1 /* 2 * Block driver for the QCOW version 2 format 3 * 4 * Copyright (c) 2004-2006 Fabrice Bellard 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu-common.h" 26 #include "block/block_int.h" 27 #include "block/qcow2.h" 28 29 void qcow2_free_snapshots(BlockDriverState *bs) 30 { 31 BDRVQcowState *s = bs->opaque; 32 int i; 33 34 for(i = 0; i < s->nb_snapshots; i++) { 35 g_free(s->snapshots[i].name); 36 g_free(s->snapshots[i].id_str); 37 } 38 g_free(s->snapshots); 39 s->snapshots = NULL; 40 s->nb_snapshots = 0; 41 } 42 43 int qcow2_read_snapshots(BlockDriverState *bs) 44 { 45 BDRVQcowState *s = bs->opaque; 46 QCowSnapshotHeader h; 47 QCowSnapshotExtraData extra; 48 QCowSnapshot *sn; 49 int i, id_str_size, name_size; 50 int64_t offset; 51 uint32_t extra_data_size; 52 int ret; 53 54 if (!s->nb_snapshots) { 55 s->snapshots = NULL; 56 s->snapshots_size = 0; 57 return 0; 58 } 59 60 offset = s->snapshots_offset; 61 s->snapshots = g_malloc0(s->nb_snapshots * sizeof(QCowSnapshot)); 62 63 for(i = 0; i < s->nb_snapshots; i++) { 64 /* Read statically sized part of the snapshot header */ 65 offset = align_offset(offset, 8); 66 ret = bdrv_pread(bs->file, offset, &h, sizeof(h)); 67 if (ret < 0) { 68 goto fail; 69 } 70 71 offset += sizeof(h); 72 sn = s->snapshots + i; 73 sn->l1_table_offset = be64_to_cpu(h.l1_table_offset); 74 sn->l1_size = be32_to_cpu(h.l1_size); 75 sn->vm_state_size = be32_to_cpu(h.vm_state_size); 76 sn->date_sec = be32_to_cpu(h.date_sec); 77 sn->date_nsec = be32_to_cpu(h.date_nsec); 78 sn->vm_clock_nsec = be64_to_cpu(h.vm_clock_nsec); 79 extra_data_size = be32_to_cpu(h.extra_data_size); 80 81 id_str_size = be16_to_cpu(h.id_str_size); 82 name_size = be16_to_cpu(h.name_size); 83 84 /* Read extra data */ 85 ret = bdrv_pread(bs->file, offset, &extra, 86 MIN(sizeof(extra), extra_data_size)); 87 if (ret < 0) { 88 goto fail; 89 } 90 offset += extra_data_size; 91 92 if (extra_data_size >= 8) { 93 sn->vm_state_size = be64_to_cpu(extra.vm_state_size_large); 94 } 95 96 if (extra_data_size >= 16) { 97 sn->disk_size = be64_to_cpu(extra.disk_size); 98 } else { 99 sn->disk_size = bs->total_sectors * BDRV_SECTOR_SIZE; 100 } 101 102 /* Read snapshot ID */ 103 sn->id_str = g_malloc(id_str_size + 1); 104 ret = bdrv_pread(bs->file, offset, sn->id_str, id_str_size); 105 if (ret < 0) { 106 goto fail; 107 } 108 offset += id_str_size; 109 sn->id_str[id_str_size] = '\0'; 110 111 /* Read snapshot name */ 112 sn->name = g_malloc(name_size + 1); 113 ret = bdrv_pread(bs->file, offset, sn->name, name_size); 114 if (ret < 0) { 115 goto fail; 116 } 117 offset += name_size; 118 sn->name[name_size] = '\0'; 119 120 if (offset - s->snapshots_offset > QCOW_MAX_SNAPSHOTS_SIZE) { 121 ret = -EFBIG; 122 goto fail; 123 } 124 } 125 126 assert(offset - s->snapshots_offset <= INT_MAX); 127 s->snapshots_size = offset - s->snapshots_offset; 128 return 0; 129 130 fail: 131 qcow2_free_snapshots(bs); 132 return ret; 133 } 134 135 /* add at the end of the file a new list of snapshots */ 136 static int qcow2_write_snapshots(BlockDriverState *bs) 137 { 138 BDRVQcowState *s = bs->opaque; 139 QCowSnapshot *sn; 140 QCowSnapshotHeader h; 141 QCowSnapshotExtraData extra; 142 int i, name_size, id_str_size, snapshots_size; 143 struct { 144 uint32_t nb_snapshots; 145 uint64_t snapshots_offset; 146 } QEMU_PACKED header_data; 147 int64_t offset, snapshots_offset = 0; 148 int ret; 149 150 /* compute the size of the snapshots */ 151 offset = 0; 152 for(i = 0; i < s->nb_snapshots; i++) { 153 sn = s->snapshots + i; 154 offset = align_offset(offset, 8); 155 offset += sizeof(h); 156 offset += sizeof(extra); 157 offset += strlen(sn->id_str); 158 offset += strlen(sn->name); 159 160 if (offset > QCOW_MAX_SNAPSHOTS_SIZE) { 161 ret = -EFBIG; 162 goto fail; 163 } 164 } 165 166 assert(offset <= INT_MAX); 167 snapshots_size = offset; 168 169 /* Allocate space for the new snapshot list */ 170 snapshots_offset = qcow2_alloc_clusters(bs, snapshots_size); 171 offset = snapshots_offset; 172 if (offset < 0) { 173 ret = offset; 174 goto fail; 175 } 176 ret = bdrv_flush(bs); 177 if (ret < 0) { 178 goto fail; 179 } 180 181 /* The snapshot list position has not yet been updated, so these clusters 182 * must indeed be completely free */ 183 ret = qcow2_pre_write_overlap_check(bs, 0, offset, snapshots_size); 184 if (ret < 0) { 185 goto fail; 186 } 187 188 189 /* Write all snapshots to the new list */ 190 for(i = 0; i < s->nb_snapshots; i++) { 191 sn = s->snapshots + i; 192 memset(&h, 0, sizeof(h)); 193 h.l1_table_offset = cpu_to_be64(sn->l1_table_offset); 194 h.l1_size = cpu_to_be32(sn->l1_size); 195 /* If it doesn't fit in 32 bit, older implementations should treat it 196 * as a disk-only snapshot rather than truncate the VM state */ 197 if (sn->vm_state_size <= 0xffffffff) { 198 h.vm_state_size = cpu_to_be32(sn->vm_state_size); 199 } 200 h.date_sec = cpu_to_be32(sn->date_sec); 201 h.date_nsec = cpu_to_be32(sn->date_nsec); 202 h.vm_clock_nsec = cpu_to_be64(sn->vm_clock_nsec); 203 h.extra_data_size = cpu_to_be32(sizeof(extra)); 204 205 memset(&extra, 0, sizeof(extra)); 206 extra.vm_state_size_large = cpu_to_be64(sn->vm_state_size); 207 extra.disk_size = cpu_to_be64(sn->disk_size); 208 209 id_str_size = strlen(sn->id_str); 210 name_size = strlen(sn->name); 211 assert(id_str_size <= UINT16_MAX && name_size <= UINT16_MAX); 212 h.id_str_size = cpu_to_be16(id_str_size); 213 h.name_size = cpu_to_be16(name_size); 214 offset = align_offset(offset, 8); 215 216 ret = bdrv_pwrite(bs->file, offset, &h, sizeof(h)); 217 if (ret < 0) { 218 goto fail; 219 } 220 offset += sizeof(h); 221 222 ret = bdrv_pwrite(bs->file, offset, &extra, sizeof(extra)); 223 if (ret < 0) { 224 goto fail; 225 } 226 offset += sizeof(extra); 227 228 ret = bdrv_pwrite(bs->file, offset, sn->id_str, id_str_size); 229 if (ret < 0) { 230 goto fail; 231 } 232 offset += id_str_size; 233 234 ret = bdrv_pwrite(bs->file, offset, sn->name, name_size); 235 if (ret < 0) { 236 goto fail; 237 } 238 offset += name_size; 239 } 240 241 /* 242 * Update the header to point to the new snapshot table. This requires the 243 * new table and its refcounts to be stable on disk. 244 */ 245 ret = bdrv_flush(bs); 246 if (ret < 0) { 247 goto fail; 248 } 249 250 QEMU_BUILD_BUG_ON(offsetof(QCowHeader, snapshots_offset) != 251 offsetof(QCowHeader, nb_snapshots) + sizeof(header_data.nb_snapshots)); 252 253 header_data.nb_snapshots = cpu_to_be32(s->nb_snapshots); 254 header_data.snapshots_offset = cpu_to_be64(snapshots_offset); 255 256 ret = bdrv_pwrite_sync(bs->file, offsetof(QCowHeader, nb_snapshots), 257 &header_data, sizeof(header_data)); 258 if (ret < 0) { 259 goto fail; 260 } 261 262 /* free the old snapshot table */ 263 qcow2_free_clusters(bs, s->snapshots_offset, s->snapshots_size, 264 QCOW2_DISCARD_SNAPSHOT); 265 s->snapshots_offset = snapshots_offset; 266 s->snapshots_size = snapshots_size; 267 return 0; 268 269 fail: 270 if (snapshots_offset > 0) { 271 qcow2_free_clusters(bs, snapshots_offset, snapshots_size, 272 QCOW2_DISCARD_ALWAYS); 273 } 274 return ret; 275 } 276 277 static void find_new_snapshot_id(BlockDriverState *bs, 278 char *id_str, int id_str_size) 279 { 280 BDRVQcowState *s = bs->opaque; 281 QCowSnapshot *sn; 282 int i; 283 unsigned long id, id_max = 0; 284 285 for(i = 0; i < s->nb_snapshots; i++) { 286 sn = s->snapshots + i; 287 id = strtoul(sn->id_str, NULL, 10); 288 if (id > id_max) 289 id_max = id; 290 } 291 snprintf(id_str, id_str_size, "%lu", id_max + 1); 292 } 293 294 static int find_snapshot_by_id_and_name(BlockDriverState *bs, 295 const char *id, 296 const char *name) 297 { 298 BDRVQcowState *s = bs->opaque; 299 int i; 300 301 if (id && name) { 302 for (i = 0; i < s->nb_snapshots; i++) { 303 if (!strcmp(s->snapshots[i].id_str, id) && 304 !strcmp(s->snapshots[i].name, name)) { 305 return i; 306 } 307 } 308 } else if (id) { 309 for (i = 0; i < s->nb_snapshots; i++) { 310 if (!strcmp(s->snapshots[i].id_str, id)) { 311 return i; 312 } 313 } 314 } else if (name) { 315 for (i = 0; i < s->nb_snapshots; i++) { 316 if (!strcmp(s->snapshots[i].name, name)) { 317 return i; 318 } 319 } 320 } 321 322 return -1; 323 } 324 325 static int find_snapshot_by_id_or_name(BlockDriverState *bs, 326 const char *id_or_name) 327 { 328 int ret; 329 330 ret = find_snapshot_by_id_and_name(bs, id_or_name, NULL); 331 if (ret >= 0) { 332 return ret; 333 } 334 return find_snapshot_by_id_and_name(bs, NULL, id_or_name); 335 } 336 337 /* if no id is provided, a new one is constructed */ 338 int qcow2_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info) 339 { 340 BDRVQcowState *s = bs->opaque; 341 QCowSnapshot *new_snapshot_list = NULL; 342 QCowSnapshot *old_snapshot_list = NULL; 343 QCowSnapshot sn1, *sn = &sn1; 344 int i, ret; 345 uint64_t *l1_table = NULL; 346 int64_t l1_table_offset; 347 348 if (s->nb_snapshots >= QCOW_MAX_SNAPSHOTS) { 349 return -EFBIG; 350 } 351 352 memset(sn, 0, sizeof(*sn)); 353 354 /* Generate an ID if it wasn't passed */ 355 if (sn_info->id_str[0] == '\0') { 356 find_new_snapshot_id(bs, sn_info->id_str, sizeof(sn_info->id_str)); 357 } 358 359 /* Check that the ID is unique */ 360 if (find_snapshot_by_id_and_name(bs, sn_info->id_str, NULL) >= 0) { 361 return -EEXIST; 362 } 363 364 /* Populate sn with passed data */ 365 sn->id_str = g_strdup(sn_info->id_str); 366 sn->name = g_strdup(sn_info->name); 367 368 sn->disk_size = bs->total_sectors * BDRV_SECTOR_SIZE; 369 sn->vm_state_size = sn_info->vm_state_size; 370 sn->date_sec = sn_info->date_sec; 371 sn->date_nsec = sn_info->date_nsec; 372 sn->vm_clock_nsec = sn_info->vm_clock_nsec; 373 374 /* Allocate the L1 table of the snapshot and copy the current one there. */ 375 l1_table_offset = qcow2_alloc_clusters(bs, s->l1_size * sizeof(uint64_t)); 376 if (l1_table_offset < 0) { 377 ret = l1_table_offset; 378 goto fail; 379 } 380 381 sn->l1_table_offset = l1_table_offset; 382 sn->l1_size = s->l1_size; 383 384 l1_table = g_malloc(s->l1_size * sizeof(uint64_t)); 385 for(i = 0; i < s->l1_size; i++) { 386 l1_table[i] = cpu_to_be64(s->l1_table[i]); 387 } 388 389 ret = qcow2_pre_write_overlap_check(bs, 0, sn->l1_table_offset, 390 s->l1_size * sizeof(uint64_t)); 391 if (ret < 0) { 392 goto fail; 393 } 394 395 ret = bdrv_pwrite(bs->file, sn->l1_table_offset, l1_table, 396 s->l1_size * sizeof(uint64_t)); 397 if (ret < 0) { 398 goto fail; 399 } 400 401 g_free(l1_table); 402 l1_table = NULL; 403 404 /* 405 * Increase the refcounts of all clusters and make sure everything is 406 * stable on disk before updating the snapshot table to contain a pointer 407 * to the new L1 table. 408 */ 409 ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 1); 410 if (ret < 0) { 411 goto fail; 412 } 413 414 /* Append the new snapshot to the snapshot list */ 415 new_snapshot_list = g_malloc((s->nb_snapshots + 1) * sizeof(QCowSnapshot)); 416 if (s->snapshots) { 417 memcpy(new_snapshot_list, s->snapshots, 418 s->nb_snapshots * sizeof(QCowSnapshot)); 419 old_snapshot_list = s->snapshots; 420 } 421 s->snapshots = new_snapshot_list; 422 s->snapshots[s->nb_snapshots++] = *sn; 423 424 ret = qcow2_write_snapshots(bs); 425 if (ret < 0) { 426 g_free(s->snapshots); 427 s->snapshots = old_snapshot_list; 428 s->nb_snapshots--; 429 goto fail; 430 } 431 432 g_free(old_snapshot_list); 433 434 /* The VM state isn't needed any more in the active L1 table; in fact, it 435 * hurts by causing expensive COW for the next snapshot. */ 436 qcow2_discard_clusters(bs, qcow2_vm_state_offset(s), 437 align_offset(sn->vm_state_size, s->cluster_size) 438 >> BDRV_SECTOR_BITS, 439 QCOW2_DISCARD_NEVER); 440 441 #ifdef DEBUG_ALLOC 442 { 443 BdrvCheckResult result = {0}; 444 qcow2_check_refcounts(bs, &result, 0); 445 } 446 #endif 447 return 0; 448 449 fail: 450 g_free(sn->id_str); 451 g_free(sn->name); 452 g_free(l1_table); 453 454 return ret; 455 } 456 457 /* copy the snapshot 'snapshot_name' into the current disk image */ 458 int qcow2_snapshot_goto(BlockDriverState *bs, const char *snapshot_id) 459 { 460 BDRVQcowState *s = bs->opaque; 461 QCowSnapshot *sn; 462 int i, snapshot_index; 463 int cur_l1_bytes, sn_l1_bytes; 464 int ret; 465 uint64_t *sn_l1_table = NULL; 466 467 /* Search the snapshot */ 468 snapshot_index = find_snapshot_by_id_or_name(bs, snapshot_id); 469 if (snapshot_index < 0) { 470 return -ENOENT; 471 } 472 sn = &s->snapshots[snapshot_index]; 473 474 if (sn->disk_size != bs->total_sectors * BDRV_SECTOR_SIZE) { 475 error_report("qcow2: Loading snapshots with different disk " 476 "size is not implemented"); 477 ret = -ENOTSUP; 478 goto fail; 479 } 480 481 /* 482 * Make sure that the current L1 table is big enough to contain the whole 483 * L1 table of the snapshot. If the snapshot L1 table is smaller, the 484 * current one must be padded with zeros. 485 */ 486 ret = qcow2_grow_l1_table(bs, sn->l1_size, true); 487 if (ret < 0) { 488 goto fail; 489 } 490 491 cur_l1_bytes = s->l1_size * sizeof(uint64_t); 492 sn_l1_bytes = sn->l1_size * sizeof(uint64_t); 493 494 /* 495 * Copy the snapshot L1 table to the current L1 table. 496 * 497 * Before overwriting the old current L1 table on disk, make sure to 498 * increase all refcounts for the clusters referenced by the new one. 499 * Decrease the refcount referenced by the old one only when the L1 500 * table is overwritten. 501 */ 502 sn_l1_table = g_malloc0(cur_l1_bytes); 503 504 ret = bdrv_pread(bs->file, sn->l1_table_offset, sn_l1_table, sn_l1_bytes); 505 if (ret < 0) { 506 goto fail; 507 } 508 509 ret = qcow2_update_snapshot_refcount(bs, sn->l1_table_offset, 510 sn->l1_size, 1); 511 if (ret < 0) { 512 goto fail; 513 } 514 515 ret = qcow2_pre_write_overlap_check(bs, QCOW2_OL_ACTIVE_L1, 516 s->l1_table_offset, cur_l1_bytes); 517 if (ret < 0) { 518 goto fail; 519 } 520 521 ret = bdrv_pwrite_sync(bs->file, s->l1_table_offset, sn_l1_table, 522 cur_l1_bytes); 523 if (ret < 0) { 524 goto fail; 525 } 526 527 /* 528 * Decrease refcount of clusters of current L1 table. 529 * 530 * At this point, the in-memory s->l1_table points to the old L1 table, 531 * whereas on disk we already have the new one. 532 * 533 * qcow2_update_snapshot_refcount special cases the current L1 table to use 534 * the in-memory data instead of really using the offset to load a new one, 535 * which is why this works. 536 */ 537 ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, 538 s->l1_size, -1); 539 540 /* 541 * Now update the in-memory L1 table to be in sync with the on-disk one. We 542 * need to do this even if updating refcounts failed. 543 */ 544 for(i = 0;i < s->l1_size; i++) { 545 s->l1_table[i] = be64_to_cpu(sn_l1_table[i]); 546 } 547 548 if (ret < 0) { 549 goto fail; 550 } 551 552 g_free(sn_l1_table); 553 sn_l1_table = NULL; 554 555 /* 556 * Update QCOW_OFLAG_COPIED in the active L1 table (it may have changed 557 * when we decreased the refcount of the old snapshot. 558 */ 559 ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 0); 560 if (ret < 0) { 561 goto fail; 562 } 563 564 #ifdef DEBUG_ALLOC 565 { 566 BdrvCheckResult result = {0}; 567 qcow2_check_refcounts(bs, &result, 0); 568 } 569 #endif 570 return 0; 571 572 fail: 573 g_free(sn_l1_table); 574 return ret; 575 } 576 577 int qcow2_snapshot_delete(BlockDriverState *bs, 578 const char *snapshot_id, 579 const char *name, 580 Error **errp) 581 { 582 BDRVQcowState *s = bs->opaque; 583 QCowSnapshot sn; 584 int snapshot_index, ret; 585 586 /* Search the snapshot */ 587 snapshot_index = find_snapshot_by_id_and_name(bs, snapshot_id, name); 588 if (snapshot_index < 0) { 589 error_setg(errp, "Can't find the snapshot"); 590 return -ENOENT; 591 } 592 sn = s->snapshots[snapshot_index]; 593 594 /* Remove it from the snapshot list */ 595 memmove(s->snapshots + snapshot_index, 596 s->snapshots + snapshot_index + 1, 597 (s->nb_snapshots - snapshot_index - 1) * sizeof(sn)); 598 s->nb_snapshots--; 599 ret = qcow2_write_snapshots(bs); 600 if (ret < 0) { 601 error_setg_errno(errp, -ret, 602 "Failed to remove snapshot from snapshot list"); 603 return ret; 604 } 605 606 /* 607 * The snapshot is now unused, clean up. If we fail after this point, we 608 * won't recover but just leak clusters. 609 */ 610 g_free(sn.id_str); 611 g_free(sn.name); 612 613 /* 614 * Now decrease the refcounts of clusters referenced by the snapshot and 615 * free the L1 table. 616 */ 617 ret = qcow2_update_snapshot_refcount(bs, sn.l1_table_offset, 618 sn.l1_size, -1); 619 if (ret < 0) { 620 error_setg_errno(errp, -ret, "Failed to free the cluster and L1 table"); 621 return ret; 622 } 623 qcow2_free_clusters(bs, sn.l1_table_offset, sn.l1_size * sizeof(uint64_t), 624 QCOW2_DISCARD_SNAPSHOT); 625 626 /* must update the copied flag on the current cluster offsets */ 627 ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 0); 628 if (ret < 0) { 629 error_setg_errno(errp, -ret, 630 "Failed to update snapshot status in disk"); 631 return ret; 632 } 633 634 #ifdef DEBUG_ALLOC 635 { 636 BdrvCheckResult result = {0}; 637 qcow2_check_refcounts(bs, &result, 0); 638 } 639 #endif 640 return 0; 641 } 642 643 int qcow2_snapshot_list(BlockDriverState *bs, QEMUSnapshotInfo **psn_tab) 644 { 645 BDRVQcowState *s = bs->opaque; 646 QEMUSnapshotInfo *sn_tab, *sn_info; 647 QCowSnapshot *sn; 648 int i; 649 650 if (!s->nb_snapshots) { 651 *psn_tab = NULL; 652 return s->nb_snapshots; 653 } 654 655 sn_tab = g_malloc0(s->nb_snapshots * sizeof(QEMUSnapshotInfo)); 656 for(i = 0; i < s->nb_snapshots; i++) { 657 sn_info = sn_tab + i; 658 sn = s->snapshots + i; 659 pstrcpy(sn_info->id_str, sizeof(sn_info->id_str), 660 sn->id_str); 661 pstrcpy(sn_info->name, sizeof(sn_info->name), 662 sn->name); 663 sn_info->vm_state_size = sn->vm_state_size; 664 sn_info->date_sec = sn->date_sec; 665 sn_info->date_nsec = sn->date_nsec; 666 sn_info->vm_clock_nsec = sn->vm_clock_nsec; 667 } 668 *psn_tab = sn_tab; 669 return s->nb_snapshots; 670 } 671 672 int qcow2_snapshot_load_tmp(BlockDriverState *bs, 673 const char *snapshot_id, 674 const char *name, 675 Error **errp) 676 { 677 int i, snapshot_index; 678 BDRVQcowState *s = bs->opaque; 679 QCowSnapshot *sn; 680 uint64_t *new_l1_table; 681 int new_l1_bytes; 682 int ret; 683 684 assert(bs->read_only); 685 686 /* Search the snapshot */ 687 snapshot_index = find_snapshot_by_id_and_name(bs, snapshot_id, name); 688 if (snapshot_index < 0) { 689 error_setg(errp, 690 "Can't find snapshot"); 691 return -ENOENT; 692 } 693 sn = &s->snapshots[snapshot_index]; 694 695 /* Allocate and read in the snapshot's L1 table */ 696 if (sn->l1_size > QCOW_MAX_L1_SIZE) { 697 error_setg(errp, "Snapshot L1 table too large"); 698 return -EFBIG; 699 } 700 new_l1_bytes = sn->l1_size * sizeof(uint64_t); 701 new_l1_table = g_malloc0(align_offset(new_l1_bytes, 512)); 702 703 ret = bdrv_pread(bs->file, sn->l1_table_offset, new_l1_table, new_l1_bytes); 704 if (ret < 0) { 705 error_setg(errp, "Failed to read l1 table for snapshot"); 706 g_free(new_l1_table); 707 return ret; 708 } 709 710 /* Switch the L1 table */ 711 g_free(s->l1_table); 712 713 s->l1_size = sn->l1_size; 714 s->l1_table_offset = sn->l1_table_offset; 715 s->l1_table = new_l1_table; 716 717 for(i = 0;i < s->l1_size; i++) { 718 be64_to_cpus(&s->l1_table[i]); 719 } 720 721 return 0; 722 } 723