1 /* BlockDriver implementation for "raw" format driver 2 * 3 * Copyright (C) 2010-2016 Red Hat, Inc. 4 * Copyright (C) 2010, Blue Swirl <blauwirbel@gmail.com> 5 * Copyright (C) 2009, Anthony Liguori <aliguori@us.ibm.com> 6 * 7 * Author: 8 * Laszlo Ersek <lersek@redhat.com> 9 * 10 * Permission is hereby granted, free of charge, to any person obtaining a copy 11 * of this software and associated documentation files (the "Software"), to 12 * deal in the Software without restriction, including without limitation the 13 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 14 * sell copies of the Software, and to permit persons to whom the Software is 15 * furnished to do so, subject to the following conditions: 16 * 17 * The above copyright notice and this permission notice shall be included in 18 * all copies or substantial portions of the Software. 19 * 20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 23 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 24 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 25 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 26 * IN THE SOFTWARE. 27 */ 28 29 #include "qemu/osdep.h" 30 #include "block/block_int.h" 31 #include "qapi/error.h" 32 #include "qemu/module.h" 33 #include "qemu/option.h" 34 #include "qemu/memalign.h" 35 36 typedef struct BDRVRawState { 37 uint64_t offset; 38 uint64_t size; 39 bool has_size; 40 } BDRVRawState; 41 42 static const char *const mutable_opts[] = { "offset", "size", NULL }; 43 44 static QemuOptsList raw_runtime_opts = { 45 .name = "raw", 46 .head = QTAILQ_HEAD_INITIALIZER(raw_runtime_opts.head), 47 .desc = { 48 { 49 .name = "offset", 50 .type = QEMU_OPT_SIZE, 51 .help = "offset in the disk where the image starts", 52 }, 53 { 54 .name = "size", 55 .type = QEMU_OPT_SIZE, 56 .help = "virtual disk size", 57 }, 58 { /* end of list */ } 59 }, 60 }; 61 62 static QemuOptsList raw_create_opts = { 63 .name = "raw-create-opts", 64 .head = QTAILQ_HEAD_INITIALIZER(raw_create_opts.head), 65 .desc = { 66 { 67 .name = BLOCK_OPT_SIZE, 68 .type = QEMU_OPT_SIZE, 69 .help = "Virtual disk size" 70 }, 71 { /* end of list */ } 72 } 73 }; 74 75 static int raw_read_options(QDict *options, uint64_t *offset, bool *has_size, 76 uint64_t *size, Error **errp) 77 { 78 QemuOpts *opts = NULL; 79 int ret; 80 81 opts = qemu_opts_create(&raw_runtime_opts, NULL, 0, &error_abort); 82 if (!qemu_opts_absorb_qdict(opts, options, errp)) { 83 ret = -EINVAL; 84 goto end; 85 } 86 87 *offset = qemu_opt_get_size(opts, "offset", 0); 88 *has_size = qemu_opt_find(opts, "size"); 89 *size = qemu_opt_get_size(opts, "size", 0); 90 91 ret = 0; 92 end: 93 qemu_opts_del(opts); 94 return ret; 95 } 96 97 static int raw_apply_options(BlockDriverState *bs, BDRVRawState *s, 98 uint64_t offset, bool has_size, uint64_t size, 99 Error **errp) 100 { 101 int64_t real_size = 0; 102 103 real_size = bdrv_getlength(bs->file->bs); 104 if (real_size < 0) { 105 error_setg_errno(errp, -real_size, "Could not get image size"); 106 return real_size; 107 } 108 109 /* Check size and offset */ 110 if (offset > real_size) { 111 error_setg(errp, "Offset (%" PRIu64 ") cannot be greater than " 112 "size of the containing file (%" PRId64 ")", 113 s->offset, real_size); 114 return -EINVAL; 115 } 116 117 if (has_size && (real_size - offset) < size) { 118 error_setg(errp, "The sum of offset (%" PRIu64 ") and size " 119 "(%" PRIu64 ") has to be smaller or equal to the " 120 " actual size of the containing file (%" PRId64 ")", 121 s->offset, s->size, real_size); 122 return -EINVAL; 123 } 124 125 /* Make sure size is multiple of BDRV_SECTOR_SIZE to prevent rounding 126 * up and leaking out of the specified area. */ 127 if (has_size && !QEMU_IS_ALIGNED(size, BDRV_SECTOR_SIZE)) { 128 error_setg(errp, "Specified size is not multiple of %llu", 129 BDRV_SECTOR_SIZE); 130 return -EINVAL; 131 } 132 133 s->offset = offset; 134 s->has_size = has_size; 135 s->size = has_size ? size : real_size - offset; 136 137 return 0; 138 } 139 140 static int raw_reopen_prepare(BDRVReopenState *reopen_state, 141 BlockReopenQueue *queue, Error **errp) 142 { 143 bool has_size; 144 uint64_t offset, size; 145 int ret; 146 147 assert(reopen_state != NULL); 148 assert(reopen_state->bs != NULL); 149 150 reopen_state->opaque = g_new0(BDRVRawState, 1); 151 152 ret = raw_read_options(reopen_state->options, &offset, &has_size, &size, 153 errp); 154 if (ret < 0) { 155 return ret; 156 } 157 158 ret = raw_apply_options(reopen_state->bs, reopen_state->opaque, 159 offset, has_size, size, errp); 160 if (ret < 0) { 161 return ret; 162 } 163 164 return 0; 165 } 166 167 static void raw_reopen_commit(BDRVReopenState *state) 168 { 169 BDRVRawState *new_s = state->opaque; 170 BDRVRawState *s = state->bs->opaque; 171 172 memcpy(s, new_s, sizeof(BDRVRawState)); 173 174 g_free(state->opaque); 175 state->opaque = NULL; 176 } 177 178 static void raw_reopen_abort(BDRVReopenState *state) 179 { 180 g_free(state->opaque); 181 state->opaque = NULL; 182 } 183 184 /* Check and adjust the offset, against 'offset' and 'size' options. */ 185 static inline int raw_adjust_offset(BlockDriverState *bs, int64_t *offset, 186 int64_t bytes, bool is_write) 187 { 188 BDRVRawState *s = bs->opaque; 189 190 if (s->has_size && (*offset > s->size || bytes > (s->size - *offset))) { 191 /* There's not enough space for the write, or the read request is 192 * out-of-range. Don't read/write anything to prevent leaking out of 193 * the size specified in options. */ 194 return is_write ? -ENOSPC : -EINVAL; 195 } 196 197 if (*offset > INT64_MAX - s->offset) { 198 return -EINVAL; 199 } 200 *offset += s->offset; 201 202 return 0; 203 } 204 205 static int coroutine_fn raw_co_preadv(BlockDriverState *bs, int64_t offset, 206 int64_t bytes, QEMUIOVector *qiov, 207 BdrvRequestFlags flags) 208 { 209 int ret; 210 211 ret = raw_adjust_offset(bs, &offset, bytes, false); 212 if (ret) { 213 return ret; 214 } 215 216 BLKDBG_EVENT(bs->file, BLKDBG_READ_AIO); 217 return bdrv_co_preadv(bs->file, offset, bytes, qiov, flags); 218 } 219 220 static int coroutine_fn raw_co_pwritev(BlockDriverState *bs, int64_t offset, 221 int64_t bytes, QEMUIOVector *qiov, 222 BdrvRequestFlags flags) 223 { 224 void *buf = NULL; 225 BlockDriver *drv; 226 QEMUIOVector local_qiov; 227 int ret; 228 229 if (bs->probed && offset < BLOCK_PROBE_BUF_SIZE && bytes) { 230 /* Handling partial writes would be a pain - so we just 231 * require that guests have 512-byte request alignment if 232 * probing occurred */ 233 QEMU_BUILD_BUG_ON(BLOCK_PROBE_BUF_SIZE != 512); 234 QEMU_BUILD_BUG_ON(BDRV_SECTOR_SIZE != 512); 235 assert(offset == 0 && bytes >= BLOCK_PROBE_BUF_SIZE); 236 237 buf = qemu_try_blockalign(bs->file->bs, 512); 238 if (!buf) { 239 ret = -ENOMEM; 240 goto fail; 241 } 242 243 ret = qemu_iovec_to_buf(qiov, 0, buf, 512); 244 if (ret != 512) { 245 ret = -EINVAL; 246 goto fail; 247 } 248 249 drv = bdrv_probe_all(buf, 512, NULL); 250 if (drv != bs->drv) { 251 ret = -EPERM; 252 goto fail; 253 } 254 255 /* Use the checked buffer, a malicious guest might be overwriting its 256 * original buffer in the background. */ 257 qemu_iovec_init(&local_qiov, qiov->niov + 1); 258 qemu_iovec_add(&local_qiov, buf, 512); 259 qemu_iovec_concat(&local_qiov, qiov, 512, qiov->size - 512); 260 qiov = &local_qiov; 261 } 262 263 ret = raw_adjust_offset(bs, &offset, bytes, true); 264 if (ret) { 265 goto fail; 266 } 267 268 BLKDBG_EVENT(bs->file, BLKDBG_WRITE_AIO); 269 ret = bdrv_co_pwritev(bs->file, offset, bytes, qiov, flags); 270 271 fail: 272 if (qiov == &local_qiov) { 273 qemu_iovec_destroy(&local_qiov); 274 } 275 qemu_vfree(buf); 276 return ret; 277 } 278 279 static int coroutine_fn raw_co_block_status(BlockDriverState *bs, 280 bool want_zero, int64_t offset, 281 int64_t bytes, int64_t *pnum, 282 int64_t *map, 283 BlockDriverState **file) 284 { 285 BDRVRawState *s = bs->opaque; 286 *pnum = bytes; 287 *file = bs->file->bs; 288 *map = offset + s->offset; 289 return BDRV_BLOCK_RAW | BDRV_BLOCK_OFFSET_VALID; 290 } 291 292 static int coroutine_fn raw_co_pwrite_zeroes(BlockDriverState *bs, 293 int64_t offset, int64_t bytes, 294 BdrvRequestFlags flags) 295 { 296 int ret; 297 298 ret = raw_adjust_offset(bs, &offset, bytes, true); 299 if (ret) { 300 return ret; 301 } 302 return bdrv_co_pwrite_zeroes(bs->file, offset, bytes, flags); 303 } 304 305 static int coroutine_fn raw_co_pdiscard(BlockDriverState *bs, 306 int64_t offset, int64_t bytes) 307 { 308 int ret; 309 310 ret = raw_adjust_offset(bs, &offset, bytes, true); 311 if (ret) { 312 return ret; 313 } 314 return bdrv_co_pdiscard(bs->file, offset, bytes); 315 } 316 317 static int64_t raw_getlength(BlockDriverState *bs) 318 { 319 int64_t len; 320 BDRVRawState *s = bs->opaque; 321 322 /* Update size. It should not change unless the file was externally 323 * modified. */ 324 len = bdrv_getlength(bs->file->bs); 325 if (len < 0) { 326 return len; 327 } 328 329 if (len < s->offset) { 330 s->size = 0; 331 } else { 332 if (s->has_size) { 333 /* Try to honour the size */ 334 s->size = MIN(s->size, len - s->offset); 335 } else { 336 s->size = len - s->offset; 337 } 338 } 339 340 return s->size; 341 } 342 343 static BlockMeasureInfo *raw_measure(QemuOpts *opts, BlockDriverState *in_bs, 344 Error **errp) 345 { 346 BlockMeasureInfo *info; 347 int64_t required; 348 349 if (in_bs) { 350 required = bdrv_getlength(in_bs); 351 if (required < 0) { 352 error_setg_errno(errp, -required, "Unable to get image size"); 353 return NULL; 354 } 355 } else { 356 required = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0), 357 BDRV_SECTOR_SIZE); 358 } 359 360 info = g_new0(BlockMeasureInfo, 1); 361 info->required = required; 362 363 /* Unallocated sectors count towards the file size in raw images */ 364 info->fully_allocated = info->required; 365 return info; 366 } 367 368 static int raw_get_info(BlockDriverState *bs, BlockDriverInfo *bdi) 369 { 370 return bdrv_get_info(bs->file->bs, bdi); 371 } 372 373 static void raw_refresh_limits(BlockDriverState *bs, Error **errp) 374 { 375 if (bs->probed) { 376 /* To make it easier to protect the first sector, any probed 377 * image is restricted to read-modify-write on sub-sector 378 * operations. */ 379 bs->bl.request_alignment = BDRV_SECTOR_SIZE; 380 } 381 } 382 383 static int coroutine_fn raw_co_truncate(BlockDriverState *bs, int64_t offset, 384 bool exact, PreallocMode prealloc, 385 BdrvRequestFlags flags, Error **errp) 386 { 387 BDRVRawState *s = bs->opaque; 388 389 if (s->has_size) { 390 error_setg(errp, "Cannot resize fixed-size raw disks"); 391 return -ENOTSUP; 392 } 393 394 if (INT64_MAX - offset < s->offset) { 395 error_setg(errp, "Disk size too large for the chosen offset"); 396 return -EINVAL; 397 } 398 399 s->size = offset; 400 offset += s->offset; 401 return bdrv_co_truncate(bs->file, offset, exact, prealloc, flags, errp); 402 } 403 404 static void raw_eject(BlockDriverState *bs, bool eject_flag) 405 { 406 bdrv_eject(bs->file->bs, eject_flag); 407 } 408 409 static void raw_lock_medium(BlockDriverState *bs, bool locked) 410 { 411 bdrv_lock_medium(bs->file->bs, locked); 412 } 413 414 static int coroutine_fn raw_co_ioctl(BlockDriverState *bs, 415 unsigned long int req, void *buf) 416 { 417 BDRVRawState *s = bs->opaque; 418 if (s->offset || s->has_size) { 419 return -ENOTSUP; 420 } 421 return bdrv_co_ioctl(bs->file->bs, req, buf); 422 } 423 424 static int raw_has_zero_init(BlockDriverState *bs) 425 { 426 return bdrv_has_zero_init(bs->file->bs); 427 } 428 429 static int coroutine_fn raw_co_create_opts(BlockDriver *drv, 430 const char *filename, 431 QemuOpts *opts, 432 Error **errp) 433 { 434 return bdrv_create_file(filename, opts, errp); 435 } 436 437 static int raw_open(BlockDriverState *bs, QDict *options, int flags, 438 Error **errp) 439 { 440 BDRVRawState *s = bs->opaque; 441 bool has_size; 442 uint64_t offset, size; 443 BdrvChildRole file_role; 444 int ret; 445 446 ret = raw_read_options(options, &offset, &has_size, &size, errp); 447 if (ret < 0) { 448 return ret; 449 } 450 451 /* 452 * Without offset and a size limit, this driver behaves very much 453 * like a filter. With any such limit, it does not. 454 */ 455 if (offset || has_size) { 456 file_role = BDRV_CHILD_DATA | BDRV_CHILD_PRIMARY; 457 } else { 458 file_role = BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY; 459 } 460 461 bs->file = bdrv_open_child(NULL, options, "file", bs, &child_of_bds, 462 file_role, false, errp); 463 if (!bs->file) { 464 return -EINVAL; 465 } 466 467 bs->sg = bdrv_is_sg(bs->file->bs); 468 bs->supported_write_flags = BDRV_REQ_WRITE_UNCHANGED | 469 (BDRV_REQ_FUA & bs->file->bs->supported_write_flags); 470 bs->supported_zero_flags = BDRV_REQ_WRITE_UNCHANGED | 471 ((BDRV_REQ_FUA | BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK) & 472 bs->file->bs->supported_zero_flags); 473 bs->supported_truncate_flags = bs->file->bs->supported_truncate_flags & 474 BDRV_REQ_ZERO_WRITE; 475 476 if (bs->probed && !bdrv_is_read_only(bs)) { 477 bdrv_refresh_filename(bs->file->bs); 478 fprintf(stderr, 479 "WARNING: Image format was not specified for '%s' and probing " 480 "guessed raw.\n" 481 " Automatically detecting the format is dangerous for " 482 "raw images, write operations on block 0 will be restricted.\n" 483 " Specify the 'raw' format explicitly to remove the " 484 "restrictions.\n", 485 bs->file->bs->filename); 486 } 487 488 ret = raw_apply_options(bs, s, offset, has_size, size, errp); 489 if (ret < 0) { 490 return ret; 491 } 492 493 if (bdrv_is_sg(bs) && (s->offset || s->has_size)) { 494 error_setg(errp, "Cannot use offset/size with SCSI generic devices"); 495 return -EINVAL; 496 } 497 498 return 0; 499 } 500 501 static int raw_probe(const uint8_t *buf, int buf_size, const char *filename) 502 { 503 /* smallest possible positive score so that raw is used if and only if no 504 * other block driver works 505 */ 506 return 1; 507 } 508 509 static int raw_probe_blocksizes(BlockDriverState *bs, BlockSizes *bsz) 510 { 511 BDRVRawState *s = bs->opaque; 512 int ret; 513 514 ret = bdrv_probe_blocksizes(bs->file->bs, bsz); 515 if (ret < 0) { 516 return ret; 517 } 518 519 if (!QEMU_IS_ALIGNED(s->offset, MAX(bsz->log, bsz->phys))) { 520 return -ENOTSUP; 521 } 522 523 return 0; 524 } 525 526 static int raw_probe_geometry(BlockDriverState *bs, HDGeometry *geo) 527 { 528 BDRVRawState *s = bs->opaque; 529 if (s->offset || s->has_size) { 530 return -ENOTSUP; 531 } 532 return bdrv_probe_geometry(bs->file->bs, geo); 533 } 534 535 static int coroutine_fn raw_co_copy_range_from(BlockDriverState *bs, 536 BdrvChild *src, 537 int64_t src_offset, 538 BdrvChild *dst, 539 int64_t dst_offset, 540 int64_t bytes, 541 BdrvRequestFlags read_flags, 542 BdrvRequestFlags write_flags) 543 { 544 int ret; 545 546 ret = raw_adjust_offset(bs, &src_offset, bytes, false); 547 if (ret) { 548 return ret; 549 } 550 return bdrv_co_copy_range_from(bs->file, src_offset, dst, dst_offset, 551 bytes, read_flags, write_flags); 552 } 553 554 static int coroutine_fn raw_co_copy_range_to(BlockDriverState *bs, 555 BdrvChild *src, 556 int64_t src_offset, 557 BdrvChild *dst, 558 int64_t dst_offset, 559 int64_t bytes, 560 BdrvRequestFlags read_flags, 561 BdrvRequestFlags write_flags) 562 { 563 int ret; 564 565 ret = raw_adjust_offset(bs, &dst_offset, bytes, true); 566 if (ret) { 567 return ret; 568 } 569 return bdrv_co_copy_range_to(src, src_offset, bs->file, dst_offset, bytes, 570 read_flags, write_flags); 571 } 572 573 static const char *const raw_strong_runtime_opts[] = { 574 "offset", 575 "size", 576 577 NULL 578 }; 579 580 static void raw_cancel_in_flight(BlockDriverState *bs) 581 { 582 bdrv_cancel_in_flight(bs->file->bs); 583 } 584 585 static void raw_child_perm(BlockDriverState *bs, BdrvChild *c, 586 BdrvChildRole role, 587 BlockReopenQueue *reopen_queue, 588 uint64_t parent_perm, uint64_t parent_shared, 589 uint64_t *nperm, uint64_t *nshared) 590 { 591 bdrv_default_perms(bs, c, role, reopen_queue, parent_perm, 592 parent_shared, nperm, nshared); 593 594 /* 595 * bdrv_default_perms() may add WRITE and/or RESIZE (see comment in 596 * bdrv_default_perms_for_storage() for an explanation) but we only need 597 * them if they are in parent_perm. Drop WRITE and RESIZE whenever possible 598 * to avoid permission conflicts. 599 */ 600 *nperm &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE); 601 *nperm |= parent_perm & (BLK_PERM_WRITE | BLK_PERM_RESIZE); 602 } 603 604 BlockDriver bdrv_raw = { 605 .format_name = "raw", 606 .instance_size = sizeof(BDRVRawState), 607 .bdrv_probe = &raw_probe, 608 .bdrv_reopen_prepare = &raw_reopen_prepare, 609 .bdrv_reopen_commit = &raw_reopen_commit, 610 .bdrv_reopen_abort = &raw_reopen_abort, 611 .bdrv_open = &raw_open, 612 .bdrv_child_perm = raw_child_perm, 613 .bdrv_co_create_opts = &raw_co_create_opts, 614 .bdrv_co_preadv = &raw_co_preadv, 615 .bdrv_co_pwritev = &raw_co_pwritev, 616 .bdrv_co_pwrite_zeroes = &raw_co_pwrite_zeroes, 617 .bdrv_co_pdiscard = &raw_co_pdiscard, 618 .bdrv_co_block_status = &raw_co_block_status, 619 .bdrv_co_copy_range_from = &raw_co_copy_range_from, 620 .bdrv_co_copy_range_to = &raw_co_copy_range_to, 621 .bdrv_co_truncate = &raw_co_truncate, 622 .bdrv_getlength = &raw_getlength, 623 .is_format = true, 624 .has_variable_length = true, 625 .bdrv_measure = &raw_measure, 626 .bdrv_get_info = &raw_get_info, 627 .bdrv_refresh_limits = &raw_refresh_limits, 628 .bdrv_probe_blocksizes = &raw_probe_blocksizes, 629 .bdrv_probe_geometry = &raw_probe_geometry, 630 .bdrv_eject = &raw_eject, 631 .bdrv_lock_medium = &raw_lock_medium, 632 .bdrv_co_ioctl = &raw_co_ioctl, 633 .create_opts = &raw_create_opts, 634 .bdrv_has_zero_init = &raw_has_zero_init, 635 .strong_runtime_opts = raw_strong_runtime_opts, 636 .mutable_opts = mutable_opts, 637 .bdrv_cancel_in_flight = raw_cancel_in_flight, 638 }; 639 640 static void bdrv_raw_init(void) 641 { 642 bdrv_register(&bdrv_raw); 643 } 644 645 block_init(bdrv_raw_init); 646