1 /* BlockDriver implementation for "raw" format driver 2 * 3 * Copyright (C) 2010-2016 Red Hat, Inc. 4 * Copyright (C) 2010, Blue Swirl <blauwirbel@gmail.com> 5 * Copyright (C) 2009, Anthony Liguori <aliguori@us.ibm.com> 6 * 7 * Author: 8 * Laszlo Ersek <lersek@redhat.com> 9 * 10 * Permission is hereby granted, free of charge, to any person obtaining a copy 11 * of this software and associated documentation files (the "Software"), to 12 * deal in the Software without restriction, including without limitation the 13 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 14 * sell copies of the Software, and to permit persons to whom the Software is 15 * furnished to do so, subject to the following conditions: 16 * 17 * The above copyright notice and this permission notice shall be included in 18 * all copies or substantial portions of the Software. 19 * 20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 23 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 24 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 25 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 26 * IN THE SOFTWARE. 27 */ 28 29 #include "qemu/osdep.h" 30 #include "block/block-io.h" 31 #include "block/block_int.h" 32 #include "qapi/error.h" 33 #include "qemu/module.h" 34 #include "qemu/option.h" 35 #include "qemu/memalign.h" 36 37 typedef struct BDRVRawState { 38 uint64_t offset; 39 uint64_t size; 40 bool has_size; 41 } BDRVRawState; 42 43 static const char *const mutable_opts[] = { "offset", "size", NULL }; 44 45 static QemuOptsList raw_runtime_opts = { 46 .name = "raw", 47 .head = QTAILQ_HEAD_INITIALIZER(raw_runtime_opts.head), 48 .desc = { 49 { 50 .name = "offset", 51 .type = QEMU_OPT_SIZE, 52 .help = "offset in the disk where the image starts", 53 }, 54 { 55 .name = "size", 56 .type = QEMU_OPT_SIZE, 57 .help = "virtual disk size", 58 }, 59 { /* end of list */ } 60 }, 61 }; 62 63 static QemuOptsList raw_create_opts = { 64 .name = "raw-create-opts", 65 .head = QTAILQ_HEAD_INITIALIZER(raw_create_opts.head), 66 .desc = { 67 { 68 .name = BLOCK_OPT_SIZE, 69 .type = QEMU_OPT_SIZE, 70 .help = "Virtual disk size" 71 }, 72 { /* end of list */ } 73 } 74 }; 75 76 static int raw_read_options(QDict *options, uint64_t *offset, bool *has_size, 77 uint64_t *size, Error **errp) 78 { 79 QemuOpts *opts = NULL; 80 int ret; 81 82 opts = qemu_opts_create(&raw_runtime_opts, NULL, 0, &error_abort); 83 if (!qemu_opts_absorb_qdict(opts, options, errp)) { 84 ret = -EINVAL; 85 goto end; 86 } 87 88 *offset = qemu_opt_get_size(opts, "offset", 0); 89 *has_size = qemu_opt_find(opts, "size"); 90 *size = qemu_opt_get_size(opts, "size", 0); 91 92 ret = 0; 93 end: 94 qemu_opts_del(opts); 95 return ret; 96 } 97 98 static int raw_apply_options(BlockDriverState *bs, BDRVRawState *s, 99 uint64_t offset, bool has_size, uint64_t size, 100 Error **errp) 101 { 102 int64_t real_size = 0; 103 104 real_size = bdrv_getlength(bs->file->bs); 105 if (real_size < 0) { 106 error_setg_errno(errp, -real_size, "Could not get image size"); 107 return real_size; 108 } 109 110 /* Check size and offset */ 111 if (offset > real_size) { 112 error_setg(errp, "Offset (%" PRIu64 ") cannot be greater than " 113 "size of the containing file (%" PRId64 ")", 114 s->offset, real_size); 115 return -EINVAL; 116 } 117 118 if (has_size && (real_size - offset) < size) { 119 error_setg(errp, "The sum of offset (%" PRIu64 ") and size " 120 "(%" PRIu64 ") has to be smaller or equal to the " 121 " actual size of the containing file (%" PRId64 ")", 122 s->offset, s->size, real_size); 123 return -EINVAL; 124 } 125 126 /* Make sure size is multiple of BDRV_SECTOR_SIZE to prevent rounding 127 * up and leaking out of the specified area. */ 128 if (has_size && !QEMU_IS_ALIGNED(size, BDRV_SECTOR_SIZE)) { 129 error_setg(errp, "Specified size is not multiple of %llu", 130 BDRV_SECTOR_SIZE); 131 return -EINVAL; 132 } 133 134 s->offset = offset; 135 s->has_size = has_size; 136 s->size = has_size ? size : real_size - offset; 137 138 return 0; 139 } 140 141 static int raw_reopen_prepare(BDRVReopenState *reopen_state, 142 BlockReopenQueue *queue, Error **errp) 143 { 144 bool has_size; 145 uint64_t offset, size; 146 int ret; 147 148 assert(reopen_state != NULL); 149 assert(reopen_state->bs != NULL); 150 151 reopen_state->opaque = g_new0(BDRVRawState, 1); 152 153 ret = raw_read_options(reopen_state->options, &offset, &has_size, &size, 154 errp); 155 if (ret < 0) { 156 return ret; 157 } 158 159 ret = raw_apply_options(reopen_state->bs, reopen_state->opaque, 160 offset, has_size, size, errp); 161 if (ret < 0) { 162 return ret; 163 } 164 165 return 0; 166 } 167 168 static void raw_reopen_commit(BDRVReopenState *state) 169 { 170 BDRVRawState *new_s = state->opaque; 171 BDRVRawState *s = state->bs->opaque; 172 173 memcpy(s, new_s, sizeof(BDRVRawState)); 174 175 g_free(state->opaque); 176 state->opaque = NULL; 177 } 178 179 static void raw_reopen_abort(BDRVReopenState *state) 180 { 181 g_free(state->opaque); 182 state->opaque = NULL; 183 } 184 185 /* Check and adjust the offset, against 'offset' and 'size' options. */ 186 static inline int raw_adjust_offset(BlockDriverState *bs, int64_t *offset, 187 int64_t bytes, bool is_write) 188 { 189 BDRVRawState *s = bs->opaque; 190 191 if (s->has_size && (*offset > s->size || bytes > (s->size - *offset))) { 192 /* There's not enough space for the write, or the read request is 193 * out-of-range. Don't read/write anything to prevent leaking out of 194 * the size specified in options. */ 195 return is_write ? -ENOSPC : -EINVAL; 196 } 197 198 if (*offset > INT64_MAX - s->offset) { 199 return -EINVAL; 200 } 201 *offset += s->offset; 202 203 return 0; 204 } 205 206 static int coroutine_fn GRAPH_RDLOCK 207 raw_co_preadv(BlockDriverState *bs, int64_t offset, int64_t bytes, 208 QEMUIOVector *qiov, BdrvRequestFlags flags) 209 { 210 int ret; 211 212 ret = raw_adjust_offset(bs, &offset, bytes, false); 213 if (ret) { 214 return ret; 215 } 216 217 BLKDBG_EVENT(bs->file, BLKDBG_READ_AIO); 218 return bdrv_co_preadv(bs->file, offset, bytes, qiov, flags); 219 } 220 221 static int coroutine_fn GRAPH_RDLOCK 222 raw_co_pwritev(BlockDriverState *bs, int64_t offset, int64_t bytes, 223 QEMUIOVector *qiov, BdrvRequestFlags flags) 224 { 225 void *buf = NULL; 226 BlockDriver *drv; 227 QEMUIOVector local_qiov; 228 int ret; 229 230 if (bs->probed && offset < BLOCK_PROBE_BUF_SIZE && bytes) { 231 /* Handling partial writes would be a pain - so we just 232 * require that guests have 512-byte request alignment if 233 * probing occurred */ 234 QEMU_BUILD_BUG_ON(BLOCK_PROBE_BUF_SIZE != 512); 235 QEMU_BUILD_BUG_ON(BDRV_SECTOR_SIZE != 512); 236 assert(offset == 0 && bytes >= BLOCK_PROBE_BUF_SIZE); 237 238 buf = qemu_try_blockalign(bs->file->bs, 512); 239 if (!buf) { 240 ret = -ENOMEM; 241 goto fail; 242 } 243 244 ret = qemu_iovec_to_buf(qiov, 0, buf, 512); 245 if (ret != 512) { 246 ret = -EINVAL; 247 goto fail; 248 } 249 250 drv = bdrv_probe_all(buf, 512, NULL); 251 if (drv != bs->drv) { 252 ret = -EPERM; 253 goto fail; 254 } 255 256 /* Use the checked buffer, a malicious guest might be overwriting its 257 * original buffer in the background. */ 258 qemu_iovec_init(&local_qiov, qiov->niov + 1); 259 qemu_iovec_add(&local_qiov, buf, 512); 260 qemu_iovec_concat(&local_qiov, qiov, 512, qiov->size - 512); 261 qiov = &local_qiov; 262 263 flags &= ~BDRV_REQ_REGISTERED_BUF; 264 } 265 266 ret = raw_adjust_offset(bs, &offset, bytes, true); 267 if (ret) { 268 goto fail; 269 } 270 271 BLKDBG_EVENT(bs->file, BLKDBG_WRITE_AIO); 272 ret = bdrv_co_pwritev(bs->file, offset, bytes, qiov, flags); 273 274 fail: 275 if (qiov == &local_qiov) { 276 qemu_iovec_destroy(&local_qiov); 277 } 278 qemu_vfree(buf); 279 return ret; 280 } 281 282 static int coroutine_fn raw_co_block_status(BlockDriverState *bs, 283 bool want_zero, int64_t offset, 284 int64_t bytes, int64_t *pnum, 285 int64_t *map, 286 BlockDriverState **file) 287 { 288 BDRVRawState *s = bs->opaque; 289 *pnum = bytes; 290 *file = bs->file->bs; 291 *map = offset + s->offset; 292 return BDRV_BLOCK_RAW | BDRV_BLOCK_OFFSET_VALID; 293 } 294 295 static int coroutine_fn GRAPH_RDLOCK 296 raw_co_pwrite_zeroes(BlockDriverState *bs, int64_t offset, int64_t bytes, 297 BdrvRequestFlags flags) 298 { 299 int ret; 300 301 ret = raw_adjust_offset(bs, &offset, bytes, true); 302 if (ret) { 303 return ret; 304 } 305 return bdrv_co_pwrite_zeroes(bs->file, offset, bytes, flags); 306 } 307 308 static int coroutine_fn GRAPH_RDLOCK 309 raw_co_pdiscard(BlockDriverState *bs, int64_t offset, int64_t bytes) 310 { 311 int ret; 312 313 ret = raw_adjust_offset(bs, &offset, bytes, true); 314 if (ret) { 315 return ret; 316 } 317 return bdrv_co_pdiscard(bs->file, offset, bytes); 318 } 319 320 static int64_t coroutine_fn GRAPH_RDLOCK 321 raw_co_getlength(BlockDriverState *bs) 322 { 323 int64_t len; 324 BDRVRawState *s = bs->opaque; 325 326 /* Update size. It should not change unless the file was externally 327 * modified. */ 328 len = bdrv_co_getlength(bs->file->bs); 329 if (len < 0) { 330 return len; 331 } 332 333 if (len < s->offset) { 334 s->size = 0; 335 } else { 336 if (s->has_size) { 337 /* Try to honour the size */ 338 s->size = MIN(s->size, len - s->offset); 339 } else { 340 s->size = len - s->offset; 341 } 342 } 343 344 return s->size; 345 } 346 347 static BlockMeasureInfo *raw_measure(QemuOpts *opts, BlockDriverState *in_bs, 348 Error **errp) 349 { 350 BlockMeasureInfo *info; 351 int64_t required; 352 353 if (in_bs) { 354 required = bdrv_getlength(in_bs); 355 if (required < 0) { 356 error_setg_errno(errp, -required, "Unable to get image size"); 357 return NULL; 358 } 359 } else { 360 required = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0), 361 BDRV_SECTOR_SIZE); 362 } 363 364 info = g_new0(BlockMeasureInfo, 1); 365 info->required = required; 366 367 /* Unallocated sectors count towards the file size in raw images */ 368 info->fully_allocated = info->required; 369 return info; 370 } 371 372 static int coroutine_fn 373 raw_co_get_info(BlockDriverState *bs, BlockDriverInfo *bdi) 374 { 375 return bdrv_co_get_info(bs->file->bs, bdi); 376 } 377 378 static void raw_refresh_limits(BlockDriverState *bs, Error **errp) 379 { 380 bs->bl.has_variable_length = bs->file->bs->bl.has_variable_length; 381 382 if (bs->probed) { 383 /* To make it easier to protect the first sector, any probed 384 * image is restricted to read-modify-write on sub-sector 385 * operations. */ 386 bs->bl.request_alignment = BDRV_SECTOR_SIZE; 387 } 388 } 389 390 static int coroutine_fn GRAPH_RDLOCK 391 raw_co_truncate(BlockDriverState *bs, int64_t offset, bool exact, 392 PreallocMode prealloc, BdrvRequestFlags flags, Error **errp) 393 { 394 BDRVRawState *s = bs->opaque; 395 396 if (s->has_size) { 397 error_setg(errp, "Cannot resize fixed-size raw disks"); 398 return -ENOTSUP; 399 } 400 401 if (INT64_MAX - offset < s->offset) { 402 error_setg(errp, "Disk size too large for the chosen offset"); 403 return -EINVAL; 404 } 405 406 s->size = offset; 407 offset += s->offset; 408 return bdrv_co_truncate(bs->file, offset, exact, prealloc, flags, errp); 409 } 410 411 static void coroutine_fn GRAPH_RDLOCK 412 raw_co_eject(BlockDriverState *bs, bool eject_flag) 413 { 414 bdrv_co_eject(bs->file->bs, eject_flag); 415 } 416 417 static void coroutine_fn GRAPH_RDLOCK 418 raw_co_lock_medium(BlockDriverState *bs, bool locked) 419 { 420 bdrv_co_lock_medium(bs->file->bs, locked); 421 } 422 423 static int coroutine_fn GRAPH_RDLOCK 424 raw_co_ioctl(BlockDriverState *bs, unsigned long int req, void *buf) 425 { 426 BDRVRawState *s = bs->opaque; 427 if (s->offset || s->has_size) { 428 return -ENOTSUP; 429 } 430 return bdrv_co_ioctl(bs->file->bs, req, buf); 431 } 432 433 static int raw_has_zero_init(BlockDriverState *bs) 434 { 435 return bdrv_has_zero_init(bs->file->bs); 436 } 437 438 static int coroutine_fn GRAPH_RDLOCK 439 raw_co_create_opts(BlockDriver *drv, const char *filename, 440 QemuOpts *opts, Error **errp) 441 { 442 return bdrv_co_create_file(filename, opts, errp); 443 } 444 445 static int raw_open(BlockDriverState *bs, QDict *options, int flags, 446 Error **errp) 447 { 448 BDRVRawState *s = bs->opaque; 449 bool has_size; 450 uint64_t offset, size; 451 BdrvChildRole file_role; 452 int ret; 453 454 ret = raw_read_options(options, &offset, &has_size, &size, errp); 455 if (ret < 0) { 456 return ret; 457 } 458 459 /* 460 * Without offset and a size limit, this driver behaves very much 461 * like a filter. With any such limit, it does not. 462 */ 463 if (offset || has_size) { 464 file_role = BDRV_CHILD_DATA | BDRV_CHILD_PRIMARY; 465 } else { 466 file_role = BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY; 467 } 468 469 bdrv_open_child(NULL, options, "file", bs, &child_of_bds, 470 file_role, false, errp); 471 if (!bs->file) { 472 return -EINVAL; 473 } 474 475 bs->sg = bdrv_is_sg(bs->file->bs); 476 bs->supported_write_flags = BDRV_REQ_WRITE_UNCHANGED | 477 (BDRV_REQ_FUA & bs->file->bs->supported_write_flags); 478 bs->supported_zero_flags = BDRV_REQ_WRITE_UNCHANGED | 479 ((BDRV_REQ_FUA | BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK) & 480 bs->file->bs->supported_zero_flags); 481 bs->supported_truncate_flags = bs->file->bs->supported_truncate_flags & 482 BDRV_REQ_ZERO_WRITE; 483 484 if (bs->probed && !bdrv_is_read_only(bs)) { 485 bdrv_refresh_filename(bs->file->bs); 486 fprintf(stderr, 487 "WARNING: Image format was not specified for '%s' and probing " 488 "guessed raw.\n" 489 " Automatically detecting the format is dangerous for " 490 "raw images, write operations on block 0 will be restricted.\n" 491 " Specify the 'raw' format explicitly to remove the " 492 "restrictions.\n", 493 bs->file->bs->filename); 494 } 495 496 ret = raw_apply_options(bs, s, offset, has_size, size, errp); 497 if (ret < 0) { 498 return ret; 499 } 500 501 if (bdrv_is_sg(bs) && (s->offset || s->has_size)) { 502 error_setg(errp, "Cannot use offset/size with SCSI generic devices"); 503 return -EINVAL; 504 } 505 506 return 0; 507 } 508 509 static int raw_probe(const uint8_t *buf, int buf_size, const char *filename) 510 { 511 /* smallest possible positive score so that raw is used if and only if no 512 * other block driver works 513 */ 514 return 1; 515 } 516 517 static int raw_probe_blocksizes(BlockDriverState *bs, BlockSizes *bsz) 518 { 519 BDRVRawState *s = bs->opaque; 520 int ret; 521 522 ret = bdrv_probe_blocksizes(bs->file->bs, bsz); 523 if (ret < 0) { 524 return ret; 525 } 526 527 if (!QEMU_IS_ALIGNED(s->offset, MAX(bsz->log, bsz->phys))) { 528 return -ENOTSUP; 529 } 530 531 return 0; 532 } 533 534 static int raw_probe_geometry(BlockDriverState *bs, HDGeometry *geo) 535 { 536 BDRVRawState *s = bs->opaque; 537 if (s->offset || s->has_size) { 538 return -ENOTSUP; 539 } 540 return bdrv_probe_geometry(bs->file->bs, geo); 541 } 542 543 static int coroutine_fn GRAPH_RDLOCK 544 raw_co_copy_range_from(BlockDriverState *bs, 545 BdrvChild *src, int64_t src_offset, 546 BdrvChild *dst, int64_t dst_offset, 547 int64_t bytes, BdrvRequestFlags read_flags, 548 BdrvRequestFlags write_flags) 549 { 550 int ret; 551 552 ret = raw_adjust_offset(bs, &src_offset, bytes, false); 553 if (ret) { 554 return ret; 555 } 556 return bdrv_co_copy_range_from(bs->file, src_offset, dst, dst_offset, 557 bytes, read_flags, write_flags); 558 } 559 560 static int coroutine_fn GRAPH_RDLOCK 561 raw_co_copy_range_to(BlockDriverState *bs, 562 BdrvChild *src, int64_t src_offset, 563 BdrvChild *dst, int64_t dst_offset, 564 int64_t bytes, BdrvRequestFlags read_flags, 565 BdrvRequestFlags write_flags) 566 { 567 int ret; 568 569 ret = raw_adjust_offset(bs, &dst_offset, bytes, true); 570 if (ret) { 571 return ret; 572 } 573 return bdrv_co_copy_range_to(src, src_offset, bs->file, dst_offset, bytes, 574 read_flags, write_flags); 575 } 576 577 static const char *const raw_strong_runtime_opts[] = { 578 "offset", 579 "size", 580 581 NULL 582 }; 583 584 static void raw_cancel_in_flight(BlockDriverState *bs) 585 { 586 bdrv_cancel_in_flight(bs->file->bs); 587 } 588 589 static void raw_child_perm(BlockDriverState *bs, BdrvChild *c, 590 BdrvChildRole role, 591 BlockReopenQueue *reopen_queue, 592 uint64_t parent_perm, uint64_t parent_shared, 593 uint64_t *nperm, uint64_t *nshared) 594 { 595 bdrv_default_perms(bs, c, role, reopen_queue, parent_perm, 596 parent_shared, nperm, nshared); 597 598 /* 599 * bdrv_default_perms() may add WRITE and/or RESIZE (see comment in 600 * bdrv_default_perms_for_storage() for an explanation) but we only need 601 * them if they are in parent_perm. Drop WRITE and RESIZE whenever possible 602 * to avoid permission conflicts. 603 */ 604 *nperm &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE); 605 *nperm |= parent_perm & (BLK_PERM_WRITE | BLK_PERM_RESIZE); 606 } 607 608 BlockDriver bdrv_raw = { 609 .format_name = "raw", 610 .instance_size = sizeof(BDRVRawState), 611 .bdrv_probe = &raw_probe, 612 .bdrv_reopen_prepare = &raw_reopen_prepare, 613 .bdrv_reopen_commit = &raw_reopen_commit, 614 .bdrv_reopen_abort = &raw_reopen_abort, 615 .bdrv_open = &raw_open, 616 .bdrv_child_perm = raw_child_perm, 617 .bdrv_co_create_opts = &raw_co_create_opts, 618 .bdrv_co_preadv = &raw_co_preadv, 619 .bdrv_co_pwritev = &raw_co_pwritev, 620 .bdrv_co_pwrite_zeroes = &raw_co_pwrite_zeroes, 621 .bdrv_co_pdiscard = &raw_co_pdiscard, 622 .bdrv_co_block_status = &raw_co_block_status, 623 .bdrv_co_copy_range_from = &raw_co_copy_range_from, 624 .bdrv_co_copy_range_to = &raw_co_copy_range_to, 625 .bdrv_co_truncate = &raw_co_truncate, 626 .bdrv_co_getlength = &raw_co_getlength, 627 .is_format = true, 628 .bdrv_measure = &raw_measure, 629 .bdrv_co_get_info = &raw_co_get_info, 630 .bdrv_refresh_limits = &raw_refresh_limits, 631 .bdrv_probe_blocksizes = &raw_probe_blocksizes, 632 .bdrv_probe_geometry = &raw_probe_geometry, 633 .bdrv_co_eject = &raw_co_eject, 634 .bdrv_co_lock_medium = &raw_co_lock_medium, 635 .bdrv_co_ioctl = &raw_co_ioctl, 636 .create_opts = &raw_create_opts, 637 .bdrv_has_zero_init = &raw_has_zero_init, 638 .strong_runtime_opts = raw_strong_runtime_opts, 639 .mutable_opts = mutable_opts, 640 .bdrv_cancel_in_flight = raw_cancel_in_flight, 641 }; 642 643 static void bdrv_raw_init(void) 644 { 645 bdrv_register(&bdrv_raw); 646 } 647 648 block_init(bdrv_raw_init); 649