1 /* 2 * Block driver for the QCOW version 2 format 3 * 4 * Copyright (c) 2004-2006 Fabrice Bellard 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #ifndef BLOCK_QCOW2_H 26 #define BLOCK_QCOW2_H 27 28 #include "crypto/block.h" 29 #include "qemu/coroutine.h" 30 #include "qemu/units.h" 31 #include "block/block_int.h" 32 33 //#define DEBUG_ALLOC 34 //#define DEBUG_ALLOC2 35 //#define DEBUG_EXT 36 37 #define QCOW_MAGIC (('Q' << 24) | ('F' << 16) | ('I' << 8) | 0xfb) 38 39 #define QCOW_CRYPT_NONE 0 40 #define QCOW_CRYPT_AES 1 41 #define QCOW_CRYPT_LUKS 2 42 43 #define QCOW_MAX_CRYPT_CLUSTERS 32 44 #define QCOW_MAX_SNAPSHOTS 65536 45 46 /* Field widths in qcow2 mean normal cluster offsets cannot reach 47 * 64PB; depending on cluster size, compressed clusters can have a 48 * smaller limit (64PB for up to 16k clusters, then ramps down to 49 * 512TB for 2M clusters). */ 50 #define QCOW_MAX_CLUSTER_OFFSET ((1ULL << 56) - 1) 51 52 /* 8 MB refcount table is enough for 2 PB images at 64k cluster size 53 * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */ 54 #define QCOW_MAX_REFTABLE_SIZE (8 * MiB) 55 56 /* 32 MB L1 table is enough for 2 PB images at 64k cluster size 57 * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */ 58 #define QCOW_MAX_L1_SIZE (32 * MiB) 59 60 /* Allow for an average of 1k per snapshot table entry, should be plenty of 61 * space for snapshot names and IDs */ 62 #define QCOW_MAX_SNAPSHOTS_SIZE (1024 * QCOW_MAX_SNAPSHOTS) 63 64 /* Maximum amount of extra data per snapshot table entry to accept */ 65 #define QCOW_MAX_SNAPSHOT_EXTRA_DATA 1024 66 67 /* Bitmap header extension constraints */ 68 #define QCOW2_MAX_BITMAPS 65535 69 #define QCOW2_MAX_BITMAP_DIRECTORY_SIZE (1024 * QCOW2_MAX_BITMAPS) 70 71 /* Maximum of parallel sub-request per guest request */ 72 #define QCOW2_MAX_WORKERS 8 73 74 /* indicate that the refcount of the referenced cluster is exactly one. */ 75 #define QCOW_OFLAG_COPIED (1ULL << 63) 76 /* indicate that the cluster is compressed (they never have the copied flag) */ 77 #define QCOW_OFLAG_COMPRESSED (1ULL << 62) 78 /* The cluster reads as all zeros */ 79 #define QCOW_OFLAG_ZERO (1ULL << 0) 80 81 #define QCOW_EXTL2_SUBCLUSTERS_PER_CLUSTER 32 82 83 /* The subcluster X [0..31] is allocated */ 84 #define QCOW_OFLAG_SUB_ALLOC(X) (1ULL << (X)) 85 /* The subcluster X [0..31] reads as zeroes */ 86 #define QCOW_OFLAG_SUB_ZERO(X) (QCOW_OFLAG_SUB_ALLOC(X) << 32) 87 /* Subclusters [X, Y) (0 <= X <= Y <= 32) are allocated */ 88 #define QCOW_OFLAG_SUB_ALLOC_RANGE(X, Y) \ 89 (QCOW_OFLAG_SUB_ALLOC(Y) - QCOW_OFLAG_SUB_ALLOC(X)) 90 /* Subclusters [X, Y) (0 <= X <= Y <= 32) read as zeroes */ 91 #define QCOW_OFLAG_SUB_ZERO_RANGE(X, Y) \ 92 (QCOW_OFLAG_SUB_ALLOC_RANGE(X, Y) << 32) 93 /* L2 entry bitmap with all allocation bits set */ 94 #define QCOW_L2_BITMAP_ALL_ALLOC (QCOW_OFLAG_SUB_ALLOC_RANGE(0, 32)) 95 /* L2 entry bitmap with all "read as zeroes" bits set */ 96 #define QCOW_L2_BITMAP_ALL_ZEROES (QCOW_OFLAG_SUB_ZERO_RANGE(0, 32)) 97 98 /* Size of normal and extended L2 entries */ 99 #define L2E_SIZE_NORMAL (sizeof(uint64_t)) 100 #define L2E_SIZE_EXTENDED (sizeof(uint64_t) * 2) 101 102 /* Size of L1 table entries */ 103 #define L1E_SIZE (sizeof(uint64_t)) 104 105 /* Size of reftable entries */ 106 #define REFTABLE_ENTRY_SIZE (sizeof(uint64_t)) 107 108 #define MIN_CLUSTER_BITS 9 109 #define MAX_CLUSTER_BITS 21 110 111 /* Defined in the qcow2 spec (compressed cluster descriptor) */ 112 #define QCOW2_COMPRESSED_SECTOR_SIZE 512U 113 114 /* Must be at least 2 to cover COW */ 115 #define MIN_L2_CACHE_SIZE 2 /* cache entries */ 116 117 /* Must be at least 4 to cover all cases of refcount table growth */ 118 #define MIN_REFCOUNT_CACHE_SIZE 4 /* clusters */ 119 120 #ifdef CONFIG_LINUX 121 #define DEFAULT_L2_CACHE_MAX_SIZE (32 * MiB) 122 #define DEFAULT_CACHE_CLEAN_INTERVAL 600 /* seconds */ 123 #else 124 #define DEFAULT_L2_CACHE_MAX_SIZE (8 * MiB) 125 /* Cache clean interval is currently available only on Linux, so must be 0 */ 126 #define DEFAULT_CACHE_CLEAN_INTERVAL 0 127 #endif 128 129 #define DEFAULT_CLUSTER_SIZE 65536 130 131 #define QCOW2_OPT_DATA_FILE "data-file" 132 #define QCOW2_OPT_LAZY_REFCOUNTS "lazy-refcounts" 133 #define QCOW2_OPT_DISCARD_REQUEST "pass-discard-request" 134 #define QCOW2_OPT_DISCARD_SNAPSHOT "pass-discard-snapshot" 135 #define QCOW2_OPT_DISCARD_OTHER "pass-discard-other" 136 #define QCOW2_OPT_OVERLAP "overlap-check" 137 #define QCOW2_OPT_OVERLAP_TEMPLATE "overlap-check.template" 138 #define QCOW2_OPT_OVERLAP_MAIN_HEADER "overlap-check.main-header" 139 #define QCOW2_OPT_OVERLAP_ACTIVE_L1 "overlap-check.active-l1" 140 #define QCOW2_OPT_OVERLAP_ACTIVE_L2 "overlap-check.active-l2" 141 #define QCOW2_OPT_OVERLAP_REFCOUNT_TABLE "overlap-check.refcount-table" 142 #define QCOW2_OPT_OVERLAP_REFCOUNT_BLOCK "overlap-check.refcount-block" 143 #define QCOW2_OPT_OVERLAP_SNAPSHOT_TABLE "overlap-check.snapshot-table" 144 #define QCOW2_OPT_OVERLAP_INACTIVE_L1 "overlap-check.inactive-l1" 145 #define QCOW2_OPT_OVERLAP_INACTIVE_L2 "overlap-check.inactive-l2" 146 #define QCOW2_OPT_OVERLAP_BITMAP_DIRECTORY "overlap-check.bitmap-directory" 147 #define QCOW2_OPT_CACHE_SIZE "cache-size" 148 #define QCOW2_OPT_L2_CACHE_SIZE "l2-cache-size" 149 #define QCOW2_OPT_L2_CACHE_ENTRY_SIZE "l2-cache-entry-size" 150 #define QCOW2_OPT_REFCOUNT_CACHE_SIZE "refcount-cache-size" 151 #define QCOW2_OPT_CACHE_CLEAN_INTERVAL "cache-clean-interval" 152 153 typedef struct QCowHeader { 154 uint32_t magic; 155 uint32_t version; 156 uint64_t backing_file_offset; 157 uint32_t backing_file_size; 158 uint32_t cluster_bits; 159 uint64_t size; /* in bytes */ 160 uint32_t crypt_method; 161 uint32_t l1_size; /* XXX: save number of clusters instead ? */ 162 uint64_t l1_table_offset; 163 uint64_t refcount_table_offset; 164 uint32_t refcount_table_clusters; 165 uint32_t nb_snapshots; 166 uint64_t snapshots_offset; 167 168 /* The following fields are only valid for version >= 3 */ 169 uint64_t incompatible_features; 170 uint64_t compatible_features; 171 uint64_t autoclear_features; 172 173 uint32_t refcount_order; 174 uint32_t header_length; 175 176 /* Additional fields */ 177 uint8_t compression_type; 178 179 /* header must be a multiple of 8 */ 180 uint8_t padding[7]; 181 } QEMU_PACKED QCowHeader; 182 183 QEMU_BUILD_BUG_ON(!QEMU_IS_ALIGNED(sizeof(QCowHeader), 8)); 184 185 typedef struct QEMU_PACKED QCowSnapshotHeader { 186 /* header is 8 byte aligned */ 187 uint64_t l1_table_offset; 188 189 uint32_t l1_size; 190 uint16_t id_str_size; 191 uint16_t name_size; 192 193 uint32_t date_sec; 194 uint32_t date_nsec; 195 196 uint64_t vm_clock_nsec; 197 198 uint32_t vm_state_size; 199 uint32_t extra_data_size; /* for extension */ 200 /* extra data follows */ 201 /* id_str follows */ 202 /* name follows */ 203 } QCowSnapshotHeader; 204 205 typedef struct QEMU_PACKED QCowSnapshotExtraData { 206 uint64_t vm_state_size_large; 207 uint64_t disk_size; 208 uint64_t icount; 209 } QCowSnapshotExtraData; 210 211 212 typedef struct QCowSnapshot { 213 uint64_t l1_table_offset; 214 uint32_t l1_size; 215 char *id_str; 216 char *name; 217 uint64_t disk_size; 218 uint64_t vm_state_size; 219 uint32_t date_sec; 220 uint32_t date_nsec; 221 uint64_t vm_clock_nsec; 222 /* icount value for the moment when snapshot was taken */ 223 uint64_t icount; 224 /* Size of all extra data, including QCowSnapshotExtraData if available */ 225 uint32_t extra_data_size; 226 /* Data beyond QCowSnapshotExtraData, if any */ 227 void *unknown_extra_data; 228 } QCowSnapshot; 229 230 struct Qcow2Cache; 231 typedef struct Qcow2Cache Qcow2Cache; 232 233 typedef struct Qcow2CryptoHeaderExtension { 234 uint64_t offset; 235 uint64_t length; 236 } QEMU_PACKED Qcow2CryptoHeaderExtension; 237 238 typedef struct Qcow2UnknownHeaderExtension { 239 uint32_t magic; 240 uint32_t len; 241 QLIST_ENTRY(Qcow2UnknownHeaderExtension) next; 242 uint8_t data[]; 243 } Qcow2UnknownHeaderExtension; 244 245 enum { 246 QCOW2_FEAT_TYPE_INCOMPATIBLE = 0, 247 QCOW2_FEAT_TYPE_COMPATIBLE = 1, 248 QCOW2_FEAT_TYPE_AUTOCLEAR = 2, 249 }; 250 251 /* Incompatible feature bits */ 252 enum { 253 QCOW2_INCOMPAT_DIRTY_BITNR = 0, 254 QCOW2_INCOMPAT_CORRUPT_BITNR = 1, 255 QCOW2_INCOMPAT_DATA_FILE_BITNR = 2, 256 QCOW2_INCOMPAT_COMPRESSION_BITNR = 3, 257 QCOW2_INCOMPAT_EXTL2_BITNR = 4, 258 QCOW2_INCOMPAT_DIRTY = 1 << QCOW2_INCOMPAT_DIRTY_BITNR, 259 QCOW2_INCOMPAT_CORRUPT = 1 << QCOW2_INCOMPAT_CORRUPT_BITNR, 260 QCOW2_INCOMPAT_DATA_FILE = 1 << QCOW2_INCOMPAT_DATA_FILE_BITNR, 261 QCOW2_INCOMPAT_COMPRESSION = 1 << QCOW2_INCOMPAT_COMPRESSION_BITNR, 262 QCOW2_INCOMPAT_EXTL2 = 1 << QCOW2_INCOMPAT_EXTL2_BITNR, 263 264 QCOW2_INCOMPAT_MASK = QCOW2_INCOMPAT_DIRTY 265 | QCOW2_INCOMPAT_CORRUPT 266 | QCOW2_INCOMPAT_DATA_FILE 267 | QCOW2_INCOMPAT_COMPRESSION 268 | QCOW2_INCOMPAT_EXTL2, 269 }; 270 271 /* Compatible feature bits */ 272 enum { 273 QCOW2_COMPAT_LAZY_REFCOUNTS_BITNR = 0, 274 QCOW2_COMPAT_LAZY_REFCOUNTS = 1 << QCOW2_COMPAT_LAZY_REFCOUNTS_BITNR, 275 276 QCOW2_COMPAT_FEAT_MASK = QCOW2_COMPAT_LAZY_REFCOUNTS, 277 }; 278 279 /* Autoclear feature bits */ 280 enum { 281 QCOW2_AUTOCLEAR_BITMAPS_BITNR = 0, 282 QCOW2_AUTOCLEAR_DATA_FILE_RAW_BITNR = 1, 283 QCOW2_AUTOCLEAR_BITMAPS = 1 << QCOW2_AUTOCLEAR_BITMAPS_BITNR, 284 QCOW2_AUTOCLEAR_DATA_FILE_RAW = 1 << QCOW2_AUTOCLEAR_DATA_FILE_RAW_BITNR, 285 286 QCOW2_AUTOCLEAR_MASK = QCOW2_AUTOCLEAR_BITMAPS 287 | QCOW2_AUTOCLEAR_DATA_FILE_RAW, 288 }; 289 290 enum qcow2_discard_type { 291 QCOW2_DISCARD_NEVER = 0, 292 QCOW2_DISCARD_ALWAYS, 293 QCOW2_DISCARD_REQUEST, 294 QCOW2_DISCARD_SNAPSHOT, 295 QCOW2_DISCARD_OTHER, 296 QCOW2_DISCARD_MAX 297 }; 298 299 typedef struct Qcow2Feature { 300 uint8_t type; 301 uint8_t bit; 302 char name[46]; 303 } QEMU_PACKED Qcow2Feature; 304 305 typedef struct Qcow2DiscardRegion { 306 BlockDriverState *bs; 307 uint64_t offset; 308 uint64_t bytes; 309 QTAILQ_ENTRY(Qcow2DiscardRegion) next; 310 } Qcow2DiscardRegion; 311 312 typedef uint64_t Qcow2GetRefcountFunc(const void *refcount_array, 313 uint64_t index); 314 typedef void Qcow2SetRefcountFunc(void *refcount_array, 315 uint64_t index, uint64_t value); 316 317 typedef struct Qcow2BitmapHeaderExt { 318 uint32_t nb_bitmaps; 319 uint32_t reserved32; 320 uint64_t bitmap_directory_size; 321 uint64_t bitmap_directory_offset; 322 } QEMU_PACKED Qcow2BitmapHeaderExt; 323 324 #define QCOW2_MAX_THREADS 4 325 326 typedef struct BDRVQcow2State { 327 int cluster_bits; 328 int cluster_size; 329 int l2_slice_size; 330 int subcluster_bits; 331 int subcluster_size; 332 int subclusters_per_cluster; 333 int l2_bits; 334 int l2_size; 335 int l1_size; 336 int l1_vm_state_index; 337 int refcount_block_bits; 338 int refcount_block_size; 339 int csize_shift; 340 int csize_mask; 341 uint64_t cluster_offset_mask; 342 uint64_t l1_table_offset; 343 uint64_t *l1_table; 344 345 Qcow2Cache *l2_table_cache; 346 Qcow2Cache *refcount_block_cache; 347 QEMUTimer *cache_clean_timer; 348 unsigned cache_clean_interval; 349 350 QLIST_HEAD(, QCowL2Meta) cluster_allocs; 351 352 uint64_t *refcount_table; 353 uint64_t refcount_table_offset; 354 uint32_t refcount_table_size; 355 uint32_t max_refcount_table_index; /* Last used entry in refcount_table */ 356 uint64_t free_cluster_index; 357 uint64_t free_byte_offset; 358 359 CoMutex lock; 360 361 Qcow2CryptoHeaderExtension crypto_header; /* QCow2 header extension */ 362 QCryptoBlockOpenOptions *crypto_opts; /* Disk encryption runtime options */ 363 QCryptoBlock *crypto; /* Disk encryption format driver */ 364 bool crypt_physical_offset; /* Whether to use virtual or physical offset 365 for encryption initialization vector tweak */ 366 uint32_t crypt_method_header; 367 uint64_t snapshots_offset; 368 int snapshots_size; 369 unsigned int nb_snapshots; 370 QCowSnapshot *snapshots; 371 372 uint32_t nb_bitmaps; 373 uint64_t bitmap_directory_size; 374 uint64_t bitmap_directory_offset; 375 376 int flags; 377 int qcow_version; 378 bool use_lazy_refcounts; 379 int refcount_order; 380 int refcount_bits; 381 uint64_t refcount_max; 382 383 Qcow2GetRefcountFunc *get_refcount; 384 Qcow2SetRefcountFunc *set_refcount; 385 386 bool discard_passthrough[QCOW2_DISCARD_MAX]; 387 388 int overlap_check; /* bitmask of Qcow2MetadataOverlap values */ 389 bool signaled_corruption; 390 391 uint64_t incompatible_features; 392 uint64_t compatible_features; 393 uint64_t autoclear_features; 394 395 size_t unknown_header_fields_size; 396 void *unknown_header_fields; 397 QLIST_HEAD(, Qcow2UnknownHeaderExtension) unknown_header_ext; 398 QTAILQ_HEAD (, Qcow2DiscardRegion) discards; 399 bool cache_discards; 400 401 /* Backing file path and format as stored in the image (this is not the 402 * effective path/format, which may be the result of a runtime option 403 * override) */ 404 char *image_backing_file; 405 char *image_backing_format; 406 char *image_data_file; 407 408 CoQueue thread_task_queue; 409 int nb_threads; 410 411 BdrvChild *data_file; 412 413 bool metadata_preallocation_checked; 414 bool metadata_preallocation; 415 /* 416 * Compression type used for the image. Default: 0 - ZLIB 417 * The image compression type is set on image creation. 418 * For now, the only way to change the compression type 419 * is to convert the image with the desired compression type set. 420 */ 421 Qcow2CompressionType compression_type; 422 } BDRVQcow2State; 423 424 typedef struct Qcow2COWRegion { 425 /** 426 * Offset of the COW region in bytes from the start of the first cluster 427 * touched by the request. 428 */ 429 unsigned offset; 430 431 /** Number of bytes to copy */ 432 unsigned nb_bytes; 433 } Qcow2COWRegion; 434 435 /** 436 * Describes an in-flight (part of a) write request that writes to clusters 437 * that need to have their L2 table entries updated (because they are 438 * newly allocated or need changes in their L2 bitmaps) 439 */ 440 typedef struct QCowL2Meta 441 { 442 /** Guest offset of the first updated cluster */ 443 uint64_t offset; 444 445 /** Host offset of the first updated cluster */ 446 uint64_t alloc_offset; 447 448 /** Number of updated clusters */ 449 int nb_clusters; 450 451 /** Do not free the old clusters */ 452 bool keep_old_clusters; 453 454 /** 455 * Requests that overlap with this allocation and wait to be restarted 456 * when the allocating request has completed. 457 */ 458 CoQueue dependent_requests; 459 460 /** 461 * The COW Region immediately before the area the guest actually 462 * writes to. This (part of the) write request starts at 463 * cow_start.offset + cow_start.nb_bytes. 464 */ 465 Qcow2COWRegion cow_start; 466 467 /** 468 * The COW Region immediately after the area the guest actually 469 * writes to. This (part of the) write request ends at cow_end.offset 470 * (which must always be set even when cow_end.nb_bytes is 0). 471 */ 472 Qcow2COWRegion cow_end; 473 474 /* 475 * Indicates that COW regions are already handled and do not require 476 * any more processing. 477 */ 478 bool skip_cow; 479 480 /** 481 * Indicates that this is not a normal write request but a preallocation. 482 * If the image has extended L2 entries this means that no new individual 483 * subclusters will be marked as allocated in the L2 bitmap (but any 484 * existing contents of that bitmap will be kept). 485 */ 486 bool prealloc; 487 488 /** 489 * The I/O vector with the data from the actual guest write request. 490 * If non-NULL, this is meant to be merged together with the data 491 * from @cow_start and @cow_end into one single write operation. 492 */ 493 QEMUIOVector *data_qiov; 494 size_t data_qiov_offset; 495 496 /** Pointer to next L2Meta of the same write request */ 497 struct QCowL2Meta *next; 498 499 QLIST_ENTRY(QCowL2Meta) next_in_flight; 500 } QCowL2Meta; 501 502 /* 503 * In images with standard L2 entries all clusters are treated as if 504 * they had one subcluster so QCow2ClusterType and QCow2SubclusterType 505 * can be mapped to each other and have the exact same meaning 506 * (QCOW2_SUBCLUSTER_UNALLOCATED_ALLOC cannot happen in these images). 507 * 508 * In images with extended L2 entries QCow2ClusterType refers to the 509 * complete cluster and QCow2SubclusterType to each of the individual 510 * subclusters, so there are several possible combinations: 511 * 512 * |--------------+---------------------------| 513 * | Cluster type | Possible subcluster types | 514 * |--------------+---------------------------| 515 * | UNALLOCATED | UNALLOCATED_PLAIN | 516 * | | ZERO_PLAIN | 517 * |--------------+---------------------------| 518 * | NORMAL | UNALLOCATED_ALLOC | 519 * | | ZERO_ALLOC | 520 * | | NORMAL | 521 * |--------------+---------------------------| 522 * | COMPRESSED | COMPRESSED | 523 * |--------------+---------------------------| 524 * 525 * QCOW2_SUBCLUSTER_INVALID means that the L2 entry is incorrect and 526 * the image should be marked corrupt. 527 */ 528 529 typedef enum QCow2ClusterType { 530 QCOW2_CLUSTER_UNALLOCATED, 531 QCOW2_CLUSTER_ZERO_PLAIN, 532 QCOW2_CLUSTER_ZERO_ALLOC, 533 QCOW2_CLUSTER_NORMAL, 534 QCOW2_CLUSTER_COMPRESSED, 535 } QCow2ClusterType; 536 537 typedef enum QCow2SubclusterType { 538 QCOW2_SUBCLUSTER_UNALLOCATED_PLAIN, 539 QCOW2_SUBCLUSTER_UNALLOCATED_ALLOC, 540 QCOW2_SUBCLUSTER_ZERO_PLAIN, 541 QCOW2_SUBCLUSTER_ZERO_ALLOC, 542 QCOW2_SUBCLUSTER_NORMAL, 543 QCOW2_SUBCLUSTER_COMPRESSED, 544 QCOW2_SUBCLUSTER_INVALID, 545 } QCow2SubclusterType; 546 547 typedef enum QCow2MetadataOverlap { 548 QCOW2_OL_MAIN_HEADER_BITNR = 0, 549 QCOW2_OL_ACTIVE_L1_BITNR = 1, 550 QCOW2_OL_ACTIVE_L2_BITNR = 2, 551 QCOW2_OL_REFCOUNT_TABLE_BITNR = 3, 552 QCOW2_OL_REFCOUNT_BLOCK_BITNR = 4, 553 QCOW2_OL_SNAPSHOT_TABLE_BITNR = 5, 554 QCOW2_OL_INACTIVE_L1_BITNR = 6, 555 QCOW2_OL_INACTIVE_L2_BITNR = 7, 556 QCOW2_OL_BITMAP_DIRECTORY_BITNR = 8, 557 558 QCOW2_OL_MAX_BITNR = 9, 559 560 QCOW2_OL_NONE = 0, 561 QCOW2_OL_MAIN_HEADER = (1 << QCOW2_OL_MAIN_HEADER_BITNR), 562 QCOW2_OL_ACTIVE_L1 = (1 << QCOW2_OL_ACTIVE_L1_BITNR), 563 QCOW2_OL_ACTIVE_L2 = (1 << QCOW2_OL_ACTIVE_L2_BITNR), 564 QCOW2_OL_REFCOUNT_TABLE = (1 << QCOW2_OL_REFCOUNT_TABLE_BITNR), 565 QCOW2_OL_REFCOUNT_BLOCK = (1 << QCOW2_OL_REFCOUNT_BLOCK_BITNR), 566 QCOW2_OL_SNAPSHOT_TABLE = (1 << QCOW2_OL_SNAPSHOT_TABLE_BITNR), 567 QCOW2_OL_INACTIVE_L1 = (1 << QCOW2_OL_INACTIVE_L1_BITNR), 568 /* NOTE: Checking overlaps with inactive L2 tables will result in bdrv 569 * reads. */ 570 QCOW2_OL_INACTIVE_L2 = (1 << QCOW2_OL_INACTIVE_L2_BITNR), 571 QCOW2_OL_BITMAP_DIRECTORY = (1 << QCOW2_OL_BITMAP_DIRECTORY_BITNR), 572 } QCow2MetadataOverlap; 573 574 /* Perform all overlap checks which can be done in constant time */ 575 #define QCOW2_OL_CONSTANT \ 576 (QCOW2_OL_MAIN_HEADER | QCOW2_OL_ACTIVE_L1 | QCOW2_OL_REFCOUNT_TABLE | \ 577 QCOW2_OL_SNAPSHOT_TABLE | QCOW2_OL_BITMAP_DIRECTORY) 578 579 /* Perform all overlap checks which don't require disk access */ 580 #define QCOW2_OL_CACHED \ 581 (QCOW2_OL_CONSTANT | QCOW2_OL_ACTIVE_L2 | QCOW2_OL_REFCOUNT_BLOCK | \ 582 QCOW2_OL_INACTIVE_L1) 583 584 /* Perform all overlap checks */ 585 #define QCOW2_OL_ALL \ 586 (QCOW2_OL_CACHED | QCOW2_OL_INACTIVE_L2) 587 588 #define L1E_OFFSET_MASK 0x00fffffffffffe00ULL 589 #define L1E_RESERVED_MASK 0x7f000000000001ffULL 590 #define L2E_OFFSET_MASK 0x00fffffffffffe00ULL 591 #define L2E_STD_RESERVED_MASK 0x3f000000000001feULL 592 593 #define REFT_OFFSET_MASK 0xfffffffffffffe00ULL 594 #define REFT_RESERVED_MASK 0x1ffULL 595 596 #define INV_OFFSET (-1ULL) 597 598 static inline bool has_subclusters(BDRVQcow2State *s) 599 { 600 return s->incompatible_features & QCOW2_INCOMPAT_EXTL2; 601 } 602 603 static inline size_t l2_entry_size(BDRVQcow2State *s) 604 { 605 return has_subclusters(s) ? L2E_SIZE_EXTENDED : L2E_SIZE_NORMAL; 606 } 607 608 static inline uint64_t get_l2_entry(BDRVQcow2State *s, uint64_t *l2_slice, 609 int idx) 610 { 611 idx *= l2_entry_size(s) / sizeof(uint64_t); 612 return be64_to_cpu(l2_slice[idx]); 613 } 614 615 static inline uint64_t get_l2_bitmap(BDRVQcow2State *s, uint64_t *l2_slice, 616 int idx) 617 { 618 if (has_subclusters(s)) { 619 idx *= l2_entry_size(s) / sizeof(uint64_t); 620 return be64_to_cpu(l2_slice[idx + 1]); 621 } else { 622 return 0; /* For convenience only; this value has no meaning. */ 623 } 624 } 625 626 static inline void set_l2_entry(BDRVQcow2State *s, uint64_t *l2_slice, 627 int idx, uint64_t entry) 628 { 629 idx *= l2_entry_size(s) / sizeof(uint64_t); 630 l2_slice[idx] = cpu_to_be64(entry); 631 } 632 633 static inline void set_l2_bitmap(BDRVQcow2State *s, uint64_t *l2_slice, 634 int idx, uint64_t bitmap) 635 { 636 assert(has_subclusters(s)); 637 idx *= l2_entry_size(s) / sizeof(uint64_t); 638 l2_slice[idx + 1] = cpu_to_be64(bitmap); 639 } 640 641 static inline bool has_data_file(BlockDriverState *bs) 642 { 643 BDRVQcow2State *s = bs->opaque; 644 return (s->data_file != bs->file); 645 } 646 647 static inline bool data_file_is_raw(BlockDriverState *bs) 648 { 649 BDRVQcow2State *s = bs->opaque; 650 return !!(s->autoclear_features & QCOW2_AUTOCLEAR_DATA_FILE_RAW); 651 } 652 653 static inline int64_t start_of_cluster(BDRVQcow2State *s, int64_t offset) 654 { 655 return offset & ~(s->cluster_size - 1); 656 } 657 658 static inline int64_t offset_into_cluster(BDRVQcow2State *s, int64_t offset) 659 { 660 return offset & (s->cluster_size - 1); 661 } 662 663 static inline int64_t offset_into_subcluster(BDRVQcow2State *s, int64_t offset) 664 { 665 return offset & (s->subcluster_size - 1); 666 } 667 668 static inline uint64_t size_to_clusters(BDRVQcow2State *s, uint64_t size) 669 { 670 return (size + (s->cluster_size - 1)) >> s->cluster_bits; 671 } 672 673 static inline uint64_t size_to_subclusters(BDRVQcow2State *s, uint64_t size) 674 { 675 return (size + (s->subcluster_size - 1)) >> s->subcluster_bits; 676 } 677 678 static inline int64_t size_to_l1(BDRVQcow2State *s, int64_t size) 679 { 680 int shift = s->cluster_bits + s->l2_bits; 681 return (size + (1ULL << shift) - 1) >> shift; 682 } 683 684 static inline int offset_to_l1_index(BDRVQcow2State *s, uint64_t offset) 685 { 686 return offset >> (s->l2_bits + s->cluster_bits); 687 } 688 689 static inline int offset_to_l2_index(BDRVQcow2State *s, int64_t offset) 690 { 691 return (offset >> s->cluster_bits) & (s->l2_size - 1); 692 } 693 694 static inline int offset_to_l2_slice_index(BDRVQcow2State *s, int64_t offset) 695 { 696 return (offset >> s->cluster_bits) & (s->l2_slice_size - 1); 697 } 698 699 static inline int offset_to_sc_index(BDRVQcow2State *s, int64_t offset) 700 { 701 return (offset >> s->subcluster_bits) & (s->subclusters_per_cluster - 1); 702 } 703 704 static inline int64_t qcow2_vm_state_offset(BDRVQcow2State *s) 705 { 706 return (int64_t)s->l1_vm_state_index << (s->cluster_bits + s->l2_bits); 707 } 708 709 static inline QCow2ClusterType qcow2_get_cluster_type(BlockDriverState *bs, 710 uint64_t l2_entry) 711 { 712 BDRVQcow2State *s = bs->opaque; 713 714 if (l2_entry & QCOW_OFLAG_COMPRESSED) { 715 return QCOW2_CLUSTER_COMPRESSED; 716 } else if ((l2_entry & QCOW_OFLAG_ZERO) && !has_subclusters(s)) { 717 if (l2_entry & L2E_OFFSET_MASK) { 718 return QCOW2_CLUSTER_ZERO_ALLOC; 719 } 720 return QCOW2_CLUSTER_ZERO_PLAIN; 721 } else if (!(l2_entry & L2E_OFFSET_MASK)) { 722 /* Offset 0 generally means unallocated, but it is ambiguous with 723 * external data files because 0 is a valid offset there. However, all 724 * clusters in external data files always have refcount 1, so we can 725 * rely on QCOW_OFLAG_COPIED to disambiguate. */ 726 if (has_data_file(bs) && (l2_entry & QCOW_OFLAG_COPIED)) { 727 return QCOW2_CLUSTER_NORMAL; 728 } else { 729 return QCOW2_CLUSTER_UNALLOCATED; 730 } 731 } else { 732 return QCOW2_CLUSTER_NORMAL; 733 } 734 } 735 736 /* 737 * In an image without subsclusters @l2_bitmap is ignored and 738 * @sc_index must be 0. 739 * Return QCOW2_SUBCLUSTER_INVALID if an invalid l2 entry is detected 740 * (this checks the whole entry and bitmap, not only the bits related 741 * to subcluster @sc_index). 742 */ 743 static inline 744 QCow2SubclusterType qcow2_get_subcluster_type(BlockDriverState *bs, 745 uint64_t l2_entry, 746 uint64_t l2_bitmap, 747 unsigned sc_index) 748 { 749 BDRVQcow2State *s = bs->opaque; 750 QCow2ClusterType type = qcow2_get_cluster_type(bs, l2_entry); 751 assert(sc_index < s->subclusters_per_cluster); 752 753 if (has_subclusters(s)) { 754 switch (type) { 755 case QCOW2_CLUSTER_COMPRESSED: 756 return QCOW2_SUBCLUSTER_COMPRESSED; 757 case QCOW2_CLUSTER_NORMAL: 758 if ((l2_bitmap >> 32) & l2_bitmap) { 759 return QCOW2_SUBCLUSTER_INVALID; 760 } else if (l2_bitmap & QCOW_OFLAG_SUB_ZERO(sc_index)) { 761 return QCOW2_SUBCLUSTER_ZERO_ALLOC; 762 } else if (l2_bitmap & QCOW_OFLAG_SUB_ALLOC(sc_index)) { 763 return QCOW2_SUBCLUSTER_NORMAL; 764 } else { 765 return QCOW2_SUBCLUSTER_UNALLOCATED_ALLOC; 766 } 767 case QCOW2_CLUSTER_UNALLOCATED: 768 if (l2_bitmap & QCOW_L2_BITMAP_ALL_ALLOC) { 769 return QCOW2_SUBCLUSTER_INVALID; 770 } else if (l2_bitmap & QCOW_OFLAG_SUB_ZERO(sc_index)) { 771 return QCOW2_SUBCLUSTER_ZERO_PLAIN; 772 } else { 773 return QCOW2_SUBCLUSTER_UNALLOCATED_PLAIN; 774 } 775 default: 776 g_assert_not_reached(); 777 } 778 } else { 779 switch (type) { 780 case QCOW2_CLUSTER_COMPRESSED: 781 return QCOW2_SUBCLUSTER_COMPRESSED; 782 case QCOW2_CLUSTER_ZERO_PLAIN: 783 return QCOW2_SUBCLUSTER_ZERO_PLAIN; 784 case QCOW2_CLUSTER_ZERO_ALLOC: 785 return QCOW2_SUBCLUSTER_ZERO_ALLOC; 786 case QCOW2_CLUSTER_NORMAL: 787 return QCOW2_SUBCLUSTER_NORMAL; 788 case QCOW2_CLUSTER_UNALLOCATED: 789 return QCOW2_SUBCLUSTER_UNALLOCATED_PLAIN; 790 default: 791 g_assert_not_reached(); 792 } 793 } 794 } 795 796 static inline bool qcow2_cluster_is_allocated(QCow2ClusterType type) 797 { 798 return (type == QCOW2_CLUSTER_COMPRESSED || type == QCOW2_CLUSTER_NORMAL || 799 type == QCOW2_CLUSTER_ZERO_ALLOC); 800 } 801 802 /* Check whether refcounts are eager or lazy */ 803 static inline bool qcow2_need_accurate_refcounts(BDRVQcow2State *s) 804 { 805 return !(s->incompatible_features & QCOW2_INCOMPAT_DIRTY); 806 } 807 808 static inline uint64_t l2meta_cow_start(QCowL2Meta *m) 809 { 810 return m->offset + m->cow_start.offset; 811 } 812 813 static inline uint64_t l2meta_cow_end(QCowL2Meta *m) 814 { 815 return m->offset + m->cow_end.offset + m->cow_end.nb_bytes; 816 } 817 818 static inline uint64_t refcount_diff(uint64_t r1, uint64_t r2) 819 { 820 return r1 > r2 ? r1 - r2 : r2 - r1; 821 } 822 823 static inline 824 uint32_t offset_to_reftable_index(BDRVQcow2State *s, uint64_t offset) 825 { 826 return offset >> (s->refcount_block_bits + s->cluster_bits); 827 } 828 829 /* qcow2.c functions */ 830 int64_t qcow2_refcount_metadata_size(int64_t clusters, size_t cluster_size, 831 int refcount_order, bool generous_increase, 832 uint64_t *refblock_count); 833 834 int qcow2_mark_dirty(BlockDriverState *bs); 835 int qcow2_mark_corrupt(BlockDriverState *bs); 836 int qcow2_mark_consistent(BlockDriverState *bs); 837 int qcow2_update_header(BlockDriverState *bs); 838 839 void qcow2_signal_corruption(BlockDriverState *bs, bool fatal, int64_t offset, 840 int64_t size, const char *message_format, ...) 841 G_GNUC_PRINTF(5, 6); 842 843 int qcow2_validate_table(BlockDriverState *bs, uint64_t offset, 844 uint64_t entries, size_t entry_len, 845 int64_t max_size_bytes, const char *table_name, 846 Error **errp); 847 848 /* qcow2-refcount.c functions */ 849 int coroutine_fn GRAPH_RDLOCK qcow2_refcount_init(BlockDriverState *bs); 850 void qcow2_refcount_close(BlockDriverState *bs); 851 852 int qcow2_get_refcount(BlockDriverState *bs, int64_t cluster_index, 853 uint64_t *refcount); 854 855 int qcow2_update_cluster_refcount(BlockDriverState *bs, int64_t cluster_index, 856 uint64_t addend, bool decrease, 857 enum qcow2_discard_type type); 858 859 int64_t qcow2_refcount_area(BlockDriverState *bs, uint64_t offset, 860 uint64_t additional_clusters, bool exact_size, 861 int new_refblock_index, 862 uint64_t new_refblock_offset); 863 864 int64_t qcow2_alloc_clusters(BlockDriverState *bs, uint64_t size); 865 int64_t coroutine_fn qcow2_alloc_clusters_at(BlockDriverState *bs, uint64_t offset, 866 int64_t nb_clusters); 867 int64_t coroutine_fn qcow2_alloc_bytes(BlockDriverState *bs, int size); 868 void qcow2_free_clusters(BlockDriverState *bs, 869 int64_t offset, int64_t size, 870 enum qcow2_discard_type type); 871 void qcow2_free_any_cluster(BlockDriverState *bs, uint64_t l2_entry, 872 enum qcow2_discard_type type); 873 874 int qcow2_update_snapshot_refcount(BlockDriverState *bs, 875 int64_t l1_table_offset, int l1_size, int addend); 876 877 int qcow2_flush_caches(BlockDriverState *bs); 878 int qcow2_write_caches(BlockDriverState *bs); 879 int qcow2_check_refcounts(BlockDriverState *bs, BdrvCheckResult *res, 880 BdrvCheckMode fix); 881 882 void qcow2_process_discards(BlockDriverState *bs, int ret); 883 884 int qcow2_check_metadata_overlap(BlockDriverState *bs, int ign, int64_t offset, 885 int64_t size); 886 int qcow2_pre_write_overlap_check(BlockDriverState *bs, int ign, int64_t offset, 887 int64_t size, bool data_file); 888 int qcow2_inc_refcounts_imrt(BlockDriverState *bs, BdrvCheckResult *res, 889 void **refcount_table, 890 int64_t *refcount_table_size, 891 int64_t offset, int64_t size); 892 893 int qcow2_change_refcount_order(BlockDriverState *bs, int refcount_order, 894 BlockDriverAmendStatusCB *status_cb, 895 void *cb_opaque, Error **errp); 896 int coroutine_fn GRAPH_RDLOCK qcow2_shrink_reftable(BlockDriverState *bs); 897 int64_t coroutine_fn qcow2_get_last_cluster(BlockDriverState *bs, int64_t size); 898 899 int coroutine_fn GRAPH_RDLOCK 900 qcow2_detect_metadata_preallocation(BlockDriverState *bs); 901 902 /* qcow2-cluster.c functions */ 903 int qcow2_grow_l1_table(BlockDriverState *bs, uint64_t min_size, 904 bool exact_size); 905 906 int coroutine_fn GRAPH_RDLOCK 907 qcow2_shrink_l1_table(BlockDriverState *bs, uint64_t max_size); 908 909 int qcow2_write_l1_entry(BlockDriverState *bs, int l1_index); 910 int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t sector_num, 911 uint8_t *buf, int nb_sectors, bool enc, Error **errp); 912 913 int qcow2_get_host_offset(BlockDriverState *bs, uint64_t offset, 914 unsigned int *bytes, uint64_t *host_offset, 915 QCow2SubclusterType *subcluster_type); 916 int coroutine_fn qcow2_alloc_host_offset(BlockDriverState *bs, uint64_t offset, 917 unsigned int *bytes, 918 uint64_t *host_offset, QCowL2Meta **m); 919 int coroutine_fn qcow2_alloc_compressed_cluster_offset(BlockDriverState *bs, 920 uint64_t offset, 921 int compressed_size, 922 uint64_t *host_offset); 923 void qcow2_parse_compressed_l2_entry(BlockDriverState *bs, uint64_t l2_entry, 924 uint64_t *coffset, int *csize); 925 926 int coroutine_fn GRAPH_RDLOCK 927 qcow2_alloc_cluster_link_l2(BlockDriverState *bs, QCowL2Meta *m); 928 929 void coroutine_fn qcow2_alloc_cluster_abort(BlockDriverState *bs, QCowL2Meta *m); 930 int qcow2_cluster_discard(BlockDriverState *bs, uint64_t offset, 931 uint64_t bytes, enum qcow2_discard_type type, 932 bool full_discard); 933 934 int coroutine_fn GRAPH_RDLOCK 935 qcow2_subcluster_zeroize(BlockDriverState *bs, uint64_t offset, uint64_t bytes, 936 int flags); 937 938 int qcow2_expand_zero_clusters(BlockDriverState *bs, 939 BlockDriverAmendStatusCB *status_cb, 940 void *cb_opaque); 941 942 /* qcow2-snapshot.c functions */ 943 int qcow2_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info); 944 int qcow2_snapshot_goto(BlockDriverState *bs, const char *snapshot_id); 945 int qcow2_snapshot_delete(BlockDriverState *bs, 946 const char *snapshot_id, 947 const char *name, 948 Error **errp); 949 int qcow2_snapshot_list(BlockDriverState *bs, QEMUSnapshotInfo **psn_tab); 950 int qcow2_snapshot_load_tmp(BlockDriverState *bs, 951 const char *snapshot_id, 952 const char *name, 953 Error **errp); 954 955 void qcow2_free_snapshots(BlockDriverState *bs); 956 int coroutine_fn GRAPH_RDLOCK 957 qcow2_read_snapshots(BlockDriverState *bs, Error **errp); 958 int qcow2_write_snapshots(BlockDriverState *bs); 959 960 int coroutine_fn GRAPH_RDLOCK 961 qcow2_check_read_snapshot_table(BlockDriverState *bs, BdrvCheckResult *result, 962 BdrvCheckMode fix); 963 964 int coroutine_fn qcow2_check_fix_snapshot_table(BlockDriverState *bs, 965 BdrvCheckResult *result, 966 BdrvCheckMode fix); 967 968 /* qcow2-cache.c functions */ 969 Qcow2Cache *qcow2_cache_create(BlockDriverState *bs, int num_tables, 970 unsigned table_size); 971 int qcow2_cache_destroy(Qcow2Cache *c); 972 973 void qcow2_cache_entry_mark_dirty(Qcow2Cache *c, void *table); 974 int qcow2_cache_flush(BlockDriverState *bs, Qcow2Cache *c); 975 int qcow2_cache_write(BlockDriverState *bs, Qcow2Cache *c); 976 int qcow2_cache_set_dependency(BlockDriverState *bs, Qcow2Cache *c, 977 Qcow2Cache *dependency); 978 void qcow2_cache_depends_on_flush(Qcow2Cache *c); 979 980 void qcow2_cache_clean_unused(Qcow2Cache *c); 981 int qcow2_cache_empty(BlockDriverState *bs, Qcow2Cache *c); 982 983 int qcow2_cache_get(BlockDriverState *bs, Qcow2Cache *c, uint64_t offset, 984 void **table); 985 int qcow2_cache_get_empty(BlockDriverState *bs, Qcow2Cache *c, uint64_t offset, 986 void **table); 987 void qcow2_cache_put(Qcow2Cache *c, void **table); 988 void *qcow2_cache_is_table_offset(Qcow2Cache *c, uint64_t offset); 989 void qcow2_cache_discard(Qcow2Cache *c, void *table); 990 991 /* qcow2-bitmap.c functions */ 992 int qcow2_check_bitmaps_refcounts(BlockDriverState *bs, BdrvCheckResult *res, 993 void **refcount_table, 994 int64_t *refcount_table_size); 995 bool coroutine_fn qcow2_load_dirty_bitmaps(BlockDriverState *bs, 996 bool *header_updated, Error **errp); 997 bool qcow2_get_bitmap_info_list(BlockDriverState *bs, 998 Qcow2BitmapInfoList **info_list, Error **errp); 999 int qcow2_reopen_bitmaps_rw(BlockDriverState *bs, Error **errp); 1000 int coroutine_fn qcow2_truncate_bitmaps_check(BlockDriverState *bs, Error **errp); 1001 bool qcow2_store_persistent_dirty_bitmaps(BlockDriverState *bs, 1002 bool release_stored, Error **errp); 1003 int qcow2_reopen_bitmaps_ro(BlockDriverState *bs, Error **errp); 1004 bool coroutine_fn qcow2_co_can_store_new_dirty_bitmap(BlockDriverState *bs, 1005 const char *name, 1006 uint32_t granularity, 1007 Error **errp); 1008 int coroutine_fn qcow2_co_remove_persistent_dirty_bitmap(BlockDriverState *bs, 1009 const char *name, 1010 Error **errp); 1011 bool qcow2_supports_persistent_dirty_bitmap(BlockDriverState *bs); 1012 uint64_t qcow2_get_persistent_dirty_bitmap_size(BlockDriverState *bs, 1013 uint32_t cluster_size); 1014 1015 ssize_t coroutine_fn 1016 qcow2_co_compress(BlockDriverState *bs, void *dest, size_t dest_size, 1017 const void *src, size_t src_size); 1018 ssize_t coroutine_fn 1019 qcow2_co_decompress(BlockDriverState *bs, void *dest, size_t dest_size, 1020 const void *src, size_t src_size); 1021 int coroutine_fn 1022 qcow2_co_encrypt(BlockDriverState *bs, uint64_t host_offset, 1023 uint64_t guest_offset, void *buf, size_t len); 1024 int coroutine_fn 1025 qcow2_co_decrypt(BlockDriverState *bs, uint64_t host_offset, 1026 uint64_t guest_offset, void *buf, size_t len); 1027 1028 #endif 1029