xref: /openbmc/qemu/block/qcow2.h (revision f6476697)
1 /*
2  * Block driver for the QCOW version 2 format
3  *
4  * Copyright (c) 2004-2006 Fabrice Bellard
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 
25 #ifndef BLOCK_QCOW2_H
26 #define BLOCK_QCOW2_H
27 
28 #include "crypto/block.h"
29 #include "qemu/coroutine.h"
30 #include "qemu/units.h"
31 #include "block/block_int.h"
32 
33 //#define DEBUG_ALLOC
34 //#define DEBUG_ALLOC2
35 //#define DEBUG_EXT
36 
37 #define QCOW_MAGIC (('Q' << 24) | ('F' << 16) | ('I' << 8) | 0xfb)
38 
39 #define QCOW_CRYPT_NONE 0
40 #define QCOW_CRYPT_AES  1
41 #define QCOW_CRYPT_LUKS 2
42 
43 #define QCOW_MAX_CRYPT_CLUSTERS 32
44 #define QCOW_MAX_SNAPSHOTS 65536
45 
46 /* Field widths in qcow2 mean normal cluster offsets cannot reach
47  * 64PB; depending on cluster size, compressed clusters can have a
48  * smaller limit (64PB for up to 16k clusters, then ramps down to
49  * 512TB for 2M clusters).  */
50 #define QCOW_MAX_CLUSTER_OFFSET ((1ULL << 56) - 1)
51 
52 /* 8 MB refcount table is enough for 2 PB images at 64k cluster size
53  * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */
54 #define QCOW_MAX_REFTABLE_SIZE (8 * MiB)
55 
56 /* 32 MB L1 table is enough for 2 PB images at 64k cluster size
57  * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */
58 #define QCOW_MAX_L1_SIZE (32 * MiB)
59 
60 /* Allow for an average of 1k per snapshot table entry, should be plenty of
61  * space for snapshot names and IDs */
62 #define QCOW_MAX_SNAPSHOTS_SIZE (1024 * QCOW_MAX_SNAPSHOTS)
63 
64 /* Maximum amount of extra data per snapshot table entry to accept */
65 #define QCOW_MAX_SNAPSHOT_EXTRA_DATA 1024
66 
67 /* Bitmap header extension constraints */
68 #define QCOW2_MAX_BITMAPS 65535
69 #define QCOW2_MAX_BITMAP_DIRECTORY_SIZE (1024 * QCOW2_MAX_BITMAPS)
70 
71 /* Maximum of parallel sub-request per guest request */
72 #define QCOW2_MAX_WORKERS 8
73 
74 /* indicate that the refcount of the referenced cluster is exactly one. */
75 #define QCOW_OFLAG_COPIED     (1ULL << 63)
76 /* indicate that the cluster is compressed (they never have the copied flag) */
77 #define QCOW_OFLAG_COMPRESSED (1ULL << 62)
78 /* The cluster reads as all zeros */
79 #define QCOW_OFLAG_ZERO (1ULL << 0)
80 
81 #define QCOW_EXTL2_SUBCLUSTERS_PER_CLUSTER 32
82 
83 /* The subcluster X [0..31] is allocated */
84 #define QCOW_OFLAG_SUB_ALLOC(X)   (1ULL << (X))
85 /* The subcluster X [0..31] reads as zeroes */
86 #define QCOW_OFLAG_SUB_ZERO(X)    (QCOW_OFLAG_SUB_ALLOC(X) << 32)
87 /* Subclusters [X, Y) (0 <= X <= Y <= 32) are allocated */
88 #define QCOW_OFLAG_SUB_ALLOC_RANGE(X, Y) \
89     (QCOW_OFLAG_SUB_ALLOC(Y) - QCOW_OFLAG_SUB_ALLOC(X))
90 /* Subclusters [X, Y) (0 <= X <= Y <= 32) read as zeroes */
91 #define QCOW_OFLAG_SUB_ZERO_RANGE(X, Y) \
92     (QCOW_OFLAG_SUB_ALLOC_RANGE(X, Y) << 32)
93 /* L2 entry bitmap with all allocation bits set */
94 #define QCOW_L2_BITMAP_ALL_ALLOC  (QCOW_OFLAG_SUB_ALLOC_RANGE(0, 32))
95 /* L2 entry bitmap with all "read as zeroes" bits set */
96 #define QCOW_L2_BITMAP_ALL_ZEROES (QCOW_OFLAG_SUB_ZERO_RANGE(0, 32))
97 
98 /* Size of normal and extended L2 entries */
99 #define L2E_SIZE_NORMAL   (sizeof(uint64_t))
100 #define L2E_SIZE_EXTENDED (sizeof(uint64_t) * 2)
101 
102 /* Size of L1 table entries */
103 #define L1E_SIZE (sizeof(uint64_t))
104 
105 /* Size of reftable entries */
106 #define REFTABLE_ENTRY_SIZE (sizeof(uint64_t))
107 
108 #define MIN_CLUSTER_BITS 9
109 #define MAX_CLUSTER_BITS 21
110 
111 /* Defined in the qcow2 spec (compressed cluster descriptor) */
112 #define QCOW2_COMPRESSED_SECTOR_SIZE 512U
113 #define QCOW2_COMPRESSED_SECTOR_MASK (~(QCOW2_COMPRESSED_SECTOR_SIZE - 1ULL))
114 
115 /* Must be at least 2 to cover COW */
116 #define MIN_L2_CACHE_SIZE 2 /* cache entries */
117 
118 /* Must be at least 4 to cover all cases of refcount table growth */
119 #define MIN_REFCOUNT_CACHE_SIZE 4 /* clusters */
120 
121 #ifdef CONFIG_LINUX
122 #define DEFAULT_L2_CACHE_MAX_SIZE (32 * MiB)
123 #define DEFAULT_CACHE_CLEAN_INTERVAL 600  /* seconds */
124 #else
125 #define DEFAULT_L2_CACHE_MAX_SIZE (8 * MiB)
126 /* Cache clean interval is currently available only on Linux, so must be 0 */
127 #define DEFAULT_CACHE_CLEAN_INTERVAL 0
128 #endif
129 
130 #define DEFAULT_CLUSTER_SIZE 65536
131 
132 #define QCOW2_OPT_DATA_FILE "data-file"
133 #define QCOW2_OPT_LAZY_REFCOUNTS "lazy-refcounts"
134 #define QCOW2_OPT_DISCARD_REQUEST "pass-discard-request"
135 #define QCOW2_OPT_DISCARD_SNAPSHOT "pass-discard-snapshot"
136 #define QCOW2_OPT_DISCARD_OTHER "pass-discard-other"
137 #define QCOW2_OPT_OVERLAP "overlap-check"
138 #define QCOW2_OPT_OVERLAP_TEMPLATE "overlap-check.template"
139 #define QCOW2_OPT_OVERLAP_MAIN_HEADER "overlap-check.main-header"
140 #define QCOW2_OPT_OVERLAP_ACTIVE_L1 "overlap-check.active-l1"
141 #define QCOW2_OPT_OVERLAP_ACTIVE_L2 "overlap-check.active-l2"
142 #define QCOW2_OPT_OVERLAP_REFCOUNT_TABLE "overlap-check.refcount-table"
143 #define QCOW2_OPT_OVERLAP_REFCOUNT_BLOCK "overlap-check.refcount-block"
144 #define QCOW2_OPT_OVERLAP_SNAPSHOT_TABLE "overlap-check.snapshot-table"
145 #define QCOW2_OPT_OVERLAP_INACTIVE_L1 "overlap-check.inactive-l1"
146 #define QCOW2_OPT_OVERLAP_INACTIVE_L2 "overlap-check.inactive-l2"
147 #define QCOW2_OPT_OVERLAP_BITMAP_DIRECTORY "overlap-check.bitmap-directory"
148 #define QCOW2_OPT_CACHE_SIZE "cache-size"
149 #define QCOW2_OPT_L2_CACHE_SIZE "l2-cache-size"
150 #define QCOW2_OPT_L2_CACHE_ENTRY_SIZE "l2-cache-entry-size"
151 #define QCOW2_OPT_REFCOUNT_CACHE_SIZE "refcount-cache-size"
152 #define QCOW2_OPT_CACHE_CLEAN_INTERVAL "cache-clean-interval"
153 
154 typedef struct QCowHeader {
155     uint32_t magic;
156     uint32_t version;
157     uint64_t backing_file_offset;
158     uint32_t backing_file_size;
159     uint32_t cluster_bits;
160     uint64_t size; /* in bytes */
161     uint32_t crypt_method;
162     uint32_t l1_size; /* XXX: save number of clusters instead ? */
163     uint64_t l1_table_offset;
164     uint64_t refcount_table_offset;
165     uint32_t refcount_table_clusters;
166     uint32_t nb_snapshots;
167     uint64_t snapshots_offset;
168 
169     /* The following fields are only valid for version >= 3 */
170     uint64_t incompatible_features;
171     uint64_t compatible_features;
172     uint64_t autoclear_features;
173 
174     uint32_t refcount_order;
175     uint32_t header_length;
176 
177     /* Additional fields */
178     uint8_t compression_type;
179 
180     /* header must be a multiple of 8 */
181     uint8_t padding[7];
182 } QEMU_PACKED QCowHeader;
183 
184 QEMU_BUILD_BUG_ON(!QEMU_IS_ALIGNED(sizeof(QCowHeader), 8));
185 
186 typedef struct QEMU_PACKED QCowSnapshotHeader {
187     /* header is 8 byte aligned */
188     uint64_t l1_table_offset;
189 
190     uint32_t l1_size;
191     uint16_t id_str_size;
192     uint16_t name_size;
193 
194     uint32_t date_sec;
195     uint32_t date_nsec;
196 
197     uint64_t vm_clock_nsec;
198 
199     uint32_t vm_state_size;
200     uint32_t extra_data_size; /* for extension */
201     /* extra data follows */
202     /* id_str follows */
203     /* name follows  */
204 } QCowSnapshotHeader;
205 
206 typedef struct QEMU_PACKED QCowSnapshotExtraData {
207     uint64_t vm_state_size_large;
208     uint64_t disk_size;
209     uint64_t icount;
210 } QCowSnapshotExtraData;
211 
212 
213 typedef struct QCowSnapshot {
214     uint64_t l1_table_offset;
215     uint32_t l1_size;
216     char *id_str;
217     char *name;
218     uint64_t disk_size;
219     uint64_t vm_state_size;
220     uint32_t date_sec;
221     uint32_t date_nsec;
222     uint64_t vm_clock_nsec;
223     /* icount value for the moment when snapshot was taken */
224     uint64_t icount;
225     /* Size of all extra data, including QCowSnapshotExtraData if available */
226     uint32_t extra_data_size;
227     /* Data beyond QCowSnapshotExtraData, if any */
228     void *unknown_extra_data;
229 } QCowSnapshot;
230 
231 struct Qcow2Cache;
232 typedef struct Qcow2Cache Qcow2Cache;
233 
234 typedef struct Qcow2CryptoHeaderExtension {
235     uint64_t offset;
236     uint64_t length;
237 } QEMU_PACKED Qcow2CryptoHeaderExtension;
238 
239 typedef struct Qcow2UnknownHeaderExtension {
240     uint32_t magic;
241     uint32_t len;
242     QLIST_ENTRY(Qcow2UnknownHeaderExtension) next;
243     uint8_t data[];
244 } Qcow2UnknownHeaderExtension;
245 
246 enum {
247     QCOW2_FEAT_TYPE_INCOMPATIBLE    = 0,
248     QCOW2_FEAT_TYPE_COMPATIBLE      = 1,
249     QCOW2_FEAT_TYPE_AUTOCLEAR       = 2,
250 };
251 
252 /* Incompatible feature bits */
253 enum {
254     QCOW2_INCOMPAT_DIRTY_BITNR      = 0,
255     QCOW2_INCOMPAT_CORRUPT_BITNR    = 1,
256     QCOW2_INCOMPAT_DATA_FILE_BITNR  = 2,
257     QCOW2_INCOMPAT_COMPRESSION_BITNR = 3,
258     QCOW2_INCOMPAT_EXTL2_BITNR      = 4,
259     QCOW2_INCOMPAT_DIRTY            = 1 << QCOW2_INCOMPAT_DIRTY_BITNR,
260     QCOW2_INCOMPAT_CORRUPT          = 1 << QCOW2_INCOMPAT_CORRUPT_BITNR,
261     QCOW2_INCOMPAT_DATA_FILE        = 1 << QCOW2_INCOMPAT_DATA_FILE_BITNR,
262     QCOW2_INCOMPAT_COMPRESSION      = 1 << QCOW2_INCOMPAT_COMPRESSION_BITNR,
263     QCOW2_INCOMPAT_EXTL2            = 1 << QCOW2_INCOMPAT_EXTL2_BITNR,
264 
265     QCOW2_INCOMPAT_MASK             = QCOW2_INCOMPAT_DIRTY
266                                     | QCOW2_INCOMPAT_CORRUPT
267                                     | QCOW2_INCOMPAT_DATA_FILE
268                                     | QCOW2_INCOMPAT_COMPRESSION
269                                     | QCOW2_INCOMPAT_EXTL2,
270 };
271 
272 /* Compatible feature bits */
273 enum {
274     QCOW2_COMPAT_LAZY_REFCOUNTS_BITNR = 0,
275     QCOW2_COMPAT_LAZY_REFCOUNTS       = 1 << QCOW2_COMPAT_LAZY_REFCOUNTS_BITNR,
276 
277     QCOW2_COMPAT_FEAT_MASK            = QCOW2_COMPAT_LAZY_REFCOUNTS,
278 };
279 
280 /* Autoclear feature bits */
281 enum {
282     QCOW2_AUTOCLEAR_BITMAPS_BITNR       = 0,
283     QCOW2_AUTOCLEAR_DATA_FILE_RAW_BITNR = 1,
284     QCOW2_AUTOCLEAR_BITMAPS             = 1 << QCOW2_AUTOCLEAR_BITMAPS_BITNR,
285     QCOW2_AUTOCLEAR_DATA_FILE_RAW       = 1 << QCOW2_AUTOCLEAR_DATA_FILE_RAW_BITNR,
286 
287     QCOW2_AUTOCLEAR_MASK                = QCOW2_AUTOCLEAR_BITMAPS
288                                         | QCOW2_AUTOCLEAR_DATA_FILE_RAW,
289 };
290 
291 enum qcow2_discard_type {
292     QCOW2_DISCARD_NEVER = 0,
293     QCOW2_DISCARD_ALWAYS,
294     QCOW2_DISCARD_REQUEST,
295     QCOW2_DISCARD_SNAPSHOT,
296     QCOW2_DISCARD_OTHER,
297     QCOW2_DISCARD_MAX
298 };
299 
300 typedef struct Qcow2Feature {
301     uint8_t type;
302     uint8_t bit;
303     char    name[46];
304 } QEMU_PACKED Qcow2Feature;
305 
306 typedef struct Qcow2DiscardRegion {
307     BlockDriverState *bs;
308     uint64_t offset;
309     uint64_t bytes;
310     QTAILQ_ENTRY(Qcow2DiscardRegion) next;
311 } Qcow2DiscardRegion;
312 
313 typedef uint64_t Qcow2GetRefcountFunc(const void *refcount_array,
314                                       uint64_t index);
315 typedef void Qcow2SetRefcountFunc(void *refcount_array,
316                                   uint64_t index, uint64_t value);
317 
318 typedef struct Qcow2BitmapHeaderExt {
319     uint32_t nb_bitmaps;
320     uint32_t reserved32;
321     uint64_t bitmap_directory_size;
322     uint64_t bitmap_directory_offset;
323 } QEMU_PACKED Qcow2BitmapHeaderExt;
324 
325 #define QCOW2_MAX_THREADS 4
326 
327 typedef struct BDRVQcow2State {
328     int cluster_bits;
329     int cluster_size;
330     int l2_slice_size;
331     int subcluster_bits;
332     int subcluster_size;
333     int subclusters_per_cluster;
334     int l2_bits;
335     int l2_size;
336     int l1_size;
337     int l1_vm_state_index;
338     int refcount_block_bits;
339     int refcount_block_size;
340     int csize_shift;
341     int csize_mask;
342     uint64_t cluster_offset_mask;
343     uint64_t l1_table_offset;
344     uint64_t *l1_table;
345 
346     Qcow2Cache *l2_table_cache;
347     Qcow2Cache *refcount_block_cache;
348     QEMUTimer *cache_clean_timer;
349     unsigned cache_clean_interval;
350 
351     QLIST_HEAD(, QCowL2Meta) cluster_allocs;
352 
353     uint64_t *refcount_table;
354     uint64_t refcount_table_offset;
355     uint32_t refcount_table_size;
356     uint32_t max_refcount_table_index; /* Last used entry in refcount_table */
357     uint64_t free_cluster_index;
358     uint64_t free_byte_offset;
359 
360     CoMutex lock;
361 
362     Qcow2CryptoHeaderExtension crypto_header; /* QCow2 header extension */
363     QCryptoBlockOpenOptions *crypto_opts; /* Disk encryption runtime options */
364     QCryptoBlock *crypto; /* Disk encryption format driver */
365     bool crypt_physical_offset; /* Whether to use virtual or physical offset
366                                    for encryption initialization vector tweak */
367     uint32_t crypt_method_header;
368     uint64_t snapshots_offset;
369     int snapshots_size;
370     unsigned int nb_snapshots;
371     QCowSnapshot *snapshots;
372 
373     uint32_t nb_bitmaps;
374     uint64_t bitmap_directory_size;
375     uint64_t bitmap_directory_offset;
376 
377     int flags;
378     int qcow_version;
379     bool use_lazy_refcounts;
380     int refcount_order;
381     int refcount_bits;
382     uint64_t refcount_max;
383 
384     Qcow2GetRefcountFunc *get_refcount;
385     Qcow2SetRefcountFunc *set_refcount;
386 
387     bool discard_passthrough[QCOW2_DISCARD_MAX];
388 
389     int overlap_check; /* bitmask of Qcow2MetadataOverlap values */
390     bool signaled_corruption;
391 
392     uint64_t incompatible_features;
393     uint64_t compatible_features;
394     uint64_t autoclear_features;
395 
396     size_t unknown_header_fields_size;
397     void *unknown_header_fields;
398     QLIST_HEAD(, Qcow2UnknownHeaderExtension) unknown_header_ext;
399     QTAILQ_HEAD (, Qcow2DiscardRegion) discards;
400     bool cache_discards;
401 
402     /* Backing file path and format as stored in the image (this is not the
403      * effective path/format, which may be the result of a runtime option
404      * override) */
405     char *image_backing_file;
406     char *image_backing_format;
407     char *image_data_file;
408 
409     CoQueue thread_task_queue;
410     int nb_threads;
411 
412     BdrvChild *data_file;
413 
414     bool metadata_preallocation_checked;
415     bool metadata_preallocation;
416     /*
417      * Compression type used for the image. Default: 0 - ZLIB
418      * The image compression type is set on image creation.
419      * For now, the only way to change the compression type
420      * is to convert the image with the desired compression type set.
421      */
422     Qcow2CompressionType compression_type;
423 } BDRVQcow2State;
424 
425 typedef struct Qcow2COWRegion {
426     /**
427      * Offset of the COW region in bytes from the start of the first cluster
428      * touched by the request.
429      */
430     unsigned    offset;
431 
432     /** Number of bytes to copy */
433     unsigned    nb_bytes;
434 } Qcow2COWRegion;
435 
436 /**
437  * Describes an in-flight (part of a) write request that writes to clusters
438  * that need to have their L2 table entries updated (because they are
439  * newly allocated or need changes in their L2 bitmaps)
440  */
441 typedef struct QCowL2Meta
442 {
443     /** Guest offset of the first updated cluster */
444     uint64_t offset;
445 
446     /** Host offset of the first updated cluster */
447     uint64_t alloc_offset;
448 
449     /** Number of updated clusters */
450     int nb_clusters;
451 
452     /** Do not free the old clusters */
453     bool keep_old_clusters;
454 
455     /**
456      * Requests that overlap with this allocation and wait to be restarted
457      * when the allocating request has completed.
458      */
459     CoQueue dependent_requests;
460 
461     /**
462      * The COW Region immediately before the area the guest actually
463      * writes to. This (part of the) write request starts at
464      * cow_start.offset + cow_start.nb_bytes.
465      */
466     Qcow2COWRegion cow_start;
467 
468     /**
469      * The COW Region immediately after the area the guest actually
470      * writes to. This (part of the) write request ends at cow_end.offset
471      * (which must always be set even when cow_end.nb_bytes is 0).
472      */
473     Qcow2COWRegion cow_end;
474 
475     /*
476      * Indicates that COW regions are already handled and do not require
477      * any more processing.
478      */
479     bool skip_cow;
480 
481     /**
482      * Indicates that this is not a normal write request but a preallocation.
483      * If the image has extended L2 entries this means that no new individual
484      * subclusters will be marked as allocated in the L2 bitmap (but any
485      * existing contents of that bitmap will be kept).
486      */
487     bool prealloc;
488 
489     /**
490      * The I/O vector with the data from the actual guest write request.
491      * If non-NULL, this is meant to be merged together with the data
492      * from @cow_start and @cow_end into one single write operation.
493      */
494     QEMUIOVector *data_qiov;
495     size_t data_qiov_offset;
496 
497     /** Pointer to next L2Meta of the same write request */
498     struct QCowL2Meta *next;
499 
500     QLIST_ENTRY(QCowL2Meta) next_in_flight;
501 } QCowL2Meta;
502 
503 /*
504  * In images with standard L2 entries all clusters are treated as if
505  * they had one subcluster so QCow2ClusterType and QCow2SubclusterType
506  * can be mapped to each other and have the exact same meaning
507  * (QCOW2_SUBCLUSTER_UNALLOCATED_ALLOC cannot happen in these images).
508  *
509  * In images with extended L2 entries QCow2ClusterType refers to the
510  * complete cluster and QCow2SubclusterType to each of the individual
511  * subclusters, so there are several possible combinations:
512  *
513  *     |--------------+---------------------------|
514  *     | Cluster type | Possible subcluster types |
515  *     |--------------+---------------------------|
516  *     | UNALLOCATED  |         UNALLOCATED_PLAIN |
517  *     |              |                ZERO_PLAIN |
518  *     |--------------+---------------------------|
519  *     | NORMAL       |         UNALLOCATED_ALLOC |
520  *     |              |                ZERO_ALLOC |
521  *     |              |                    NORMAL |
522  *     |--------------+---------------------------|
523  *     | COMPRESSED   |                COMPRESSED |
524  *     |--------------+---------------------------|
525  *
526  * QCOW2_SUBCLUSTER_INVALID means that the L2 entry is incorrect and
527  * the image should be marked corrupt.
528  */
529 
530 typedef enum QCow2ClusterType {
531     QCOW2_CLUSTER_UNALLOCATED,
532     QCOW2_CLUSTER_ZERO_PLAIN,
533     QCOW2_CLUSTER_ZERO_ALLOC,
534     QCOW2_CLUSTER_NORMAL,
535     QCOW2_CLUSTER_COMPRESSED,
536 } QCow2ClusterType;
537 
538 typedef enum QCow2SubclusterType {
539     QCOW2_SUBCLUSTER_UNALLOCATED_PLAIN,
540     QCOW2_SUBCLUSTER_UNALLOCATED_ALLOC,
541     QCOW2_SUBCLUSTER_ZERO_PLAIN,
542     QCOW2_SUBCLUSTER_ZERO_ALLOC,
543     QCOW2_SUBCLUSTER_NORMAL,
544     QCOW2_SUBCLUSTER_COMPRESSED,
545     QCOW2_SUBCLUSTER_INVALID,
546 } QCow2SubclusterType;
547 
548 typedef enum QCow2MetadataOverlap {
549     QCOW2_OL_MAIN_HEADER_BITNR      = 0,
550     QCOW2_OL_ACTIVE_L1_BITNR        = 1,
551     QCOW2_OL_ACTIVE_L2_BITNR        = 2,
552     QCOW2_OL_REFCOUNT_TABLE_BITNR   = 3,
553     QCOW2_OL_REFCOUNT_BLOCK_BITNR   = 4,
554     QCOW2_OL_SNAPSHOT_TABLE_BITNR   = 5,
555     QCOW2_OL_INACTIVE_L1_BITNR      = 6,
556     QCOW2_OL_INACTIVE_L2_BITNR      = 7,
557     QCOW2_OL_BITMAP_DIRECTORY_BITNR = 8,
558 
559     QCOW2_OL_MAX_BITNR              = 9,
560 
561     QCOW2_OL_NONE             = 0,
562     QCOW2_OL_MAIN_HEADER      = (1 << QCOW2_OL_MAIN_HEADER_BITNR),
563     QCOW2_OL_ACTIVE_L1        = (1 << QCOW2_OL_ACTIVE_L1_BITNR),
564     QCOW2_OL_ACTIVE_L2        = (1 << QCOW2_OL_ACTIVE_L2_BITNR),
565     QCOW2_OL_REFCOUNT_TABLE   = (1 << QCOW2_OL_REFCOUNT_TABLE_BITNR),
566     QCOW2_OL_REFCOUNT_BLOCK   = (1 << QCOW2_OL_REFCOUNT_BLOCK_BITNR),
567     QCOW2_OL_SNAPSHOT_TABLE   = (1 << QCOW2_OL_SNAPSHOT_TABLE_BITNR),
568     QCOW2_OL_INACTIVE_L1      = (1 << QCOW2_OL_INACTIVE_L1_BITNR),
569     /* NOTE: Checking overlaps with inactive L2 tables will result in bdrv
570      * reads. */
571     QCOW2_OL_INACTIVE_L2      = (1 << QCOW2_OL_INACTIVE_L2_BITNR),
572     QCOW2_OL_BITMAP_DIRECTORY = (1 << QCOW2_OL_BITMAP_DIRECTORY_BITNR),
573 } QCow2MetadataOverlap;
574 
575 /* Perform all overlap checks which can be done in constant time */
576 #define QCOW2_OL_CONSTANT \
577     (QCOW2_OL_MAIN_HEADER | QCOW2_OL_ACTIVE_L1 | QCOW2_OL_REFCOUNT_TABLE | \
578      QCOW2_OL_SNAPSHOT_TABLE | QCOW2_OL_BITMAP_DIRECTORY)
579 
580 /* Perform all overlap checks which don't require disk access */
581 #define QCOW2_OL_CACHED \
582     (QCOW2_OL_CONSTANT | QCOW2_OL_ACTIVE_L2 | QCOW2_OL_REFCOUNT_BLOCK | \
583      QCOW2_OL_INACTIVE_L1)
584 
585 /* Perform all overlap checks */
586 #define QCOW2_OL_ALL \
587     (QCOW2_OL_CACHED | QCOW2_OL_INACTIVE_L2)
588 
589 #define L1E_OFFSET_MASK 0x00fffffffffffe00ULL
590 #define L2E_OFFSET_MASK 0x00fffffffffffe00ULL
591 #define L2E_COMPRESSED_OFFSET_SIZE_MASK 0x3fffffffffffffffULL
592 
593 #define REFT_OFFSET_MASK 0xfffffffffffffe00ULL
594 
595 #define INV_OFFSET (-1ULL)
596 
597 static inline bool has_subclusters(BDRVQcow2State *s)
598 {
599     return s->incompatible_features & QCOW2_INCOMPAT_EXTL2;
600 }
601 
602 static inline size_t l2_entry_size(BDRVQcow2State *s)
603 {
604     return has_subclusters(s) ? L2E_SIZE_EXTENDED : L2E_SIZE_NORMAL;
605 }
606 
607 static inline uint64_t get_l2_entry(BDRVQcow2State *s, uint64_t *l2_slice,
608                                     int idx)
609 {
610     idx *= l2_entry_size(s) / sizeof(uint64_t);
611     return be64_to_cpu(l2_slice[idx]);
612 }
613 
614 static inline uint64_t get_l2_bitmap(BDRVQcow2State *s, uint64_t *l2_slice,
615                                      int idx)
616 {
617     if (has_subclusters(s)) {
618         idx *= l2_entry_size(s) / sizeof(uint64_t);
619         return be64_to_cpu(l2_slice[idx + 1]);
620     } else {
621         return 0; /* For convenience only; this value has no meaning. */
622     }
623 }
624 
625 static inline void set_l2_entry(BDRVQcow2State *s, uint64_t *l2_slice,
626                                 int idx, uint64_t entry)
627 {
628     idx *= l2_entry_size(s) / sizeof(uint64_t);
629     l2_slice[idx] = cpu_to_be64(entry);
630 }
631 
632 static inline void set_l2_bitmap(BDRVQcow2State *s, uint64_t *l2_slice,
633                                  int idx, uint64_t bitmap)
634 {
635     assert(has_subclusters(s));
636     idx *= l2_entry_size(s) / sizeof(uint64_t);
637     l2_slice[idx + 1] = cpu_to_be64(bitmap);
638 }
639 
640 static inline bool has_data_file(BlockDriverState *bs)
641 {
642     BDRVQcow2State *s = bs->opaque;
643     return (s->data_file != bs->file);
644 }
645 
646 static inline bool data_file_is_raw(BlockDriverState *bs)
647 {
648     BDRVQcow2State *s = bs->opaque;
649     return !!(s->autoclear_features & QCOW2_AUTOCLEAR_DATA_FILE_RAW);
650 }
651 
652 static inline int64_t start_of_cluster(BDRVQcow2State *s, int64_t offset)
653 {
654     return offset & ~(s->cluster_size - 1);
655 }
656 
657 static inline int64_t offset_into_cluster(BDRVQcow2State *s, int64_t offset)
658 {
659     return offset & (s->cluster_size - 1);
660 }
661 
662 static inline int64_t offset_into_subcluster(BDRVQcow2State *s, int64_t offset)
663 {
664     return offset & (s->subcluster_size - 1);
665 }
666 
667 static inline uint64_t size_to_clusters(BDRVQcow2State *s, uint64_t size)
668 {
669     return (size + (s->cluster_size - 1)) >> s->cluster_bits;
670 }
671 
672 static inline uint64_t size_to_subclusters(BDRVQcow2State *s, uint64_t size)
673 {
674     return (size + (s->subcluster_size - 1)) >> s->subcluster_bits;
675 }
676 
677 static inline int64_t size_to_l1(BDRVQcow2State *s, int64_t size)
678 {
679     int shift = s->cluster_bits + s->l2_bits;
680     return (size + (1ULL << shift) - 1) >> shift;
681 }
682 
683 static inline int offset_to_l1_index(BDRVQcow2State *s, uint64_t offset)
684 {
685     return offset >> (s->l2_bits + s->cluster_bits);
686 }
687 
688 static inline int offset_to_l2_index(BDRVQcow2State *s, int64_t offset)
689 {
690     return (offset >> s->cluster_bits) & (s->l2_size - 1);
691 }
692 
693 static inline int offset_to_l2_slice_index(BDRVQcow2State *s, int64_t offset)
694 {
695     return (offset >> s->cluster_bits) & (s->l2_slice_size - 1);
696 }
697 
698 static inline int offset_to_sc_index(BDRVQcow2State *s, int64_t offset)
699 {
700     return (offset >> s->subcluster_bits) & (s->subclusters_per_cluster - 1);
701 }
702 
703 static inline int64_t qcow2_vm_state_offset(BDRVQcow2State *s)
704 {
705     return (int64_t)s->l1_vm_state_index << (s->cluster_bits + s->l2_bits);
706 }
707 
708 static inline QCow2ClusterType qcow2_get_cluster_type(BlockDriverState *bs,
709                                                       uint64_t l2_entry)
710 {
711     BDRVQcow2State *s = bs->opaque;
712 
713     if (l2_entry & QCOW_OFLAG_COMPRESSED) {
714         return QCOW2_CLUSTER_COMPRESSED;
715     } else if ((l2_entry & QCOW_OFLAG_ZERO) && !has_subclusters(s)) {
716         if (l2_entry & L2E_OFFSET_MASK) {
717             return QCOW2_CLUSTER_ZERO_ALLOC;
718         }
719         return QCOW2_CLUSTER_ZERO_PLAIN;
720     } else if (!(l2_entry & L2E_OFFSET_MASK)) {
721         /* Offset 0 generally means unallocated, but it is ambiguous with
722          * external data files because 0 is a valid offset there. However, all
723          * clusters in external data files always have refcount 1, so we can
724          * rely on QCOW_OFLAG_COPIED to disambiguate. */
725         if (has_data_file(bs) && (l2_entry & QCOW_OFLAG_COPIED)) {
726             return QCOW2_CLUSTER_NORMAL;
727         } else {
728             return QCOW2_CLUSTER_UNALLOCATED;
729         }
730     } else {
731         return QCOW2_CLUSTER_NORMAL;
732     }
733 }
734 
735 /*
736  * In an image without subsclusters @l2_bitmap is ignored and
737  * @sc_index must be 0.
738  * Return QCOW2_SUBCLUSTER_INVALID if an invalid l2 entry is detected
739  * (this checks the whole entry and bitmap, not only the bits related
740  * to subcluster @sc_index).
741  */
742 static inline
743 QCow2SubclusterType qcow2_get_subcluster_type(BlockDriverState *bs,
744                                               uint64_t l2_entry,
745                                               uint64_t l2_bitmap,
746                                               unsigned sc_index)
747 {
748     BDRVQcow2State *s = bs->opaque;
749     QCow2ClusterType type = qcow2_get_cluster_type(bs, l2_entry);
750     assert(sc_index < s->subclusters_per_cluster);
751 
752     if (has_subclusters(s)) {
753         switch (type) {
754         case QCOW2_CLUSTER_COMPRESSED:
755             return QCOW2_SUBCLUSTER_COMPRESSED;
756         case QCOW2_CLUSTER_NORMAL:
757             if ((l2_bitmap >> 32) & l2_bitmap) {
758                 return QCOW2_SUBCLUSTER_INVALID;
759             } else if (l2_bitmap & QCOW_OFLAG_SUB_ZERO(sc_index)) {
760                 return QCOW2_SUBCLUSTER_ZERO_ALLOC;
761             } else if (l2_bitmap & QCOW_OFLAG_SUB_ALLOC(sc_index)) {
762                 return QCOW2_SUBCLUSTER_NORMAL;
763             } else {
764                 return QCOW2_SUBCLUSTER_UNALLOCATED_ALLOC;
765             }
766         case QCOW2_CLUSTER_UNALLOCATED:
767             if (l2_bitmap & QCOW_L2_BITMAP_ALL_ALLOC) {
768                 return QCOW2_SUBCLUSTER_INVALID;
769             } else if (l2_bitmap & QCOW_OFLAG_SUB_ZERO(sc_index)) {
770                 return QCOW2_SUBCLUSTER_ZERO_PLAIN;
771             } else {
772                 return QCOW2_SUBCLUSTER_UNALLOCATED_PLAIN;
773             }
774         default:
775             g_assert_not_reached();
776         }
777     } else {
778         switch (type) {
779         case QCOW2_CLUSTER_COMPRESSED:
780             return QCOW2_SUBCLUSTER_COMPRESSED;
781         case QCOW2_CLUSTER_ZERO_PLAIN:
782             return QCOW2_SUBCLUSTER_ZERO_PLAIN;
783         case QCOW2_CLUSTER_ZERO_ALLOC:
784             return QCOW2_SUBCLUSTER_ZERO_ALLOC;
785         case QCOW2_CLUSTER_NORMAL:
786             return QCOW2_SUBCLUSTER_NORMAL;
787         case QCOW2_CLUSTER_UNALLOCATED:
788             return QCOW2_SUBCLUSTER_UNALLOCATED_PLAIN;
789         default:
790             g_assert_not_reached();
791         }
792     }
793 }
794 
795 static inline bool qcow2_cluster_is_allocated(QCow2ClusterType type)
796 {
797     return (type == QCOW2_CLUSTER_COMPRESSED || type == QCOW2_CLUSTER_NORMAL ||
798             type == QCOW2_CLUSTER_ZERO_ALLOC);
799 }
800 
801 /* Check whether refcounts are eager or lazy */
802 static inline bool qcow2_need_accurate_refcounts(BDRVQcow2State *s)
803 {
804     return !(s->incompatible_features & QCOW2_INCOMPAT_DIRTY);
805 }
806 
807 static inline uint64_t l2meta_cow_start(QCowL2Meta *m)
808 {
809     return m->offset + m->cow_start.offset;
810 }
811 
812 static inline uint64_t l2meta_cow_end(QCowL2Meta *m)
813 {
814     return m->offset + m->cow_end.offset + m->cow_end.nb_bytes;
815 }
816 
817 static inline uint64_t refcount_diff(uint64_t r1, uint64_t r2)
818 {
819     return r1 > r2 ? r1 - r2 : r2 - r1;
820 }
821 
822 static inline
823 uint32_t offset_to_reftable_index(BDRVQcow2State *s, uint64_t offset)
824 {
825     return offset >> (s->refcount_block_bits + s->cluster_bits);
826 }
827 
828 /* qcow2.c functions */
829 int64_t qcow2_refcount_metadata_size(int64_t clusters, size_t cluster_size,
830                                      int refcount_order, bool generous_increase,
831                                      uint64_t *refblock_count);
832 
833 int qcow2_mark_dirty(BlockDriverState *bs);
834 int qcow2_mark_corrupt(BlockDriverState *bs);
835 int qcow2_mark_consistent(BlockDriverState *bs);
836 int qcow2_update_header(BlockDriverState *bs);
837 
838 void qcow2_signal_corruption(BlockDriverState *bs, bool fatal, int64_t offset,
839                              int64_t size, const char *message_format, ...)
840                              GCC_FMT_ATTR(5, 6);
841 
842 int qcow2_validate_table(BlockDriverState *bs, uint64_t offset,
843                          uint64_t entries, size_t entry_len,
844                          int64_t max_size_bytes, const char *table_name,
845                          Error **errp);
846 
847 /* qcow2-refcount.c functions */
848 int qcow2_refcount_init(BlockDriverState *bs);
849 void qcow2_refcount_close(BlockDriverState *bs);
850 
851 int qcow2_get_refcount(BlockDriverState *bs, int64_t cluster_index,
852                        uint64_t *refcount);
853 
854 int qcow2_update_cluster_refcount(BlockDriverState *bs, int64_t cluster_index,
855                                   uint64_t addend, bool decrease,
856                                   enum qcow2_discard_type type);
857 
858 int64_t qcow2_refcount_area(BlockDriverState *bs, uint64_t offset,
859                             uint64_t additional_clusters, bool exact_size,
860                             int new_refblock_index,
861                             uint64_t new_refblock_offset);
862 
863 int64_t qcow2_alloc_clusters(BlockDriverState *bs, uint64_t size);
864 int64_t qcow2_alloc_clusters_at(BlockDriverState *bs, uint64_t offset,
865                                 int64_t nb_clusters);
866 int64_t qcow2_alloc_bytes(BlockDriverState *bs, int size);
867 void qcow2_free_clusters(BlockDriverState *bs,
868                           int64_t offset, int64_t size,
869                           enum qcow2_discard_type type);
870 void qcow2_free_any_cluster(BlockDriverState *bs, uint64_t l2_entry,
871                             enum qcow2_discard_type type);
872 
873 int qcow2_update_snapshot_refcount(BlockDriverState *bs,
874     int64_t l1_table_offset, int l1_size, int addend);
875 
876 int coroutine_fn qcow2_flush_caches(BlockDriverState *bs);
877 int coroutine_fn qcow2_write_caches(BlockDriverState *bs);
878 int qcow2_check_refcounts(BlockDriverState *bs, BdrvCheckResult *res,
879                           BdrvCheckMode fix);
880 
881 void qcow2_process_discards(BlockDriverState *bs, int ret);
882 
883 int qcow2_check_metadata_overlap(BlockDriverState *bs, int ign, int64_t offset,
884                                  int64_t size);
885 int qcow2_pre_write_overlap_check(BlockDriverState *bs, int ign, int64_t offset,
886                                   int64_t size, bool data_file);
887 int qcow2_inc_refcounts_imrt(BlockDriverState *bs, BdrvCheckResult *res,
888                              void **refcount_table,
889                              int64_t *refcount_table_size,
890                              int64_t offset, int64_t size);
891 
892 int qcow2_change_refcount_order(BlockDriverState *bs, int refcount_order,
893                                 BlockDriverAmendStatusCB *status_cb,
894                                 void *cb_opaque, Error **errp);
895 int qcow2_shrink_reftable(BlockDriverState *bs);
896 int64_t qcow2_get_last_cluster(BlockDriverState *bs, int64_t size);
897 int qcow2_detect_metadata_preallocation(BlockDriverState *bs);
898 
899 /* qcow2-cluster.c functions */
900 int qcow2_grow_l1_table(BlockDriverState *bs, uint64_t min_size,
901                         bool exact_size);
902 int qcow2_shrink_l1_table(BlockDriverState *bs, uint64_t max_size);
903 int qcow2_write_l1_entry(BlockDriverState *bs, int l1_index);
904 int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t sector_num,
905                           uint8_t *buf, int nb_sectors, bool enc, Error **errp);
906 
907 int qcow2_get_host_offset(BlockDriverState *bs, uint64_t offset,
908                           unsigned int *bytes, uint64_t *host_offset,
909                           QCow2SubclusterType *subcluster_type);
910 int qcow2_alloc_host_offset(BlockDriverState *bs, uint64_t offset,
911                             unsigned int *bytes, uint64_t *host_offset,
912                             QCowL2Meta **m);
913 int qcow2_alloc_compressed_cluster_offset(BlockDriverState *bs,
914                                           uint64_t offset,
915                                           int compressed_size,
916                                           uint64_t *host_offset);
917 
918 int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, QCowL2Meta *m);
919 void qcow2_alloc_cluster_abort(BlockDriverState *bs, QCowL2Meta *m);
920 int qcow2_cluster_discard(BlockDriverState *bs, uint64_t offset,
921                           uint64_t bytes, enum qcow2_discard_type type,
922                           bool full_discard);
923 int qcow2_subcluster_zeroize(BlockDriverState *bs, uint64_t offset,
924                              uint64_t bytes, int flags);
925 
926 int qcow2_expand_zero_clusters(BlockDriverState *bs,
927                                BlockDriverAmendStatusCB *status_cb,
928                                void *cb_opaque);
929 
930 /* qcow2-snapshot.c functions */
931 int qcow2_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info);
932 int qcow2_snapshot_goto(BlockDriverState *bs, const char *snapshot_id);
933 int qcow2_snapshot_delete(BlockDriverState *bs,
934                           const char *snapshot_id,
935                           const char *name,
936                           Error **errp);
937 int qcow2_snapshot_list(BlockDriverState *bs, QEMUSnapshotInfo **psn_tab);
938 int qcow2_snapshot_load_tmp(BlockDriverState *bs,
939                             const char *snapshot_id,
940                             const char *name,
941                             Error **errp);
942 
943 void qcow2_free_snapshots(BlockDriverState *bs);
944 int qcow2_read_snapshots(BlockDriverState *bs, Error **errp);
945 int qcow2_write_snapshots(BlockDriverState *bs);
946 
947 int coroutine_fn qcow2_check_read_snapshot_table(BlockDriverState *bs,
948                                                  BdrvCheckResult *result,
949                                                  BdrvCheckMode fix);
950 int coroutine_fn qcow2_check_fix_snapshot_table(BlockDriverState *bs,
951                                                 BdrvCheckResult *result,
952                                                 BdrvCheckMode fix);
953 
954 /* qcow2-cache.c functions */
955 Qcow2Cache *qcow2_cache_create(BlockDriverState *bs, int num_tables,
956                                unsigned table_size);
957 int qcow2_cache_destroy(Qcow2Cache *c);
958 
959 void qcow2_cache_entry_mark_dirty(Qcow2Cache *c, void *table);
960 int qcow2_cache_flush(BlockDriverState *bs, Qcow2Cache *c);
961 int qcow2_cache_write(BlockDriverState *bs, Qcow2Cache *c);
962 int qcow2_cache_set_dependency(BlockDriverState *bs, Qcow2Cache *c,
963     Qcow2Cache *dependency);
964 void qcow2_cache_depends_on_flush(Qcow2Cache *c);
965 
966 void qcow2_cache_clean_unused(Qcow2Cache *c);
967 int qcow2_cache_empty(BlockDriverState *bs, Qcow2Cache *c);
968 
969 int qcow2_cache_get(BlockDriverState *bs, Qcow2Cache *c, uint64_t offset,
970     void **table);
971 int qcow2_cache_get_empty(BlockDriverState *bs, Qcow2Cache *c, uint64_t offset,
972     void **table);
973 void qcow2_cache_put(Qcow2Cache *c, void **table);
974 void *qcow2_cache_is_table_offset(Qcow2Cache *c, uint64_t offset);
975 void qcow2_cache_discard(Qcow2Cache *c, void *table);
976 
977 /* qcow2-bitmap.c functions */
978 int qcow2_check_bitmaps_refcounts(BlockDriverState *bs, BdrvCheckResult *res,
979                                   void **refcount_table,
980                                   int64_t *refcount_table_size);
981 bool qcow2_load_dirty_bitmaps(BlockDriverState *bs, bool *header_updated,
982                               Error **errp);
983 bool qcow2_get_bitmap_info_list(BlockDriverState *bs,
984                                 Qcow2BitmapInfoList **info_list, Error **errp);
985 int qcow2_reopen_bitmaps_rw(BlockDriverState *bs, Error **errp);
986 int qcow2_truncate_bitmaps_check(BlockDriverState *bs, Error **errp);
987 bool qcow2_store_persistent_dirty_bitmaps(BlockDriverState *bs,
988                                           bool release_stored, Error **errp);
989 int qcow2_reopen_bitmaps_ro(BlockDriverState *bs, Error **errp);
990 bool qcow2_co_can_store_new_dirty_bitmap(BlockDriverState *bs,
991                                          const char *name,
992                                          uint32_t granularity,
993                                          Error **errp);
994 int qcow2_co_remove_persistent_dirty_bitmap(BlockDriverState *bs,
995                                             const char *name,
996                                             Error **errp);
997 bool qcow2_supports_persistent_dirty_bitmap(BlockDriverState *bs);
998 uint64_t qcow2_get_persistent_dirty_bitmap_size(BlockDriverState *bs,
999                                                 uint32_t cluster_size);
1000 
1001 ssize_t coroutine_fn
1002 qcow2_co_compress(BlockDriverState *bs, void *dest, size_t dest_size,
1003                   const void *src, size_t src_size);
1004 ssize_t coroutine_fn
1005 qcow2_co_decompress(BlockDriverState *bs, void *dest, size_t dest_size,
1006                     const void *src, size_t src_size);
1007 int coroutine_fn
1008 qcow2_co_encrypt(BlockDriverState *bs, uint64_t host_offset,
1009                  uint64_t guest_offset, void *buf, size_t len);
1010 int coroutine_fn
1011 qcow2_co_decrypt(BlockDriverState *bs, uint64_t host_offset,
1012                  uint64_t guest_offset, void *buf, size_t len);
1013 
1014 #endif
1015