1 /* 2 * Quorum Block filter 3 * 4 * Copyright (C) 2012-2014 Nodalink, EURL. 5 * 6 * Author: 7 * Benoît Canet <benoit.canet@irqsave.net> 8 * 9 * Based on the design and code of blkverify.c (Copyright (C) 2010 IBM, Corp) 10 * and blkmirror.c (Copyright (C) 2011 Red Hat, Inc). 11 * 12 * This work is licensed under the terms of the GNU GPL, version 2 or later. 13 * See the COPYING file in the top-level directory. 14 */ 15 16 #include <gnutls/gnutls.h> 17 #include <gnutls/crypto.h> 18 #include "block/block_int.h" 19 #include "qapi/qmp/qbool.h" 20 #include "qapi/qmp/qdict.h" 21 #include "qapi/qmp/qint.h" 22 #include "qapi/qmp/qjson.h" 23 #include "qapi/qmp/qlist.h" 24 #include "qapi/qmp/qstring.h" 25 #include "qapi-event.h" 26 27 #define HASH_LENGTH 32 28 29 #define QUORUM_OPT_VOTE_THRESHOLD "vote-threshold" 30 #define QUORUM_OPT_BLKVERIFY "blkverify" 31 #define QUORUM_OPT_REWRITE "rewrite-corrupted" 32 #define QUORUM_OPT_READ_PATTERN "read-pattern" 33 34 /* This union holds a vote hash value */ 35 typedef union QuorumVoteValue { 36 char h[HASH_LENGTH]; /* SHA-256 hash */ 37 int64_t l; /* simpler 64 bits hash */ 38 } QuorumVoteValue; 39 40 /* A vote item */ 41 typedef struct QuorumVoteItem { 42 int index; 43 QLIST_ENTRY(QuorumVoteItem) next; 44 } QuorumVoteItem; 45 46 /* this structure is a vote version. A version is the set of votes sharing the 47 * same vote value. 48 * The set of votes will be tracked with the items field and its cardinality is 49 * vote_count. 50 */ 51 typedef struct QuorumVoteVersion { 52 QuorumVoteValue value; 53 int index; 54 int vote_count; 55 QLIST_HEAD(, QuorumVoteItem) items; 56 QLIST_ENTRY(QuorumVoteVersion) next; 57 } QuorumVoteVersion; 58 59 /* this structure holds a group of vote versions together */ 60 typedef struct QuorumVotes { 61 QLIST_HEAD(, QuorumVoteVersion) vote_list; 62 bool (*compare)(QuorumVoteValue *a, QuorumVoteValue *b); 63 } QuorumVotes; 64 65 /* the following structure holds the state of one quorum instance */ 66 typedef struct BDRVQuorumState { 67 BlockDriverState **bs; /* children BlockDriverStates */ 68 int num_children; /* children count */ 69 int threshold; /* if less than threshold children reads gave the 70 * same result a quorum error occurs. 71 */ 72 bool is_blkverify; /* true if the driver is in blkverify mode 73 * Writes are mirrored on two children devices. 74 * On reads the two children devices' contents are 75 * compared and if a difference is spotted its 76 * location is printed and the code aborts. 77 * It is useful to debug other block drivers by 78 * comparing them with a reference one. 79 */ 80 bool rewrite_corrupted;/* true if the driver must rewrite-on-read corrupted 81 * block if Quorum is reached. 82 */ 83 84 QuorumReadPattern read_pattern; 85 } BDRVQuorumState; 86 87 typedef struct QuorumAIOCB QuorumAIOCB; 88 89 /* Quorum will create one instance of the following structure per operation it 90 * performs on its children. 91 * So for each read/write operation coming from the upper layer there will be 92 * $children_count QuorumChildRequest. 93 */ 94 typedef struct QuorumChildRequest { 95 BlockAIOCB *aiocb; 96 QEMUIOVector qiov; 97 uint8_t *buf; 98 int ret; 99 QuorumAIOCB *parent; 100 } QuorumChildRequest; 101 102 /* Quorum will use the following structure to track progress of each read/write 103 * operation received by the upper layer. 104 * This structure hold pointers to the QuorumChildRequest structures instances 105 * used to do operations on each children and track overall progress. 106 */ 107 struct QuorumAIOCB { 108 BlockAIOCB common; 109 110 /* Request metadata */ 111 uint64_t sector_num; 112 int nb_sectors; 113 114 QEMUIOVector *qiov; /* calling IOV */ 115 116 QuorumChildRequest *qcrs; /* individual child requests */ 117 int count; /* number of completed AIOCB */ 118 int success_count; /* number of successfully completed AIOCB */ 119 120 int rewrite_count; /* number of replica to rewrite: count down to 121 * zero once writes are fired 122 */ 123 124 QuorumVotes votes; 125 126 bool is_read; 127 int vote_ret; 128 int child_iter; /* which child to read in fifo pattern */ 129 }; 130 131 static bool quorum_vote(QuorumAIOCB *acb); 132 133 static void quorum_aio_cancel(BlockAIOCB *blockacb) 134 { 135 QuorumAIOCB *acb = container_of(blockacb, QuorumAIOCB, common); 136 BDRVQuorumState *s = acb->common.bs->opaque; 137 int i; 138 139 /* cancel all callbacks */ 140 for (i = 0; i < s->num_children; i++) { 141 if (acb->qcrs[i].aiocb) { 142 bdrv_aio_cancel_async(acb->qcrs[i].aiocb); 143 } 144 } 145 } 146 147 static AIOCBInfo quorum_aiocb_info = { 148 .aiocb_size = sizeof(QuorumAIOCB), 149 .cancel_async = quorum_aio_cancel, 150 }; 151 152 static void quorum_aio_finalize(QuorumAIOCB *acb) 153 { 154 int i, ret = 0; 155 156 if (acb->vote_ret) { 157 ret = acb->vote_ret; 158 } 159 160 acb->common.cb(acb->common.opaque, ret); 161 162 if (acb->is_read) { 163 /* on the quorum case acb->child_iter == s->num_children - 1 */ 164 for (i = 0; i <= acb->child_iter; i++) { 165 qemu_vfree(acb->qcrs[i].buf); 166 qemu_iovec_destroy(&acb->qcrs[i].qiov); 167 } 168 } 169 170 g_free(acb->qcrs); 171 qemu_aio_unref(acb); 172 } 173 174 static bool quorum_sha256_compare(QuorumVoteValue *a, QuorumVoteValue *b) 175 { 176 return !memcmp(a->h, b->h, HASH_LENGTH); 177 } 178 179 static bool quorum_64bits_compare(QuorumVoteValue *a, QuorumVoteValue *b) 180 { 181 return a->l == b->l; 182 } 183 184 static QuorumAIOCB *quorum_aio_get(BDRVQuorumState *s, 185 BlockDriverState *bs, 186 QEMUIOVector *qiov, 187 uint64_t sector_num, 188 int nb_sectors, 189 BlockCompletionFunc *cb, 190 void *opaque) 191 { 192 QuorumAIOCB *acb = qemu_aio_get(&quorum_aiocb_info, bs, cb, opaque); 193 int i; 194 195 acb->common.bs->opaque = s; 196 acb->sector_num = sector_num; 197 acb->nb_sectors = nb_sectors; 198 acb->qiov = qiov; 199 acb->qcrs = g_new0(QuorumChildRequest, s->num_children); 200 acb->count = 0; 201 acb->success_count = 0; 202 acb->rewrite_count = 0; 203 acb->votes.compare = quorum_sha256_compare; 204 QLIST_INIT(&acb->votes.vote_list); 205 acb->is_read = false; 206 acb->vote_ret = 0; 207 208 for (i = 0; i < s->num_children; i++) { 209 acb->qcrs[i].buf = NULL; 210 acb->qcrs[i].ret = 0; 211 acb->qcrs[i].parent = acb; 212 } 213 214 return acb; 215 } 216 217 static void quorum_report_bad(QuorumAIOCB *acb, char *node_name, int ret) 218 { 219 const char *msg = NULL; 220 if (ret < 0) { 221 msg = strerror(-ret); 222 } 223 qapi_event_send_quorum_report_bad(!!msg, msg, node_name, 224 acb->sector_num, acb->nb_sectors, &error_abort); 225 } 226 227 static void quorum_report_failure(QuorumAIOCB *acb) 228 { 229 const char *reference = bdrv_get_device_or_node_name(acb->common.bs); 230 qapi_event_send_quorum_failure(reference, acb->sector_num, 231 acb->nb_sectors, &error_abort); 232 } 233 234 static int quorum_vote_error(QuorumAIOCB *acb); 235 236 static bool quorum_has_too_much_io_failed(QuorumAIOCB *acb) 237 { 238 BDRVQuorumState *s = acb->common.bs->opaque; 239 240 if (acb->success_count < s->threshold) { 241 acb->vote_ret = quorum_vote_error(acb); 242 quorum_report_failure(acb); 243 return true; 244 } 245 246 return false; 247 } 248 249 static void quorum_rewrite_aio_cb(void *opaque, int ret) 250 { 251 QuorumAIOCB *acb = opaque; 252 253 /* one less rewrite to do */ 254 acb->rewrite_count--; 255 256 /* wait until all rewrite callbacks have completed */ 257 if (acb->rewrite_count) { 258 return; 259 } 260 261 quorum_aio_finalize(acb); 262 } 263 264 static BlockAIOCB *read_fifo_child(QuorumAIOCB *acb); 265 266 static void quorum_copy_qiov(QEMUIOVector *dest, QEMUIOVector *source) 267 { 268 int i; 269 assert(dest->niov == source->niov); 270 assert(dest->size == source->size); 271 for (i = 0; i < source->niov; i++) { 272 assert(dest->iov[i].iov_len == source->iov[i].iov_len); 273 memcpy(dest->iov[i].iov_base, 274 source->iov[i].iov_base, 275 source->iov[i].iov_len); 276 } 277 } 278 279 static void quorum_aio_cb(void *opaque, int ret) 280 { 281 QuorumChildRequest *sacb = opaque; 282 QuorumAIOCB *acb = sacb->parent; 283 BDRVQuorumState *s = acb->common.bs->opaque; 284 bool rewrite = false; 285 286 if (acb->is_read && s->read_pattern == QUORUM_READ_PATTERN_FIFO) { 287 /* We try to read next child in FIFO order if we fail to read */ 288 if (ret < 0 && ++acb->child_iter < s->num_children) { 289 read_fifo_child(acb); 290 return; 291 } 292 293 if (ret == 0) { 294 quorum_copy_qiov(acb->qiov, &acb->qcrs[acb->child_iter].qiov); 295 } 296 acb->vote_ret = ret; 297 quorum_aio_finalize(acb); 298 return; 299 } 300 301 sacb->ret = ret; 302 acb->count++; 303 if (ret == 0) { 304 acb->success_count++; 305 } else { 306 quorum_report_bad(acb, sacb->aiocb->bs->node_name, ret); 307 } 308 assert(acb->count <= s->num_children); 309 assert(acb->success_count <= s->num_children); 310 if (acb->count < s->num_children) { 311 return; 312 } 313 314 /* Do the vote on read */ 315 if (acb->is_read) { 316 rewrite = quorum_vote(acb); 317 } else { 318 quorum_has_too_much_io_failed(acb); 319 } 320 321 /* if no rewrite is done the code will finish right away */ 322 if (!rewrite) { 323 quorum_aio_finalize(acb); 324 } 325 } 326 327 static void quorum_report_bad_versions(BDRVQuorumState *s, 328 QuorumAIOCB *acb, 329 QuorumVoteValue *value) 330 { 331 QuorumVoteVersion *version; 332 QuorumVoteItem *item; 333 334 QLIST_FOREACH(version, &acb->votes.vote_list, next) { 335 if (acb->votes.compare(&version->value, value)) { 336 continue; 337 } 338 QLIST_FOREACH(item, &version->items, next) { 339 quorum_report_bad(acb, s->bs[item->index]->node_name, 0); 340 } 341 } 342 } 343 344 static bool quorum_rewrite_bad_versions(BDRVQuorumState *s, QuorumAIOCB *acb, 345 QuorumVoteValue *value) 346 { 347 QuorumVoteVersion *version; 348 QuorumVoteItem *item; 349 int count = 0; 350 351 /* first count the number of bad versions: done first to avoid concurrency 352 * issues. 353 */ 354 QLIST_FOREACH(version, &acb->votes.vote_list, next) { 355 if (acb->votes.compare(&version->value, value)) { 356 continue; 357 } 358 QLIST_FOREACH(item, &version->items, next) { 359 count++; 360 } 361 } 362 363 /* quorum_rewrite_aio_cb will count down this to zero */ 364 acb->rewrite_count = count; 365 366 /* now fire the correcting rewrites */ 367 QLIST_FOREACH(version, &acb->votes.vote_list, next) { 368 if (acb->votes.compare(&version->value, value)) { 369 continue; 370 } 371 QLIST_FOREACH(item, &version->items, next) { 372 bdrv_aio_writev(s->bs[item->index], acb->sector_num, acb->qiov, 373 acb->nb_sectors, quorum_rewrite_aio_cb, acb); 374 } 375 } 376 377 /* return true if any rewrite is done else false */ 378 return count; 379 } 380 381 static void quorum_count_vote(QuorumVotes *votes, 382 QuorumVoteValue *value, 383 int index) 384 { 385 QuorumVoteVersion *v = NULL, *version = NULL; 386 QuorumVoteItem *item; 387 388 /* look if we have something with this hash */ 389 QLIST_FOREACH(v, &votes->vote_list, next) { 390 if (votes->compare(&v->value, value)) { 391 version = v; 392 break; 393 } 394 } 395 396 /* It's a version not yet in the list add it */ 397 if (!version) { 398 version = g_new0(QuorumVoteVersion, 1); 399 QLIST_INIT(&version->items); 400 memcpy(&version->value, value, sizeof(version->value)); 401 version->index = index; 402 version->vote_count = 0; 403 QLIST_INSERT_HEAD(&votes->vote_list, version, next); 404 } 405 406 version->vote_count++; 407 408 item = g_new0(QuorumVoteItem, 1); 409 item->index = index; 410 QLIST_INSERT_HEAD(&version->items, item, next); 411 } 412 413 static void quorum_free_vote_list(QuorumVotes *votes) 414 { 415 QuorumVoteVersion *version, *next_version; 416 QuorumVoteItem *item, *next_item; 417 418 QLIST_FOREACH_SAFE(version, &votes->vote_list, next, next_version) { 419 QLIST_REMOVE(version, next); 420 QLIST_FOREACH_SAFE(item, &version->items, next, next_item) { 421 QLIST_REMOVE(item, next); 422 g_free(item); 423 } 424 g_free(version); 425 } 426 } 427 428 static int quorum_compute_hash(QuorumAIOCB *acb, int i, QuorumVoteValue *hash) 429 { 430 int j, ret; 431 gnutls_hash_hd_t dig; 432 QEMUIOVector *qiov = &acb->qcrs[i].qiov; 433 434 ret = gnutls_hash_init(&dig, GNUTLS_DIG_SHA256); 435 436 if (ret < 0) { 437 return ret; 438 } 439 440 for (j = 0; j < qiov->niov; j++) { 441 ret = gnutls_hash(dig, qiov->iov[j].iov_base, qiov->iov[j].iov_len); 442 if (ret < 0) { 443 break; 444 } 445 } 446 447 gnutls_hash_deinit(dig, (void *) hash); 448 return ret; 449 } 450 451 static QuorumVoteVersion *quorum_get_vote_winner(QuorumVotes *votes) 452 { 453 int max = 0; 454 QuorumVoteVersion *candidate, *winner = NULL; 455 456 QLIST_FOREACH(candidate, &votes->vote_list, next) { 457 if (candidate->vote_count > max) { 458 max = candidate->vote_count; 459 winner = candidate; 460 } 461 } 462 463 return winner; 464 } 465 466 /* qemu_iovec_compare is handy for blkverify mode because it returns the first 467 * differing byte location. Yet it is handcoded to compare vectors one byte 468 * after another so it does not benefit from the libc SIMD optimizations. 469 * quorum_iovec_compare is written for speed and should be used in the non 470 * blkverify mode of quorum. 471 */ 472 static bool quorum_iovec_compare(QEMUIOVector *a, QEMUIOVector *b) 473 { 474 int i; 475 int result; 476 477 assert(a->niov == b->niov); 478 for (i = 0; i < a->niov; i++) { 479 assert(a->iov[i].iov_len == b->iov[i].iov_len); 480 result = memcmp(a->iov[i].iov_base, 481 b->iov[i].iov_base, 482 a->iov[i].iov_len); 483 if (result) { 484 return false; 485 } 486 } 487 488 return true; 489 } 490 491 static void GCC_FMT_ATTR(2, 3) quorum_err(QuorumAIOCB *acb, 492 const char *fmt, ...) 493 { 494 va_list ap; 495 496 va_start(ap, fmt); 497 fprintf(stderr, "quorum: sector_num=%" PRId64 " nb_sectors=%d ", 498 acb->sector_num, acb->nb_sectors); 499 vfprintf(stderr, fmt, ap); 500 fprintf(stderr, "\n"); 501 va_end(ap); 502 exit(1); 503 } 504 505 static bool quorum_compare(QuorumAIOCB *acb, 506 QEMUIOVector *a, 507 QEMUIOVector *b) 508 { 509 BDRVQuorumState *s = acb->common.bs->opaque; 510 ssize_t offset; 511 512 /* This driver will replace blkverify in this particular case */ 513 if (s->is_blkverify) { 514 offset = qemu_iovec_compare(a, b); 515 if (offset != -1) { 516 quorum_err(acb, "contents mismatch in sector %" PRId64, 517 acb->sector_num + 518 (uint64_t)(offset / BDRV_SECTOR_SIZE)); 519 } 520 return true; 521 } 522 523 return quorum_iovec_compare(a, b); 524 } 525 526 /* Do a vote to get the error code */ 527 static int quorum_vote_error(QuorumAIOCB *acb) 528 { 529 BDRVQuorumState *s = acb->common.bs->opaque; 530 QuorumVoteVersion *winner = NULL; 531 QuorumVotes error_votes; 532 QuorumVoteValue result_value; 533 int i, ret = 0; 534 bool error = false; 535 536 QLIST_INIT(&error_votes.vote_list); 537 error_votes.compare = quorum_64bits_compare; 538 539 for (i = 0; i < s->num_children; i++) { 540 ret = acb->qcrs[i].ret; 541 if (ret) { 542 error = true; 543 result_value.l = ret; 544 quorum_count_vote(&error_votes, &result_value, i); 545 } 546 } 547 548 if (error) { 549 winner = quorum_get_vote_winner(&error_votes); 550 ret = winner->value.l; 551 } 552 553 quorum_free_vote_list(&error_votes); 554 555 return ret; 556 } 557 558 static bool quorum_vote(QuorumAIOCB *acb) 559 { 560 bool quorum = true; 561 bool rewrite = false; 562 int i, j, ret; 563 QuorumVoteValue hash; 564 BDRVQuorumState *s = acb->common.bs->opaque; 565 QuorumVoteVersion *winner; 566 567 if (quorum_has_too_much_io_failed(acb)) { 568 return false; 569 } 570 571 /* get the index of the first successful read */ 572 for (i = 0; i < s->num_children; i++) { 573 if (!acb->qcrs[i].ret) { 574 break; 575 } 576 } 577 578 assert(i < s->num_children); 579 580 /* compare this read with all other successful reads stopping at quorum 581 * failure 582 */ 583 for (j = i + 1; j < s->num_children; j++) { 584 if (acb->qcrs[j].ret) { 585 continue; 586 } 587 quorum = quorum_compare(acb, &acb->qcrs[i].qiov, &acb->qcrs[j].qiov); 588 if (!quorum) { 589 break; 590 } 591 } 592 593 /* Every successful read agrees */ 594 if (quorum) { 595 quorum_copy_qiov(acb->qiov, &acb->qcrs[i].qiov); 596 return false; 597 } 598 599 /* compute hashes for each successful read, also store indexes */ 600 for (i = 0; i < s->num_children; i++) { 601 if (acb->qcrs[i].ret) { 602 continue; 603 } 604 ret = quorum_compute_hash(acb, i, &hash); 605 /* if ever the hash computation failed */ 606 if (ret < 0) { 607 acb->vote_ret = ret; 608 goto free_exit; 609 } 610 quorum_count_vote(&acb->votes, &hash, i); 611 } 612 613 /* vote to select the most represented version */ 614 winner = quorum_get_vote_winner(&acb->votes); 615 616 /* if the winner count is smaller than threshold the read fails */ 617 if (winner->vote_count < s->threshold) { 618 quorum_report_failure(acb); 619 acb->vote_ret = -EIO; 620 goto free_exit; 621 } 622 623 /* we have a winner: copy it */ 624 quorum_copy_qiov(acb->qiov, &acb->qcrs[winner->index].qiov); 625 626 /* some versions are bad print them */ 627 quorum_report_bad_versions(s, acb, &winner->value); 628 629 /* corruption correction is enabled */ 630 if (s->rewrite_corrupted) { 631 rewrite = quorum_rewrite_bad_versions(s, acb, &winner->value); 632 } 633 634 free_exit: 635 /* free lists */ 636 quorum_free_vote_list(&acb->votes); 637 return rewrite; 638 } 639 640 static BlockAIOCB *read_quorum_children(QuorumAIOCB *acb) 641 { 642 BDRVQuorumState *s = acb->common.bs->opaque; 643 int i; 644 645 for (i = 0; i < s->num_children; i++) { 646 acb->qcrs[i].buf = qemu_blockalign(s->bs[i], acb->qiov->size); 647 qemu_iovec_init(&acb->qcrs[i].qiov, acb->qiov->niov); 648 qemu_iovec_clone(&acb->qcrs[i].qiov, acb->qiov, acb->qcrs[i].buf); 649 } 650 651 for (i = 0; i < s->num_children; i++) { 652 bdrv_aio_readv(s->bs[i], acb->sector_num, &acb->qcrs[i].qiov, 653 acb->nb_sectors, quorum_aio_cb, &acb->qcrs[i]); 654 } 655 656 return &acb->common; 657 } 658 659 static BlockAIOCB *read_fifo_child(QuorumAIOCB *acb) 660 { 661 BDRVQuorumState *s = acb->common.bs->opaque; 662 663 acb->qcrs[acb->child_iter].buf = qemu_blockalign(s->bs[acb->child_iter], 664 acb->qiov->size); 665 qemu_iovec_init(&acb->qcrs[acb->child_iter].qiov, acb->qiov->niov); 666 qemu_iovec_clone(&acb->qcrs[acb->child_iter].qiov, acb->qiov, 667 acb->qcrs[acb->child_iter].buf); 668 bdrv_aio_readv(s->bs[acb->child_iter], acb->sector_num, 669 &acb->qcrs[acb->child_iter].qiov, acb->nb_sectors, 670 quorum_aio_cb, &acb->qcrs[acb->child_iter]); 671 672 return &acb->common; 673 } 674 675 static BlockAIOCB *quorum_aio_readv(BlockDriverState *bs, 676 int64_t sector_num, 677 QEMUIOVector *qiov, 678 int nb_sectors, 679 BlockCompletionFunc *cb, 680 void *opaque) 681 { 682 BDRVQuorumState *s = bs->opaque; 683 QuorumAIOCB *acb = quorum_aio_get(s, bs, qiov, sector_num, 684 nb_sectors, cb, opaque); 685 acb->is_read = true; 686 687 if (s->read_pattern == QUORUM_READ_PATTERN_QUORUM) { 688 acb->child_iter = s->num_children - 1; 689 return read_quorum_children(acb); 690 } 691 692 acb->child_iter = 0; 693 return read_fifo_child(acb); 694 } 695 696 static BlockAIOCB *quorum_aio_writev(BlockDriverState *bs, 697 int64_t sector_num, 698 QEMUIOVector *qiov, 699 int nb_sectors, 700 BlockCompletionFunc *cb, 701 void *opaque) 702 { 703 BDRVQuorumState *s = bs->opaque; 704 QuorumAIOCB *acb = quorum_aio_get(s, bs, qiov, sector_num, nb_sectors, 705 cb, opaque); 706 int i; 707 708 for (i = 0; i < s->num_children; i++) { 709 acb->qcrs[i].aiocb = bdrv_aio_writev(s->bs[i], sector_num, qiov, 710 nb_sectors, &quorum_aio_cb, 711 &acb->qcrs[i]); 712 } 713 714 return &acb->common; 715 } 716 717 static int64_t quorum_getlength(BlockDriverState *bs) 718 { 719 BDRVQuorumState *s = bs->opaque; 720 int64_t result; 721 int i; 722 723 /* check that all file have the same length */ 724 result = bdrv_getlength(s->bs[0]); 725 if (result < 0) { 726 return result; 727 } 728 for (i = 1; i < s->num_children; i++) { 729 int64_t value = bdrv_getlength(s->bs[i]); 730 if (value < 0) { 731 return value; 732 } 733 if (value != result) { 734 return -EIO; 735 } 736 } 737 738 return result; 739 } 740 741 static void quorum_invalidate_cache(BlockDriverState *bs, Error **errp) 742 { 743 BDRVQuorumState *s = bs->opaque; 744 Error *local_err = NULL; 745 int i; 746 747 for (i = 0; i < s->num_children; i++) { 748 bdrv_invalidate_cache(s->bs[i], &local_err); 749 if (local_err) { 750 error_propagate(errp, local_err); 751 return; 752 } 753 } 754 } 755 756 static coroutine_fn int quorum_co_flush(BlockDriverState *bs) 757 { 758 BDRVQuorumState *s = bs->opaque; 759 QuorumVoteVersion *winner = NULL; 760 QuorumVotes error_votes; 761 QuorumVoteValue result_value; 762 int i; 763 int result = 0; 764 765 QLIST_INIT(&error_votes.vote_list); 766 error_votes.compare = quorum_64bits_compare; 767 768 for (i = 0; i < s->num_children; i++) { 769 result = bdrv_co_flush(s->bs[i]); 770 result_value.l = result; 771 quorum_count_vote(&error_votes, &result_value, i); 772 } 773 774 winner = quorum_get_vote_winner(&error_votes); 775 result = winner->value.l; 776 777 quorum_free_vote_list(&error_votes); 778 779 return result; 780 } 781 782 static bool quorum_recurse_is_first_non_filter(BlockDriverState *bs, 783 BlockDriverState *candidate) 784 { 785 BDRVQuorumState *s = bs->opaque; 786 int i; 787 788 for (i = 0; i < s->num_children; i++) { 789 bool perm = bdrv_recurse_is_first_non_filter(s->bs[i], 790 candidate); 791 if (perm) { 792 return true; 793 } 794 } 795 796 return false; 797 } 798 799 static int quorum_valid_threshold(int threshold, int num_children, Error **errp) 800 { 801 802 if (threshold < 1) { 803 error_set(errp, QERR_INVALID_PARAMETER_VALUE, 804 "vote-threshold", "value >= 1"); 805 return -ERANGE; 806 } 807 808 if (threshold > num_children) { 809 error_setg(errp, "threshold may not exceed children count"); 810 return -ERANGE; 811 } 812 813 return 0; 814 } 815 816 static QemuOptsList quorum_runtime_opts = { 817 .name = "quorum", 818 .head = QTAILQ_HEAD_INITIALIZER(quorum_runtime_opts.head), 819 .desc = { 820 { 821 .name = QUORUM_OPT_VOTE_THRESHOLD, 822 .type = QEMU_OPT_NUMBER, 823 .help = "The number of vote needed for reaching quorum", 824 }, 825 { 826 .name = QUORUM_OPT_BLKVERIFY, 827 .type = QEMU_OPT_BOOL, 828 .help = "Trigger block verify mode if set", 829 }, 830 { 831 .name = QUORUM_OPT_REWRITE, 832 .type = QEMU_OPT_BOOL, 833 .help = "Rewrite corrupted block on read quorum", 834 }, 835 { 836 .name = QUORUM_OPT_READ_PATTERN, 837 .type = QEMU_OPT_STRING, 838 .help = "Allowed pattern: quorum, fifo. Quorum is default", 839 }, 840 { /* end of list */ } 841 }, 842 }; 843 844 static int parse_read_pattern(const char *opt) 845 { 846 int i; 847 848 if (!opt) { 849 /* Set quorum as default */ 850 return QUORUM_READ_PATTERN_QUORUM; 851 } 852 853 for (i = 0; i < QUORUM_READ_PATTERN_MAX; i++) { 854 if (!strcmp(opt, QuorumReadPattern_lookup[i])) { 855 return i; 856 } 857 } 858 859 return -EINVAL; 860 } 861 862 static int quorum_open(BlockDriverState *bs, QDict *options, int flags, 863 Error **errp) 864 { 865 BDRVQuorumState *s = bs->opaque; 866 Error *local_err = NULL; 867 QemuOpts *opts = NULL; 868 bool *opened; 869 QDict *sub = NULL; 870 QList *list = NULL; 871 const QListEntry *lentry; 872 int i; 873 int ret = 0; 874 875 qdict_flatten(options); 876 qdict_extract_subqdict(options, &sub, "children."); 877 qdict_array_split(sub, &list); 878 879 if (qdict_size(sub)) { 880 error_setg(&local_err, "Invalid option children.%s", 881 qdict_first(sub)->key); 882 ret = -EINVAL; 883 goto exit; 884 } 885 886 /* count how many different children are present */ 887 s->num_children = qlist_size(list); 888 if (s->num_children < 2) { 889 error_setg(&local_err, 890 "Number of provided children must be greater than 1"); 891 ret = -EINVAL; 892 goto exit; 893 } 894 895 opts = qemu_opts_create(&quorum_runtime_opts, NULL, 0, &error_abort); 896 qemu_opts_absorb_qdict(opts, options, &local_err); 897 if (local_err) { 898 ret = -EINVAL; 899 goto exit; 900 } 901 902 s->threshold = qemu_opt_get_number(opts, QUORUM_OPT_VOTE_THRESHOLD, 0); 903 ret = parse_read_pattern(qemu_opt_get(opts, QUORUM_OPT_READ_PATTERN)); 904 if (ret < 0) { 905 error_setg(&local_err, "Please set read-pattern as fifo or quorum"); 906 goto exit; 907 } 908 s->read_pattern = ret; 909 910 if (s->read_pattern == QUORUM_READ_PATTERN_QUORUM) { 911 /* and validate it against s->num_children */ 912 ret = quorum_valid_threshold(s->threshold, s->num_children, &local_err); 913 if (ret < 0) { 914 goto exit; 915 } 916 917 /* is the driver in blkverify mode */ 918 if (qemu_opt_get_bool(opts, QUORUM_OPT_BLKVERIFY, false) && 919 s->num_children == 2 && s->threshold == 2) { 920 s->is_blkverify = true; 921 } else if (qemu_opt_get_bool(opts, QUORUM_OPT_BLKVERIFY, false)) { 922 fprintf(stderr, "blkverify mode is set by setting blkverify=on " 923 "and using two files with vote_threshold=2\n"); 924 } 925 926 s->rewrite_corrupted = qemu_opt_get_bool(opts, QUORUM_OPT_REWRITE, 927 false); 928 if (s->rewrite_corrupted && s->is_blkverify) { 929 error_setg(&local_err, 930 "rewrite-corrupted=on cannot be used with blkverify=on"); 931 ret = -EINVAL; 932 goto exit; 933 } 934 } 935 936 /* allocate the children BlockDriverState array */ 937 s->bs = g_new0(BlockDriverState *, s->num_children); 938 opened = g_new0(bool, s->num_children); 939 940 for (i = 0, lentry = qlist_first(list); lentry; 941 lentry = qlist_next(lentry), i++) { 942 QDict *d; 943 QString *string; 944 945 switch (qobject_type(lentry->value)) 946 { 947 /* List of options */ 948 case QTYPE_QDICT: 949 d = qobject_to_qdict(lentry->value); 950 QINCREF(d); 951 ret = bdrv_open(&s->bs[i], NULL, NULL, d, flags, NULL, 952 &local_err); 953 break; 954 955 /* QMP reference */ 956 case QTYPE_QSTRING: 957 string = qobject_to_qstring(lentry->value); 958 ret = bdrv_open(&s->bs[i], NULL, qstring_get_str(string), NULL, 959 flags, NULL, &local_err); 960 break; 961 962 default: 963 error_setg(&local_err, "Specification of child block device %i " 964 "is invalid", i); 965 ret = -EINVAL; 966 } 967 968 if (ret < 0) { 969 goto close_exit; 970 } 971 opened[i] = true; 972 } 973 974 g_free(opened); 975 goto exit; 976 977 close_exit: 978 /* cleanup on error */ 979 for (i = 0; i < s->num_children; i++) { 980 if (!opened[i]) { 981 continue; 982 } 983 bdrv_unref(s->bs[i]); 984 } 985 g_free(s->bs); 986 g_free(opened); 987 exit: 988 qemu_opts_del(opts); 989 /* propagate error */ 990 if (local_err) { 991 error_propagate(errp, local_err); 992 } 993 QDECREF(list); 994 QDECREF(sub); 995 return ret; 996 } 997 998 static void quorum_close(BlockDriverState *bs) 999 { 1000 BDRVQuorumState *s = bs->opaque; 1001 int i; 1002 1003 for (i = 0; i < s->num_children; i++) { 1004 bdrv_unref(s->bs[i]); 1005 } 1006 1007 g_free(s->bs); 1008 } 1009 1010 static void quorum_detach_aio_context(BlockDriverState *bs) 1011 { 1012 BDRVQuorumState *s = bs->opaque; 1013 int i; 1014 1015 for (i = 0; i < s->num_children; i++) { 1016 bdrv_detach_aio_context(s->bs[i]); 1017 } 1018 } 1019 1020 static void quorum_attach_aio_context(BlockDriverState *bs, 1021 AioContext *new_context) 1022 { 1023 BDRVQuorumState *s = bs->opaque; 1024 int i; 1025 1026 for (i = 0; i < s->num_children; i++) { 1027 bdrv_attach_aio_context(s->bs[i], new_context); 1028 } 1029 } 1030 1031 static void quorum_refresh_filename(BlockDriverState *bs) 1032 { 1033 BDRVQuorumState *s = bs->opaque; 1034 QDict *opts; 1035 QList *children; 1036 int i; 1037 1038 for (i = 0; i < s->num_children; i++) { 1039 bdrv_refresh_filename(s->bs[i]); 1040 if (!s->bs[i]->full_open_options) { 1041 return; 1042 } 1043 } 1044 1045 children = qlist_new(); 1046 for (i = 0; i < s->num_children; i++) { 1047 QINCREF(s->bs[i]->full_open_options); 1048 qlist_append_obj(children, QOBJECT(s->bs[i]->full_open_options)); 1049 } 1050 1051 opts = qdict_new(); 1052 qdict_put_obj(opts, "driver", QOBJECT(qstring_from_str("quorum"))); 1053 qdict_put_obj(opts, QUORUM_OPT_VOTE_THRESHOLD, 1054 QOBJECT(qint_from_int(s->threshold))); 1055 qdict_put_obj(opts, QUORUM_OPT_BLKVERIFY, 1056 QOBJECT(qbool_from_int(s->is_blkverify))); 1057 qdict_put_obj(opts, QUORUM_OPT_REWRITE, 1058 QOBJECT(qbool_from_int(s->rewrite_corrupted))); 1059 qdict_put_obj(opts, "children", QOBJECT(children)); 1060 1061 bs->full_open_options = opts; 1062 } 1063 1064 static BlockDriver bdrv_quorum = { 1065 .format_name = "quorum", 1066 .protocol_name = "quorum", 1067 1068 .instance_size = sizeof(BDRVQuorumState), 1069 1070 .bdrv_file_open = quorum_open, 1071 .bdrv_close = quorum_close, 1072 .bdrv_refresh_filename = quorum_refresh_filename, 1073 1074 .bdrv_co_flush_to_disk = quorum_co_flush, 1075 1076 .bdrv_getlength = quorum_getlength, 1077 1078 .bdrv_aio_readv = quorum_aio_readv, 1079 .bdrv_aio_writev = quorum_aio_writev, 1080 .bdrv_invalidate_cache = quorum_invalidate_cache, 1081 1082 .bdrv_detach_aio_context = quorum_detach_aio_context, 1083 .bdrv_attach_aio_context = quorum_attach_aio_context, 1084 1085 .is_filter = true, 1086 .bdrv_recurse_is_first_non_filter = quorum_recurse_is_first_non_filter, 1087 }; 1088 1089 static void bdrv_quorum_init(void) 1090 { 1091 bdrv_register(&bdrv_quorum); 1092 } 1093 1094 block_init(bdrv_quorum_init); 1095