1 /* 2 * Block driver for the QCOW version 2 format 3 * 4 * Copyright (c) 2004-2006 Fabrice Bellard 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "sysemu/block-backend.h" 27 #include "qapi/error.h" 28 #include "qcow2.h" 29 #include "qemu/bswap.h" 30 #include "qemu/error-report.h" 31 #include "qemu/cutils.h" 32 #include "qemu/memalign.h" 33 34 static void qcow2_free_single_snapshot(BlockDriverState *bs, int i) 35 { 36 BDRVQcow2State *s = bs->opaque; 37 38 assert(i >= 0 && i < s->nb_snapshots); 39 g_free(s->snapshots[i].name); 40 g_free(s->snapshots[i].id_str); 41 g_free(s->snapshots[i].unknown_extra_data); 42 memset(&s->snapshots[i], 0, sizeof(s->snapshots[i])); 43 } 44 45 void qcow2_free_snapshots(BlockDriverState *bs) 46 { 47 BDRVQcow2State *s = bs->opaque; 48 int i; 49 50 for(i = 0; i < s->nb_snapshots; i++) { 51 qcow2_free_single_snapshot(bs, i); 52 } 53 g_free(s->snapshots); 54 s->snapshots = NULL; 55 s->nb_snapshots = 0; 56 } 57 58 /* 59 * If @repair is true, try to repair a broken snapshot table instead 60 * of just returning an error: 61 * 62 * - If the snapshot table was too long, set *nb_clusters_reduced to 63 * the number of snapshots removed off the end. 64 * The caller will update the on-disk nb_snapshots accordingly; 65 * this leaks clusters, but is safe. 66 * (The on-disk information must be updated before 67 * qcow2_check_refcounts(), because that function relies on 68 * s->nb_snapshots to reflect the on-disk value.) 69 * 70 * - If there were snapshots with too much extra metadata, increment 71 * *extra_data_dropped for each. 72 * This requires the caller to eventually rewrite the whole snapshot 73 * table, which requires cluster allocation. Therefore, this should 74 * be done only after qcow2_check_refcounts() made sure the refcount 75 * structures are valid. 76 * (In the meantime, the image is still valid because 77 * qcow2_check_refcounts() does not do anything with snapshots' 78 * extra data.) 79 */ 80 static int qcow2_do_read_snapshots(BlockDriverState *bs, bool repair, 81 int *nb_clusters_reduced, 82 int *extra_data_dropped, 83 Error **errp) 84 { 85 BDRVQcow2State *s = bs->opaque; 86 QCowSnapshotHeader h; 87 QCowSnapshotExtraData extra; 88 QCowSnapshot *sn; 89 int i, id_str_size, name_size; 90 int64_t offset, pre_sn_offset; 91 uint64_t table_length = 0; 92 int ret; 93 94 if (!s->nb_snapshots) { 95 s->snapshots = NULL; 96 s->snapshots_size = 0; 97 return 0; 98 } 99 100 offset = s->snapshots_offset; 101 s->snapshots = g_new0(QCowSnapshot, s->nb_snapshots); 102 103 for(i = 0; i < s->nb_snapshots; i++) { 104 bool truncate_unknown_extra_data = false; 105 106 pre_sn_offset = offset; 107 table_length = ROUND_UP(table_length, 8); 108 109 /* Read statically sized part of the snapshot header */ 110 offset = ROUND_UP(offset, 8); 111 ret = bdrv_pread(bs->file, offset, sizeof(h), &h, 0); 112 if (ret < 0) { 113 error_setg_errno(errp, -ret, "Failed to read snapshot table"); 114 goto fail; 115 } 116 117 offset += sizeof(h); 118 sn = s->snapshots + i; 119 sn->l1_table_offset = be64_to_cpu(h.l1_table_offset); 120 sn->l1_size = be32_to_cpu(h.l1_size); 121 sn->vm_state_size = be32_to_cpu(h.vm_state_size); 122 sn->date_sec = be32_to_cpu(h.date_sec); 123 sn->date_nsec = be32_to_cpu(h.date_nsec); 124 sn->vm_clock_nsec = be64_to_cpu(h.vm_clock_nsec); 125 sn->extra_data_size = be32_to_cpu(h.extra_data_size); 126 127 id_str_size = be16_to_cpu(h.id_str_size); 128 name_size = be16_to_cpu(h.name_size); 129 130 if (sn->extra_data_size > QCOW_MAX_SNAPSHOT_EXTRA_DATA) { 131 if (!repair) { 132 ret = -EFBIG; 133 error_setg(errp, "Too much extra metadata in snapshot table " 134 "entry %i", i); 135 error_append_hint(errp, "You can force-remove this extra " 136 "metadata with qemu-img check -r all\n"); 137 goto fail; 138 } 139 140 fprintf(stderr, "Discarding too much extra metadata in snapshot " 141 "table entry %i (%" PRIu32 " > %u)\n", 142 i, sn->extra_data_size, QCOW_MAX_SNAPSHOT_EXTRA_DATA); 143 144 (*extra_data_dropped)++; 145 truncate_unknown_extra_data = true; 146 } 147 148 /* Read known extra data */ 149 ret = bdrv_pread(bs->file, offset, 150 MIN(sizeof(extra), sn->extra_data_size), &extra, 0); 151 if (ret < 0) { 152 error_setg_errno(errp, -ret, "Failed to read snapshot table"); 153 goto fail; 154 } 155 offset += MIN(sizeof(extra), sn->extra_data_size); 156 157 if (sn->extra_data_size >= endof(QCowSnapshotExtraData, 158 vm_state_size_large)) { 159 sn->vm_state_size = be64_to_cpu(extra.vm_state_size_large); 160 } 161 162 if (sn->extra_data_size >= endof(QCowSnapshotExtraData, disk_size)) { 163 sn->disk_size = be64_to_cpu(extra.disk_size); 164 } else { 165 sn->disk_size = bs->total_sectors * BDRV_SECTOR_SIZE; 166 } 167 168 if (sn->extra_data_size >= endof(QCowSnapshotExtraData, icount)) { 169 sn->icount = be64_to_cpu(extra.icount); 170 } else { 171 sn->icount = -1ULL; 172 } 173 174 if (sn->extra_data_size > sizeof(extra)) { 175 uint64_t extra_data_end; 176 size_t unknown_extra_data_size; 177 178 extra_data_end = offset + sn->extra_data_size - sizeof(extra); 179 180 if (truncate_unknown_extra_data) { 181 sn->extra_data_size = QCOW_MAX_SNAPSHOT_EXTRA_DATA; 182 } 183 184 /* Store unknown extra data */ 185 unknown_extra_data_size = sn->extra_data_size - sizeof(extra); 186 sn->unknown_extra_data = g_malloc(unknown_extra_data_size); 187 ret = bdrv_pread(bs->file, offset, unknown_extra_data_size, 188 sn->unknown_extra_data, 0); 189 if (ret < 0) { 190 error_setg_errno(errp, -ret, 191 "Failed to read snapshot table"); 192 goto fail; 193 } 194 offset = extra_data_end; 195 } 196 197 /* Read snapshot ID */ 198 sn->id_str = g_malloc(id_str_size + 1); 199 ret = bdrv_pread(bs->file, offset, id_str_size, sn->id_str, 0); 200 if (ret < 0) { 201 error_setg_errno(errp, -ret, "Failed to read snapshot table"); 202 goto fail; 203 } 204 offset += id_str_size; 205 sn->id_str[id_str_size] = '\0'; 206 207 /* Read snapshot name */ 208 sn->name = g_malloc(name_size + 1); 209 ret = bdrv_pread(bs->file, offset, name_size, sn->name, 0); 210 if (ret < 0) { 211 error_setg_errno(errp, -ret, "Failed to read snapshot table"); 212 goto fail; 213 } 214 offset += name_size; 215 sn->name[name_size] = '\0'; 216 217 /* Note that the extra data may have been truncated */ 218 table_length += sizeof(h) + sn->extra_data_size + id_str_size + 219 name_size; 220 if (!repair) { 221 assert(table_length == offset - s->snapshots_offset); 222 } 223 224 if (table_length > QCOW_MAX_SNAPSHOTS_SIZE || 225 offset - s->snapshots_offset > INT_MAX) 226 { 227 if (!repair) { 228 ret = -EFBIG; 229 error_setg(errp, "Snapshot table is too big"); 230 error_append_hint(errp, "You can force-remove all %u " 231 "overhanging snapshots with qemu-img check " 232 "-r all\n", s->nb_snapshots - i); 233 goto fail; 234 } 235 236 fprintf(stderr, "Discarding %u overhanging snapshots (snapshot " 237 "table is too big)\n", s->nb_snapshots - i); 238 239 *nb_clusters_reduced += (s->nb_snapshots - i); 240 241 /* Discard current snapshot also */ 242 qcow2_free_single_snapshot(bs, i); 243 244 /* 245 * This leaks all the rest of the snapshot table and the 246 * snapshots' clusters, but we run in check -r all mode, 247 * so qcow2_check_refcounts() will take care of it. 248 */ 249 s->nb_snapshots = i; 250 offset = pre_sn_offset; 251 break; 252 } 253 } 254 255 assert(offset - s->snapshots_offset <= INT_MAX); 256 s->snapshots_size = offset - s->snapshots_offset; 257 return 0; 258 259 fail: 260 qcow2_free_snapshots(bs); 261 return ret; 262 } 263 264 int qcow2_read_snapshots(BlockDriverState *bs, Error **errp) 265 { 266 return qcow2_do_read_snapshots(bs, false, NULL, NULL, errp); 267 } 268 269 /* add at the end of the file a new list of snapshots */ 270 int qcow2_write_snapshots(BlockDriverState *bs) 271 { 272 BDRVQcow2State *s = bs->opaque; 273 QCowSnapshot *sn; 274 QCowSnapshotHeader h; 275 QCowSnapshotExtraData extra; 276 int i, name_size, id_str_size, snapshots_size; 277 struct { 278 uint32_t nb_snapshots; 279 uint64_t snapshots_offset; 280 } QEMU_PACKED header_data; 281 int64_t offset, snapshots_offset = 0; 282 int ret; 283 284 /* compute the size of the snapshots */ 285 offset = 0; 286 for(i = 0; i < s->nb_snapshots; i++) { 287 sn = s->snapshots + i; 288 offset = ROUND_UP(offset, 8); 289 offset += sizeof(h); 290 offset += MAX(sizeof(extra), sn->extra_data_size); 291 offset += strlen(sn->id_str); 292 offset += strlen(sn->name); 293 294 if (offset > QCOW_MAX_SNAPSHOTS_SIZE) { 295 ret = -EFBIG; 296 goto fail; 297 } 298 } 299 300 assert(offset <= INT_MAX); 301 snapshots_size = offset; 302 303 /* Allocate space for the new snapshot list */ 304 snapshots_offset = qcow2_alloc_clusters(bs, snapshots_size); 305 offset = snapshots_offset; 306 if (offset < 0) { 307 ret = offset; 308 goto fail; 309 } 310 ret = bdrv_flush(bs); 311 if (ret < 0) { 312 goto fail; 313 } 314 315 /* The snapshot list position has not yet been updated, so these clusters 316 * must indeed be completely free */ 317 ret = qcow2_pre_write_overlap_check(bs, 0, offset, snapshots_size, false); 318 if (ret < 0) { 319 goto fail; 320 } 321 322 323 /* Write all snapshots to the new list */ 324 for(i = 0; i < s->nb_snapshots; i++) { 325 sn = s->snapshots + i; 326 memset(&h, 0, sizeof(h)); 327 h.l1_table_offset = cpu_to_be64(sn->l1_table_offset); 328 h.l1_size = cpu_to_be32(sn->l1_size); 329 /* If it doesn't fit in 32 bit, older implementations should treat it 330 * as a disk-only snapshot rather than truncate the VM state */ 331 if (sn->vm_state_size <= 0xffffffff) { 332 h.vm_state_size = cpu_to_be32(sn->vm_state_size); 333 } 334 h.date_sec = cpu_to_be32(sn->date_sec); 335 h.date_nsec = cpu_to_be32(sn->date_nsec); 336 h.vm_clock_nsec = cpu_to_be64(sn->vm_clock_nsec); 337 h.extra_data_size = cpu_to_be32(MAX(sizeof(extra), 338 sn->extra_data_size)); 339 340 memset(&extra, 0, sizeof(extra)); 341 extra.vm_state_size_large = cpu_to_be64(sn->vm_state_size); 342 extra.disk_size = cpu_to_be64(sn->disk_size); 343 extra.icount = cpu_to_be64(sn->icount); 344 345 id_str_size = strlen(sn->id_str); 346 name_size = strlen(sn->name); 347 assert(id_str_size <= UINT16_MAX && name_size <= UINT16_MAX); 348 h.id_str_size = cpu_to_be16(id_str_size); 349 h.name_size = cpu_to_be16(name_size); 350 offset = ROUND_UP(offset, 8); 351 352 ret = bdrv_pwrite(bs->file, offset, sizeof(h), &h, 0); 353 if (ret < 0) { 354 goto fail; 355 } 356 offset += sizeof(h); 357 358 ret = bdrv_pwrite(bs->file, offset, sizeof(extra), &extra, 0); 359 if (ret < 0) { 360 goto fail; 361 } 362 offset += sizeof(extra); 363 364 if (sn->extra_data_size > sizeof(extra)) { 365 size_t unknown_extra_data_size = 366 sn->extra_data_size - sizeof(extra); 367 368 /* qcow2_read_snapshots() ensures no unbounded allocation */ 369 assert(unknown_extra_data_size <= BDRV_REQUEST_MAX_BYTES); 370 assert(sn->unknown_extra_data); 371 372 ret = bdrv_pwrite(bs->file, offset, unknown_extra_data_size, 373 sn->unknown_extra_data, 0); 374 if (ret < 0) { 375 goto fail; 376 } 377 offset += unknown_extra_data_size; 378 } 379 380 ret = bdrv_pwrite(bs->file, offset, id_str_size, sn->id_str, 0); 381 if (ret < 0) { 382 goto fail; 383 } 384 offset += id_str_size; 385 386 ret = bdrv_pwrite(bs->file, offset, name_size, sn->name, 0); 387 if (ret < 0) { 388 goto fail; 389 } 390 offset += name_size; 391 } 392 393 /* 394 * Update the header to point to the new snapshot table. This requires the 395 * new table and its refcounts to be stable on disk. 396 */ 397 ret = bdrv_flush(bs); 398 if (ret < 0) { 399 goto fail; 400 } 401 402 QEMU_BUILD_BUG_ON(offsetof(QCowHeader, snapshots_offset) != 403 endof(QCowHeader, nb_snapshots)); 404 405 header_data.nb_snapshots = cpu_to_be32(s->nb_snapshots); 406 header_data.snapshots_offset = cpu_to_be64(snapshots_offset); 407 408 ret = bdrv_pwrite_sync(bs->file, offsetof(QCowHeader, nb_snapshots), 409 sizeof(header_data), &header_data, 0); 410 if (ret < 0) { 411 goto fail; 412 } 413 414 /* free the old snapshot table */ 415 qcow2_free_clusters(bs, s->snapshots_offset, s->snapshots_size, 416 QCOW2_DISCARD_SNAPSHOT); 417 s->snapshots_offset = snapshots_offset; 418 s->snapshots_size = snapshots_size; 419 return 0; 420 421 fail: 422 if (snapshots_offset > 0) { 423 qcow2_free_clusters(bs, snapshots_offset, snapshots_size, 424 QCOW2_DISCARD_ALWAYS); 425 } 426 return ret; 427 } 428 429 int coroutine_fn qcow2_check_read_snapshot_table(BlockDriverState *bs, 430 BdrvCheckResult *result, 431 BdrvCheckMode fix) 432 { 433 BDRVQcow2State *s = bs->opaque; 434 Error *local_err = NULL; 435 int nb_clusters_reduced = 0; 436 int extra_data_dropped = 0; 437 int ret; 438 struct { 439 uint32_t nb_snapshots; 440 uint64_t snapshots_offset; 441 } QEMU_PACKED snapshot_table_pointer; 442 443 /* qcow2_do_open() discards this information in check mode */ 444 ret = bdrv_co_pread(bs->file, offsetof(QCowHeader, nb_snapshots), 445 sizeof(snapshot_table_pointer), &snapshot_table_pointer, 446 0); 447 if (ret < 0) { 448 result->check_errors++; 449 fprintf(stderr, "ERROR failed to read the snapshot table pointer from " 450 "the image header: %s\n", strerror(-ret)); 451 return ret; 452 } 453 454 s->snapshots_offset = be64_to_cpu(snapshot_table_pointer.snapshots_offset); 455 s->nb_snapshots = be32_to_cpu(snapshot_table_pointer.nb_snapshots); 456 457 if (s->nb_snapshots > QCOW_MAX_SNAPSHOTS && (fix & BDRV_FIX_ERRORS)) { 458 fprintf(stderr, "Discarding %u overhanging snapshots\n", 459 s->nb_snapshots - QCOW_MAX_SNAPSHOTS); 460 461 nb_clusters_reduced += s->nb_snapshots - QCOW_MAX_SNAPSHOTS; 462 s->nb_snapshots = QCOW_MAX_SNAPSHOTS; 463 } 464 465 ret = qcow2_validate_table(bs, s->snapshots_offset, s->nb_snapshots, 466 sizeof(QCowSnapshotHeader), 467 sizeof(QCowSnapshotHeader) * QCOW_MAX_SNAPSHOTS, 468 "snapshot table", &local_err); 469 if (ret < 0) { 470 result->check_errors++; 471 error_reportf_err(local_err, "ERROR "); 472 473 if (s->nb_snapshots > QCOW_MAX_SNAPSHOTS) { 474 fprintf(stderr, "You can force-remove all %u overhanging snapshots " 475 "with qemu-img check -r all\n", 476 s->nb_snapshots - QCOW_MAX_SNAPSHOTS); 477 } 478 479 /* We did not read the snapshot table, so invalidate this information */ 480 s->snapshots_offset = 0; 481 s->nb_snapshots = 0; 482 483 return ret; 484 } 485 486 qemu_co_mutex_unlock(&s->lock); 487 ret = qcow2_do_read_snapshots(bs, fix & BDRV_FIX_ERRORS, 488 &nb_clusters_reduced, &extra_data_dropped, 489 &local_err); 490 qemu_co_mutex_lock(&s->lock); 491 if (ret < 0) { 492 result->check_errors++; 493 error_reportf_err(local_err, 494 "ERROR failed to read the snapshot table: "); 495 496 /* We did not read the snapshot table, so invalidate this information */ 497 s->snapshots_offset = 0; 498 s->nb_snapshots = 0; 499 500 return ret; 501 } 502 result->corruptions += nb_clusters_reduced + extra_data_dropped; 503 504 if (nb_clusters_reduced) { 505 /* 506 * Update image header now, because: 507 * (1) qcow2_check_refcounts() relies on s->nb_snapshots to be 508 * the same as what the image header says, 509 * (2) this leaks clusters, but qcow2_check_refcounts() will 510 * fix that. 511 */ 512 assert(fix & BDRV_FIX_ERRORS); 513 514 snapshot_table_pointer.nb_snapshots = cpu_to_be32(s->nb_snapshots); 515 ret = bdrv_co_pwrite_sync(bs->file, offsetof(QCowHeader, nb_snapshots), 516 sizeof(snapshot_table_pointer.nb_snapshots), 517 &snapshot_table_pointer.nb_snapshots, 0); 518 if (ret < 0) { 519 result->check_errors++; 520 fprintf(stderr, "ERROR failed to update the snapshot count in the " 521 "image header: %s\n", strerror(-ret)); 522 return ret; 523 } 524 525 result->corruptions_fixed += nb_clusters_reduced; 526 result->corruptions -= nb_clusters_reduced; 527 } 528 529 /* 530 * All of v3 images' snapshot table entries need to have at least 531 * 16 bytes of extra data. 532 */ 533 if (s->qcow_version >= 3) { 534 int i; 535 for (i = 0; i < s->nb_snapshots; i++) { 536 if (s->snapshots[i].extra_data_size < 537 sizeof_field(QCowSnapshotExtraData, vm_state_size_large) + 538 sizeof_field(QCowSnapshotExtraData, disk_size)) 539 { 540 result->corruptions++; 541 fprintf(stderr, "%s snapshot table entry %i is incomplete\n", 542 fix & BDRV_FIX_ERRORS ? "Repairing" : "ERROR", i); 543 } 544 } 545 } 546 547 return 0; 548 } 549 550 int coroutine_fn qcow2_check_fix_snapshot_table(BlockDriverState *bs, 551 BdrvCheckResult *result, 552 BdrvCheckMode fix) 553 { 554 BDRVQcow2State *s = bs->opaque; 555 int ret; 556 557 if (result->corruptions && (fix & BDRV_FIX_ERRORS)) { 558 qemu_co_mutex_unlock(&s->lock); 559 ret = qcow2_write_snapshots(bs); 560 qemu_co_mutex_lock(&s->lock); 561 if (ret < 0) { 562 result->check_errors++; 563 fprintf(stderr, "ERROR failed to update snapshot table: %s\n", 564 strerror(-ret)); 565 return ret; 566 } 567 568 result->corruptions_fixed += result->corruptions; 569 result->corruptions = 0; 570 } 571 572 return 0; 573 } 574 575 static void find_new_snapshot_id(BlockDriverState *bs, 576 char *id_str, int id_str_size) 577 { 578 BDRVQcow2State *s = bs->opaque; 579 QCowSnapshot *sn; 580 int i; 581 unsigned long id, id_max = 0; 582 583 for(i = 0; i < s->nb_snapshots; i++) { 584 sn = s->snapshots + i; 585 id = strtoul(sn->id_str, NULL, 10); 586 if (id > id_max) 587 id_max = id; 588 } 589 snprintf(id_str, id_str_size, "%lu", id_max + 1); 590 } 591 592 static int find_snapshot_by_id_and_name(BlockDriverState *bs, 593 const char *id, 594 const char *name) 595 { 596 BDRVQcow2State *s = bs->opaque; 597 int i; 598 599 if (id && name) { 600 for (i = 0; i < s->nb_snapshots; i++) { 601 if (!strcmp(s->snapshots[i].id_str, id) && 602 !strcmp(s->snapshots[i].name, name)) { 603 return i; 604 } 605 } 606 } else if (id) { 607 for (i = 0; i < s->nb_snapshots; i++) { 608 if (!strcmp(s->snapshots[i].id_str, id)) { 609 return i; 610 } 611 } 612 } else if (name) { 613 for (i = 0; i < s->nb_snapshots; i++) { 614 if (!strcmp(s->snapshots[i].name, name)) { 615 return i; 616 } 617 } 618 } 619 620 return -1; 621 } 622 623 static int find_snapshot_by_id_or_name(BlockDriverState *bs, 624 const char *id_or_name) 625 { 626 int ret; 627 628 ret = find_snapshot_by_id_and_name(bs, id_or_name, NULL); 629 if (ret >= 0) { 630 return ret; 631 } 632 return find_snapshot_by_id_and_name(bs, NULL, id_or_name); 633 } 634 635 /* if no id is provided, a new one is constructed */ 636 int qcow2_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info) 637 { 638 BDRVQcow2State *s = bs->opaque; 639 QCowSnapshot *new_snapshot_list = NULL; 640 QCowSnapshot *old_snapshot_list = NULL; 641 QCowSnapshot sn1, *sn = &sn1; 642 int i, ret; 643 uint64_t *l1_table = NULL; 644 int64_t l1_table_offset; 645 646 if (s->nb_snapshots >= QCOW_MAX_SNAPSHOTS) { 647 return -EFBIG; 648 } 649 650 if (has_data_file(bs)) { 651 return -ENOTSUP; 652 } 653 654 memset(sn, 0, sizeof(*sn)); 655 656 /* Generate an ID */ 657 find_new_snapshot_id(bs, sn_info->id_str, sizeof(sn_info->id_str)); 658 659 /* Populate sn with passed data */ 660 sn->id_str = g_strdup(sn_info->id_str); 661 sn->name = g_strdup(sn_info->name); 662 663 sn->disk_size = bs->total_sectors * BDRV_SECTOR_SIZE; 664 sn->vm_state_size = sn_info->vm_state_size; 665 sn->date_sec = sn_info->date_sec; 666 sn->date_nsec = sn_info->date_nsec; 667 sn->vm_clock_nsec = sn_info->vm_clock_nsec; 668 sn->icount = sn_info->icount; 669 sn->extra_data_size = sizeof(QCowSnapshotExtraData); 670 671 /* Allocate the L1 table of the snapshot and copy the current one there. */ 672 l1_table_offset = qcow2_alloc_clusters(bs, s->l1_size * L1E_SIZE); 673 if (l1_table_offset < 0) { 674 ret = l1_table_offset; 675 goto fail; 676 } 677 678 sn->l1_table_offset = l1_table_offset; 679 sn->l1_size = s->l1_size; 680 681 l1_table = g_try_new(uint64_t, s->l1_size); 682 if (s->l1_size && l1_table == NULL) { 683 ret = -ENOMEM; 684 goto fail; 685 } 686 687 for(i = 0; i < s->l1_size; i++) { 688 l1_table[i] = cpu_to_be64(s->l1_table[i]); 689 } 690 691 ret = qcow2_pre_write_overlap_check(bs, 0, sn->l1_table_offset, 692 s->l1_size * L1E_SIZE, false); 693 if (ret < 0) { 694 goto fail; 695 } 696 697 ret = bdrv_pwrite(bs->file, sn->l1_table_offset, s->l1_size * L1E_SIZE, 698 l1_table, 0); 699 if (ret < 0) { 700 goto fail; 701 } 702 703 g_free(l1_table); 704 l1_table = NULL; 705 706 /* 707 * Increase the refcounts of all clusters and make sure everything is 708 * stable on disk before updating the snapshot table to contain a pointer 709 * to the new L1 table. 710 */ 711 ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 1); 712 if (ret < 0) { 713 goto fail; 714 } 715 716 /* Append the new snapshot to the snapshot list */ 717 new_snapshot_list = g_new(QCowSnapshot, s->nb_snapshots + 1); 718 if (s->snapshots) { 719 memcpy(new_snapshot_list, s->snapshots, 720 s->nb_snapshots * sizeof(QCowSnapshot)); 721 old_snapshot_list = s->snapshots; 722 } 723 s->snapshots = new_snapshot_list; 724 s->snapshots[s->nb_snapshots++] = *sn; 725 726 ret = qcow2_write_snapshots(bs); 727 if (ret < 0) { 728 g_free(s->snapshots); 729 s->snapshots = old_snapshot_list; 730 s->nb_snapshots--; 731 goto fail; 732 } 733 734 g_free(old_snapshot_list); 735 736 /* The VM state isn't needed any more in the active L1 table; in fact, it 737 * hurts by causing expensive COW for the next snapshot. */ 738 qcow2_cluster_discard(bs, qcow2_vm_state_offset(s), 739 ROUND_UP(sn->vm_state_size, s->cluster_size), 740 QCOW2_DISCARD_NEVER, false); 741 742 #ifdef DEBUG_ALLOC 743 { 744 BdrvCheckResult result = {0}; 745 qcow2_check_refcounts(bs, &result, 0); 746 } 747 #endif 748 return 0; 749 750 fail: 751 g_free(sn->id_str); 752 g_free(sn->name); 753 g_free(l1_table); 754 755 return ret; 756 } 757 758 /* copy the snapshot 'snapshot_name' into the current disk image */ 759 int qcow2_snapshot_goto(BlockDriverState *bs, const char *snapshot_id) 760 { 761 BDRVQcow2State *s = bs->opaque; 762 QCowSnapshot *sn; 763 Error *local_err = NULL; 764 int i, snapshot_index; 765 int cur_l1_bytes, sn_l1_bytes; 766 int ret; 767 uint64_t *sn_l1_table = NULL; 768 769 if (has_data_file(bs)) { 770 return -ENOTSUP; 771 } 772 773 /* Search the snapshot */ 774 snapshot_index = find_snapshot_by_id_or_name(bs, snapshot_id); 775 if (snapshot_index < 0) { 776 return -ENOENT; 777 } 778 sn = &s->snapshots[snapshot_index]; 779 780 ret = qcow2_validate_table(bs, sn->l1_table_offset, sn->l1_size, 781 L1E_SIZE, QCOW_MAX_L1_SIZE, 782 "Snapshot L1 table", &local_err); 783 if (ret < 0) { 784 error_report_err(local_err); 785 goto fail; 786 } 787 788 if (sn->disk_size != bs->total_sectors * BDRV_SECTOR_SIZE) { 789 BlockBackend *blk = blk_new_with_bs(bs, BLK_PERM_RESIZE, BLK_PERM_ALL, 790 &local_err); 791 if (!blk) { 792 error_report_err(local_err); 793 ret = -ENOTSUP; 794 goto fail; 795 } 796 797 ret = blk_truncate(blk, sn->disk_size, true, PREALLOC_MODE_OFF, 0, 798 &local_err); 799 blk_unref(blk); 800 if (ret < 0) { 801 error_report_err(local_err); 802 goto fail; 803 } 804 } 805 806 /* 807 * Make sure that the current L1 table is big enough to contain the whole 808 * L1 table of the snapshot. If the snapshot L1 table is smaller, the 809 * current one must be padded with zeros. 810 */ 811 ret = qcow2_grow_l1_table(bs, sn->l1_size, true); 812 if (ret < 0) { 813 goto fail; 814 } 815 816 cur_l1_bytes = s->l1_size * L1E_SIZE; 817 sn_l1_bytes = sn->l1_size * L1E_SIZE; 818 819 /* 820 * Copy the snapshot L1 table to the current L1 table. 821 * 822 * Before overwriting the old current L1 table on disk, make sure to 823 * increase all refcounts for the clusters referenced by the new one. 824 * Decrease the refcount referenced by the old one only when the L1 825 * table is overwritten. 826 */ 827 sn_l1_table = g_try_malloc0(cur_l1_bytes); 828 if (cur_l1_bytes && sn_l1_table == NULL) { 829 ret = -ENOMEM; 830 goto fail; 831 } 832 833 ret = bdrv_pread(bs->file, sn->l1_table_offset, sn_l1_bytes, sn_l1_table, 834 0); 835 if (ret < 0) { 836 goto fail; 837 } 838 839 ret = qcow2_update_snapshot_refcount(bs, sn->l1_table_offset, 840 sn->l1_size, 1); 841 if (ret < 0) { 842 goto fail; 843 } 844 845 ret = qcow2_pre_write_overlap_check(bs, QCOW2_OL_ACTIVE_L1, 846 s->l1_table_offset, cur_l1_bytes, 847 false); 848 if (ret < 0) { 849 goto fail; 850 } 851 852 ret = bdrv_pwrite_sync(bs->file, s->l1_table_offset, cur_l1_bytes, 853 sn_l1_table, 0); 854 if (ret < 0) { 855 goto fail; 856 } 857 858 /* 859 * Decrease refcount of clusters of current L1 table. 860 * 861 * At this point, the in-memory s->l1_table points to the old L1 table, 862 * whereas on disk we already have the new one. 863 * 864 * qcow2_update_snapshot_refcount special cases the current L1 table to use 865 * the in-memory data instead of really using the offset to load a new one, 866 * which is why this works. 867 */ 868 ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, 869 s->l1_size, -1); 870 871 /* 872 * Now update the in-memory L1 table to be in sync with the on-disk one. We 873 * need to do this even if updating refcounts failed. 874 */ 875 for(i = 0;i < s->l1_size; i++) { 876 s->l1_table[i] = be64_to_cpu(sn_l1_table[i]); 877 } 878 879 if (ret < 0) { 880 goto fail; 881 } 882 883 g_free(sn_l1_table); 884 sn_l1_table = NULL; 885 886 /* 887 * Update QCOW_OFLAG_COPIED in the active L1 table (it may have changed 888 * when we decreased the refcount of the old snapshot. 889 */ 890 ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 0); 891 if (ret < 0) { 892 goto fail; 893 } 894 895 #ifdef DEBUG_ALLOC 896 { 897 BdrvCheckResult result = {0}; 898 qcow2_check_refcounts(bs, &result, 0); 899 } 900 #endif 901 return 0; 902 903 fail: 904 g_free(sn_l1_table); 905 return ret; 906 } 907 908 int qcow2_snapshot_delete(BlockDriverState *bs, 909 const char *snapshot_id, 910 const char *name, 911 Error **errp) 912 { 913 BDRVQcow2State *s = bs->opaque; 914 QCowSnapshot sn; 915 int snapshot_index, ret; 916 917 if (has_data_file(bs)) { 918 return -ENOTSUP; 919 } 920 921 /* Search the snapshot */ 922 snapshot_index = find_snapshot_by_id_and_name(bs, snapshot_id, name); 923 if (snapshot_index < 0) { 924 error_setg(errp, "Can't find the snapshot"); 925 return -ENOENT; 926 } 927 sn = s->snapshots[snapshot_index]; 928 929 ret = qcow2_validate_table(bs, sn.l1_table_offset, sn.l1_size, 930 L1E_SIZE, QCOW_MAX_L1_SIZE, 931 "Snapshot L1 table", errp); 932 if (ret < 0) { 933 return ret; 934 } 935 936 /* Remove it from the snapshot list */ 937 memmove(s->snapshots + snapshot_index, 938 s->snapshots + snapshot_index + 1, 939 (s->nb_snapshots - snapshot_index - 1) * sizeof(sn)); 940 s->nb_snapshots--; 941 ret = qcow2_write_snapshots(bs); 942 if (ret < 0) { 943 error_setg_errno(errp, -ret, 944 "Failed to remove snapshot from snapshot list"); 945 return ret; 946 } 947 948 /* 949 * The snapshot is now unused, clean up. If we fail after this point, we 950 * won't recover but just leak clusters. 951 */ 952 g_free(sn.unknown_extra_data); 953 g_free(sn.id_str); 954 g_free(sn.name); 955 956 /* 957 * Now decrease the refcounts of clusters referenced by the snapshot and 958 * free the L1 table. 959 */ 960 ret = qcow2_update_snapshot_refcount(bs, sn.l1_table_offset, 961 sn.l1_size, -1); 962 if (ret < 0) { 963 error_setg_errno(errp, -ret, "Failed to free the cluster and L1 table"); 964 return ret; 965 } 966 qcow2_free_clusters(bs, sn.l1_table_offset, sn.l1_size * L1E_SIZE, 967 QCOW2_DISCARD_SNAPSHOT); 968 969 /* must update the copied flag on the current cluster offsets */ 970 ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 0); 971 if (ret < 0) { 972 error_setg_errno(errp, -ret, 973 "Failed to update snapshot status in disk"); 974 return ret; 975 } 976 977 #ifdef DEBUG_ALLOC 978 { 979 BdrvCheckResult result = {0}; 980 qcow2_check_refcounts(bs, &result, 0); 981 } 982 #endif 983 return 0; 984 } 985 986 int qcow2_snapshot_list(BlockDriverState *bs, QEMUSnapshotInfo **psn_tab) 987 { 988 BDRVQcow2State *s = bs->opaque; 989 QEMUSnapshotInfo *sn_tab, *sn_info; 990 QCowSnapshot *sn; 991 int i; 992 993 if (has_data_file(bs)) { 994 return -ENOTSUP; 995 } 996 if (!s->nb_snapshots) { 997 *psn_tab = NULL; 998 return s->nb_snapshots; 999 } 1000 1001 sn_tab = g_new0(QEMUSnapshotInfo, s->nb_snapshots); 1002 for(i = 0; i < s->nb_snapshots; i++) { 1003 sn_info = sn_tab + i; 1004 sn = s->snapshots + i; 1005 pstrcpy(sn_info->id_str, sizeof(sn_info->id_str), 1006 sn->id_str); 1007 pstrcpy(sn_info->name, sizeof(sn_info->name), 1008 sn->name); 1009 sn_info->vm_state_size = sn->vm_state_size; 1010 sn_info->date_sec = sn->date_sec; 1011 sn_info->date_nsec = sn->date_nsec; 1012 sn_info->vm_clock_nsec = sn->vm_clock_nsec; 1013 sn_info->icount = sn->icount; 1014 } 1015 *psn_tab = sn_tab; 1016 return s->nb_snapshots; 1017 } 1018 1019 int qcow2_snapshot_load_tmp(BlockDriverState *bs, 1020 const char *snapshot_id, 1021 const char *name, 1022 Error **errp) 1023 { 1024 int i, snapshot_index; 1025 BDRVQcow2State *s = bs->opaque; 1026 QCowSnapshot *sn; 1027 uint64_t *new_l1_table; 1028 int new_l1_bytes; 1029 int ret; 1030 1031 assert(bdrv_is_read_only(bs)); 1032 1033 /* Search the snapshot */ 1034 snapshot_index = find_snapshot_by_id_and_name(bs, snapshot_id, name); 1035 if (snapshot_index < 0) { 1036 error_setg(errp, 1037 "Can't find snapshot"); 1038 return -ENOENT; 1039 } 1040 sn = &s->snapshots[snapshot_index]; 1041 1042 /* Allocate and read in the snapshot's L1 table */ 1043 ret = qcow2_validate_table(bs, sn->l1_table_offset, sn->l1_size, 1044 L1E_SIZE, QCOW_MAX_L1_SIZE, 1045 "Snapshot L1 table", errp); 1046 if (ret < 0) { 1047 return ret; 1048 } 1049 new_l1_bytes = sn->l1_size * L1E_SIZE; 1050 new_l1_table = qemu_try_blockalign(bs->file->bs, new_l1_bytes); 1051 if (new_l1_table == NULL) { 1052 return -ENOMEM; 1053 } 1054 1055 ret = bdrv_pread(bs->file, sn->l1_table_offset, new_l1_bytes, 1056 new_l1_table, 0); 1057 if (ret < 0) { 1058 error_setg(errp, "Failed to read l1 table for snapshot"); 1059 qemu_vfree(new_l1_table); 1060 return ret; 1061 } 1062 1063 /* Switch the L1 table */ 1064 qemu_vfree(s->l1_table); 1065 1066 s->l1_size = sn->l1_size; 1067 s->l1_table_offset = sn->l1_table_offset; 1068 s->l1_table = new_l1_table; 1069 1070 for(i = 0;i < s->l1_size; i++) { 1071 be64_to_cpus(&s->l1_table[i]); 1072 } 1073 1074 return 0; 1075 } 1076