1 /* 2 * Block driver for the QCOW version 2 format 3 * 4 * Copyright (c) 2004-2006 Fabrice Bellard 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #ifndef BLOCK_QCOW2_H 26 #define BLOCK_QCOW2_H 27 28 #include "crypto/block.h" 29 #include "qemu/coroutine.h" 30 #include "qemu/units.h" 31 #include "block/block_int.h" 32 33 //#define DEBUG_ALLOC 34 //#define DEBUG_ALLOC2 35 //#define DEBUG_EXT 36 37 #define QCOW_MAGIC (('Q' << 24) | ('F' << 16) | ('I' << 8) | 0xfb) 38 39 #define QCOW_CRYPT_NONE 0 40 #define QCOW_CRYPT_AES 1 41 #define QCOW_CRYPT_LUKS 2 42 43 #define QCOW_MAX_CRYPT_CLUSTERS 32 44 #define QCOW_MAX_SNAPSHOTS 65536 45 46 /* Field widths in qcow2 mean normal cluster offsets cannot reach 47 * 64PB; depending on cluster size, compressed clusters can have a 48 * smaller limit (64PB for up to 16k clusters, then ramps down to 49 * 512TB for 2M clusters). */ 50 #define QCOW_MAX_CLUSTER_OFFSET ((1ULL << 56) - 1) 51 52 /* 8 MB refcount table is enough for 2 PB images at 64k cluster size 53 * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */ 54 #define QCOW_MAX_REFTABLE_SIZE (8 * MiB) 55 56 /* 32 MB L1 table is enough for 2 PB images at 64k cluster size 57 * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */ 58 #define QCOW_MAX_L1_SIZE (32 * MiB) 59 60 /* Allow for an average of 1k per snapshot table entry, should be plenty of 61 * space for snapshot names and IDs */ 62 #define QCOW_MAX_SNAPSHOTS_SIZE (1024 * QCOW_MAX_SNAPSHOTS) 63 64 /* Maximum amount of extra data per snapshot table entry to accept */ 65 #define QCOW_MAX_SNAPSHOT_EXTRA_DATA 1024 66 67 /* Bitmap header extension constraints */ 68 #define QCOW2_MAX_BITMAPS 65535 69 #define QCOW2_MAX_BITMAP_DIRECTORY_SIZE (1024 * QCOW2_MAX_BITMAPS) 70 71 /* Maximum of parallel sub-request per guest request */ 72 #define QCOW2_MAX_WORKERS 8 73 74 /* indicate that the refcount of the referenced cluster is exactly one. */ 75 #define QCOW_OFLAG_COPIED (1ULL << 63) 76 /* indicate that the cluster is compressed (they never have the copied flag) */ 77 #define QCOW_OFLAG_COMPRESSED (1ULL << 62) 78 /* The cluster reads as all zeros */ 79 #define QCOW_OFLAG_ZERO (1ULL << 0) 80 81 #define QCOW_EXTL2_SUBCLUSTERS_PER_CLUSTER 32 82 83 /* The subcluster X [0..31] is allocated */ 84 #define QCOW_OFLAG_SUB_ALLOC(X) (1ULL << (X)) 85 /* The subcluster X [0..31] reads as zeroes */ 86 #define QCOW_OFLAG_SUB_ZERO(X) (QCOW_OFLAG_SUB_ALLOC(X) << 32) 87 /* Subclusters [X, Y) (0 <= X <= Y <= 32) are allocated */ 88 #define QCOW_OFLAG_SUB_ALLOC_RANGE(X, Y) \ 89 (QCOW_OFLAG_SUB_ALLOC(Y) - QCOW_OFLAG_SUB_ALLOC(X)) 90 /* Subclusters [X, Y) (0 <= X <= Y <= 32) read as zeroes */ 91 #define QCOW_OFLAG_SUB_ZERO_RANGE(X, Y) \ 92 (QCOW_OFLAG_SUB_ALLOC_RANGE(X, Y) << 32) 93 /* L2 entry bitmap with all allocation bits set */ 94 #define QCOW_L2_BITMAP_ALL_ALLOC (QCOW_OFLAG_SUB_ALLOC_RANGE(0, 32)) 95 /* L2 entry bitmap with all "read as zeroes" bits set */ 96 #define QCOW_L2_BITMAP_ALL_ZEROES (QCOW_OFLAG_SUB_ZERO_RANGE(0, 32)) 97 98 /* Size of normal and extended L2 entries */ 99 #define L2E_SIZE_NORMAL (sizeof(uint64_t)) 100 #define L2E_SIZE_EXTENDED (sizeof(uint64_t) * 2) 101 102 /* Size of L1 table entries */ 103 #define L1E_SIZE (sizeof(uint64_t)) 104 105 /* Size of reftable entries */ 106 #define REFTABLE_ENTRY_SIZE (sizeof(uint64_t)) 107 108 #define MIN_CLUSTER_BITS 9 109 #define MAX_CLUSTER_BITS 21 110 111 /* Defined in the qcow2 spec (compressed cluster descriptor) */ 112 #define QCOW2_COMPRESSED_SECTOR_SIZE 512U 113 114 /* Must be at least 2 to cover COW */ 115 #define MIN_L2_CACHE_SIZE 2 /* cache entries */ 116 117 /* Must be at least 4 to cover all cases of refcount table growth */ 118 #define MIN_REFCOUNT_CACHE_SIZE 4 /* clusters */ 119 120 #ifdef CONFIG_LINUX 121 #define DEFAULT_L2_CACHE_MAX_SIZE (32 * MiB) 122 #define DEFAULT_CACHE_CLEAN_INTERVAL 600 /* seconds */ 123 #else 124 #define DEFAULT_L2_CACHE_MAX_SIZE (8 * MiB) 125 /* Cache clean interval is currently available only on Linux, so must be 0 */ 126 #define DEFAULT_CACHE_CLEAN_INTERVAL 0 127 #endif 128 129 #define DEFAULT_CLUSTER_SIZE 65536 130 131 #define QCOW2_OPT_DATA_FILE "data-file" 132 #define QCOW2_OPT_LAZY_REFCOUNTS "lazy-refcounts" 133 #define QCOW2_OPT_DISCARD_REQUEST "pass-discard-request" 134 #define QCOW2_OPT_DISCARD_SNAPSHOT "pass-discard-snapshot" 135 #define QCOW2_OPT_DISCARD_OTHER "pass-discard-other" 136 #define QCOW2_OPT_DISCARD_NO_UNREF "discard-no-unref" 137 #define QCOW2_OPT_OVERLAP "overlap-check" 138 #define QCOW2_OPT_OVERLAP_TEMPLATE "overlap-check.template" 139 #define QCOW2_OPT_OVERLAP_MAIN_HEADER "overlap-check.main-header" 140 #define QCOW2_OPT_OVERLAP_ACTIVE_L1 "overlap-check.active-l1" 141 #define QCOW2_OPT_OVERLAP_ACTIVE_L2 "overlap-check.active-l2" 142 #define QCOW2_OPT_OVERLAP_REFCOUNT_TABLE "overlap-check.refcount-table" 143 #define QCOW2_OPT_OVERLAP_REFCOUNT_BLOCK "overlap-check.refcount-block" 144 #define QCOW2_OPT_OVERLAP_SNAPSHOT_TABLE "overlap-check.snapshot-table" 145 #define QCOW2_OPT_OVERLAP_INACTIVE_L1 "overlap-check.inactive-l1" 146 #define QCOW2_OPT_OVERLAP_INACTIVE_L2 "overlap-check.inactive-l2" 147 #define QCOW2_OPT_OVERLAP_BITMAP_DIRECTORY "overlap-check.bitmap-directory" 148 #define QCOW2_OPT_CACHE_SIZE "cache-size" 149 #define QCOW2_OPT_L2_CACHE_SIZE "l2-cache-size" 150 #define QCOW2_OPT_L2_CACHE_ENTRY_SIZE "l2-cache-entry-size" 151 #define QCOW2_OPT_REFCOUNT_CACHE_SIZE "refcount-cache-size" 152 #define QCOW2_OPT_CACHE_CLEAN_INTERVAL "cache-clean-interval" 153 154 typedef struct QCowHeader { 155 uint32_t magic; 156 uint32_t version; 157 uint64_t backing_file_offset; 158 uint32_t backing_file_size; 159 uint32_t cluster_bits; 160 uint64_t size; /* in bytes */ 161 uint32_t crypt_method; 162 uint32_t l1_size; /* XXX: save number of clusters instead ? */ 163 uint64_t l1_table_offset; 164 uint64_t refcount_table_offset; 165 uint32_t refcount_table_clusters; 166 uint32_t nb_snapshots; 167 uint64_t snapshots_offset; 168 169 /* The following fields are only valid for version >= 3 */ 170 uint64_t incompatible_features; 171 uint64_t compatible_features; 172 uint64_t autoclear_features; 173 174 uint32_t refcount_order; 175 uint32_t header_length; 176 177 /* Additional fields */ 178 uint8_t compression_type; 179 180 /* header must be a multiple of 8 */ 181 uint8_t padding[7]; 182 } QEMU_PACKED QCowHeader; 183 184 QEMU_BUILD_BUG_ON(!QEMU_IS_ALIGNED(sizeof(QCowHeader), 8)); 185 186 typedef struct QEMU_PACKED QCowSnapshotHeader { 187 /* header is 8 byte aligned */ 188 uint64_t l1_table_offset; 189 190 uint32_t l1_size; 191 uint16_t id_str_size; 192 uint16_t name_size; 193 194 uint32_t date_sec; 195 uint32_t date_nsec; 196 197 uint64_t vm_clock_nsec; 198 199 uint32_t vm_state_size; 200 uint32_t extra_data_size; /* for extension */ 201 /* extra data follows */ 202 /* id_str follows */ 203 /* name follows */ 204 } QCowSnapshotHeader; 205 206 typedef struct QEMU_PACKED QCowSnapshotExtraData { 207 uint64_t vm_state_size_large; 208 uint64_t disk_size; 209 uint64_t icount; 210 } QCowSnapshotExtraData; 211 212 213 typedef struct QCowSnapshot { 214 uint64_t l1_table_offset; 215 uint32_t l1_size; 216 char *id_str; 217 char *name; 218 uint64_t disk_size; 219 uint64_t vm_state_size; 220 uint32_t date_sec; 221 uint32_t date_nsec; 222 uint64_t vm_clock_nsec; 223 /* icount value for the moment when snapshot was taken */ 224 uint64_t icount; 225 /* Size of all extra data, including QCowSnapshotExtraData if available */ 226 uint32_t extra_data_size; 227 /* Data beyond QCowSnapshotExtraData, if any */ 228 void *unknown_extra_data; 229 } QCowSnapshot; 230 231 struct Qcow2Cache; 232 typedef struct Qcow2Cache Qcow2Cache; 233 234 typedef struct Qcow2CryptoHeaderExtension { 235 uint64_t offset; 236 uint64_t length; 237 } QEMU_PACKED Qcow2CryptoHeaderExtension; 238 239 typedef struct Qcow2UnknownHeaderExtension { 240 uint32_t magic; 241 uint32_t len; 242 QLIST_ENTRY(Qcow2UnknownHeaderExtension) next; 243 uint8_t data[]; 244 } Qcow2UnknownHeaderExtension; 245 246 enum { 247 QCOW2_FEAT_TYPE_INCOMPATIBLE = 0, 248 QCOW2_FEAT_TYPE_COMPATIBLE = 1, 249 QCOW2_FEAT_TYPE_AUTOCLEAR = 2, 250 }; 251 252 /* Incompatible feature bits */ 253 enum { 254 QCOW2_INCOMPAT_DIRTY_BITNR = 0, 255 QCOW2_INCOMPAT_CORRUPT_BITNR = 1, 256 QCOW2_INCOMPAT_DATA_FILE_BITNR = 2, 257 QCOW2_INCOMPAT_COMPRESSION_BITNR = 3, 258 QCOW2_INCOMPAT_EXTL2_BITNR = 4, 259 QCOW2_INCOMPAT_DIRTY = 1 << QCOW2_INCOMPAT_DIRTY_BITNR, 260 QCOW2_INCOMPAT_CORRUPT = 1 << QCOW2_INCOMPAT_CORRUPT_BITNR, 261 QCOW2_INCOMPAT_DATA_FILE = 1 << QCOW2_INCOMPAT_DATA_FILE_BITNR, 262 QCOW2_INCOMPAT_COMPRESSION = 1 << QCOW2_INCOMPAT_COMPRESSION_BITNR, 263 QCOW2_INCOMPAT_EXTL2 = 1 << QCOW2_INCOMPAT_EXTL2_BITNR, 264 265 QCOW2_INCOMPAT_MASK = QCOW2_INCOMPAT_DIRTY 266 | QCOW2_INCOMPAT_CORRUPT 267 | QCOW2_INCOMPAT_DATA_FILE 268 | QCOW2_INCOMPAT_COMPRESSION 269 | QCOW2_INCOMPAT_EXTL2, 270 }; 271 272 /* Compatible feature bits */ 273 enum { 274 QCOW2_COMPAT_LAZY_REFCOUNTS_BITNR = 0, 275 QCOW2_COMPAT_LAZY_REFCOUNTS = 1 << QCOW2_COMPAT_LAZY_REFCOUNTS_BITNR, 276 277 QCOW2_COMPAT_FEAT_MASK = QCOW2_COMPAT_LAZY_REFCOUNTS, 278 }; 279 280 /* Autoclear feature bits */ 281 enum { 282 QCOW2_AUTOCLEAR_BITMAPS_BITNR = 0, 283 QCOW2_AUTOCLEAR_DATA_FILE_RAW_BITNR = 1, 284 QCOW2_AUTOCLEAR_BITMAPS = 1 << QCOW2_AUTOCLEAR_BITMAPS_BITNR, 285 QCOW2_AUTOCLEAR_DATA_FILE_RAW = 1 << QCOW2_AUTOCLEAR_DATA_FILE_RAW_BITNR, 286 287 QCOW2_AUTOCLEAR_MASK = QCOW2_AUTOCLEAR_BITMAPS 288 | QCOW2_AUTOCLEAR_DATA_FILE_RAW, 289 }; 290 291 enum qcow2_discard_type { 292 QCOW2_DISCARD_NEVER = 0, 293 QCOW2_DISCARD_ALWAYS, 294 QCOW2_DISCARD_REQUEST, 295 QCOW2_DISCARD_SNAPSHOT, 296 QCOW2_DISCARD_OTHER, 297 QCOW2_DISCARD_MAX 298 }; 299 300 typedef struct Qcow2Feature { 301 uint8_t type; 302 uint8_t bit; 303 char name[46]; 304 } QEMU_PACKED Qcow2Feature; 305 306 typedef struct Qcow2DiscardRegion { 307 BlockDriverState *bs; 308 uint64_t offset; 309 uint64_t bytes; 310 QTAILQ_ENTRY(Qcow2DiscardRegion) next; 311 } Qcow2DiscardRegion; 312 313 typedef uint64_t Qcow2GetRefcountFunc(const void *refcount_array, 314 uint64_t index); 315 typedef void Qcow2SetRefcountFunc(void *refcount_array, 316 uint64_t index, uint64_t value); 317 318 typedef struct Qcow2BitmapHeaderExt { 319 uint32_t nb_bitmaps; 320 uint32_t reserved32; 321 uint64_t bitmap_directory_size; 322 uint64_t bitmap_directory_offset; 323 } QEMU_PACKED Qcow2BitmapHeaderExt; 324 325 #define QCOW2_MAX_THREADS 4 326 327 typedef struct BDRVQcow2State { 328 int cluster_bits; 329 int cluster_size; 330 int l2_slice_size; 331 int subcluster_bits; 332 int subcluster_size; 333 int subclusters_per_cluster; 334 int l2_bits; 335 int l2_size; 336 int l1_size; 337 int l1_vm_state_index; 338 int refcount_block_bits; 339 int refcount_block_size; 340 int csize_shift; 341 int csize_mask; 342 uint64_t cluster_offset_mask; 343 uint64_t l1_table_offset; 344 uint64_t *l1_table; 345 346 Qcow2Cache *l2_table_cache; 347 Qcow2Cache *refcount_block_cache; 348 QEMUTimer *cache_clean_timer; 349 unsigned cache_clean_interval; 350 351 QLIST_HEAD(, QCowL2Meta) cluster_allocs; 352 353 uint64_t *refcount_table; 354 uint64_t refcount_table_offset; 355 uint32_t refcount_table_size; 356 uint32_t max_refcount_table_index; /* Last used entry in refcount_table */ 357 uint64_t free_cluster_index; 358 uint64_t free_byte_offset; 359 360 CoMutex lock; 361 362 Qcow2CryptoHeaderExtension crypto_header; /* QCow2 header extension */ 363 QCryptoBlockOpenOptions *crypto_opts; /* Disk encryption runtime options */ 364 QCryptoBlock *crypto; /* Disk encryption format driver */ 365 bool crypt_physical_offset; /* Whether to use virtual or physical offset 366 for encryption initialization vector tweak */ 367 uint32_t crypt_method_header; 368 uint64_t snapshots_offset; 369 int snapshots_size; 370 unsigned int nb_snapshots; 371 QCowSnapshot *snapshots; 372 373 uint32_t nb_bitmaps; 374 uint64_t bitmap_directory_size; 375 uint64_t bitmap_directory_offset; 376 377 int flags; 378 int qcow_version; 379 bool use_lazy_refcounts; 380 int refcount_order; 381 int refcount_bits; 382 uint64_t refcount_max; 383 384 Qcow2GetRefcountFunc *get_refcount; 385 Qcow2SetRefcountFunc *set_refcount; 386 387 bool discard_passthrough[QCOW2_DISCARD_MAX]; 388 389 bool discard_no_unref; 390 391 int overlap_check; /* bitmask of Qcow2MetadataOverlap values */ 392 bool signaled_corruption; 393 394 uint64_t incompatible_features; 395 uint64_t compatible_features; 396 uint64_t autoclear_features; 397 398 size_t unknown_header_fields_size; 399 void *unknown_header_fields; 400 QLIST_HEAD(, Qcow2UnknownHeaderExtension) unknown_header_ext; 401 QTAILQ_HEAD (, Qcow2DiscardRegion) discards; 402 bool cache_discards; 403 404 /* Backing file path and format as stored in the image (this is not the 405 * effective path/format, which may be the result of a runtime option 406 * override) */ 407 char *image_backing_file; 408 char *image_backing_format; 409 char *image_data_file; 410 411 CoQueue thread_task_queue; 412 int nb_threads; 413 414 BdrvChild *data_file; 415 416 bool metadata_preallocation_checked; 417 bool metadata_preallocation; 418 /* 419 * Compression type used for the image. Default: 0 - ZLIB 420 * The image compression type is set on image creation. 421 * For now, the only way to change the compression type 422 * is to convert the image with the desired compression type set. 423 */ 424 Qcow2CompressionType compression_type; 425 } BDRVQcow2State; 426 427 typedef struct Qcow2COWRegion { 428 /** 429 * Offset of the COW region in bytes from the start of the first cluster 430 * touched by the request. 431 */ 432 unsigned offset; 433 434 /** Number of bytes to copy */ 435 unsigned nb_bytes; 436 } Qcow2COWRegion; 437 438 /** 439 * Describes an in-flight (part of a) write request that writes to clusters 440 * that need to have their L2 table entries updated (because they are 441 * newly allocated or need changes in their L2 bitmaps) 442 */ 443 typedef struct QCowL2Meta 444 { 445 /** Guest offset of the first updated cluster */ 446 uint64_t offset; 447 448 /** Host offset of the first updated cluster */ 449 uint64_t alloc_offset; 450 451 /** Number of updated clusters */ 452 int nb_clusters; 453 454 /** Do not free the old clusters */ 455 bool keep_old_clusters; 456 457 /** 458 * Requests that overlap with this allocation and wait to be restarted 459 * when the allocating request has completed. 460 */ 461 CoQueue dependent_requests; 462 463 /** 464 * The COW Region immediately before the area the guest actually 465 * writes to. This (part of the) write request starts at 466 * cow_start.offset + cow_start.nb_bytes. 467 */ 468 Qcow2COWRegion cow_start; 469 470 /** 471 * The COW Region immediately after the area the guest actually 472 * writes to. This (part of the) write request ends at cow_end.offset 473 * (which must always be set even when cow_end.nb_bytes is 0). 474 */ 475 Qcow2COWRegion cow_end; 476 477 /* 478 * Indicates that COW regions are already handled and do not require 479 * any more processing. 480 */ 481 bool skip_cow; 482 483 /** 484 * Indicates that this is not a normal write request but a preallocation. 485 * If the image has extended L2 entries this means that no new individual 486 * subclusters will be marked as allocated in the L2 bitmap (but any 487 * existing contents of that bitmap will be kept). 488 */ 489 bool prealloc; 490 491 /** 492 * The I/O vector with the data from the actual guest write request. 493 * If non-NULL, this is meant to be merged together with the data 494 * from @cow_start and @cow_end into one single write operation. 495 */ 496 QEMUIOVector *data_qiov; 497 size_t data_qiov_offset; 498 499 /** Pointer to next L2Meta of the same write request */ 500 struct QCowL2Meta *next; 501 502 QLIST_ENTRY(QCowL2Meta) next_in_flight; 503 } QCowL2Meta; 504 505 /* 506 * In images with standard L2 entries all clusters are treated as if 507 * they had one subcluster so QCow2ClusterType and QCow2SubclusterType 508 * can be mapped to each other and have the exact same meaning 509 * (QCOW2_SUBCLUSTER_UNALLOCATED_ALLOC cannot happen in these images). 510 * 511 * In images with extended L2 entries QCow2ClusterType refers to the 512 * complete cluster and QCow2SubclusterType to each of the individual 513 * subclusters, so there are several possible combinations: 514 * 515 * |--------------+---------------------------| 516 * | Cluster type | Possible subcluster types | 517 * |--------------+---------------------------| 518 * | UNALLOCATED | UNALLOCATED_PLAIN | 519 * | | ZERO_PLAIN | 520 * |--------------+---------------------------| 521 * | NORMAL | UNALLOCATED_ALLOC | 522 * | | ZERO_ALLOC | 523 * | | NORMAL | 524 * |--------------+---------------------------| 525 * | COMPRESSED | COMPRESSED | 526 * |--------------+---------------------------| 527 * 528 * QCOW2_SUBCLUSTER_INVALID means that the L2 entry is incorrect and 529 * the image should be marked corrupt. 530 */ 531 532 typedef enum QCow2ClusterType { 533 QCOW2_CLUSTER_UNALLOCATED, 534 QCOW2_CLUSTER_ZERO_PLAIN, 535 QCOW2_CLUSTER_ZERO_ALLOC, 536 QCOW2_CLUSTER_NORMAL, 537 QCOW2_CLUSTER_COMPRESSED, 538 } QCow2ClusterType; 539 540 typedef enum QCow2SubclusterType { 541 QCOW2_SUBCLUSTER_UNALLOCATED_PLAIN, 542 QCOW2_SUBCLUSTER_UNALLOCATED_ALLOC, 543 QCOW2_SUBCLUSTER_ZERO_PLAIN, 544 QCOW2_SUBCLUSTER_ZERO_ALLOC, 545 QCOW2_SUBCLUSTER_NORMAL, 546 QCOW2_SUBCLUSTER_COMPRESSED, 547 QCOW2_SUBCLUSTER_INVALID, 548 } QCow2SubclusterType; 549 550 typedef enum QCow2MetadataOverlap { 551 QCOW2_OL_MAIN_HEADER_BITNR = 0, 552 QCOW2_OL_ACTIVE_L1_BITNR = 1, 553 QCOW2_OL_ACTIVE_L2_BITNR = 2, 554 QCOW2_OL_REFCOUNT_TABLE_BITNR = 3, 555 QCOW2_OL_REFCOUNT_BLOCK_BITNR = 4, 556 QCOW2_OL_SNAPSHOT_TABLE_BITNR = 5, 557 QCOW2_OL_INACTIVE_L1_BITNR = 6, 558 QCOW2_OL_INACTIVE_L2_BITNR = 7, 559 QCOW2_OL_BITMAP_DIRECTORY_BITNR = 8, 560 561 QCOW2_OL_MAX_BITNR = 9, 562 563 QCOW2_OL_NONE = 0, 564 QCOW2_OL_MAIN_HEADER = (1 << QCOW2_OL_MAIN_HEADER_BITNR), 565 QCOW2_OL_ACTIVE_L1 = (1 << QCOW2_OL_ACTIVE_L1_BITNR), 566 QCOW2_OL_ACTIVE_L2 = (1 << QCOW2_OL_ACTIVE_L2_BITNR), 567 QCOW2_OL_REFCOUNT_TABLE = (1 << QCOW2_OL_REFCOUNT_TABLE_BITNR), 568 QCOW2_OL_REFCOUNT_BLOCK = (1 << QCOW2_OL_REFCOUNT_BLOCK_BITNR), 569 QCOW2_OL_SNAPSHOT_TABLE = (1 << QCOW2_OL_SNAPSHOT_TABLE_BITNR), 570 QCOW2_OL_INACTIVE_L1 = (1 << QCOW2_OL_INACTIVE_L1_BITNR), 571 /* NOTE: Checking overlaps with inactive L2 tables will result in bdrv 572 * reads. */ 573 QCOW2_OL_INACTIVE_L2 = (1 << QCOW2_OL_INACTIVE_L2_BITNR), 574 QCOW2_OL_BITMAP_DIRECTORY = (1 << QCOW2_OL_BITMAP_DIRECTORY_BITNR), 575 } QCow2MetadataOverlap; 576 577 /* Perform all overlap checks which can be done in constant time */ 578 #define QCOW2_OL_CONSTANT \ 579 (QCOW2_OL_MAIN_HEADER | QCOW2_OL_ACTIVE_L1 | QCOW2_OL_REFCOUNT_TABLE | \ 580 QCOW2_OL_SNAPSHOT_TABLE | QCOW2_OL_BITMAP_DIRECTORY) 581 582 /* Perform all overlap checks which don't require disk access */ 583 #define QCOW2_OL_CACHED \ 584 (QCOW2_OL_CONSTANT | QCOW2_OL_ACTIVE_L2 | QCOW2_OL_REFCOUNT_BLOCK | \ 585 QCOW2_OL_INACTIVE_L1) 586 587 /* Perform all overlap checks */ 588 #define QCOW2_OL_ALL \ 589 (QCOW2_OL_CACHED | QCOW2_OL_INACTIVE_L2) 590 591 #define L1E_OFFSET_MASK 0x00fffffffffffe00ULL 592 #define L1E_RESERVED_MASK 0x7f000000000001ffULL 593 #define L2E_OFFSET_MASK 0x00fffffffffffe00ULL 594 #define L2E_STD_RESERVED_MASK 0x3f000000000001feULL 595 596 #define REFT_OFFSET_MASK 0xfffffffffffffe00ULL 597 #define REFT_RESERVED_MASK 0x1ffULL 598 599 #define INV_OFFSET (-1ULL) 600 601 static inline bool has_subclusters(BDRVQcow2State *s) 602 { 603 return s->incompatible_features & QCOW2_INCOMPAT_EXTL2; 604 } 605 606 static inline size_t l2_entry_size(BDRVQcow2State *s) 607 { 608 return has_subclusters(s) ? L2E_SIZE_EXTENDED : L2E_SIZE_NORMAL; 609 } 610 611 static inline uint64_t get_l2_entry(BDRVQcow2State *s, uint64_t *l2_slice, 612 int idx) 613 { 614 idx *= l2_entry_size(s) / sizeof(uint64_t); 615 return be64_to_cpu(l2_slice[idx]); 616 } 617 618 static inline uint64_t get_l2_bitmap(BDRVQcow2State *s, uint64_t *l2_slice, 619 int idx) 620 { 621 if (has_subclusters(s)) { 622 idx *= l2_entry_size(s) / sizeof(uint64_t); 623 return be64_to_cpu(l2_slice[idx + 1]); 624 } else { 625 return 0; /* For convenience only; this value has no meaning. */ 626 } 627 } 628 629 static inline void set_l2_entry(BDRVQcow2State *s, uint64_t *l2_slice, 630 int idx, uint64_t entry) 631 { 632 idx *= l2_entry_size(s) / sizeof(uint64_t); 633 l2_slice[idx] = cpu_to_be64(entry); 634 } 635 636 static inline void set_l2_bitmap(BDRVQcow2State *s, uint64_t *l2_slice, 637 int idx, uint64_t bitmap) 638 { 639 assert(has_subclusters(s)); 640 idx *= l2_entry_size(s) / sizeof(uint64_t); 641 l2_slice[idx + 1] = cpu_to_be64(bitmap); 642 } 643 644 static inline bool has_data_file(BlockDriverState *bs) 645 { 646 BDRVQcow2State *s = bs->opaque; 647 return (s->data_file != bs->file); 648 } 649 650 static inline bool data_file_is_raw(BlockDriverState *bs) 651 { 652 BDRVQcow2State *s = bs->opaque; 653 return !!(s->autoclear_features & QCOW2_AUTOCLEAR_DATA_FILE_RAW); 654 } 655 656 static inline int64_t start_of_cluster(BDRVQcow2State *s, int64_t offset) 657 { 658 return offset & ~(s->cluster_size - 1); 659 } 660 661 static inline int64_t offset_into_cluster(BDRVQcow2State *s, int64_t offset) 662 { 663 return offset & (s->cluster_size - 1); 664 } 665 666 static inline int64_t offset_into_subcluster(BDRVQcow2State *s, int64_t offset) 667 { 668 return offset & (s->subcluster_size - 1); 669 } 670 671 static inline uint64_t size_to_clusters(BDRVQcow2State *s, uint64_t size) 672 { 673 return (size + (s->cluster_size - 1)) >> s->cluster_bits; 674 } 675 676 static inline uint64_t size_to_subclusters(BDRVQcow2State *s, uint64_t size) 677 { 678 return (size + (s->subcluster_size - 1)) >> s->subcluster_bits; 679 } 680 681 static inline int64_t size_to_l1(BDRVQcow2State *s, int64_t size) 682 { 683 int shift = s->cluster_bits + s->l2_bits; 684 return (size + (1ULL << shift) - 1) >> shift; 685 } 686 687 static inline int offset_to_l1_index(BDRVQcow2State *s, uint64_t offset) 688 { 689 return offset >> (s->l2_bits + s->cluster_bits); 690 } 691 692 static inline int offset_to_l2_index(BDRVQcow2State *s, int64_t offset) 693 { 694 return (offset >> s->cluster_bits) & (s->l2_size - 1); 695 } 696 697 static inline int offset_to_l2_slice_index(BDRVQcow2State *s, int64_t offset) 698 { 699 return (offset >> s->cluster_bits) & (s->l2_slice_size - 1); 700 } 701 702 static inline int offset_to_sc_index(BDRVQcow2State *s, int64_t offset) 703 { 704 return (offset >> s->subcluster_bits) & (s->subclusters_per_cluster - 1); 705 } 706 707 static inline int64_t qcow2_vm_state_offset(BDRVQcow2State *s) 708 { 709 return (int64_t)s->l1_vm_state_index << (s->cluster_bits + s->l2_bits); 710 } 711 712 static inline QCow2ClusterType qcow2_get_cluster_type(BlockDriverState *bs, 713 uint64_t l2_entry) 714 { 715 BDRVQcow2State *s = bs->opaque; 716 717 if (l2_entry & QCOW_OFLAG_COMPRESSED) { 718 return QCOW2_CLUSTER_COMPRESSED; 719 } else if ((l2_entry & QCOW_OFLAG_ZERO) && !has_subclusters(s)) { 720 if (l2_entry & L2E_OFFSET_MASK) { 721 return QCOW2_CLUSTER_ZERO_ALLOC; 722 } 723 return QCOW2_CLUSTER_ZERO_PLAIN; 724 } else if (!(l2_entry & L2E_OFFSET_MASK)) { 725 /* Offset 0 generally means unallocated, but it is ambiguous with 726 * external data files because 0 is a valid offset there. However, all 727 * clusters in external data files always have refcount 1, so we can 728 * rely on QCOW_OFLAG_COPIED to disambiguate. */ 729 if (has_data_file(bs) && (l2_entry & QCOW_OFLAG_COPIED)) { 730 return QCOW2_CLUSTER_NORMAL; 731 } else { 732 return QCOW2_CLUSTER_UNALLOCATED; 733 } 734 } else { 735 return QCOW2_CLUSTER_NORMAL; 736 } 737 } 738 739 /* 740 * In an image without subsclusters @l2_bitmap is ignored and 741 * @sc_index must be 0. 742 * Return QCOW2_SUBCLUSTER_INVALID if an invalid l2 entry is detected 743 * (this checks the whole entry and bitmap, not only the bits related 744 * to subcluster @sc_index). 745 */ 746 static inline 747 QCow2SubclusterType qcow2_get_subcluster_type(BlockDriverState *bs, 748 uint64_t l2_entry, 749 uint64_t l2_bitmap, 750 unsigned sc_index) 751 { 752 BDRVQcow2State *s = bs->opaque; 753 QCow2ClusterType type = qcow2_get_cluster_type(bs, l2_entry); 754 assert(sc_index < s->subclusters_per_cluster); 755 756 if (has_subclusters(s)) { 757 switch (type) { 758 case QCOW2_CLUSTER_COMPRESSED: 759 return QCOW2_SUBCLUSTER_COMPRESSED; 760 case QCOW2_CLUSTER_NORMAL: 761 if ((l2_bitmap >> 32) & l2_bitmap) { 762 return QCOW2_SUBCLUSTER_INVALID; 763 } else if (l2_bitmap & QCOW_OFLAG_SUB_ZERO(sc_index)) { 764 return QCOW2_SUBCLUSTER_ZERO_ALLOC; 765 } else if (l2_bitmap & QCOW_OFLAG_SUB_ALLOC(sc_index)) { 766 return QCOW2_SUBCLUSTER_NORMAL; 767 } else { 768 return QCOW2_SUBCLUSTER_UNALLOCATED_ALLOC; 769 } 770 case QCOW2_CLUSTER_UNALLOCATED: 771 if (l2_bitmap & QCOW_L2_BITMAP_ALL_ALLOC) { 772 return QCOW2_SUBCLUSTER_INVALID; 773 } else if (l2_bitmap & QCOW_OFLAG_SUB_ZERO(sc_index)) { 774 return QCOW2_SUBCLUSTER_ZERO_PLAIN; 775 } else { 776 return QCOW2_SUBCLUSTER_UNALLOCATED_PLAIN; 777 } 778 default: 779 g_assert_not_reached(); 780 } 781 } else { 782 switch (type) { 783 case QCOW2_CLUSTER_COMPRESSED: 784 return QCOW2_SUBCLUSTER_COMPRESSED; 785 case QCOW2_CLUSTER_ZERO_PLAIN: 786 return QCOW2_SUBCLUSTER_ZERO_PLAIN; 787 case QCOW2_CLUSTER_ZERO_ALLOC: 788 return QCOW2_SUBCLUSTER_ZERO_ALLOC; 789 case QCOW2_CLUSTER_NORMAL: 790 return QCOW2_SUBCLUSTER_NORMAL; 791 case QCOW2_CLUSTER_UNALLOCATED: 792 return QCOW2_SUBCLUSTER_UNALLOCATED_PLAIN; 793 default: 794 g_assert_not_reached(); 795 } 796 } 797 } 798 799 static inline bool qcow2_cluster_is_allocated(QCow2ClusterType type) 800 { 801 return (type == QCOW2_CLUSTER_COMPRESSED || type == QCOW2_CLUSTER_NORMAL || 802 type == QCOW2_CLUSTER_ZERO_ALLOC); 803 } 804 805 /* Check whether refcounts are eager or lazy */ 806 static inline bool qcow2_need_accurate_refcounts(BDRVQcow2State *s) 807 { 808 return !(s->incompatible_features & QCOW2_INCOMPAT_DIRTY); 809 } 810 811 static inline uint64_t l2meta_cow_start(QCowL2Meta *m) 812 { 813 return m->offset + m->cow_start.offset; 814 } 815 816 static inline uint64_t l2meta_cow_end(QCowL2Meta *m) 817 { 818 return m->offset + m->cow_end.offset + m->cow_end.nb_bytes; 819 } 820 821 static inline uint64_t refcount_diff(uint64_t r1, uint64_t r2) 822 { 823 return r1 > r2 ? r1 - r2 : r2 - r1; 824 } 825 826 static inline 827 uint32_t offset_to_reftable_index(BDRVQcow2State *s, uint64_t offset) 828 { 829 return offset >> (s->refcount_block_bits + s->cluster_bits); 830 } 831 832 /* qcow2.c functions */ 833 int64_t qcow2_refcount_metadata_size(int64_t clusters, size_t cluster_size, 834 int refcount_order, bool generous_increase, 835 uint64_t *refblock_count); 836 837 int qcow2_mark_dirty(BlockDriverState *bs); 838 int qcow2_mark_corrupt(BlockDriverState *bs); 839 int qcow2_mark_consistent(BlockDriverState *bs); 840 int qcow2_update_header(BlockDriverState *bs); 841 842 void qcow2_signal_corruption(BlockDriverState *bs, bool fatal, int64_t offset, 843 int64_t size, const char *message_format, ...) 844 G_GNUC_PRINTF(5, 6); 845 846 int qcow2_validate_table(BlockDriverState *bs, uint64_t offset, 847 uint64_t entries, size_t entry_len, 848 int64_t max_size_bytes, const char *table_name, 849 Error **errp); 850 851 /* qcow2-refcount.c functions */ 852 int coroutine_fn GRAPH_RDLOCK qcow2_refcount_init(BlockDriverState *bs); 853 void qcow2_refcount_close(BlockDriverState *bs); 854 855 int qcow2_get_refcount(BlockDriverState *bs, int64_t cluster_index, 856 uint64_t *refcount); 857 858 int qcow2_update_cluster_refcount(BlockDriverState *bs, int64_t cluster_index, 859 uint64_t addend, bool decrease, 860 enum qcow2_discard_type type); 861 862 int64_t qcow2_refcount_area(BlockDriverState *bs, uint64_t offset, 863 uint64_t additional_clusters, bool exact_size, 864 int new_refblock_index, 865 uint64_t new_refblock_offset); 866 867 int64_t qcow2_alloc_clusters(BlockDriverState *bs, uint64_t size); 868 int64_t coroutine_fn qcow2_alloc_clusters_at(BlockDriverState *bs, uint64_t offset, 869 int64_t nb_clusters); 870 int64_t coroutine_fn qcow2_alloc_bytes(BlockDriverState *bs, int size); 871 void qcow2_free_clusters(BlockDriverState *bs, 872 int64_t offset, int64_t size, 873 enum qcow2_discard_type type); 874 void qcow2_free_any_cluster(BlockDriverState *bs, uint64_t l2_entry, 875 enum qcow2_discard_type type); 876 877 int qcow2_update_snapshot_refcount(BlockDriverState *bs, 878 int64_t l1_table_offset, int l1_size, int addend); 879 880 int qcow2_flush_caches(BlockDriverState *bs); 881 int qcow2_write_caches(BlockDriverState *bs); 882 int qcow2_check_refcounts(BlockDriverState *bs, BdrvCheckResult *res, 883 BdrvCheckMode fix); 884 885 void qcow2_process_discards(BlockDriverState *bs, int ret); 886 887 int qcow2_check_metadata_overlap(BlockDriverState *bs, int ign, int64_t offset, 888 int64_t size); 889 int qcow2_pre_write_overlap_check(BlockDriverState *bs, int ign, int64_t offset, 890 int64_t size, bool data_file); 891 int qcow2_inc_refcounts_imrt(BlockDriverState *bs, BdrvCheckResult *res, 892 void **refcount_table, 893 int64_t *refcount_table_size, 894 int64_t offset, int64_t size); 895 896 int qcow2_change_refcount_order(BlockDriverState *bs, int refcount_order, 897 BlockDriverAmendStatusCB *status_cb, 898 void *cb_opaque, Error **errp); 899 int coroutine_fn GRAPH_RDLOCK qcow2_shrink_reftable(BlockDriverState *bs); 900 int64_t coroutine_fn qcow2_get_last_cluster(BlockDriverState *bs, int64_t size); 901 902 int coroutine_fn GRAPH_RDLOCK 903 qcow2_detect_metadata_preallocation(BlockDriverState *bs); 904 905 /* qcow2-cluster.c functions */ 906 int qcow2_grow_l1_table(BlockDriverState *bs, uint64_t min_size, 907 bool exact_size); 908 909 int coroutine_fn GRAPH_RDLOCK 910 qcow2_shrink_l1_table(BlockDriverState *bs, uint64_t max_size); 911 912 int qcow2_write_l1_entry(BlockDriverState *bs, int l1_index); 913 int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t sector_num, 914 uint8_t *buf, int nb_sectors, bool enc, Error **errp); 915 916 int qcow2_get_host_offset(BlockDriverState *bs, uint64_t offset, 917 unsigned int *bytes, uint64_t *host_offset, 918 QCow2SubclusterType *subcluster_type); 919 int coroutine_fn qcow2_alloc_host_offset(BlockDriverState *bs, uint64_t offset, 920 unsigned int *bytes, 921 uint64_t *host_offset, QCowL2Meta **m); 922 int coroutine_fn qcow2_alloc_compressed_cluster_offset(BlockDriverState *bs, 923 uint64_t offset, 924 int compressed_size, 925 uint64_t *host_offset); 926 void qcow2_parse_compressed_l2_entry(BlockDriverState *bs, uint64_t l2_entry, 927 uint64_t *coffset, int *csize); 928 929 int coroutine_fn GRAPH_RDLOCK 930 qcow2_alloc_cluster_link_l2(BlockDriverState *bs, QCowL2Meta *m); 931 932 void coroutine_fn qcow2_alloc_cluster_abort(BlockDriverState *bs, QCowL2Meta *m); 933 int qcow2_cluster_discard(BlockDriverState *bs, uint64_t offset, 934 uint64_t bytes, enum qcow2_discard_type type, 935 bool full_discard); 936 937 int coroutine_fn GRAPH_RDLOCK 938 qcow2_subcluster_zeroize(BlockDriverState *bs, uint64_t offset, uint64_t bytes, 939 int flags); 940 941 int qcow2_expand_zero_clusters(BlockDriverState *bs, 942 BlockDriverAmendStatusCB *status_cb, 943 void *cb_opaque); 944 945 /* qcow2-snapshot.c functions */ 946 int qcow2_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info); 947 int qcow2_snapshot_goto(BlockDriverState *bs, const char *snapshot_id); 948 int qcow2_snapshot_delete(BlockDriverState *bs, 949 const char *snapshot_id, 950 const char *name, 951 Error **errp); 952 int qcow2_snapshot_list(BlockDriverState *bs, QEMUSnapshotInfo **psn_tab); 953 int qcow2_snapshot_load_tmp(BlockDriverState *bs, 954 const char *snapshot_id, 955 const char *name, 956 Error **errp); 957 958 void qcow2_free_snapshots(BlockDriverState *bs); 959 int coroutine_fn GRAPH_RDLOCK 960 qcow2_read_snapshots(BlockDriverState *bs, Error **errp); 961 int qcow2_write_snapshots(BlockDriverState *bs); 962 963 int coroutine_fn GRAPH_RDLOCK 964 qcow2_check_read_snapshot_table(BlockDriverState *bs, BdrvCheckResult *result, 965 BdrvCheckMode fix); 966 967 int coroutine_fn qcow2_check_fix_snapshot_table(BlockDriverState *bs, 968 BdrvCheckResult *result, 969 BdrvCheckMode fix); 970 971 /* qcow2-cache.c functions */ 972 Qcow2Cache *qcow2_cache_create(BlockDriverState *bs, int num_tables, 973 unsigned table_size); 974 int qcow2_cache_destroy(Qcow2Cache *c); 975 976 void qcow2_cache_entry_mark_dirty(Qcow2Cache *c, void *table); 977 int qcow2_cache_flush(BlockDriverState *bs, Qcow2Cache *c); 978 int qcow2_cache_write(BlockDriverState *bs, Qcow2Cache *c); 979 int qcow2_cache_set_dependency(BlockDriverState *bs, Qcow2Cache *c, 980 Qcow2Cache *dependency); 981 void qcow2_cache_depends_on_flush(Qcow2Cache *c); 982 983 void qcow2_cache_clean_unused(Qcow2Cache *c); 984 int qcow2_cache_empty(BlockDriverState *bs, Qcow2Cache *c); 985 986 int qcow2_cache_get(BlockDriverState *bs, Qcow2Cache *c, uint64_t offset, 987 void **table); 988 int qcow2_cache_get_empty(BlockDriverState *bs, Qcow2Cache *c, uint64_t offset, 989 void **table); 990 void qcow2_cache_put(Qcow2Cache *c, void **table); 991 void *qcow2_cache_is_table_offset(Qcow2Cache *c, uint64_t offset); 992 void qcow2_cache_discard(Qcow2Cache *c, void *table); 993 994 /* qcow2-bitmap.c functions */ 995 int qcow2_check_bitmaps_refcounts(BlockDriverState *bs, BdrvCheckResult *res, 996 void **refcount_table, 997 int64_t *refcount_table_size); 998 bool coroutine_fn qcow2_load_dirty_bitmaps(BlockDriverState *bs, 999 bool *header_updated, Error **errp); 1000 bool qcow2_get_bitmap_info_list(BlockDriverState *bs, 1001 Qcow2BitmapInfoList **info_list, Error **errp); 1002 int qcow2_reopen_bitmaps_rw(BlockDriverState *bs, Error **errp); 1003 int coroutine_fn qcow2_truncate_bitmaps_check(BlockDriverState *bs, Error **errp); 1004 bool qcow2_store_persistent_dirty_bitmaps(BlockDriverState *bs, 1005 bool release_stored, Error **errp); 1006 int qcow2_reopen_bitmaps_ro(BlockDriverState *bs, Error **errp); 1007 bool coroutine_fn qcow2_co_can_store_new_dirty_bitmap(BlockDriverState *bs, 1008 const char *name, 1009 uint32_t granularity, 1010 Error **errp); 1011 int coroutine_fn qcow2_co_remove_persistent_dirty_bitmap(BlockDriverState *bs, 1012 const char *name, 1013 Error **errp); 1014 bool qcow2_supports_persistent_dirty_bitmap(BlockDriverState *bs); 1015 uint64_t qcow2_get_persistent_dirty_bitmap_size(BlockDriverState *bs, 1016 uint32_t cluster_size); 1017 1018 ssize_t coroutine_fn 1019 qcow2_co_compress(BlockDriverState *bs, void *dest, size_t dest_size, 1020 const void *src, size_t src_size); 1021 ssize_t coroutine_fn 1022 qcow2_co_decompress(BlockDriverState *bs, void *dest, size_t dest_size, 1023 const void *src, size_t src_size); 1024 int coroutine_fn 1025 qcow2_co_encrypt(BlockDriverState *bs, uint64_t host_offset, 1026 uint64_t guest_offset, void *buf, size_t len); 1027 int coroutine_fn 1028 qcow2_co_decrypt(BlockDriverState *bs, uint64_t host_offset, 1029 uint64_t guest_offset, void *buf, size_t len); 1030 1031 #endif 1032