xref: /openbmc/qemu/block/raw-format.c (revision f0984d40)
1 /* BlockDriver implementation for "raw" format driver
2  *
3  * Copyright (C) 2010-2016 Red Hat, Inc.
4  * Copyright (C) 2010, Blue Swirl <blauwirbel@gmail.com>
5  * Copyright (C) 2009, Anthony Liguori <aliguori@us.ibm.com>
6  *
7  * Author:
8  *   Laszlo Ersek <lersek@redhat.com>
9  *
10  * Permission is hereby granted, free of charge, to any person obtaining a copy
11  * of this software and associated documentation files (the "Software"), to
12  * deal in the Software without restriction, including without limitation the
13  * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
14  * sell copies of the Software, and to permit persons to whom the Software is
15  * furnished to do so, subject to the following conditions:
16  *
17  * The above copyright notice and this permission notice shall be included in
18  * all copies or substantial portions of the Software.
19  *
20  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
22  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
23  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
24  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
25  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
26  * IN THE SOFTWARE.
27  */
28 
29 #include "qemu/osdep.h"
30 #include "block/block-io.h"
31 #include "block/block_int.h"
32 #include "qapi/error.h"
33 #include "qemu/module.h"
34 #include "qemu/option.h"
35 #include "qemu/memalign.h"
36 
37 typedef struct BDRVRawState {
38     uint64_t offset;
39     uint64_t size;
40     bool has_size;
41 } BDRVRawState;
42 
43 static const char *const mutable_opts[] = { "offset", "size", NULL };
44 
45 static QemuOptsList raw_runtime_opts = {
46     .name = "raw",
47     .head = QTAILQ_HEAD_INITIALIZER(raw_runtime_opts.head),
48     .desc = {
49         {
50             .name = "offset",
51             .type = QEMU_OPT_SIZE,
52             .help = "offset in the disk where the image starts",
53         },
54         {
55             .name = "size",
56             .type = QEMU_OPT_SIZE,
57             .help = "virtual disk size",
58         },
59         { /* end of list */ }
60     },
61 };
62 
63 static QemuOptsList raw_create_opts = {
64     .name = "raw-create-opts",
65     .head = QTAILQ_HEAD_INITIALIZER(raw_create_opts.head),
66     .desc = {
67         {
68             .name = BLOCK_OPT_SIZE,
69             .type = QEMU_OPT_SIZE,
70             .help = "Virtual disk size"
71         },
72         { /* end of list */ }
73     }
74 };
75 
76 static int raw_read_options(QDict *options, uint64_t *offset, bool *has_size,
77                             uint64_t *size, Error **errp)
78 {
79     QemuOpts *opts = NULL;
80     int ret;
81 
82     opts = qemu_opts_create(&raw_runtime_opts, NULL, 0, &error_abort);
83     if (!qemu_opts_absorb_qdict(opts, options, errp)) {
84         ret = -EINVAL;
85         goto end;
86     }
87 
88     *offset = qemu_opt_get_size(opts, "offset", 0);
89     *has_size = qemu_opt_find(opts, "size");
90     *size = qemu_opt_get_size(opts, "size", 0);
91 
92     ret = 0;
93 end:
94     qemu_opts_del(opts);
95     return ret;
96 }
97 
98 static int raw_apply_options(BlockDriverState *bs, BDRVRawState *s,
99                              uint64_t offset, bool has_size, uint64_t size,
100                              Error **errp)
101 {
102     int64_t real_size = 0;
103 
104     real_size = bdrv_getlength(bs->file->bs);
105     if (real_size < 0) {
106         error_setg_errno(errp, -real_size, "Could not get image size");
107         return real_size;
108     }
109 
110     /* Check size and offset */
111     if (offset > real_size) {
112         error_setg(errp, "Offset (%" PRIu64 ") cannot be greater than "
113                    "size of the containing file (%" PRId64 ")",
114                    s->offset, real_size);
115         return -EINVAL;
116     }
117 
118     if (has_size && (real_size - offset) < size) {
119         error_setg(errp, "The sum of offset (%" PRIu64 ") and size "
120                    "(%" PRIu64 ") has to be smaller or equal to the "
121                    " actual size of the containing file (%" PRId64 ")",
122                    s->offset, s->size, real_size);
123         return -EINVAL;
124     }
125 
126     /* Make sure size is multiple of BDRV_SECTOR_SIZE to prevent rounding
127      * up and leaking out of the specified area. */
128     if (has_size && !QEMU_IS_ALIGNED(size, BDRV_SECTOR_SIZE)) {
129         error_setg(errp, "Specified size is not multiple of %llu",
130                    BDRV_SECTOR_SIZE);
131         return -EINVAL;
132     }
133 
134     s->offset = offset;
135     s->has_size = has_size;
136     s->size = has_size ? size : real_size - offset;
137 
138     return 0;
139 }
140 
141 static int raw_reopen_prepare(BDRVReopenState *reopen_state,
142                               BlockReopenQueue *queue, Error **errp)
143 {
144     bool has_size;
145     uint64_t offset, size;
146     int ret;
147 
148     assert(reopen_state != NULL);
149     assert(reopen_state->bs != NULL);
150 
151     reopen_state->opaque = g_new0(BDRVRawState, 1);
152 
153     ret = raw_read_options(reopen_state->options, &offset, &has_size, &size,
154                            errp);
155     if (ret < 0) {
156         return ret;
157     }
158 
159     ret = raw_apply_options(reopen_state->bs, reopen_state->opaque,
160                             offset, has_size, size, errp);
161     if (ret < 0) {
162         return ret;
163     }
164 
165     return 0;
166 }
167 
168 static void raw_reopen_commit(BDRVReopenState *state)
169 {
170     BDRVRawState *new_s = state->opaque;
171     BDRVRawState *s = state->bs->opaque;
172 
173     memcpy(s, new_s, sizeof(BDRVRawState));
174 
175     g_free(state->opaque);
176     state->opaque = NULL;
177 }
178 
179 static void raw_reopen_abort(BDRVReopenState *state)
180 {
181     g_free(state->opaque);
182     state->opaque = NULL;
183 }
184 
185 /* Check and adjust the offset, against 'offset' and 'size' options. */
186 static inline int raw_adjust_offset(BlockDriverState *bs, int64_t *offset,
187                                     int64_t bytes, bool is_write)
188 {
189     BDRVRawState *s = bs->opaque;
190 
191     if (s->has_size && (*offset > s->size || bytes > (s->size - *offset))) {
192         /* There's not enough space for the write, or the read request is
193          * out-of-range. Don't read/write anything to prevent leaking out of
194          * the size specified in options. */
195         return is_write ? -ENOSPC : -EINVAL;
196     }
197 
198     if (*offset > INT64_MAX - s->offset) {
199         return -EINVAL;
200     }
201     *offset += s->offset;
202 
203     return 0;
204 }
205 
206 static int coroutine_fn GRAPH_RDLOCK
207 raw_co_preadv(BlockDriverState *bs, int64_t offset, int64_t bytes,
208               QEMUIOVector *qiov, BdrvRequestFlags flags)
209 {
210     int ret;
211 
212     ret = raw_adjust_offset(bs, &offset, bytes, false);
213     if (ret) {
214         return ret;
215     }
216 
217     BLKDBG_EVENT(bs->file, BLKDBG_READ_AIO);
218     return bdrv_co_preadv(bs->file, offset, bytes, qiov, flags);
219 }
220 
221 static int coroutine_fn GRAPH_RDLOCK
222 raw_co_pwritev(BlockDriverState *bs, int64_t offset, int64_t bytes,
223                QEMUIOVector *qiov, BdrvRequestFlags flags)
224 {
225     void *buf = NULL;
226     BlockDriver *drv;
227     QEMUIOVector local_qiov;
228     int ret;
229 
230     if (bs->probed && offset < BLOCK_PROBE_BUF_SIZE && bytes) {
231         /* Handling partial writes would be a pain - so we just
232          * require that guests have 512-byte request alignment if
233          * probing occurred */
234         QEMU_BUILD_BUG_ON(BLOCK_PROBE_BUF_SIZE != 512);
235         QEMU_BUILD_BUG_ON(BDRV_SECTOR_SIZE != 512);
236         assert(offset == 0 && bytes >= BLOCK_PROBE_BUF_SIZE);
237 
238         buf = qemu_try_blockalign(bs->file->bs, 512);
239         if (!buf) {
240             ret = -ENOMEM;
241             goto fail;
242         }
243 
244         ret = qemu_iovec_to_buf(qiov, 0, buf, 512);
245         if (ret != 512) {
246             ret = -EINVAL;
247             goto fail;
248         }
249 
250         drv = bdrv_probe_all(buf, 512, NULL);
251         if (drv != bs->drv) {
252             ret = -EPERM;
253             goto fail;
254         }
255 
256         /* Use the checked buffer, a malicious guest might be overwriting its
257          * original buffer in the background. */
258         qemu_iovec_init(&local_qiov, qiov->niov + 1);
259         qemu_iovec_add(&local_qiov, buf, 512);
260         qemu_iovec_concat(&local_qiov, qiov, 512, qiov->size - 512);
261         qiov = &local_qiov;
262 
263         flags &= ~BDRV_REQ_REGISTERED_BUF;
264     }
265 
266     ret = raw_adjust_offset(bs, &offset, bytes, true);
267     if (ret) {
268         goto fail;
269     }
270 
271     BLKDBG_EVENT(bs->file, BLKDBG_WRITE_AIO);
272     ret = bdrv_co_pwritev(bs->file, offset, bytes, qiov, flags);
273 
274 fail:
275     if (qiov == &local_qiov) {
276         qemu_iovec_destroy(&local_qiov);
277     }
278     qemu_vfree(buf);
279     return ret;
280 }
281 
282 static int coroutine_fn raw_co_block_status(BlockDriverState *bs,
283                                             bool want_zero, int64_t offset,
284                                             int64_t bytes, int64_t *pnum,
285                                             int64_t *map,
286                                             BlockDriverState **file)
287 {
288     BDRVRawState *s = bs->opaque;
289     *pnum = bytes;
290     *file = bs->file->bs;
291     *map = offset + s->offset;
292     return BDRV_BLOCK_RAW | BDRV_BLOCK_OFFSET_VALID;
293 }
294 
295 static int coroutine_fn GRAPH_RDLOCK
296 raw_co_pwrite_zeroes(BlockDriverState *bs, int64_t offset, int64_t bytes,
297                      BdrvRequestFlags flags)
298 {
299     int ret;
300 
301     ret = raw_adjust_offset(bs, &offset, bytes, true);
302     if (ret) {
303         return ret;
304     }
305     return bdrv_co_pwrite_zeroes(bs->file, offset, bytes, flags);
306 }
307 
308 static int coroutine_fn GRAPH_RDLOCK
309 raw_co_pdiscard(BlockDriverState *bs, int64_t offset, int64_t bytes)
310 {
311     int ret;
312 
313     ret = raw_adjust_offset(bs, &offset, bytes, true);
314     if (ret) {
315         return ret;
316     }
317     return bdrv_co_pdiscard(bs->file, offset, bytes);
318 }
319 
320 static int64_t coroutine_fn GRAPH_RDLOCK
321 raw_co_getlength(BlockDriverState *bs)
322 {
323     int64_t len;
324     BDRVRawState *s = bs->opaque;
325 
326     /* Update size. It should not change unless the file was externally
327      * modified. */
328     len = bdrv_co_getlength(bs->file->bs);
329     if (len < 0) {
330         return len;
331     }
332 
333     if (len < s->offset) {
334         s->size = 0;
335     } else {
336         if (s->has_size) {
337             /* Try to honour the size */
338             s->size = MIN(s->size, len - s->offset);
339         } else {
340             s->size = len - s->offset;
341         }
342     }
343 
344     return s->size;
345 }
346 
347 static BlockMeasureInfo *raw_measure(QemuOpts *opts, BlockDriverState *in_bs,
348                                      Error **errp)
349 {
350     BlockMeasureInfo *info;
351     int64_t required;
352 
353     if (in_bs) {
354         required = bdrv_getlength(in_bs);
355         if (required < 0) {
356             error_setg_errno(errp, -required, "Unable to get image size");
357             return NULL;
358         }
359     } else {
360         required = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
361                             BDRV_SECTOR_SIZE);
362     }
363 
364     info = g_new0(BlockMeasureInfo, 1);
365     info->required = required;
366 
367     /* Unallocated sectors count towards the file size in raw images */
368     info->fully_allocated = info->required;
369     return info;
370 }
371 
372 static int coroutine_fn
373 raw_co_get_info(BlockDriverState *bs, BlockDriverInfo *bdi)
374 {
375     return bdrv_co_get_info(bs->file->bs, bdi);
376 }
377 
378 static void raw_refresh_limits(BlockDriverState *bs, Error **errp)
379 {
380     if (bs->probed) {
381         /* To make it easier to protect the first sector, any probed
382          * image is restricted to read-modify-write on sub-sector
383          * operations. */
384         bs->bl.request_alignment = BDRV_SECTOR_SIZE;
385     }
386 }
387 
388 static int coroutine_fn GRAPH_RDLOCK
389 raw_co_truncate(BlockDriverState *bs, int64_t offset, bool exact,
390                 PreallocMode prealloc, BdrvRequestFlags flags, Error **errp)
391 {
392     BDRVRawState *s = bs->opaque;
393 
394     if (s->has_size) {
395         error_setg(errp, "Cannot resize fixed-size raw disks");
396         return -ENOTSUP;
397     }
398 
399     if (INT64_MAX - offset < s->offset) {
400         error_setg(errp, "Disk size too large for the chosen offset");
401         return -EINVAL;
402     }
403 
404     s->size = offset;
405     offset += s->offset;
406     return bdrv_co_truncate(bs->file, offset, exact, prealloc, flags, errp);
407 }
408 
409 static void coroutine_fn GRAPH_RDLOCK
410 raw_co_eject(BlockDriverState *bs, bool eject_flag)
411 {
412     bdrv_co_eject(bs->file->bs, eject_flag);
413 }
414 
415 static void coroutine_fn GRAPH_RDLOCK
416 raw_co_lock_medium(BlockDriverState *bs, bool locked)
417 {
418     bdrv_co_lock_medium(bs->file->bs, locked);
419 }
420 
421 static int coroutine_fn GRAPH_RDLOCK
422 raw_co_ioctl(BlockDriverState *bs, unsigned long int req, void *buf)
423 {
424     BDRVRawState *s = bs->opaque;
425     if (s->offset || s->has_size) {
426         return -ENOTSUP;
427     }
428     return bdrv_co_ioctl(bs->file->bs, req, buf);
429 }
430 
431 static int raw_has_zero_init(BlockDriverState *bs)
432 {
433     return bdrv_has_zero_init(bs->file->bs);
434 }
435 
436 static int coroutine_fn GRAPH_RDLOCK
437 raw_co_create_opts(BlockDriver *drv, const char *filename,
438                    QemuOpts *opts, Error **errp)
439 {
440     return bdrv_co_create_file(filename, opts, errp);
441 }
442 
443 static int raw_open(BlockDriverState *bs, QDict *options, int flags,
444                     Error **errp)
445 {
446     BDRVRawState *s = bs->opaque;
447     bool has_size;
448     uint64_t offset, size;
449     BdrvChildRole file_role;
450     int ret;
451 
452     ret = raw_read_options(options, &offset, &has_size, &size, errp);
453     if (ret < 0) {
454         return ret;
455     }
456 
457     /*
458      * Without offset and a size limit, this driver behaves very much
459      * like a filter.  With any such limit, it does not.
460      */
461     if (offset || has_size) {
462         file_role = BDRV_CHILD_DATA | BDRV_CHILD_PRIMARY;
463     } else {
464         file_role = BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY;
465     }
466 
467     bdrv_open_child(NULL, options, "file", bs, &child_of_bds,
468                     file_role, false, errp);
469     if (!bs->file) {
470         return -EINVAL;
471     }
472 
473     bs->sg = bdrv_is_sg(bs->file->bs);
474     bs->supported_write_flags = BDRV_REQ_WRITE_UNCHANGED |
475         (BDRV_REQ_FUA & bs->file->bs->supported_write_flags);
476     bs->supported_zero_flags = BDRV_REQ_WRITE_UNCHANGED |
477         ((BDRV_REQ_FUA | BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK) &
478             bs->file->bs->supported_zero_flags);
479     bs->supported_truncate_flags = bs->file->bs->supported_truncate_flags &
480                                    BDRV_REQ_ZERO_WRITE;
481 
482     if (bs->probed && !bdrv_is_read_only(bs)) {
483         bdrv_refresh_filename(bs->file->bs);
484         fprintf(stderr,
485                 "WARNING: Image format was not specified for '%s' and probing "
486                 "guessed raw.\n"
487                 "         Automatically detecting the format is dangerous for "
488                 "raw images, write operations on block 0 will be restricted.\n"
489                 "         Specify the 'raw' format explicitly to remove the "
490                 "restrictions.\n",
491                 bs->file->bs->filename);
492     }
493 
494     ret = raw_apply_options(bs, s, offset, has_size, size, errp);
495     if (ret < 0) {
496         return ret;
497     }
498 
499     if (bdrv_is_sg(bs) && (s->offset || s->has_size)) {
500         error_setg(errp, "Cannot use offset/size with SCSI generic devices");
501         return -EINVAL;
502     }
503 
504     return 0;
505 }
506 
507 static int raw_probe(const uint8_t *buf, int buf_size, const char *filename)
508 {
509     /* smallest possible positive score so that raw is used if and only if no
510      * other block driver works
511      */
512     return 1;
513 }
514 
515 static int raw_probe_blocksizes(BlockDriverState *bs, BlockSizes *bsz)
516 {
517     BDRVRawState *s = bs->opaque;
518     int ret;
519 
520     ret = bdrv_probe_blocksizes(bs->file->bs, bsz);
521     if (ret < 0) {
522         return ret;
523     }
524 
525     if (!QEMU_IS_ALIGNED(s->offset, MAX(bsz->log, bsz->phys))) {
526         return -ENOTSUP;
527     }
528 
529     return 0;
530 }
531 
532 static int raw_probe_geometry(BlockDriverState *bs, HDGeometry *geo)
533 {
534     BDRVRawState *s = bs->opaque;
535     if (s->offset || s->has_size) {
536         return -ENOTSUP;
537     }
538     return bdrv_probe_geometry(bs->file->bs, geo);
539 }
540 
541 static int coroutine_fn GRAPH_RDLOCK
542 raw_co_copy_range_from(BlockDriverState *bs,
543                        BdrvChild *src, int64_t src_offset,
544                        BdrvChild *dst, int64_t dst_offset,
545                        int64_t bytes, BdrvRequestFlags read_flags,
546                        BdrvRequestFlags write_flags)
547 {
548     int ret;
549 
550     ret = raw_adjust_offset(bs, &src_offset, bytes, false);
551     if (ret) {
552         return ret;
553     }
554     return bdrv_co_copy_range_from(bs->file, src_offset, dst, dst_offset,
555                                    bytes, read_flags, write_flags);
556 }
557 
558 static int coroutine_fn GRAPH_RDLOCK
559 raw_co_copy_range_to(BlockDriverState *bs,
560                      BdrvChild *src, int64_t src_offset,
561                      BdrvChild *dst, int64_t dst_offset,
562                      int64_t bytes, BdrvRequestFlags read_flags,
563                      BdrvRequestFlags write_flags)
564 {
565     int ret;
566 
567     ret = raw_adjust_offset(bs, &dst_offset, bytes, true);
568     if (ret) {
569         return ret;
570     }
571     return bdrv_co_copy_range_to(src, src_offset, bs->file, dst_offset, bytes,
572                                  read_flags, write_flags);
573 }
574 
575 static const char *const raw_strong_runtime_opts[] = {
576     "offset",
577     "size",
578 
579     NULL
580 };
581 
582 static void raw_cancel_in_flight(BlockDriverState *bs)
583 {
584     bdrv_cancel_in_flight(bs->file->bs);
585 }
586 
587 static void raw_child_perm(BlockDriverState *bs, BdrvChild *c,
588                            BdrvChildRole role,
589                            BlockReopenQueue *reopen_queue,
590                            uint64_t parent_perm, uint64_t parent_shared,
591                            uint64_t *nperm, uint64_t *nshared)
592 {
593     bdrv_default_perms(bs, c, role, reopen_queue, parent_perm,
594                        parent_shared, nperm, nshared);
595 
596     /*
597      * bdrv_default_perms() may add WRITE and/or RESIZE (see comment in
598      * bdrv_default_perms_for_storage() for an explanation) but we only need
599      * them if they are in parent_perm. Drop WRITE and RESIZE whenever possible
600      * to avoid permission conflicts.
601      */
602     *nperm &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
603     *nperm |= parent_perm & (BLK_PERM_WRITE | BLK_PERM_RESIZE);
604 }
605 
606 BlockDriver bdrv_raw = {
607     .format_name          = "raw",
608     .instance_size        = sizeof(BDRVRawState),
609     .bdrv_probe           = &raw_probe,
610     .bdrv_reopen_prepare  = &raw_reopen_prepare,
611     .bdrv_reopen_commit   = &raw_reopen_commit,
612     .bdrv_reopen_abort    = &raw_reopen_abort,
613     .bdrv_open            = &raw_open,
614     .bdrv_child_perm      = raw_child_perm,
615     .bdrv_co_create_opts  = &raw_co_create_opts,
616     .bdrv_co_preadv       = &raw_co_preadv,
617     .bdrv_co_pwritev      = &raw_co_pwritev,
618     .bdrv_co_pwrite_zeroes = &raw_co_pwrite_zeroes,
619     .bdrv_co_pdiscard     = &raw_co_pdiscard,
620     .bdrv_co_block_status = &raw_co_block_status,
621     .bdrv_co_copy_range_from = &raw_co_copy_range_from,
622     .bdrv_co_copy_range_to  = &raw_co_copy_range_to,
623     .bdrv_co_truncate     = &raw_co_truncate,
624     .bdrv_co_getlength    = &raw_co_getlength,
625     .is_format            = true,
626     .has_variable_length  = true,
627     .bdrv_measure         = &raw_measure,
628     .bdrv_co_get_info     = &raw_co_get_info,
629     .bdrv_refresh_limits  = &raw_refresh_limits,
630     .bdrv_probe_blocksizes = &raw_probe_blocksizes,
631     .bdrv_probe_geometry  = &raw_probe_geometry,
632     .bdrv_co_eject        = &raw_co_eject,
633     .bdrv_co_lock_medium  = &raw_co_lock_medium,
634     .bdrv_co_ioctl        = &raw_co_ioctl,
635     .create_opts          = &raw_create_opts,
636     .bdrv_has_zero_init   = &raw_has_zero_init,
637     .strong_runtime_opts  = raw_strong_runtime_opts,
638     .mutable_opts         = mutable_opts,
639     .bdrv_cancel_in_flight = raw_cancel_in_flight,
640 };
641 
642 static void bdrv_raw_init(void)
643 {
644     bdrv_register(&bdrv_raw);
645 }
646 
647 block_init(bdrv_raw_init);
648