1 /* 2 * Quorum Block filter 3 * 4 * Copyright (C) 2012-2014 Nodalink, EURL. 5 * 6 * Author: 7 * Benoît Canet <benoit.canet@irqsave.net> 8 * 9 * Based on the design and code of blkverify.c (Copyright (C) 2010 IBM, Corp) 10 * and blkmirror.c (Copyright (C) 2011 Red Hat, Inc). 11 * 12 * This work is licensed under the terms of the GNU GPL, version 2 or later. 13 * See the COPYING file in the top-level directory. 14 */ 15 16 #include "qemu/osdep.h" 17 #include "block/block_int.h" 18 #include "qapi/qmp/qbool.h" 19 #include "qapi/qmp/qdict.h" 20 #include "qapi/qmp/qerror.h" 21 #include "qapi/qmp/qint.h" 22 #include "qapi/qmp/qjson.h" 23 #include "qapi/qmp/qlist.h" 24 #include "qapi/qmp/qstring.h" 25 #include "qapi-event.h" 26 #include "crypto/hash.h" 27 28 #define HASH_LENGTH 32 29 30 #define QUORUM_OPT_VOTE_THRESHOLD "vote-threshold" 31 #define QUORUM_OPT_BLKVERIFY "blkverify" 32 #define QUORUM_OPT_REWRITE "rewrite-corrupted" 33 #define QUORUM_OPT_READ_PATTERN "read-pattern" 34 35 /* This union holds a vote hash value */ 36 typedef union QuorumVoteValue { 37 uint8_t h[HASH_LENGTH]; /* SHA-256 hash */ 38 int64_t l; /* simpler 64 bits hash */ 39 } QuorumVoteValue; 40 41 /* A vote item */ 42 typedef struct QuorumVoteItem { 43 int index; 44 QLIST_ENTRY(QuorumVoteItem) next; 45 } QuorumVoteItem; 46 47 /* this structure is a vote version. A version is the set of votes sharing the 48 * same vote value. 49 * The set of votes will be tracked with the items field and its cardinality is 50 * vote_count. 51 */ 52 typedef struct QuorumVoteVersion { 53 QuorumVoteValue value; 54 int index; 55 int vote_count; 56 QLIST_HEAD(, QuorumVoteItem) items; 57 QLIST_ENTRY(QuorumVoteVersion) next; 58 } QuorumVoteVersion; 59 60 /* this structure holds a group of vote versions together */ 61 typedef struct QuorumVotes { 62 QLIST_HEAD(, QuorumVoteVersion) vote_list; 63 bool (*compare)(QuorumVoteValue *a, QuorumVoteValue *b); 64 } QuorumVotes; 65 66 /* the following structure holds the state of one quorum instance */ 67 typedef struct BDRVQuorumState { 68 BdrvChild **children; /* children BlockDriverStates */ 69 int num_children; /* children count */ 70 int threshold; /* if less than threshold children reads gave the 71 * same result a quorum error occurs. 72 */ 73 bool is_blkverify; /* true if the driver is in blkverify mode 74 * Writes are mirrored on two children devices. 75 * On reads the two children devices' contents are 76 * compared and if a difference is spotted its 77 * location is printed and the code aborts. 78 * It is useful to debug other block drivers by 79 * comparing them with a reference one. 80 */ 81 bool rewrite_corrupted;/* true if the driver must rewrite-on-read corrupted 82 * block if Quorum is reached. 83 */ 84 85 QuorumReadPattern read_pattern; 86 } BDRVQuorumState; 87 88 typedef struct QuorumAIOCB QuorumAIOCB; 89 90 /* Quorum will create one instance of the following structure per operation it 91 * performs on its children. 92 * So for each read/write operation coming from the upper layer there will be 93 * $children_count QuorumChildRequest. 94 */ 95 typedef struct QuorumChildRequest { 96 BlockAIOCB *aiocb; 97 QEMUIOVector qiov; 98 uint8_t *buf; 99 int ret; 100 QuorumAIOCB *parent; 101 } QuorumChildRequest; 102 103 /* Quorum will use the following structure to track progress of each read/write 104 * operation received by the upper layer. 105 * This structure hold pointers to the QuorumChildRequest structures instances 106 * used to do operations on each children and track overall progress. 107 */ 108 struct QuorumAIOCB { 109 BlockAIOCB common; 110 111 /* Request metadata */ 112 uint64_t sector_num; 113 int nb_sectors; 114 115 QEMUIOVector *qiov; /* calling IOV */ 116 117 QuorumChildRequest *qcrs; /* individual child requests */ 118 int count; /* number of completed AIOCB */ 119 int success_count; /* number of successfully completed AIOCB */ 120 121 int rewrite_count; /* number of replica to rewrite: count down to 122 * zero once writes are fired 123 */ 124 125 QuorumVotes votes; 126 127 bool is_read; 128 int vote_ret; 129 int child_iter; /* which child to read in fifo pattern */ 130 }; 131 132 static bool quorum_vote(QuorumAIOCB *acb); 133 134 static void quorum_aio_cancel(BlockAIOCB *blockacb) 135 { 136 QuorumAIOCB *acb = container_of(blockacb, QuorumAIOCB, common); 137 BDRVQuorumState *s = acb->common.bs->opaque; 138 int i; 139 140 /* cancel all callbacks */ 141 for (i = 0; i < s->num_children; i++) { 142 if (acb->qcrs[i].aiocb) { 143 bdrv_aio_cancel_async(acb->qcrs[i].aiocb); 144 } 145 } 146 } 147 148 static AIOCBInfo quorum_aiocb_info = { 149 .aiocb_size = sizeof(QuorumAIOCB), 150 .cancel_async = quorum_aio_cancel, 151 }; 152 153 static void quorum_aio_finalize(QuorumAIOCB *acb) 154 { 155 int i, ret = 0; 156 157 if (acb->vote_ret) { 158 ret = acb->vote_ret; 159 } 160 161 acb->common.cb(acb->common.opaque, ret); 162 163 if (acb->is_read) { 164 /* on the quorum case acb->child_iter == s->num_children - 1 */ 165 for (i = 0; i <= acb->child_iter; i++) { 166 qemu_vfree(acb->qcrs[i].buf); 167 qemu_iovec_destroy(&acb->qcrs[i].qiov); 168 } 169 } 170 171 g_free(acb->qcrs); 172 qemu_aio_unref(acb); 173 } 174 175 static bool quorum_sha256_compare(QuorumVoteValue *a, QuorumVoteValue *b) 176 { 177 return !memcmp(a->h, b->h, HASH_LENGTH); 178 } 179 180 static bool quorum_64bits_compare(QuorumVoteValue *a, QuorumVoteValue *b) 181 { 182 return a->l == b->l; 183 } 184 185 static QuorumAIOCB *quorum_aio_get(BDRVQuorumState *s, 186 BlockDriverState *bs, 187 QEMUIOVector *qiov, 188 uint64_t sector_num, 189 int nb_sectors, 190 BlockCompletionFunc *cb, 191 void *opaque) 192 { 193 QuorumAIOCB *acb = qemu_aio_get(&quorum_aiocb_info, bs, cb, opaque); 194 int i; 195 196 acb->common.bs->opaque = s; 197 acb->sector_num = sector_num; 198 acb->nb_sectors = nb_sectors; 199 acb->qiov = qiov; 200 acb->qcrs = g_new0(QuorumChildRequest, s->num_children); 201 acb->count = 0; 202 acb->success_count = 0; 203 acb->rewrite_count = 0; 204 acb->votes.compare = quorum_sha256_compare; 205 QLIST_INIT(&acb->votes.vote_list); 206 acb->is_read = false; 207 acb->vote_ret = 0; 208 209 for (i = 0; i < s->num_children; i++) { 210 acb->qcrs[i].buf = NULL; 211 acb->qcrs[i].ret = 0; 212 acb->qcrs[i].parent = acb; 213 } 214 215 return acb; 216 } 217 218 static void quorum_report_bad(QuorumOpType type, uint64_t sector_num, 219 int nb_sectors, char *node_name, int ret) 220 { 221 const char *msg = NULL; 222 if (ret < 0) { 223 msg = strerror(-ret); 224 } 225 226 qapi_event_send_quorum_report_bad(type, !!msg, msg, node_name, 227 sector_num, nb_sectors, &error_abort); 228 } 229 230 static void quorum_report_failure(QuorumAIOCB *acb) 231 { 232 const char *reference = bdrv_get_device_or_node_name(acb->common.bs); 233 qapi_event_send_quorum_failure(reference, acb->sector_num, 234 acb->nb_sectors, &error_abort); 235 } 236 237 static int quorum_vote_error(QuorumAIOCB *acb); 238 239 static bool quorum_has_too_much_io_failed(QuorumAIOCB *acb) 240 { 241 BDRVQuorumState *s = acb->common.bs->opaque; 242 243 if (acb->success_count < s->threshold) { 244 acb->vote_ret = quorum_vote_error(acb); 245 quorum_report_failure(acb); 246 return true; 247 } 248 249 return false; 250 } 251 252 static void quorum_rewrite_aio_cb(void *opaque, int ret) 253 { 254 QuorumAIOCB *acb = opaque; 255 256 /* one less rewrite to do */ 257 acb->rewrite_count--; 258 259 /* wait until all rewrite callbacks have completed */ 260 if (acb->rewrite_count) { 261 return; 262 } 263 264 quorum_aio_finalize(acb); 265 } 266 267 static BlockAIOCB *read_fifo_child(QuorumAIOCB *acb); 268 269 static void quorum_copy_qiov(QEMUIOVector *dest, QEMUIOVector *source) 270 { 271 int i; 272 assert(dest->niov == source->niov); 273 assert(dest->size == source->size); 274 for (i = 0; i < source->niov; i++) { 275 assert(dest->iov[i].iov_len == source->iov[i].iov_len); 276 memcpy(dest->iov[i].iov_base, 277 source->iov[i].iov_base, 278 source->iov[i].iov_len); 279 } 280 } 281 282 static void quorum_aio_cb(void *opaque, int ret) 283 { 284 QuorumChildRequest *sacb = opaque; 285 QuorumAIOCB *acb = sacb->parent; 286 BDRVQuorumState *s = acb->common.bs->opaque; 287 QuorumOpType type; 288 bool rewrite = false; 289 290 if (acb->is_read && s->read_pattern == QUORUM_READ_PATTERN_FIFO) { 291 /* We try to read next child in FIFO order if we fail to read */ 292 if (ret < 0 && (acb->child_iter + 1) < s->num_children) { 293 acb->child_iter++; 294 read_fifo_child(acb); 295 return; 296 } 297 298 if (ret == 0) { 299 quorum_copy_qiov(acb->qiov, &acb->qcrs[acb->child_iter].qiov); 300 } 301 acb->vote_ret = ret; 302 quorum_aio_finalize(acb); 303 return; 304 } 305 306 type = acb->is_read ? QUORUM_OP_TYPE_READ : QUORUM_OP_TYPE_WRITE; 307 sacb->ret = ret; 308 acb->count++; 309 if (ret == 0) { 310 acb->success_count++; 311 } else { 312 quorum_report_bad(type, acb->sector_num, acb->nb_sectors, 313 sacb->aiocb->bs->node_name, ret); 314 } 315 assert(acb->count <= s->num_children); 316 assert(acb->success_count <= s->num_children); 317 if (acb->count < s->num_children) { 318 return; 319 } 320 321 /* Do the vote on read */ 322 if (acb->is_read) { 323 rewrite = quorum_vote(acb); 324 } else { 325 quorum_has_too_much_io_failed(acb); 326 } 327 328 /* if no rewrite is done the code will finish right away */ 329 if (!rewrite) { 330 quorum_aio_finalize(acb); 331 } 332 } 333 334 static void quorum_report_bad_versions(BDRVQuorumState *s, 335 QuorumAIOCB *acb, 336 QuorumVoteValue *value) 337 { 338 QuorumVoteVersion *version; 339 QuorumVoteItem *item; 340 341 QLIST_FOREACH(version, &acb->votes.vote_list, next) { 342 if (acb->votes.compare(&version->value, value)) { 343 continue; 344 } 345 QLIST_FOREACH(item, &version->items, next) { 346 quorum_report_bad(QUORUM_OP_TYPE_READ, acb->sector_num, 347 acb->nb_sectors, 348 s->children[item->index]->bs->node_name, 0); 349 } 350 } 351 } 352 353 static bool quorum_rewrite_bad_versions(BDRVQuorumState *s, QuorumAIOCB *acb, 354 QuorumVoteValue *value) 355 { 356 QuorumVoteVersion *version; 357 QuorumVoteItem *item; 358 int count = 0; 359 360 /* first count the number of bad versions: done first to avoid concurrency 361 * issues. 362 */ 363 QLIST_FOREACH(version, &acb->votes.vote_list, next) { 364 if (acb->votes.compare(&version->value, value)) { 365 continue; 366 } 367 QLIST_FOREACH(item, &version->items, next) { 368 count++; 369 } 370 } 371 372 /* quorum_rewrite_aio_cb will count down this to zero */ 373 acb->rewrite_count = count; 374 375 /* now fire the correcting rewrites */ 376 QLIST_FOREACH(version, &acb->votes.vote_list, next) { 377 if (acb->votes.compare(&version->value, value)) { 378 continue; 379 } 380 QLIST_FOREACH(item, &version->items, next) { 381 bdrv_aio_writev(s->children[item->index]->bs, acb->sector_num, 382 acb->qiov, acb->nb_sectors, quorum_rewrite_aio_cb, 383 acb); 384 } 385 } 386 387 /* return true if any rewrite is done else false */ 388 return count; 389 } 390 391 static void quorum_count_vote(QuorumVotes *votes, 392 QuorumVoteValue *value, 393 int index) 394 { 395 QuorumVoteVersion *v = NULL, *version = NULL; 396 QuorumVoteItem *item; 397 398 /* look if we have something with this hash */ 399 QLIST_FOREACH(v, &votes->vote_list, next) { 400 if (votes->compare(&v->value, value)) { 401 version = v; 402 break; 403 } 404 } 405 406 /* It's a version not yet in the list add it */ 407 if (!version) { 408 version = g_new0(QuorumVoteVersion, 1); 409 QLIST_INIT(&version->items); 410 memcpy(&version->value, value, sizeof(version->value)); 411 version->index = index; 412 version->vote_count = 0; 413 QLIST_INSERT_HEAD(&votes->vote_list, version, next); 414 } 415 416 version->vote_count++; 417 418 item = g_new0(QuorumVoteItem, 1); 419 item->index = index; 420 QLIST_INSERT_HEAD(&version->items, item, next); 421 } 422 423 static void quorum_free_vote_list(QuorumVotes *votes) 424 { 425 QuorumVoteVersion *version, *next_version; 426 QuorumVoteItem *item, *next_item; 427 428 QLIST_FOREACH_SAFE(version, &votes->vote_list, next, next_version) { 429 QLIST_REMOVE(version, next); 430 QLIST_FOREACH_SAFE(item, &version->items, next, next_item) { 431 QLIST_REMOVE(item, next); 432 g_free(item); 433 } 434 g_free(version); 435 } 436 } 437 438 static int quorum_compute_hash(QuorumAIOCB *acb, int i, QuorumVoteValue *hash) 439 { 440 QEMUIOVector *qiov = &acb->qcrs[i].qiov; 441 size_t len = sizeof(hash->h); 442 uint8_t *data = hash->h; 443 444 /* XXX - would be nice if we could pass in the Error ** 445 * and propagate that back, but this quorum code is 446 * restricted to just errno values currently */ 447 if (qcrypto_hash_bytesv(QCRYPTO_HASH_ALG_SHA256, 448 qiov->iov, qiov->niov, 449 &data, &len, 450 NULL) < 0) { 451 return -EINVAL; 452 } 453 454 return 0; 455 } 456 457 static QuorumVoteVersion *quorum_get_vote_winner(QuorumVotes *votes) 458 { 459 int max = 0; 460 QuorumVoteVersion *candidate, *winner = NULL; 461 462 QLIST_FOREACH(candidate, &votes->vote_list, next) { 463 if (candidate->vote_count > max) { 464 max = candidate->vote_count; 465 winner = candidate; 466 } 467 } 468 469 return winner; 470 } 471 472 /* qemu_iovec_compare is handy for blkverify mode because it returns the first 473 * differing byte location. Yet it is handcoded to compare vectors one byte 474 * after another so it does not benefit from the libc SIMD optimizations. 475 * quorum_iovec_compare is written for speed and should be used in the non 476 * blkverify mode of quorum. 477 */ 478 static bool quorum_iovec_compare(QEMUIOVector *a, QEMUIOVector *b) 479 { 480 int i; 481 int result; 482 483 assert(a->niov == b->niov); 484 for (i = 0; i < a->niov; i++) { 485 assert(a->iov[i].iov_len == b->iov[i].iov_len); 486 result = memcmp(a->iov[i].iov_base, 487 b->iov[i].iov_base, 488 a->iov[i].iov_len); 489 if (result) { 490 return false; 491 } 492 } 493 494 return true; 495 } 496 497 static void GCC_FMT_ATTR(2, 3) quorum_err(QuorumAIOCB *acb, 498 const char *fmt, ...) 499 { 500 va_list ap; 501 502 va_start(ap, fmt); 503 fprintf(stderr, "quorum: sector_num=%" PRId64 " nb_sectors=%d ", 504 acb->sector_num, acb->nb_sectors); 505 vfprintf(stderr, fmt, ap); 506 fprintf(stderr, "\n"); 507 va_end(ap); 508 exit(1); 509 } 510 511 static bool quorum_compare(QuorumAIOCB *acb, 512 QEMUIOVector *a, 513 QEMUIOVector *b) 514 { 515 BDRVQuorumState *s = acb->common.bs->opaque; 516 ssize_t offset; 517 518 /* This driver will replace blkverify in this particular case */ 519 if (s->is_blkverify) { 520 offset = qemu_iovec_compare(a, b); 521 if (offset != -1) { 522 quorum_err(acb, "contents mismatch in sector %" PRId64, 523 acb->sector_num + 524 (uint64_t)(offset / BDRV_SECTOR_SIZE)); 525 } 526 return true; 527 } 528 529 return quorum_iovec_compare(a, b); 530 } 531 532 /* Do a vote to get the error code */ 533 static int quorum_vote_error(QuorumAIOCB *acb) 534 { 535 BDRVQuorumState *s = acb->common.bs->opaque; 536 QuorumVoteVersion *winner = NULL; 537 QuorumVotes error_votes; 538 QuorumVoteValue result_value; 539 int i, ret = 0; 540 bool error = false; 541 542 QLIST_INIT(&error_votes.vote_list); 543 error_votes.compare = quorum_64bits_compare; 544 545 for (i = 0; i < s->num_children; i++) { 546 ret = acb->qcrs[i].ret; 547 if (ret) { 548 error = true; 549 result_value.l = ret; 550 quorum_count_vote(&error_votes, &result_value, i); 551 } 552 } 553 554 if (error) { 555 winner = quorum_get_vote_winner(&error_votes); 556 ret = winner->value.l; 557 } 558 559 quorum_free_vote_list(&error_votes); 560 561 return ret; 562 } 563 564 static bool quorum_vote(QuorumAIOCB *acb) 565 { 566 bool quorum = true; 567 bool rewrite = false; 568 int i, j, ret; 569 QuorumVoteValue hash; 570 BDRVQuorumState *s = acb->common.bs->opaque; 571 QuorumVoteVersion *winner; 572 573 if (quorum_has_too_much_io_failed(acb)) { 574 return false; 575 } 576 577 /* get the index of the first successful read */ 578 for (i = 0; i < s->num_children; i++) { 579 if (!acb->qcrs[i].ret) { 580 break; 581 } 582 } 583 584 assert(i < s->num_children); 585 586 /* compare this read with all other successful reads stopping at quorum 587 * failure 588 */ 589 for (j = i + 1; j < s->num_children; j++) { 590 if (acb->qcrs[j].ret) { 591 continue; 592 } 593 quorum = quorum_compare(acb, &acb->qcrs[i].qiov, &acb->qcrs[j].qiov); 594 if (!quorum) { 595 break; 596 } 597 } 598 599 /* Every successful read agrees */ 600 if (quorum) { 601 quorum_copy_qiov(acb->qiov, &acb->qcrs[i].qiov); 602 return false; 603 } 604 605 /* compute hashes for each successful read, also store indexes */ 606 for (i = 0; i < s->num_children; i++) { 607 if (acb->qcrs[i].ret) { 608 continue; 609 } 610 ret = quorum_compute_hash(acb, i, &hash); 611 /* if ever the hash computation failed */ 612 if (ret < 0) { 613 acb->vote_ret = ret; 614 goto free_exit; 615 } 616 quorum_count_vote(&acb->votes, &hash, i); 617 } 618 619 /* vote to select the most represented version */ 620 winner = quorum_get_vote_winner(&acb->votes); 621 622 /* if the winner count is smaller than threshold the read fails */ 623 if (winner->vote_count < s->threshold) { 624 quorum_report_failure(acb); 625 acb->vote_ret = -EIO; 626 goto free_exit; 627 } 628 629 /* we have a winner: copy it */ 630 quorum_copy_qiov(acb->qiov, &acb->qcrs[winner->index].qiov); 631 632 /* some versions are bad print them */ 633 quorum_report_bad_versions(s, acb, &winner->value); 634 635 /* corruption correction is enabled */ 636 if (s->rewrite_corrupted) { 637 rewrite = quorum_rewrite_bad_versions(s, acb, &winner->value); 638 } 639 640 free_exit: 641 /* free lists */ 642 quorum_free_vote_list(&acb->votes); 643 return rewrite; 644 } 645 646 static BlockAIOCB *read_quorum_children(QuorumAIOCB *acb) 647 { 648 BDRVQuorumState *s = acb->common.bs->opaque; 649 int i; 650 651 for (i = 0; i < s->num_children; i++) { 652 acb->qcrs[i].buf = qemu_blockalign(s->children[i]->bs, acb->qiov->size); 653 qemu_iovec_init(&acb->qcrs[i].qiov, acb->qiov->niov); 654 qemu_iovec_clone(&acb->qcrs[i].qiov, acb->qiov, acb->qcrs[i].buf); 655 } 656 657 for (i = 0; i < s->num_children; i++) { 658 acb->qcrs[i].aiocb = bdrv_aio_readv(s->children[i]->bs, acb->sector_num, 659 &acb->qcrs[i].qiov, acb->nb_sectors, 660 quorum_aio_cb, &acb->qcrs[i]); 661 } 662 663 return &acb->common; 664 } 665 666 static BlockAIOCB *read_fifo_child(QuorumAIOCB *acb) 667 { 668 BDRVQuorumState *s = acb->common.bs->opaque; 669 670 acb->qcrs[acb->child_iter].buf = 671 qemu_blockalign(s->children[acb->child_iter]->bs, acb->qiov->size); 672 qemu_iovec_init(&acb->qcrs[acb->child_iter].qiov, acb->qiov->niov); 673 qemu_iovec_clone(&acb->qcrs[acb->child_iter].qiov, acb->qiov, 674 acb->qcrs[acb->child_iter].buf); 675 acb->qcrs[acb->child_iter].aiocb = 676 bdrv_aio_readv(s->children[acb->child_iter]->bs, acb->sector_num, 677 &acb->qcrs[acb->child_iter].qiov, acb->nb_sectors, 678 quorum_aio_cb, &acb->qcrs[acb->child_iter]); 679 680 return &acb->common; 681 } 682 683 static BlockAIOCB *quorum_aio_readv(BlockDriverState *bs, 684 int64_t sector_num, 685 QEMUIOVector *qiov, 686 int nb_sectors, 687 BlockCompletionFunc *cb, 688 void *opaque) 689 { 690 BDRVQuorumState *s = bs->opaque; 691 QuorumAIOCB *acb = quorum_aio_get(s, bs, qiov, sector_num, 692 nb_sectors, cb, opaque); 693 acb->is_read = true; 694 695 if (s->read_pattern == QUORUM_READ_PATTERN_QUORUM) { 696 acb->child_iter = s->num_children - 1; 697 return read_quorum_children(acb); 698 } 699 700 acb->child_iter = 0; 701 return read_fifo_child(acb); 702 } 703 704 static BlockAIOCB *quorum_aio_writev(BlockDriverState *bs, 705 int64_t sector_num, 706 QEMUIOVector *qiov, 707 int nb_sectors, 708 BlockCompletionFunc *cb, 709 void *opaque) 710 { 711 BDRVQuorumState *s = bs->opaque; 712 QuorumAIOCB *acb = quorum_aio_get(s, bs, qiov, sector_num, nb_sectors, 713 cb, opaque); 714 int i; 715 716 for (i = 0; i < s->num_children; i++) { 717 acb->qcrs[i].aiocb = bdrv_aio_writev(s->children[i]->bs, sector_num, 718 qiov, nb_sectors, &quorum_aio_cb, 719 &acb->qcrs[i]); 720 } 721 722 return &acb->common; 723 } 724 725 static int64_t quorum_getlength(BlockDriverState *bs) 726 { 727 BDRVQuorumState *s = bs->opaque; 728 int64_t result; 729 int i; 730 731 /* check that all file have the same length */ 732 result = bdrv_getlength(s->children[0]->bs); 733 if (result < 0) { 734 return result; 735 } 736 for (i = 1; i < s->num_children; i++) { 737 int64_t value = bdrv_getlength(s->children[i]->bs); 738 if (value < 0) { 739 return value; 740 } 741 if (value != result) { 742 return -EIO; 743 } 744 } 745 746 return result; 747 } 748 749 static void quorum_invalidate_cache(BlockDriverState *bs, Error **errp) 750 { 751 BDRVQuorumState *s = bs->opaque; 752 Error *local_err = NULL; 753 int i; 754 755 for (i = 0; i < s->num_children; i++) { 756 bdrv_invalidate_cache(s->children[i]->bs, &local_err); 757 if (local_err) { 758 error_propagate(errp, local_err); 759 return; 760 } 761 } 762 } 763 764 static coroutine_fn int quorum_co_flush(BlockDriverState *bs) 765 { 766 BDRVQuorumState *s = bs->opaque; 767 QuorumVoteVersion *winner = NULL; 768 QuorumVotes error_votes; 769 QuorumVoteValue result_value; 770 int i; 771 int result = 0; 772 int success_count = 0; 773 774 QLIST_INIT(&error_votes.vote_list); 775 error_votes.compare = quorum_64bits_compare; 776 777 for (i = 0; i < s->num_children; i++) { 778 result = bdrv_co_flush(s->children[i]->bs); 779 if (result) { 780 quorum_report_bad(QUORUM_OP_TYPE_FLUSH, 0, 781 bdrv_nb_sectors(s->children[i]->bs), 782 s->children[i]->bs->node_name, result); 783 result_value.l = result; 784 quorum_count_vote(&error_votes, &result_value, i); 785 } else { 786 success_count++; 787 } 788 } 789 790 if (success_count >= s->threshold) { 791 result = 0; 792 } else { 793 winner = quorum_get_vote_winner(&error_votes); 794 result = winner->value.l; 795 } 796 quorum_free_vote_list(&error_votes); 797 798 return result; 799 } 800 801 static bool quorum_recurse_is_first_non_filter(BlockDriverState *bs, 802 BlockDriverState *candidate) 803 { 804 BDRVQuorumState *s = bs->opaque; 805 int i; 806 807 for (i = 0; i < s->num_children; i++) { 808 bool perm = bdrv_recurse_is_first_non_filter(s->children[i]->bs, 809 candidate); 810 if (perm) { 811 return true; 812 } 813 } 814 815 return false; 816 } 817 818 static int quorum_valid_threshold(int threshold, int num_children, Error **errp) 819 { 820 821 if (threshold < 1) { 822 error_setg(errp, QERR_INVALID_PARAMETER_VALUE, 823 "vote-threshold", "value >= 1"); 824 return -ERANGE; 825 } 826 827 if (threshold > num_children) { 828 error_setg(errp, "threshold may not exceed children count"); 829 return -ERANGE; 830 } 831 832 return 0; 833 } 834 835 static QemuOptsList quorum_runtime_opts = { 836 .name = "quorum", 837 .head = QTAILQ_HEAD_INITIALIZER(quorum_runtime_opts.head), 838 .desc = { 839 { 840 .name = QUORUM_OPT_VOTE_THRESHOLD, 841 .type = QEMU_OPT_NUMBER, 842 .help = "The number of vote needed for reaching quorum", 843 }, 844 { 845 .name = QUORUM_OPT_BLKVERIFY, 846 .type = QEMU_OPT_BOOL, 847 .help = "Trigger block verify mode if set", 848 }, 849 { 850 .name = QUORUM_OPT_REWRITE, 851 .type = QEMU_OPT_BOOL, 852 .help = "Rewrite corrupted block on read quorum", 853 }, 854 { 855 .name = QUORUM_OPT_READ_PATTERN, 856 .type = QEMU_OPT_STRING, 857 .help = "Allowed pattern: quorum, fifo. Quorum is default", 858 }, 859 { /* end of list */ } 860 }, 861 }; 862 863 static int parse_read_pattern(const char *opt) 864 { 865 int i; 866 867 if (!opt) { 868 /* Set quorum as default */ 869 return QUORUM_READ_PATTERN_QUORUM; 870 } 871 872 for (i = 0; i < QUORUM_READ_PATTERN__MAX; i++) { 873 if (!strcmp(opt, QuorumReadPattern_lookup[i])) { 874 return i; 875 } 876 } 877 878 return -EINVAL; 879 } 880 881 static int quorum_open(BlockDriverState *bs, QDict *options, int flags, 882 Error **errp) 883 { 884 BDRVQuorumState *s = bs->opaque; 885 Error *local_err = NULL; 886 QemuOpts *opts = NULL; 887 bool *opened; 888 int i; 889 int ret = 0; 890 891 qdict_flatten(options); 892 893 /* count how many different children are present */ 894 s->num_children = qdict_array_entries(options, "children."); 895 if (s->num_children < 0) { 896 error_setg(&local_err, "Option children is not a valid array"); 897 ret = -EINVAL; 898 goto exit; 899 } 900 if (s->num_children < 2) { 901 error_setg(&local_err, 902 "Number of provided children must be greater than 1"); 903 ret = -EINVAL; 904 goto exit; 905 } 906 907 opts = qemu_opts_create(&quorum_runtime_opts, NULL, 0, &error_abort); 908 qemu_opts_absorb_qdict(opts, options, &local_err); 909 if (local_err) { 910 ret = -EINVAL; 911 goto exit; 912 } 913 914 s->threshold = qemu_opt_get_number(opts, QUORUM_OPT_VOTE_THRESHOLD, 0); 915 /* and validate it against s->num_children */ 916 ret = quorum_valid_threshold(s->threshold, s->num_children, &local_err); 917 if (ret < 0) { 918 goto exit; 919 } 920 921 ret = parse_read_pattern(qemu_opt_get(opts, QUORUM_OPT_READ_PATTERN)); 922 if (ret < 0) { 923 error_setg(&local_err, "Please set read-pattern as fifo or quorum"); 924 goto exit; 925 } 926 s->read_pattern = ret; 927 928 if (s->read_pattern == QUORUM_READ_PATTERN_QUORUM) { 929 /* is the driver in blkverify mode */ 930 if (qemu_opt_get_bool(opts, QUORUM_OPT_BLKVERIFY, false) && 931 s->num_children == 2 && s->threshold == 2) { 932 s->is_blkverify = true; 933 } else if (qemu_opt_get_bool(opts, QUORUM_OPT_BLKVERIFY, false)) { 934 fprintf(stderr, "blkverify mode is set by setting blkverify=on " 935 "and using two files with vote_threshold=2\n"); 936 } 937 938 s->rewrite_corrupted = qemu_opt_get_bool(opts, QUORUM_OPT_REWRITE, 939 false); 940 if (s->rewrite_corrupted && s->is_blkverify) { 941 error_setg(&local_err, 942 "rewrite-corrupted=on cannot be used with blkverify=on"); 943 ret = -EINVAL; 944 goto exit; 945 } 946 } 947 948 /* allocate the children array */ 949 s->children = g_new0(BdrvChild *, s->num_children); 950 opened = g_new0(bool, s->num_children); 951 952 for (i = 0; i < s->num_children; i++) { 953 char indexstr[32]; 954 ret = snprintf(indexstr, 32, "children.%d", i); 955 assert(ret < 32); 956 957 s->children[i] = bdrv_open_child(NULL, options, indexstr, bs, 958 &child_format, false, &local_err); 959 if (local_err) { 960 ret = -EINVAL; 961 goto close_exit; 962 } 963 964 opened[i] = true; 965 } 966 967 g_free(opened); 968 goto exit; 969 970 close_exit: 971 /* cleanup on error */ 972 for (i = 0; i < s->num_children; i++) { 973 if (!opened[i]) { 974 continue; 975 } 976 bdrv_unref_child(bs, s->children[i]); 977 } 978 g_free(s->children); 979 g_free(opened); 980 exit: 981 qemu_opts_del(opts); 982 /* propagate error */ 983 if (local_err) { 984 error_propagate(errp, local_err); 985 } 986 return ret; 987 } 988 989 static void quorum_close(BlockDriverState *bs) 990 { 991 BDRVQuorumState *s = bs->opaque; 992 int i; 993 994 for (i = 0; i < s->num_children; i++) { 995 bdrv_unref_child(bs, s->children[i]); 996 } 997 998 g_free(s->children); 999 } 1000 1001 static void quorum_detach_aio_context(BlockDriverState *bs) 1002 { 1003 BDRVQuorumState *s = bs->opaque; 1004 int i; 1005 1006 for (i = 0; i < s->num_children; i++) { 1007 bdrv_detach_aio_context(s->children[i]->bs); 1008 } 1009 } 1010 1011 static void quorum_attach_aio_context(BlockDriverState *bs, 1012 AioContext *new_context) 1013 { 1014 BDRVQuorumState *s = bs->opaque; 1015 int i; 1016 1017 for (i = 0; i < s->num_children; i++) { 1018 bdrv_attach_aio_context(s->children[i]->bs, new_context); 1019 } 1020 } 1021 1022 static void quorum_refresh_filename(BlockDriverState *bs, QDict *options) 1023 { 1024 BDRVQuorumState *s = bs->opaque; 1025 QDict *opts; 1026 QList *children; 1027 int i; 1028 1029 for (i = 0; i < s->num_children; i++) { 1030 bdrv_refresh_filename(s->children[i]->bs); 1031 if (!s->children[i]->bs->full_open_options) { 1032 return; 1033 } 1034 } 1035 1036 children = qlist_new(); 1037 for (i = 0; i < s->num_children; i++) { 1038 QINCREF(s->children[i]->bs->full_open_options); 1039 qlist_append_obj(children, 1040 QOBJECT(s->children[i]->bs->full_open_options)); 1041 } 1042 1043 opts = qdict_new(); 1044 qdict_put_obj(opts, "driver", QOBJECT(qstring_from_str("quorum"))); 1045 qdict_put_obj(opts, QUORUM_OPT_VOTE_THRESHOLD, 1046 QOBJECT(qint_from_int(s->threshold))); 1047 qdict_put_obj(opts, QUORUM_OPT_BLKVERIFY, 1048 QOBJECT(qbool_from_bool(s->is_blkverify))); 1049 qdict_put_obj(opts, QUORUM_OPT_REWRITE, 1050 QOBJECT(qbool_from_bool(s->rewrite_corrupted))); 1051 qdict_put_obj(opts, "children", QOBJECT(children)); 1052 1053 bs->full_open_options = opts; 1054 } 1055 1056 static BlockDriver bdrv_quorum = { 1057 .format_name = "quorum", 1058 .protocol_name = "quorum", 1059 1060 .instance_size = sizeof(BDRVQuorumState), 1061 1062 .bdrv_file_open = quorum_open, 1063 .bdrv_close = quorum_close, 1064 .bdrv_refresh_filename = quorum_refresh_filename, 1065 1066 .bdrv_co_flush_to_disk = quorum_co_flush, 1067 1068 .bdrv_getlength = quorum_getlength, 1069 1070 .bdrv_aio_readv = quorum_aio_readv, 1071 .bdrv_aio_writev = quorum_aio_writev, 1072 .bdrv_invalidate_cache = quorum_invalidate_cache, 1073 1074 .bdrv_detach_aio_context = quorum_detach_aio_context, 1075 .bdrv_attach_aio_context = quorum_attach_aio_context, 1076 1077 .is_filter = true, 1078 .bdrv_recurse_is_first_non_filter = quorum_recurse_is_first_non_filter, 1079 }; 1080 1081 static void bdrv_quorum_init(void) 1082 { 1083 if (!qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA256)) { 1084 /* SHA256 hash support is required for quorum device */ 1085 return; 1086 } 1087 bdrv_register(&bdrv_quorum); 1088 } 1089 1090 block_init(bdrv_quorum_init); 1091