_size, sn->id_str, 0); 201 if (ret < 0) { 202 error_setg_errno(errp, -ret, "Failed to read snapshot table"); 203 goto fail; 204 } 205 offset += id_str_size; 206 sn->id_str[id_str_size] = '\0'; 207 208 /* Read snapshot name */ 209 sn->name = g_malloc(name_size + 1); 210 ret = bdrv_co_pread(bs->file, offset, name_size, sn->name, 0); 211 if (ret < 0) { 212 error_setg_errno(errp, -ret, "Failed to read snapshot table"); 213 goto fail; 214 } 215 offset += name_size; 216 sn->name[name_size] = '\0'; 217 218 /* Note that the extra data may have been truncated */ 219 table_length += sizeof(h) + sn->extra_data_size + id_str_size + 220 name_size; 221 if (!repair) { 222 assert(table_length == offset - s->snapshots_offset); 223 } 224 225 if (table_length > QCOW_MAX_SNAPSHOTS_SIZE || 226 offset - s->snapshots_offset > INT_MAX) 227 { 228 if (!repair) { 229 ret = -EFBIG; 230 error_setg(errp, "Snapshot table is too big"); 231 error_append_hint(errp, "You can force-remove all %u " 232 "overhanging snapshots with qemu-img check " 233 "-r all\n", s->nb_snapshots - i); 234 goto fail; 235 } 236 237 fprintf(stderr, "Discarding %u overhanging snapshots (snapshot " 238 "table is too big)\n", s->nb_snapshots - i); 239 240 *nb_clusters_reduced += (s->nb_snapshots - i); 241 242 /* Discard current snapshot also */ 243 qcow2_free_single_snapshot(bs, i); 244 245 /* 246 * This leaks all the rest of the snapshot table and the 247 * snapshots' clusters, but we run in check -r all mode, 248 * so qcow2_check_refcounts() will take care of it. 249 */ 250 s->nb_snapshots = i; 251 offset = pre_sn_offset; 252 break; 253 } 254 } 255 256 assert(offset - s->snapshots_offset <= INT_MAX); 257 s->snapshots_size = offset - s->snapshots_offset; 258 return 0; 259 260 fail: 261 qcow2_free_snapshots(bs); 262 return ret; 263 } 264 265 int coroutine_fn qcow2_read_snapshots(BlockDriverState *bs, Error **errp) 266 { 267 return qcow2_do_read_snapshots(bs, false, NULL, NULL, errp); 268 } 269 270 /* add at the end of the file a new list of snapshots */ 271 int qcow2_write_snapshots(BlockDriverState *bs) 272 { 273 BDRVQcow2State *s = bs->opaque; 274 QCowSnapshot *sn; 275 QCowSnapshotHeader h; 276 QCowSnapshotExtraData extra; 277 int i, name_size, id_str_size, snapshots_size; 278 struct { 279 uint32_t nb_snapshots; 280 uint64_t snapshots_offset; 281 } QEMU_PACKED header_data; 282 int64_t offset, snapshots_offset = 0; 283 int ret; 284 285 /* compute the size of the snapshots */ 286 offset = 0; 287 for(i = 0; i < s->nb_snapshots; i++) { 288 sn = s->snapshots + i; 289 offset = ROUND_UP(offset, 8); 290 offset += sizeof(h); 291 offset += MAX(sizeof(extra), sn->extra_data_size); 292 offset += strlen(sn->id_str); 293 offset += strlen(sn->name); 294 295 if (offset > QCOW_MAX_SNAPSHOTS_SIZE) { 296 ret = -EFBIG; 297 goto fail; 298 } 299 } 300 301 assert(offset <= INT_MAX); 302 snapshots_size = offset; 303 304 /* Allocate space for the new snapshot list */ 305 snapshots_offset = qcow2_alloc_clusters(bs, snapshots_size); 306 offset = snapshots_offset; 307 if (offset < 0) { 308 ret = offset; 309 goto fail; 310 } 311 ret = bdrv_flush(bs); 312 if (ret < 0) { 313 goto fail; 314 } 315 316 /* The snapshot list position has not yet been updated, so these clusters 317 * must indeed be completely free */ 318 ret = qcow2_pre_write_overlap_check(bs, 0, offset, snapshots_size, false); 319 if (ret < 0) { 320 goto fail; 321 } 322 323 324 /* Write all snapshots to the new list */ 325 for(i = 0; i < s->nb_snapshots; i++) { 326 sn = s->snapshots + i; 327 memset(&h, 0, sizeof(h)); 328 h.l1_table_offset = cpu_to_be64(sn->l1_table_offset); 329 h.l1_size = cpu_to_be32(sn->l1_size); 330 /* If it doesn't fit in 32 bit, older implementations should treat it 331 * as a disk-only snapshot rather than truncate the VM state */ 332 if (sn->vm_state_size <= 0xffffffff) { 333 h.vm_state_size = cpu_to_be32(sn->vm_state_size); 334 } 335 h.date_sec = cpu_to_be32(sn->date_sec); 336 h.date_nsec = cpu_to_be32(sn->date_nsec); 337 h.vm_clock_nsec = cpu_to_be64(sn->vm_clock_nsec); 338 h.extra_data_size = cpu_to_be32(MAX(sizeof(extra), 339 sn->extra_data_size)); 340 341 memset(&extra, 0, sizeof(extra)); 342 extra.vm_state_size_large = cpu_to_be64(sn->vm_state_size); 343 extra.disk_size = cpu_to_be64(sn->disk_size); 344 extra.icount = cpu_to_be64(sn->icount); 345 346 id_str_size = strlen(sn->id_str); 347 name_size = strlen(sn->name); 348 assert(id_str_size <= UINT16_MAX && name_size <= UINT16_MAX); 349 h.id_str_size = cpu_to_be16(id_str_size); 350 h.name_size = cpu_to_be16(name_size); 351 offset = ROUND_UP(offset, 8); 352 353 ret = bdrv_pwrite(bs->file, offset, sizeof(h), &h, 0); 354 if (ret < 0) { 355 goto fail; 356 } 357 offset += sizeof(h); 358 359 ret = bdrv_pwrite(bs->file, offset, sizeof(extra), &extra, 0); 360 if (ret < 0) { 361 goto fail; 362 } 363 offset += sizeof(extra); 364 365 if (sn->extra_data_size > sizeof(extra)) { 366 size_t unknown_extra_data_size = 367 sn->extra_data_size - sizeof(extra); 368 369 /* qcow2_read_snapshots() ensures no unbounded allocation */ 370 assert(unknown_extra_data_size <= BDRV_REQUEST_MAX_BYTES); 371 assert(sn->unknown_extra_data); 372 373 ret = bdrv_pwrite(bs->file, offset, unknown_extra_data_size, 374 sn->unknown_extra_data, 0); 375 if (ret < 0) { 376 goto fail; 377 } 378 offset += unknown_extra_data_size; 379 } 380 381 ret = bdrv_pwrite(bs->file, offset, id_str_size, sn->id_str, 0); 382 if (ret < 0) { 383 goto fail; 384 } 385 offset += id_str_size; 386 387 ret = bdrv_pwrite(bs->file, offset, name_size, sn->name, 0); 388 if (ret < 0) { 389 goto fail; 390 } 391 offset += name_size; 392 } 393 394 /* 395 * Update the header to point to the new snapshot table. This requires the 396 * new table and its refcounts to be stable on disk. 397 */ 398 ret = bdrv_flush(bs); 399 if (ret < 0) { 400 goto fail; 401 } 402 403 QEMU_BUILD_BUG_ON(offsetof(QCowHeader, snapshots_offset) != 404 endof(QCowHeader, nb_snapshots)); 405 406 header_data.nb_snapshots = cpu_to_be32(s->nb_snapshots); 407 header_data.snapshots_offset = cpu_to_be64(snapshots_offset); 408 409 ret = bdrv_pwrite_sync(bs->file, offsetof(QCowHeader, nb_snapshots), 410 sizeof(header_data), &header_data, 0); 411 if (ret < 0) { 412 goto fail; 413 } 414 415 /* free the old snapshot table */ 416 qcow2_free_clusters(bs, s->snapshots_offset, s->snapshots_size, 417 QCOW2_DISCARD_SNAPSHOT); 418 s->snapshots_offset = snapshots_offset; 419 s->snapshots_size = snapshots_size; 420 return 0; 421 422 fail: 423 if (snapshots_offset > 0) { 424 qcow2_free_clusters(bs, snapshots_offset, snapshots_size, 425 QCOW2_DISCARD_ALWAYS); 426 } 427 return ret; 428 } 429 430 int coroutine_fn qcow2_check_read_snapshot_table(BlockDriverState *bs, 431 BdrvCheckResult *result, 432 BdrvCheckMode fix) 433 { 434 BDRVQcow2State *s = bs->opaque; 435 Error *local_err = NULL; 436 int nb_clusters_reduced = 0; 437 int extra_data_dropped = 0; 438 int ret; 439 struct { 440 uint32_t nb_snapshots; 441 uint64_t snapshots_offset; 442 } QEMU_PACKED snapshot_table_pointer; 443 444 /* qcow2_do_open() discards this information in check mode */ 445 ret = bdrv_co_pread(bs->file, offsetof(QCowHeader, nb_snapshots), 446 sizeof(snapshot_table_pointer), &snapshot_table_pointer, 447 0); 448 if (ret < 0) { 449 result->check_errors++; 450 fprintf(stderr, "ERROR failed to read the snapshot table pointer from " 451 "the image header: %s\n", strerror(-ret)); 452 return ret; 453 } 454 455 s->snapshots_offset = be64_to_cpu(snapshot_table_pointer.snapshots_offset); 456 s->nb_snapshots = be32_to_cpu(snapshot_table_pointer.nb_snapshots); 457 458 if (s->nb_snapshots > QCOW_MAX_SNAPSHOTS && (fix & BDRV_FIX_ERRORS)) { 459 fprintf(stderr, "Discarding %u overhanging snapshots\n", 460 s->nb_snapshots - QCOW_MAX_SNAPSHOTS); 461 462 nb_clusters_reduced += s->nb_snapshots - QCOW_MAX_SNAPSHOTS; 463 s->nb_snapshots = QCOW_MAX_SNAPSHOTS; 464 } 465 466 ret = qcow2_validate_table(bs, s->snapshots_offset, s->nb_snapshots, 467 sizeof(QCowSnapshotHeader), 468 sizeof(QCowSnapshotHeader) * QCOW_MAX_SNAPSHOTS, 469 "snapshot table", &local_err); 470 if (ret < 0) { 471 result->check_errors++; 472 error_reportf_err(local_err, "ERROR "); 473 474 if (s->nb_snapshots > QCOW_MAX_SNAPSHOTS) { 475 fprintf(stderr, "You can force-remove all %u overhanging snapshots " 476 "with qemu-img check -r all\n", 477 s->nb_snapshots - QCOW_MAX_SNAPSHOTS); 478 } 479 480 /* We did not read the snapshot table, so invalidate this information */ 481 s->snapshots_offset = 0; 482 s->nb_snapshots = 0; 483 484 return ret; 485 } 486 487 qemu_co_mutex_unlock(&s->lock); 488 ret = qcow2_do_read_snapshots(bs, fix & BDRV_FIX_ERRORS, 489 &nb_clusters_reduced, &extra_data_dropped, 490 &local_err); 491 qemu_co_mutex_lock(&s->lock); 492 if (ret < 0) { 493 result->check_errors++; 494 error_reportf_err(local_err, 495 "ERROR failed to read the snapshot table: "); 496 497 /* We did not read the snapshot table, so invalidate this information */ 498 s->snapshots_offset = 0; 499 s->nb_snapshots = 0; 500 501 return ret; 502 } 503 result->corruptions += nb_clusters_reduced + extra_data_dropped; 504 505 if (nb_clusters_reduced) { 506 /* 507 * Update image header now, because: 508 * (1) qcow2_check_refcounts() relies on s->nb_snapshots to be 509 * the same as what the image header says, 510 * (2) this leaks clusters, but qcow2_check_refcounts() will 511 * fix that. 512 */ 513 assert(fix & BDRV_FIX_ERRORS); 514 515 snapshot_table_pointer.nb_snapshots = cpu_to_be32(s->nb_snapshots); 516 ret = bdrv_co_pwrite_sync(bs->file, offsetof(QCowHeader, nb_snapshots), 517 sizeof(snapshot_table_pointer.nb_snapshots), 518 &snapshot_table_pointer.nb_snapshots, 0); 519 if (ret < 0) { 520 result->check_errors++; 521 fprintf(stderr, "ERROR failed to update the snapshot count in the " 522 "image header: %s\n", strerror(-ret)); 523 return ret; 524 } 525 526 result->corruptions_fixed += nb_clusters_reduced; 527 result->corruptions -= nb_clusters_reduced; 528 } 529 530 /* 531 * All of v3 images' snapshot table entries need to have at least 532 * 16 bytes of extra data. 533 */ 534 if (s->qcow_version >= 3) { 535 int i; 536 for (i = 0; i < s->nb_snapshots; i++) { 537 if (s->snapshots[i].extra_data_size < 538 sizeof_field(QCowSnapshotExtraData, vm_state_size_large) + 539 sizeof_field(QCowSnapshotExtraData, disk_size)) 540 { 541 result->corruptions++; 542 fprintf(stderr, "%s snapshot table entry %i is incomplete\n", 543 fix & BDRV_FIX_ERRORS ? "Repairing" : "ERROR", i); 544 } 545 } 546 } 547 548 return 0; 549 } 550 551 int coroutine_fn qcow2_check_fix_snapshot_table(BlockDriverState *bs, 552 BdrvCheckResult *result, 553 BdrvCheckMode fix) 554 { 555 BDRVQcow2State *s = bs->opaque; 556 int ret; 557 558 if (result->corruptions && (fix & BDRV_FIX_ERRORS)) { 559 qemu_co_mutex_unlock(&s->lock); 560 ret = qcow2_write_snapshots(bs); 561 qemu_co_mutex_lock(&s->lock); 562 if (ret < 0) { 563 result->check_errors++; 564 fprintf(stderr, "ERROR failed to update snapshot table: %s\n", 565 strerror(-ret)); 566 return ret; 567 } 568 569 result->corruptions_fixed += result->corruptions; 570 result->corruptions = 0; 571 } 572 573 return 0; 574 } 575 576 static void find_new_snapshot_id(BlockDriverState *bs, 577 char *id_str, int id_str_size) 578 { 579 BDRVQcow2State *s = bs->opaque; 580 QCowSnapshot *sn; 581 int i; 582 unsigned long id, id_max = 0; 583 584 for(i = 0; i < s->nb_snapshots; i++) { 585 sn = s->snapshots + i; 586 id = strtoul(sn->id_str, NULL, 10); 587 if (id > id_max) 588 id_max = id; 589 } 590 snprintf(id_str, id_str_size, "%lu", id_max + 1); 591 } 592 593 static int find_snapshot_by_id_and_name(BlockDriverState *bs, 594 const char *id, 595 const char *name) 596 { 597 BDRVQcow2State *s = bs->opaque; 598 int i; 599 600 if (id && name) { 601 for (i = 0; i < s->nb_snapshots; i++) { 602 if (!strcmp(s->snapshots[i].id_str, id) && 603 !strcmp(s->snapshots[i].name, name)) { 604 return i; 605 } 606 } 607 } else if (id) { 608 for (i = 0; i < s->nb_snapshots; i++) { 609 if (!strcmp(s->snapshots[i].id_str, id)) { 610 return i; 611 } 612 } 613 } else if (name) { 614 for (i = 0; i < s->nb_snapshots; i++) { 615 if (!strcmp(s->snapshots[i].name, name)) { 616 return i; 617 } 618 } 619 } 620 621 return -1; 622 } 623 624 static int find_snapshot_by_id_or_name(BlockDriverState *bs, 625 const char *id_or_name) 626 { 627 int ret; 628 629 ret = find_snapshot_by_id_and_name(bs, id_or_name, NULL); 630 if (ret >= 0) { 631 return ret; 632 } 633 return find_snapshot_by_id_and_name(bs, NULL, id_or_name); 634 } 635 636 /* if no id is provided, a new one is constructed */ 637 int qcow2_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info) 638 { 639 BDRVQcow2State *s = bs->opaque; 640 QCowSnapshot *new_snapshot_list = NULL; 641 QCowSnapshot *old_snapshot_list = NULL; 642 QCowSnapshot sn1, *sn = &sn1; 643 int i, ret; 644 uint64_t *l1_table = NULL; 645 int64_t l1_table_offset; 646 647 if (s->nb_snapshots >= QCOW_MAX_SNAPSHOTS) { 648 return -EFBIG; 649 } 650 651 if (has_data_file(bs)) { 652 return -ENOTSUP; 653 } 654 655 memset(sn, 0, sizeof(*sn)); 656 657 /* Generate an ID */ 658 find_new_snapshot_id(bs, sn_info->id_str, sizeof(sn_info->id_str)); 659 660 /* Populate sn with passed data */ 661 sn->id_str = g_strdup(sn_info->id_str); 662 sn->name = g_strdup(sn_info->name); 663 664 sn->disk_size = bs->total_sectors * BDRV_SECTOR_SIZE; 665 sn->vm_state_size = sn_info->vm_state_size; 666 sn->date_sec = sn_info->date_sec; 667 sn->date_nsec = sn_info->date_nsec; 668 sn->vm_clock_nsec = sn_info->vm_clock_nsec; 669 sn->icount = sn_info->icount; 670 sn->extra_data_size = sizeof(QCowSnapshotExtraData); 671 672 /* Allocate the L1 table of the snapshot and copy the current one there. */ 673 l1_table_offset = qcow2_alloc_clusters(bs, s->l1_size * L1E_SIZE); 674 if (l1_table_offset < 0) { 675 ret = l1_table_offset; 676 goto fail; 677 } 678 679 sn->l1_table_offset = l1_table_offset; 680 sn->l1_size = s->l1_size; 681 682 l1_table = g_try_new(uint64_t, s->l1_size); 683 if (s->l1_size && l1_table == NULL) { 684 ret = -ENOMEM; 685 goto fail; 686 } 687 688 for(i = 0; i < s->l1_size; i++) { 689 l1_table[i] = cpu_to_be64(s->l1_table[i]); 690 } 691 692 ret = qcow2_pre_write_overlap_check(bs, 0, sn->l1_table_offset, 693 s->l1_size * L1E_SIZE, false); 694 if (ret < 0) { 695 goto fail; 696 } 697 698 ret = bdrv_pwrite(bs->file, sn->l1_table_offset, s->l1_size * L1E_SIZE, 699 l1_table, 0); 700 if (ret < 0) { 701 goto fail; 702 } 703 704 g_free(l1_table); 705 l1_table = NULL; 706 707 /* 708 * Increase the refcounts of all clusters and make sure everything is 709 * stable on disk before updating the snapshot table to contain a pointer 710 * to the new L1 table. 711 */ 712 ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 1); 713 if (ret < 0) { 714 goto fail; 715 } 716 717 /* Append the new snapshot to the snapshot list */ 718 new_snapshot_list = g_new(QCowSnapshot, s->nb_snapshots + 1); 719 if (s->snapshots) { 720 memcpy(new_snapshot_list, s->snapshots, 721 s->nb_snapshots * sizeof(QCowSnapshot)); 722 old_snapshot_list = s->snapshots; 723 } 724 s->snapshots = new_snapshot_list; 725 s->snapshots[s->nb_snapshots++] = *sn; 726 727 ret = qcow2_write_snapshots(bs); 728 if (ret < 0) { 729 g_free(s->snapshots); 730 s->snapshots = old_snapshot_list; 731 s->nb_snapshots--; 732 goto fail; 733 } 734 735 g_free(old_snapshot_list); 736 737 /* The VM state isn't needed any more in the active L1 table; in fact, it 738 * hurts by causing expensive COW for the next snapshot. */ 739 qcow2_cluster_discard(bs, qcow2_vm_state_offset(s), 740 ROUND_UP(sn->vm_state_size, s->cluster_size), 741 QCOW2_DISCARD_NEVER, false); 742 743 #ifdef DEBUG_ALLOC 744 { 745 BdrvCheckResult result = {0}; 746 qcow2_check_refcounts(bs, &result, 0); 747 } 748 #endif 749 return 0; 750 751 fail: 752 g_free(sn->id_str); 753 g_free(sn->name); 754 g_free(l1_table); 755 756 return ret; 757 } 758 759 /* copy the snapshot 'snapshot_name' into the current disk image */ 760 int qcow2_snapshot_goto(BlockDriverState *bs, const char *snapshot_id) 761 { 762 BDRVQcow2State *s = bs->opaque; 763 QCowSnapshot *sn; 764 Error *local_err = NULL; 765 int i, snapshot_index; 766 int cur_l1_bytes, sn_l1_bytes; 767 int ret; 768 uint64_t *sn_l1_table = NULL; 769 770 if (has_data_file(bs)) { 771 return -ENOTSUP; 772 } 773 774 /* Search the snapshot */ 775 snapshot_index = find_snapshot_by_id_or_name(bs, snapshot_id); 776 if (snapshot_index < 0) { 777 return -ENOENT; 778 } 779 sn = &s->snapshots[snapshot_index]; 780 781 ret = qcow2_validate_table(bs, sn->l1_table_offset, sn->l1_size, 782 L1E_SIZE, QCOW_MAX_L1_SIZE, 783 "Snapshot L1 table", &local_err); 784 if (ret < 0) { 785 error_report_err(local_err); 786 goto fail; 787 } 788 789 if (sn->disk_size != bs->total_sectors * BDRV_SECTOR_SIZE) { 790 BlockBackend *blk = blk_new_with_bs(bs, BLK_PERM_RESIZE, BLK_PERM_ALL, 791 &local_err); 792 if (!blk) { 793 error_report_err(local_err); 794 ret = -ENOTSUP; 795 goto fail; 796 } 797 798 ret = blk_truncate(blk, sn->disk_size, true, PREALLOC_MODE_OFF, 0, 799 &local_err); 800 blk_unref(blk); 801 if (ret < 0) { 802 error_report_err(local_err); 803 goto fail; 804 } 805 } 806 807 /* 808 * Make sure that the current L1 table is big enough to contain the whole 809 * L1 table of the snapshot. If the snapshot L1 table is smaller, the 810 * current one must be padded with zeros. 811 */ 812 ret = qcow2_grow_l1_table(bs, sn->l1_size, true); 813 if (ret < 0) { 814 goto fail; 815 } 816 817 cur_l1_bytes = s->l1_size * L1E_SIZE; 818 sn_l1_bytes = sn->l1_size * L1E_SIZE; 819 820 /* 821 * Copy the snapshot L1 table to the current L1 table. 822 * 823 * Before overwriting the old current L1 table on disk, make sure to 824 * increase all refcounts for the clusters referenced by the new one. 825 * Decrease the refcount referenced by the old one only when the L1 826 * table is overwritten. 827 */ 828 sn_l1_table = g_try_malloc0(cur_l1_bytes); 829 if (cur_l1_bytes && sn_l1_table == NULL) { 830 ret = -ENOMEM; 831 goto fail; 832 } 833 834 ret = bdrv_pread(bs->file, sn->l1_table_offset, sn_l1_bytes, sn_l1_table, 835 0); 836 if (ret < 0) { 837 goto fail; 838 } 839 840 ret = qcow2_update_snapshot_refcount(bs, sn->l1_table_offset, 841 sn->l1_size, 1); 842 if (ret < 0) { 843 goto fail; 844 } 845 846 ret = qcow2_pre_write_overlap_check(bs, QCOW2_OL_ACTIVE_L1, 847 s->l1_table_offset, cur_l1_bytes, 848 false); 849 if (ret < 0) { 850 goto fail; 851 } 852 853 ret = bdrv_pwrite_sync(bs->file, s->l1_table_offset, cur_l1_bytes, 854 sn_l1_table, 0); 855 if (ret < 0) { 856 goto fail; 857 } 858 859 /* 860 * Decrease refcount of clusters of current L1 table. 861 * 862 * At this point, the in-memory s->l1_table points to the old L1 table, 863 * whereas on disk we already have the new one. 864 * 865 * qcow2_update_snapshot_refcount special cases the current L1 table to use 866 * the in-memory data instead of really using the offset to load a new one, 867 * which is why this works. 868 */ 869 ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, 870 s->l1_size, -1); 871 872 /* 873 * Now update the in-memory L1 table to be in sync with the on-disk one. We 874 * need to do this even if updating refcounts failed. 875 */ 876 for(i = 0;i < s->l1_size; i++) { 877 s->l1_table[i] = be64_to_cpu(sn_l1_table[i]); 878 } 879 880 if (ret < 0) { 881 goto fail; 882 } 883 884 g_free(sn_l1_table); 885 sn_l1_table = NULL; 886 887 /* 888 * Update QCOW_OFLAG_COPIED in the active L1 table (it may have changed 889 * when we decreased the refcount of the old snapshot. 890 */ 891 ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 0); 892 if (ret < 0) { 893 goto fail; 894 } 895 896 #ifdef DEBUG_ALLOC 897 { 898 BdrvCheckResult result = {0}; 899 qcow2_check_refcounts(bs, &result, 0); 900 } 901 #endif 902 return 0; 903 904 fail: 905 g_free(sn_l1_table); 906 return ret; 907 } 908 909 int qcow2_snapshot_delete(BlockDriverState *bs, 910 const char *snapshot_id, 911 const char *name, 912 Error **errp) 913 { 914 BDRVQcow2State *s = bs->opaque; 915 QCowSnapshot sn; 916 int snapshot_index, ret; 917 918 if (has_data_file(bs)) { 919 return -ENOTSUP; 920 } 921 922 /* Search the snapshot */ 923 snapshot_index = find_snapshot_by_id_and_name(bs, snapshot_id, name); 924 if (snapshot_index < 0) { 925 error_setg(errp, "Can't find the snapshot"); 926 return -ENOENT; 927 } 928 sn = s->snapshots[snapshot_index]; 929 930 ret = qcow2_validate_table(bs, sn.l1_table_offset, sn.l1_size, 931 L1E_SIZE, QCOW_MAX_L1_SIZE, 932 "Snapshot L1 table", errp); 933 if (ret < 0) { 934 return ret; 935 } 936 937 /* Remove it from the snapshot list */ 938 memmove(s->snapshots + snapshot_index, 939 s->snapshots + snapshot_index + 1, 940 (s->nb_snapshots - snapshot_index - 1) * sizeof(sn)); 941 s->nb_snapshots--; 942 ret = qcow2_write_snapshots(bs); 943 if (ret < 0) { 944 error_setg_errno(errp, -ret, 945 "Failed to remove snapshot from snapshot list"); 946 return ret; 947 } 948 949 /* 950 * The snapshot is now unused, clean up. If we fail after this point, we 951 * won't recover but just leak clusters. 952 */ 953 g_free(sn.unknown_extra_data); 954 g_free(sn.id_str); 955 g_free(sn.name); 956 957 /* 958 * Now decrease the refcounts of clusters referenced by the snapshot and 959 * free the L1 table. 960 */ 961 ret = qcow2_update_snapshot_refcount(bs, sn.l1_table_offset, 962 sn.l1_size, -1); 963 if (ret < 0) { 964 error_setg_errno(errp, -ret, "Failed to free the cluster and L1 table"); 965 return ret; 966 } 967 qcow2_free_clusters(bs, sn.l1_table_offset, sn.l1_size * L1E_SIZE, 968 QCOW2_DISCARD_SNAPSHOT); 969 970 /* must update the copied flag on the current cluster offsets */ 971 ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 0); 972 if (ret < 0) { 973 error_setg_errno(errp, -ret, 974 "Failed to update snapshot status in disk"); 975 return ret; 976 } 977 978 #ifdef DEBUG_ALLOC 979 { 980 BdrvCheckResult result = {0}; 981 qcow2_check_refcounts(bs, &result, 0); 982 } 983 #endif 984 return 0; 985 } 986 987 int qcow2_snapshot_list(BlockDriverState *bs, QEMUSnapshotInfo **psn_tab) 988 { 989 BDRVQcow2State *s = bs->opaque; 990 QEMUSnapshotInfo *sn_tab, *sn_info; 991 QCowSnapshot *sn; 992 int i; 993 994 if (has_data_file(bs)) { 995 return -ENOTSUP; 996 } 997 if (!s->nb_snapshots) { 998 *psn_tab = NULL; 999 return s->nb_snapshots; 1000 } 1001 1002 sn_tab = g_new0(QEMUSnapshotInfo, s->nb_snapshots); 1003 for(i = 0; i < s->nb_snapshots; i++) { 1004 sn_info = sn_tab + i; 1005 sn = s->snapshots + i; 1006 pstrcpy(sn_info->id_str, sizeof(sn_info->id_str), 1007 sn->id_str); 1008 pstrcpy(sn_info->name, sizeof(sn_info->name), 1009 sn->name); 1010 sn_info->vm_state_size = sn->vm_state_size; 1011 sn_info->date_sec = sn->date_sec; 1012 sn_info->date_nsec = sn->date_nsec; 1013 sn_info->vm_clock_nsec = sn->vm_clock_nsec; 1014 sn_info->icount = sn->icount; 1015 } 1016 *psn_tab = sn_tab; 1017 return s->nb_snapshots; 1018 } 1019 1020 int qcow2_snapshot_load_tmp(BlockDriverState *bs, 1021 const char *snapshot_id, 1022 const char *name, 1023 Error **errp) 1024 { 1025 int i, snapshot_index; 1026 BDRVQcow2State *s = bs->opaque; 1027 QCowSnapshot *sn; 1028 uint64_t *new_l1_table; 1029 int new_l1_bytes; 1030 int ret; 1031 1032 assert(bdrv_is_read_only(bs)); 1033 1034 /* Search the snapshot */ 1035 snapshot_index = find_snapshot_by_id_and_name(bs, snapshot_id, name); 1036 if (snapshot_index < 0) { 1037 error_setg(errp, 1038 "Can't find snapshot"); 1039 return -ENOENT; 1040 } 1041 sn = &s->snapshots[snapshot_index]; 1042 1043 /* Allocate and read in the snapshot's L1 table */ 1044 ret = qcow2_validate_table(bs, sn->l1_table_offset, sn->l1_size, 1045 L1E_SIZE, QCOW_MAX_L1_SIZE, 1046 "Snapshot L1 table", errp); 1047 if (ret < 0) { 1048 return ret; 1049 } 1050 new_l1_bytes = sn->l1_size * L1E_SIZE; 1051 new_l1_table = qemu_try_blockalign(bs->file->bs, new_l1_bytes); 1052 if (new_l1_table == NULL) { 1053 return -ENOMEM; 1054 } 1055 1056 ret = bdrv_pread(bs->file, sn->l1_table_offset, new_l1_bytes, 1057 new_l1_table, 0); 1058 if (ret < 0) { 1059 error_setg(errp, "Failed to read l1 table for snapshot"); 1060 qemu_vfree(new_l1_table); 1061 return ret; 1062 } 1063 1064 /* Switch the L1 table */ 1065 qemu_vfree(s->l1_table); 1066 1067 s->l1_size = sn->l1_size; 1068 s->l1_table_offset = sn->l1_table_offset; 1069 s->l1_table = new_l1_table; 1070 1071 for(i = 0;i < s->l1_size; i++) { 1072 be64_to_cpus(&s->l1_table[i]); 1073 } 1074 1075 return 0; 1076 } 1077