1 /* 2 * Threaded data processing for Qcow2: compression, encryption 3 * 4 * Copyright (c) 2004-2006 Fabrice Bellard 5 * Copyright (c) 2018 Virtuozzo International GmbH. All rights reserved. 6 * 7 * Permission is hereby granted, free of charge, to any person obtaining a copy 8 * of this software and associated documentation files (the "Software"), to deal 9 * in the Software without restriction, including without limitation the rights 10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 * copies of the Software, and to permit persons to whom the Software is 12 * furnished to do so, subject to the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be included in 15 * all copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 23 * THE SOFTWARE. 24 */ 25 26 #include "qemu/osdep.h" 27 28 #define ZLIB_CONST 29 #include <zlib.h> 30 31 #ifdef CONFIG_ZSTD 32 #include <zstd.h> 33 #include <zstd_errors.h> 34 #endif 35 36 #include "qcow2.h" 37 #include "block/block-io.h" 38 #include "block/thread-pool.h" 39 #include "crypto.h" 40 41 static int coroutine_fn 42 qcow2_co_process(BlockDriverState *bs, ThreadPoolFunc *func, void *arg) 43 { 44 int ret; 45 BDRVQcow2State *s = bs->opaque; 46 ThreadPool *pool = aio_get_thread_pool(bdrv_get_aio_context(bs)); 47 48 qemu_co_mutex_lock(&s->lock); 49 while (s->nb_threads >= QCOW2_MAX_THREADS) { 50 qemu_co_queue_wait(&s->thread_task_queue, &s->lock); 51 } 52 s->nb_threads++; 53 qemu_co_mutex_unlock(&s->lock); 54 55 ret = thread_pool_submit_co(pool, func, arg); 56 57 qemu_co_mutex_lock(&s->lock); 58 s->nb_threads--; 59 qemu_co_queue_next(&s->thread_task_queue); 60 qemu_co_mutex_unlock(&s->lock); 61 62 return ret; 63 } 64 65 66 /* 67 * Compression 68 */ 69 70 typedef ssize_t (*Qcow2CompressFunc)(void *dest, size_t dest_size, 71 const void *src, size_t src_size); 72 typedef struct Qcow2CompressData { 73 void *dest; 74 size_t dest_size; 75 const void *src; 76 size_t src_size; 77 ssize_t ret; 78 79 Qcow2CompressFunc func; 80 } Qcow2CompressData; 81 82 /* 83 * qcow2_zlib_compress() 84 * 85 * Compress @src_size bytes of data using zlib compression method 86 * 87 * @dest - destination buffer, @dest_size bytes 88 * @src - source buffer, @src_size bytes 89 * 90 * Returns: compressed size on success 91 * -ENOMEM destination buffer is not enough to store compressed data 92 * -EIO on any other error 93 */ 94 static ssize_t qcow2_zlib_compress(void *dest, size_t dest_size, 95 const void *src, size_t src_size) 96 { 97 ssize_t ret; 98 z_stream strm; 99 100 /* best compression, small window, no zlib header */ 101 memset(&strm, 0, sizeof(strm)); 102 ret = deflateInit2(&strm, Z_DEFAULT_COMPRESSION, Z_DEFLATED, 103 -12, 9, Z_DEFAULT_STRATEGY); 104 if (ret != Z_OK) { 105 return -EIO; 106 } 107 108 /* 109 * strm.next_in is not const in old zlib versions, such as those used on 110 * OpenBSD/NetBSD, so cast the const away 111 */ 112 strm.avail_in = src_size; 113 strm.next_in = (void *) src; 114 strm.avail_out = dest_size; 115 strm.next_out = dest; 116 117 ret = deflate(&strm, Z_FINISH); 118 if (ret == Z_STREAM_END) { 119 ret = dest_size - strm.avail_out; 120 } else { 121 ret = (ret == Z_OK ? -ENOMEM : -EIO); 122 } 123 124 deflateEnd(&strm); 125 126 return ret; 127 } 128 129 /* 130 * qcow2_zlib_decompress() 131 * 132 * Decompress some data (not more than @src_size bytes) to produce exactly 133 * @dest_size bytes using zlib compression method 134 * 135 * @dest - destination buffer, @dest_size bytes 136 * @src - source buffer, @src_size bytes 137 * 138 * Returns: 0 on success 139 * -EIO on fail 140 */ 141 static ssize_t qcow2_zlib_decompress(void *dest, size_t dest_size, 142 const void *src, size_t src_size) 143 { 144 int ret; 145 z_stream strm; 146 147 memset(&strm, 0, sizeof(strm)); 148 strm.avail_in = src_size; 149 strm.next_in = (void *) src; 150 strm.avail_out = dest_size; 151 strm.next_out = dest; 152 153 ret = inflateInit2(&strm, -12); 154 if (ret != Z_OK) { 155 return -EIO; 156 } 157 158 ret = inflate(&strm, Z_FINISH); 159 if ((ret == Z_STREAM_END || ret == Z_BUF_ERROR) && strm.avail_out == 0) { 160 /* 161 * We approve Z_BUF_ERROR because we need @dest buffer to be filled, but 162 * @src buffer may be processed partly (because in qcow2 we know size of 163 * compressed data with precision of one sector) 164 */ 165 ret = 0; 166 } else { 167 ret = -EIO; 168 } 169 170 inflateEnd(&strm); 171 172 return ret; 173 } 174 175 #ifdef CONFIG_ZSTD 176 177 /* 178 * qcow2_zstd_compress() 179 * 180 * Compress @src_size bytes of data using zstd compression method 181 * 182 * @dest - destination buffer, @dest_size bytes 183 * @src - source buffer, @src_size bytes 184 * 185 * Returns: compressed size on success 186 * -ENOMEM destination buffer is not enough to store compressed data 187 * -EIO on any other error 188 */ 189 static ssize_t qcow2_zstd_compress(void *dest, size_t dest_size, 190 const void *src, size_t src_size) 191 { 192 ssize_t ret; 193 size_t zstd_ret; 194 ZSTD_outBuffer output = { 195 .dst = dest, 196 .size = dest_size, 197 .pos = 0 198 }; 199 ZSTD_inBuffer input = { 200 .src = src, 201 .size = src_size, 202 .pos = 0 203 }; 204 ZSTD_CCtx *cctx = ZSTD_createCCtx(); 205 206 if (!cctx) { 207 return -EIO; 208 } 209 /* 210 * Use the zstd streamed interface for symmetry with decompression, 211 * where streaming is essential since we don't record the exact 212 * compressed size. 213 * 214 * ZSTD_compressStream2() tries to compress everything it could 215 * with a single call. Although, ZSTD docs says that: 216 * "You must continue calling ZSTD_compressStream2() with ZSTD_e_end 217 * until it returns 0, at which point you are free to start a new frame", 218 * in out tests we saw the only case when it returned with >0 - 219 * when the output buffer was too small. In that case, 220 * ZSTD_compressStream2() expects a bigger buffer on the next call. 221 * We can't provide a bigger buffer because we are limited with dest_size 222 * which we pass to the ZSTD_compressStream2() at once. 223 * So, we don't need any loops and just abort the compression when we 224 * don't get 0 result on the first call. 225 */ 226 zstd_ret = ZSTD_compressStream2(cctx, &output, &input, ZSTD_e_end); 227 228 if (zstd_ret) { 229 if (zstd_ret > output.size - output.pos) { 230 ret = -ENOMEM; 231 } else { 232 ret = -EIO; 233 } 234 goto out; 235 } 236 237 /* make sure that zstd didn't overflow the dest buffer */ 238 assert(output.pos <= dest_size); 239 ret = output.pos; 240 out: 241 ZSTD_freeCCtx(cctx); 242 return ret; 243 } 244 245 /* 246 * qcow2_zstd_decompress() 247 * 248 * Decompress some data (not more than @src_size bytes) to produce exactly 249 * @dest_size bytes using zstd compression method 250 * 251 * @dest - destination buffer, @dest_size bytes 252 * @src - source buffer, @src_size bytes 253 * 254 * Returns: 0 on success 255 * -EIO on any error 256 */ 257 static ssize_t qcow2_zstd_decompress(void *dest, size_t dest_size, 258 const void *src, size_t src_size) 259 { 260 size_t zstd_ret = 0; 261 ssize_t ret = 0; 262 ZSTD_outBuffer output = { 263 .dst = dest, 264 .size = dest_size, 265 .pos = 0 266 }; 267 ZSTD_inBuffer input = { 268 .src = src, 269 .size = src_size, 270 .pos = 0 271 }; 272 ZSTD_DCtx *dctx = ZSTD_createDCtx(); 273 274 if (!dctx) { 275 return -EIO; 276 } 277 278 /* 279 * The compressed stream from the input buffer may consist of more 280 * than one zstd frame. So we iterate until we get a fully 281 * uncompressed cluster. 282 * From zstd docs related to ZSTD_decompressStream: 283 * "return : 0 when a frame is completely decoded and fully flushed" 284 * We suppose that this means: each time ZSTD_decompressStream reads 285 * only ONE full frame and returns 0 if and only if that frame 286 * is completely decoded and flushed. Only after returning 0, 287 * ZSTD_decompressStream reads another ONE full frame. 288 */ 289 while (output.pos < output.size) { 290 size_t last_in_pos = input.pos; 291 size_t last_out_pos = output.pos; 292 zstd_ret = ZSTD_decompressStream(dctx, &output, &input); 293 294 if (ZSTD_isError(zstd_ret)) { 295 ret = -EIO; 296 break; 297 } 298 299 /* 300 * The ZSTD manual is vague about what to do if it reads 301 * the buffer partially, and we don't want to get stuck 302 * in an infinite loop where ZSTD_decompressStream 303 * returns > 0 waiting for another input chunk. So, we add 304 * a check which ensures that the loop makes some progress 305 * on each step. 306 */ 307 if (last_in_pos >= input.pos && 308 last_out_pos >= output.pos) { 309 ret = -EIO; 310 break; 311 } 312 } 313 /* 314 * Make sure that we have the frame fully flushed here 315 * if not, we somehow managed to get uncompressed cluster 316 * greater then the cluster size, possibly because of its 317 * damage. 318 */ 319 if (zstd_ret > 0) { 320 ret = -EIO; 321 } 322 323 ZSTD_freeDCtx(dctx); 324 assert(ret == 0 || ret == -EIO); 325 return ret; 326 } 327 #endif 328 329 static int qcow2_compress_pool_func(void *opaque) 330 { 331 Qcow2CompressData *data = opaque; 332 333 data->ret = data->func(data->dest, data->dest_size, 334 data->src, data->src_size); 335 336 return 0; 337 } 338 339 static ssize_t coroutine_fn 340 qcow2_co_do_compress(BlockDriverState *bs, void *dest, size_t dest_size, 341 const void *src, size_t src_size, Qcow2CompressFunc func) 342 { 343 Qcow2CompressData arg = { 344 .dest = dest, 345 .dest_size = dest_size, 346 .src = src, 347 .src_size = src_size, 348 .func = func, 349 }; 350 351 qcow2_co_process(bs, qcow2_compress_pool_func, &arg); 352 353 return arg.ret; 354 } 355 356 /* 357 * qcow2_co_compress() 358 * 359 * Compress @src_size bytes of data using the compression 360 * method defined by the image compression type 361 * 362 * @dest - destination buffer, @dest_size bytes 363 * @src - source buffer, @src_size bytes 364 * 365 * Returns: compressed size on success 366 * a negative error code on failure 367 */ 368 ssize_t coroutine_fn 369 qcow2_co_compress(BlockDriverState *bs, void *dest, size_t dest_size, 370 const void *src, size_t src_size) 371 { 372 BDRVQcow2State *s = bs->opaque; 373 Qcow2CompressFunc fn; 374 375 switch (s->compression_type) { 376 case QCOW2_COMPRESSION_TYPE_ZLIB: 377 fn = qcow2_zlib_compress; 378 break; 379 380 #ifdef CONFIG_ZSTD 381 case QCOW2_COMPRESSION_TYPE_ZSTD: 382 fn = qcow2_zstd_compress; 383 break; 384 #endif 385 default: 386 abort(); 387 } 388 389 return qcow2_co_do_compress(bs, dest, dest_size, src, src_size, fn); 390 } 391 392 /* 393 * qcow2_co_decompress() 394 * 395 * Decompress some data (not more than @src_size bytes) to produce exactly 396 * @dest_size bytes using the compression method defined by the image 397 * compression type 398 * 399 * @dest - destination buffer, @dest_size bytes 400 * @src - source buffer, @src_size bytes 401 * 402 * Returns: 0 on success 403 * a negative error code on failure 404 */ 405 ssize_t coroutine_fn 406 qcow2_co_decompress(BlockDriverState *bs, void *dest, size_t dest_size, 407 const void *src, size_t src_size) 408 { 409 BDRVQcow2State *s = bs->opaque; 410 Qcow2CompressFunc fn; 411 412 switch (s->compression_type) { 413 case QCOW2_COMPRESSION_TYPE_ZLIB: 414 fn = qcow2_zlib_decompress; 415 break; 416 417 #ifdef CONFIG_ZSTD 418 case QCOW2_COMPRESSION_TYPE_ZSTD: 419 fn = qcow2_zstd_decompress; 420 break; 421 #endif 422 default: 423 abort(); 424 } 425 426 return qcow2_co_do_compress(bs, dest, dest_size, src, src_size, fn); 427 } 428 429 430 /* 431 * Cryptography 432 */ 433 434 /* 435 * Qcow2EncDecFunc: common prototype of qcrypto_block_encrypt() and 436 * qcrypto_block_decrypt() functions. 437 */ 438 typedef int (*Qcow2EncDecFunc)(QCryptoBlock *block, uint64_t offset, 439 uint8_t *buf, size_t len, Error **errp); 440 441 typedef struct Qcow2EncDecData { 442 QCryptoBlock *block; 443 uint64_t offset; 444 uint8_t *buf; 445 size_t len; 446 447 Qcow2EncDecFunc func; 448 } Qcow2EncDecData; 449 450 static int qcow2_encdec_pool_func(void *opaque) 451 { 452 Qcow2EncDecData *data = opaque; 453 454 return data->func(data->block, data->offset, data->buf, data->len, NULL); 455 } 456 457 static int coroutine_fn 458 qcow2_co_encdec(BlockDriverState *bs, uint64_t host_offset, 459 uint64_t guest_offset, void *buf, size_t len, 460 Qcow2EncDecFunc func) 461 { 462 BDRVQcow2State *s = bs->opaque; 463 Qcow2EncDecData arg = { 464 .block = s->crypto, 465 .offset = s->crypt_physical_offset ? host_offset : guest_offset, 466 .buf = buf, 467 .len = len, 468 .func = func, 469 }; 470 uint64_t sector_size; 471 472 assert(s->crypto); 473 474 sector_size = qcrypto_block_get_sector_size(s->crypto); 475 assert(QEMU_IS_ALIGNED(guest_offset, sector_size)); 476 assert(QEMU_IS_ALIGNED(host_offset, sector_size)); 477 assert(QEMU_IS_ALIGNED(len, sector_size)); 478 479 return len == 0 ? 0 : qcow2_co_process(bs, qcow2_encdec_pool_func, &arg); 480 } 481 482 /* 483 * qcow2_co_encrypt() 484 * 485 * Encrypts one or more contiguous aligned sectors 486 * 487 * @host_offset - underlying storage offset of the first sector of the 488 * data to be encrypted 489 * 490 * @guest_offset - guest (virtual) offset of the first sector of the 491 * data to be encrypted 492 * 493 * @buf - buffer with the data to encrypt, that after encryption 494 * will be written to the underlying storage device at 495 * @host_offset 496 * 497 * @len - length of the buffer (must be a multiple of the encryption 498 * sector size) 499 * 500 * Depending on the encryption method, @host_offset and/or @guest_offset 501 * may be used for generating the initialization vector for 502 * encryption. 503 * 504 * Note that while the whole range must be aligned on sectors, it 505 * does not have to be aligned on clusters and can also cross cluster 506 * boundaries 507 */ 508 int coroutine_fn 509 qcow2_co_encrypt(BlockDriverState *bs, uint64_t host_offset, 510 uint64_t guest_offset, void *buf, size_t len) 511 { 512 return qcow2_co_encdec(bs, host_offset, guest_offset, buf, len, 513 qcrypto_block_encrypt); 514 } 515 516 /* 517 * qcow2_co_decrypt() 518 * 519 * Decrypts one or more contiguous aligned sectors 520 * Similar to qcow2_co_encrypt 521 */ 522 int coroutine_fn 523 qcow2_co_decrypt(BlockDriverState *bs, uint64_t host_offset, 524 uint64_t guest_offset, void *buf, size_t len) 525 { 526 return qcow2_co_encdec(bs, host_offset, guest_offset, buf, len, 527 qcrypto_block_decrypt); 528 } 529