1 /* 2 * Block driver for the QCOW version 2 format 3 * 4 * Copyright (c) 2004-2006 Fabrice Bellard 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu-common.h" 26 #include "block/block_int.h" 27 #include "block/qcow2.h" 28 29 void qcow2_free_snapshots(BlockDriverState *bs) 30 { 31 BDRVQcowState *s = bs->opaque; 32 int i; 33 34 for(i = 0; i < s->nb_snapshots; i++) { 35 g_free(s->snapshots[i].name); 36 g_free(s->snapshots[i].id_str); 37 } 38 g_free(s->snapshots); 39 s->snapshots = NULL; 40 s->nb_snapshots = 0; 41 } 42 43 int qcow2_read_snapshots(BlockDriverState *bs) 44 { 45 BDRVQcowState *s = bs->opaque; 46 QCowSnapshotHeader h; 47 QCowSnapshotExtraData extra; 48 QCowSnapshot *sn; 49 int i, id_str_size, name_size; 50 int64_t offset; 51 uint32_t extra_data_size; 52 int ret; 53 54 if (!s->nb_snapshots) { 55 s->snapshots = NULL; 56 s->snapshots_size = 0; 57 return 0; 58 } 59 60 offset = s->snapshots_offset; 61 s->snapshots = g_new0(QCowSnapshot, s->nb_snapshots); 62 63 for(i = 0; i < s->nb_snapshots; i++) { 64 /* Read statically sized part of the snapshot header */ 65 offset = align_offset(offset, 8); 66 ret = bdrv_pread(bs->file, offset, &h, sizeof(h)); 67 if (ret < 0) { 68 goto fail; 69 } 70 71 offset += sizeof(h); 72 sn = s->snapshots + i; 73 sn->l1_table_offset = be64_to_cpu(h.l1_table_offset); 74 sn->l1_size = be32_to_cpu(h.l1_size); 75 sn->vm_state_size = be32_to_cpu(h.vm_state_size); 76 sn->date_sec = be32_to_cpu(h.date_sec); 77 sn->date_nsec = be32_to_cpu(h.date_nsec); 78 sn->vm_clock_nsec = be64_to_cpu(h.vm_clock_nsec); 79 extra_data_size = be32_to_cpu(h.extra_data_size); 80 81 id_str_size = be16_to_cpu(h.id_str_size); 82 name_size = be16_to_cpu(h.name_size); 83 84 /* Read extra data */ 85 ret = bdrv_pread(bs->file, offset, &extra, 86 MIN(sizeof(extra), extra_data_size)); 87 if (ret < 0) { 88 goto fail; 89 } 90 offset += extra_data_size; 91 92 if (extra_data_size >= 8) { 93 sn->vm_state_size = be64_to_cpu(extra.vm_state_size_large); 94 } 95 96 if (extra_data_size >= 16) { 97 sn->disk_size = be64_to_cpu(extra.disk_size); 98 } else { 99 sn->disk_size = bs->total_sectors * BDRV_SECTOR_SIZE; 100 } 101 102 /* Read snapshot ID */ 103 sn->id_str = g_malloc(id_str_size + 1); 104 ret = bdrv_pread(bs->file, offset, sn->id_str, id_str_size); 105 if (ret < 0) { 106 goto fail; 107 } 108 offset += id_str_size; 109 sn->id_str[id_str_size] = '\0'; 110 111 /* Read snapshot name */ 112 sn->name = g_malloc(name_size + 1); 113 ret = bdrv_pread(bs->file, offset, sn->name, name_size); 114 if (ret < 0) { 115 goto fail; 116 } 117 offset += name_size; 118 sn->name[name_size] = '\0'; 119 120 if (offset - s->snapshots_offset > QCOW_MAX_SNAPSHOTS_SIZE) { 121 ret = -EFBIG; 122 goto fail; 123 } 124 } 125 126 assert(offset - s->snapshots_offset <= INT_MAX); 127 s->snapshots_size = offset - s->snapshots_offset; 128 return 0; 129 130 fail: 131 qcow2_free_snapshots(bs); 132 return ret; 133 } 134 135 /* add at the end of the file a new list of snapshots */ 136 static int qcow2_write_snapshots(BlockDriverState *bs) 137 { 138 BDRVQcowState *s = bs->opaque; 139 QCowSnapshot *sn; 140 QCowSnapshotHeader h; 141 QCowSnapshotExtraData extra; 142 int i, name_size, id_str_size, snapshots_size; 143 struct { 144 uint32_t nb_snapshots; 145 uint64_t snapshots_offset; 146 } QEMU_PACKED header_data; 147 int64_t offset, snapshots_offset = 0; 148 int ret; 149 150 /* compute the size of the snapshots */ 151 offset = 0; 152 for(i = 0; i < s->nb_snapshots; i++) { 153 sn = s->snapshots + i; 154 offset = align_offset(offset, 8); 155 offset += sizeof(h); 156 offset += sizeof(extra); 157 offset += strlen(sn->id_str); 158 offset += strlen(sn->name); 159 160 if (offset > QCOW_MAX_SNAPSHOTS_SIZE) { 161 ret = -EFBIG; 162 goto fail; 163 } 164 } 165 166 assert(offset <= INT_MAX); 167 snapshots_size = offset; 168 169 /* Allocate space for the new snapshot list */ 170 snapshots_offset = qcow2_alloc_clusters(bs, snapshots_size); 171 offset = snapshots_offset; 172 if (offset < 0) { 173 ret = offset; 174 goto fail; 175 } 176 ret = bdrv_flush(bs); 177 if (ret < 0) { 178 goto fail; 179 } 180 181 /* The snapshot list position has not yet been updated, so these clusters 182 * must indeed be completely free */ 183 ret = qcow2_pre_write_overlap_check(bs, 0, offset, snapshots_size); 184 if (ret < 0) { 185 goto fail; 186 } 187 188 189 /* Write all snapshots to the new list */ 190 for(i = 0; i < s->nb_snapshots; i++) { 191 sn = s->snapshots + i; 192 memset(&h, 0, sizeof(h)); 193 h.l1_table_offset = cpu_to_be64(sn->l1_table_offset); 194 h.l1_size = cpu_to_be32(sn->l1_size); 195 /* If it doesn't fit in 32 bit, older implementations should treat it 196 * as a disk-only snapshot rather than truncate the VM state */ 197 if (sn->vm_state_size <= 0xffffffff) { 198 h.vm_state_size = cpu_to_be32(sn->vm_state_size); 199 } 200 h.date_sec = cpu_to_be32(sn->date_sec); 201 h.date_nsec = cpu_to_be32(sn->date_nsec); 202 h.vm_clock_nsec = cpu_to_be64(sn->vm_clock_nsec); 203 h.extra_data_size = cpu_to_be32(sizeof(extra)); 204 205 memset(&extra, 0, sizeof(extra)); 206 extra.vm_state_size_large = cpu_to_be64(sn->vm_state_size); 207 extra.disk_size = cpu_to_be64(sn->disk_size); 208 209 id_str_size = strlen(sn->id_str); 210 name_size = strlen(sn->name); 211 assert(id_str_size <= UINT16_MAX && name_size <= UINT16_MAX); 212 h.id_str_size = cpu_to_be16(id_str_size); 213 h.name_size = cpu_to_be16(name_size); 214 offset = align_offset(offset, 8); 215 216 ret = bdrv_pwrite(bs->file, offset, &h, sizeof(h)); 217 if (ret < 0) { 218 goto fail; 219 } 220 offset += sizeof(h); 221 222 ret = bdrv_pwrite(bs->file, offset, &extra, sizeof(extra)); 223 if (ret < 0) { 224 goto fail; 225 } 226 offset += sizeof(extra); 227 228 ret = bdrv_pwrite(bs->file, offset, sn->id_str, id_str_size); 229 if (ret < 0) { 230 goto fail; 231 } 232 offset += id_str_size; 233 234 ret = bdrv_pwrite(bs->file, offset, sn->name, name_size); 235 if (ret < 0) { 236 goto fail; 237 } 238 offset += name_size; 239 } 240 241 /* 242 * Update the header to point to the new snapshot table. This requires the 243 * new table and its refcounts to be stable on disk. 244 */ 245 ret = bdrv_flush(bs); 246 if (ret < 0) { 247 goto fail; 248 } 249 250 QEMU_BUILD_BUG_ON(offsetof(QCowHeader, snapshots_offset) != 251 offsetof(QCowHeader, nb_snapshots) + sizeof(header_data.nb_snapshots)); 252 253 header_data.nb_snapshots = cpu_to_be32(s->nb_snapshots); 254 header_data.snapshots_offset = cpu_to_be64(snapshots_offset); 255 256 ret = bdrv_pwrite_sync(bs->file, offsetof(QCowHeader, nb_snapshots), 257 &header_data, sizeof(header_data)); 258 if (ret < 0) { 259 goto fail; 260 } 261 262 /* free the old snapshot table */ 263 qcow2_free_clusters(bs, s->snapshots_offset, s->snapshots_size, 264 QCOW2_DISCARD_SNAPSHOT); 265 s->snapshots_offset = snapshots_offset; 266 s->snapshots_size = snapshots_size; 267 return 0; 268 269 fail: 270 if (snapshots_offset > 0) { 271 qcow2_free_clusters(bs, snapshots_offset, snapshots_size, 272 QCOW2_DISCARD_ALWAYS); 273 } 274 return ret; 275 } 276 277 static void find_new_snapshot_id(BlockDriverState *bs, 278 char *id_str, int id_str_size) 279 { 280 BDRVQcowState *s = bs->opaque; 281 QCowSnapshot *sn; 282 int i; 283 unsigned long id, id_max = 0; 284 285 for(i = 0; i < s->nb_snapshots; i++) { 286 sn = s->snapshots + i; 287 id = strtoul(sn->id_str, NULL, 10); 288 if (id > id_max) 289 id_max = id; 290 } 291 snprintf(id_str, id_str_size, "%lu", id_max + 1); 292 } 293 294 static int find_snapshot_by_id_and_name(BlockDriverState *bs, 295 const char *id, 296 const char *name) 297 { 298 BDRVQcowState *s = bs->opaque; 299 int i; 300 301 if (id && name) { 302 for (i = 0; i < s->nb_snapshots; i++) { 303 if (!strcmp(s->snapshots[i].id_str, id) && 304 !strcmp(s->snapshots[i].name, name)) { 305 return i; 306 } 307 } 308 } else if (id) { 309 for (i = 0; i < s->nb_snapshots; i++) { 310 if (!strcmp(s->snapshots[i].id_str, id)) { 311 return i; 312 } 313 } 314 } else if (name) { 315 for (i = 0; i < s->nb_snapshots; i++) { 316 if (!strcmp(s->snapshots[i].name, name)) { 317 return i; 318 } 319 } 320 } 321 322 return -1; 323 } 324 325 static int find_snapshot_by_id_or_name(BlockDriverState *bs, 326 const char *id_or_name) 327 { 328 int ret; 329 330 ret = find_snapshot_by_id_and_name(bs, id_or_name, NULL); 331 if (ret >= 0) { 332 return ret; 333 } 334 return find_snapshot_by_id_and_name(bs, NULL, id_or_name); 335 } 336 337 /* if no id is provided, a new one is constructed */ 338 int qcow2_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info) 339 { 340 BDRVQcowState *s = bs->opaque; 341 QCowSnapshot *new_snapshot_list = NULL; 342 QCowSnapshot *old_snapshot_list = NULL; 343 QCowSnapshot sn1, *sn = &sn1; 344 int i, ret; 345 uint64_t *l1_table = NULL; 346 int64_t l1_table_offset; 347 348 if (s->nb_snapshots >= QCOW_MAX_SNAPSHOTS) { 349 return -EFBIG; 350 } 351 352 memset(sn, 0, sizeof(*sn)); 353 354 /* Generate an ID */ 355 find_new_snapshot_id(bs, sn_info->id_str, sizeof(sn_info->id_str)); 356 357 /* Check that the ID is unique */ 358 if (find_snapshot_by_id_and_name(bs, sn_info->id_str, NULL) >= 0) { 359 return -EEXIST; 360 } 361 362 /* Populate sn with passed data */ 363 sn->id_str = g_strdup(sn_info->id_str); 364 sn->name = g_strdup(sn_info->name); 365 366 sn->disk_size = bs->total_sectors * BDRV_SECTOR_SIZE; 367 sn->vm_state_size = sn_info->vm_state_size; 368 sn->date_sec = sn_info->date_sec; 369 sn->date_nsec = sn_info->date_nsec; 370 sn->vm_clock_nsec = sn_info->vm_clock_nsec; 371 372 /* Allocate the L1 table of the snapshot and copy the current one there. */ 373 l1_table_offset = qcow2_alloc_clusters(bs, s->l1_size * sizeof(uint64_t)); 374 if (l1_table_offset < 0) { 375 ret = l1_table_offset; 376 goto fail; 377 } 378 379 sn->l1_table_offset = l1_table_offset; 380 sn->l1_size = s->l1_size; 381 382 l1_table = g_try_new(uint64_t, s->l1_size); 383 if (s->l1_size && l1_table == NULL) { 384 ret = -ENOMEM; 385 goto fail; 386 } 387 388 for(i = 0; i < s->l1_size; i++) { 389 l1_table[i] = cpu_to_be64(s->l1_table[i]); 390 } 391 392 ret = qcow2_pre_write_overlap_check(bs, 0, sn->l1_table_offset, 393 s->l1_size * sizeof(uint64_t)); 394 if (ret < 0) { 395 goto fail; 396 } 397 398 ret = bdrv_pwrite(bs->file, sn->l1_table_offset, l1_table, 399 s->l1_size * sizeof(uint64_t)); 400 if (ret < 0) { 401 goto fail; 402 } 403 404 g_free(l1_table); 405 l1_table = NULL; 406 407 /* 408 * Increase the refcounts of all clusters and make sure everything is 409 * stable on disk before updating the snapshot table to contain a pointer 410 * to the new L1 table. 411 */ 412 ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 1); 413 if (ret < 0) { 414 goto fail; 415 } 416 417 /* Append the new snapshot to the snapshot list */ 418 new_snapshot_list = g_new(QCowSnapshot, s->nb_snapshots + 1); 419 if (s->snapshots) { 420 memcpy(new_snapshot_list, s->snapshots, 421 s->nb_snapshots * sizeof(QCowSnapshot)); 422 old_snapshot_list = s->snapshots; 423 } 424 s->snapshots = new_snapshot_list; 425 s->snapshots[s->nb_snapshots++] = *sn; 426 427 ret = qcow2_write_snapshots(bs); 428 if (ret < 0) { 429 g_free(s->snapshots); 430 s->snapshots = old_snapshot_list; 431 s->nb_snapshots--; 432 goto fail; 433 } 434 435 g_free(old_snapshot_list); 436 437 /* The VM state isn't needed any more in the active L1 table; in fact, it 438 * hurts by causing expensive COW for the next snapshot. */ 439 qcow2_discard_clusters(bs, qcow2_vm_state_offset(s), 440 align_offset(sn->vm_state_size, s->cluster_size) 441 >> BDRV_SECTOR_BITS, 442 QCOW2_DISCARD_NEVER, false); 443 444 #ifdef DEBUG_ALLOC 445 { 446 BdrvCheckResult result = {0}; 447 qcow2_check_refcounts(bs, &result, 0); 448 } 449 #endif 450 return 0; 451 452 fail: 453 g_free(sn->id_str); 454 g_free(sn->name); 455 g_free(l1_table); 456 457 return ret; 458 } 459 460 /* copy the snapshot 'snapshot_name' into the current disk image */ 461 int qcow2_snapshot_goto(BlockDriverState *bs, const char *snapshot_id) 462 { 463 BDRVQcowState *s = bs->opaque; 464 QCowSnapshot *sn; 465 int i, snapshot_index; 466 int cur_l1_bytes, sn_l1_bytes; 467 int ret; 468 uint64_t *sn_l1_table = NULL; 469 470 /* Search the snapshot */ 471 snapshot_index = find_snapshot_by_id_or_name(bs, snapshot_id); 472 if (snapshot_index < 0) { 473 return -ENOENT; 474 } 475 sn = &s->snapshots[snapshot_index]; 476 477 if (sn->disk_size != bs->total_sectors * BDRV_SECTOR_SIZE) { 478 error_report("qcow2: Loading snapshots with different disk " 479 "size is not implemented"); 480 ret = -ENOTSUP; 481 goto fail; 482 } 483 484 /* 485 * Make sure that the current L1 table is big enough to contain the whole 486 * L1 table of the snapshot. If the snapshot L1 table is smaller, the 487 * current one must be padded with zeros. 488 */ 489 ret = qcow2_grow_l1_table(bs, sn->l1_size, true); 490 if (ret < 0) { 491 goto fail; 492 } 493 494 cur_l1_bytes = s->l1_size * sizeof(uint64_t); 495 sn_l1_bytes = sn->l1_size * sizeof(uint64_t); 496 497 /* 498 * Copy the snapshot L1 table to the current L1 table. 499 * 500 * Before overwriting the old current L1 table on disk, make sure to 501 * increase all refcounts for the clusters referenced by the new one. 502 * Decrease the refcount referenced by the old one only when the L1 503 * table is overwritten. 504 */ 505 sn_l1_table = g_try_malloc0(cur_l1_bytes); 506 if (cur_l1_bytes && sn_l1_table == NULL) { 507 ret = -ENOMEM; 508 goto fail; 509 } 510 511 ret = bdrv_pread(bs->file, sn->l1_table_offset, sn_l1_table, sn_l1_bytes); 512 if (ret < 0) { 513 goto fail; 514 } 515 516 ret = qcow2_update_snapshot_refcount(bs, sn->l1_table_offset, 517 sn->l1_size, 1); 518 if (ret < 0) { 519 goto fail; 520 } 521 522 ret = qcow2_pre_write_overlap_check(bs, QCOW2_OL_ACTIVE_L1, 523 s->l1_table_offset, cur_l1_bytes); 524 if (ret < 0) { 525 goto fail; 526 } 527 528 ret = bdrv_pwrite_sync(bs->file, s->l1_table_offset, sn_l1_table, 529 cur_l1_bytes); 530 if (ret < 0) { 531 goto fail; 532 } 533 534 /* 535 * Decrease refcount of clusters of current L1 table. 536 * 537 * At this point, the in-memory s->l1_table points to the old L1 table, 538 * whereas on disk we already have the new one. 539 * 540 * qcow2_update_snapshot_refcount special cases the current L1 table to use 541 * the in-memory data instead of really using the offset to load a new one, 542 * which is why this works. 543 */ 544 ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, 545 s->l1_size, -1); 546 547 /* 548 * Now update the in-memory L1 table to be in sync with the on-disk one. We 549 * need to do this even if updating refcounts failed. 550 */ 551 for(i = 0;i < s->l1_size; i++) { 552 s->l1_table[i] = be64_to_cpu(sn_l1_table[i]); 553 } 554 555 if (ret < 0) { 556 goto fail; 557 } 558 559 g_free(sn_l1_table); 560 sn_l1_table = NULL; 561 562 /* 563 * Update QCOW_OFLAG_COPIED in the active L1 table (it may have changed 564 * when we decreased the refcount of the old snapshot. 565 */ 566 ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 0); 567 if (ret < 0) { 568 goto fail; 569 } 570 571 #ifdef DEBUG_ALLOC 572 { 573 BdrvCheckResult result = {0}; 574 qcow2_check_refcounts(bs, &result, 0); 575 } 576 #endif 577 return 0; 578 579 fail: 580 g_free(sn_l1_table); 581 return ret; 582 } 583 584 int qcow2_snapshot_delete(BlockDriverState *bs, 585 const char *snapshot_id, 586 const char *name, 587 Error **errp) 588 { 589 BDRVQcowState *s = bs->opaque; 590 QCowSnapshot sn; 591 int snapshot_index, ret; 592 593 /* Search the snapshot */ 594 snapshot_index = find_snapshot_by_id_and_name(bs, snapshot_id, name); 595 if (snapshot_index < 0) { 596 error_setg(errp, "Can't find the snapshot"); 597 return -ENOENT; 598 } 599 sn = s->snapshots[snapshot_index]; 600 601 /* Remove it from the snapshot list */ 602 memmove(s->snapshots + snapshot_index, 603 s->snapshots + snapshot_index + 1, 604 (s->nb_snapshots - snapshot_index - 1) * sizeof(sn)); 605 s->nb_snapshots--; 606 ret = qcow2_write_snapshots(bs); 607 if (ret < 0) { 608 error_setg_errno(errp, -ret, 609 "Failed to remove snapshot from snapshot list"); 610 return ret; 611 } 612 613 /* 614 * The snapshot is now unused, clean up. If we fail after this point, we 615 * won't recover but just leak clusters. 616 */ 617 g_free(sn.id_str); 618 g_free(sn.name); 619 620 /* 621 * Now decrease the refcounts of clusters referenced by the snapshot and 622 * free the L1 table. 623 */ 624 ret = qcow2_update_snapshot_refcount(bs, sn.l1_table_offset, 625 sn.l1_size, -1); 626 if (ret < 0) { 627 error_setg_errno(errp, -ret, "Failed to free the cluster and L1 table"); 628 return ret; 629 } 630 qcow2_free_clusters(bs, sn.l1_table_offset, sn.l1_size * sizeof(uint64_t), 631 QCOW2_DISCARD_SNAPSHOT); 632 633 /* must update the copied flag on the current cluster offsets */ 634 ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 0); 635 if (ret < 0) { 636 error_setg_errno(errp, -ret, 637 "Failed to update snapshot status in disk"); 638 return ret; 639 } 640 641 #ifdef DEBUG_ALLOC 642 { 643 BdrvCheckResult result = {0}; 644 qcow2_check_refcounts(bs, &result, 0); 645 } 646 #endif 647 return 0; 648 } 649 650 int qcow2_snapshot_list(BlockDriverState *bs, QEMUSnapshotInfo **psn_tab) 651 { 652 BDRVQcowState *s = bs->opaque; 653 QEMUSnapshotInfo *sn_tab, *sn_info; 654 QCowSnapshot *sn; 655 int i; 656 657 if (!s->nb_snapshots) { 658 *psn_tab = NULL; 659 return s->nb_snapshots; 660 } 661 662 sn_tab = g_new0(QEMUSnapshotInfo, s->nb_snapshots); 663 for(i = 0; i < s->nb_snapshots; i++) { 664 sn_info = sn_tab + i; 665 sn = s->snapshots + i; 666 pstrcpy(sn_info->id_str, sizeof(sn_info->id_str), 667 sn->id_str); 668 pstrcpy(sn_info->name, sizeof(sn_info->name), 669 sn->name); 670 sn_info->vm_state_size = sn->vm_state_size; 671 sn_info->date_sec = sn->date_sec; 672 sn_info->date_nsec = sn->date_nsec; 673 sn_info->vm_clock_nsec = sn->vm_clock_nsec; 674 } 675 *psn_tab = sn_tab; 676 return s->nb_snapshots; 677 } 678 679 int qcow2_snapshot_load_tmp(BlockDriverState *bs, 680 const char *snapshot_id, 681 const char *name, 682 Error **errp) 683 { 684 int i, snapshot_index; 685 BDRVQcowState *s = bs->opaque; 686 QCowSnapshot *sn; 687 uint64_t *new_l1_table; 688 int new_l1_bytes; 689 int ret; 690 691 assert(bs->read_only); 692 693 /* Search the snapshot */ 694 snapshot_index = find_snapshot_by_id_and_name(bs, snapshot_id, name); 695 if (snapshot_index < 0) { 696 error_setg(errp, 697 "Can't find snapshot"); 698 return -ENOENT; 699 } 700 sn = &s->snapshots[snapshot_index]; 701 702 /* Allocate and read in the snapshot's L1 table */ 703 if (sn->l1_size > QCOW_MAX_L1_SIZE / sizeof(uint64_t)) { 704 error_setg(errp, "Snapshot L1 table too large"); 705 return -EFBIG; 706 } 707 new_l1_bytes = sn->l1_size * sizeof(uint64_t); 708 new_l1_table = qemu_try_blockalign(bs->file, 709 align_offset(new_l1_bytes, 512)); 710 if (new_l1_table == NULL) { 711 return -ENOMEM; 712 } 713 714 ret = bdrv_pread(bs->file, sn->l1_table_offset, new_l1_table, new_l1_bytes); 715 if (ret < 0) { 716 error_setg(errp, "Failed to read l1 table for snapshot"); 717 qemu_vfree(new_l1_table); 718 return ret; 719 } 720 721 /* Switch the L1 table */ 722 qemu_vfree(s->l1_table); 723 724 s->l1_size = sn->l1_size; 725 s->l1_table_offset = sn->l1_table_offset; 726 s->l1_table = new_l1_table; 727 728 for(i = 0;i < s->l1_size; i++) { 729 be64_to_cpus(&s->l1_table[i]); 730 } 731 732 return 0; 733 } 734