xref: /openbmc/qemu/blockdev.c (revision 4305d482)
1 /*
2  * QEMU host block devices
3  *
4  * Copyright (c) 2003-2008 Fabrice Bellard
5  *
6  * This work is licensed under the terms of the GNU GPL, version 2 or
7  * later.  See the COPYING file in the top-level directory.
8  *
9  * This file incorporates work covered by the following copyright and
10  * permission notice:
11  *
12  * Copyright (c) 2003-2008 Fabrice Bellard
13  *
14  * Permission is hereby granted, free of charge, to any person obtaining a copy
15  * of this software and associated documentation files (the "Software"), to deal
16  * in the Software without restriction, including without limitation the rights
17  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
18  * copies of the Software, and to permit persons to whom the Software is
19  * furnished to do so, subject to the following conditions:
20  *
21  * The above copyright notice and this permission notice shall be included in
22  * all copies or substantial portions of the Software.
23  *
24  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
25  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
26  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
27  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
28  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
29  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
30  * THE SOFTWARE.
31  */
32 
33 #include "qemu/osdep.h"
34 #include "sysemu/block-backend.h"
35 #include "sysemu/blockdev.h"
36 #include "hw/block/block.h"
37 #include "block/blockjob.h"
38 #include "block/qdict.h"
39 #include "block/throttle-groups.h"
40 #include "monitor/monitor.h"
41 #include "qemu/error-report.h"
42 #include "qemu/option.h"
43 #include "qemu/qemu-print.h"
44 #include "qemu/config-file.h"
45 #include "qapi/qapi-commands-block.h"
46 #include "qapi/qapi-commands-transaction.h"
47 #include "qapi/qapi-visit-block-core.h"
48 #include "qapi/qmp/qdict.h"
49 #include "qapi/qmp/qnum.h"
50 #include "qapi/qmp/qstring.h"
51 #include "qapi/error.h"
52 #include "qapi/qmp/qerror.h"
53 #include "qapi/qmp/qlist.h"
54 #include "qapi/qobject-output-visitor.h"
55 #include "sysemu/sysemu.h"
56 #include "sysemu/iothread.h"
57 #include "block/block_int.h"
58 #include "block/trace.h"
59 #include "sysemu/arch_init.h"
60 #include "sysemu/qtest.h"
61 #include "sysemu/runstate.h"
62 #include "qemu/cutils.h"
63 #include "qemu/help_option.h"
64 #include "qemu/main-loop.h"
65 #include "qemu/throttle-options.h"
66 
67 static QTAILQ_HEAD(, BlockDriverState) monitor_bdrv_states =
68     QTAILQ_HEAD_INITIALIZER(monitor_bdrv_states);
69 
70 static int do_open_tray(const char *blk_name, const char *qdev_id,
71                         bool force, Error **errp);
72 static void blockdev_remove_medium(bool has_device, const char *device,
73                                    bool has_id, const char *id, Error **errp);
74 static void blockdev_insert_medium(bool has_device, const char *device,
75                                    bool has_id, const char *id,
76                                    const char *node_name, Error **errp);
77 
78 static const char *const if_name[IF_COUNT] = {
79     [IF_NONE] = "none",
80     [IF_IDE] = "ide",
81     [IF_SCSI] = "scsi",
82     [IF_FLOPPY] = "floppy",
83     [IF_PFLASH] = "pflash",
84     [IF_MTD] = "mtd",
85     [IF_SD] = "sd",
86     [IF_VIRTIO] = "virtio",
87     [IF_XEN] = "xen",
88 };
89 
90 static int if_max_devs[IF_COUNT] = {
91     /*
92      * Do not change these numbers!  They govern how drive option
93      * index maps to unit and bus.  That mapping is ABI.
94      *
95      * All controllers used to implement if=T drives need to support
96      * if_max_devs[T] units, for any T with if_max_devs[T] != 0.
97      * Otherwise, some index values map to "impossible" bus, unit
98      * values.
99      *
100      * For instance, if you change [IF_SCSI] to 255, -drive
101      * if=scsi,index=12 no longer means bus=1,unit=5, but
102      * bus=0,unit=12.  With an lsi53c895a controller (7 units max),
103      * the drive can't be set up.  Regression.
104      */
105     [IF_IDE] = 2,
106     [IF_SCSI] = 7,
107 };
108 
109 /**
110  * Boards may call this to offer board-by-board overrides
111  * of the default, global values.
112  */
113 void override_max_devs(BlockInterfaceType type, int max_devs)
114 {
115     BlockBackend *blk;
116     DriveInfo *dinfo;
117 
118     if (max_devs <= 0) {
119         return;
120     }
121 
122     for (blk = blk_next(NULL); blk; blk = blk_next(blk)) {
123         dinfo = blk_legacy_dinfo(blk);
124         if (dinfo->type == type) {
125             fprintf(stderr, "Cannot override units-per-bus property of"
126                     " the %s interface, because a drive of that type has"
127                     " already been added.\n", if_name[type]);
128             g_assert_not_reached();
129         }
130     }
131 
132     if_max_devs[type] = max_devs;
133 }
134 
135 /*
136  * We automatically delete the drive when a device using it gets
137  * unplugged.  Questionable feature, but we can't just drop it.
138  * Device models call blockdev_mark_auto_del() to schedule the
139  * automatic deletion, and generic qdev code calls blockdev_auto_del()
140  * when deletion is actually safe.
141  */
142 void blockdev_mark_auto_del(BlockBackend *blk)
143 {
144     DriveInfo *dinfo = blk_legacy_dinfo(blk);
145     BlockJob *job;
146 
147     if (!dinfo) {
148         return;
149     }
150 
151     for (job = block_job_next(NULL); job; job = block_job_next(job)) {
152         if (block_job_has_bdrv(job, blk_bs(blk))) {
153             AioContext *aio_context = job->job.aio_context;
154             aio_context_acquire(aio_context);
155 
156             job_cancel(&job->job, false);
157 
158             aio_context_release(aio_context);
159         }
160     }
161 
162     dinfo->auto_del = 1;
163 }
164 
165 void blockdev_auto_del(BlockBackend *blk)
166 {
167     DriveInfo *dinfo = blk_legacy_dinfo(blk);
168 
169     if (dinfo && dinfo->auto_del) {
170         monitor_remove_blk(blk);
171         blk_unref(blk);
172     }
173 }
174 
175 /**
176  * Returns the current mapping of how many units per bus
177  * a particular interface can support.
178  *
179  *  A positive integer indicates n units per bus.
180  *  0 implies the mapping has not been established.
181  * -1 indicates an invalid BlockInterfaceType was given.
182  */
183 int drive_get_max_devs(BlockInterfaceType type)
184 {
185     if (type >= IF_IDE && type < IF_COUNT) {
186         return if_max_devs[type];
187     }
188 
189     return -1;
190 }
191 
192 static int drive_index_to_bus_id(BlockInterfaceType type, int index)
193 {
194     int max_devs = if_max_devs[type];
195     return max_devs ? index / max_devs : 0;
196 }
197 
198 static int drive_index_to_unit_id(BlockInterfaceType type, int index)
199 {
200     int max_devs = if_max_devs[type];
201     return max_devs ? index % max_devs : index;
202 }
203 
204 QemuOpts *drive_def(const char *optstr)
205 {
206     return qemu_opts_parse_noisily(qemu_find_opts("drive"), optstr, false);
207 }
208 
209 QemuOpts *drive_add(BlockInterfaceType type, int index, const char *file,
210                     const char *optstr)
211 {
212     QemuOpts *opts;
213 
214     opts = drive_def(optstr);
215     if (!opts) {
216         return NULL;
217     }
218     if (type != IF_DEFAULT) {
219         qemu_opt_set(opts, "if", if_name[type], &error_abort);
220     }
221     if (index >= 0) {
222         qemu_opt_set_number(opts, "index", index, &error_abort);
223     }
224     if (file)
225         qemu_opt_set(opts, "file", file, &error_abort);
226     return opts;
227 }
228 
229 DriveInfo *drive_get(BlockInterfaceType type, int bus, int unit)
230 {
231     BlockBackend *blk;
232     DriveInfo *dinfo;
233 
234     for (blk = blk_next(NULL); blk; blk = blk_next(blk)) {
235         dinfo = blk_legacy_dinfo(blk);
236         if (dinfo && dinfo->type == type
237             && dinfo->bus == bus && dinfo->unit == unit) {
238             return dinfo;
239         }
240     }
241 
242     return NULL;
243 }
244 
245 void drive_check_orphaned(void)
246 {
247     BlockBackend *blk;
248     DriveInfo *dinfo;
249     Location loc;
250     bool orphans = false;
251 
252     for (blk = blk_next(NULL); blk; blk = blk_next(blk)) {
253         dinfo = blk_legacy_dinfo(blk);
254         if (!blk_get_attached_dev(blk) && !dinfo->is_default &&
255             dinfo->type != IF_NONE) {
256             loc_push_none(&loc);
257             qemu_opts_loc_restore(dinfo->opts);
258             error_report("machine type does not support"
259                          " if=%s,bus=%d,unit=%d",
260                          if_name[dinfo->type], dinfo->bus, dinfo->unit);
261             loc_pop(&loc);
262             orphans = true;
263         }
264     }
265 
266     if (orphans) {
267         exit(1);
268     }
269 }
270 
271 DriveInfo *drive_get_by_index(BlockInterfaceType type, int index)
272 {
273     return drive_get(type,
274                      drive_index_to_bus_id(type, index),
275                      drive_index_to_unit_id(type, index));
276 }
277 
278 int drive_get_max_bus(BlockInterfaceType type)
279 {
280     int max_bus;
281     BlockBackend *blk;
282     DriveInfo *dinfo;
283 
284     max_bus = -1;
285     for (blk = blk_next(NULL); blk; blk = blk_next(blk)) {
286         dinfo = blk_legacy_dinfo(blk);
287         if (dinfo && dinfo->type == type && dinfo->bus > max_bus) {
288             max_bus = dinfo->bus;
289         }
290     }
291     return max_bus;
292 }
293 
294 /* Get a block device.  This should only be used for single-drive devices
295    (e.g. SD/Floppy/MTD).  Multi-disk devices (scsi/ide) should use the
296    appropriate bus.  */
297 DriveInfo *drive_get_next(BlockInterfaceType type)
298 {
299     static int next_block_unit[IF_COUNT];
300 
301     return drive_get(type, 0, next_block_unit[type]++);
302 }
303 
304 static void bdrv_format_print(void *opaque, const char *name)
305 {
306     qemu_printf(" %s", name);
307 }
308 
309 typedef struct {
310     QEMUBH *bh;
311     BlockDriverState *bs;
312 } BDRVPutRefBH;
313 
314 static int parse_block_error_action(const char *buf, bool is_read, Error **errp)
315 {
316     if (!strcmp(buf, "ignore")) {
317         return BLOCKDEV_ON_ERROR_IGNORE;
318     } else if (!is_read && !strcmp(buf, "enospc")) {
319         return BLOCKDEV_ON_ERROR_ENOSPC;
320     } else if (!strcmp(buf, "stop")) {
321         return BLOCKDEV_ON_ERROR_STOP;
322     } else if (!strcmp(buf, "report")) {
323         return BLOCKDEV_ON_ERROR_REPORT;
324     } else {
325         error_setg(errp, "'%s' invalid %s error action",
326                    buf, is_read ? "read" : "write");
327         return -1;
328     }
329 }
330 
331 static bool parse_stats_intervals(BlockAcctStats *stats, QList *intervals,
332                                   Error **errp)
333 {
334     const QListEntry *entry;
335     for (entry = qlist_first(intervals); entry; entry = qlist_next(entry)) {
336         switch (qobject_type(entry->value)) {
337 
338         case QTYPE_QSTRING: {
339             unsigned long long length;
340             const char *str = qstring_get_str(qobject_to(QString,
341                                                          entry->value));
342             if (parse_uint_full(str, &length, 10) == 0 &&
343                 length > 0 && length <= UINT_MAX) {
344                 block_acct_add_interval(stats, (unsigned) length);
345             } else {
346                 error_setg(errp, "Invalid interval length: %s", str);
347                 return false;
348             }
349             break;
350         }
351 
352         case QTYPE_QNUM: {
353             int64_t length = qnum_get_int(qobject_to(QNum, entry->value));
354 
355             if (length > 0 && length <= UINT_MAX) {
356                 block_acct_add_interval(stats, (unsigned) length);
357             } else {
358                 error_setg(errp, "Invalid interval length: %" PRId64, length);
359                 return false;
360             }
361             break;
362         }
363 
364         default:
365             error_setg(errp, "The specification of stats-intervals is invalid");
366             return false;
367         }
368     }
369     return true;
370 }
371 
372 typedef enum { MEDIA_DISK, MEDIA_CDROM } DriveMediaType;
373 
374 /* All parameters but @opts are optional and may be set to NULL. */
375 static void extract_common_blockdev_options(QemuOpts *opts, int *bdrv_flags,
376     const char **throttling_group, ThrottleConfig *throttle_cfg,
377     BlockdevDetectZeroesOptions *detect_zeroes, Error **errp)
378 {
379     Error *local_error = NULL;
380     const char *aio;
381 
382     if (bdrv_flags) {
383         if (qemu_opt_get_bool(opts, "copy-on-read", false)) {
384             *bdrv_flags |= BDRV_O_COPY_ON_READ;
385         }
386 
387         if ((aio = qemu_opt_get(opts, "aio")) != NULL) {
388             if (!strcmp(aio, "native")) {
389                 *bdrv_flags |= BDRV_O_NATIVE_AIO;
390             } else if (!strcmp(aio, "threads")) {
391                 /* this is the default */
392             } else {
393                error_setg(errp, "invalid aio option");
394                return;
395             }
396         }
397     }
398 
399     /* disk I/O throttling */
400     if (throttling_group) {
401         *throttling_group = qemu_opt_get(opts, "throttling.group");
402     }
403 
404     if (throttle_cfg) {
405         throttle_config_init(throttle_cfg);
406         throttle_cfg->buckets[THROTTLE_BPS_TOTAL].avg =
407             qemu_opt_get_number(opts, "throttling.bps-total", 0);
408         throttle_cfg->buckets[THROTTLE_BPS_READ].avg  =
409             qemu_opt_get_number(opts, "throttling.bps-read", 0);
410         throttle_cfg->buckets[THROTTLE_BPS_WRITE].avg =
411             qemu_opt_get_number(opts, "throttling.bps-write", 0);
412         throttle_cfg->buckets[THROTTLE_OPS_TOTAL].avg =
413             qemu_opt_get_number(opts, "throttling.iops-total", 0);
414         throttle_cfg->buckets[THROTTLE_OPS_READ].avg =
415             qemu_opt_get_number(opts, "throttling.iops-read", 0);
416         throttle_cfg->buckets[THROTTLE_OPS_WRITE].avg =
417             qemu_opt_get_number(opts, "throttling.iops-write", 0);
418 
419         throttle_cfg->buckets[THROTTLE_BPS_TOTAL].max =
420             qemu_opt_get_number(opts, "throttling.bps-total-max", 0);
421         throttle_cfg->buckets[THROTTLE_BPS_READ].max  =
422             qemu_opt_get_number(opts, "throttling.bps-read-max", 0);
423         throttle_cfg->buckets[THROTTLE_BPS_WRITE].max =
424             qemu_opt_get_number(opts, "throttling.bps-write-max", 0);
425         throttle_cfg->buckets[THROTTLE_OPS_TOTAL].max =
426             qemu_opt_get_number(opts, "throttling.iops-total-max", 0);
427         throttle_cfg->buckets[THROTTLE_OPS_READ].max =
428             qemu_opt_get_number(opts, "throttling.iops-read-max", 0);
429         throttle_cfg->buckets[THROTTLE_OPS_WRITE].max =
430             qemu_opt_get_number(opts, "throttling.iops-write-max", 0);
431 
432         throttle_cfg->buckets[THROTTLE_BPS_TOTAL].burst_length =
433             qemu_opt_get_number(opts, "throttling.bps-total-max-length", 1);
434         throttle_cfg->buckets[THROTTLE_BPS_READ].burst_length  =
435             qemu_opt_get_number(opts, "throttling.bps-read-max-length", 1);
436         throttle_cfg->buckets[THROTTLE_BPS_WRITE].burst_length =
437             qemu_opt_get_number(opts, "throttling.bps-write-max-length", 1);
438         throttle_cfg->buckets[THROTTLE_OPS_TOTAL].burst_length =
439             qemu_opt_get_number(opts, "throttling.iops-total-max-length", 1);
440         throttle_cfg->buckets[THROTTLE_OPS_READ].burst_length =
441             qemu_opt_get_number(opts, "throttling.iops-read-max-length", 1);
442         throttle_cfg->buckets[THROTTLE_OPS_WRITE].burst_length =
443             qemu_opt_get_number(opts, "throttling.iops-write-max-length", 1);
444 
445         throttle_cfg->op_size =
446             qemu_opt_get_number(opts, "throttling.iops-size", 0);
447 
448         if (!throttle_is_valid(throttle_cfg, errp)) {
449             return;
450         }
451     }
452 
453     if (detect_zeroes) {
454         *detect_zeroes =
455             qapi_enum_parse(&BlockdevDetectZeroesOptions_lookup,
456                             qemu_opt_get(opts, "detect-zeroes"),
457                             BLOCKDEV_DETECT_ZEROES_OPTIONS_OFF,
458                             &local_error);
459         if (local_error) {
460             error_propagate(errp, local_error);
461             return;
462         }
463     }
464 }
465 
466 /* Takes the ownership of bs_opts */
467 static BlockBackend *blockdev_init(const char *file, QDict *bs_opts,
468                                    Error **errp)
469 {
470     const char *buf;
471     int bdrv_flags = 0;
472     int on_read_error, on_write_error;
473     bool account_invalid, account_failed;
474     bool writethrough, read_only;
475     BlockBackend *blk;
476     BlockDriverState *bs;
477     ThrottleConfig cfg;
478     int snapshot = 0;
479     Error *error = NULL;
480     QemuOpts *opts;
481     QDict *interval_dict = NULL;
482     QList *interval_list = NULL;
483     const char *id;
484     BlockdevDetectZeroesOptions detect_zeroes =
485         BLOCKDEV_DETECT_ZEROES_OPTIONS_OFF;
486     const char *throttling_group = NULL;
487 
488     /* Check common options by copying from bs_opts to opts, all other options
489      * stay in bs_opts for processing by bdrv_open(). */
490     id = qdict_get_try_str(bs_opts, "id");
491     opts = qemu_opts_create(&qemu_common_drive_opts, id, 1, &error);
492     if (error) {
493         error_propagate(errp, error);
494         goto err_no_opts;
495     }
496 
497     qemu_opts_absorb_qdict(opts, bs_opts, &error);
498     if (error) {
499         error_propagate(errp, error);
500         goto early_err;
501     }
502 
503     if (id) {
504         qdict_del(bs_opts, "id");
505     }
506 
507     /* extract parameters */
508     snapshot = qemu_opt_get_bool(opts, "snapshot", 0);
509 
510     account_invalid = qemu_opt_get_bool(opts, "stats-account-invalid", true);
511     account_failed = qemu_opt_get_bool(opts, "stats-account-failed", true);
512 
513     writethrough = !qemu_opt_get_bool(opts, BDRV_OPT_CACHE_WB, true);
514 
515     id = qemu_opts_id(opts);
516 
517     qdict_extract_subqdict(bs_opts, &interval_dict, "stats-intervals.");
518     qdict_array_split(interval_dict, &interval_list);
519 
520     if (qdict_size(interval_dict) != 0) {
521         error_setg(errp, "Invalid option stats-intervals.%s",
522                    qdict_first(interval_dict)->key);
523         goto early_err;
524     }
525 
526     extract_common_blockdev_options(opts, &bdrv_flags, &throttling_group, &cfg,
527                                     &detect_zeroes, &error);
528     if (error) {
529         error_propagate(errp, error);
530         goto early_err;
531     }
532 
533     if ((buf = qemu_opt_get(opts, "format")) != NULL) {
534         if (is_help_option(buf)) {
535             qemu_printf("Supported formats:");
536             bdrv_iterate_format(bdrv_format_print, NULL, false);
537             qemu_printf("\nSupported formats (read-only):");
538             bdrv_iterate_format(bdrv_format_print, NULL, true);
539             qemu_printf("\n");
540             goto early_err;
541         }
542 
543         if (qdict_haskey(bs_opts, "driver")) {
544             error_setg(errp, "Cannot specify both 'driver' and 'format'");
545             goto early_err;
546         }
547         qdict_put_str(bs_opts, "driver", buf);
548     }
549 
550     on_write_error = BLOCKDEV_ON_ERROR_ENOSPC;
551     if ((buf = qemu_opt_get(opts, "werror")) != NULL) {
552         on_write_error = parse_block_error_action(buf, 0, &error);
553         if (error) {
554             error_propagate(errp, error);
555             goto early_err;
556         }
557     }
558 
559     on_read_error = BLOCKDEV_ON_ERROR_REPORT;
560     if ((buf = qemu_opt_get(opts, "rerror")) != NULL) {
561         on_read_error = parse_block_error_action(buf, 1, &error);
562         if (error) {
563             error_propagate(errp, error);
564             goto early_err;
565         }
566     }
567 
568     if (snapshot) {
569         bdrv_flags |= BDRV_O_SNAPSHOT;
570     }
571 
572     read_only = qemu_opt_get_bool(opts, BDRV_OPT_READ_ONLY, false);
573 
574     /* init */
575     if ((!file || !*file) && !qdict_size(bs_opts)) {
576         BlockBackendRootState *blk_rs;
577 
578         blk = blk_new(qemu_get_aio_context(), 0, BLK_PERM_ALL);
579         blk_rs = blk_get_root_state(blk);
580         blk_rs->open_flags    = bdrv_flags;
581         blk_rs->read_only     = read_only;
582         blk_rs->detect_zeroes = detect_zeroes;
583 
584         qobject_unref(bs_opts);
585     } else {
586         if (file && !*file) {
587             file = NULL;
588         }
589 
590         /* bdrv_open() defaults to the values in bdrv_flags (for compatibility
591          * with other callers) rather than what we want as the real defaults.
592          * Apply the defaults here instead. */
593         qdict_set_default_str(bs_opts, BDRV_OPT_CACHE_DIRECT, "off");
594         qdict_set_default_str(bs_opts, BDRV_OPT_CACHE_NO_FLUSH, "off");
595         qdict_set_default_str(bs_opts, BDRV_OPT_READ_ONLY,
596                               read_only ? "on" : "off");
597         qdict_set_default_str(bs_opts, BDRV_OPT_AUTO_READ_ONLY, "on");
598         assert((bdrv_flags & BDRV_O_CACHE_MASK) == 0);
599 
600         if (runstate_check(RUN_STATE_INMIGRATE)) {
601             bdrv_flags |= BDRV_O_INACTIVE;
602         }
603 
604         blk = blk_new_open(file, NULL, bs_opts, bdrv_flags, errp);
605         if (!blk) {
606             goto err_no_bs_opts;
607         }
608         bs = blk_bs(blk);
609 
610         bs->detect_zeroes = detect_zeroes;
611 
612         block_acct_setup(blk_get_stats(blk), account_invalid, account_failed);
613 
614         if (!parse_stats_intervals(blk_get_stats(blk), interval_list, errp)) {
615             blk_unref(blk);
616             blk = NULL;
617             goto err_no_bs_opts;
618         }
619     }
620 
621     /* disk I/O throttling */
622     if (throttle_enabled(&cfg)) {
623         if (!throttling_group) {
624             throttling_group = id;
625         }
626         blk_io_limits_enable(blk, throttling_group);
627         blk_set_io_limits(blk, &cfg);
628     }
629 
630     blk_set_enable_write_cache(blk, !writethrough);
631     blk_set_on_error(blk, on_read_error, on_write_error);
632 
633     if (!monitor_add_blk(blk, id, errp)) {
634         blk_unref(blk);
635         blk = NULL;
636         goto err_no_bs_opts;
637     }
638 
639 err_no_bs_opts:
640     qemu_opts_del(opts);
641     qobject_unref(interval_dict);
642     qobject_unref(interval_list);
643     return blk;
644 
645 early_err:
646     qemu_opts_del(opts);
647     qobject_unref(interval_dict);
648     qobject_unref(interval_list);
649 err_no_opts:
650     qobject_unref(bs_opts);
651     return NULL;
652 }
653 
654 /* Takes the ownership of bs_opts */
655 static BlockDriverState *bds_tree_init(QDict *bs_opts, Error **errp)
656 {
657     int bdrv_flags = 0;
658 
659     /* bdrv_open() defaults to the values in bdrv_flags (for compatibility
660      * with other callers) rather than what we want as the real defaults.
661      * Apply the defaults here instead. */
662     qdict_set_default_str(bs_opts, BDRV_OPT_CACHE_DIRECT, "off");
663     qdict_set_default_str(bs_opts, BDRV_OPT_CACHE_NO_FLUSH, "off");
664     qdict_set_default_str(bs_opts, BDRV_OPT_READ_ONLY, "off");
665 
666     if (runstate_check(RUN_STATE_INMIGRATE)) {
667         bdrv_flags |= BDRV_O_INACTIVE;
668     }
669 
670     return bdrv_open(NULL, NULL, bs_opts, bdrv_flags, errp);
671 }
672 
673 void blockdev_close_all_bdrv_states(void)
674 {
675     BlockDriverState *bs, *next_bs;
676 
677     QTAILQ_FOREACH_SAFE(bs, &monitor_bdrv_states, monitor_list, next_bs) {
678         AioContext *ctx = bdrv_get_aio_context(bs);
679 
680         aio_context_acquire(ctx);
681         bdrv_unref(bs);
682         aio_context_release(ctx);
683     }
684 }
685 
686 /* Iterates over the list of monitor-owned BlockDriverStates */
687 BlockDriverState *bdrv_next_monitor_owned(BlockDriverState *bs)
688 {
689     return bs ? QTAILQ_NEXT(bs, monitor_list)
690               : QTAILQ_FIRST(&monitor_bdrv_states);
691 }
692 
693 static void qemu_opt_rename(QemuOpts *opts, const char *from, const char *to,
694                             Error **errp)
695 {
696     const char *value;
697 
698     value = qemu_opt_get(opts, from);
699     if (value) {
700         if (qemu_opt_find(opts, to)) {
701             error_setg(errp, "'%s' and its alias '%s' can't be used at the "
702                        "same time", to, from);
703             return;
704         }
705     }
706 
707     /* rename all items in opts */
708     while ((value = qemu_opt_get(opts, from))) {
709         qemu_opt_set(opts, to, value, &error_abort);
710         qemu_opt_unset(opts, from);
711     }
712 }
713 
714 QemuOptsList qemu_legacy_drive_opts = {
715     .name = "drive",
716     .head = QTAILQ_HEAD_INITIALIZER(qemu_legacy_drive_opts.head),
717     .desc = {
718         {
719             .name = "bus",
720             .type = QEMU_OPT_NUMBER,
721             .help = "bus number",
722         },{
723             .name = "unit",
724             .type = QEMU_OPT_NUMBER,
725             .help = "unit number (i.e. lun for scsi)",
726         },{
727             .name = "index",
728             .type = QEMU_OPT_NUMBER,
729             .help = "index number",
730         },{
731             .name = "media",
732             .type = QEMU_OPT_STRING,
733             .help = "media type (disk, cdrom)",
734         },{
735             .name = "if",
736             .type = QEMU_OPT_STRING,
737             .help = "interface (ide, scsi, sd, mtd, floppy, pflash, virtio)",
738         },{
739             .name = "file",
740             .type = QEMU_OPT_STRING,
741             .help = "file name",
742         },
743 
744         /* Options that are passed on, but have special semantics with -drive */
745         {
746             .name = BDRV_OPT_READ_ONLY,
747             .type = QEMU_OPT_BOOL,
748             .help = "open drive file as read-only",
749         },{
750             .name = "rerror",
751             .type = QEMU_OPT_STRING,
752             .help = "read error action",
753         },{
754             .name = "werror",
755             .type = QEMU_OPT_STRING,
756             .help = "write error action",
757         },{
758             .name = "copy-on-read",
759             .type = QEMU_OPT_BOOL,
760             .help = "copy read data from backing file into image file",
761         },
762 
763         { /* end of list */ }
764     },
765 };
766 
767 DriveInfo *drive_new(QemuOpts *all_opts, BlockInterfaceType block_default_type,
768                      Error **errp)
769 {
770     const char *value;
771     BlockBackend *blk;
772     DriveInfo *dinfo = NULL;
773     QDict *bs_opts;
774     QemuOpts *legacy_opts;
775     DriveMediaType media = MEDIA_DISK;
776     BlockInterfaceType type;
777     int max_devs, bus_id, unit_id, index;
778     const char *werror, *rerror;
779     bool read_only = false;
780     bool copy_on_read;
781     const char *filename;
782     Error *local_err = NULL;
783     int i;
784 
785     /* Change legacy command line options into QMP ones */
786     static const struct {
787         const char *from;
788         const char *to;
789     } opt_renames[] = {
790         { "iops",           "throttling.iops-total" },
791         { "iops_rd",        "throttling.iops-read" },
792         { "iops_wr",        "throttling.iops-write" },
793 
794         { "bps",            "throttling.bps-total" },
795         { "bps_rd",         "throttling.bps-read" },
796         { "bps_wr",         "throttling.bps-write" },
797 
798         { "iops_max",       "throttling.iops-total-max" },
799         { "iops_rd_max",    "throttling.iops-read-max" },
800         { "iops_wr_max",    "throttling.iops-write-max" },
801 
802         { "bps_max",        "throttling.bps-total-max" },
803         { "bps_rd_max",     "throttling.bps-read-max" },
804         { "bps_wr_max",     "throttling.bps-write-max" },
805 
806         { "iops_size",      "throttling.iops-size" },
807 
808         { "group",          "throttling.group" },
809 
810         { "readonly",       BDRV_OPT_READ_ONLY },
811     };
812 
813     for (i = 0; i < ARRAY_SIZE(opt_renames); i++) {
814         qemu_opt_rename(all_opts, opt_renames[i].from, opt_renames[i].to,
815                         &local_err);
816         if (local_err) {
817             error_propagate(errp, local_err);
818             return NULL;
819         }
820     }
821 
822     value = qemu_opt_get(all_opts, "cache");
823     if (value) {
824         int flags = 0;
825         bool writethrough;
826 
827         if (bdrv_parse_cache_mode(value, &flags, &writethrough) != 0) {
828             error_setg(errp, "invalid cache option");
829             return NULL;
830         }
831 
832         /* Specific options take precedence */
833         if (!qemu_opt_get(all_opts, BDRV_OPT_CACHE_WB)) {
834             qemu_opt_set_bool(all_opts, BDRV_OPT_CACHE_WB,
835                               !writethrough, &error_abort);
836         }
837         if (!qemu_opt_get(all_opts, BDRV_OPT_CACHE_DIRECT)) {
838             qemu_opt_set_bool(all_opts, BDRV_OPT_CACHE_DIRECT,
839                               !!(flags & BDRV_O_NOCACHE), &error_abort);
840         }
841         if (!qemu_opt_get(all_opts, BDRV_OPT_CACHE_NO_FLUSH)) {
842             qemu_opt_set_bool(all_opts, BDRV_OPT_CACHE_NO_FLUSH,
843                               !!(flags & BDRV_O_NO_FLUSH), &error_abort);
844         }
845         qemu_opt_unset(all_opts, "cache");
846     }
847 
848     /* Get a QDict for processing the options */
849     bs_opts = qdict_new();
850     qemu_opts_to_qdict(all_opts, bs_opts);
851 
852     legacy_opts = qemu_opts_create(&qemu_legacy_drive_opts, NULL, 0,
853                                    &error_abort);
854     qemu_opts_absorb_qdict(legacy_opts, bs_opts, &local_err);
855     if (local_err) {
856         error_propagate(errp, local_err);
857         goto fail;
858     }
859 
860     /* Media type */
861     value = qemu_opt_get(legacy_opts, "media");
862     if (value) {
863         if (!strcmp(value, "disk")) {
864             media = MEDIA_DISK;
865         } else if (!strcmp(value, "cdrom")) {
866             media = MEDIA_CDROM;
867             read_only = true;
868         } else {
869             error_setg(errp, "'%s' invalid media", value);
870             goto fail;
871         }
872     }
873 
874     /* copy-on-read is disabled with a warning for read-only devices */
875     read_only |= qemu_opt_get_bool(legacy_opts, BDRV_OPT_READ_ONLY, false);
876     copy_on_read = qemu_opt_get_bool(legacy_opts, "copy-on-read", false);
877 
878     if (read_only && copy_on_read) {
879         warn_report("disabling copy-on-read on read-only drive");
880         copy_on_read = false;
881     }
882 
883     qdict_put_str(bs_opts, BDRV_OPT_READ_ONLY, read_only ? "on" : "off");
884     qdict_put_str(bs_opts, "copy-on-read", copy_on_read ? "on" : "off");
885 
886     /* Controller type */
887     value = qemu_opt_get(legacy_opts, "if");
888     if (value) {
889         for (type = 0;
890              type < IF_COUNT && strcmp(value, if_name[type]);
891              type++) {
892         }
893         if (type == IF_COUNT) {
894             error_setg(errp, "unsupported bus type '%s'", value);
895             goto fail;
896         }
897     } else {
898         type = block_default_type;
899     }
900 
901     /* Device address specified by bus/unit or index.
902      * If none was specified, try to find the first free one. */
903     bus_id  = qemu_opt_get_number(legacy_opts, "bus", 0);
904     unit_id = qemu_opt_get_number(legacy_opts, "unit", -1);
905     index   = qemu_opt_get_number(legacy_opts, "index", -1);
906 
907     max_devs = if_max_devs[type];
908 
909     if (index != -1) {
910         if (bus_id != 0 || unit_id != -1) {
911             error_setg(errp, "index cannot be used with bus and unit");
912             goto fail;
913         }
914         bus_id = drive_index_to_bus_id(type, index);
915         unit_id = drive_index_to_unit_id(type, index);
916     }
917 
918     if (unit_id == -1) {
919        unit_id = 0;
920        while (drive_get(type, bus_id, unit_id) != NULL) {
921            unit_id++;
922            if (max_devs && unit_id >= max_devs) {
923                unit_id -= max_devs;
924                bus_id++;
925            }
926        }
927     }
928 
929     if (max_devs && unit_id >= max_devs) {
930         error_setg(errp, "unit %d too big (max is %d)", unit_id, max_devs - 1);
931         goto fail;
932     }
933 
934     if (drive_get(type, bus_id, unit_id) != NULL) {
935         error_setg(errp, "drive with bus=%d, unit=%d (index=%d) exists",
936                    bus_id, unit_id, index);
937         goto fail;
938     }
939 
940     /* no id supplied -> create one */
941     if (qemu_opts_id(all_opts) == NULL) {
942         char *new_id;
943         const char *mediastr = "";
944         if (type == IF_IDE || type == IF_SCSI) {
945             mediastr = (media == MEDIA_CDROM) ? "-cd" : "-hd";
946         }
947         if (max_devs) {
948             new_id = g_strdup_printf("%s%i%s%i", if_name[type], bus_id,
949                                      mediastr, unit_id);
950         } else {
951             new_id = g_strdup_printf("%s%s%i", if_name[type],
952                                      mediastr, unit_id);
953         }
954         qdict_put_str(bs_opts, "id", new_id);
955         g_free(new_id);
956     }
957 
958     /* Add virtio block device */
959     if (type == IF_VIRTIO) {
960         QemuOpts *devopts;
961         devopts = qemu_opts_create(qemu_find_opts("device"), NULL, 0,
962                                    &error_abort);
963         if (arch_type == QEMU_ARCH_S390X) {
964             qemu_opt_set(devopts, "driver", "virtio-blk-ccw", &error_abort);
965         } else {
966             qemu_opt_set(devopts, "driver", "virtio-blk-pci", &error_abort);
967         }
968         qemu_opt_set(devopts, "drive", qdict_get_str(bs_opts, "id"),
969                      &error_abort);
970     }
971 
972     filename = qemu_opt_get(legacy_opts, "file");
973 
974     /* Check werror/rerror compatibility with if=... */
975     werror = qemu_opt_get(legacy_opts, "werror");
976     if (werror != NULL) {
977         if (type != IF_IDE && type != IF_SCSI && type != IF_VIRTIO &&
978             type != IF_NONE) {
979             error_setg(errp, "werror is not supported by this bus type");
980             goto fail;
981         }
982         qdict_put_str(bs_opts, "werror", werror);
983     }
984 
985     rerror = qemu_opt_get(legacy_opts, "rerror");
986     if (rerror != NULL) {
987         if (type != IF_IDE && type != IF_VIRTIO && type != IF_SCSI &&
988             type != IF_NONE) {
989             error_setg(errp, "rerror is not supported by this bus type");
990             goto fail;
991         }
992         qdict_put_str(bs_opts, "rerror", rerror);
993     }
994 
995     /* Actual block device init: Functionality shared with blockdev-add */
996     blk = blockdev_init(filename, bs_opts, &local_err);
997     bs_opts = NULL;
998     if (!blk) {
999         error_propagate(errp, local_err);
1000         goto fail;
1001     } else {
1002         assert(!local_err);
1003     }
1004 
1005     /* Create legacy DriveInfo */
1006     dinfo = g_malloc0(sizeof(*dinfo));
1007     dinfo->opts = all_opts;
1008 
1009     dinfo->type = type;
1010     dinfo->bus = bus_id;
1011     dinfo->unit = unit_id;
1012 
1013     blk_set_legacy_dinfo(blk, dinfo);
1014 
1015     switch(type) {
1016     case IF_IDE:
1017     case IF_SCSI:
1018     case IF_XEN:
1019     case IF_NONE:
1020         dinfo->media_cd = media == MEDIA_CDROM;
1021         break;
1022     default:
1023         break;
1024     }
1025 
1026 fail:
1027     qemu_opts_del(legacy_opts);
1028     qobject_unref(bs_opts);
1029     return dinfo;
1030 }
1031 
1032 static BlockDriverState *qmp_get_root_bs(const char *name, Error **errp)
1033 {
1034     BlockDriverState *bs;
1035 
1036     bs = bdrv_lookup_bs(name, name, errp);
1037     if (bs == NULL) {
1038         return NULL;
1039     }
1040 
1041     if (!bdrv_is_root_node(bs)) {
1042         error_setg(errp, "Need a root block node");
1043         return NULL;
1044     }
1045 
1046     if (!bdrv_is_inserted(bs)) {
1047         error_setg(errp, "Device has no medium");
1048         return NULL;
1049     }
1050 
1051     return bs;
1052 }
1053 
1054 static BlockBackend *qmp_get_blk(const char *blk_name, const char *qdev_id,
1055                                  Error **errp)
1056 {
1057     BlockBackend *blk;
1058 
1059     if (!blk_name == !qdev_id) {
1060         error_setg(errp, "Need exactly one of 'device' and 'id'");
1061         return NULL;
1062     }
1063 
1064     if (qdev_id) {
1065         blk = blk_by_qdev_id(qdev_id, errp);
1066     } else {
1067         blk = blk_by_name(blk_name);
1068         if (blk == NULL) {
1069             error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
1070                       "Device '%s' not found", blk_name);
1071         }
1072     }
1073 
1074     return blk;
1075 }
1076 
1077 void hmp_commit(Monitor *mon, const QDict *qdict)
1078 {
1079     const char *device = qdict_get_str(qdict, "device");
1080     BlockBackend *blk;
1081     int ret;
1082 
1083     if (!strcmp(device, "all")) {
1084         ret = blk_commit_all();
1085     } else {
1086         BlockDriverState *bs;
1087         AioContext *aio_context;
1088 
1089         blk = blk_by_name(device);
1090         if (!blk) {
1091             error_report("Device '%s' not found", device);
1092             return;
1093         }
1094         if (!blk_is_available(blk)) {
1095             error_report("Device '%s' has no medium", device);
1096             return;
1097         }
1098 
1099         bs = blk_bs(blk);
1100         aio_context = bdrv_get_aio_context(bs);
1101         aio_context_acquire(aio_context);
1102 
1103         ret = bdrv_commit(bs);
1104 
1105         aio_context_release(aio_context);
1106     }
1107     if (ret < 0) {
1108         error_report("'commit' error for '%s': %s", device, strerror(-ret));
1109     }
1110 }
1111 
1112 static void blockdev_do_action(TransactionAction *action, Error **errp)
1113 {
1114     TransactionActionList list;
1115 
1116     list.value = action;
1117     list.next = NULL;
1118     qmp_transaction(&list, false, NULL, errp);
1119 }
1120 
1121 void qmp_blockdev_snapshot_sync(bool has_device, const char *device,
1122                                 bool has_node_name, const char *node_name,
1123                                 const char *snapshot_file,
1124                                 bool has_snapshot_node_name,
1125                                 const char *snapshot_node_name,
1126                                 bool has_format, const char *format,
1127                                 bool has_mode, NewImageMode mode, Error **errp)
1128 {
1129     BlockdevSnapshotSync snapshot = {
1130         .has_device = has_device,
1131         .device = (char *) device,
1132         .has_node_name = has_node_name,
1133         .node_name = (char *) node_name,
1134         .snapshot_file = (char *) snapshot_file,
1135         .has_snapshot_node_name = has_snapshot_node_name,
1136         .snapshot_node_name = (char *) snapshot_node_name,
1137         .has_format = has_format,
1138         .format = (char *) format,
1139         .has_mode = has_mode,
1140         .mode = mode,
1141     };
1142     TransactionAction action = {
1143         .type = TRANSACTION_ACTION_KIND_BLOCKDEV_SNAPSHOT_SYNC,
1144         .u.blockdev_snapshot_sync.data = &snapshot,
1145     };
1146     blockdev_do_action(&action, errp);
1147 }
1148 
1149 void qmp_blockdev_snapshot(const char *node, const char *overlay,
1150                            Error **errp)
1151 {
1152     BlockdevSnapshot snapshot_data = {
1153         .node = (char *) node,
1154         .overlay = (char *) overlay
1155     };
1156     TransactionAction action = {
1157         .type = TRANSACTION_ACTION_KIND_BLOCKDEV_SNAPSHOT,
1158         .u.blockdev_snapshot.data = &snapshot_data,
1159     };
1160     blockdev_do_action(&action, errp);
1161 }
1162 
1163 void qmp_blockdev_snapshot_internal_sync(const char *device,
1164                                          const char *name,
1165                                          Error **errp)
1166 {
1167     BlockdevSnapshotInternal snapshot = {
1168         .device = (char *) device,
1169         .name = (char *) name
1170     };
1171     TransactionAction action = {
1172         .type = TRANSACTION_ACTION_KIND_BLOCKDEV_SNAPSHOT_INTERNAL_SYNC,
1173         .u.blockdev_snapshot_internal_sync.data = &snapshot,
1174     };
1175     blockdev_do_action(&action, errp);
1176 }
1177 
1178 SnapshotInfo *qmp_blockdev_snapshot_delete_internal_sync(const char *device,
1179                                                          bool has_id,
1180                                                          const char *id,
1181                                                          bool has_name,
1182                                                          const char *name,
1183                                                          Error **errp)
1184 {
1185     BlockDriverState *bs;
1186     AioContext *aio_context;
1187     QEMUSnapshotInfo sn;
1188     Error *local_err = NULL;
1189     SnapshotInfo *info = NULL;
1190     int ret;
1191 
1192     bs = qmp_get_root_bs(device, errp);
1193     if (!bs) {
1194         return NULL;
1195     }
1196     aio_context = bdrv_get_aio_context(bs);
1197     aio_context_acquire(aio_context);
1198 
1199     if (!has_id) {
1200         id = NULL;
1201     }
1202 
1203     if (!has_name) {
1204         name = NULL;
1205     }
1206 
1207     if (!id && !name) {
1208         error_setg(errp, "Name or id must be provided");
1209         goto out_aio_context;
1210     }
1211 
1212     if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_INTERNAL_SNAPSHOT_DELETE, errp)) {
1213         goto out_aio_context;
1214     }
1215 
1216     ret = bdrv_snapshot_find_by_id_and_name(bs, id, name, &sn, &local_err);
1217     if (local_err) {
1218         error_propagate(errp, local_err);
1219         goto out_aio_context;
1220     }
1221     if (!ret) {
1222         error_setg(errp,
1223                    "Snapshot with id '%s' and name '%s' does not exist on "
1224                    "device '%s'",
1225                    STR_OR_NULL(id), STR_OR_NULL(name), device);
1226         goto out_aio_context;
1227     }
1228 
1229     bdrv_snapshot_delete(bs, id, name, &local_err);
1230     if (local_err) {
1231         error_propagate(errp, local_err);
1232         goto out_aio_context;
1233     }
1234 
1235     aio_context_release(aio_context);
1236 
1237     info = g_new0(SnapshotInfo, 1);
1238     info->id = g_strdup(sn.id_str);
1239     info->name = g_strdup(sn.name);
1240     info->date_nsec = sn.date_nsec;
1241     info->date_sec = sn.date_sec;
1242     info->vm_state_size = sn.vm_state_size;
1243     info->vm_clock_nsec = sn.vm_clock_nsec % 1000000000;
1244     info->vm_clock_sec = sn.vm_clock_nsec / 1000000000;
1245 
1246     return info;
1247 
1248 out_aio_context:
1249     aio_context_release(aio_context);
1250     return NULL;
1251 }
1252 
1253 /**
1254  * block_dirty_bitmap_lookup:
1255  * Return a dirty bitmap (if present), after validating
1256  * the node reference and bitmap names.
1257  *
1258  * @node: The name of the BDS node to search for bitmaps
1259  * @name: The name of the bitmap to search for
1260  * @pbs: Output pointer for BDS lookup, if desired. Can be NULL.
1261  * @errp: Output pointer for error information. Can be NULL.
1262  *
1263  * @return: A bitmap object on success, or NULL on failure.
1264  */
1265 static BdrvDirtyBitmap *block_dirty_bitmap_lookup(const char *node,
1266                                                   const char *name,
1267                                                   BlockDriverState **pbs,
1268                                                   Error **errp)
1269 {
1270     BlockDriverState *bs;
1271     BdrvDirtyBitmap *bitmap;
1272 
1273     if (!node) {
1274         error_setg(errp, "Node cannot be NULL");
1275         return NULL;
1276     }
1277     if (!name) {
1278         error_setg(errp, "Bitmap name cannot be NULL");
1279         return NULL;
1280     }
1281     bs = bdrv_lookup_bs(node, node, NULL);
1282     if (!bs) {
1283         error_setg(errp, "Node '%s' not found", node);
1284         return NULL;
1285     }
1286 
1287     bitmap = bdrv_find_dirty_bitmap(bs, name);
1288     if (!bitmap) {
1289         error_setg(errp, "Dirty bitmap '%s' not found", name);
1290         return NULL;
1291     }
1292 
1293     if (pbs) {
1294         *pbs = bs;
1295     }
1296 
1297     return bitmap;
1298 }
1299 
1300 /* New and old BlockDriverState structs for atomic group operations */
1301 
1302 typedef struct BlkActionState BlkActionState;
1303 
1304 /**
1305  * BlkActionOps:
1306  * Table of operations that define an Action.
1307  *
1308  * @instance_size: Size of state struct, in bytes.
1309  * @prepare: Prepare the work, must NOT be NULL.
1310  * @commit: Commit the changes, can be NULL.
1311  * @abort: Abort the changes on fail, can be NULL.
1312  * @clean: Clean up resources after all transaction actions have called
1313  *         commit() or abort(). Can be NULL.
1314  *
1315  * Only prepare() may fail. In a single transaction, only one of commit() or
1316  * abort() will be called. clean() will always be called if it is present.
1317  */
1318 typedef struct BlkActionOps {
1319     size_t instance_size;
1320     void (*prepare)(BlkActionState *common, Error **errp);
1321     void (*commit)(BlkActionState *common);
1322     void (*abort)(BlkActionState *common);
1323     void (*clean)(BlkActionState *common);
1324 } BlkActionOps;
1325 
1326 /**
1327  * BlkActionState:
1328  * Describes one Action's state within a Transaction.
1329  *
1330  * @action: QAPI-defined enum identifying which Action to perform.
1331  * @ops: Table of ActionOps this Action can perform.
1332  * @block_job_txn: Transaction which this action belongs to.
1333  * @entry: List membership for all Actions in this Transaction.
1334  *
1335  * This structure must be arranged as first member in a subclassed type,
1336  * assuming that the compiler will also arrange it to the same offsets as the
1337  * base class.
1338  */
1339 struct BlkActionState {
1340     TransactionAction *action;
1341     const BlkActionOps *ops;
1342     JobTxn *block_job_txn;
1343     TransactionProperties *txn_props;
1344     QTAILQ_ENTRY(BlkActionState) entry;
1345 };
1346 
1347 /* internal snapshot private data */
1348 typedef struct InternalSnapshotState {
1349     BlkActionState common;
1350     BlockDriverState *bs;
1351     QEMUSnapshotInfo sn;
1352     bool created;
1353 } InternalSnapshotState;
1354 
1355 
1356 static int action_check_completion_mode(BlkActionState *s, Error **errp)
1357 {
1358     if (s->txn_props->completion_mode != ACTION_COMPLETION_MODE_INDIVIDUAL) {
1359         error_setg(errp,
1360                    "Action '%s' does not support Transaction property "
1361                    "completion-mode = %s",
1362                    TransactionActionKind_str(s->action->type),
1363                    ActionCompletionMode_str(s->txn_props->completion_mode));
1364         return -1;
1365     }
1366     return 0;
1367 }
1368 
1369 static void internal_snapshot_prepare(BlkActionState *common,
1370                                       Error **errp)
1371 {
1372     Error *local_err = NULL;
1373     const char *device;
1374     const char *name;
1375     BlockDriverState *bs;
1376     QEMUSnapshotInfo old_sn, *sn;
1377     bool ret;
1378     qemu_timeval tv;
1379     BlockdevSnapshotInternal *internal;
1380     InternalSnapshotState *state;
1381     AioContext *aio_context;
1382     int ret1;
1383 
1384     g_assert(common->action->type ==
1385              TRANSACTION_ACTION_KIND_BLOCKDEV_SNAPSHOT_INTERNAL_SYNC);
1386     internal = common->action->u.blockdev_snapshot_internal_sync.data;
1387     state = DO_UPCAST(InternalSnapshotState, common, common);
1388 
1389     /* 1. parse input */
1390     device = internal->device;
1391     name = internal->name;
1392 
1393     /* 2. check for validation */
1394     if (action_check_completion_mode(common, errp) < 0) {
1395         return;
1396     }
1397 
1398     bs = qmp_get_root_bs(device, errp);
1399     if (!bs) {
1400         return;
1401     }
1402 
1403     aio_context = bdrv_get_aio_context(bs);
1404     aio_context_acquire(aio_context);
1405 
1406     state->bs = bs;
1407 
1408     /* Paired with .clean() */
1409     bdrv_drained_begin(bs);
1410 
1411     if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_INTERNAL_SNAPSHOT, errp)) {
1412         goto out;
1413     }
1414 
1415     if (bdrv_is_read_only(bs)) {
1416         error_setg(errp, "Device '%s' is read only", device);
1417         goto out;
1418     }
1419 
1420     if (!bdrv_can_snapshot(bs)) {
1421         error_setg(errp, "Block format '%s' used by device '%s' "
1422                    "does not support internal snapshots",
1423                    bs->drv->format_name, device);
1424         goto out;
1425     }
1426 
1427     if (!strlen(name)) {
1428         error_setg(errp, "Name is empty");
1429         goto out;
1430     }
1431 
1432     /* check whether a snapshot with name exist */
1433     ret = bdrv_snapshot_find_by_id_and_name(bs, NULL, name, &old_sn,
1434                                             &local_err);
1435     if (local_err) {
1436         error_propagate(errp, local_err);
1437         goto out;
1438     } else if (ret) {
1439         error_setg(errp,
1440                    "Snapshot with name '%s' already exists on device '%s'",
1441                    name, device);
1442         goto out;
1443     }
1444 
1445     /* 3. take the snapshot */
1446     sn = &state->sn;
1447     pstrcpy(sn->name, sizeof(sn->name), name);
1448     qemu_gettimeofday(&tv);
1449     sn->date_sec = tv.tv_sec;
1450     sn->date_nsec = tv.tv_usec * 1000;
1451     sn->vm_clock_nsec = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
1452 
1453     ret1 = bdrv_snapshot_create(bs, sn);
1454     if (ret1 < 0) {
1455         error_setg_errno(errp, -ret1,
1456                          "Failed to create snapshot '%s' on device '%s'",
1457                          name, device);
1458         goto out;
1459     }
1460 
1461     /* 4. succeed, mark a snapshot is created */
1462     state->created = true;
1463 
1464 out:
1465     aio_context_release(aio_context);
1466 }
1467 
1468 static void internal_snapshot_abort(BlkActionState *common)
1469 {
1470     InternalSnapshotState *state =
1471                              DO_UPCAST(InternalSnapshotState, common, common);
1472     BlockDriverState *bs = state->bs;
1473     QEMUSnapshotInfo *sn = &state->sn;
1474     AioContext *aio_context;
1475     Error *local_error = NULL;
1476 
1477     if (!state->created) {
1478         return;
1479     }
1480 
1481     aio_context = bdrv_get_aio_context(state->bs);
1482     aio_context_acquire(aio_context);
1483 
1484     if (bdrv_snapshot_delete(bs, sn->id_str, sn->name, &local_error) < 0) {
1485         error_reportf_err(local_error,
1486                           "Failed to delete snapshot with id '%s' and "
1487                           "name '%s' on device '%s' in abort: ",
1488                           sn->id_str, sn->name,
1489                           bdrv_get_device_name(bs));
1490     }
1491 
1492     aio_context_release(aio_context);
1493 }
1494 
1495 static void internal_snapshot_clean(BlkActionState *common)
1496 {
1497     InternalSnapshotState *state = DO_UPCAST(InternalSnapshotState,
1498                                              common, common);
1499     AioContext *aio_context;
1500 
1501     if (!state->bs) {
1502         return;
1503     }
1504 
1505     aio_context = bdrv_get_aio_context(state->bs);
1506     aio_context_acquire(aio_context);
1507 
1508     bdrv_drained_end(state->bs);
1509 
1510     aio_context_release(aio_context);
1511 }
1512 
1513 /* external snapshot private data */
1514 typedef struct ExternalSnapshotState {
1515     BlkActionState common;
1516     BlockDriverState *old_bs;
1517     BlockDriverState *new_bs;
1518     bool overlay_appended;
1519 } ExternalSnapshotState;
1520 
1521 static void external_snapshot_prepare(BlkActionState *common,
1522                                       Error **errp)
1523 {
1524     int flags = 0;
1525     QDict *options = NULL;
1526     Error *local_err = NULL;
1527     /* Device and node name of the image to generate the snapshot from */
1528     const char *device;
1529     const char *node_name;
1530     /* Reference to the new image (for 'blockdev-snapshot') */
1531     const char *snapshot_ref;
1532     /* File name of the new image (for 'blockdev-snapshot-sync') */
1533     const char *new_image_file;
1534     ExternalSnapshotState *state =
1535                              DO_UPCAST(ExternalSnapshotState, common, common);
1536     TransactionAction *action = common->action;
1537     AioContext *aio_context;
1538     int ret;
1539 
1540     /* 'blockdev-snapshot' and 'blockdev-snapshot-sync' have similar
1541      * purpose but a different set of parameters */
1542     switch (action->type) {
1543     case TRANSACTION_ACTION_KIND_BLOCKDEV_SNAPSHOT:
1544         {
1545             BlockdevSnapshot *s = action->u.blockdev_snapshot.data;
1546             device = s->node;
1547             node_name = s->node;
1548             new_image_file = NULL;
1549             snapshot_ref = s->overlay;
1550         }
1551         break;
1552     case TRANSACTION_ACTION_KIND_BLOCKDEV_SNAPSHOT_SYNC:
1553         {
1554             BlockdevSnapshotSync *s = action->u.blockdev_snapshot_sync.data;
1555             device = s->has_device ? s->device : NULL;
1556             node_name = s->has_node_name ? s->node_name : NULL;
1557             new_image_file = s->snapshot_file;
1558             snapshot_ref = NULL;
1559         }
1560         break;
1561     default:
1562         g_assert_not_reached();
1563     }
1564 
1565     /* start processing */
1566     if (action_check_completion_mode(common, errp) < 0) {
1567         return;
1568     }
1569 
1570     state->old_bs = bdrv_lookup_bs(device, node_name, errp);
1571     if (!state->old_bs) {
1572         return;
1573     }
1574 
1575     aio_context = bdrv_get_aio_context(state->old_bs);
1576     aio_context_acquire(aio_context);
1577 
1578     /* Paired with .clean() */
1579     bdrv_drained_begin(state->old_bs);
1580 
1581     if (!bdrv_is_inserted(state->old_bs)) {
1582         error_setg(errp, QERR_DEVICE_HAS_NO_MEDIUM, device);
1583         goto out;
1584     }
1585 
1586     if (bdrv_op_is_blocked(state->old_bs,
1587                            BLOCK_OP_TYPE_EXTERNAL_SNAPSHOT, errp)) {
1588         goto out;
1589     }
1590 
1591     if (!bdrv_is_read_only(state->old_bs)) {
1592         if (bdrv_flush(state->old_bs)) {
1593             error_setg(errp, QERR_IO_ERROR);
1594             goto out;
1595         }
1596     }
1597 
1598     if (!bdrv_is_first_non_filter(state->old_bs)) {
1599         error_setg(errp, QERR_FEATURE_DISABLED, "snapshot");
1600         goto out;
1601     }
1602 
1603     if (action->type == TRANSACTION_ACTION_KIND_BLOCKDEV_SNAPSHOT_SYNC) {
1604         BlockdevSnapshotSync *s = action->u.blockdev_snapshot_sync.data;
1605         const char *format = s->has_format ? s->format : "qcow2";
1606         enum NewImageMode mode;
1607         const char *snapshot_node_name =
1608             s->has_snapshot_node_name ? s->snapshot_node_name : NULL;
1609 
1610         if (node_name && !snapshot_node_name) {
1611             error_setg(errp, "New overlay node name missing");
1612             goto out;
1613         }
1614 
1615         if (snapshot_node_name &&
1616             bdrv_lookup_bs(snapshot_node_name, snapshot_node_name, NULL)) {
1617             error_setg(errp, "New overlay node name already in use");
1618             goto out;
1619         }
1620 
1621         flags = state->old_bs->open_flags;
1622         flags &= ~(BDRV_O_SNAPSHOT | BDRV_O_COPY_ON_READ);
1623         flags |= BDRV_O_NO_BACKING;
1624 
1625         /* create new image w/backing file */
1626         mode = s->has_mode ? s->mode : NEW_IMAGE_MODE_ABSOLUTE_PATHS;
1627         if (mode != NEW_IMAGE_MODE_EXISTING) {
1628             int64_t size = bdrv_getlength(state->old_bs);
1629             if (size < 0) {
1630                 error_setg_errno(errp, -size, "bdrv_getlength failed");
1631                 goto out;
1632             }
1633             bdrv_refresh_filename(state->old_bs);
1634             bdrv_img_create(new_image_file, format,
1635                             state->old_bs->filename,
1636                             state->old_bs->drv->format_name,
1637                             NULL, size, flags, false, &local_err);
1638             if (local_err) {
1639                 error_propagate(errp, local_err);
1640                 goto out;
1641             }
1642         }
1643 
1644         options = qdict_new();
1645         if (snapshot_node_name) {
1646             qdict_put_str(options, "node-name", snapshot_node_name);
1647         }
1648         qdict_put_str(options, "driver", format);
1649     }
1650 
1651     state->new_bs = bdrv_open(new_image_file, snapshot_ref, options, flags,
1652                               errp);
1653     /* We will manually add the backing_hd field to the bs later */
1654     if (!state->new_bs) {
1655         goto out;
1656     }
1657 
1658     if (bdrv_has_blk(state->new_bs)) {
1659         error_setg(errp, "The overlay is already in use");
1660         goto out;
1661     }
1662 
1663     if (bdrv_op_is_blocked(state->new_bs, BLOCK_OP_TYPE_EXTERNAL_SNAPSHOT,
1664                            errp)) {
1665         goto out;
1666     }
1667 
1668     if (state->new_bs->backing != NULL) {
1669         error_setg(errp, "The overlay already has a backing image");
1670         goto out;
1671     }
1672 
1673     if (!state->new_bs->drv->supports_backing) {
1674         error_setg(errp, "The overlay does not support backing images");
1675         goto out;
1676     }
1677 
1678     ret = bdrv_try_set_aio_context(state->new_bs, aio_context, errp);
1679     if (ret < 0) {
1680         goto out;
1681     }
1682 
1683     /* This removes our old bs and adds the new bs. This is an operation that
1684      * can fail, so we need to do it in .prepare; undoing it for abort is
1685      * always possible. */
1686     bdrv_ref(state->new_bs);
1687     bdrv_append(state->new_bs, state->old_bs, &local_err);
1688     if (local_err) {
1689         error_propagate(errp, local_err);
1690         goto out;
1691     }
1692     state->overlay_appended = true;
1693 
1694 out:
1695     aio_context_release(aio_context);
1696 }
1697 
1698 static void external_snapshot_commit(BlkActionState *common)
1699 {
1700     ExternalSnapshotState *state =
1701                              DO_UPCAST(ExternalSnapshotState, common, common);
1702     AioContext *aio_context;
1703 
1704     aio_context = bdrv_get_aio_context(state->old_bs);
1705     aio_context_acquire(aio_context);
1706 
1707     /* We don't need (or want) to use the transactional
1708      * bdrv_reopen_multiple() across all the entries at once, because we
1709      * don't want to abort all of them if one of them fails the reopen */
1710     if (!atomic_read(&state->old_bs->copy_on_read)) {
1711         bdrv_reopen_set_read_only(state->old_bs, true, NULL);
1712     }
1713 
1714     aio_context_release(aio_context);
1715 }
1716 
1717 static void external_snapshot_abort(BlkActionState *common)
1718 {
1719     ExternalSnapshotState *state =
1720                              DO_UPCAST(ExternalSnapshotState, common, common);
1721     if (state->new_bs) {
1722         if (state->overlay_appended) {
1723             AioContext *aio_context;
1724 
1725             aio_context = bdrv_get_aio_context(state->old_bs);
1726             aio_context_acquire(aio_context);
1727 
1728             bdrv_ref(state->old_bs);   /* we can't let bdrv_set_backind_hd()
1729                                           close state->old_bs; we need it */
1730             bdrv_set_backing_hd(state->new_bs, NULL, &error_abort);
1731             bdrv_replace_node(state->new_bs, state->old_bs, &error_abort);
1732             bdrv_unref(state->old_bs); /* bdrv_replace_node() ref'ed old_bs */
1733 
1734             aio_context_release(aio_context);
1735         }
1736     }
1737 }
1738 
1739 static void external_snapshot_clean(BlkActionState *common)
1740 {
1741     ExternalSnapshotState *state =
1742                              DO_UPCAST(ExternalSnapshotState, common, common);
1743     AioContext *aio_context;
1744 
1745     if (!state->old_bs) {
1746         return;
1747     }
1748 
1749     aio_context = bdrv_get_aio_context(state->old_bs);
1750     aio_context_acquire(aio_context);
1751 
1752     bdrv_drained_end(state->old_bs);
1753     bdrv_unref(state->new_bs);
1754 
1755     aio_context_release(aio_context);
1756 }
1757 
1758 typedef struct DriveBackupState {
1759     BlkActionState common;
1760     BlockDriverState *bs;
1761     BlockJob *job;
1762 } DriveBackupState;
1763 
1764 static BlockJob *do_drive_backup(DriveBackup *backup, JobTxn *txn,
1765                             Error **errp);
1766 
1767 static void drive_backup_prepare(BlkActionState *common, Error **errp)
1768 {
1769     DriveBackupState *state = DO_UPCAST(DriveBackupState, common, common);
1770     BlockDriverState *bs;
1771     DriveBackup *backup;
1772     AioContext *aio_context;
1773     Error *local_err = NULL;
1774 
1775     assert(common->action->type == TRANSACTION_ACTION_KIND_DRIVE_BACKUP);
1776     backup = common->action->u.drive_backup.data;
1777 
1778     bs = bdrv_lookup_bs(backup->device, backup->device, errp);
1779     if (!bs) {
1780         return;
1781     }
1782 
1783     aio_context = bdrv_get_aio_context(bs);
1784     aio_context_acquire(aio_context);
1785 
1786     /* Paired with .clean() */
1787     bdrv_drained_begin(bs);
1788 
1789     state->bs = bs;
1790 
1791     state->job = do_drive_backup(backup, common->block_job_txn, &local_err);
1792     if (local_err) {
1793         error_propagate(errp, local_err);
1794         goto out;
1795     }
1796 
1797 out:
1798     aio_context_release(aio_context);
1799 }
1800 
1801 static void drive_backup_commit(BlkActionState *common)
1802 {
1803     DriveBackupState *state = DO_UPCAST(DriveBackupState, common, common);
1804     AioContext *aio_context;
1805 
1806     aio_context = bdrv_get_aio_context(state->bs);
1807     aio_context_acquire(aio_context);
1808 
1809     assert(state->job);
1810     job_start(&state->job->job);
1811 
1812     aio_context_release(aio_context);
1813 }
1814 
1815 static void drive_backup_abort(BlkActionState *common)
1816 {
1817     DriveBackupState *state = DO_UPCAST(DriveBackupState, common, common);
1818 
1819     if (state->job) {
1820         AioContext *aio_context;
1821 
1822         aio_context = bdrv_get_aio_context(state->bs);
1823         aio_context_acquire(aio_context);
1824 
1825         job_cancel_sync(&state->job->job);
1826 
1827         aio_context_release(aio_context);
1828     }
1829 }
1830 
1831 static void drive_backup_clean(BlkActionState *common)
1832 {
1833     DriveBackupState *state = DO_UPCAST(DriveBackupState, common, common);
1834     AioContext *aio_context;
1835 
1836     if (!state->bs) {
1837         return;
1838     }
1839 
1840     aio_context = bdrv_get_aio_context(state->bs);
1841     aio_context_acquire(aio_context);
1842 
1843     bdrv_drained_end(state->bs);
1844 
1845     aio_context_release(aio_context);
1846 }
1847 
1848 typedef struct BlockdevBackupState {
1849     BlkActionState common;
1850     BlockDriverState *bs;
1851     BlockJob *job;
1852 } BlockdevBackupState;
1853 
1854 static BlockJob *do_blockdev_backup(BlockdevBackup *backup, JobTxn *txn,
1855                                     Error **errp);
1856 
1857 static void blockdev_backup_prepare(BlkActionState *common, Error **errp)
1858 {
1859     BlockdevBackupState *state = DO_UPCAST(BlockdevBackupState, common, common);
1860     BlockdevBackup *backup;
1861     BlockDriverState *bs, *target;
1862     AioContext *aio_context;
1863     Error *local_err = NULL;
1864 
1865     assert(common->action->type == TRANSACTION_ACTION_KIND_BLOCKDEV_BACKUP);
1866     backup = common->action->u.blockdev_backup.data;
1867 
1868     bs = bdrv_lookup_bs(backup->device, backup->device, errp);
1869     if (!bs) {
1870         return;
1871     }
1872 
1873     target = bdrv_lookup_bs(backup->target, backup->target, errp);
1874     if (!target) {
1875         return;
1876     }
1877 
1878     aio_context = bdrv_get_aio_context(bs);
1879     aio_context_acquire(aio_context);
1880     state->bs = bs;
1881 
1882     /* Paired with .clean() */
1883     bdrv_drained_begin(state->bs);
1884 
1885     state->job = do_blockdev_backup(backup, common->block_job_txn, &local_err);
1886     if (local_err) {
1887         error_propagate(errp, local_err);
1888         goto out;
1889     }
1890 
1891 out:
1892     aio_context_release(aio_context);
1893 }
1894 
1895 static void blockdev_backup_commit(BlkActionState *common)
1896 {
1897     BlockdevBackupState *state = DO_UPCAST(BlockdevBackupState, common, common);
1898     AioContext *aio_context;
1899 
1900     aio_context = bdrv_get_aio_context(state->bs);
1901     aio_context_acquire(aio_context);
1902 
1903     assert(state->job);
1904     job_start(&state->job->job);
1905 
1906     aio_context_release(aio_context);
1907 }
1908 
1909 static void blockdev_backup_abort(BlkActionState *common)
1910 {
1911     BlockdevBackupState *state = DO_UPCAST(BlockdevBackupState, common, common);
1912 
1913     if (state->job) {
1914         AioContext *aio_context;
1915 
1916         aio_context = bdrv_get_aio_context(state->bs);
1917         aio_context_acquire(aio_context);
1918 
1919         job_cancel_sync(&state->job->job);
1920 
1921         aio_context_release(aio_context);
1922     }
1923 }
1924 
1925 static void blockdev_backup_clean(BlkActionState *common)
1926 {
1927     BlockdevBackupState *state = DO_UPCAST(BlockdevBackupState, common, common);
1928     AioContext *aio_context;
1929 
1930     if (!state->bs) {
1931         return;
1932     }
1933 
1934     aio_context = bdrv_get_aio_context(state->bs);
1935     aio_context_acquire(aio_context);
1936 
1937     bdrv_drained_end(state->bs);
1938 
1939     aio_context_release(aio_context);
1940 }
1941 
1942 typedef struct BlockDirtyBitmapState {
1943     BlkActionState common;
1944     BdrvDirtyBitmap *bitmap;
1945     BlockDriverState *bs;
1946     HBitmap *backup;
1947     bool prepared;
1948     bool was_enabled;
1949 } BlockDirtyBitmapState;
1950 
1951 static void block_dirty_bitmap_add_prepare(BlkActionState *common,
1952                                            Error **errp)
1953 {
1954     Error *local_err = NULL;
1955     BlockDirtyBitmapAdd *action;
1956     BlockDirtyBitmapState *state = DO_UPCAST(BlockDirtyBitmapState,
1957                                              common, common);
1958 
1959     if (action_check_completion_mode(common, errp) < 0) {
1960         return;
1961     }
1962 
1963     action = common->action->u.block_dirty_bitmap_add.data;
1964     /* AIO context taken and released within qmp_block_dirty_bitmap_add */
1965     qmp_block_dirty_bitmap_add(action->node, action->name,
1966                                action->has_granularity, action->granularity,
1967                                action->has_persistent, action->persistent,
1968                                action->has_disabled, action->disabled,
1969                                &local_err);
1970 
1971     if (!local_err) {
1972         state->prepared = true;
1973     } else {
1974         error_propagate(errp, local_err);
1975     }
1976 }
1977 
1978 static void block_dirty_bitmap_add_abort(BlkActionState *common)
1979 {
1980     BlockDirtyBitmapAdd *action;
1981     BlockDirtyBitmapState *state = DO_UPCAST(BlockDirtyBitmapState,
1982                                              common, common);
1983 
1984     action = common->action->u.block_dirty_bitmap_add.data;
1985     /* Should not be able to fail: IF the bitmap was added via .prepare(),
1986      * then the node reference and bitmap name must have been valid.
1987      */
1988     if (state->prepared) {
1989         qmp_block_dirty_bitmap_remove(action->node, action->name, &error_abort);
1990     }
1991 }
1992 
1993 static void block_dirty_bitmap_clear_prepare(BlkActionState *common,
1994                                              Error **errp)
1995 {
1996     BlockDirtyBitmapState *state = DO_UPCAST(BlockDirtyBitmapState,
1997                                              common, common);
1998     BlockDirtyBitmap *action;
1999 
2000     if (action_check_completion_mode(common, errp) < 0) {
2001         return;
2002     }
2003 
2004     action = common->action->u.block_dirty_bitmap_clear.data;
2005     state->bitmap = block_dirty_bitmap_lookup(action->node,
2006                                               action->name,
2007                                               &state->bs,
2008                                               errp);
2009     if (!state->bitmap) {
2010         return;
2011     }
2012 
2013     if (bdrv_dirty_bitmap_check(state->bitmap, BDRV_BITMAP_DEFAULT, errp)) {
2014         return;
2015     }
2016 
2017     bdrv_clear_dirty_bitmap(state->bitmap, &state->backup);
2018 }
2019 
2020 static void block_dirty_bitmap_restore(BlkActionState *common)
2021 {
2022     BlockDirtyBitmapState *state = DO_UPCAST(BlockDirtyBitmapState,
2023                                              common, common);
2024 
2025     if (state->backup) {
2026         bdrv_restore_dirty_bitmap(state->bitmap, state->backup);
2027     }
2028 }
2029 
2030 static void block_dirty_bitmap_free_backup(BlkActionState *common)
2031 {
2032     BlockDirtyBitmapState *state = DO_UPCAST(BlockDirtyBitmapState,
2033                                              common, common);
2034 
2035     hbitmap_free(state->backup);
2036 }
2037 
2038 static void block_dirty_bitmap_enable_prepare(BlkActionState *common,
2039                                               Error **errp)
2040 {
2041     BlockDirtyBitmap *action;
2042     BlockDirtyBitmapState *state = DO_UPCAST(BlockDirtyBitmapState,
2043                                              common, common);
2044 
2045     if (action_check_completion_mode(common, errp) < 0) {
2046         return;
2047     }
2048 
2049     action = common->action->u.block_dirty_bitmap_enable.data;
2050     state->bitmap = block_dirty_bitmap_lookup(action->node,
2051                                               action->name,
2052                                               NULL,
2053                                               errp);
2054     if (!state->bitmap) {
2055         return;
2056     }
2057 
2058     if (bdrv_dirty_bitmap_check(state->bitmap, BDRV_BITMAP_ALLOW_RO, errp)) {
2059         return;
2060     }
2061 
2062     state->was_enabled = bdrv_dirty_bitmap_enabled(state->bitmap);
2063     bdrv_enable_dirty_bitmap(state->bitmap);
2064 }
2065 
2066 static void block_dirty_bitmap_enable_abort(BlkActionState *common)
2067 {
2068     BlockDirtyBitmapState *state = DO_UPCAST(BlockDirtyBitmapState,
2069                                              common, common);
2070 
2071     if (!state->was_enabled) {
2072         bdrv_disable_dirty_bitmap(state->bitmap);
2073     }
2074 }
2075 
2076 static void block_dirty_bitmap_disable_prepare(BlkActionState *common,
2077                                                Error **errp)
2078 {
2079     BlockDirtyBitmap *action;
2080     BlockDirtyBitmapState *state = DO_UPCAST(BlockDirtyBitmapState,
2081                                              common, common);
2082 
2083     if (action_check_completion_mode(common, errp) < 0) {
2084         return;
2085     }
2086 
2087     action = common->action->u.block_dirty_bitmap_disable.data;
2088     state->bitmap = block_dirty_bitmap_lookup(action->node,
2089                                               action->name,
2090                                               NULL,
2091                                               errp);
2092     if (!state->bitmap) {
2093         return;
2094     }
2095 
2096     if (bdrv_dirty_bitmap_check(state->bitmap, BDRV_BITMAP_ALLOW_RO, errp)) {
2097         return;
2098     }
2099 
2100     state->was_enabled = bdrv_dirty_bitmap_enabled(state->bitmap);
2101     bdrv_disable_dirty_bitmap(state->bitmap);
2102 }
2103 
2104 static void block_dirty_bitmap_disable_abort(BlkActionState *common)
2105 {
2106     BlockDirtyBitmapState *state = DO_UPCAST(BlockDirtyBitmapState,
2107                                              common, common);
2108 
2109     if (state->was_enabled) {
2110         bdrv_enable_dirty_bitmap(state->bitmap);
2111     }
2112 }
2113 
2114 static BdrvDirtyBitmap *do_block_dirty_bitmap_merge(
2115         const char *node, const char *target,
2116         BlockDirtyBitmapMergeSourceList *bitmaps,
2117         HBitmap **backup, Error **errp);
2118 
2119 static void block_dirty_bitmap_merge_prepare(BlkActionState *common,
2120                                              Error **errp)
2121 {
2122     BlockDirtyBitmapMerge *action;
2123     BlockDirtyBitmapState *state = DO_UPCAST(BlockDirtyBitmapState,
2124                                              common, common);
2125 
2126     if (action_check_completion_mode(common, errp) < 0) {
2127         return;
2128     }
2129 
2130     action = common->action->u.block_dirty_bitmap_merge.data;
2131 
2132     state->bitmap = do_block_dirty_bitmap_merge(action->node, action->target,
2133                                                 action->bitmaps, &state->backup,
2134                                                 errp);
2135 }
2136 
2137 static BdrvDirtyBitmap *do_block_dirty_bitmap_remove(
2138         const char *node, const char *name, bool release,
2139         BlockDriverState **bitmap_bs, Error **errp);
2140 
2141 static void block_dirty_bitmap_remove_prepare(BlkActionState *common,
2142                                               Error **errp)
2143 {
2144     BlockDirtyBitmap *action;
2145     BlockDirtyBitmapState *state = DO_UPCAST(BlockDirtyBitmapState,
2146                                              common, common);
2147 
2148     if (action_check_completion_mode(common, errp) < 0) {
2149         return;
2150     }
2151 
2152     action = common->action->u.block_dirty_bitmap_remove.data;
2153 
2154     state->bitmap = do_block_dirty_bitmap_remove(action->node, action->name,
2155                                                  false, &state->bs, errp);
2156     if (state->bitmap) {
2157         bdrv_dirty_bitmap_skip_store(state->bitmap, true);
2158         bdrv_dirty_bitmap_set_busy(state->bitmap, true);
2159     }
2160 }
2161 
2162 static void block_dirty_bitmap_remove_abort(BlkActionState *common)
2163 {
2164     BlockDirtyBitmapState *state = DO_UPCAST(BlockDirtyBitmapState,
2165                                              common, common);
2166 
2167     if (state->bitmap) {
2168         bdrv_dirty_bitmap_skip_store(state->bitmap, false);
2169         bdrv_dirty_bitmap_set_busy(state->bitmap, false);
2170     }
2171 }
2172 
2173 static void block_dirty_bitmap_remove_commit(BlkActionState *common)
2174 {
2175     BlockDirtyBitmapState *state = DO_UPCAST(BlockDirtyBitmapState,
2176                                              common, common);
2177 
2178     bdrv_dirty_bitmap_set_busy(state->bitmap, false);
2179     bdrv_release_dirty_bitmap(state->bitmap);
2180 }
2181 
2182 static void abort_prepare(BlkActionState *common, Error **errp)
2183 {
2184     error_setg(errp, "Transaction aborted using Abort action");
2185 }
2186 
2187 static void abort_commit(BlkActionState *common)
2188 {
2189     g_assert_not_reached(); /* this action never succeeds */
2190 }
2191 
2192 static const BlkActionOps actions[] = {
2193     [TRANSACTION_ACTION_KIND_BLOCKDEV_SNAPSHOT] = {
2194         .instance_size = sizeof(ExternalSnapshotState),
2195         .prepare  = external_snapshot_prepare,
2196         .commit   = external_snapshot_commit,
2197         .abort = external_snapshot_abort,
2198         .clean = external_snapshot_clean,
2199     },
2200     [TRANSACTION_ACTION_KIND_BLOCKDEV_SNAPSHOT_SYNC] = {
2201         .instance_size = sizeof(ExternalSnapshotState),
2202         .prepare  = external_snapshot_prepare,
2203         .commit   = external_snapshot_commit,
2204         .abort = external_snapshot_abort,
2205         .clean = external_snapshot_clean,
2206     },
2207     [TRANSACTION_ACTION_KIND_DRIVE_BACKUP] = {
2208         .instance_size = sizeof(DriveBackupState),
2209         .prepare = drive_backup_prepare,
2210         .commit = drive_backup_commit,
2211         .abort = drive_backup_abort,
2212         .clean = drive_backup_clean,
2213     },
2214     [TRANSACTION_ACTION_KIND_BLOCKDEV_BACKUP] = {
2215         .instance_size = sizeof(BlockdevBackupState),
2216         .prepare = blockdev_backup_prepare,
2217         .commit = blockdev_backup_commit,
2218         .abort = blockdev_backup_abort,
2219         .clean = blockdev_backup_clean,
2220     },
2221     [TRANSACTION_ACTION_KIND_ABORT] = {
2222         .instance_size = sizeof(BlkActionState),
2223         .prepare = abort_prepare,
2224         .commit = abort_commit,
2225     },
2226     [TRANSACTION_ACTION_KIND_BLOCKDEV_SNAPSHOT_INTERNAL_SYNC] = {
2227         .instance_size = sizeof(InternalSnapshotState),
2228         .prepare  = internal_snapshot_prepare,
2229         .abort = internal_snapshot_abort,
2230         .clean = internal_snapshot_clean,
2231     },
2232     [TRANSACTION_ACTION_KIND_BLOCK_DIRTY_BITMAP_ADD] = {
2233         .instance_size = sizeof(BlockDirtyBitmapState),
2234         .prepare = block_dirty_bitmap_add_prepare,
2235         .abort = block_dirty_bitmap_add_abort,
2236     },
2237     [TRANSACTION_ACTION_KIND_BLOCK_DIRTY_BITMAP_CLEAR] = {
2238         .instance_size = sizeof(BlockDirtyBitmapState),
2239         .prepare = block_dirty_bitmap_clear_prepare,
2240         .commit = block_dirty_bitmap_free_backup,
2241         .abort = block_dirty_bitmap_restore,
2242     },
2243     [TRANSACTION_ACTION_KIND_BLOCK_DIRTY_BITMAP_ENABLE] = {
2244         .instance_size = sizeof(BlockDirtyBitmapState),
2245         .prepare = block_dirty_bitmap_enable_prepare,
2246         .abort = block_dirty_bitmap_enable_abort,
2247     },
2248     [TRANSACTION_ACTION_KIND_BLOCK_DIRTY_BITMAP_DISABLE] = {
2249         .instance_size = sizeof(BlockDirtyBitmapState),
2250         .prepare = block_dirty_bitmap_disable_prepare,
2251         .abort = block_dirty_bitmap_disable_abort,
2252     },
2253     [TRANSACTION_ACTION_KIND_BLOCK_DIRTY_BITMAP_MERGE] = {
2254         .instance_size = sizeof(BlockDirtyBitmapState),
2255         .prepare = block_dirty_bitmap_merge_prepare,
2256         .commit = block_dirty_bitmap_free_backup,
2257         .abort = block_dirty_bitmap_restore,
2258     },
2259     [TRANSACTION_ACTION_KIND_BLOCK_DIRTY_BITMAP_REMOVE] = {
2260         .instance_size = sizeof(BlockDirtyBitmapState),
2261         .prepare = block_dirty_bitmap_remove_prepare,
2262         .commit = block_dirty_bitmap_remove_commit,
2263         .abort = block_dirty_bitmap_remove_abort,
2264     },
2265     /* Where are transactions for MIRROR, COMMIT and STREAM?
2266      * Although these blockjobs use transaction callbacks like the backup job,
2267      * these jobs do not necessarily adhere to transaction semantics.
2268      * These jobs may not fully undo all of their actions on abort, nor do they
2269      * necessarily work in transactions with more than one job in them.
2270      */
2271 };
2272 
2273 /**
2274  * Allocate a TransactionProperties structure if necessary, and fill
2275  * that structure with desired defaults if they are unset.
2276  */
2277 static TransactionProperties *get_transaction_properties(
2278     TransactionProperties *props)
2279 {
2280     if (!props) {
2281         props = g_new0(TransactionProperties, 1);
2282     }
2283 
2284     if (!props->has_completion_mode) {
2285         props->has_completion_mode = true;
2286         props->completion_mode = ACTION_COMPLETION_MODE_INDIVIDUAL;
2287     }
2288 
2289     return props;
2290 }
2291 
2292 /*
2293  * 'Atomic' group operations.  The operations are performed as a set, and if
2294  * any fail then we roll back all operations in the group.
2295  */
2296 void qmp_transaction(TransactionActionList *dev_list,
2297                      bool has_props,
2298                      struct TransactionProperties *props,
2299                      Error **errp)
2300 {
2301     TransactionActionList *dev_entry = dev_list;
2302     JobTxn *block_job_txn = NULL;
2303     BlkActionState *state, *next;
2304     Error *local_err = NULL;
2305 
2306     QTAILQ_HEAD(, BlkActionState) snap_bdrv_states;
2307     QTAILQ_INIT(&snap_bdrv_states);
2308 
2309     /* Does this transaction get canceled as a group on failure?
2310      * If not, we don't really need to make a JobTxn.
2311      */
2312     props = get_transaction_properties(props);
2313     if (props->completion_mode != ACTION_COMPLETION_MODE_INDIVIDUAL) {
2314         block_job_txn = job_txn_new();
2315     }
2316 
2317     /* drain all i/o before any operations */
2318     bdrv_drain_all();
2319 
2320     /* We don't do anything in this loop that commits us to the operations */
2321     while (NULL != dev_entry) {
2322         TransactionAction *dev_info = NULL;
2323         const BlkActionOps *ops;
2324 
2325         dev_info = dev_entry->value;
2326         dev_entry = dev_entry->next;
2327 
2328         assert(dev_info->type < ARRAY_SIZE(actions));
2329 
2330         ops = &actions[dev_info->type];
2331         assert(ops->instance_size > 0);
2332 
2333         state = g_malloc0(ops->instance_size);
2334         state->ops = ops;
2335         state->action = dev_info;
2336         state->block_job_txn = block_job_txn;
2337         state->txn_props = props;
2338         QTAILQ_INSERT_TAIL(&snap_bdrv_states, state, entry);
2339 
2340         state->ops->prepare(state, &local_err);
2341         if (local_err) {
2342             error_propagate(errp, local_err);
2343             goto delete_and_fail;
2344         }
2345     }
2346 
2347     QTAILQ_FOREACH(state, &snap_bdrv_states, entry) {
2348         if (state->ops->commit) {
2349             state->ops->commit(state);
2350         }
2351     }
2352 
2353     /* success */
2354     goto exit;
2355 
2356 delete_and_fail:
2357     /* failure, and it is all-or-none; roll back all operations */
2358     QTAILQ_FOREACH_REVERSE(state, &snap_bdrv_states, entry) {
2359         if (state->ops->abort) {
2360             state->ops->abort(state);
2361         }
2362     }
2363 exit:
2364     QTAILQ_FOREACH_SAFE(state, &snap_bdrv_states, entry, next) {
2365         if (state->ops->clean) {
2366             state->ops->clean(state);
2367         }
2368         g_free(state);
2369     }
2370     if (!has_props) {
2371         qapi_free_TransactionProperties(props);
2372     }
2373     job_txn_unref(block_job_txn);
2374 }
2375 
2376 void qmp_eject(bool has_device, const char *device,
2377                bool has_id, const char *id,
2378                bool has_force, bool force, Error **errp)
2379 {
2380     Error *local_err = NULL;
2381     int rc;
2382 
2383     if (!has_force) {
2384         force = false;
2385     }
2386 
2387     rc = do_open_tray(has_device ? device : NULL,
2388                       has_id ? id : NULL,
2389                       force, &local_err);
2390     if (rc && rc != -ENOSYS) {
2391         error_propagate(errp, local_err);
2392         return;
2393     }
2394     error_free(local_err);
2395 
2396     blockdev_remove_medium(has_device, device, has_id, id, errp);
2397 }
2398 
2399 void qmp_block_passwd(bool has_device, const char *device,
2400                       bool has_node_name, const char *node_name,
2401                       const char *password, Error **errp)
2402 {
2403     error_setg(errp,
2404                "Setting block passwords directly is no longer supported");
2405 }
2406 
2407 /*
2408  * Attempt to open the tray of @device.
2409  * If @force, ignore its tray lock.
2410  * Else, if the tray is locked, don't open it, but ask the guest to open it.
2411  * On error, store an error through @errp and return -errno.
2412  * If @device does not exist, return -ENODEV.
2413  * If it has no removable media, return -ENOTSUP.
2414  * If it has no tray, return -ENOSYS.
2415  * If the guest was asked to open the tray, return -EINPROGRESS.
2416  * Else, return 0.
2417  */
2418 static int do_open_tray(const char *blk_name, const char *qdev_id,
2419                         bool force, Error **errp)
2420 {
2421     BlockBackend *blk;
2422     const char *device = qdev_id ?: blk_name;
2423     bool locked;
2424 
2425     blk = qmp_get_blk(blk_name, qdev_id, errp);
2426     if (!blk) {
2427         return -ENODEV;
2428     }
2429 
2430     if (!blk_dev_has_removable_media(blk)) {
2431         error_setg(errp, "Device '%s' is not removable", device);
2432         return -ENOTSUP;
2433     }
2434 
2435     if (!blk_dev_has_tray(blk)) {
2436         error_setg(errp, "Device '%s' does not have a tray", device);
2437         return -ENOSYS;
2438     }
2439 
2440     if (blk_dev_is_tray_open(blk)) {
2441         return 0;
2442     }
2443 
2444     locked = blk_dev_is_medium_locked(blk);
2445     if (locked) {
2446         blk_dev_eject_request(blk, force);
2447     }
2448 
2449     if (!locked || force) {
2450         blk_dev_change_media_cb(blk, false, &error_abort);
2451     }
2452 
2453     if (locked && !force) {
2454         error_setg(errp, "Device '%s' is locked and force was not specified, "
2455                    "wait for tray to open and try again", device);
2456         return -EINPROGRESS;
2457     }
2458 
2459     return 0;
2460 }
2461 
2462 void qmp_blockdev_open_tray(bool has_device, const char *device,
2463                             bool has_id, const char *id,
2464                             bool has_force, bool force,
2465                             Error **errp)
2466 {
2467     Error *local_err = NULL;
2468     int rc;
2469 
2470     if (!has_force) {
2471         force = false;
2472     }
2473     rc = do_open_tray(has_device ? device : NULL,
2474                       has_id ? id : NULL,
2475                       force, &local_err);
2476     if (rc && rc != -ENOSYS && rc != -EINPROGRESS) {
2477         error_propagate(errp, local_err);
2478         return;
2479     }
2480     error_free(local_err);
2481 }
2482 
2483 void qmp_blockdev_close_tray(bool has_device, const char *device,
2484                              bool has_id, const char *id,
2485                              Error **errp)
2486 {
2487     BlockBackend *blk;
2488     Error *local_err = NULL;
2489 
2490     device = has_device ? device : NULL;
2491     id = has_id ? id : NULL;
2492 
2493     blk = qmp_get_blk(device, id, errp);
2494     if (!blk) {
2495         return;
2496     }
2497 
2498     if (!blk_dev_has_removable_media(blk)) {
2499         error_setg(errp, "Device '%s' is not removable", device ?: id);
2500         return;
2501     }
2502 
2503     if (!blk_dev_has_tray(blk)) {
2504         /* Ignore this command on tray-less devices */
2505         return;
2506     }
2507 
2508     if (!blk_dev_is_tray_open(blk)) {
2509         return;
2510     }
2511 
2512     blk_dev_change_media_cb(blk, true, &local_err);
2513     if (local_err) {
2514         error_propagate(errp, local_err);
2515         return;
2516     }
2517 }
2518 
2519 static void blockdev_remove_medium(bool has_device, const char *device,
2520                                    bool has_id, const char *id, Error **errp)
2521 {
2522     BlockBackend *blk;
2523     BlockDriverState *bs;
2524     AioContext *aio_context;
2525     bool has_attached_device;
2526 
2527     device = has_device ? device : NULL;
2528     id = has_id ? id : NULL;
2529 
2530     blk = qmp_get_blk(device, id, errp);
2531     if (!blk) {
2532         return;
2533     }
2534 
2535     /* For BBs without a device, we can exchange the BDS tree at will */
2536     has_attached_device = blk_get_attached_dev(blk);
2537 
2538     if (has_attached_device && !blk_dev_has_removable_media(blk)) {
2539         error_setg(errp, "Device '%s' is not removable", device ?: id);
2540         return;
2541     }
2542 
2543     if (has_attached_device && blk_dev_has_tray(blk) &&
2544         !blk_dev_is_tray_open(blk))
2545     {
2546         error_setg(errp, "Tray of device '%s' is not open", device ?: id);
2547         return;
2548     }
2549 
2550     bs = blk_bs(blk);
2551     if (!bs) {
2552         return;
2553     }
2554 
2555     aio_context = bdrv_get_aio_context(bs);
2556     aio_context_acquire(aio_context);
2557 
2558     if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_EJECT, errp)) {
2559         goto out;
2560     }
2561 
2562     blk_remove_bs(blk);
2563 
2564     if (!blk_dev_has_tray(blk)) {
2565         /* For tray-less devices, blockdev-open-tray is a no-op (or may not be
2566          * called at all); therefore, the medium needs to be ejected here.
2567          * Do it after blk_remove_bs() so blk_is_inserted(blk) returns the @load
2568          * value passed here (i.e. false). */
2569         blk_dev_change_media_cb(blk, false, &error_abort);
2570     }
2571 
2572 out:
2573     aio_context_release(aio_context);
2574 }
2575 
2576 void qmp_blockdev_remove_medium(const char *id, Error **errp)
2577 {
2578     blockdev_remove_medium(false, NULL, true, id, errp);
2579 }
2580 
2581 static void qmp_blockdev_insert_anon_medium(BlockBackend *blk,
2582                                             BlockDriverState *bs, Error **errp)
2583 {
2584     Error *local_err = NULL;
2585     bool has_device;
2586     int ret;
2587 
2588     /* For BBs without a device, we can exchange the BDS tree at will */
2589     has_device = blk_get_attached_dev(blk);
2590 
2591     if (has_device && !blk_dev_has_removable_media(blk)) {
2592         error_setg(errp, "Device is not removable");
2593         return;
2594     }
2595 
2596     if (has_device && blk_dev_has_tray(blk) && !blk_dev_is_tray_open(blk)) {
2597         error_setg(errp, "Tray of the device is not open");
2598         return;
2599     }
2600 
2601     if (blk_bs(blk)) {
2602         error_setg(errp, "There already is a medium in the device");
2603         return;
2604     }
2605 
2606     ret = blk_insert_bs(blk, bs, errp);
2607     if (ret < 0) {
2608         return;
2609     }
2610 
2611     if (!blk_dev_has_tray(blk)) {
2612         /* For tray-less devices, blockdev-close-tray is a no-op (or may not be
2613          * called at all); therefore, the medium needs to be pushed into the
2614          * slot here.
2615          * Do it after blk_insert_bs() so blk_is_inserted(blk) returns the @load
2616          * value passed here (i.e. true). */
2617         blk_dev_change_media_cb(blk, true, &local_err);
2618         if (local_err) {
2619             error_propagate(errp, local_err);
2620             blk_remove_bs(blk);
2621             return;
2622         }
2623     }
2624 }
2625 
2626 static void blockdev_insert_medium(bool has_device, const char *device,
2627                                    bool has_id, const char *id,
2628                                    const char *node_name, Error **errp)
2629 {
2630     BlockBackend *blk;
2631     BlockDriverState *bs;
2632 
2633     blk = qmp_get_blk(has_device ? device : NULL,
2634                       has_id ? id : NULL,
2635                       errp);
2636     if (!blk) {
2637         return;
2638     }
2639 
2640     bs = bdrv_find_node(node_name);
2641     if (!bs) {
2642         error_setg(errp, "Node '%s' not found", node_name);
2643         return;
2644     }
2645 
2646     if (bdrv_has_blk(bs)) {
2647         error_setg(errp, "Node '%s' is already in use", node_name);
2648         return;
2649     }
2650 
2651     qmp_blockdev_insert_anon_medium(blk, bs, errp);
2652 }
2653 
2654 void qmp_blockdev_insert_medium(const char *id, const char *node_name,
2655                                 Error **errp)
2656 {
2657     blockdev_insert_medium(false, NULL, true, id, node_name, errp);
2658 }
2659 
2660 void qmp_blockdev_change_medium(bool has_device, const char *device,
2661                                 bool has_id, const char *id,
2662                                 const char *filename,
2663                                 bool has_format, const char *format,
2664                                 bool has_read_only,
2665                                 BlockdevChangeReadOnlyMode read_only,
2666                                 Error **errp)
2667 {
2668     BlockBackend *blk;
2669     BlockDriverState *medium_bs = NULL;
2670     int bdrv_flags;
2671     bool detect_zeroes;
2672     int rc;
2673     QDict *options = NULL;
2674     Error *err = NULL;
2675 
2676     blk = qmp_get_blk(has_device ? device : NULL,
2677                       has_id ? id : NULL,
2678                       errp);
2679     if (!blk) {
2680         goto fail;
2681     }
2682 
2683     if (blk_bs(blk)) {
2684         blk_update_root_state(blk);
2685     }
2686 
2687     bdrv_flags = blk_get_open_flags_from_root_state(blk);
2688     bdrv_flags &= ~(BDRV_O_TEMPORARY | BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING |
2689         BDRV_O_PROTOCOL | BDRV_O_AUTO_RDONLY);
2690 
2691     if (!has_read_only) {
2692         read_only = BLOCKDEV_CHANGE_READ_ONLY_MODE_RETAIN;
2693     }
2694 
2695     switch (read_only) {
2696     case BLOCKDEV_CHANGE_READ_ONLY_MODE_RETAIN:
2697         break;
2698 
2699     case BLOCKDEV_CHANGE_READ_ONLY_MODE_READ_ONLY:
2700         bdrv_flags &= ~BDRV_O_RDWR;
2701         break;
2702 
2703     case BLOCKDEV_CHANGE_READ_ONLY_MODE_READ_WRITE:
2704         bdrv_flags |= BDRV_O_RDWR;
2705         break;
2706 
2707     default:
2708         abort();
2709     }
2710 
2711     options = qdict_new();
2712     detect_zeroes = blk_get_detect_zeroes_from_root_state(blk);
2713     qdict_put_str(options, "detect-zeroes", detect_zeroes ? "on" : "off");
2714 
2715     if (has_format) {
2716         qdict_put_str(options, "driver", format);
2717     }
2718 
2719     medium_bs = bdrv_open(filename, NULL, options, bdrv_flags, errp);
2720     if (!medium_bs) {
2721         goto fail;
2722     }
2723 
2724     rc = do_open_tray(has_device ? device : NULL,
2725                       has_id ? id : NULL,
2726                       false, &err);
2727     if (rc && rc != -ENOSYS) {
2728         error_propagate(errp, err);
2729         goto fail;
2730     }
2731     error_free(err);
2732     err = NULL;
2733 
2734     blockdev_remove_medium(has_device, device, has_id, id, &err);
2735     if (err) {
2736         error_propagate(errp, err);
2737         goto fail;
2738     }
2739 
2740     qmp_blockdev_insert_anon_medium(blk, medium_bs, &err);
2741     if (err) {
2742         error_propagate(errp, err);
2743         goto fail;
2744     }
2745 
2746     qmp_blockdev_close_tray(has_device, device, has_id, id, errp);
2747 
2748 fail:
2749     /* If the medium has been inserted, the device has its own reference, so
2750      * ours must be relinquished; and if it has not been inserted successfully,
2751      * the reference must be relinquished anyway */
2752     bdrv_unref(medium_bs);
2753 }
2754 
2755 /* throttling disk I/O limits */
2756 void qmp_block_set_io_throttle(BlockIOThrottle *arg, Error **errp)
2757 {
2758     ThrottleConfig cfg;
2759     BlockDriverState *bs;
2760     BlockBackend *blk;
2761     AioContext *aio_context;
2762 
2763     blk = qmp_get_blk(arg->has_device ? arg->device : NULL,
2764                       arg->has_id ? arg->id : NULL,
2765                       errp);
2766     if (!blk) {
2767         return;
2768     }
2769 
2770     aio_context = blk_get_aio_context(blk);
2771     aio_context_acquire(aio_context);
2772 
2773     bs = blk_bs(blk);
2774     if (!bs) {
2775         error_setg(errp, "Device has no medium");
2776         goto out;
2777     }
2778 
2779     throttle_config_init(&cfg);
2780     cfg.buckets[THROTTLE_BPS_TOTAL].avg = arg->bps;
2781     cfg.buckets[THROTTLE_BPS_READ].avg  = arg->bps_rd;
2782     cfg.buckets[THROTTLE_BPS_WRITE].avg = arg->bps_wr;
2783 
2784     cfg.buckets[THROTTLE_OPS_TOTAL].avg = arg->iops;
2785     cfg.buckets[THROTTLE_OPS_READ].avg  = arg->iops_rd;
2786     cfg.buckets[THROTTLE_OPS_WRITE].avg = arg->iops_wr;
2787 
2788     if (arg->has_bps_max) {
2789         cfg.buckets[THROTTLE_BPS_TOTAL].max = arg->bps_max;
2790     }
2791     if (arg->has_bps_rd_max) {
2792         cfg.buckets[THROTTLE_BPS_READ].max = arg->bps_rd_max;
2793     }
2794     if (arg->has_bps_wr_max) {
2795         cfg.buckets[THROTTLE_BPS_WRITE].max = arg->bps_wr_max;
2796     }
2797     if (arg->has_iops_max) {
2798         cfg.buckets[THROTTLE_OPS_TOTAL].max = arg->iops_max;
2799     }
2800     if (arg->has_iops_rd_max) {
2801         cfg.buckets[THROTTLE_OPS_READ].max = arg->iops_rd_max;
2802     }
2803     if (arg->has_iops_wr_max) {
2804         cfg.buckets[THROTTLE_OPS_WRITE].max = arg->iops_wr_max;
2805     }
2806 
2807     if (arg->has_bps_max_length) {
2808         cfg.buckets[THROTTLE_BPS_TOTAL].burst_length = arg->bps_max_length;
2809     }
2810     if (arg->has_bps_rd_max_length) {
2811         cfg.buckets[THROTTLE_BPS_READ].burst_length = arg->bps_rd_max_length;
2812     }
2813     if (arg->has_bps_wr_max_length) {
2814         cfg.buckets[THROTTLE_BPS_WRITE].burst_length = arg->bps_wr_max_length;
2815     }
2816     if (arg->has_iops_max_length) {
2817         cfg.buckets[THROTTLE_OPS_TOTAL].burst_length = arg->iops_max_length;
2818     }
2819     if (arg->has_iops_rd_max_length) {
2820         cfg.buckets[THROTTLE_OPS_READ].burst_length = arg->iops_rd_max_length;
2821     }
2822     if (arg->has_iops_wr_max_length) {
2823         cfg.buckets[THROTTLE_OPS_WRITE].burst_length = arg->iops_wr_max_length;
2824     }
2825 
2826     if (arg->has_iops_size) {
2827         cfg.op_size = arg->iops_size;
2828     }
2829 
2830     if (!throttle_is_valid(&cfg, errp)) {
2831         goto out;
2832     }
2833 
2834     if (throttle_enabled(&cfg)) {
2835         /* Enable I/O limits if they're not enabled yet, otherwise
2836          * just update the throttling group. */
2837         if (!blk_get_public(blk)->throttle_group_member.throttle_state) {
2838             blk_io_limits_enable(blk,
2839                                  arg->has_group ? arg->group :
2840                                  arg->has_device ? arg->device :
2841                                  arg->id);
2842         } else if (arg->has_group) {
2843             blk_io_limits_update_group(blk, arg->group);
2844         }
2845         /* Set the new throttling configuration */
2846         blk_set_io_limits(blk, &cfg);
2847     } else if (blk_get_public(blk)->throttle_group_member.throttle_state) {
2848         /* If all throttling settings are set to 0, disable I/O limits */
2849         blk_io_limits_disable(blk);
2850     }
2851 
2852 out:
2853     aio_context_release(aio_context);
2854 }
2855 
2856 void qmp_block_dirty_bitmap_add(const char *node, const char *name,
2857                                 bool has_granularity, uint32_t granularity,
2858                                 bool has_persistent, bool persistent,
2859                                 bool has_disabled, bool disabled,
2860                                 Error **errp)
2861 {
2862     BlockDriverState *bs;
2863     BdrvDirtyBitmap *bitmap;
2864 
2865     if (!name || name[0] == '\0') {
2866         error_setg(errp, "Bitmap name cannot be empty");
2867         return;
2868     }
2869 
2870     bs = bdrv_lookup_bs(node, node, errp);
2871     if (!bs) {
2872         return;
2873     }
2874 
2875     if (has_granularity) {
2876         if (granularity < 512 || !is_power_of_2(granularity)) {
2877             error_setg(errp, "Granularity must be power of 2 "
2878                              "and at least 512");
2879             return;
2880         }
2881     } else {
2882         /* Default to cluster size, if available: */
2883         granularity = bdrv_get_default_bitmap_granularity(bs);
2884     }
2885 
2886     if (!has_persistent) {
2887         persistent = false;
2888     }
2889 
2890     if (!has_disabled) {
2891         disabled = false;
2892     }
2893 
2894     if (persistent &&
2895         !bdrv_can_store_new_dirty_bitmap(bs, name, granularity, errp))
2896     {
2897         return;
2898     }
2899 
2900     bitmap = bdrv_create_dirty_bitmap(bs, granularity, name, errp);
2901     if (bitmap == NULL) {
2902         return;
2903     }
2904 
2905     if (disabled) {
2906         bdrv_disable_dirty_bitmap(bitmap);
2907     }
2908 
2909     bdrv_dirty_bitmap_set_persistence(bitmap, persistent);
2910 }
2911 
2912 static BdrvDirtyBitmap *do_block_dirty_bitmap_remove(
2913         const char *node, const char *name, bool release,
2914         BlockDriverState **bitmap_bs, Error **errp)
2915 {
2916     BlockDriverState *bs;
2917     BdrvDirtyBitmap *bitmap;
2918 
2919     bitmap = block_dirty_bitmap_lookup(node, name, &bs, errp);
2920     if (!bitmap || !bs) {
2921         return NULL;
2922     }
2923 
2924     if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_BUSY | BDRV_BITMAP_RO,
2925                                 errp)) {
2926         return NULL;
2927     }
2928 
2929     if (bdrv_dirty_bitmap_get_persistence(bitmap) &&
2930         bdrv_remove_persistent_dirty_bitmap(bs, name, errp) < 0)
2931     {
2932             return NULL;
2933     }
2934 
2935     if (release) {
2936         bdrv_release_dirty_bitmap(bitmap);
2937     }
2938 
2939     if (bitmap_bs) {
2940         *bitmap_bs = bs;
2941     }
2942 
2943     return release ? NULL : bitmap;
2944 }
2945 
2946 void qmp_block_dirty_bitmap_remove(const char *node, const char *name,
2947                                    Error **errp)
2948 {
2949     do_block_dirty_bitmap_remove(node, name, true, NULL, errp);
2950 }
2951 
2952 /**
2953  * Completely clear a bitmap, for the purposes of synchronizing a bitmap
2954  * immediately after a full backup operation.
2955  */
2956 void qmp_block_dirty_bitmap_clear(const char *node, const char *name,
2957                                   Error **errp)
2958 {
2959     BdrvDirtyBitmap *bitmap;
2960     BlockDriverState *bs;
2961 
2962     bitmap = block_dirty_bitmap_lookup(node, name, &bs, errp);
2963     if (!bitmap || !bs) {
2964         return;
2965     }
2966 
2967     if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_DEFAULT, errp)) {
2968         return;
2969     }
2970 
2971     bdrv_clear_dirty_bitmap(bitmap, NULL);
2972 }
2973 
2974 void qmp_block_dirty_bitmap_enable(const char *node, const char *name,
2975                                    Error **errp)
2976 {
2977     BlockDriverState *bs;
2978     BdrvDirtyBitmap *bitmap;
2979 
2980     bitmap = block_dirty_bitmap_lookup(node, name, &bs, errp);
2981     if (!bitmap) {
2982         return;
2983     }
2984 
2985     if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_ALLOW_RO, errp)) {
2986         return;
2987     }
2988 
2989     bdrv_enable_dirty_bitmap(bitmap);
2990 }
2991 
2992 void qmp_block_dirty_bitmap_disable(const char *node, const char *name,
2993                                     Error **errp)
2994 {
2995     BlockDriverState *bs;
2996     BdrvDirtyBitmap *bitmap;
2997 
2998     bitmap = block_dirty_bitmap_lookup(node, name, &bs, errp);
2999     if (!bitmap) {
3000         return;
3001     }
3002 
3003     if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_ALLOW_RO, errp)) {
3004         return;
3005     }
3006 
3007     bdrv_disable_dirty_bitmap(bitmap);
3008 }
3009 
3010 static BdrvDirtyBitmap *do_block_dirty_bitmap_merge(
3011         const char *node, const char *target,
3012         BlockDirtyBitmapMergeSourceList *bitmaps,
3013         HBitmap **backup, Error **errp)
3014 {
3015     BlockDriverState *bs;
3016     BdrvDirtyBitmap *dst, *src, *anon;
3017     BlockDirtyBitmapMergeSourceList *lst;
3018     Error *local_err = NULL;
3019 
3020     dst = block_dirty_bitmap_lookup(node, target, &bs, errp);
3021     if (!dst) {
3022         return NULL;
3023     }
3024 
3025     anon = bdrv_create_dirty_bitmap(bs, bdrv_dirty_bitmap_granularity(dst),
3026                                     NULL, errp);
3027     if (!anon) {
3028         return NULL;
3029     }
3030 
3031     for (lst = bitmaps; lst; lst = lst->next) {
3032         switch (lst->value->type) {
3033             const char *name, *node;
3034         case QTYPE_QSTRING:
3035             name = lst->value->u.local;
3036             src = bdrv_find_dirty_bitmap(bs, name);
3037             if (!src) {
3038                 error_setg(errp, "Dirty bitmap '%s' not found", name);
3039                 dst = NULL;
3040                 goto out;
3041             }
3042             break;
3043         case QTYPE_QDICT:
3044             node = lst->value->u.external.node;
3045             name = lst->value->u.external.name;
3046             src = block_dirty_bitmap_lookup(node, name, NULL, errp);
3047             if (!src) {
3048                 dst = NULL;
3049                 goto out;
3050             }
3051             break;
3052         default:
3053             abort();
3054         }
3055 
3056         bdrv_merge_dirty_bitmap(anon, src, NULL, &local_err);
3057         if (local_err) {
3058             error_propagate(errp, local_err);
3059             dst = NULL;
3060             goto out;
3061         }
3062     }
3063 
3064     /* Merge into dst; dst is unchanged on failure. */
3065     bdrv_merge_dirty_bitmap(dst, anon, backup, errp);
3066 
3067  out:
3068     bdrv_release_dirty_bitmap(anon);
3069     return dst;
3070 }
3071 
3072 void qmp_block_dirty_bitmap_merge(const char *node, const char *target,
3073                                   BlockDirtyBitmapMergeSourceList *bitmaps,
3074                                   Error **errp)
3075 {
3076     do_block_dirty_bitmap_merge(node, target, bitmaps, NULL, errp);
3077 }
3078 
3079 BlockDirtyBitmapSha256 *qmp_x_debug_block_dirty_bitmap_sha256(const char *node,
3080                                                               const char *name,
3081                                                               Error **errp)
3082 {
3083     BdrvDirtyBitmap *bitmap;
3084     BlockDriverState *bs;
3085     BlockDirtyBitmapSha256 *ret = NULL;
3086     char *sha256;
3087 
3088     bitmap = block_dirty_bitmap_lookup(node, name, &bs, errp);
3089     if (!bitmap || !bs) {
3090         return NULL;
3091     }
3092 
3093     sha256 = bdrv_dirty_bitmap_sha256(bitmap, errp);
3094     if (sha256 == NULL) {
3095         return NULL;
3096     }
3097 
3098     ret = g_new(BlockDirtyBitmapSha256, 1);
3099     ret->sha256 = sha256;
3100 
3101     return ret;
3102 }
3103 
3104 void hmp_drive_del(Monitor *mon, const QDict *qdict)
3105 {
3106     const char *id = qdict_get_str(qdict, "id");
3107     BlockBackend *blk;
3108     BlockDriverState *bs;
3109     AioContext *aio_context;
3110     Error *local_err = NULL;
3111 
3112     bs = bdrv_find_node(id);
3113     if (bs) {
3114         qmp_blockdev_del(id, &local_err);
3115         if (local_err) {
3116             error_report_err(local_err);
3117         }
3118         return;
3119     }
3120 
3121     blk = blk_by_name(id);
3122     if (!blk) {
3123         error_report("Device '%s' not found", id);
3124         return;
3125     }
3126 
3127     if (!blk_legacy_dinfo(blk)) {
3128         error_report("Deleting device added with blockdev-add"
3129                      " is not supported");
3130         return;
3131     }
3132 
3133     aio_context = blk_get_aio_context(blk);
3134     aio_context_acquire(aio_context);
3135 
3136     bs = blk_bs(blk);
3137     if (bs) {
3138         if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_DRIVE_DEL, &local_err)) {
3139             error_report_err(local_err);
3140             aio_context_release(aio_context);
3141             return;
3142         }
3143 
3144         blk_remove_bs(blk);
3145     }
3146 
3147     /* Make the BlockBackend and the attached BlockDriverState anonymous */
3148     monitor_remove_blk(blk);
3149 
3150     /* If this BlockBackend has a device attached to it, its refcount will be
3151      * decremented when the device is removed; otherwise we have to do so here.
3152      */
3153     if (blk_get_attached_dev(blk)) {
3154         /* Further I/O must not pause the guest */
3155         blk_set_on_error(blk, BLOCKDEV_ON_ERROR_REPORT,
3156                          BLOCKDEV_ON_ERROR_REPORT);
3157     } else {
3158         blk_unref(blk);
3159     }
3160 
3161     aio_context_release(aio_context);
3162 }
3163 
3164 void qmp_block_resize(bool has_device, const char *device,
3165                       bool has_node_name, const char *node_name,
3166                       int64_t size, Error **errp)
3167 {
3168     Error *local_err = NULL;
3169     BlockBackend *blk = NULL;
3170     BlockDriverState *bs;
3171     AioContext *aio_context;
3172     int ret;
3173 
3174     bs = bdrv_lookup_bs(has_device ? device : NULL,
3175                         has_node_name ? node_name : NULL,
3176                         &local_err);
3177     if (local_err) {
3178         error_propagate(errp, local_err);
3179         return;
3180     }
3181 
3182     aio_context = bdrv_get_aio_context(bs);
3183     aio_context_acquire(aio_context);
3184 
3185     if (!bdrv_is_first_non_filter(bs)) {
3186         error_setg(errp, QERR_FEATURE_DISABLED, "resize");
3187         goto out;
3188     }
3189 
3190     if (size < 0) {
3191         error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "size", "a >0 size");
3192         goto out;
3193     }
3194 
3195     if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_RESIZE, NULL)) {
3196         error_setg(errp, QERR_DEVICE_IN_USE, device);
3197         goto out;
3198     }
3199 
3200     blk = blk_new(bdrv_get_aio_context(bs), BLK_PERM_RESIZE, BLK_PERM_ALL);
3201     ret = blk_insert_bs(blk, bs, errp);
3202     if (ret < 0) {
3203         goto out;
3204     }
3205 
3206     bdrv_drained_begin(bs);
3207     ret = blk_truncate(blk, size, false, PREALLOC_MODE_OFF, errp);
3208     bdrv_drained_end(bs);
3209 
3210 out:
3211     blk_unref(blk);
3212     aio_context_release(aio_context);
3213 }
3214 
3215 void qmp_block_stream(bool has_job_id, const char *job_id, const char *device,
3216                       bool has_base, const char *base,
3217                       bool has_base_node, const char *base_node,
3218                       bool has_backing_file, const char *backing_file,
3219                       bool has_speed, int64_t speed,
3220                       bool has_on_error, BlockdevOnError on_error,
3221                       bool has_auto_finalize, bool auto_finalize,
3222                       bool has_auto_dismiss, bool auto_dismiss,
3223                       Error **errp)
3224 {
3225     BlockDriverState *bs, *iter;
3226     BlockDriverState *base_bs = NULL;
3227     AioContext *aio_context;
3228     Error *local_err = NULL;
3229     const char *base_name = NULL;
3230     int job_flags = JOB_DEFAULT;
3231 
3232     if (!has_on_error) {
3233         on_error = BLOCKDEV_ON_ERROR_REPORT;
3234     }
3235 
3236     bs = bdrv_lookup_bs(device, device, errp);
3237     if (!bs) {
3238         return;
3239     }
3240 
3241     aio_context = bdrv_get_aio_context(bs);
3242     aio_context_acquire(aio_context);
3243 
3244     if (has_base && has_base_node) {
3245         error_setg(errp, "'base' and 'base-node' cannot be specified "
3246                    "at the same time");
3247         goto out;
3248     }
3249 
3250     if (has_base) {
3251         base_bs = bdrv_find_backing_image(bs, base);
3252         if (base_bs == NULL) {
3253             error_setg(errp, QERR_BASE_NOT_FOUND, base);
3254             goto out;
3255         }
3256         assert(bdrv_get_aio_context(base_bs) == aio_context);
3257         base_name = base;
3258     }
3259 
3260     if (has_base_node) {
3261         base_bs = bdrv_lookup_bs(NULL, base_node, errp);
3262         if (!base_bs) {
3263             goto out;
3264         }
3265         if (bs == base_bs || !bdrv_chain_contains(bs, base_bs)) {
3266             error_setg(errp, "Node '%s' is not a backing image of '%s'",
3267                        base_node, device);
3268             goto out;
3269         }
3270         assert(bdrv_get_aio_context(base_bs) == aio_context);
3271         bdrv_refresh_filename(base_bs);
3272         base_name = base_bs->filename;
3273     }
3274 
3275     /* Check for op blockers in the whole chain between bs and base */
3276     for (iter = bs; iter && iter != base_bs; iter = backing_bs(iter)) {
3277         if (bdrv_op_is_blocked(iter, BLOCK_OP_TYPE_STREAM, errp)) {
3278             goto out;
3279         }
3280     }
3281 
3282     /* if we are streaming the entire chain, the result will have no backing
3283      * file, and specifying one is therefore an error */
3284     if (base_bs == NULL && has_backing_file) {
3285         error_setg(errp, "backing file specified, but streaming the "
3286                          "entire chain");
3287         goto out;
3288     }
3289 
3290     /* backing_file string overrides base bs filename */
3291     base_name = has_backing_file ? backing_file : base_name;
3292 
3293     if (has_auto_finalize && !auto_finalize) {
3294         job_flags |= JOB_MANUAL_FINALIZE;
3295     }
3296     if (has_auto_dismiss && !auto_dismiss) {
3297         job_flags |= JOB_MANUAL_DISMISS;
3298     }
3299 
3300     stream_start(has_job_id ? job_id : NULL, bs, base_bs, base_name,
3301                  job_flags, has_speed ? speed : 0, on_error, &local_err);
3302     if (local_err) {
3303         error_propagate(errp, local_err);
3304         goto out;
3305     }
3306 
3307     trace_qmp_block_stream(bs);
3308 
3309 out:
3310     aio_context_release(aio_context);
3311 }
3312 
3313 void qmp_block_commit(bool has_job_id, const char *job_id, const char *device,
3314                       bool has_base_node, const char *base_node,
3315                       bool has_base, const char *base,
3316                       bool has_top_node, const char *top_node,
3317                       bool has_top, const char *top,
3318                       bool has_backing_file, const char *backing_file,
3319                       bool has_speed, int64_t speed,
3320                       bool has_filter_node_name, const char *filter_node_name,
3321                       bool has_auto_finalize, bool auto_finalize,
3322                       bool has_auto_dismiss, bool auto_dismiss,
3323                       Error **errp)
3324 {
3325     BlockDriverState *bs;
3326     BlockDriverState *iter;
3327     BlockDriverState *base_bs, *top_bs;
3328     AioContext *aio_context;
3329     Error *local_err = NULL;
3330     /* This will be part of the QMP command, if/when the
3331      * BlockdevOnError change for blkmirror makes it in
3332      */
3333     BlockdevOnError on_error = BLOCKDEV_ON_ERROR_REPORT;
3334     int job_flags = JOB_DEFAULT;
3335 
3336     if (!has_speed) {
3337         speed = 0;
3338     }
3339     if (!has_filter_node_name) {
3340         filter_node_name = NULL;
3341     }
3342     if (has_auto_finalize && !auto_finalize) {
3343         job_flags |= JOB_MANUAL_FINALIZE;
3344     }
3345     if (has_auto_dismiss && !auto_dismiss) {
3346         job_flags |= JOB_MANUAL_DISMISS;
3347     }
3348 
3349     /* Important Note:
3350      *  libvirt relies on the DeviceNotFound error class in order to probe for
3351      *  live commit feature versions; for this to work, we must make sure to
3352      *  perform the device lookup before any generic errors that may occur in a
3353      *  scenario in which all optional arguments are omitted. */
3354     bs = qmp_get_root_bs(device, &local_err);
3355     if (!bs) {
3356         bs = bdrv_lookup_bs(device, device, NULL);
3357         if (!bs) {
3358             error_free(local_err);
3359             error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
3360                       "Device '%s' not found", device);
3361         } else {
3362             error_propagate(errp, local_err);
3363         }
3364         return;
3365     }
3366 
3367     aio_context = bdrv_get_aio_context(bs);
3368     aio_context_acquire(aio_context);
3369 
3370     if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_COMMIT_SOURCE, errp)) {
3371         goto out;
3372     }
3373 
3374     /* default top_bs is the active layer */
3375     top_bs = bs;
3376 
3377     if (has_top_node && has_top) {
3378         error_setg(errp, "'top-node' and 'top' are mutually exclusive");
3379         goto out;
3380     } else if (has_top_node) {
3381         top_bs = bdrv_lookup_bs(NULL, top_node, errp);
3382         if (top_bs == NULL) {
3383             goto out;
3384         }
3385         if (!bdrv_chain_contains(bs, top_bs)) {
3386             error_setg(errp, "'%s' is not in this backing file chain",
3387                        top_node);
3388             goto out;
3389         }
3390     } else if (has_top && top) {
3391         /* This strcmp() is just a shortcut, there is no need to
3392          * refresh @bs's filename.  If it mismatches,
3393          * bdrv_find_backing_image() will do the refresh and may still
3394          * return @bs. */
3395         if (strcmp(bs->filename, top) != 0) {
3396             top_bs = bdrv_find_backing_image(bs, top);
3397         }
3398     }
3399 
3400     if (top_bs == NULL) {
3401         error_setg(errp, "Top image file %s not found", top ? top : "NULL");
3402         goto out;
3403     }
3404 
3405     assert(bdrv_get_aio_context(top_bs) == aio_context);
3406 
3407     if (has_base_node && has_base) {
3408         error_setg(errp, "'base-node' and 'base' are mutually exclusive");
3409         goto out;
3410     } else if (has_base_node) {
3411         base_bs = bdrv_lookup_bs(NULL, base_node, errp);
3412         if (base_bs == NULL) {
3413             goto out;
3414         }
3415         if (!bdrv_chain_contains(top_bs, base_bs)) {
3416             error_setg(errp, "'%s' is not in this backing file chain",
3417                        base_node);
3418             goto out;
3419         }
3420     } else if (has_base && base) {
3421         base_bs = bdrv_find_backing_image(top_bs, base);
3422     } else {
3423         base_bs = bdrv_find_base(top_bs);
3424     }
3425 
3426     if (base_bs == NULL) {
3427         error_setg(errp, QERR_BASE_NOT_FOUND, base ? base : "NULL");
3428         goto out;
3429     }
3430 
3431     assert(bdrv_get_aio_context(base_bs) == aio_context);
3432 
3433     for (iter = top_bs; iter != backing_bs(base_bs); iter = backing_bs(iter)) {
3434         if (bdrv_op_is_blocked(iter, BLOCK_OP_TYPE_COMMIT_TARGET, errp)) {
3435             goto out;
3436         }
3437     }
3438 
3439     /* Do not allow attempts to commit an image into itself */
3440     if (top_bs == base_bs) {
3441         error_setg(errp, "cannot commit an image into itself");
3442         goto out;
3443     }
3444 
3445     if (top_bs == bs) {
3446         if (has_backing_file) {
3447             error_setg(errp, "'backing-file' specified,"
3448                              " but 'top' is the active layer");
3449             goto out;
3450         }
3451         commit_active_start(has_job_id ? job_id : NULL, bs, base_bs,
3452                             job_flags, speed, on_error,
3453                             filter_node_name, NULL, NULL, false, &local_err);
3454     } else {
3455         BlockDriverState *overlay_bs = bdrv_find_overlay(bs, top_bs);
3456         if (bdrv_op_is_blocked(overlay_bs, BLOCK_OP_TYPE_COMMIT_TARGET, errp)) {
3457             goto out;
3458         }
3459         commit_start(has_job_id ? job_id : NULL, bs, base_bs, top_bs, job_flags,
3460                      speed, on_error, has_backing_file ? backing_file : NULL,
3461                      filter_node_name, &local_err);
3462     }
3463     if (local_err != NULL) {
3464         error_propagate(errp, local_err);
3465         goto out;
3466     }
3467 
3468 out:
3469     aio_context_release(aio_context);
3470 }
3471 
3472 /* Common QMP interface for drive-backup and blockdev-backup */
3473 static BlockJob *do_backup_common(BackupCommon *backup,
3474                                   BlockDriverState *bs,
3475                                   BlockDriverState *target_bs,
3476                                   AioContext *aio_context,
3477                                   JobTxn *txn, Error **errp)
3478 {
3479     BlockJob *job = NULL;
3480     BdrvDirtyBitmap *bmap = NULL;
3481     int job_flags = JOB_DEFAULT;
3482     int ret;
3483 
3484     if (!backup->has_speed) {
3485         backup->speed = 0;
3486     }
3487     if (!backup->has_on_source_error) {
3488         backup->on_source_error = BLOCKDEV_ON_ERROR_REPORT;
3489     }
3490     if (!backup->has_on_target_error) {
3491         backup->on_target_error = BLOCKDEV_ON_ERROR_REPORT;
3492     }
3493     if (!backup->has_job_id) {
3494         backup->job_id = NULL;
3495     }
3496     if (!backup->has_auto_finalize) {
3497         backup->auto_finalize = true;
3498     }
3499     if (!backup->has_auto_dismiss) {
3500         backup->auto_dismiss = true;
3501     }
3502     if (!backup->has_compress) {
3503         backup->compress = false;
3504     }
3505 
3506     ret = bdrv_try_set_aio_context(target_bs, aio_context, errp);
3507     if (ret < 0) {
3508         return NULL;
3509     }
3510 
3511     if ((backup->sync == MIRROR_SYNC_MODE_BITMAP) ||
3512         (backup->sync == MIRROR_SYNC_MODE_INCREMENTAL)) {
3513         /* done before desugaring 'incremental' to print the right message */
3514         if (!backup->has_bitmap) {
3515             error_setg(errp, "must provide a valid bitmap name for "
3516                        "'%s' sync mode", MirrorSyncMode_str(backup->sync));
3517             return NULL;
3518         }
3519     }
3520 
3521     if (backup->sync == MIRROR_SYNC_MODE_INCREMENTAL) {
3522         if (backup->has_bitmap_mode &&
3523             backup->bitmap_mode != BITMAP_SYNC_MODE_ON_SUCCESS) {
3524             error_setg(errp, "Bitmap sync mode must be '%s' "
3525                        "when using sync mode '%s'",
3526                        BitmapSyncMode_str(BITMAP_SYNC_MODE_ON_SUCCESS),
3527                        MirrorSyncMode_str(backup->sync));
3528             return NULL;
3529         }
3530         backup->has_bitmap_mode = true;
3531         backup->sync = MIRROR_SYNC_MODE_BITMAP;
3532         backup->bitmap_mode = BITMAP_SYNC_MODE_ON_SUCCESS;
3533     }
3534 
3535     if (backup->has_bitmap) {
3536         bmap = bdrv_find_dirty_bitmap(bs, backup->bitmap);
3537         if (!bmap) {
3538             error_setg(errp, "Bitmap '%s' could not be found", backup->bitmap);
3539             return NULL;
3540         }
3541         if (!backup->has_bitmap_mode) {
3542             error_setg(errp, "Bitmap sync mode must be given "
3543                        "when providing a bitmap");
3544             return NULL;
3545         }
3546         if (bdrv_dirty_bitmap_check(bmap, BDRV_BITMAP_ALLOW_RO, errp)) {
3547             return NULL;
3548         }
3549 
3550         /* This does not produce a useful bitmap artifact: */
3551         if (backup->sync == MIRROR_SYNC_MODE_NONE) {
3552             error_setg(errp, "sync mode '%s' does not produce meaningful bitmap"
3553                        " outputs", MirrorSyncMode_str(backup->sync));
3554             return NULL;
3555         }
3556 
3557         /* If the bitmap isn't used for input or output, this is useless: */
3558         if (backup->bitmap_mode == BITMAP_SYNC_MODE_NEVER &&
3559             backup->sync != MIRROR_SYNC_MODE_BITMAP) {
3560             error_setg(errp, "Bitmap sync mode '%s' has no meaningful effect"
3561                        " when combined with sync mode '%s'",
3562                        BitmapSyncMode_str(backup->bitmap_mode),
3563                        MirrorSyncMode_str(backup->sync));
3564             return NULL;
3565         }
3566     }
3567 
3568     if (!backup->has_bitmap && backup->has_bitmap_mode) {
3569         error_setg(errp, "Cannot specify bitmap sync mode without a bitmap");
3570         return NULL;
3571     }
3572 
3573     if (!backup->auto_finalize) {
3574         job_flags |= JOB_MANUAL_FINALIZE;
3575     }
3576     if (!backup->auto_dismiss) {
3577         job_flags |= JOB_MANUAL_DISMISS;
3578     }
3579 
3580     job = backup_job_create(backup->job_id, bs, target_bs, backup->speed,
3581                             backup->sync, bmap, backup->bitmap_mode,
3582                             backup->compress,
3583                             backup->filter_node_name,
3584                             backup->on_source_error,
3585                             backup->on_target_error,
3586                             job_flags, NULL, NULL, txn, errp);
3587     return job;
3588 }
3589 
3590 static BlockJob *do_drive_backup(DriveBackup *backup, JobTxn *txn,
3591                                  Error **errp)
3592 {
3593     BlockDriverState *bs;
3594     BlockDriverState *target_bs;
3595     BlockDriverState *source = NULL;
3596     BlockJob *job = NULL;
3597     AioContext *aio_context;
3598     QDict *options;
3599     Error *local_err = NULL;
3600     int flags;
3601     int64_t size;
3602     bool set_backing_hd = false;
3603 
3604     if (!backup->has_mode) {
3605         backup->mode = NEW_IMAGE_MODE_ABSOLUTE_PATHS;
3606     }
3607 
3608     bs = bdrv_lookup_bs(backup->device, backup->device, errp);
3609     if (!bs) {
3610         return NULL;
3611     }
3612 
3613     if (!bs->drv) {
3614         error_setg(errp, "Device has no medium");
3615         return NULL;
3616     }
3617 
3618     aio_context = bdrv_get_aio_context(bs);
3619     aio_context_acquire(aio_context);
3620 
3621     if (!backup->has_format) {
3622         backup->format = backup->mode == NEW_IMAGE_MODE_EXISTING ?
3623                          NULL : (char*) bs->drv->format_name;
3624     }
3625 
3626     /* Early check to avoid creating target */
3627     if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_BACKUP_SOURCE, errp)) {
3628         goto out;
3629     }
3630 
3631     flags = bs->open_flags | BDRV_O_RDWR;
3632 
3633     /* See if we have a backing HD we can use to create our new image
3634      * on top of. */
3635     if (backup->sync == MIRROR_SYNC_MODE_TOP) {
3636         source = backing_bs(bs);
3637         if (!source) {
3638             backup->sync = MIRROR_SYNC_MODE_FULL;
3639         }
3640     }
3641     if (backup->sync == MIRROR_SYNC_MODE_NONE) {
3642         source = bs;
3643         flags |= BDRV_O_NO_BACKING;
3644         set_backing_hd = true;
3645     }
3646 
3647     size = bdrv_getlength(bs);
3648     if (size < 0) {
3649         error_setg_errno(errp, -size, "bdrv_getlength failed");
3650         goto out;
3651     }
3652 
3653     if (backup->mode != NEW_IMAGE_MODE_EXISTING) {
3654         assert(backup->format);
3655         if (source) {
3656             bdrv_refresh_filename(source);
3657             bdrv_img_create(backup->target, backup->format, source->filename,
3658                             source->drv->format_name, NULL,
3659                             size, flags, false, &local_err);
3660         } else {
3661             bdrv_img_create(backup->target, backup->format, NULL, NULL, NULL,
3662                             size, flags, false, &local_err);
3663         }
3664     }
3665 
3666     if (local_err) {
3667         error_propagate(errp, local_err);
3668         goto out;
3669     }
3670 
3671     options = qdict_new();
3672     qdict_put_str(options, "discard", "unmap");
3673     qdict_put_str(options, "detect-zeroes", "unmap");
3674     if (backup->format) {
3675         qdict_put_str(options, "driver", backup->format);
3676     }
3677 
3678     target_bs = bdrv_open(backup->target, NULL, options, flags, errp);
3679     if (!target_bs) {
3680         goto out;
3681     }
3682 
3683     if (set_backing_hd) {
3684         bdrv_set_backing_hd(target_bs, source, &local_err);
3685         if (local_err) {
3686             goto unref;
3687         }
3688     }
3689 
3690     job = do_backup_common(qapi_DriveBackup_base(backup),
3691                            bs, target_bs, aio_context, txn, errp);
3692 
3693 unref:
3694     bdrv_unref(target_bs);
3695 out:
3696     aio_context_release(aio_context);
3697     return job;
3698 }
3699 
3700 void qmp_drive_backup(DriveBackup *arg, Error **errp)
3701 {
3702 
3703     BlockJob *job;
3704     job = do_drive_backup(arg, NULL, errp);
3705     if (job) {
3706         job_start(&job->job);
3707     }
3708 }
3709 
3710 BlockDeviceInfoList *qmp_query_named_block_nodes(Error **errp)
3711 {
3712     return bdrv_named_nodes_list(errp);
3713 }
3714 
3715 XDbgBlockGraph *qmp_x_debug_query_block_graph(Error **errp)
3716 {
3717     return bdrv_get_xdbg_block_graph(errp);
3718 }
3719 
3720 BlockJob *do_blockdev_backup(BlockdevBackup *backup, JobTxn *txn,
3721                              Error **errp)
3722 {
3723     BlockDriverState *bs;
3724     BlockDriverState *target_bs;
3725     AioContext *aio_context;
3726     BlockJob *job;
3727 
3728     bs = bdrv_lookup_bs(backup->device, backup->device, errp);
3729     if (!bs) {
3730         return NULL;
3731     }
3732 
3733     target_bs = bdrv_lookup_bs(backup->target, backup->target, errp);
3734     if (!target_bs) {
3735         return NULL;
3736     }
3737 
3738     aio_context = bdrv_get_aio_context(bs);
3739     aio_context_acquire(aio_context);
3740 
3741     job = do_backup_common(qapi_BlockdevBackup_base(backup),
3742                            bs, target_bs, aio_context, txn, errp);
3743 
3744     aio_context_release(aio_context);
3745     return job;
3746 }
3747 
3748 void qmp_blockdev_backup(BlockdevBackup *arg, Error **errp)
3749 {
3750     BlockJob *job;
3751     job = do_blockdev_backup(arg, NULL, errp);
3752     if (job) {
3753         job_start(&job->job);
3754     }
3755 }
3756 
3757 /* Parameter check and block job starting for drive mirroring.
3758  * Caller should hold @device and @target's aio context (must be the same).
3759  **/
3760 static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
3761                                    BlockDriverState *target,
3762                                    bool has_replaces, const char *replaces,
3763                                    enum MirrorSyncMode sync,
3764                                    BlockMirrorBackingMode backing_mode,
3765                                    bool zero_target,
3766                                    bool has_speed, int64_t speed,
3767                                    bool has_granularity, uint32_t granularity,
3768                                    bool has_buf_size, int64_t buf_size,
3769                                    bool has_on_source_error,
3770                                    BlockdevOnError on_source_error,
3771                                    bool has_on_target_error,
3772                                    BlockdevOnError on_target_error,
3773                                    bool has_unmap, bool unmap,
3774                                    bool has_filter_node_name,
3775                                    const char *filter_node_name,
3776                                    bool has_copy_mode, MirrorCopyMode copy_mode,
3777                                    bool has_auto_finalize, bool auto_finalize,
3778                                    bool has_auto_dismiss, bool auto_dismiss,
3779                                    Error **errp)
3780 {
3781     int job_flags = JOB_DEFAULT;
3782 
3783     if (!has_speed) {
3784         speed = 0;
3785     }
3786     if (!has_on_source_error) {
3787         on_source_error = BLOCKDEV_ON_ERROR_REPORT;
3788     }
3789     if (!has_on_target_error) {
3790         on_target_error = BLOCKDEV_ON_ERROR_REPORT;
3791     }
3792     if (!has_granularity) {
3793         granularity = 0;
3794     }
3795     if (!has_buf_size) {
3796         buf_size = 0;
3797     }
3798     if (!has_unmap) {
3799         unmap = true;
3800     }
3801     if (!has_filter_node_name) {
3802         filter_node_name = NULL;
3803     }
3804     if (!has_copy_mode) {
3805         copy_mode = MIRROR_COPY_MODE_BACKGROUND;
3806     }
3807     if (has_auto_finalize && !auto_finalize) {
3808         job_flags |= JOB_MANUAL_FINALIZE;
3809     }
3810     if (has_auto_dismiss && !auto_dismiss) {
3811         job_flags |= JOB_MANUAL_DISMISS;
3812     }
3813 
3814     if (granularity != 0 && (granularity < 512 || granularity > 1048576 * 64)) {
3815         error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "granularity",
3816                    "a value in range [512B, 64MB]");
3817         return;
3818     }
3819     if (granularity & (granularity - 1)) {
3820         error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "granularity",
3821                    "power of 2");
3822         return;
3823     }
3824 
3825     if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_MIRROR_SOURCE, errp)) {
3826         return;
3827     }
3828     if (bdrv_op_is_blocked(target, BLOCK_OP_TYPE_MIRROR_TARGET, errp)) {
3829         return;
3830     }
3831 
3832     if (!bs->backing && sync == MIRROR_SYNC_MODE_TOP) {
3833         sync = MIRROR_SYNC_MODE_FULL;
3834     }
3835 
3836     if (has_replaces) {
3837         BlockDriverState *to_replace_bs;
3838         AioContext *replace_aio_context;
3839         int64_t bs_size, replace_size;
3840 
3841         bs_size = bdrv_getlength(bs);
3842         if (bs_size < 0) {
3843             error_setg_errno(errp, -bs_size, "Failed to query device's size");
3844             return;
3845         }
3846 
3847         to_replace_bs = check_to_replace_node(bs, replaces, errp);
3848         if (!to_replace_bs) {
3849             return;
3850         }
3851 
3852         replace_aio_context = bdrv_get_aio_context(to_replace_bs);
3853         aio_context_acquire(replace_aio_context);
3854         replace_size = bdrv_getlength(to_replace_bs);
3855         aio_context_release(replace_aio_context);
3856 
3857         if (replace_size < 0) {
3858             error_setg_errno(errp, -replace_size,
3859                              "Failed to query the replacement node's size");
3860             return;
3861         }
3862         if (bs_size != replace_size) {
3863             error_setg(errp, "cannot replace image with a mirror image of "
3864                              "different size");
3865             return;
3866         }
3867     }
3868 
3869     /* pass the node name to replace to mirror start since it's loose coupling
3870      * and will allow to check whether the node still exist at mirror completion
3871      */
3872     mirror_start(job_id, bs, target,
3873                  has_replaces ? replaces : NULL, job_flags,
3874                  speed, granularity, buf_size, sync, backing_mode, zero_target,
3875                  on_source_error, on_target_error, unmap, filter_node_name,
3876                  copy_mode, errp);
3877 }
3878 
3879 void qmp_drive_mirror(DriveMirror *arg, Error **errp)
3880 {
3881     BlockDriverState *bs;
3882     BlockDriverState *source, *target_bs;
3883     AioContext *aio_context;
3884     BlockMirrorBackingMode backing_mode;
3885     Error *local_err = NULL;
3886     QDict *options = NULL;
3887     int flags;
3888     int64_t size;
3889     const char *format = arg->format;
3890     bool zero_target;
3891     int ret;
3892 
3893     bs = qmp_get_root_bs(arg->device, errp);
3894     if (!bs) {
3895         return;
3896     }
3897 
3898     /* Early check to avoid creating target */
3899     if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_MIRROR_SOURCE, errp)) {
3900         return;
3901     }
3902 
3903     aio_context = bdrv_get_aio_context(bs);
3904     aio_context_acquire(aio_context);
3905 
3906     if (!arg->has_mode) {
3907         arg->mode = NEW_IMAGE_MODE_ABSOLUTE_PATHS;
3908     }
3909 
3910     if (!arg->has_format) {
3911         format = (arg->mode == NEW_IMAGE_MODE_EXISTING
3912                   ? NULL : bs->drv->format_name);
3913     }
3914 
3915     flags = bs->open_flags | BDRV_O_RDWR;
3916     source = backing_bs(bs);
3917     if (!source && arg->sync == MIRROR_SYNC_MODE_TOP) {
3918         arg->sync = MIRROR_SYNC_MODE_FULL;
3919     }
3920     if (arg->sync == MIRROR_SYNC_MODE_NONE) {
3921         source = bs;
3922     }
3923 
3924     size = bdrv_getlength(bs);
3925     if (size < 0) {
3926         error_setg_errno(errp, -size, "bdrv_getlength failed");
3927         goto out;
3928     }
3929 
3930     if (arg->has_replaces) {
3931         if (!arg->has_node_name) {
3932             error_setg(errp, "a node-name must be provided when replacing a"
3933                              " named node of the graph");
3934             goto out;
3935         }
3936     }
3937 
3938     if (arg->mode == NEW_IMAGE_MODE_ABSOLUTE_PATHS) {
3939         backing_mode = MIRROR_SOURCE_BACKING_CHAIN;
3940     } else {
3941         backing_mode = MIRROR_OPEN_BACKING_CHAIN;
3942     }
3943 
3944     /* Don't open backing image in create() */
3945     flags |= BDRV_O_NO_BACKING;
3946 
3947     if ((arg->sync == MIRROR_SYNC_MODE_FULL || !source)
3948         && arg->mode != NEW_IMAGE_MODE_EXISTING)
3949     {
3950         /* create new image w/o backing file */
3951         assert(format);
3952         bdrv_img_create(arg->target, format,
3953                         NULL, NULL, NULL, size, flags, false, &local_err);
3954     } else {
3955         switch (arg->mode) {
3956         case NEW_IMAGE_MODE_EXISTING:
3957             break;
3958         case NEW_IMAGE_MODE_ABSOLUTE_PATHS:
3959             /* create new image with backing file */
3960             bdrv_refresh_filename(source);
3961             bdrv_img_create(arg->target, format,
3962                             source->filename,
3963                             source->drv->format_name,
3964                             NULL, size, flags, false, &local_err);
3965             break;
3966         default:
3967             abort();
3968         }
3969     }
3970 
3971     if (local_err) {
3972         error_propagate(errp, local_err);
3973         goto out;
3974     }
3975 
3976     options = qdict_new();
3977     if (arg->has_node_name) {
3978         qdict_put_str(options, "node-name", arg->node_name);
3979     }
3980     if (format) {
3981         qdict_put_str(options, "driver", format);
3982     }
3983 
3984     /* Mirroring takes care of copy-on-write using the source's backing
3985      * file.
3986      */
3987     target_bs = bdrv_open(arg->target, NULL, options, flags, errp);
3988     if (!target_bs) {
3989         goto out;
3990     }
3991 
3992     zero_target = (arg->sync == MIRROR_SYNC_MODE_FULL &&
3993                    (arg->mode == NEW_IMAGE_MODE_EXISTING ||
3994                     !bdrv_has_zero_init(target_bs)));
3995 
3996     ret = bdrv_try_set_aio_context(target_bs, aio_context, errp);
3997     if (ret < 0) {
3998         bdrv_unref(target_bs);
3999         goto out;
4000     }
4001 
4002     blockdev_mirror_common(arg->has_job_id ? arg->job_id : NULL, bs, target_bs,
4003                            arg->has_replaces, arg->replaces, arg->sync,
4004                            backing_mode, zero_target,
4005                            arg->has_speed, arg->speed,
4006                            arg->has_granularity, arg->granularity,
4007                            arg->has_buf_size, arg->buf_size,
4008                            arg->has_on_source_error, arg->on_source_error,
4009                            arg->has_on_target_error, arg->on_target_error,
4010                            arg->has_unmap, arg->unmap,
4011                            false, NULL,
4012                            arg->has_copy_mode, arg->copy_mode,
4013                            arg->has_auto_finalize, arg->auto_finalize,
4014                            arg->has_auto_dismiss, arg->auto_dismiss,
4015                            &local_err);
4016     bdrv_unref(target_bs);
4017     error_propagate(errp, local_err);
4018 out:
4019     aio_context_release(aio_context);
4020 }
4021 
4022 void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
4023                          const char *device, const char *target,
4024                          bool has_replaces, const char *replaces,
4025                          MirrorSyncMode sync,
4026                          bool has_speed, int64_t speed,
4027                          bool has_granularity, uint32_t granularity,
4028                          bool has_buf_size, int64_t buf_size,
4029                          bool has_on_source_error,
4030                          BlockdevOnError on_source_error,
4031                          bool has_on_target_error,
4032                          BlockdevOnError on_target_error,
4033                          bool has_filter_node_name,
4034                          const char *filter_node_name,
4035                          bool has_copy_mode, MirrorCopyMode copy_mode,
4036                          bool has_auto_finalize, bool auto_finalize,
4037                          bool has_auto_dismiss, bool auto_dismiss,
4038                          Error **errp)
4039 {
4040     BlockDriverState *bs;
4041     BlockDriverState *target_bs;
4042     AioContext *aio_context;
4043     BlockMirrorBackingMode backing_mode = MIRROR_LEAVE_BACKING_CHAIN;
4044     Error *local_err = NULL;
4045     bool zero_target;
4046     int ret;
4047 
4048     bs = qmp_get_root_bs(device, errp);
4049     if (!bs) {
4050         return;
4051     }
4052 
4053     target_bs = bdrv_lookup_bs(target, target, errp);
4054     if (!target_bs) {
4055         return;
4056     }
4057 
4058     zero_target = (sync == MIRROR_SYNC_MODE_FULL);
4059 
4060     aio_context = bdrv_get_aio_context(bs);
4061     aio_context_acquire(aio_context);
4062 
4063     ret = bdrv_try_set_aio_context(target_bs, aio_context, errp);
4064     if (ret < 0) {
4065         goto out;
4066     }
4067 
4068     blockdev_mirror_common(has_job_id ? job_id : NULL, bs, target_bs,
4069                            has_replaces, replaces, sync, backing_mode,
4070                            zero_target, has_speed, speed,
4071                            has_granularity, granularity,
4072                            has_buf_size, buf_size,
4073                            has_on_source_error, on_source_error,
4074                            has_on_target_error, on_target_error,
4075                            true, true,
4076                            has_filter_node_name, filter_node_name,
4077                            has_copy_mode, copy_mode,
4078                            has_auto_finalize, auto_finalize,
4079                            has_auto_dismiss, auto_dismiss,
4080                            &local_err);
4081     error_propagate(errp, local_err);
4082 out:
4083     aio_context_release(aio_context);
4084 }
4085 
4086 /* Get a block job using its ID and acquire its AioContext */
4087 static BlockJob *find_block_job(const char *id, AioContext **aio_context,
4088                                 Error **errp)
4089 {
4090     BlockJob *job;
4091 
4092     assert(id != NULL);
4093 
4094     *aio_context = NULL;
4095 
4096     job = block_job_get(id);
4097 
4098     if (!job) {
4099         error_set(errp, ERROR_CLASS_DEVICE_NOT_ACTIVE,
4100                   "Block job '%s' not found", id);
4101         return NULL;
4102     }
4103 
4104     *aio_context = blk_get_aio_context(job->blk);
4105     aio_context_acquire(*aio_context);
4106 
4107     return job;
4108 }
4109 
4110 void qmp_block_job_set_speed(const char *device, int64_t speed, Error **errp)
4111 {
4112     AioContext *aio_context;
4113     BlockJob *job = find_block_job(device, &aio_context, errp);
4114 
4115     if (!job) {
4116         return;
4117     }
4118 
4119     block_job_set_speed(job, speed, errp);
4120     aio_context_release(aio_context);
4121 }
4122 
4123 void qmp_block_job_cancel(const char *device,
4124                           bool has_force, bool force, Error **errp)
4125 {
4126     AioContext *aio_context;
4127     BlockJob *job = find_block_job(device, &aio_context, errp);
4128 
4129     if (!job) {
4130         return;
4131     }
4132 
4133     if (!has_force) {
4134         force = false;
4135     }
4136 
4137     if (job_user_paused(&job->job) && !force) {
4138         error_setg(errp, "The block job for device '%s' is currently paused",
4139                    device);
4140         goto out;
4141     }
4142 
4143     trace_qmp_block_job_cancel(job);
4144     job_user_cancel(&job->job, force, errp);
4145 out:
4146     aio_context_release(aio_context);
4147 }
4148 
4149 void qmp_block_job_pause(const char *device, Error **errp)
4150 {
4151     AioContext *aio_context;
4152     BlockJob *job = find_block_job(device, &aio_context, errp);
4153 
4154     if (!job) {
4155         return;
4156     }
4157 
4158     trace_qmp_block_job_pause(job);
4159     job_user_pause(&job->job, errp);
4160     aio_context_release(aio_context);
4161 }
4162 
4163 void qmp_block_job_resume(const char *device, Error **errp)
4164 {
4165     AioContext *aio_context;
4166     BlockJob *job = find_block_job(device, &aio_context, errp);
4167 
4168     if (!job) {
4169         return;
4170     }
4171 
4172     trace_qmp_block_job_resume(job);
4173     job_user_resume(&job->job, errp);
4174     aio_context_release(aio_context);
4175 }
4176 
4177 void qmp_block_job_complete(const char *device, Error **errp)
4178 {
4179     AioContext *aio_context;
4180     BlockJob *job = find_block_job(device, &aio_context, errp);
4181 
4182     if (!job) {
4183         return;
4184     }
4185 
4186     trace_qmp_block_job_complete(job);
4187     job_complete(&job->job, errp);
4188     aio_context_release(aio_context);
4189 }
4190 
4191 void qmp_block_job_finalize(const char *id, Error **errp)
4192 {
4193     AioContext *aio_context;
4194     BlockJob *job = find_block_job(id, &aio_context, errp);
4195 
4196     if (!job) {
4197         return;
4198     }
4199 
4200     trace_qmp_block_job_finalize(job);
4201     job_finalize(&job->job, errp);
4202     aio_context_release(aio_context);
4203 }
4204 
4205 void qmp_block_job_dismiss(const char *id, Error **errp)
4206 {
4207     AioContext *aio_context;
4208     BlockJob *bjob = find_block_job(id, &aio_context, errp);
4209     Job *job;
4210 
4211     if (!bjob) {
4212         return;
4213     }
4214 
4215     trace_qmp_block_job_dismiss(bjob);
4216     job = &bjob->job;
4217     job_dismiss(&job, errp);
4218     aio_context_release(aio_context);
4219 }
4220 
4221 void qmp_change_backing_file(const char *device,
4222                              const char *image_node_name,
4223                              const char *backing_file,
4224                              Error **errp)
4225 {
4226     BlockDriverState *bs = NULL;
4227     AioContext *aio_context;
4228     BlockDriverState *image_bs = NULL;
4229     Error *local_err = NULL;
4230     bool ro;
4231     int ret;
4232 
4233     bs = qmp_get_root_bs(device, errp);
4234     if (!bs) {
4235         return;
4236     }
4237 
4238     aio_context = bdrv_get_aio_context(bs);
4239     aio_context_acquire(aio_context);
4240 
4241     image_bs = bdrv_lookup_bs(NULL, image_node_name, &local_err);
4242     if (local_err) {
4243         error_propagate(errp, local_err);
4244         goto out;
4245     }
4246 
4247     if (!image_bs) {
4248         error_setg(errp, "image file not found");
4249         goto out;
4250     }
4251 
4252     if (bdrv_find_base(image_bs) == image_bs) {
4253         error_setg(errp, "not allowing backing file change on an image "
4254                          "without a backing file");
4255         goto out;
4256     }
4257 
4258     /* even though we are not necessarily operating on bs, we need it to
4259      * determine if block ops are currently prohibited on the chain */
4260     if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_CHANGE, errp)) {
4261         goto out;
4262     }
4263 
4264     /* final sanity check */
4265     if (!bdrv_chain_contains(bs, image_bs)) {
4266         error_setg(errp, "'%s' and image file are not in the same chain",
4267                    device);
4268         goto out;
4269     }
4270 
4271     /* if not r/w, reopen to make r/w */
4272     ro = bdrv_is_read_only(image_bs);
4273 
4274     if (ro) {
4275         if (bdrv_reopen_set_read_only(image_bs, false, errp) != 0) {
4276             goto out;
4277         }
4278     }
4279 
4280     ret = bdrv_change_backing_file(image_bs, backing_file,
4281                                image_bs->drv ? image_bs->drv->format_name : "");
4282 
4283     if (ret < 0) {
4284         error_setg_errno(errp, -ret, "Could not change backing file to '%s'",
4285                          backing_file);
4286         /* don't exit here, so we can try to restore open flags if
4287          * appropriate */
4288     }
4289 
4290     if (ro) {
4291         bdrv_reopen_set_read_only(image_bs, true, &local_err);
4292         error_propagate(errp, local_err);
4293     }
4294 
4295 out:
4296     aio_context_release(aio_context);
4297 }
4298 
4299 void hmp_drive_add_node(Monitor *mon, const char *optstr)
4300 {
4301     QemuOpts *opts;
4302     QDict *qdict;
4303     Error *local_err = NULL;
4304 
4305     opts = qemu_opts_parse_noisily(&qemu_drive_opts, optstr, false);
4306     if (!opts) {
4307         return;
4308     }
4309 
4310     qdict = qemu_opts_to_qdict(opts, NULL);
4311 
4312     if (!qdict_get_try_str(qdict, "node-name")) {
4313         qobject_unref(qdict);
4314         error_report("'node-name' needs to be specified");
4315         goto out;
4316     }
4317 
4318     BlockDriverState *bs = bds_tree_init(qdict, &local_err);
4319     if (!bs) {
4320         error_report_err(local_err);
4321         goto out;
4322     }
4323 
4324     QTAILQ_INSERT_TAIL(&monitor_bdrv_states, bs, monitor_list);
4325 
4326 out:
4327     qemu_opts_del(opts);
4328 }
4329 
4330 void qmp_blockdev_add(BlockdevOptions *options, Error **errp)
4331 {
4332     BlockDriverState *bs;
4333     QObject *obj;
4334     Visitor *v = qobject_output_visitor_new(&obj);
4335     QDict *qdict;
4336     Error *local_err = NULL;
4337 
4338     visit_type_BlockdevOptions(v, NULL, &options, &local_err);
4339     if (local_err) {
4340         error_propagate(errp, local_err);
4341         goto fail;
4342     }
4343 
4344     visit_complete(v, &obj);
4345     qdict = qobject_to(QDict, obj);
4346 
4347     qdict_flatten(qdict);
4348 
4349     if (!qdict_get_try_str(qdict, "node-name")) {
4350         error_setg(errp, "'node-name' must be specified for the root node");
4351         goto fail;
4352     }
4353 
4354     bs = bds_tree_init(qdict, errp);
4355     if (!bs) {
4356         goto fail;
4357     }
4358 
4359     QTAILQ_INSERT_TAIL(&monitor_bdrv_states, bs, monitor_list);
4360 
4361 fail:
4362     visit_free(v);
4363 }
4364 
4365 void qmp_x_blockdev_reopen(BlockdevOptions *options, Error **errp)
4366 {
4367     BlockDriverState *bs;
4368     AioContext *ctx;
4369     QObject *obj;
4370     Visitor *v = qobject_output_visitor_new(&obj);
4371     Error *local_err = NULL;
4372     BlockReopenQueue *queue;
4373     QDict *qdict;
4374 
4375     /* Check for the selected node name */
4376     if (!options->has_node_name) {
4377         error_setg(errp, "Node name not specified");
4378         goto fail;
4379     }
4380 
4381     bs = bdrv_find_node(options->node_name);
4382     if (!bs) {
4383         error_setg(errp, "Cannot find node named '%s'", options->node_name);
4384         goto fail;
4385     }
4386 
4387     /* Put all options in a QDict and flatten it */
4388     visit_type_BlockdevOptions(v, NULL, &options, &local_err);
4389     if (local_err) {
4390         error_propagate(errp, local_err);
4391         goto fail;
4392     }
4393 
4394     visit_complete(v, &obj);
4395     qdict = qobject_to(QDict, obj);
4396 
4397     qdict_flatten(qdict);
4398 
4399     /* Perform the reopen operation */
4400     ctx = bdrv_get_aio_context(bs);
4401     aio_context_acquire(ctx);
4402     bdrv_subtree_drained_begin(bs);
4403     queue = bdrv_reopen_queue(NULL, bs, qdict, false);
4404     bdrv_reopen_multiple(queue, errp);
4405     bdrv_subtree_drained_end(bs);
4406     aio_context_release(ctx);
4407 
4408 fail:
4409     visit_free(v);
4410 }
4411 
4412 void qmp_blockdev_del(const char *node_name, Error **errp)
4413 {
4414     AioContext *aio_context;
4415     BlockDriverState *bs;
4416 
4417     bs = bdrv_find_node(node_name);
4418     if (!bs) {
4419         error_setg(errp, "Cannot find node %s", node_name);
4420         return;
4421     }
4422     if (bdrv_has_blk(bs)) {
4423         error_setg(errp, "Node %s is in use", node_name);
4424         return;
4425     }
4426     aio_context = bdrv_get_aio_context(bs);
4427     aio_context_acquire(aio_context);
4428 
4429     if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_DRIVE_DEL, errp)) {
4430         goto out;
4431     }
4432 
4433     if (!QTAILQ_IN_USE(bs, monitor_list)) {
4434         error_setg(errp, "Node %s is not owned by the monitor",
4435                    bs->node_name);
4436         goto out;
4437     }
4438 
4439     if (bs->refcnt > 1) {
4440         error_setg(errp, "Block device %s is in use",
4441                    bdrv_get_device_or_node_name(bs));
4442         goto out;
4443     }
4444 
4445     QTAILQ_REMOVE(&monitor_bdrv_states, bs, monitor_list);
4446     bdrv_unref(bs);
4447 
4448 out:
4449     aio_context_release(aio_context);
4450 }
4451 
4452 static BdrvChild *bdrv_find_child(BlockDriverState *parent_bs,
4453                                   const char *child_name)
4454 {
4455     BdrvChild *child;
4456 
4457     QLIST_FOREACH(child, &parent_bs->children, next) {
4458         if (strcmp(child->name, child_name) == 0) {
4459             return child;
4460         }
4461     }
4462 
4463     return NULL;
4464 }
4465 
4466 void qmp_x_blockdev_change(const char *parent, bool has_child,
4467                            const char *child, bool has_node,
4468                            const char *node, Error **errp)
4469 {
4470     BlockDriverState *parent_bs, *new_bs = NULL;
4471     BdrvChild *p_child;
4472 
4473     parent_bs = bdrv_lookup_bs(parent, parent, errp);
4474     if (!parent_bs) {
4475         return;
4476     }
4477 
4478     if (has_child == has_node) {
4479         if (has_child) {
4480             error_setg(errp, "The parameters child and node are in conflict");
4481         } else {
4482             error_setg(errp, "Either child or node must be specified");
4483         }
4484         return;
4485     }
4486 
4487     if (has_child) {
4488         p_child = bdrv_find_child(parent_bs, child);
4489         if (!p_child) {
4490             error_setg(errp, "Node '%s' does not have child '%s'",
4491                        parent, child);
4492             return;
4493         }
4494         bdrv_del_child(parent_bs, p_child, errp);
4495     }
4496 
4497     if (has_node) {
4498         new_bs = bdrv_find_node(node);
4499         if (!new_bs) {
4500             error_setg(errp, "Node '%s' not found", node);
4501             return;
4502         }
4503         bdrv_add_child(parent_bs, new_bs, errp);
4504     }
4505 }
4506 
4507 BlockJobInfoList *qmp_query_block_jobs(Error **errp)
4508 {
4509     BlockJobInfoList *head = NULL, **p_next = &head;
4510     BlockJob *job;
4511 
4512     for (job = block_job_next(NULL); job; job = block_job_next(job)) {
4513         BlockJobInfoList *elem;
4514         AioContext *aio_context;
4515 
4516         if (block_job_is_internal(job)) {
4517             continue;
4518         }
4519         elem = g_new0(BlockJobInfoList, 1);
4520         aio_context = blk_get_aio_context(job->blk);
4521         aio_context_acquire(aio_context);
4522         elem->value = block_job_query(job, errp);
4523         aio_context_release(aio_context);
4524         if (!elem->value) {
4525             g_free(elem);
4526             qapi_free_BlockJobInfoList(head);
4527             return NULL;
4528         }
4529         *p_next = elem;
4530         p_next = &elem->next;
4531     }
4532 
4533     return head;
4534 }
4535 
4536 void qmp_x_blockdev_set_iothread(const char *node_name, StrOrNull *iothread,
4537                                  bool has_force, bool force, Error **errp)
4538 {
4539     AioContext *old_context;
4540     AioContext *new_context;
4541     BlockDriverState *bs;
4542 
4543     bs = bdrv_find_node(node_name);
4544     if (!bs) {
4545         error_setg(errp, "Cannot find node %s", node_name);
4546         return;
4547     }
4548 
4549     /* Protects against accidents. */
4550     if (!(has_force && force) && bdrv_has_blk(bs)) {
4551         error_setg(errp, "Node %s is associated with a BlockBackend and could "
4552                          "be in use (use force=true to override this check)",
4553                          node_name);
4554         return;
4555     }
4556 
4557     if (iothread->type == QTYPE_QSTRING) {
4558         IOThread *obj = iothread_by_id(iothread->u.s);
4559         if (!obj) {
4560             error_setg(errp, "Cannot find iothread %s", iothread->u.s);
4561             return;
4562         }
4563 
4564         new_context = iothread_get_aio_context(obj);
4565     } else {
4566         new_context = qemu_get_aio_context();
4567     }
4568 
4569     old_context = bdrv_get_aio_context(bs);
4570     aio_context_acquire(old_context);
4571 
4572     bdrv_try_set_aio_context(bs, new_context, errp);
4573 
4574     aio_context_release(old_context);
4575 }
4576 
4577 void qmp_block_latency_histogram_set(
4578     const char *id,
4579     bool has_boundaries, uint64List *boundaries,
4580     bool has_boundaries_read, uint64List *boundaries_read,
4581     bool has_boundaries_write, uint64List *boundaries_write,
4582     bool has_boundaries_flush, uint64List *boundaries_flush,
4583     Error **errp)
4584 {
4585     BlockBackend *blk = qmp_get_blk(NULL, id, errp);
4586     BlockAcctStats *stats;
4587     int ret;
4588 
4589     if (!blk) {
4590         return;
4591     }
4592 
4593     stats = blk_get_stats(blk);
4594 
4595     if (!has_boundaries && !has_boundaries_read && !has_boundaries_write &&
4596         !has_boundaries_flush)
4597     {
4598         block_latency_histograms_clear(stats);
4599         return;
4600     }
4601 
4602     if (has_boundaries || has_boundaries_read) {
4603         ret = block_latency_histogram_set(
4604             stats, BLOCK_ACCT_READ,
4605             has_boundaries_read ? boundaries_read : boundaries);
4606         if (ret) {
4607             error_setg(errp, "Device '%s' set read boundaries fail", id);
4608             return;
4609         }
4610     }
4611 
4612     if (has_boundaries || has_boundaries_write) {
4613         ret = block_latency_histogram_set(
4614             stats, BLOCK_ACCT_WRITE,
4615             has_boundaries_write ? boundaries_write : boundaries);
4616         if (ret) {
4617             error_setg(errp, "Device '%s' set write boundaries fail", id);
4618             return;
4619         }
4620     }
4621 
4622     if (has_boundaries || has_boundaries_flush) {
4623         ret = block_latency_histogram_set(
4624             stats, BLOCK_ACCT_FLUSH,
4625             has_boundaries_flush ? boundaries_flush : boundaries);
4626         if (ret) {
4627             error_setg(errp, "Device '%s' set flush boundaries fail", id);
4628             return;
4629         }
4630     }
4631 }
4632 
4633 QemuOptsList qemu_common_drive_opts = {
4634     .name = "drive",
4635     .head = QTAILQ_HEAD_INITIALIZER(qemu_common_drive_opts.head),
4636     .desc = {
4637         {
4638             .name = "snapshot",
4639             .type = QEMU_OPT_BOOL,
4640             .help = "enable/disable snapshot mode",
4641         },{
4642             .name = "aio",
4643             .type = QEMU_OPT_STRING,
4644             .help = "host AIO implementation (threads, native)",
4645         },{
4646             .name = BDRV_OPT_CACHE_WB,
4647             .type = QEMU_OPT_BOOL,
4648             .help = "Enable writeback mode",
4649         },{
4650             .name = "format",
4651             .type = QEMU_OPT_STRING,
4652             .help = "disk format (raw, qcow2, ...)",
4653         },{
4654             .name = "rerror",
4655             .type = QEMU_OPT_STRING,
4656             .help = "read error action",
4657         },{
4658             .name = "werror",
4659             .type = QEMU_OPT_STRING,
4660             .help = "write error action",
4661         },{
4662             .name = BDRV_OPT_READ_ONLY,
4663             .type = QEMU_OPT_BOOL,
4664             .help = "open drive file as read-only",
4665         },
4666 
4667         THROTTLE_OPTS,
4668 
4669         {
4670             .name = "throttling.group",
4671             .type = QEMU_OPT_STRING,
4672             .help = "name of the block throttling group",
4673         },{
4674             .name = "copy-on-read",
4675             .type = QEMU_OPT_BOOL,
4676             .help = "copy read data from backing file into image file",
4677         },{
4678             .name = "detect-zeroes",
4679             .type = QEMU_OPT_STRING,
4680             .help = "try to optimize zero writes (off, on, unmap)",
4681         },{
4682             .name = "stats-account-invalid",
4683             .type = QEMU_OPT_BOOL,
4684             .help = "whether to account for invalid I/O operations "
4685                     "in the statistics",
4686         },{
4687             .name = "stats-account-failed",
4688             .type = QEMU_OPT_BOOL,
4689             .help = "whether to account for failed I/O operations "
4690                     "in the statistics",
4691         },
4692         { /* end of list */ }
4693     },
4694 };
4695 
4696 QemuOptsList qemu_drive_opts = {
4697     .name = "drive",
4698     .head = QTAILQ_HEAD_INITIALIZER(qemu_drive_opts.head),
4699     .desc = {
4700         /*
4701          * no elements => accept any params
4702          * validation will happen later
4703          */
4704         { /* end of list */ }
4705     },
4706 };
4707