xref: /openbmc/qemu/block/raw-format.c (revision ca27b5eb)
1 /* BlockDriver implementation for "raw" format driver
2  *
3  * Copyright (C) 2010-2016 Red Hat, Inc.
4  * Copyright (C) 2010, Blue Swirl <blauwirbel@gmail.com>
5  * Copyright (C) 2009, Anthony Liguori <aliguori@us.ibm.com>
6  *
7  * Author:
8  *   Laszlo Ersek <lersek@redhat.com>
9  *
10  * Permission is hereby granted, free of charge, to any person obtaining a copy
11  * of this software and associated documentation files (the "Software"), to
12  * deal in the Software without restriction, including without limitation the
13  * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
14  * sell copies of the Software, and to permit persons to whom the Software is
15  * furnished to do so, subject to the following conditions:
16  *
17  * The above copyright notice and this permission notice shall be included in
18  * all copies or substantial portions of the Software.
19  *
20  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
22  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
23  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
24  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
25  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
26  * IN THE SOFTWARE.
27  */
28 
29 #include "qemu/osdep.h"
30 #include "block/block_int.h"
31 #include "qapi/error.h"
32 #include "qemu/module.h"
33 #include "qemu/option.h"
34 
35 typedef struct BDRVRawState {
36     uint64_t offset;
37     uint64_t size;
38     bool has_size;
39 } BDRVRawState;
40 
41 static const char *const mutable_opts[] = { "offset", "size", NULL };
42 
43 static QemuOptsList raw_runtime_opts = {
44     .name = "raw",
45     .head = QTAILQ_HEAD_INITIALIZER(raw_runtime_opts.head),
46     .desc = {
47         {
48             .name = "offset",
49             .type = QEMU_OPT_SIZE,
50             .help = "offset in the disk where the image starts",
51         },
52         {
53             .name = "size",
54             .type = QEMU_OPT_SIZE,
55             .help = "virtual disk size",
56         },
57         { /* end of list */ }
58     },
59 };
60 
61 static QemuOptsList raw_create_opts = {
62     .name = "raw-create-opts",
63     .head = QTAILQ_HEAD_INITIALIZER(raw_create_opts.head),
64     .desc = {
65         {
66             .name = BLOCK_OPT_SIZE,
67             .type = QEMU_OPT_SIZE,
68             .help = "Virtual disk size"
69         },
70         { /* end of list */ }
71     }
72 };
73 
74 static int raw_read_options(QDict *options, uint64_t *offset, bool *has_size,
75                             uint64_t *size, Error **errp)
76 {
77     Error *local_err = NULL;
78     QemuOpts *opts = NULL;
79     int ret;
80 
81     opts = qemu_opts_create(&raw_runtime_opts, NULL, 0, &error_abort);
82     qemu_opts_absorb_qdict(opts, options, &local_err);
83     if (local_err) {
84         error_propagate(errp, local_err);
85         ret = -EINVAL;
86         goto end;
87     }
88 
89     *offset = qemu_opt_get_size(opts, "offset", 0);
90     *has_size = qemu_opt_find(opts, "size");
91     *size = qemu_opt_get_size(opts, "size", 0);
92 
93     ret = 0;
94 end:
95     qemu_opts_del(opts);
96     return ret;
97 }
98 
99 static int raw_apply_options(BlockDriverState *bs, BDRVRawState *s,
100                              uint64_t offset, bool has_size, uint64_t size,
101                              Error **errp)
102 {
103     int64_t real_size = 0;
104 
105     real_size = bdrv_getlength(bs->file->bs);
106     if (real_size < 0) {
107         error_setg_errno(errp, -real_size, "Could not get image size");
108         return real_size;
109     }
110 
111     /* Check size and offset */
112     if (offset > real_size) {
113         error_setg(errp, "Offset (%" PRIu64 ") cannot be greater than "
114                    "size of the containing file (%" PRId64 ")",
115                    s->offset, real_size);
116         return -EINVAL;
117     }
118 
119     if (has_size && (real_size - offset) < size) {
120         error_setg(errp, "The sum of offset (%" PRIu64 ") and size "
121                    "(%" PRIu64 ") has to be smaller or equal to the "
122                    " actual size of the containing file (%" PRId64 ")",
123                    s->offset, s->size, real_size);
124         return -EINVAL;
125     }
126 
127     /* Make sure size is multiple of BDRV_SECTOR_SIZE to prevent rounding
128      * up and leaking out of the specified area. */
129     if (has_size && !QEMU_IS_ALIGNED(size, BDRV_SECTOR_SIZE)) {
130         error_setg(errp, "Specified size is not multiple of %llu",
131                    BDRV_SECTOR_SIZE);
132         return -EINVAL;
133     }
134 
135     s->offset = offset;
136     s->has_size = has_size;
137     s->size = has_size ? size : real_size - offset;
138 
139     return 0;
140 }
141 
142 static int raw_reopen_prepare(BDRVReopenState *reopen_state,
143                               BlockReopenQueue *queue, Error **errp)
144 {
145     bool has_size;
146     uint64_t offset, size;
147     int ret;
148 
149     assert(reopen_state != NULL);
150     assert(reopen_state->bs != NULL);
151 
152     reopen_state->opaque = g_new0(BDRVRawState, 1);
153 
154     ret = raw_read_options(reopen_state->options, &offset, &has_size, &size,
155                            errp);
156     if (ret < 0) {
157         return ret;
158     }
159 
160     ret = raw_apply_options(reopen_state->bs, reopen_state->opaque,
161                             offset, has_size, size, errp);
162     if (ret < 0) {
163         return ret;
164     }
165 
166     return 0;
167 }
168 
169 static void raw_reopen_commit(BDRVReopenState *state)
170 {
171     BDRVRawState *new_s = state->opaque;
172     BDRVRawState *s = state->bs->opaque;
173 
174     memcpy(s, new_s, sizeof(BDRVRawState));
175 
176     g_free(state->opaque);
177     state->opaque = NULL;
178 }
179 
180 static void raw_reopen_abort(BDRVReopenState *state)
181 {
182     g_free(state->opaque);
183     state->opaque = NULL;
184 }
185 
186 /* Check and adjust the offset, against 'offset' and 'size' options. */
187 static inline int raw_adjust_offset(BlockDriverState *bs, uint64_t *offset,
188                                     uint64_t bytes, bool is_write)
189 {
190     BDRVRawState *s = bs->opaque;
191 
192     if (s->has_size && (*offset > s->size || bytes > (s->size - *offset))) {
193         /* There's not enough space for the write, or the read request is
194          * out-of-range. Don't read/write anything to prevent leaking out of
195          * the size specified in options. */
196         return is_write ? -ENOSPC : -EINVAL;
197     }
198 
199     if (*offset > INT64_MAX - s->offset) {
200         return -EINVAL;
201     }
202     *offset += s->offset;
203 
204     return 0;
205 }
206 
207 static int coroutine_fn raw_co_preadv(BlockDriverState *bs, uint64_t offset,
208                                       uint64_t bytes, QEMUIOVector *qiov,
209                                       int flags)
210 {
211     int ret;
212 
213     ret = raw_adjust_offset(bs, &offset, bytes, false);
214     if (ret) {
215         return ret;
216     }
217 
218     BLKDBG_EVENT(bs->file, BLKDBG_READ_AIO);
219     return bdrv_co_preadv(bs->file, offset, bytes, qiov, flags);
220 }
221 
222 static int coroutine_fn raw_co_pwritev(BlockDriverState *bs, uint64_t offset,
223                                        uint64_t bytes, QEMUIOVector *qiov,
224                                        int flags)
225 {
226     void *buf = NULL;
227     BlockDriver *drv;
228     QEMUIOVector local_qiov;
229     int ret;
230 
231     if (bs->probed && offset < BLOCK_PROBE_BUF_SIZE && bytes) {
232         /* Handling partial writes would be a pain - so we just
233          * require that guests have 512-byte request alignment if
234          * probing occurred */
235         QEMU_BUILD_BUG_ON(BLOCK_PROBE_BUF_SIZE != 512);
236         QEMU_BUILD_BUG_ON(BDRV_SECTOR_SIZE != 512);
237         assert(offset == 0 && bytes >= BLOCK_PROBE_BUF_SIZE);
238 
239         buf = qemu_try_blockalign(bs->file->bs, 512);
240         if (!buf) {
241             ret = -ENOMEM;
242             goto fail;
243         }
244 
245         ret = qemu_iovec_to_buf(qiov, 0, buf, 512);
246         if (ret != 512) {
247             ret = -EINVAL;
248             goto fail;
249         }
250 
251         drv = bdrv_probe_all(buf, 512, NULL);
252         if (drv != bs->drv) {
253             ret = -EPERM;
254             goto fail;
255         }
256 
257         /* Use the checked buffer, a malicious guest might be overwriting its
258          * original buffer in the background. */
259         qemu_iovec_init(&local_qiov, qiov->niov + 1);
260         qemu_iovec_add(&local_qiov, buf, 512);
261         qemu_iovec_concat(&local_qiov, qiov, 512, qiov->size - 512);
262         qiov = &local_qiov;
263     }
264 
265     ret = raw_adjust_offset(bs, &offset, bytes, true);
266     if (ret) {
267         goto fail;
268     }
269 
270     BLKDBG_EVENT(bs->file, BLKDBG_WRITE_AIO);
271     ret = bdrv_co_pwritev(bs->file, offset, bytes, qiov, flags);
272 
273 fail:
274     if (qiov == &local_qiov) {
275         qemu_iovec_destroy(&local_qiov);
276     }
277     qemu_vfree(buf);
278     return ret;
279 }
280 
281 static int coroutine_fn raw_co_block_status(BlockDriverState *bs,
282                                             bool want_zero, int64_t offset,
283                                             int64_t bytes, int64_t *pnum,
284                                             int64_t *map,
285                                             BlockDriverState **file)
286 {
287     BDRVRawState *s = bs->opaque;
288     *pnum = bytes;
289     *file = bs->file->bs;
290     *map = offset + s->offset;
291     return BDRV_BLOCK_RAW | BDRV_BLOCK_OFFSET_VALID;
292 }
293 
294 static int coroutine_fn raw_co_pwrite_zeroes(BlockDriverState *bs,
295                                              int64_t offset, int bytes,
296                                              BdrvRequestFlags flags)
297 {
298     int ret;
299 
300     ret = raw_adjust_offset(bs, (uint64_t *)&offset, bytes, true);
301     if (ret) {
302         return ret;
303     }
304     return bdrv_co_pwrite_zeroes(bs->file, offset, bytes, flags);
305 }
306 
307 static int coroutine_fn raw_co_pdiscard(BlockDriverState *bs,
308                                         int64_t offset, int bytes)
309 {
310     int ret;
311 
312     ret = raw_adjust_offset(bs, (uint64_t *)&offset, bytes, true);
313     if (ret) {
314         return ret;
315     }
316     return bdrv_co_pdiscard(bs->file, offset, bytes);
317 }
318 
319 static int64_t raw_getlength(BlockDriverState *bs)
320 {
321     int64_t len;
322     BDRVRawState *s = bs->opaque;
323 
324     /* Update size. It should not change unless the file was externally
325      * modified. */
326     len = bdrv_getlength(bs->file->bs);
327     if (len < 0) {
328         return len;
329     }
330 
331     if (len < s->offset) {
332         s->size = 0;
333     } else {
334         if (s->has_size) {
335             /* Try to honour the size */
336             s->size = MIN(s->size, len - s->offset);
337         } else {
338             s->size = len - s->offset;
339         }
340     }
341 
342     return s->size;
343 }
344 
345 static BlockMeasureInfo *raw_measure(QemuOpts *opts, BlockDriverState *in_bs,
346                                      Error **errp)
347 {
348     BlockMeasureInfo *info;
349     int64_t required;
350 
351     if (in_bs) {
352         required = bdrv_getlength(in_bs);
353         if (required < 0) {
354             error_setg_errno(errp, -required, "Unable to get image size");
355             return NULL;
356         }
357     } else {
358         required = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
359                             BDRV_SECTOR_SIZE);
360     }
361 
362     info = g_new0(BlockMeasureInfo, 1);
363     info->required = required;
364 
365     /* Unallocated sectors count towards the file size in raw images */
366     info->fully_allocated = info->required;
367     return info;
368 }
369 
370 static int raw_get_info(BlockDriverState *bs, BlockDriverInfo *bdi)
371 {
372     return bdrv_get_info(bs->file->bs, bdi);
373 }
374 
375 static void raw_refresh_limits(BlockDriverState *bs, Error **errp)
376 {
377     if (bs->probed) {
378         /* To make it easier to protect the first sector, any probed
379          * image is restricted to read-modify-write on sub-sector
380          * operations. */
381         bs->bl.request_alignment = BDRV_SECTOR_SIZE;
382     }
383 }
384 
385 static int coroutine_fn raw_co_truncate(BlockDriverState *bs, int64_t offset,
386                                         bool exact, PreallocMode prealloc,
387                                         BdrvRequestFlags flags, Error **errp)
388 {
389     BDRVRawState *s = bs->opaque;
390 
391     if (s->has_size) {
392         error_setg(errp, "Cannot resize fixed-size raw disks");
393         return -ENOTSUP;
394     }
395 
396     if (INT64_MAX - offset < s->offset) {
397         error_setg(errp, "Disk size too large for the chosen offset");
398         return -EINVAL;
399     }
400 
401     s->size = offset;
402     offset += s->offset;
403     return bdrv_co_truncate(bs->file, offset, exact, prealloc, flags, errp);
404 }
405 
406 static void raw_eject(BlockDriverState *bs, bool eject_flag)
407 {
408     bdrv_eject(bs->file->bs, eject_flag);
409 }
410 
411 static void raw_lock_medium(BlockDriverState *bs, bool locked)
412 {
413     bdrv_lock_medium(bs->file->bs, locked);
414 }
415 
416 static int raw_co_ioctl(BlockDriverState *bs, unsigned long int req, void *buf)
417 {
418     BDRVRawState *s = bs->opaque;
419     if (s->offset || s->has_size) {
420         return -ENOTSUP;
421     }
422     return bdrv_co_ioctl(bs->file->bs, req, buf);
423 }
424 
425 static int raw_has_zero_init(BlockDriverState *bs)
426 {
427     return bdrv_has_zero_init(bs->file->bs);
428 }
429 
430 static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
431                                            const char *filename,
432                                            QemuOpts *opts,
433                                            Error **errp)
434 {
435     return bdrv_create_file(filename, opts, errp);
436 }
437 
438 static int raw_open(BlockDriverState *bs, QDict *options, int flags,
439                     Error **errp)
440 {
441     BDRVRawState *s = bs->opaque;
442     bool has_size;
443     uint64_t offset, size;
444     BdrvChildRole file_role;
445     int ret;
446 
447     ret = raw_read_options(options, &offset, &has_size, &size, errp);
448     if (ret < 0) {
449         return ret;
450     }
451 
452     /*
453      * Without offset and a size limit, this driver behaves very much
454      * like a filter.  With any such limit, it does not.
455      */
456     if (offset || has_size) {
457         file_role = BDRV_CHILD_DATA | BDRV_CHILD_PRIMARY;
458     } else {
459         file_role = BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY;
460     }
461 
462     bs->file = bdrv_open_child(NULL, options, "file", bs, &child_of_bds,
463                                file_role, false, errp);
464     if (!bs->file) {
465         return -EINVAL;
466     }
467 
468     bs->sg = bs->file->bs->sg;
469     bs->supported_write_flags = BDRV_REQ_WRITE_UNCHANGED |
470         (BDRV_REQ_FUA & bs->file->bs->supported_write_flags);
471     bs->supported_zero_flags = BDRV_REQ_WRITE_UNCHANGED |
472         ((BDRV_REQ_FUA | BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK) &
473             bs->file->bs->supported_zero_flags);
474     bs->supported_truncate_flags = bs->file->bs->supported_truncate_flags &
475                                    BDRV_REQ_ZERO_WRITE;
476 
477     if (bs->probed && !bdrv_is_read_only(bs)) {
478         bdrv_refresh_filename(bs->file->bs);
479         fprintf(stderr,
480                 "WARNING: Image format was not specified for '%s' and probing "
481                 "guessed raw.\n"
482                 "         Automatically detecting the format is dangerous for "
483                 "raw images, write operations on block 0 will be restricted.\n"
484                 "         Specify the 'raw' format explicitly to remove the "
485                 "restrictions.\n",
486                 bs->file->bs->filename);
487     }
488 
489     ret = raw_apply_options(bs, s, offset, has_size, size, errp);
490     if (ret < 0) {
491         return ret;
492     }
493 
494     if (bs->sg && (s->offset || s->has_size)) {
495         error_setg(errp, "Cannot use offset/size with SCSI generic devices");
496         return -EINVAL;
497     }
498 
499     return 0;
500 }
501 
502 static int raw_probe(const uint8_t *buf, int buf_size, const char *filename)
503 {
504     /* smallest possible positive score so that raw is used if and only if no
505      * other block driver works
506      */
507     return 1;
508 }
509 
510 static int raw_probe_blocksizes(BlockDriverState *bs, BlockSizes *bsz)
511 {
512     BDRVRawState *s = bs->opaque;
513     int ret;
514 
515     ret = bdrv_probe_blocksizes(bs->file->bs, bsz);
516     if (ret < 0) {
517         return ret;
518     }
519 
520     if (!QEMU_IS_ALIGNED(s->offset, MAX(bsz->log, bsz->phys))) {
521         return -ENOTSUP;
522     }
523 
524     return 0;
525 }
526 
527 static int raw_probe_geometry(BlockDriverState *bs, HDGeometry *geo)
528 {
529     BDRVRawState *s = bs->opaque;
530     if (s->offset || s->has_size) {
531         return -ENOTSUP;
532     }
533     return bdrv_probe_geometry(bs->file->bs, geo);
534 }
535 
536 static int coroutine_fn raw_co_copy_range_from(BlockDriverState *bs,
537                                                BdrvChild *src,
538                                                uint64_t src_offset,
539                                                BdrvChild *dst,
540                                                uint64_t dst_offset,
541                                                uint64_t bytes,
542                                                BdrvRequestFlags read_flags,
543                                                BdrvRequestFlags write_flags)
544 {
545     int ret;
546 
547     ret = raw_adjust_offset(bs, &src_offset, bytes, false);
548     if (ret) {
549         return ret;
550     }
551     return bdrv_co_copy_range_from(bs->file, src_offset, dst, dst_offset,
552                                    bytes, read_flags, write_flags);
553 }
554 
555 static int coroutine_fn raw_co_copy_range_to(BlockDriverState *bs,
556                                              BdrvChild *src,
557                                              uint64_t src_offset,
558                                              BdrvChild *dst,
559                                              uint64_t dst_offset,
560                                              uint64_t bytes,
561                                              BdrvRequestFlags read_flags,
562                                              BdrvRequestFlags write_flags)
563 {
564     int ret;
565 
566     ret = raw_adjust_offset(bs, &dst_offset, bytes, true);
567     if (ret) {
568         return ret;
569     }
570     return bdrv_co_copy_range_to(src, src_offset, bs->file, dst_offset, bytes,
571                                  read_flags, write_flags);
572 }
573 
574 static const char *const raw_strong_runtime_opts[] = {
575     "offset",
576     "size",
577 
578     NULL
579 };
580 
581 BlockDriver bdrv_raw = {
582     .format_name          = "raw",
583     .instance_size        = sizeof(BDRVRawState),
584     .bdrv_probe           = &raw_probe,
585     .bdrv_reopen_prepare  = &raw_reopen_prepare,
586     .bdrv_reopen_commit   = &raw_reopen_commit,
587     .bdrv_reopen_abort    = &raw_reopen_abort,
588     .bdrv_open            = &raw_open,
589     .bdrv_child_perm      = bdrv_default_perms,
590     .bdrv_co_create_opts  = &raw_co_create_opts,
591     .bdrv_co_preadv       = &raw_co_preadv,
592     .bdrv_co_pwritev      = &raw_co_pwritev,
593     .bdrv_co_pwrite_zeroes = &raw_co_pwrite_zeroes,
594     .bdrv_co_pdiscard     = &raw_co_pdiscard,
595     .bdrv_co_block_status = &raw_co_block_status,
596     .bdrv_co_copy_range_from = &raw_co_copy_range_from,
597     .bdrv_co_copy_range_to  = &raw_co_copy_range_to,
598     .bdrv_co_truncate     = &raw_co_truncate,
599     .bdrv_getlength       = &raw_getlength,
600     .is_format            = true,
601     .has_variable_length  = true,
602     .bdrv_measure         = &raw_measure,
603     .bdrv_get_info        = &raw_get_info,
604     .bdrv_refresh_limits  = &raw_refresh_limits,
605     .bdrv_probe_blocksizes = &raw_probe_blocksizes,
606     .bdrv_probe_geometry  = &raw_probe_geometry,
607     .bdrv_eject           = &raw_eject,
608     .bdrv_lock_medium     = &raw_lock_medium,
609     .bdrv_co_ioctl        = &raw_co_ioctl,
610     .create_opts          = &raw_create_opts,
611     .bdrv_has_zero_init   = &raw_has_zero_init,
612     .strong_runtime_opts  = raw_strong_runtime_opts,
613     .mutable_opts         = mutable_opts,
614 };
615 
616 static void bdrv_raw_init(void)
617 {
618     bdrv_register(&bdrv_raw);
619 }
620 
621 block_init(bdrv_raw_init);
622