xref: /openbmc/qemu/block/vmdk.c (revision 14a650ec)
1 /*
2  * Block driver for the VMDK format
3  *
4  * Copyright (c) 2004 Fabrice Bellard
5  * Copyright (c) 2005 Filip Navara
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 
26 #include "qemu-common.h"
27 #include "block/block_int.h"
28 #include "qemu/module.h"
29 #include "migration/migration.h"
30 #include <zlib.h>
31 
32 #define VMDK3_MAGIC (('C' << 24) | ('O' << 16) | ('W' << 8) | 'D')
33 #define VMDK4_MAGIC (('K' << 24) | ('D' << 16) | ('M' << 8) | 'V')
34 #define VMDK4_COMPRESSION_DEFLATE 1
35 #define VMDK4_FLAG_NL_DETECT (1 << 0)
36 #define VMDK4_FLAG_RGD (1 << 1)
37 /* Zeroed-grain enable bit */
38 #define VMDK4_FLAG_ZERO_GRAIN   (1 << 2)
39 #define VMDK4_FLAG_COMPRESS (1 << 16)
40 #define VMDK4_FLAG_MARKER (1 << 17)
41 #define VMDK4_GD_AT_END 0xffffffffffffffffULL
42 
43 #define VMDK_GTE_ZEROED 0x1
44 
45 /* VMDK internal error codes */
46 #define VMDK_OK      0
47 #define VMDK_ERROR   (-1)
48 /* Cluster not allocated */
49 #define VMDK_UNALLOC (-2)
50 #define VMDK_ZEROED  (-3)
51 
52 #define BLOCK_OPT_ZEROED_GRAIN "zeroed_grain"
53 
54 typedef struct {
55     uint32_t version;
56     uint32_t flags;
57     uint32_t disk_sectors;
58     uint32_t granularity;
59     uint32_t l1dir_offset;
60     uint32_t l1dir_size;
61     uint32_t file_sectors;
62     uint32_t cylinders;
63     uint32_t heads;
64     uint32_t sectors_per_track;
65 } QEMU_PACKED VMDK3Header;
66 
67 typedef struct {
68     uint32_t version;
69     uint32_t flags;
70     uint64_t capacity;
71     uint64_t granularity;
72     uint64_t desc_offset;
73     uint64_t desc_size;
74     /* Number of GrainTableEntries per GrainTable */
75     uint32_t num_gtes_per_gt;
76     uint64_t rgd_offset;
77     uint64_t gd_offset;
78     uint64_t grain_offset;
79     char filler[1];
80     char check_bytes[4];
81     uint16_t compressAlgorithm;
82 } QEMU_PACKED VMDK4Header;
83 
84 #define L2_CACHE_SIZE 16
85 
86 typedef struct VmdkExtent {
87     BlockDriverState *file;
88     bool flat;
89     bool compressed;
90     bool has_marker;
91     bool has_zero_grain;
92     int version;
93     int64_t sectors;
94     int64_t end_sector;
95     int64_t flat_start_offset;
96     int64_t l1_table_offset;
97     int64_t l1_backup_table_offset;
98     uint32_t *l1_table;
99     uint32_t *l1_backup_table;
100     unsigned int l1_size;
101     uint32_t l1_entry_sectors;
102 
103     unsigned int l2_size;
104     uint32_t *l2_cache;
105     uint32_t l2_cache_offsets[L2_CACHE_SIZE];
106     uint32_t l2_cache_counts[L2_CACHE_SIZE];
107 
108     int64_t cluster_sectors;
109     char *type;
110 } VmdkExtent;
111 
112 typedef struct BDRVVmdkState {
113     CoMutex lock;
114     uint64_t desc_offset;
115     bool cid_updated;
116     bool cid_checked;
117     uint32_t cid;
118     uint32_t parent_cid;
119     int num_extents;
120     /* Extent array with num_extents entries, ascend ordered by address */
121     VmdkExtent *extents;
122     Error *migration_blocker;
123     char *create_type;
124 } BDRVVmdkState;
125 
126 typedef struct VmdkMetaData {
127     uint32_t offset;
128     unsigned int l1_index;
129     unsigned int l2_index;
130     unsigned int l2_offset;
131     int valid;
132     uint32_t *l2_cache_entry;
133 } VmdkMetaData;
134 
135 typedef struct VmdkGrainMarker {
136     uint64_t lba;
137     uint32_t size;
138     uint8_t  data[0];
139 } QEMU_PACKED VmdkGrainMarker;
140 
141 enum {
142     MARKER_END_OF_STREAM    = 0,
143     MARKER_GRAIN_TABLE      = 1,
144     MARKER_GRAIN_DIRECTORY  = 2,
145     MARKER_FOOTER           = 3,
146 };
147 
148 static int vmdk_probe(const uint8_t *buf, int buf_size, const char *filename)
149 {
150     uint32_t magic;
151 
152     if (buf_size < 4) {
153         return 0;
154     }
155     magic = be32_to_cpu(*(uint32_t *)buf);
156     if (magic == VMDK3_MAGIC ||
157         magic == VMDK4_MAGIC) {
158         return 100;
159     } else {
160         const char *p = (const char *)buf;
161         const char *end = p + buf_size;
162         while (p < end) {
163             if (*p == '#') {
164                 /* skip comment line */
165                 while (p < end && *p != '\n') {
166                     p++;
167                 }
168                 p++;
169                 continue;
170             }
171             if (*p == ' ') {
172                 while (p < end && *p == ' ') {
173                     p++;
174                 }
175                 /* skip '\r' if windows line endings used. */
176                 if (p < end && *p == '\r') {
177                     p++;
178                 }
179                 /* only accept blank lines before 'version=' line */
180                 if (p == end || *p != '\n') {
181                     return 0;
182                 }
183                 p++;
184                 continue;
185             }
186             if (end - p >= strlen("version=X\n")) {
187                 if (strncmp("version=1\n", p, strlen("version=1\n")) == 0 ||
188                     strncmp("version=2\n", p, strlen("version=2\n")) == 0) {
189                     return 100;
190                 }
191             }
192             if (end - p >= strlen("version=X\r\n")) {
193                 if (strncmp("version=1\r\n", p, strlen("version=1\r\n")) == 0 ||
194                     strncmp("version=2\r\n", p, strlen("version=2\r\n")) == 0) {
195                     return 100;
196                 }
197             }
198             return 0;
199         }
200         return 0;
201     }
202 }
203 
204 #define SECTOR_SIZE 512
205 #define DESC_SIZE (20 * SECTOR_SIZE)    /* 20 sectors of 512 bytes each */
206 #define BUF_SIZE 4096
207 #define HEADER_SIZE 512                 /* first sector of 512 bytes */
208 
209 static void vmdk_free_extents(BlockDriverState *bs)
210 {
211     int i;
212     BDRVVmdkState *s = bs->opaque;
213     VmdkExtent *e;
214 
215     for (i = 0; i < s->num_extents; i++) {
216         e = &s->extents[i];
217         g_free(e->l1_table);
218         g_free(e->l2_cache);
219         g_free(e->l1_backup_table);
220         g_free(e->type);
221         if (e->file != bs->file) {
222             bdrv_unref(e->file);
223         }
224     }
225     g_free(s->extents);
226 }
227 
228 static void vmdk_free_last_extent(BlockDriverState *bs)
229 {
230     BDRVVmdkState *s = bs->opaque;
231 
232     if (s->num_extents == 0) {
233         return;
234     }
235     s->num_extents--;
236     s->extents = g_realloc(s->extents, s->num_extents * sizeof(VmdkExtent));
237 }
238 
239 static uint32_t vmdk_read_cid(BlockDriverState *bs, int parent)
240 {
241     char desc[DESC_SIZE];
242     uint32_t cid = 0xffffffff;
243     const char *p_name, *cid_str;
244     size_t cid_str_size;
245     BDRVVmdkState *s = bs->opaque;
246     int ret;
247 
248     ret = bdrv_pread(bs->file, s->desc_offset, desc, DESC_SIZE);
249     if (ret < 0) {
250         return 0;
251     }
252 
253     if (parent) {
254         cid_str = "parentCID";
255         cid_str_size = sizeof("parentCID");
256     } else {
257         cid_str = "CID";
258         cid_str_size = sizeof("CID");
259     }
260 
261     desc[DESC_SIZE - 1] = '\0';
262     p_name = strstr(desc, cid_str);
263     if (p_name != NULL) {
264         p_name += cid_str_size;
265         sscanf(p_name, "%x", &cid);
266     }
267 
268     return cid;
269 }
270 
271 static int vmdk_write_cid(BlockDriverState *bs, uint32_t cid)
272 {
273     char desc[DESC_SIZE], tmp_desc[DESC_SIZE];
274     char *p_name, *tmp_str;
275     BDRVVmdkState *s = bs->opaque;
276     int ret;
277 
278     ret = bdrv_pread(bs->file, s->desc_offset, desc, DESC_SIZE);
279     if (ret < 0) {
280         return ret;
281     }
282 
283     desc[DESC_SIZE - 1] = '\0';
284     tmp_str = strstr(desc, "parentCID");
285     if (tmp_str == NULL) {
286         return -EINVAL;
287     }
288 
289     pstrcpy(tmp_desc, sizeof(tmp_desc), tmp_str);
290     p_name = strstr(desc, "CID");
291     if (p_name != NULL) {
292         p_name += sizeof("CID");
293         snprintf(p_name, sizeof(desc) - (p_name - desc), "%x\n", cid);
294         pstrcat(desc, sizeof(desc), tmp_desc);
295     }
296 
297     ret = bdrv_pwrite_sync(bs->file, s->desc_offset, desc, DESC_SIZE);
298     if (ret < 0) {
299         return ret;
300     }
301 
302     return 0;
303 }
304 
305 static int vmdk_is_cid_valid(BlockDriverState *bs)
306 {
307     BDRVVmdkState *s = bs->opaque;
308     BlockDriverState *p_bs = bs->backing_hd;
309     uint32_t cur_pcid;
310 
311     if (!s->cid_checked && p_bs) {
312         cur_pcid = vmdk_read_cid(p_bs, 0);
313         if (s->parent_cid != cur_pcid) {
314             /* CID not valid */
315             return 0;
316         }
317     }
318     s->cid_checked = true;
319     /* CID valid */
320     return 1;
321 }
322 
323 /* Queue extents, if any, for reopen() */
324 static int vmdk_reopen_prepare(BDRVReopenState *state,
325                                BlockReopenQueue *queue, Error **errp)
326 {
327     BDRVVmdkState *s;
328     int ret = -1;
329     int i;
330     VmdkExtent *e;
331 
332     assert(state != NULL);
333     assert(state->bs != NULL);
334 
335     if (queue == NULL) {
336         error_setg(errp, "No reopen queue for VMDK extents");
337         goto exit;
338     }
339 
340     s = state->bs->opaque;
341 
342     assert(s != NULL);
343 
344     for (i = 0; i < s->num_extents; i++) {
345         e = &s->extents[i];
346         if (e->file != state->bs->file) {
347             bdrv_reopen_queue(queue, e->file, state->flags);
348         }
349     }
350     ret = 0;
351 
352 exit:
353     return ret;
354 }
355 
356 static int vmdk_parent_open(BlockDriverState *bs)
357 {
358     char *p_name;
359     char desc[DESC_SIZE + 1];
360     BDRVVmdkState *s = bs->opaque;
361     int ret;
362 
363     desc[DESC_SIZE] = '\0';
364     ret = bdrv_pread(bs->file, s->desc_offset, desc, DESC_SIZE);
365     if (ret < 0) {
366         return ret;
367     }
368 
369     p_name = strstr(desc, "parentFileNameHint");
370     if (p_name != NULL) {
371         char *end_name;
372 
373         p_name += sizeof("parentFileNameHint") + 1;
374         end_name = strchr(p_name, '\"');
375         if (end_name == NULL) {
376             return -EINVAL;
377         }
378         if ((end_name - p_name) > sizeof(bs->backing_file) - 1) {
379             return -EINVAL;
380         }
381 
382         pstrcpy(bs->backing_file, end_name - p_name + 1, p_name);
383     }
384 
385     return 0;
386 }
387 
388 /* Create and append extent to the extent array. Return the added VmdkExtent
389  * address. return NULL if allocation failed. */
390 static int vmdk_add_extent(BlockDriverState *bs,
391                            BlockDriverState *file, bool flat, int64_t sectors,
392                            int64_t l1_offset, int64_t l1_backup_offset,
393                            uint32_t l1_size,
394                            int l2_size, uint64_t cluster_sectors,
395                            VmdkExtent **new_extent,
396                            Error **errp)
397 {
398     VmdkExtent *extent;
399     BDRVVmdkState *s = bs->opaque;
400 
401     if (cluster_sectors > 0x200000) {
402         /* 0x200000 * 512Bytes = 1GB for one cluster is unrealistic */
403         error_setg(errp, "Invalid granularity, image may be corrupt");
404         return -EFBIG;
405     }
406     if (l1_size > 512 * 1024 * 1024) {
407         /* Although with big capacity and small l1_entry_sectors, we can get a
408          * big l1_size, we don't want unbounded value to allocate the table.
409          * Limit it to 512M, which is 16PB for default cluster and L2 table
410          * size */
411         error_setg(errp, "L1 size too big");
412         return -EFBIG;
413     }
414 
415     s->extents = g_realloc(s->extents,
416                               (s->num_extents + 1) * sizeof(VmdkExtent));
417     extent = &s->extents[s->num_extents];
418     s->num_extents++;
419 
420     memset(extent, 0, sizeof(VmdkExtent));
421     extent->file = file;
422     extent->flat = flat;
423     extent->sectors = sectors;
424     extent->l1_table_offset = l1_offset;
425     extent->l1_backup_table_offset = l1_backup_offset;
426     extent->l1_size = l1_size;
427     extent->l1_entry_sectors = l2_size * cluster_sectors;
428     extent->l2_size = l2_size;
429     extent->cluster_sectors = flat ? sectors : cluster_sectors;
430 
431     if (s->num_extents > 1) {
432         extent->end_sector = (*(extent - 1)).end_sector + extent->sectors;
433     } else {
434         extent->end_sector = extent->sectors;
435     }
436     bs->total_sectors = extent->end_sector;
437     if (new_extent) {
438         *new_extent = extent;
439     }
440     return 0;
441 }
442 
443 static int vmdk_init_tables(BlockDriverState *bs, VmdkExtent *extent,
444                             Error **errp)
445 {
446     int ret;
447     int l1_size, i;
448 
449     /* read the L1 table */
450     l1_size = extent->l1_size * sizeof(uint32_t);
451     extent->l1_table = g_malloc(l1_size);
452     ret = bdrv_pread(extent->file,
453                      extent->l1_table_offset,
454                      extent->l1_table,
455                      l1_size);
456     if (ret < 0) {
457         error_setg_errno(errp, -ret,
458                          "Could not read l1 table from extent '%s'",
459                          extent->file->filename);
460         goto fail_l1;
461     }
462     for (i = 0; i < extent->l1_size; i++) {
463         le32_to_cpus(&extent->l1_table[i]);
464     }
465 
466     if (extent->l1_backup_table_offset) {
467         extent->l1_backup_table = g_malloc(l1_size);
468         ret = bdrv_pread(extent->file,
469                          extent->l1_backup_table_offset,
470                          extent->l1_backup_table,
471                          l1_size);
472         if (ret < 0) {
473             error_setg_errno(errp, -ret,
474                              "Could not read l1 backup table from extent '%s'",
475                              extent->file->filename);
476             goto fail_l1b;
477         }
478         for (i = 0; i < extent->l1_size; i++) {
479             le32_to_cpus(&extent->l1_backup_table[i]);
480         }
481     }
482 
483     extent->l2_cache =
484         g_malloc(extent->l2_size * L2_CACHE_SIZE * sizeof(uint32_t));
485     return 0;
486  fail_l1b:
487     g_free(extent->l1_backup_table);
488  fail_l1:
489     g_free(extent->l1_table);
490     return ret;
491 }
492 
493 static int vmdk_open_vmfs_sparse(BlockDriverState *bs,
494                                  BlockDriverState *file,
495                                  int flags, Error **errp)
496 {
497     int ret;
498     uint32_t magic;
499     VMDK3Header header;
500     VmdkExtent *extent;
501 
502     ret = bdrv_pread(file, sizeof(magic), &header, sizeof(header));
503     if (ret < 0) {
504         error_setg_errno(errp, -ret,
505                          "Could not read header from file '%s'",
506                          file->filename);
507         return ret;
508     }
509     ret = vmdk_add_extent(bs, file, false,
510                           le32_to_cpu(header.disk_sectors),
511                           le32_to_cpu(header.l1dir_offset) << 9,
512                           0,
513                           le32_to_cpu(header.l1dir_size),
514                           4096,
515                           le32_to_cpu(header.granularity),
516                           &extent,
517                           errp);
518     if (ret < 0) {
519         return ret;
520     }
521     ret = vmdk_init_tables(bs, extent, errp);
522     if (ret) {
523         /* free extent allocated by vmdk_add_extent */
524         vmdk_free_last_extent(bs);
525     }
526     return ret;
527 }
528 
529 static int vmdk_open_desc_file(BlockDriverState *bs, int flags,
530                                uint64_t desc_offset, Error **errp);
531 
532 static int vmdk_open_vmdk4(BlockDriverState *bs,
533                            BlockDriverState *file,
534                            int flags, Error **errp)
535 {
536     int ret;
537     uint32_t magic;
538     uint32_t l1_size, l1_entry_sectors;
539     VMDK4Header header;
540     VmdkExtent *extent;
541     BDRVVmdkState *s = bs->opaque;
542     int64_t l1_backup_offset = 0;
543 
544     ret = bdrv_pread(file, sizeof(magic), &header, sizeof(header));
545     if (ret < 0) {
546         error_setg_errno(errp, -ret,
547                          "Could not read header from file '%s'",
548                          file->filename);
549     }
550     if (header.capacity == 0) {
551         uint64_t desc_offset = le64_to_cpu(header.desc_offset);
552         if (desc_offset) {
553             return vmdk_open_desc_file(bs, flags, desc_offset << 9, errp);
554         }
555     }
556 
557     if (!s->create_type) {
558         s->create_type = g_strdup("monolithicSparse");
559     }
560 
561     if (le64_to_cpu(header.gd_offset) == VMDK4_GD_AT_END) {
562         /*
563          * The footer takes precedence over the header, so read it in. The
564          * footer starts at offset -1024 from the end: One sector for the
565          * footer, and another one for the end-of-stream marker.
566          */
567         struct {
568             struct {
569                 uint64_t val;
570                 uint32_t size;
571                 uint32_t type;
572                 uint8_t pad[512 - 16];
573             } QEMU_PACKED footer_marker;
574 
575             uint32_t magic;
576             VMDK4Header header;
577             uint8_t pad[512 - 4 - sizeof(VMDK4Header)];
578 
579             struct {
580                 uint64_t val;
581                 uint32_t size;
582                 uint32_t type;
583                 uint8_t pad[512 - 16];
584             } QEMU_PACKED eos_marker;
585         } QEMU_PACKED footer;
586 
587         ret = bdrv_pread(file,
588             bs->file->total_sectors * 512 - 1536,
589             &footer, sizeof(footer));
590         if (ret < 0) {
591             return ret;
592         }
593 
594         /* Some sanity checks for the footer */
595         if (be32_to_cpu(footer.magic) != VMDK4_MAGIC ||
596             le32_to_cpu(footer.footer_marker.size) != 0  ||
597             le32_to_cpu(footer.footer_marker.type) != MARKER_FOOTER ||
598             le64_to_cpu(footer.eos_marker.val) != 0  ||
599             le32_to_cpu(footer.eos_marker.size) != 0  ||
600             le32_to_cpu(footer.eos_marker.type) != MARKER_END_OF_STREAM)
601         {
602             return -EINVAL;
603         }
604 
605         header = footer.header;
606     }
607 
608     if (le32_to_cpu(header.version) >= 3) {
609         char buf[64];
610         snprintf(buf, sizeof(buf), "VMDK version %d",
611                  le32_to_cpu(header.version));
612         qerror_report(QERR_UNKNOWN_BLOCK_FORMAT_FEATURE,
613                 bs->device_name, "vmdk", buf);
614         return -ENOTSUP;
615     }
616 
617     if (le32_to_cpu(header.num_gtes_per_gt) > 512) {
618         error_report("L2 table size too big");
619         return -EINVAL;
620     }
621 
622     l1_entry_sectors = le32_to_cpu(header.num_gtes_per_gt)
623                         * le64_to_cpu(header.granularity);
624     if (l1_entry_sectors == 0) {
625         return -EINVAL;
626     }
627     l1_size = (le64_to_cpu(header.capacity) + l1_entry_sectors - 1)
628                 / l1_entry_sectors;
629     if (le32_to_cpu(header.flags) & VMDK4_FLAG_RGD) {
630         l1_backup_offset = le64_to_cpu(header.rgd_offset) << 9;
631     }
632     ret = vmdk_add_extent(bs, file, false,
633                           le64_to_cpu(header.capacity),
634                           le64_to_cpu(header.gd_offset) << 9,
635                           l1_backup_offset,
636                           l1_size,
637                           le32_to_cpu(header.num_gtes_per_gt),
638                           le64_to_cpu(header.granularity),
639                           &extent,
640                           errp);
641     if (ret < 0) {
642         return ret;
643     }
644     extent->compressed =
645         le16_to_cpu(header.compressAlgorithm) == VMDK4_COMPRESSION_DEFLATE;
646     extent->has_marker = le32_to_cpu(header.flags) & VMDK4_FLAG_MARKER;
647     extent->version = le32_to_cpu(header.version);
648     extent->has_zero_grain = le32_to_cpu(header.flags) & VMDK4_FLAG_ZERO_GRAIN;
649     ret = vmdk_init_tables(bs, extent, errp);
650     if (ret) {
651         /* free extent allocated by vmdk_add_extent */
652         vmdk_free_last_extent(bs);
653     }
654     return ret;
655 }
656 
657 /* find an option value out of descriptor file */
658 static int vmdk_parse_description(const char *desc, const char *opt_name,
659         char *buf, int buf_size)
660 {
661     char *opt_pos, *opt_end;
662     const char *end = desc + strlen(desc);
663 
664     opt_pos = strstr(desc, opt_name);
665     if (!opt_pos) {
666         return VMDK_ERROR;
667     }
668     /* Skip "=\"" following opt_name */
669     opt_pos += strlen(opt_name) + 2;
670     if (opt_pos >= end) {
671         return VMDK_ERROR;
672     }
673     opt_end = opt_pos;
674     while (opt_end < end && *opt_end != '"') {
675         opt_end++;
676     }
677     if (opt_end == end || buf_size < opt_end - opt_pos + 1) {
678         return VMDK_ERROR;
679     }
680     pstrcpy(buf, opt_end - opt_pos + 1, opt_pos);
681     return VMDK_OK;
682 }
683 
684 /* Open an extent file and append to bs array */
685 static int vmdk_open_sparse(BlockDriverState *bs,
686                             BlockDriverState *file,
687                             int flags, Error **errp)
688 {
689     uint32_t magic;
690 
691     if (bdrv_pread(file, 0, &magic, sizeof(magic)) != sizeof(magic)) {
692         return -EIO;
693     }
694 
695     magic = be32_to_cpu(magic);
696     switch (magic) {
697         case VMDK3_MAGIC:
698             return vmdk_open_vmfs_sparse(bs, file, flags, errp);
699             break;
700         case VMDK4_MAGIC:
701             return vmdk_open_vmdk4(bs, file, flags, errp);
702             break;
703         default:
704             return -EMEDIUMTYPE;
705             break;
706     }
707 }
708 
709 static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,
710                               const char *desc_file_path, Error **errp)
711 {
712     int ret;
713     char access[11];
714     char type[11];
715     char fname[512];
716     const char *p = desc;
717     int64_t sectors = 0;
718     int64_t flat_offset;
719     char extent_path[PATH_MAX];
720     BlockDriverState *extent_file;
721     BDRVVmdkState *s = bs->opaque;
722     VmdkExtent *extent;
723 
724     while (*p) {
725         /* parse extent line:
726          * RW [size in sectors] FLAT "file-name.vmdk" OFFSET
727          * or
728          * RW [size in sectors] SPARSE "file-name.vmdk"
729          */
730         flat_offset = -1;
731         ret = sscanf(p, "%10s %" SCNd64 " %10s \"%511[^\n\r\"]\" %" SCNd64,
732                 access, &sectors, type, fname, &flat_offset);
733         if (ret < 4 || strcmp(access, "RW")) {
734             goto next_line;
735         } else if (!strcmp(type, "FLAT")) {
736             if (ret != 5 || flat_offset < 0) {
737                 error_setg(errp, "Invalid extent lines: \n%s", p);
738                 return -EINVAL;
739             }
740         } else if (!strcmp(type, "VMFS")) {
741             flat_offset = 0;
742         } else if (ret != 4) {
743             error_setg(errp, "Invalid extent lines: \n%s", p);
744             return -EINVAL;
745         }
746 
747         if (sectors <= 0 ||
748             (strcmp(type, "FLAT") && strcmp(type, "SPARSE") &&
749              strcmp(type, "VMFS") && strcmp(type, "VMFSSPARSE")) ||
750             (strcmp(access, "RW"))) {
751             goto next_line;
752         }
753 
754         path_combine(extent_path, sizeof(extent_path),
755                 desc_file_path, fname);
756         ret = bdrv_file_open(&extent_file, extent_path, NULL, bs->open_flags,
757                              errp);
758         if (ret) {
759             return ret;
760         }
761 
762         /* save to extents array */
763         if (!strcmp(type, "FLAT") || !strcmp(type, "VMFS")) {
764             /* FLAT extent */
765 
766             ret = vmdk_add_extent(bs, extent_file, true, sectors,
767                             0, 0, 0, 0, 0, &extent, errp);
768             if (ret < 0) {
769                 return ret;
770             }
771             extent->flat_start_offset = flat_offset << 9;
772         } else if (!strcmp(type, "SPARSE") || !strcmp(type, "VMFSSPARSE")) {
773             /* SPARSE extent and VMFSSPARSE extent are both "COWD" sparse file*/
774             ret = vmdk_open_sparse(bs, extent_file, bs->open_flags, errp);
775             if (ret) {
776                 bdrv_unref(extent_file);
777                 return ret;
778             }
779             extent = &s->extents[s->num_extents - 1];
780         } else {
781             error_setg(errp, "Unsupported extent type '%s'", type);
782             return -ENOTSUP;
783         }
784         extent->type = g_strdup(type);
785 next_line:
786         /* move to next line */
787         while (*p) {
788             if (*p == '\n') {
789                 p++;
790                 break;
791             }
792             p++;
793         }
794     }
795     return 0;
796 }
797 
798 static int vmdk_open_desc_file(BlockDriverState *bs, int flags,
799                                uint64_t desc_offset, Error **errp)
800 {
801     int ret;
802     char *buf = NULL;
803     char ct[128];
804     BDRVVmdkState *s = bs->opaque;
805     int64_t size;
806 
807     size = bdrv_getlength(bs->file);
808     if (size < 0) {
809         return -EINVAL;
810     }
811 
812     size = MIN(size, 1 << 20);  /* avoid unbounded allocation */
813     buf = g_malloc0(size + 1);
814 
815     ret = bdrv_pread(bs->file, desc_offset, buf, size);
816     if (ret < 0) {
817         goto exit;
818     }
819     if (vmdk_parse_description(buf, "createType", ct, sizeof(ct))) {
820         ret = -EMEDIUMTYPE;
821         goto exit;
822     }
823     if (strcmp(ct, "monolithicFlat") &&
824         strcmp(ct, "vmfs") &&
825         strcmp(ct, "vmfsSparse") &&
826         strcmp(ct, "twoGbMaxExtentSparse") &&
827         strcmp(ct, "twoGbMaxExtentFlat")) {
828         error_setg(errp, "Unsupported image type '%s'", ct);
829         ret = -ENOTSUP;
830         goto exit;
831     }
832     s->create_type = g_strdup(ct);
833     s->desc_offset = 0;
834     ret = vmdk_parse_extents(buf, bs, bs->file->filename, errp);
835 exit:
836     g_free(buf);
837     return ret;
838 }
839 
840 static int vmdk_open(BlockDriverState *bs, QDict *options, int flags,
841                      Error **errp)
842 {
843     int ret;
844     BDRVVmdkState *s = bs->opaque;
845 
846     if (vmdk_open_sparse(bs, bs->file, flags, errp) == 0) {
847         s->desc_offset = 0x200;
848     } else {
849         ret = vmdk_open_desc_file(bs, flags, 0, errp);
850         if (ret) {
851             goto fail;
852         }
853     }
854     /* try to open parent images, if exist */
855     ret = vmdk_parent_open(bs);
856     if (ret) {
857         goto fail;
858     }
859     s->cid = vmdk_read_cid(bs, 0);
860     s->parent_cid = vmdk_read_cid(bs, 1);
861     qemu_co_mutex_init(&s->lock);
862 
863     /* Disable migration when VMDK images are used */
864     error_set(&s->migration_blocker,
865               QERR_BLOCK_FORMAT_FEATURE_NOT_SUPPORTED,
866               "vmdk", bs->device_name, "live migration");
867     migrate_add_blocker(s->migration_blocker);
868 
869     return 0;
870 
871 fail:
872     g_free(s->create_type);
873     s->create_type = NULL;
874     vmdk_free_extents(bs);
875     return ret;
876 }
877 
878 static int get_whole_cluster(BlockDriverState *bs,
879                 VmdkExtent *extent,
880                 uint64_t cluster_offset,
881                 uint64_t offset,
882                 bool allocate)
883 {
884     int ret = VMDK_OK;
885     uint8_t *whole_grain = NULL;
886 
887     /* we will be here if it's first write on non-exist grain(cluster).
888      * try to read from parent image, if exist */
889     if (bs->backing_hd) {
890         whole_grain =
891             qemu_blockalign(bs, extent->cluster_sectors << BDRV_SECTOR_BITS);
892         if (!vmdk_is_cid_valid(bs)) {
893             ret = VMDK_ERROR;
894             goto exit;
895         }
896 
897         /* floor offset to cluster */
898         offset -= offset % (extent->cluster_sectors * 512);
899         ret = bdrv_read(bs->backing_hd, offset >> 9, whole_grain,
900                 extent->cluster_sectors);
901         if (ret < 0) {
902             ret = VMDK_ERROR;
903             goto exit;
904         }
905 
906         /* Write grain only into the active image */
907         ret = bdrv_write(extent->file, cluster_offset, whole_grain,
908                 extent->cluster_sectors);
909         if (ret < 0) {
910             ret = VMDK_ERROR;
911             goto exit;
912         }
913     }
914 exit:
915     qemu_vfree(whole_grain);
916     return ret;
917 }
918 
919 static int vmdk_L2update(VmdkExtent *extent, VmdkMetaData *m_data)
920 {
921     uint32_t offset;
922     QEMU_BUILD_BUG_ON(sizeof(offset) != sizeof(m_data->offset));
923     offset = cpu_to_le32(m_data->offset);
924     /* update L2 table */
925     if (bdrv_pwrite_sync(
926                 extent->file,
927                 ((int64_t)m_data->l2_offset * 512)
928                     + (m_data->l2_index * sizeof(m_data->offset)),
929                 &offset, sizeof(offset)) < 0) {
930         return VMDK_ERROR;
931     }
932     /* update backup L2 table */
933     if (extent->l1_backup_table_offset != 0) {
934         m_data->l2_offset = extent->l1_backup_table[m_data->l1_index];
935         if (bdrv_pwrite_sync(
936                     extent->file,
937                     ((int64_t)m_data->l2_offset * 512)
938                         + (m_data->l2_index * sizeof(m_data->offset)),
939                     &offset, sizeof(offset)) < 0) {
940             return VMDK_ERROR;
941         }
942     }
943     if (m_data->l2_cache_entry) {
944         *m_data->l2_cache_entry = offset;
945     }
946 
947     return VMDK_OK;
948 }
949 
950 static int get_cluster_offset(BlockDriverState *bs,
951                                     VmdkExtent *extent,
952                                     VmdkMetaData *m_data,
953                                     uint64_t offset,
954                                     int allocate,
955                                     uint64_t *cluster_offset)
956 {
957     unsigned int l1_index, l2_offset, l2_index;
958     int min_index, i, j;
959     uint32_t min_count, *l2_table;
960     bool zeroed = false;
961 
962     if (m_data) {
963         m_data->valid = 0;
964     }
965     if (extent->flat) {
966         *cluster_offset = extent->flat_start_offset;
967         return VMDK_OK;
968     }
969 
970     offset -= (extent->end_sector - extent->sectors) * SECTOR_SIZE;
971     l1_index = (offset >> 9) / extent->l1_entry_sectors;
972     if (l1_index >= extent->l1_size) {
973         return VMDK_ERROR;
974     }
975     l2_offset = extent->l1_table[l1_index];
976     if (!l2_offset) {
977         return VMDK_UNALLOC;
978     }
979     for (i = 0; i < L2_CACHE_SIZE; i++) {
980         if (l2_offset == extent->l2_cache_offsets[i]) {
981             /* increment the hit count */
982             if (++extent->l2_cache_counts[i] == 0xffffffff) {
983                 for (j = 0; j < L2_CACHE_SIZE; j++) {
984                     extent->l2_cache_counts[j] >>= 1;
985                 }
986             }
987             l2_table = extent->l2_cache + (i * extent->l2_size);
988             goto found;
989         }
990     }
991     /* not found: load a new entry in the least used one */
992     min_index = 0;
993     min_count = 0xffffffff;
994     for (i = 0; i < L2_CACHE_SIZE; i++) {
995         if (extent->l2_cache_counts[i] < min_count) {
996             min_count = extent->l2_cache_counts[i];
997             min_index = i;
998         }
999     }
1000     l2_table = extent->l2_cache + (min_index * extent->l2_size);
1001     if (bdrv_pread(
1002                 extent->file,
1003                 (int64_t)l2_offset * 512,
1004                 l2_table,
1005                 extent->l2_size * sizeof(uint32_t)
1006             ) != extent->l2_size * sizeof(uint32_t)) {
1007         return VMDK_ERROR;
1008     }
1009 
1010     extent->l2_cache_offsets[min_index] = l2_offset;
1011     extent->l2_cache_counts[min_index] = 1;
1012  found:
1013     l2_index = ((offset >> 9) / extent->cluster_sectors) % extent->l2_size;
1014     *cluster_offset = le32_to_cpu(l2_table[l2_index]);
1015 
1016     if (m_data) {
1017         m_data->valid = 1;
1018         m_data->l1_index = l1_index;
1019         m_data->l2_index = l2_index;
1020         m_data->offset = *cluster_offset;
1021         m_data->l2_offset = l2_offset;
1022         m_data->l2_cache_entry = &l2_table[l2_index];
1023     }
1024     if (extent->has_zero_grain && *cluster_offset == VMDK_GTE_ZEROED) {
1025         zeroed = true;
1026     }
1027 
1028     if (!*cluster_offset || zeroed) {
1029         if (!allocate) {
1030             return zeroed ? VMDK_ZEROED : VMDK_UNALLOC;
1031         }
1032 
1033         /* Avoid the L2 tables update for the images that have snapshots. */
1034         *cluster_offset = bdrv_getlength(extent->file);
1035         if (!extent->compressed) {
1036             bdrv_truncate(
1037                 extent->file,
1038                 *cluster_offset + (extent->cluster_sectors << 9)
1039             );
1040         }
1041 
1042         *cluster_offset >>= 9;
1043         l2_table[l2_index] = cpu_to_le32(*cluster_offset);
1044 
1045         /* First of all we write grain itself, to avoid race condition
1046          * that may to corrupt the image.
1047          * This problem may occur because of insufficient space on host disk
1048          * or inappropriate VM shutdown.
1049          */
1050         if (get_whole_cluster(
1051                 bs, extent, *cluster_offset, offset, allocate) == -1) {
1052             return VMDK_ERROR;
1053         }
1054 
1055         if (m_data) {
1056             m_data->offset = *cluster_offset;
1057         }
1058     }
1059     *cluster_offset <<= 9;
1060     return VMDK_OK;
1061 }
1062 
1063 static VmdkExtent *find_extent(BDRVVmdkState *s,
1064                                 int64_t sector_num, VmdkExtent *start_hint)
1065 {
1066     VmdkExtent *extent = start_hint;
1067 
1068     if (!extent) {
1069         extent = &s->extents[0];
1070     }
1071     while (extent < &s->extents[s->num_extents]) {
1072         if (sector_num < extent->end_sector) {
1073             return extent;
1074         }
1075         extent++;
1076     }
1077     return NULL;
1078 }
1079 
1080 static int64_t coroutine_fn vmdk_co_get_block_status(BlockDriverState *bs,
1081         int64_t sector_num, int nb_sectors, int *pnum)
1082 {
1083     BDRVVmdkState *s = bs->opaque;
1084     int64_t index_in_cluster, n, ret;
1085     uint64_t offset;
1086     VmdkExtent *extent;
1087 
1088     extent = find_extent(s, sector_num, NULL);
1089     if (!extent) {
1090         return 0;
1091     }
1092     qemu_co_mutex_lock(&s->lock);
1093     ret = get_cluster_offset(bs, extent, NULL,
1094                             sector_num * 512, 0, &offset);
1095     qemu_co_mutex_unlock(&s->lock);
1096 
1097     switch (ret) {
1098     case VMDK_ERROR:
1099         ret = -EIO;
1100         break;
1101     case VMDK_UNALLOC:
1102         ret = 0;
1103         break;
1104     case VMDK_ZEROED:
1105         ret = BDRV_BLOCK_ZERO;
1106         break;
1107     case VMDK_OK:
1108         ret = BDRV_BLOCK_DATA;
1109         if (extent->file == bs->file) {
1110             ret |= BDRV_BLOCK_OFFSET_VALID | offset;
1111         }
1112 
1113         break;
1114     }
1115 
1116     index_in_cluster = sector_num % extent->cluster_sectors;
1117     n = extent->cluster_sectors - index_in_cluster;
1118     if (n > nb_sectors) {
1119         n = nb_sectors;
1120     }
1121     *pnum = n;
1122     return ret;
1123 }
1124 
1125 static int vmdk_write_extent(VmdkExtent *extent, int64_t cluster_offset,
1126                             int64_t offset_in_cluster, const uint8_t *buf,
1127                             int nb_sectors, int64_t sector_num)
1128 {
1129     int ret;
1130     VmdkGrainMarker *data = NULL;
1131     uLongf buf_len;
1132     const uint8_t *write_buf = buf;
1133     int write_len = nb_sectors * 512;
1134 
1135     if (extent->compressed) {
1136         if (!extent->has_marker) {
1137             ret = -EINVAL;
1138             goto out;
1139         }
1140         buf_len = (extent->cluster_sectors << 9) * 2;
1141         data = g_malloc(buf_len + sizeof(VmdkGrainMarker));
1142         if (compress(data->data, &buf_len, buf, nb_sectors << 9) != Z_OK ||
1143                 buf_len == 0) {
1144             ret = -EINVAL;
1145             goto out;
1146         }
1147         data->lba = sector_num;
1148         data->size = buf_len;
1149         write_buf = (uint8_t *)data;
1150         write_len = buf_len + sizeof(VmdkGrainMarker);
1151     }
1152     ret = bdrv_pwrite(extent->file,
1153                         cluster_offset + offset_in_cluster,
1154                         write_buf,
1155                         write_len);
1156     if (ret != write_len) {
1157         ret = ret < 0 ? ret : -EIO;
1158         goto out;
1159     }
1160     ret = 0;
1161  out:
1162     g_free(data);
1163     return ret;
1164 }
1165 
1166 static int vmdk_read_extent(VmdkExtent *extent, int64_t cluster_offset,
1167                             int64_t offset_in_cluster, uint8_t *buf,
1168                             int nb_sectors)
1169 {
1170     int ret;
1171     int cluster_bytes, buf_bytes;
1172     uint8_t *cluster_buf, *compressed_data;
1173     uint8_t *uncomp_buf;
1174     uint32_t data_len;
1175     VmdkGrainMarker *marker;
1176     uLongf buf_len;
1177 
1178 
1179     if (!extent->compressed) {
1180         ret = bdrv_pread(extent->file,
1181                           cluster_offset + offset_in_cluster,
1182                           buf, nb_sectors * 512);
1183         if (ret == nb_sectors * 512) {
1184             return 0;
1185         } else {
1186             return -EIO;
1187         }
1188     }
1189     cluster_bytes = extent->cluster_sectors * 512;
1190     /* Read two clusters in case GrainMarker + compressed data > one cluster */
1191     buf_bytes = cluster_bytes * 2;
1192     cluster_buf = g_malloc(buf_bytes);
1193     uncomp_buf = g_malloc(cluster_bytes);
1194     ret = bdrv_pread(extent->file,
1195                 cluster_offset,
1196                 cluster_buf, buf_bytes);
1197     if (ret < 0) {
1198         goto out;
1199     }
1200     compressed_data = cluster_buf;
1201     buf_len = cluster_bytes;
1202     data_len = cluster_bytes;
1203     if (extent->has_marker) {
1204         marker = (VmdkGrainMarker *)cluster_buf;
1205         compressed_data = marker->data;
1206         data_len = le32_to_cpu(marker->size);
1207     }
1208     if (!data_len || data_len > buf_bytes) {
1209         ret = -EINVAL;
1210         goto out;
1211     }
1212     ret = uncompress(uncomp_buf, &buf_len, compressed_data, data_len);
1213     if (ret != Z_OK) {
1214         ret = -EINVAL;
1215         goto out;
1216 
1217     }
1218     if (offset_in_cluster < 0 ||
1219             offset_in_cluster + nb_sectors * 512 > buf_len) {
1220         ret = -EINVAL;
1221         goto out;
1222     }
1223     memcpy(buf, uncomp_buf + offset_in_cluster, nb_sectors * 512);
1224     ret = 0;
1225 
1226  out:
1227     g_free(uncomp_buf);
1228     g_free(cluster_buf);
1229     return ret;
1230 }
1231 
1232 static int vmdk_read(BlockDriverState *bs, int64_t sector_num,
1233                     uint8_t *buf, int nb_sectors)
1234 {
1235     BDRVVmdkState *s = bs->opaque;
1236     int ret;
1237     uint64_t n, index_in_cluster;
1238     uint64_t extent_begin_sector, extent_relative_sector_num;
1239     VmdkExtent *extent = NULL;
1240     uint64_t cluster_offset;
1241 
1242     while (nb_sectors > 0) {
1243         extent = find_extent(s, sector_num, extent);
1244         if (!extent) {
1245             return -EIO;
1246         }
1247         ret = get_cluster_offset(
1248                             bs, extent, NULL,
1249                             sector_num << 9, 0, &cluster_offset);
1250         extent_begin_sector = extent->end_sector - extent->sectors;
1251         extent_relative_sector_num = sector_num - extent_begin_sector;
1252         index_in_cluster = extent_relative_sector_num % extent->cluster_sectors;
1253         n = extent->cluster_sectors - index_in_cluster;
1254         if (n > nb_sectors) {
1255             n = nb_sectors;
1256         }
1257         if (ret != VMDK_OK) {
1258             /* if not allocated, try to read from parent image, if exist */
1259             if (bs->backing_hd && ret != VMDK_ZEROED) {
1260                 if (!vmdk_is_cid_valid(bs)) {
1261                     return -EINVAL;
1262                 }
1263                 ret = bdrv_read(bs->backing_hd, sector_num, buf, n);
1264                 if (ret < 0) {
1265                     return ret;
1266                 }
1267             } else {
1268                 memset(buf, 0, 512 * n);
1269             }
1270         } else {
1271             ret = vmdk_read_extent(extent,
1272                             cluster_offset, index_in_cluster * 512,
1273                             buf, n);
1274             if (ret) {
1275                 return ret;
1276             }
1277         }
1278         nb_sectors -= n;
1279         sector_num += n;
1280         buf += n * 512;
1281     }
1282     return 0;
1283 }
1284 
1285 static coroutine_fn int vmdk_co_read(BlockDriverState *bs, int64_t sector_num,
1286                                      uint8_t *buf, int nb_sectors)
1287 {
1288     int ret;
1289     BDRVVmdkState *s = bs->opaque;
1290     qemu_co_mutex_lock(&s->lock);
1291     ret = vmdk_read(bs, sector_num, buf, nb_sectors);
1292     qemu_co_mutex_unlock(&s->lock);
1293     return ret;
1294 }
1295 
1296 /**
1297  * vmdk_write:
1298  * @zeroed:       buf is ignored (data is zero), use zeroed_grain GTE feature
1299  *                if possible, otherwise return -ENOTSUP.
1300  * @zero_dry_run: used for zeroed == true only, don't update L2 table, just try
1301  *                with each cluster. By dry run we can find if the zero write
1302  *                is possible without modifying image data.
1303  *
1304  * Returns: error code with 0 for success.
1305  */
1306 static int vmdk_write(BlockDriverState *bs, int64_t sector_num,
1307                       const uint8_t *buf, int nb_sectors,
1308                       bool zeroed, bool zero_dry_run)
1309 {
1310     BDRVVmdkState *s = bs->opaque;
1311     VmdkExtent *extent = NULL;
1312     int n, ret;
1313     int64_t index_in_cluster;
1314     uint64_t extent_begin_sector, extent_relative_sector_num;
1315     uint64_t cluster_offset;
1316     VmdkMetaData m_data;
1317 
1318     if (sector_num > bs->total_sectors) {
1319         error_report("Wrong offset: sector_num=0x%" PRIx64
1320                 " total_sectors=0x%" PRIx64 "\n",
1321                 sector_num, bs->total_sectors);
1322         return -EIO;
1323     }
1324 
1325     while (nb_sectors > 0) {
1326         extent = find_extent(s, sector_num, extent);
1327         if (!extent) {
1328             return -EIO;
1329         }
1330         ret = get_cluster_offset(
1331                                 bs,
1332                                 extent,
1333                                 &m_data,
1334                                 sector_num << 9, !extent->compressed,
1335                                 &cluster_offset);
1336         if (extent->compressed) {
1337             if (ret == VMDK_OK) {
1338                 /* Refuse write to allocated cluster for streamOptimized */
1339                 error_report("Could not write to allocated cluster"
1340                               " for streamOptimized");
1341                 return -EIO;
1342             } else {
1343                 /* allocate */
1344                 ret = get_cluster_offset(
1345                                         bs,
1346                                         extent,
1347                                         &m_data,
1348                                         sector_num << 9, 1,
1349                                         &cluster_offset);
1350             }
1351         }
1352         if (ret == VMDK_ERROR) {
1353             return -EINVAL;
1354         }
1355         extent_begin_sector = extent->end_sector - extent->sectors;
1356         extent_relative_sector_num = sector_num - extent_begin_sector;
1357         index_in_cluster = extent_relative_sector_num % extent->cluster_sectors;
1358         n = extent->cluster_sectors - index_in_cluster;
1359         if (n > nb_sectors) {
1360             n = nb_sectors;
1361         }
1362         if (zeroed) {
1363             /* Do zeroed write, buf is ignored */
1364             if (extent->has_zero_grain &&
1365                     index_in_cluster == 0 &&
1366                     n >= extent->cluster_sectors) {
1367                 n = extent->cluster_sectors;
1368                 if (!zero_dry_run) {
1369                     m_data.offset = VMDK_GTE_ZEROED;
1370                     /* update L2 tables */
1371                     if (vmdk_L2update(extent, &m_data) != VMDK_OK) {
1372                         return -EIO;
1373                     }
1374                 }
1375             } else {
1376                 return -ENOTSUP;
1377             }
1378         } else {
1379             ret = vmdk_write_extent(extent,
1380                             cluster_offset, index_in_cluster * 512,
1381                             buf, n, sector_num);
1382             if (ret) {
1383                 return ret;
1384             }
1385             if (m_data.valid) {
1386                 /* update L2 tables */
1387                 if (vmdk_L2update(extent, &m_data) != VMDK_OK) {
1388                     return -EIO;
1389                 }
1390             }
1391         }
1392         nb_sectors -= n;
1393         sector_num += n;
1394         buf += n * 512;
1395 
1396         /* update CID on the first write every time the virtual disk is
1397          * opened */
1398         if (!s->cid_updated) {
1399             ret = vmdk_write_cid(bs, time(NULL));
1400             if (ret < 0) {
1401                 return ret;
1402             }
1403             s->cid_updated = true;
1404         }
1405     }
1406     return 0;
1407 }
1408 
1409 static coroutine_fn int vmdk_co_write(BlockDriverState *bs, int64_t sector_num,
1410                                       const uint8_t *buf, int nb_sectors)
1411 {
1412     int ret;
1413     BDRVVmdkState *s = bs->opaque;
1414     qemu_co_mutex_lock(&s->lock);
1415     ret = vmdk_write(bs, sector_num, buf, nb_sectors, false, false);
1416     qemu_co_mutex_unlock(&s->lock);
1417     return ret;
1418 }
1419 
1420 static int coroutine_fn vmdk_co_write_zeroes(BlockDriverState *bs,
1421                                              int64_t sector_num,
1422                                              int nb_sectors)
1423 {
1424     int ret;
1425     BDRVVmdkState *s = bs->opaque;
1426     qemu_co_mutex_lock(&s->lock);
1427     /* write zeroes could fail if sectors not aligned to cluster, test it with
1428      * dry_run == true before really updating image */
1429     ret = vmdk_write(bs, sector_num, NULL, nb_sectors, true, true);
1430     if (!ret) {
1431         ret = vmdk_write(bs, sector_num, NULL, nb_sectors, true, false);
1432     }
1433     qemu_co_mutex_unlock(&s->lock);
1434     return ret;
1435 }
1436 
1437 static int vmdk_create_extent(const char *filename, int64_t filesize,
1438                               bool flat, bool compress, bool zeroed_grain)
1439 {
1440     int ret, i;
1441     int fd = 0;
1442     VMDK4Header header;
1443     uint32_t tmp, magic, grains, gd_size, gt_size, gt_count;
1444 
1445     fd = qemu_open(filename,
1446                    O_WRONLY | O_CREAT | O_TRUNC | O_BINARY | O_LARGEFILE,
1447                    0644);
1448     if (fd < 0) {
1449         return -errno;
1450     }
1451     if (flat) {
1452         ret = ftruncate(fd, filesize);
1453         if (ret < 0) {
1454             ret = -errno;
1455         }
1456         goto exit;
1457     }
1458     magic = cpu_to_be32(VMDK4_MAGIC);
1459     memset(&header, 0, sizeof(header));
1460     header.version = zeroed_grain ? 2 : 1;
1461     header.flags = VMDK4_FLAG_RGD | VMDK4_FLAG_NL_DETECT
1462                    | (compress ? VMDK4_FLAG_COMPRESS | VMDK4_FLAG_MARKER : 0)
1463                    | (zeroed_grain ? VMDK4_FLAG_ZERO_GRAIN : 0);
1464     header.compressAlgorithm = compress ? VMDK4_COMPRESSION_DEFLATE : 0;
1465     header.capacity = filesize / 512;
1466     header.granularity = 128;
1467     header.num_gtes_per_gt = 512;
1468 
1469     grains = (filesize / 512 + header.granularity - 1) / header.granularity;
1470     gt_size = ((header.num_gtes_per_gt * sizeof(uint32_t)) + 511) >> 9;
1471     gt_count =
1472         (grains + header.num_gtes_per_gt - 1) / header.num_gtes_per_gt;
1473     gd_size = (gt_count * sizeof(uint32_t) + 511) >> 9;
1474 
1475     header.desc_offset = 1;
1476     header.desc_size = 20;
1477     header.rgd_offset = header.desc_offset + header.desc_size;
1478     header.gd_offset = header.rgd_offset + gd_size + (gt_size * gt_count);
1479     header.grain_offset =
1480        ((header.gd_offset + gd_size + (gt_size * gt_count) +
1481          header.granularity - 1) / header.granularity) *
1482         header.granularity;
1483     /* swap endianness for all header fields */
1484     header.version = cpu_to_le32(header.version);
1485     header.flags = cpu_to_le32(header.flags);
1486     header.capacity = cpu_to_le64(header.capacity);
1487     header.granularity = cpu_to_le64(header.granularity);
1488     header.num_gtes_per_gt = cpu_to_le32(header.num_gtes_per_gt);
1489     header.desc_offset = cpu_to_le64(header.desc_offset);
1490     header.desc_size = cpu_to_le64(header.desc_size);
1491     header.rgd_offset = cpu_to_le64(header.rgd_offset);
1492     header.gd_offset = cpu_to_le64(header.gd_offset);
1493     header.grain_offset = cpu_to_le64(header.grain_offset);
1494     header.compressAlgorithm = cpu_to_le16(header.compressAlgorithm);
1495 
1496     header.check_bytes[0] = 0xa;
1497     header.check_bytes[1] = 0x20;
1498     header.check_bytes[2] = 0xd;
1499     header.check_bytes[3] = 0xa;
1500 
1501     /* write all the data */
1502     ret = qemu_write_full(fd, &magic, sizeof(magic));
1503     if (ret != sizeof(magic)) {
1504         ret = -errno;
1505         goto exit;
1506     }
1507     ret = qemu_write_full(fd, &header, sizeof(header));
1508     if (ret != sizeof(header)) {
1509         ret = -errno;
1510         goto exit;
1511     }
1512 
1513     ret = ftruncate(fd, le64_to_cpu(header.grain_offset) << 9);
1514     if (ret < 0) {
1515         ret = -errno;
1516         goto exit;
1517     }
1518 
1519     /* write grain directory */
1520     lseek(fd, le64_to_cpu(header.rgd_offset) << 9, SEEK_SET);
1521     for (i = 0, tmp = le64_to_cpu(header.rgd_offset) + gd_size;
1522          i < gt_count; i++, tmp += gt_size) {
1523         ret = qemu_write_full(fd, &tmp, sizeof(tmp));
1524         if (ret != sizeof(tmp)) {
1525             ret = -errno;
1526             goto exit;
1527         }
1528     }
1529 
1530     /* write backup grain directory */
1531     lseek(fd, le64_to_cpu(header.gd_offset) << 9, SEEK_SET);
1532     for (i = 0, tmp = le64_to_cpu(header.gd_offset) + gd_size;
1533          i < gt_count; i++, tmp += gt_size) {
1534         ret = qemu_write_full(fd, &tmp, sizeof(tmp));
1535         if (ret != sizeof(tmp)) {
1536             ret = -errno;
1537             goto exit;
1538         }
1539     }
1540 
1541     ret = 0;
1542  exit:
1543     qemu_close(fd);
1544     return ret;
1545 }
1546 
1547 static int filename_decompose(const char *filename, char *path, char *prefix,
1548                               char *postfix, size_t buf_len, Error **errp)
1549 {
1550     const char *p, *q;
1551 
1552     if (filename == NULL || !strlen(filename)) {
1553         error_setg(errp, "No filename provided");
1554         return VMDK_ERROR;
1555     }
1556     p = strrchr(filename, '/');
1557     if (p == NULL) {
1558         p = strrchr(filename, '\\');
1559     }
1560     if (p == NULL) {
1561         p = strrchr(filename, ':');
1562     }
1563     if (p != NULL) {
1564         p++;
1565         if (p - filename >= buf_len) {
1566             return VMDK_ERROR;
1567         }
1568         pstrcpy(path, p - filename + 1, filename);
1569     } else {
1570         p = filename;
1571         path[0] = '\0';
1572     }
1573     q = strrchr(p, '.');
1574     if (q == NULL) {
1575         pstrcpy(prefix, buf_len, p);
1576         postfix[0] = '\0';
1577     } else {
1578         if (q - p >= buf_len) {
1579             return VMDK_ERROR;
1580         }
1581         pstrcpy(prefix, q - p + 1, p);
1582         pstrcpy(postfix, buf_len, q);
1583     }
1584     return VMDK_OK;
1585 }
1586 
1587 static int vmdk_create(const char *filename, QEMUOptionParameter *options,
1588                        Error **errp)
1589 {
1590     int fd, idx = 0;
1591     char desc[BUF_SIZE];
1592     int64_t total_size = 0, filesize;
1593     const char *adapter_type = NULL;
1594     const char *backing_file = NULL;
1595     const char *fmt = NULL;
1596     int flags = 0;
1597     int ret = 0;
1598     bool flat, split, compress;
1599     char ext_desc_lines[BUF_SIZE] = "";
1600     char path[PATH_MAX], prefix[PATH_MAX], postfix[PATH_MAX];
1601     const int64_t split_size = 0x80000000;  /* VMDK has constant split size */
1602     const char *desc_extent_line;
1603     char parent_desc_line[BUF_SIZE] = "";
1604     uint32_t parent_cid = 0xffffffff;
1605     uint32_t number_heads = 16;
1606     bool zeroed_grain = false;
1607     const char desc_template[] =
1608         "# Disk DescriptorFile\n"
1609         "version=1\n"
1610         "CID=%x\n"
1611         "parentCID=%x\n"
1612         "createType=\"%s\"\n"
1613         "%s"
1614         "\n"
1615         "# Extent description\n"
1616         "%s"
1617         "\n"
1618         "# The Disk Data Base\n"
1619         "#DDB\n"
1620         "\n"
1621         "ddb.virtualHWVersion = \"%d\"\n"
1622         "ddb.geometry.cylinders = \"%" PRId64 "\"\n"
1623         "ddb.geometry.heads = \"%d\"\n"
1624         "ddb.geometry.sectors = \"63\"\n"
1625         "ddb.adapterType = \"%s\"\n";
1626 
1627     if (filename_decompose(filename, path, prefix, postfix, PATH_MAX, errp)) {
1628         return -EINVAL;
1629     }
1630     /* Read out options */
1631     while (options && options->name) {
1632         if (!strcmp(options->name, BLOCK_OPT_SIZE)) {
1633             total_size = options->value.n;
1634         } else if (!strcmp(options->name, BLOCK_OPT_ADAPTER_TYPE)) {
1635             adapter_type = options->value.s;
1636         } else if (!strcmp(options->name, BLOCK_OPT_BACKING_FILE)) {
1637             backing_file = options->value.s;
1638         } else if (!strcmp(options->name, BLOCK_OPT_COMPAT6)) {
1639             flags |= options->value.n ? BLOCK_FLAG_COMPAT6 : 0;
1640         } else if (!strcmp(options->name, BLOCK_OPT_SUBFMT)) {
1641             fmt = options->value.s;
1642         } else if (!strcmp(options->name, BLOCK_OPT_ZEROED_GRAIN)) {
1643             zeroed_grain |= options->value.n;
1644         }
1645         options++;
1646     }
1647     if (!adapter_type) {
1648         adapter_type = "ide";
1649     } else if (strcmp(adapter_type, "ide") &&
1650                strcmp(adapter_type, "buslogic") &&
1651                strcmp(adapter_type, "lsilogic") &&
1652                strcmp(adapter_type, "legacyESX")) {
1653         error_setg(errp, "Unknown adapter type: '%s'", adapter_type);
1654         return -EINVAL;
1655     }
1656     if (strcmp(adapter_type, "ide") != 0) {
1657         /* that's the number of heads with which vmware operates when
1658            creating, exporting, etc. vmdk files with a non-ide adapter type */
1659         number_heads = 255;
1660     }
1661     if (!fmt) {
1662         /* Default format to monolithicSparse */
1663         fmt = "monolithicSparse";
1664     } else if (strcmp(fmt, "monolithicFlat") &&
1665                strcmp(fmt, "monolithicSparse") &&
1666                strcmp(fmt, "twoGbMaxExtentSparse") &&
1667                strcmp(fmt, "twoGbMaxExtentFlat") &&
1668                strcmp(fmt, "streamOptimized")) {
1669         error_setg(errp, "Unknown subformat: '%s'", fmt);
1670         return -EINVAL;
1671     }
1672     split = !(strcmp(fmt, "twoGbMaxExtentFlat") &&
1673               strcmp(fmt, "twoGbMaxExtentSparse"));
1674     flat = !(strcmp(fmt, "monolithicFlat") &&
1675              strcmp(fmt, "twoGbMaxExtentFlat"));
1676     compress = !strcmp(fmt, "streamOptimized");
1677     if (flat) {
1678         desc_extent_line = "RW %lld FLAT \"%s\" 0\n";
1679     } else {
1680         desc_extent_line = "RW %lld SPARSE \"%s\"\n";
1681     }
1682     if (flat && backing_file) {
1683         error_setg(errp, "Flat image can't have backing file");
1684         return -ENOTSUP;
1685     }
1686     if (flat && zeroed_grain) {
1687         error_setg(errp, "Flat image can't enable zeroed grain");
1688         return -ENOTSUP;
1689     }
1690     if (backing_file) {
1691         BlockDriverState *bs = bdrv_new("");
1692         ret = bdrv_open(bs, backing_file, NULL, 0, NULL, errp);
1693         if (ret != 0) {
1694             bdrv_unref(bs);
1695             return ret;
1696         }
1697         if (strcmp(bs->drv->format_name, "vmdk")) {
1698             bdrv_unref(bs);
1699             return -EINVAL;
1700         }
1701         parent_cid = vmdk_read_cid(bs, 0);
1702         bdrv_unref(bs);
1703         snprintf(parent_desc_line, sizeof(parent_desc_line),
1704                 "parentFileNameHint=\"%s\"", backing_file);
1705     }
1706 
1707     /* Create extents */
1708     filesize = total_size;
1709     while (filesize > 0) {
1710         char desc_line[BUF_SIZE];
1711         char ext_filename[PATH_MAX];
1712         char desc_filename[PATH_MAX];
1713         int64_t size = filesize;
1714 
1715         if (split && size > split_size) {
1716             size = split_size;
1717         }
1718         if (split) {
1719             snprintf(desc_filename, sizeof(desc_filename), "%s-%c%03d%s",
1720                     prefix, flat ? 'f' : 's', ++idx, postfix);
1721         } else if (flat) {
1722             snprintf(desc_filename, sizeof(desc_filename), "%s-flat%s",
1723                     prefix, postfix);
1724         } else {
1725             snprintf(desc_filename, sizeof(desc_filename), "%s%s",
1726                     prefix, postfix);
1727         }
1728         snprintf(ext_filename, sizeof(ext_filename), "%s%s",
1729                 path, desc_filename);
1730 
1731         if (vmdk_create_extent(ext_filename, size,
1732                                flat, compress, zeroed_grain)) {
1733             return -EINVAL;
1734         }
1735         filesize -= size;
1736 
1737         /* Format description line */
1738         snprintf(desc_line, sizeof(desc_line),
1739                     desc_extent_line, size / 512, desc_filename);
1740         pstrcat(ext_desc_lines, sizeof(ext_desc_lines), desc_line);
1741     }
1742     /* generate descriptor file */
1743     snprintf(desc, sizeof(desc), desc_template,
1744             (unsigned int)time(NULL),
1745             parent_cid,
1746             fmt,
1747             parent_desc_line,
1748             ext_desc_lines,
1749             (flags & BLOCK_FLAG_COMPAT6 ? 6 : 4),
1750             total_size / (int64_t)(63 * number_heads * 512), number_heads,
1751                 adapter_type);
1752     if (split || flat) {
1753         fd = qemu_open(filename,
1754                        O_WRONLY | O_CREAT | O_TRUNC | O_BINARY | O_LARGEFILE,
1755                        0644);
1756     } else {
1757         fd = qemu_open(filename,
1758                        O_WRONLY | O_BINARY | O_LARGEFILE,
1759                        0644);
1760     }
1761     if (fd < 0) {
1762         return -errno;
1763     }
1764     /* the descriptor offset = 0x200 */
1765     if (!split && !flat && 0x200 != lseek(fd, 0x200, SEEK_SET)) {
1766         ret = -errno;
1767         goto exit;
1768     }
1769     ret = qemu_write_full(fd, desc, strlen(desc));
1770     if (ret != strlen(desc)) {
1771         ret = -errno;
1772         goto exit;
1773     }
1774     ret = 0;
1775 exit:
1776     qemu_close(fd);
1777     return ret;
1778 }
1779 
1780 static void vmdk_close(BlockDriverState *bs)
1781 {
1782     BDRVVmdkState *s = bs->opaque;
1783 
1784     vmdk_free_extents(bs);
1785     g_free(s->create_type);
1786 
1787     migrate_del_blocker(s->migration_blocker);
1788     error_free(s->migration_blocker);
1789 }
1790 
1791 static coroutine_fn int vmdk_co_flush(BlockDriverState *bs)
1792 {
1793     BDRVVmdkState *s = bs->opaque;
1794     int i, err;
1795     int ret = 0;
1796 
1797     for (i = 0; i < s->num_extents; i++) {
1798         err = bdrv_co_flush(s->extents[i].file);
1799         if (err < 0) {
1800             ret = err;
1801         }
1802     }
1803     return ret;
1804 }
1805 
1806 static int64_t vmdk_get_allocated_file_size(BlockDriverState *bs)
1807 {
1808     int i;
1809     int64_t ret = 0;
1810     int64_t r;
1811     BDRVVmdkState *s = bs->opaque;
1812 
1813     ret = bdrv_get_allocated_file_size(bs->file);
1814     if (ret < 0) {
1815         return ret;
1816     }
1817     for (i = 0; i < s->num_extents; i++) {
1818         if (s->extents[i].file == bs->file) {
1819             continue;
1820         }
1821         r = bdrv_get_allocated_file_size(s->extents[i].file);
1822         if (r < 0) {
1823             return r;
1824         }
1825         ret += r;
1826     }
1827     return ret;
1828 }
1829 
1830 static int vmdk_has_zero_init(BlockDriverState *bs)
1831 {
1832     int i;
1833     BDRVVmdkState *s = bs->opaque;
1834 
1835     /* If has a flat extent and its underlying storage doesn't have zero init,
1836      * return 0. */
1837     for (i = 0; i < s->num_extents; i++) {
1838         if (s->extents[i].flat) {
1839             if (!bdrv_has_zero_init(s->extents[i].file)) {
1840                 return 0;
1841             }
1842         }
1843     }
1844     return 1;
1845 }
1846 
1847 static ImageInfo *vmdk_get_extent_info(VmdkExtent *extent)
1848 {
1849     ImageInfo *info = g_new0(ImageInfo, 1);
1850 
1851     *info = (ImageInfo){
1852         .filename         = g_strdup(extent->file->filename),
1853         .format           = g_strdup(extent->type),
1854         .virtual_size     = extent->sectors * BDRV_SECTOR_SIZE,
1855         .compressed       = extent->compressed,
1856         .has_compressed   = extent->compressed,
1857         .cluster_size     = extent->cluster_sectors * BDRV_SECTOR_SIZE,
1858         .has_cluster_size = !extent->flat,
1859     };
1860 
1861     return info;
1862 }
1863 
1864 static ImageInfoSpecific *vmdk_get_specific_info(BlockDriverState *bs)
1865 {
1866     int i;
1867     BDRVVmdkState *s = bs->opaque;
1868     ImageInfoSpecific *spec_info = g_new0(ImageInfoSpecific, 1);
1869     ImageInfoList **next;
1870 
1871     *spec_info = (ImageInfoSpecific){
1872         .kind = IMAGE_INFO_SPECIFIC_KIND_VMDK,
1873         {
1874             .vmdk = g_new0(ImageInfoSpecificVmdk, 1),
1875         },
1876     };
1877 
1878     *spec_info->vmdk = (ImageInfoSpecificVmdk) {
1879         .create_type = g_strdup(s->create_type),
1880         .cid = s->cid,
1881         .parent_cid = s->parent_cid,
1882     };
1883 
1884     next = &spec_info->vmdk->extents;
1885     for (i = 0; i < s->num_extents; i++) {
1886         *next = g_new0(ImageInfoList, 1);
1887         (*next)->value = vmdk_get_extent_info(&s->extents[i]);
1888         (*next)->next = NULL;
1889         next = &(*next)->next;
1890     }
1891 
1892     return spec_info;
1893 }
1894 
1895 static QEMUOptionParameter vmdk_create_options[] = {
1896     {
1897         .name = BLOCK_OPT_SIZE,
1898         .type = OPT_SIZE,
1899         .help = "Virtual disk size"
1900     },
1901     {
1902         .name = BLOCK_OPT_ADAPTER_TYPE,
1903         .type = OPT_STRING,
1904         .help = "Virtual adapter type, can be one of "
1905                 "ide (default), lsilogic, buslogic or legacyESX"
1906     },
1907     {
1908         .name = BLOCK_OPT_BACKING_FILE,
1909         .type = OPT_STRING,
1910         .help = "File name of a base image"
1911     },
1912     {
1913         .name = BLOCK_OPT_COMPAT6,
1914         .type = OPT_FLAG,
1915         .help = "VMDK version 6 image"
1916     },
1917     {
1918         .name = BLOCK_OPT_SUBFMT,
1919         .type = OPT_STRING,
1920         .help =
1921             "VMDK flat extent format, can be one of "
1922             "{monolithicSparse (default) | monolithicFlat | twoGbMaxExtentSparse | twoGbMaxExtentFlat | streamOptimized} "
1923     },
1924     {
1925         .name = BLOCK_OPT_ZEROED_GRAIN,
1926         .type = OPT_FLAG,
1927         .help = "Enable efficient zero writes using the zeroed-grain GTE feature"
1928     },
1929     { NULL }
1930 };
1931 
1932 static BlockDriver bdrv_vmdk = {
1933     .format_name                  = "vmdk",
1934     .instance_size                = sizeof(BDRVVmdkState),
1935     .bdrv_probe                   = vmdk_probe,
1936     .bdrv_open                    = vmdk_open,
1937     .bdrv_reopen_prepare          = vmdk_reopen_prepare,
1938     .bdrv_read                    = vmdk_co_read,
1939     .bdrv_write                   = vmdk_co_write,
1940     .bdrv_co_write_zeroes         = vmdk_co_write_zeroes,
1941     .bdrv_close                   = vmdk_close,
1942     .bdrv_create                  = vmdk_create,
1943     .bdrv_co_flush_to_disk        = vmdk_co_flush,
1944     .bdrv_co_get_block_status     = vmdk_co_get_block_status,
1945     .bdrv_get_allocated_file_size = vmdk_get_allocated_file_size,
1946     .bdrv_has_zero_init           = vmdk_has_zero_init,
1947     .bdrv_get_specific_info       = vmdk_get_specific_info,
1948 
1949     .create_options               = vmdk_create_options,
1950 };
1951 
1952 static void bdrv_vmdk_init(void)
1953 {
1954     bdrv_register(&bdrv_vmdk);
1955 }
1956 
1957 block_init(bdrv_vmdk_init);
1958