xref: /openbmc/qemu/qemu-img.c (revision e9206163)
1 /*
2  * QEMU disk image utility
3  *
4  * Copyright (c) 2003-2008 Fabrice Bellard
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 
25 #include "qemu/osdep.h"
26 #include <getopt.h>
27 
28 #include "qemu/help-texts.h"
29 #include "qemu/qemu-progress.h"
30 #include "qemu-version.h"
31 #include "qapi/error.h"
32 #include "qapi/qapi-commands-block-core.h"
33 #include "qapi/qapi-visit-block-core.h"
34 #include "qapi/qobject-output-visitor.h"
35 #include "qapi/qmp/qjson.h"
36 #include "qapi/qmp/qdict.h"
37 #include "qemu/cutils.h"
38 #include "qemu/config-file.h"
39 #include "qemu/option.h"
40 #include "qemu/error-report.h"
41 #include "qemu/log.h"
42 #include "qemu/main-loop.h"
43 #include "qemu/module.h"
44 #include "qemu/sockets.h"
45 #include "qemu/units.h"
46 #include "qemu/memalign.h"
47 #include "qom/object_interfaces.h"
48 #include "sysemu/block-backend.h"
49 #include "block/block_int.h"
50 #include "block/blockjob.h"
51 #include "block/dirty-bitmap.h"
52 #include "block/qapi.h"
53 #include "crypto/init.h"
54 #include "trace/control.h"
55 #include "qemu/throttle.h"
56 #include "block/throttle-groups.h"
57 
58 #define QEMU_IMG_VERSION "qemu-img version " QEMU_FULL_VERSION \
59                           "\n" QEMU_COPYRIGHT "\n"
60 
61 typedef struct img_cmd_t {
62     const char *name;
63     int (*handler)(int argc, char **argv);
64 } img_cmd_t;
65 
66 enum {
67     OPTION_OUTPUT = 256,
68     OPTION_BACKING_CHAIN = 257,
69     OPTION_OBJECT = 258,
70     OPTION_IMAGE_OPTS = 259,
71     OPTION_PATTERN = 260,
72     OPTION_FLUSH_INTERVAL = 261,
73     OPTION_NO_DRAIN = 262,
74     OPTION_TARGET_IMAGE_OPTS = 263,
75     OPTION_SIZE = 264,
76     OPTION_PREALLOCATION = 265,
77     OPTION_SHRINK = 266,
78     OPTION_SALVAGE = 267,
79     OPTION_TARGET_IS_ZERO = 268,
80     OPTION_ADD = 269,
81     OPTION_REMOVE = 270,
82     OPTION_CLEAR = 271,
83     OPTION_ENABLE = 272,
84     OPTION_DISABLE = 273,
85     OPTION_MERGE = 274,
86     OPTION_BITMAPS = 275,
87     OPTION_FORCE = 276,
88     OPTION_SKIP_BROKEN = 277,
89 };
90 
91 typedef enum OutputFormat {
92     OFORMAT_JSON,
93     OFORMAT_HUMAN,
94 } OutputFormat;
95 
96 /* Default to cache=writeback as data integrity is not important for qemu-img */
97 #define BDRV_DEFAULT_CACHE "writeback"
98 
99 static void format_print(void *opaque, const char *name)
100 {
101     printf(" %s", name);
102 }
103 
104 static G_NORETURN G_GNUC_PRINTF(1, 2)
105 void error_exit(const char *fmt, ...)
106 {
107     va_list ap;
108 
109     va_start(ap, fmt);
110     error_vreport(fmt, ap);
111     va_end(ap);
112 
113     error_printf("Try 'qemu-img --help' for more information\n");
114     exit(EXIT_FAILURE);
115 }
116 
117 static G_NORETURN
118 void missing_argument(const char *option)
119 {
120     error_exit("missing argument for option '%s'", option);
121 }
122 
123 static G_NORETURN
124 void unrecognized_option(const char *option)
125 {
126     error_exit("unrecognized option '%s'", option);
127 }
128 
129 /* Please keep in synch with docs/tools/qemu-img.rst */
130 static G_NORETURN
131 void help(void)
132 {
133     const char *help_msg =
134            QEMU_IMG_VERSION
135            "usage: qemu-img [standard options] command [command options]\n"
136            "QEMU disk image utility\n"
137            "\n"
138            "    '-h', '--help'       display this help and exit\n"
139            "    '-V', '--version'    output version information and exit\n"
140            "    '-T', '--trace'      [[enable=]<pattern>][,events=<file>][,file=<file>]\n"
141            "                         specify tracing options\n"
142            "\n"
143            "Command syntax:\n"
144 #define DEF(option, callback, arg_string)        \
145            "  " arg_string "\n"
146 #include "qemu-img-cmds.h"
147 #undef DEF
148            "\n"
149            "Command parameters:\n"
150            "  'filename' is a disk image filename\n"
151            "  'objectdef' is a QEMU user creatable object definition. See the qemu(1)\n"
152            "    manual page for a description of the object properties. The most common\n"
153            "    object type is a 'secret', which is used to supply passwords and/or\n"
154            "    encryption keys.\n"
155            "  'fmt' is the disk image format. It is guessed automatically in most cases\n"
156            "  'cache' is the cache mode used to write the output disk image, the valid\n"
157            "    options are: 'none', 'writeback' (default, except for convert), 'writethrough',\n"
158            "    'directsync' and 'unsafe' (default for convert)\n"
159            "  'src_cache' is the cache mode used to read input disk images, the valid\n"
160            "    options are the same as for the 'cache' option\n"
161            "  'size' is the disk image size in bytes. Optional suffixes\n"
162            "    'k' or 'K' (kilobyte, 1024), 'M' (megabyte, 1024k), 'G' (gigabyte, 1024M),\n"
163            "    'T' (terabyte, 1024G), 'P' (petabyte, 1024T) and 'E' (exabyte, 1024P)  are\n"
164            "    supported. 'b' is ignored.\n"
165            "  'output_filename' is the destination disk image filename\n"
166            "  'output_fmt' is the destination format\n"
167            "  'options' is a comma separated list of format specific options in a\n"
168            "    name=value format. Use -o help for an overview of the options supported by\n"
169            "    the used format\n"
170            "  'snapshot_param' is param used for internal snapshot, format\n"
171            "    is 'snapshot.id=[ID],snapshot.name=[NAME]', or\n"
172            "    '[ID_OR_NAME]'\n"
173            "  '-c' indicates that target image must be compressed (qcow format only)\n"
174            "  '-u' allows unsafe backing chains. For rebasing, it is assumed that old and\n"
175            "       new backing file match exactly. The image doesn't need a working\n"
176            "       backing file before rebasing in this case (useful for renaming the\n"
177            "       backing file). For image creation, allow creating without attempting\n"
178            "       to open the backing file.\n"
179            "  '-h' with or without a command shows this help and lists the supported formats\n"
180            "  '-p' show progress of command (only certain commands)\n"
181            "  '-q' use Quiet mode - do not print any output (except errors)\n"
182            "  '-S' indicates the consecutive number of bytes (defaults to 4k) that must\n"
183            "       contain only zeros for qemu-img to create a sparse image during\n"
184            "       conversion. If the number of bytes is 0, the source will not be scanned for\n"
185            "       unallocated or zero sectors, and the destination image will always be\n"
186            "       fully allocated\n"
187            "  '--output' takes the format in which the output must be done (human or json)\n"
188            "  '-n' skips the target volume creation (useful if the volume is created\n"
189            "       prior to running qemu-img)\n"
190            "\n"
191            "Parameters to bitmap subcommand:\n"
192            "  'bitmap' is the name of the bitmap to manipulate, through one or more\n"
193            "       actions from '--add', '--remove', '--clear', '--enable', '--disable',\n"
194            "       or '--merge source'\n"
195            "  '-g granularity' sets the granularity for '--add' actions\n"
196            "  '-b source' and '-F src_fmt' tell '--merge' actions to find the source\n"
197            "       bitmaps from an alternative file\n"
198            "\n"
199            "Parameters to check subcommand:\n"
200            "  '-r' tries to repair any inconsistencies that are found during the check.\n"
201            "       '-r leaks' repairs only cluster leaks, whereas '-r all' fixes all\n"
202            "       kinds of errors, with a higher risk of choosing the wrong fix or\n"
203            "       hiding corruption that has already occurred.\n"
204            "\n"
205            "Parameters to convert subcommand:\n"
206            "  '--bitmaps' copies all top-level persistent bitmaps to destination\n"
207            "  '-m' specifies how many coroutines work in parallel during the convert\n"
208            "       process (defaults to 8)\n"
209            "  '-W' allow to write to the target out of order rather than sequential\n"
210            "\n"
211            "Parameters to snapshot subcommand:\n"
212            "  'snapshot' is the name of the snapshot to create, apply or delete\n"
213            "  '-a' applies a snapshot (revert disk to saved state)\n"
214            "  '-c' creates a snapshot\n"
215            "  '-d' deletes a snapshot\n"
216            "  '-l' lists all snapshots in the given image\n"
217            "\n"
218            "Parameters to compare subcommand:\n"
219            "  '-f' first image format\n"
220            "  '-F' second image format\n"
221            "  '-s' run in Strict mode - fail on different image size or sector allocation\n"
222            "\n"
223            "Parameters to dd subcommand:\n"
224            "  'bs=BYTES' read and write up to BYTES bytes at a time "
225            "(default: 512)\n"
226            "  'count=N' copy only N input blocks\n"
227            "  'if=FILE' read from FILE\n"
228            "  'of=FILE' write to FILE\n"
229            "  'skip=N' skip N bs-sized blocks at the start of input\n";
230 
231     printf("%s\nSupported formats:", help_msg);
232     bdrv_iterate_format(format_print, NULL, false);
233     printf("\n\n" QEMU_HELP_BOTTOM "\n");
234     exit(EXIT_SUCCESS);
235 }
236 
237 /*
238  * Is @list safe for accumulate_options()?
239  * It is when multiple of them can be joined together separated by ','.
240  * To make that work, @list must not start with ',' (or else a
241  * separating ',' preceding it gets escaped), and it must not end with
242  * an odd number of ',' (or else a separating ',' following it gets
243  * escaped), or be empty (or else a separating ',' preceding it can
244  * escape a separating ',' following it).
245  *
246  */
247 static bool is_valid_option_list(const char *list)
248 {
249     size_t len = strlen(list);
250     size_t i;
251 
252     if (!list[0] || list[0] == ',') {
253         return false;
254     }
255 
256     for (i = len; i > 0 && list[i - 1] == ','; i--) {
257     }
258     if ((len - i) % 2) {
259         return false;
260     }
261 
262     return true;
263 }
264 
265 static int accumulate_options(char **options, char *list)
266 {
267     char *new_options;
268 
269     if (!is_valid_option_list(list)) {
270         error_report("Invalid option list: %s", list);
271         return -1;
272     }
273 
274     if (!*options) {
275         *options = g_strdup(list);
276     } else {
277         new_options = g_strdup_printf("%s,%s", *options, list);
278         g_free(*options);
279         *options = new_options;
280     }
281     return 0;
282 }
283 
284 static QemuOptsList qemu_source_opts = {
285     .name = "source",
286     .implied_opt_name = "file",
287     .head = QTAILQ_HEAD_INITIALIZER(qemu_source_opts.head),
288     .desc = {
289         { }
290     },
291 };
292 
293 static int G_GNUC_PRINTF(2, 3) qprintf(bool quiet, const char *fmt, ...)
294 {
295     int ret = 0;
296     if (!quiet) {
297         va_list args;
298         va_start(args, fmt);
299         ret = vprintf(fmt, args);
300         va_end(args);
301     }
302     return ret;
303 }
304 
305 
306 static int print_block_option_help(const char *filename, const char *fmt)
307 {
308     BlockDriver *drv, *proto_drv;
309     QemuOptsList *create_opts = NULL;
310     Error *local_err = NULL;
311 
312     /* Find driver and parse its options */
313     drv = bdrv_find_format(fmt);
314     if (!drv) {
315         error_report("Unknown file format '%s'", fmt);
316         return 1;
317     }
318 
319     if (!drv->create_opts) {
320         error_report("Format driver '%s' does not support image creation", fmt);
321         return 1;
322     }
323 
324     create_opts = qemu_opts_append(create_opts, drv->create_opts);
325     if (filename) {
326         proto_drv = bdrv_find_protocol(filename, true, &local_err);
327         if (!proto_drv) {
328             error_report_err(local_err);
329             qemu_opts_free(create_opts);
330             return 1;
331         }
332         if (!proto_drv->create_opts) {
333             error_report("Protocol driver '%s' does not support image creation",
334                          proto_drv->format_name);
335             qemu_opts_free(create_opts);
336             return 1;
337         }
338         create_opts = qemu_opts_append(create_opts, proto_drv->create_opts);
339     }
340 
341     if (filename) {
342         printf("Supported options:\n");
343     } else {
344         printf("Supported %s options:\n", fmt);
345     }
346     qemu_opts_print_help(create_opts, false);
347     qemu_opts_free(create_opts);
348 
349     if (!filename) {
350         printf("\n"
351                "The protocol level may support further options.\n"
352                "Specify the target filename to include those options.\n");
353     }
354 
355     return 0;
356 }
357 
358 
359 static BlockBackend *img_open_opts(const char *optstr,
360                                    QemuOpts *opts, int flags, bool writethrough,
361                                    bool quiet, bool force_share)
362 {
363     QDict *options;
364     Error *local_err = NULL;
365     BlockBackend *blk;
366     options = qemu_opts_to_qdict(opts, NULL);
367     if (force_share) {
368         if (qdict_haskey(options, BDRV_OPT_FORCE_SHARE)
369             && strcmp(qdict_get_str(options, BDRV_OPT_FORCE_SHARE), "on")) {
370             error_report("--force-share/-U conflicts with image options");
371             qobject_unref(options);
372             return NULL;
373         }
374         qdict_put_str(options, BDRV_OPT_FORCE_SHARE, "on");
375     }
376     blk = blk_new_open(NULL, NULL, options, flags, &local_err);
377     if (!blk) {
378         error_reportf_err(local_err, "Could not open '%s': ", optstr);
379         return NULL;
380     }
381     blk_set_enable_write_cache(blk, !writethrough);
382 
383     return blk;
384 }
385 
386 static BlockBackend *img_open_file(const char *filename,
387                                    QDict *options,
388                                    const char *fmt, int flags,
389                                    bool writethrough, bool quiet,
390                                    bool force_share)
391 {
392     BlockBackend *blk;
393     Error *local_err = NULL;
394 
395     if (!options) {
396         options = qdict_new();
397     }
398     if (fmt) {
399         qdict_put_str(options, "driver", fmt);
400     }
401 
402     if (force_share) {
403         qdict_put_bool(options, BDRV_OPT_FORCE_SHARE, true);
404     }
405     blk = blk_new_open(filename, NULL, options, flags, &local_err);
406     if (!blk) {
407         error_reportf_err(local_err, "Could not open '%s': ", filename);
408         return NULL;
409     }
410     blk_set_enable_write_cache(blk, !writethrough);
411 
412     return blk;
413 }
414 
415 
416 static int img_add_key_secrets(void *opaque,
417                                const char *name, const char *value,
418                                Error **errp)
419 {
420     QDict *options = opaque;
421 
422     if (g_str_has_suffix(name, "key-secret")) {
423         qdict_put_str(options, name, value);
424     }
425 
426     return 0;
427 }
428 
429 
430 static BlockBackend *img_open(bool image_opts,
431                               const char *filename,
432                               const char *fmt, int flags, bool writethrough,
433                               bool quiet, bool force_share)
434 {
435     BlockBackend *blk;
436     if (image_opts) {
437         QemuOpts *opts;
438         if (fmt) {
439             error_report("--image-opts and --format are mutually exclusive");
440             return NULL;
441         }
442         opts = qemu_opts_parse_noisily(qemu_find_opts("source"),
443                                        filename, true);
444         if (!opts) {
445             return NULL;
446         }
447         blk = img_open_opts(filename, opts, flags, writethrough, quiet,
448                             force_share);
449     } else {
450         blk = img_open_file(filename, NULL, fmt, flags, writethrough, quiet,
451                             force_share);
452     }
453 
454     if (blk) {
455         blk_set_force_allow_inactivate(blk);
456     }
457 
458     return blk;
459 }
460 
461 
462 static int add_old_style_options(const char *fmt, QemuOpts *opts,
463                                  const char *base_filename,
464                                  const char *base_fmt)
465 {
466     if (base_filename) {
467         if (!qemu_opt_set(opts, BLOCK_OPT_BACKING_FILE, base_filename,
468                           NULL)) {
469             error_report("Backing file not supported for file format '%s'",
470                          fmt);
471             return -1;
472         }
473     }
474     if (base_fmt) {
475         if (!qemu_opt_set(opts, BLOCK_OPT_BACKING_FMT, base_fmt, NULL)) {
476             error_report("Backing file format not supported for file "
477                          "format '%s'", fmt);
478             return -1;
479         }
480     }
481     return 0;
482 }
483 
484 static int64_t cvtnum_full(const char *name, const char *value, int64_t min,
485                            int64_t max)
486 {
487     int err;
488     uint64_t res;
489 
490     err = qemu_strtosz(value, NULL, &res);
491     if (err < 0 && err != -ERANGE) {
492         error_report("Invalid %s specified. You may use "
493                      "k, M, G, T, P or E suffixes for", name);
494         error_report("kilobytes, megabytes, gigabytes, terabytes, "
495                      "petabytes and exabytes.");
496         return err;
497     }
498     if (err == -ERANGE || res > max || res < min) {
499         error_report("Invalid %s specified. Must be between %" PRId64
500                      " and %" PRId64 ".", name, min, max);
501         return -ERANGE;
502     }
503     return res;
504 }
505 
506 static int64_t cvtnum(const char *name, const char *value)
507 {
508     return cvtnum_full(name, value, 0, INT64_MAX);
509 }
510 
511 static int img_create(int argc, char **argv)
512 {
513     int c;
514     uint64_t img_size = -1;
515     const char *fmt = "raw";
516     const char *base_fmt = NULL;
517     const char *filename;
518     const char *base_filename = NULL;
519     char *options = NULL;
520     Error *local_err = NULL;
521     bool quiet = false;
522     int flags = 0;
523 
524     for(;;) {
525         static const struct option long_options[] = {
526             {"help", no_argument, 0, 'h'},
527             {"object", required_argument, 0, OPTION_OBJECT},
528             {0, 0, 0, 0}
529         };
530         c = getopt_long(argc, argv, ":F:b:f:ho:qu",
531                         long_options, NULL);
532         if (c == -1) {
533             break;
534         }
535         switch(c) {
536         case ':':
537             missing_argument(argv[optind - 1]);
538             break;
539         case '?':
540             unrecognized_option(argv[optind - 1]);
541             break;
542         case 'h':
543             help();
544             break;
545         case 'F':
546             base_fmt = optarg;
547             break;
548         case 'b':
549             base_filename = optarg;
550             break;
551         case 'f':
552             fmt = optarg;
553             break;
554         case 'o':
555             if (accumulate_options(&options, optarg) < 0) {
556                 goto fail;
557             }
558             break;
559         case 'q':
560             quiet = true;
561             break;
562         case 'u':
563             flags |= BDRV_O_NO_BACKING;
564             break;
565         case OPTION_OBJECT:
566             user_creatable_process_cmdline(optarg);
567             break;
568         }
569     }
570 
571     /* Get the filename */
572     filename = (optind < argc) ? argv[optind] : NULL;
573     if (options && has_help_option(options)) {
574         g_free(options);
575         return print_block_option_help(filename, fmt);
576     }
577 
578     if (optind >= argc) {
579         error_exit("Expecting image file name");
580     }
581     optind++;
582 
583     /* Get image size, if specified */
584     if (optind < argc) {
585         int64_t sval;
586 
587         sval = cvtnum("image size", argv[optind++]);
588         if (sval < 0) {
589             goto fail;
590         }
591         img_size = (uint64_t)sval;
592     }
593     if (optind != argc) {
594         error_exit("Unexpected argument: %s", argv[optind]);
595     }
596 
597     bdrv_img_create(filename, fmt, base_filename, base_fmt,
598                     options, img_size, flags, quiet, &local_err);
599     if (local_err) {
600         error_reportf_err(local_err, "%s: ", filename);
601         goto fail;
602     }
603 
604     g_free(options);
605     return 0;
606 
607 fail:
608     g_free(options);
609     return 1;
610 }
611 
612 static void dump_json_image_check(ImageCheck *check, bool quiet)
613 {
614     GString *str;
615     QObject *obj;
616     Visitor *v = qobject_output_visitor_new(&obj);
617 
618     visit_type_ImageCheck(v, NULL, &check, &error_abort);
619     visit_complete(v, &obj);
620     str = qobject_to_json_pretty(obj, true);
621     assert(str != NULL);
622     qprintf(quiet, "%s\n", str->str);
623     qobject_unref(obj);
624     visit_free(v);
625     g_string_free(str, true);
626 }
627 
628 static void dump_human_image_check(ImageCheck *check, bool quiet)
629 {
630     if (!(check->corruptions || check->leaks || check->check_errors)) {
631         qprintf(quiet, "No errors were found on the image.\n");
632     } else {
633         if (check->corruptions) {
634             qprintf(quiet, "\n%" PRId64 " errors were found on the image.\n"
635                     "Data may be corrupted, or further writes to the image "
636                     "may corrupt it.\n",
637                     check->corruptions);
638         }
639 
640         if (check->leaks) {
641             qprintf(quiet,
642                     "\n%" PRId64 " leaked clusters were found on the image.\n"
643                     "This means waste of disk space, but no harm to data.\n",
644                     check->leaks);
645         }
646 
647         if (check->check_errors) {
648             qprintf(quiet,
649                     "\n%" PRId64
650                     " internal errors have occurred during the check.\n",
651                     check->check_errors);
652         }
653     }
654 
655     if (check->total_clusters != 0 && check->allocated_clusters != 0) {
656         qprintf(quiet, "%" PRId64 "/%" PRId64 " = %0.2f%% allocated, "
657                 "%0.2f%% fragmented, %0.2f%% compressed clusters\n",
658                 check->allocated_clusters, check->total_clusters,
659                 check->allocated_clusters * 100.0 / check->total_clusters,
660                 check->fragmented_clusters * 100.0 / check->allocated_clusters,
661                 check->compressed_clusters * 100.0 /
662                 check->allocated_clusters);
663     }
664 
665     if (check->image_end_offset) {
666         qprintf(quiet,
667                 "Image end offset: %" PRId64 "\n", check->image_end_offset);
668     }
669 }
670 
671 static int collect_image_check(BlockDriverState *bs,
672                    ImageCheck *check,
673                    const char *filename,
674                    const char *fmt,
675                    int fix)
676 {
677     int ret;
678     BdrvCheckResult result;
679 
680     ret = bdrv_check(bs, &result, fix);
681     if (ret < 0) {
682         return ret;
683     }
684 
685     check->filename                 = g_strdup(filename);
686     check->format                   = g_strdup(bdrv_get_format_name(bs));
687     check->check_errors             = result.check_errors;
688     check->corruptions              = result.corruptions;
689     check->has_corruptions          = result.corruptions != 0;
690     check->leaks                    = result.leaks;
691     check->has_leaks                = result.leaks != 0;
692     check->corruptions_fixed        = result.corruptions_fixed;
693     check->has_corruptions_fixed    = result.corruptions_fixed != 0;
694     check->leaks_fixed              = result.leaks_fixed;
695     check->has_leaks_fixed          = result.leaks_fixed != 0;
696     check->image_end_offset         = result.image_end_offset;
697     check->has_image_end_offset     = result.image_end_offset != 0;
698     check->total_clusters           = result.bfi.total_clusters;
699     check->has_total_clusters       = result.bfi.total_clusters != 0;
700     check->allocated_clusters       = result.bfi.allocated_clusters;
701     check->has_allocated_clusters   = result.bfi.allocated_clusters != 0;
702     check->fragmented_clusters      = result.bfi.fragmented_clusters;
703     check->has_fragmented_clusters  = result.bfi.fragmented_clusters != 0;
704     check->compressed_clusters      = result.bfi.compressed_clusters;
705     check->has_compressed_clusters  = result.bfi.compressed_clusters != 0;
706 
707     return 0;
708 }
709 
710 /*
711  * Checks an image for consistency. Exit codes:
712  *
713  *  0 - Check completed, image is good
714  *  1 - Check not completed because of internal errors
715  *  2 - Check completed, image is corrupted
716  *  3 - Check completed, image has leaked clusters, but is good otherwise
717  * 63 - Checks are not supported by the image format
718  */
719 static int img_check(int argc, char **argv)
720 {
721     int c, ret;
722     OutputFormat output_format = OFORMAT_HUMAN;
723     const char *filename, *fmt, *output, *cache;
724     BlockBackend *blk;
725     BlockDriverState *bs;
726     int fix = 0;
727     int flags = BDRV_O_CHECK;
728     bool writethrough;
729     ImageCheck *check;
730     bool quiet = false;
731     bool image_opts = false;
732     bool force_share = false;
733 
734     fmt = NULL;
735     output = NULL;
736     cache = BDRV_DEFAULT_CACHE;
737 
738     for(;;) {
739         int option_index = 0;
740         static const struct option long_options[] = {
741             {"help", no_argument, 0, 'h'},
742             {"format", required_argument, 0, 'f'},
743             {"repair", required_argument, 0, 'r'},
744             {"output", required_argument, 0, OPTION_OUTPUT},
745             {"object", required_argument, 0, OPTION_OBJECT},
746             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
747             {"force-share", no_argument, 0, 'U'},
748             {0, 0, 0, 0}
749         };
750         c = getopt_long(argc, argv, ":hf:r:T:qU",
751                         long_options, &option_index);
752         if (c == -1) {
753             break;
754         }
755         switch(c) {
756         case ':':
757             missing_argument(argv[optind - 1]);
758             break;
759         case '?':
760             unrecognized_option(argv[optind - 1]);
761             break;
762         case 'h':
763             help();
764             break;
765         case 'f':
766             fmt = optarg;
767             break;
768         case 'r':
769             flags |= BDRV_O_RDWR;
770 
771             if (!strcmp(optarg, "leaks")) {
772                 fix = BDRV_FIX_LEAKS;
773             } else if (!strcmp(optarg, "all")) {
774                 fix = BDRV_FIX_LEAKS | BDRV_FIX_ERRORS;
775             } else {
776                 error_exit("Unknown option value for -r "
777                            "(expecting 'leaks' or 'all'): %s", optarg);
778             }
779             break;
780         case OPTION_OUTPUT:
781             output = optarg;
782             break;
783         case 'T':
784             cache = optarg;
785             break;
786         case 'q':
787             quiet = true;
788             break;
789         case 'U':
790             force_share = true;
791             break;
792         case OPTION_OBJECT:
793             user_creatable_process_cmdline(optarg);
794             break;
795         case OPTION_IMAGE_OPTS:
796             image_opts = true;
797             break;
798         }
799     }
800     if (optind != argc - 1) {
801         error_exit("Expecting one image file name");
802     }
803     filename = argv[optind++];
804 
805     if (output && !strcmp(output, "json")) {
806         output_format = OFORMAT_JSON;
807     } else if (output && !strcmp(output, "human")) {
808         output_format = OFORMAT_HUMAN;
809     } else if (output) {
810         error_report("--output must be used with human or json as argument.");
811         return 1;
812     }
813 
814     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
815     if (ret < 0) {
816         error_report("Invalid source cache option: %s", cache);
817         return 1;
818     }
819 
820     blk = img_open(image_opts, filename, fmt, flags, writethrough, quiet,
821                    force_share);
822     if (!blk) {
823         return 1;
824     }
825     bs = blk_bs(blk);
826 
827     check = g_new0(ImageCheck, 1);
828     ret = collect_image_check(bs, check, filename, fmt, fix);
829 
830     if (ret == -ENOTSUP) {
831         error_report("This image format does not support checks");
832         ret = 63;
833         goto fail;
834     }
835 
836     if (check->corruptions_fixed || check->leaks_fixed) {
837         int corruptions_fixed, leaks_fixed;
838         bool has_leaks_fixed, has_corruptions_fixed;
839 
840         leaks_fixed         = check->leaks_fixed;
841         has_leaks_fixed     = check->has_leaks_fixed;
842         corruptions_fixed   = check->corruptions_fixed;
843         has_corruptions_fixed = check->has_corruptions_fixed;
844 
845         if (output_format == OFORMAT_HUMAN) {
846             qprintf(quiet,
847                     "The following inconsistencies were found and repaired:\n\n"
848                     "    %" PRId64 " leaked clusters\n"
849                     "    %" PRId64 " corruptions\n\n"
850                     "Double checking the fixed image now...\n",
851                     check->leaks_fixed,
852                     check->corruptions_fixed);
853         }
854 
855         qapi_free_ImageCheck(check);
856         check = g_new0(ImageCheck, 1);
857         ret = collect_image_check(bs, check, filename, fmt, 0);
858 
859         check->leaks_fixed          = leaks_fixed;
860         check->has_leaks_fixed      = has_leaks_fixed;
861         check->corruptions_fixed    = corruptions_fixed;
862         check->has_corruptions_fixed = has_corruptions_fixed;
863     }
864 
865     if (!ret) {
866         switch (output_format) {
867         case OFORMAT_HUMAN:
868             dump_human_image_check(check, quiet);
869             break;
870         case OFORMAT_JSON:
871             dump_json_image_check(check, quiet);
872             break;
873         }
874     }
875 
876     if (ret || check->check_errors) {
877         if (ret) {
878             error_report("Check failed: %s", strerror(-ret));
879         } else {
880             error_report("Check failed");
881         }
882         ret = 1;
883         goto fail;
884     }
885 
886     if (check->corruptions) {
887         ret = 2;
888     } else if (check->leaks) {
889         ret = 3;
890     } else {
891         ret = 0;
892     }
893 
894 fail:
895     qapi_free_ImageCheck(check);
896     blk_unref(blk);
897     return ret;
898 }
899 
900 typedef struct CommonBlockJobCBInfo {
901     BlockDriverState *bs;
902     Error **errp;
903 } CommonBlockJobCBInfo;
904 
905 static void common_block_job_cb(void *opaque, int ret)
906 {
907     CommonBlockJobCBInfo *cbi = opaque;
908 
909     if (ret < 0) {
910         error_setg_errno(cbi->errp, -ret, "Block job failed");
911     }
912 }
913 
914 static void run_block_job(BlockJob *job, Error **errp)
915 {
916     uint64_t progress_current, progress_total;
917     AioContext *aio_context = block_job_get_aio_context(job);
918     int ret = 0;
919 
920     job_lock();
921     job_ref_locked(&job->job);
922     do {
923         float progress = 0.0f;
924         job_unlock();
925         aio_poll(aio_context, true);
926 
927         progress_get_snapshot(&job->job.progress, &progress_current,
928                               &progress_total);
929         if (progress_total) {
930             progress = (float)progress_current / progress_total * 100.f;
931         }
932         qemu_progress_print(progress, 0);
933         job_lock();
934     } while (!job_is_ready_locked(&job->job) &&
935              !job_is_completed_locked(&job->job));
936 
937     if (!job_is_completed_locked(&job->job)) {
938         ret = job_complete_sync_locked(&job->job, errp);
939     } else {
940         ret = job->job.ret;
941     }
942     job_unref_locked(&job->job);
943     job_unlock();
944 
945     /* publish completion progress only when success */
946     if (!ret) {
947         qemu_progress_print(100.f, 0);
948     }
949 }
950 
951 static int img_commit(int argc, char **argv)
952 {
953     int c, ret, flags;
954     const char *filename, *fmt, *cache, *base;
955     BlockBackend *blk;
956     BlockDriverState *bs, *base_bs;
957     BlockJob *job;
958     bool progress = false, quiet = false, drop = false;
959     bool writethrough;
960     Error *local_err = NULL;
961     CommonBlockJobCBInfo cbi;
962     bool image_opts = false;
963     int64_t rate_limit = 0;
964 
965     fmt = NULL;
966     cache = BDRV_DEFAULT_CACHE;
967     base = NULL;
968     for(;;) {
969         static const struct option long_options[] = {
970             {"help", no_argument, 0, 'h'},
971             {"object", required_argument, 0, OPTION_OBJECT},
972             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
973             {0, 0, 0, 0}
974         };
975         c = getopt_long(argc, argv, ":f:ht:b:dpqr:",
976                         long_options, NULL);
977         if (c == -1) {
978             break;
979         }
980         switch(c) {
981         case ':':
982             missing_argument(argv[optind - 1]);
983             break;
984         case '?':
985             unrecognized_option(argv[optind - 1]);
986             break;
987         case 'h':
988             help();
989             break;
990         case 'f':
991             fmt = optarg;
992             break;
993         case 't':
994             cache = optarg;
995             break;
996         case 'b':
997             base = optarg;
998             /* -b implies -d */
999             drop = true;
1000             break;
1001         case 'd':
1002             drop = true;
1003             break;
1004         case 'p':
1005             progress = true;
1006             break;
1007         case 'q':
1008             quiet = true;
1009             break;
1010         case 'r':
1011             rate_limit = cvtnum("rate limit", optarg);
1012             if (rate_limit < 0) {
1013                 return 1;
1014             }
1015             break;
1016         case OPTION_OBJECT:
1017             user_creatable_process_cmdline(optarg);
1018             break;
1019         case OPTION_IMAGE_OPTS:
1020             image_opts = true;
1021             break;
1022         }
1023     }
1024 
1025     /* Progress is not shown in Quiet mode */
1026     if (quiet) {
1027         progress = false;
1028     }
1029 
1030     if (optind != argc - 1) {
1031         error_exit("Expecting one image file name");
1032     }
1033     filename = argv[optind++];
1034 
1035     flags = BDRV_O_RDWR | BDRV_O_UNMAP;
1036     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
1037     if (ret < 0) {
1038         error_report("Invalid cache option: %s", cache);
1039         return 1;
1040     }
1041 
1042     blk = img_open(image_opts, filename, fmt, flags, writethrough, quiet,
1043                    false);
1044     if (!blk) {
1045         return 1;
1046     }
1047     bs = blk_bs(blk);
1048 
1049     qemu_progress_init(progress, 1.f);
1050     qemu_progress_print(0.f, 100);
1051 
1052     bdrv_graph_rdlock_main_loop();
1053     if (base) {
1054         base_bs = bdrv_find_backing_image(bs, base);
1055         if (!base_bs) {
1056             error_setg(&local_err,
1057                        "Did not find '%s' in the backing chain of '%s'",
1058                        base, filename);
1059             bdrv_graph_rdunlock_main_loop();
1060             goto done;
1061         }
1062     } else {
1063         /* This is different from QMP, which by default uses the deepest file in
1064          * the backing chain (i.e., the very base); however, the traditional
1065          * behavior of qemu-img commit is using the immediate backing file. */
1066         base_bs = bdrv_backing_chain_next(bs);
1067         if (!base_bs) {
1068             error_setg(&local_err, "Image does not have a backing file");
1069             bdrv_graph_rdunlock_main_loop();
1070             goto done;
1071         }
1072     }
1073     bdrv_graph_rdunlock_main_loop();
1074 
1075     cbi = (CommonBlockJobCBInfo){
1076         .errp = &local_err,
1077         .bs   = bs,
1078     };
1079 
1080     commit_active_start("commit", bs, base_bs, JOB_DEFAULT, rate_limit,
1081                         BLOCKDEV_ON_ERROR_REPORT, NULL, common_block_job_cb,
1082                         &cbi, false, &local_err);
1083     if (local_err) {
1084         goto done;
1085     }
1086 
1087     /* When the block job completes, the BlockBackend reference will point to
1088      * the old backing file. In order to avoid that the top image is already
1089      * deleted, so we can still empty it afterwards, increment the reference
1090      * counter here preemptively. */
1091     if (!drop) {
1092         bdrv_ref(bs);
1093     }
1094 
1095     job = block_job_get("commit");
1096     assert(job);
1097     run_block_job(job, &local_err);
1098     if (local_err) {
1099         goto unref_backing;
1100     }
1101 
1102     if (!drop) {
1103         BlockBackend *old_backing_blk;
1104 
1105         old_backing_blk = blk_new_with_bs(bs, BLK_PERM_WRITE, BLK_PERM_ALL,
1106                                           &local_err);
1107         if (!old_backing_blk) {
1108             goto unref_backing;
1109         }
1110         ret = blk_make_empty(old_backing_blk, &local_err);
1111         blk_unref(old_backing_blk);
1112         if (ret == -ENOTSUP) {
1113             error_free(local_err);
1114             local_err = NULL;
1115         } else if (ret < 0) {
1116             goto unref_backing;
1117         }
1118     }
1119 
1120 unref_backing:
1121     if (!drop) {
1122         bdrv_unref(bs);
1123     }
1124 
1125 done:
1126     qemu_progress_end();
1127 
1128     /*
1129      * Manually inactivate the image first because this way we can know whether
1130      * an error occurred. blk_unref() doesn't tell us about failures.
1131      */
1132     ret = bdrv_inactivate_all();
1133     if (ret < 0 && !local_err) {
1134         error_setg_errno(&local_err, -ret, "Error while closing the image");
1135     }
1136     blk_unref(blk);
1137 
1138     if (local_err) {
1139         error_report_err(local_err);
1140         return 1;
1141     }
1142 
1143     qprintf(quiet, "Image committed.\n");
1144     return 0;
1145 }
1146 
1147 /*
1148  * Returns -1 if 'buf' contains only zeroes, otherwise the byte index
1149  * of the first sector boundary within buf where the sector contains a
1150  * non-zero byte.  This function is robust to a buffer that is not
1151  * sector-aligned.
1152  */
1153 static int64_t find_nonzero(const uint8_t *buf, int64_t n)
1154 {
1155     int64_t i;
1156     int64_t end = QEMU_ALIGN_DOWN(n, BDRV_SECTOR_SIZE);
1157 
1158     for (i = 0; i < end; i += BDRV_SECTOR_SIZE) {
1159         if (!buffer_is_zero(buf + i, BDRV_SECTOR_SIZE)) {
1160             return i;
1161         }
1162     }
1163     if (i < n && !buffer_is_zero(buf + i, n - end)) {
1164         return i;
1165     }
1166     return -1;
1167 }
1168 
1169 /*
1170  * Returns true iff the first sector pointed to by 'buf' contains at least
1171  * a non-NUL byte.
1172  *
1173  * 'pnum' is set to the number of sectors (including and immediately following
1174  * the first one) that are known to be in the same allocated/unallocated state.
1175  * The function will try to align the end offset to alignment boundaries so
1176  * that the request will at least end aligned and consecutive requests will
1177  * also start at an aligned offset.
1178  */
1179 static int is_allocated_sectors(const uint8_t *buf, int n, int *pnum,
1180                                 int64_t sector_num, int alignment)
1181 {
1182     bool is_zero;
1183     int i, tail;
1184 
1185     if (n <= 0) {
1186         *pnum = 0;
1187         return 0;
1188     }
1189     is_zero = buffer_is_zero(buf, BDRV_SECTOR_SIZE);
1190     for(i = 1; i < n; i++) {
1191         buf += BDRV_SECTOR_SIZE;
1192         if (is_zero != buffer_is_zero(buf, BDRV_SECTOR_SIZE)) {
1193             break;
1194         }
1195     }
1196 
1197     if (i == n) {
1198         /*
1199          * The whole buf is the same.
1200          * No reason to split it into chunks, so return now.
1201          */
1202         *pnum = i;
1203         return !is_zero;
1204     }
1205 
1206     tail = (sector_num + i) & (alignment - 1);
1207     if (tail) {
1208         if (is_zero && i <= tail) {
1209             /*
1210              * For sure next sector after i is data, and it will rewrite this
1211              * tail anyway due to RMW. So, let's just write data now.
1212              */
1213             is_zero = false;
1214         }
1215         if (!is_zero) {
1216             /* If possible, align up end offset of allocated areas. */
1217             i += alignment - tail;
1218             i = MIN(i, n);
1219         } else {
1220             /*
1221              * For sure next sector after i is data, and it will rewrite this
1222              * tail anyway due to RMW. Better is avoid RMW and write zeroes up
1223              * to aligned bound.
1224              */
1225             i -= tail;
1226         }
1227     }
1228     *pnum = i;
1229     return !is_zero;
1230 }
1231 
1232 /*
1233  * Like is_allocated_sectors, but if the buffer starts with a used sector,
1234  * up to 'min' consecutive sectors containing zeros are ignored. This avoids
1235  * breaking up write requests for only small sparse areas.
1236  */
1237 static int is_allocated_sectors_min(const uint8_t *buf, int n, int *pnum,
1238     int min, int64_t sector_num, int alignment)
1239 {
1240     int ret;
1241     int num_checked, num_used;
1242 
1243     if (n < min) {
1244         min = n;
1245     }
1246 
1247     ret = is_allocated_sectors(buf, n, pnum, sector_num, alignment);
1248     if (!ret) {
1249         return ret;
1250     }
1251 
1252     num_used = *pnum;
1253     buf += BDRV_SECTOR_SIZE * *pnum;
1254     n -= *pnum;
1255     sector_num += *pnum;
1256     num_checked = num_used;
1257 
1258     while (n > 0) {
1259         ret = is_allocated_sectors(buf, n, pnum, sector_num, alignment);
1260 
1261         buf += BDRV_SECTOR_SIZE * *pnum;
1262         n -= *pnum;
1263         sector_num += *pnum;
1264         num_checked += *pnum;
1265         if (ret) {
1266             num_used = num_checked;
1267         } else if (*pnum >= min) {
1268             break;
1269         }
1270     }
1271 
1272     *pnum = num_used;
1273     return 1;
1274 }
1275 
1276 /*
1277  * Compares two buffers chunk by chunk, where @chsize is the chunk size.
1278  * If @chsize is 0, default chunk size of BDRV_SECTOR_SIZE is used.
1279  * Returns 0 if the first chunk of each buffer matches, non-zero otherwise.
1280  *
1281  * @pnum is set to the size of the buffer prefix aligned to @chsize that
1282  * has the same matching status as the first chunk.
1283  */
1284 static int compare_buffers(const uint8_t *buf1, const uint8_t *buf2,
1285                            int64_t bytes, uint64_t chsize, int64_t *pnum)
1286 {
1287     bool res;
1288     int64_t i;
1289 
1290     assert(bytes > 0);
1291 
1292     if (!chsize) {
1293         chsize = BDRV_SECTOR_SIZE;
1294     }
1295     i = MIN(bytes, chsize);
1296 
1297     res = !!memcmp(buf1, buf2, i);
1298     while (i < bytes) {
1299         int64_t len = MIN(bytes - i, chsize);
1300 
1301         if (!!memcmp(buf1 + i, buf2 + i, len) != res) {
1302             break;
1303         }
1304         i += len;
1305     }
1306 
1307     *pnum = i;
1308     return res;
1309 }
1310 
1311 #define IO_BUF_SIZE (2 * MiB)
1312 
1313 /*
1314  * Check if passed sectors are empty (not allocated or contain only 0 bytes)
1315  *
1316  * Intended for use by 'qemu-img compare': Returns 0 in case sectors are
1317  * filled with 0, 1 if sectors contain non-zero data (this is a comparison
1318  * failure), and 4 on error (the exit status for read errors), after emitting
1319  * an error message.
1320  *
1321  * @param blk:  BlockBackend for the image
1322  * @param offset: Starting offset to check
1323  * @param bytes: Number of bytes to check
1324  * @param filename: Name of disk file we are checking (logging purpose)
1325  * @param buffer: Allocated buffer for storing read data
1326  * @param quiet: Flag for quiet mode
1327  */
1328 static int check_empty_sectors(BlockBackend *blk, int64_t offset,
1329                                int64_t bytes, const char *filename,
1330                                uint8_t *buffer, bool quiet)
1331 {
1332     int ret = 0;
1333     int64_t idx;
1334 
1335     ret = blk_pread(blk, offset, bytes, buffer, 0);
1336     if (ret < 0) {
1337         error_report("Error while reading offset %" PRId64 " of %s: %s",
1338                      offset, filename, strerror(-ret));
1339         return 4;
1340     }
1341     idx = find_nonzero(buffer, bytes);
1342     if (idx >= 0) {
1343         qprintf(quiet, "Content mismatch at offset %" PRId64 "!\n",
1344                 offset + idx);
1345         return 1;
1346     }
1347 
1348     return 0;
1349 }
1350 
1351 /*
1352  * Compares two images. Exit codes:
1353  *
1354  * 0 - Images are identical or the requested help was printed
1355  * 1 - Images differ
1356  * >1 - Error occurred
1357  */
1358 static int img_compare(int argc, char **argv)
1359 {
1360     const char *fmt1 = NULL, *fmt2 = NULL, *cache, *filename1, *filename2;
1361     BlockBackend *blk1, *blk2;
1362     BlockDriverState *bs1, *bs2;
1363     int64_t total_size1, total_size2;
1364     uint8_t *buf1 = NULL, *buf2 = NULL;
1365     int64_t pnum1, pnum2;
1366     int allocated1, allocated2;
1367     int ret = 0; /* return value - 0 Ident, 1 Different, >1 Error */
1368     bool progress = false, quiet = false, strict = false;
1369     int flags;
1370     bool writethrough;
1371     int64_t total_size;
1372     int64_t offset = 0;
1373     int64_t chunk;
1374     int c;
1375     uint64_t progress_base;
1376     bool image_opts = false;
1377     bool force_share = false;
1378 
1379     cache = BDRV_DEFAULT_CACHE;
1380     for (;;) {
1381         static const struct option long_options[] = {
1382             {"help", no_argument, 0, 'h'},
1383             {"object", required_argument, 0, OPTION_OBJECT},
1384             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
1385             {"force-share", no_argument, 0, 'U'},
1386             {0, 0, 0, 0}
1387         };
1388         c = getopt_long(argc, argv, ":hf:F:T:pqsU",
1389                         long_options, NULL);
1390         if (c == -1) {
1391             break;
1392         }
1393         switch (c) {
1394         case ':':
1395             missing_argument(argv[optind - 1]);
1396             break;
1397         case '?':
1398             unrecognized_option(argv[optind - 1]);
1399             break;
1400         case 'h':
1401             help();
1402             break;
1403         case 'f':
1404             fmt1 = optarg;
1405             break;
1406         case 'F':
1407             fmt2 = optarg;
1408             break;
1409         case 'T':
1410             cache = optarg;
1411             break;
1412         case 'p':
1413             progress = true;
1414             break;
1415         case 'q':
1416             quiet = true;
1417             break;
1418         case 's':
1419             strict = true;
1420             break;
1421         case 'U':
1422             force_share = true;
1423             break;
1424         case OPTION_OBJECT:
1425             {
1426                 Error *local_err = NULL;
1427 
1428                 if (!user_creatable_add_from_str(optarg, &local_err)) {
1429                     if (local_err) {
1430                         error_report_err(local_err);
1431                         exit(2);
1432                     } else {
1433                         /* Help was printed */
1434                         exit(EXIT_SUCCESS);
1435                     }
1436                 }
1437                 break;
1438             }
1439         case OPTION_IMAGE_OPTS:
1440             image_opts = true;
1441             break;
1442         }
1443     }
1444 
1445     /* Progress is not shown in Quiet mode */
1446     if (quiet) {
1447         progress = false;
1448     }
1449 
1450 
1451     if (optind != argc - 2) {
1452         error_exit("Expecting two image file names");
1453     }
1454     filename1 = argv[optind++];
1455     filename2 = argv[optind++];
1456 
1457     /* Initialize before goto out */
1458     qemu_progress_init(progress, 2.0);
1459 
1460     flags = 0;
1461     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
1462     if (ret < 0) {
1463         error_report("Invalid source cache option: %s", cache);
1464         ret = 2;
1465         goto out3;
1466     }
1467 
1468     blk1 = img_open(image_opts, filename1, fmt1, flags, writethrough, quiet,
1469                     force_share);
1470     if (!blk1) {
1471         ret = 2;
1472         goto out3;
1473     }
1474 
1475     blk2 = img_open(image_opts, filename2, fmt2, flags, writethrough, quiet,
1476                     force_share);
1477     if (!blk2) {
1478         ret = 2;
1479         goto out2;
1480     }
1481     bs1 = blk_bs(blk1);
1482     bs2 = blk_bs(blk2);
1483 
1484     buf1 = blk_blockalign(blk1, IO_BUF_SIZE);
1485     buf2 = blk_blockalign(blk2, IO_BUF_SIZE);
1486     total_size1 = blk_getlength(blk1);
1487     if (total_size1 < 0) {
1488         error_report("Can't get size of %s: %s",
1489                      filename1, strerror(-total_size1));
1490         ret = 4;
1491         goto out;
1492     }
1493     total_size2 = blk_getlength(blk2);
1494     if (total_size2 < 0) {
1495         error_report("Can't get size of %s: %s",
1496                      filename2, strerror(-total_size2));
1497         ret = 4;
1498         goto out;
1499     }
1500     total_size = MIN(total_size1, total_size2);
1501     progress_base = MAX(total_size1, total_size2);
1502 
1503     qemu_progress_print(0, 100);
1504 
1505     if (strict && total_size1 != total_size2) {
1506         ret = 1;
1507         qprintf(quiet, "Strict mode: Image size mismatch!\n");
1508         goto out;
1509     }
1510 
1511     while (offset < total_size) {
1512         int status1, status2;
1513 
1514         status1 = bdrv_block_status_above(bs1, NULL, offset,
1515                                           total_size1 - offset, &pnum1, NULL,
1516                                           NULL);
1517         if (status1 < 0) {
1518             ret = 3;
1519             error_report("Sector allocation test failed for %s", filename1);
1520             goto out;
1521         }
1522         allocated1 = status1 & BDRV_BLOCK_ALLOCATED;
1523 
1524         status2 = bdrv_block_status_above(bs2, NULL, offset,
1525                                           total_size2 - offset, &pnum2, NULL,
1526                                           NULL);
1527         if (status2 < 0) {
1528             ret = 3;
1529             error_report("Sector allocation test failed for %s", filename2);
1530             goto out;
1531         }
1532         allocated2 = status2 & BDRV_BLOCK_ALLOCATED;
1533 
1534         assert(pnum1 && pnum2);
1535         chunk = MIN(pnum1, pnum2);
1536 
1537         if (strict) {
1538             if (status1 != status2) {
1539                 ret = 1;
1540                 qprintf(quiet, "Strict mode: Offset %" PRId64
1541                         " block status mismatch!\n", offset);
1542                 goto out;
1543             }
1544         }
1545         if ((status1 & BDRV_BLOCK_ZERO) && (status2 & BDRV_BLOCK_ZERO)) {
1546             /* nothing to do */
1547         } else if (allocated1 == allocated2) {
1548             if (allocated1) {
1549                 int64_t pnum;
1550 
1551                 chunk = MIN(chunk, IO_BUF_SIZE);
1552                 ret = blk_pread(blk1, offset, chunk, buf1, 0);
1553                 if (ret < 0) {
1554                     error_report("Error while reading offset %" PRId64
1555                                  " of %s: %s",
1556                                  offset, filename1, strerror(-ret));
1557                     ret = 4;
1558                     goto out;
1559                 }
1560                 ret = blk_pread(blk2, offset, chunk, buf2, 0);
1561                 if (ret < 0) {
1562                     error_report("Error while reading offset %" PRId64
1563                                  " of %s: %s",
1564                                  offset, filename2, strerror(-ret));
1565                     ret = 4;
1566                     goto out;
1567                 }
1568                 ret = compare_buffers(buf1, buf2, chunk, 0, &pnum);
1569                 if (ret || pnum != chunk) {
1570                     qprintf(quiet, "Content mismatch at offset %" PRId64 "!\n",
1571                             offset + (ret ? 0 : pnum));
1572                     ret = 1;
1573                     goto out;
1574                 }
1575             }
1576         } else {
1577             chunk = MIN(chunk, IO_BUF_SIZE);
1578             if (allocated1) {
1579                 ret = check_empty_sectors(blk1, offset, chunk,
1580                                           filename1, buf1, quiet);
1581             } else {
1582                 ret = check_empty_sectors(blk2, offset, chunk,
1583                                           filename2, buf1, quiet);
1584             }
1585             if (ret) {
1586                 goto out;
1587             }
1588         }
1589         offset += chunk;
1590         qemu_progress_print(((float) chunk / progress_base) * 100, 100);
1591     }
1592 
1593     if (total_size1 != total_size2) {
1594         BlockBackend *blk_over;
1595         const char *filename_over;
1596 
1597         qprintf(quiet, "Warning: Image size mismatch!\n");
1598         if (total_size1 > total_size2) {
1599             blk_over = blk1;
1600             filename_over = filename1;
1601         } else {
1602             blk_over = blk2;
1603             filename_over = filename2;
1604         }
1605 
1606         while (offset < progress_base) {
1607             ret = bdrv_block_status_above(blk_bs(blk_over), NULL, offset,
1608                                           progress_base - offset, &chunk,
1609                                           NULL, NULL);
1610             if (ret < 0) {
1611                 ret = 3;
1612                 error_report("Sector allocation test failed for %s",
1613                              filename_over);
1614                 goto out;
1615 
1616             }
1617             if (ret & BDRV_BLOCK_ALLOCATED && !(ret & BDRV_BLOCK_ZERO)) {
1618                 chunk = MIN(chunk, IO_BUF_SIZE);
1619                 ret = check_empty_sectors(blk_over, offset, chunk,
1620                                           filename_over, buf1, quiet);
1621                 if (ret) {
1622                     goto out;
1623                 }
1624             }
1625             offset += chunk;
1626             qemu_progress_print(((float) chunk / progress_base) * 100, 100);
1627         }
1628     }
1629 
1630     qprintf(quiet, "Images are identical.\n");
1631     ret = 0;
1632 
1633 out:
1634     qemu_vfree(buf1);
1635     qemu_vfree(buf2);
1636     blk_unref(blk2);
1637 out2:
1638     blk_unref(blk1);
1639 out3:
1640     qemu_progress_end();
1641     return ret;
1642 }
1643 
1644 /* Convenience wrapper around qmp_block_dirty_bitmap_merge */
1645 static void do_dirty_bitmap_merge(const char *dst_node, const char *dst_name,
1646                                   const char *src_node, const char *src_name,
1647                                   Error **errp)
1648 {
1649     BlockDirtyBitmapOrStr *merge_src;
1650     BlockDirtyBitmapOrStrList *list = NULL;
1651 
1652     merge_src = g_new0(BlockDirtyBitmapOrStr, 1);
1653     merge_src->type = QTYPE_QDICT;
1654     merge_src->u.external.node = g_strdup(src_node);
1655     merge_src->u.external.name = g_strdup(src_name);
1656     QAPI_LIST_PREPEND(list, merge_src);
1657     qmp_block_dirty_bitmap_merge(dst_node, dst_name, list, errp);
1658     qapi_free_BlockDirtyBitmapOrStrList(list);
1659 }
1660 
1661 enum ImgConvertBlockStatus {
1662     BLK_DATA,
1663     BLK_ZERO,
1664     BLK_BACKING_FILE,
1665 };
1666 
1667 #define MAX_COROUTINES 16
1668 #define CONVERT_THROTTLE_GROUP "img_convert"
1669 
1670 typedef struct ImgConvertState {
1671     BlockBackend **src;
1672     int64_t *src_sectors;
1673     int *src_alignment;
1674     int src_num;
1675     int64_t total_sectors;
1676     int64_t allocated_sectors;
1677     int64_t allocated_done;
1678     int64_t sector_num;
1679     int64_t wr_offs;
1680     enum ImgConvertBlockStatus status;
1681     int64_t sector_next_status;
1682     BlockBackend *target;
1683     bool has_zero_init;
1684     bool compressed;
1685     bool target_is_new;
1686     bool target_has_backing;
1687     int64_t target_backing_sectors; /* negative if unknown */
1688     bool wr_in_order;
1689     bool copy_range;
1690     bool salvage;
1691     bool quiet;
1692     int min_sparse;
1693     int alignment;
1694     size_t cluster_sectors;
1695     size_t buf_sectors;
1696     long num_coroutines;
1697     int running_coroutines;
1698     Coroutine *co[MAX_COROUTINES];
1699     int64_t wait_sector_num[MAX_COROUTINES];
1700     CoMutex lock;
1701     int ret;
1702 } ImgConvertState;
1703 
1704 static void convert_select_part(ImgConvertState *s, int64_t sector_num,
1705                                 int *src_cur, int64_t *src_cur_offset)
1706 {
1707     *src_cur = 0;
1708     *src_cur_offset = 0;
1709     while (sector_num - *src_cur_offset >= s->src_sectors[*src_cur]) {
1710         *src_cur_offset += s->src_sectors[*src_cur];
1711         (*src_cur)++;
1712         assert(*src_cur < s->src_num);
1713     }
1714 }
1715 
1716 static int coroutine_mixed_fn GRAPH_RDLOCK
1717 convert_iteration_sectors(ImgConvertState *s, int64_t sector_num)
1718 {
1719     int64_t src_cur_offset;
1720     int ret, n, src_cur;
1721     bool post_backing_zero = false;
1722 
1723     convert_select_part(s, sector_num, &src_cur, &src_cur_offset);
1724 
1725     assert(s->total_sectors > sector_num);
1726     n = MIN(s->total_sectors - sector_num, BDRV_REQUEST_MAX_SECTORS);
1727 
1728     if (s->target_backing_sectors >= 0) {
1729         if (sector_num >= s->target_backing_sectors) {
1730             post_backing_zero = true;
1731         } else if (sector_num + n > s->target_backing_sectors) {
1732             /* Split requests around target_backing_sectors (because
1733              * starting from there, zeros are handled differently) */
1734             n = s->target_backing_sectors - sector_num;
1735         }
1736     }
1737 
1738     if (s->sector_next_status <= sector_num) {
1739         uint64_t offset = (sector_num - src_cur_offset) * BDRV_SECTOR_SIZE;
1740         int64_t count;
1741         int tail;
1742         BlockDriverState *src_bs = blk_bs(s->src[src_cur]);
1743         BlockDriverState *base;
1744 
1745         if (s->target_has_backing) {
1746             base = bdrv_cow_bs(bdrv_skip_filters(src_bs));
1747         } else {
1748             base = NULL;
1749         }
1750 
1751         do {
1752             count = n * BDRV_SECTOR_SIZE;
1753 
1754             ret = bdrv_block_status_above(src_bs, base, offset, count, &count,
1755                                           NULL, NULL);
1756 
1757             if (ret < 0) {
1758                 if (s->salvage) {
1759                     if (n == 1) {
1760                         if (!s->quiet) {
1761                             warn_report("error while reading block status at "
1762                                         "offset %" PRIu64 ": %s", offset,
1763                                         strerror(-ret));
1764                         }
1765                         /* Just try to read the data, then */
1766                         ret = BDRV_BLOCK_DATA;
1767                         count = BDRV_SECTOR_SIZE;
1768                     } else {
1769                         /* Retry on a shorter range */
1770                         n = DIV_ROUND_UP(n, 4);
1771                     }
1772                 } else {
1773                     error_report("error while reading block status at offset "
1774                                  "%" PRIu64 ": %s", offset, strerror(-ret));
1775                     return ret;
1776                 }
1777             }
1778         } while (ret < 0);
1779 
1780         n = DIV_ROUND_UP(count, BDRV_SECTOR_SIZE);
1781 
1782         /*
1783          * Avoid that s->sector_next_status becomes unaligned to the source
1784          * request alignment and/or cluster size to avoid unnecessary read
1785          * cycles.
1786          */
1787         tail = (sector_num - src_cur_offset + n) % s->src_alignment[src_cur];
1788         if (n > tail) {
1789             n -= tail;
1790         }
1791 
1792         if (ret & BDRV_BLOCK_ZERO) {
1793             s->status = post_backing_zero ? BLK_BACKING_FILE : BLK_ZERO;
1794         } else if (ret & BDRV_BLOCK_DATA) {
1795             s->status = BLK_DATA;
1796         } else {
1797             s->status = s->target_has_backing ? BLK_BACKING_FILE : BLK_DATA;
1798         }
1799 
1800         s->sector_next_status = sector_num + n;
1801     }
1802 
1803     n = MIN(n, s->sector_next_status - sector_num);
1804     if (s->status == BLK_DATA) {
1805         n = MIN(n, s->buf_sectors);
1806     }
1807 
1808     /* We need to write complete clusters for compressed images, so if an
1809      * unallocated area is shorter than that, we must consider the whole
1810      * cluster allocated. */
1811     if (s->compressed) {
1812         if (n < s->cluster_sectors) {
1813             n = MIN(s->cluster_sectors, s->total_sectors - sector_num);
1814             s->status = BLK_DATA;
1815         } else {
1816             n = QEMU_ALIGN_DOWN(n, s->cluster_sectors);
1817         }
1818     }
1819 
1820     return n;
1821 }
1822 
1823 static int coroutine_fn convert_co_read(ImgConvertState *s, int64_t sector_num,
1824                                         int nb_sectors, uint8_t *buf)
1825 {
1826     uint64_t single_read_until = 0;
1827     int n, ret;
1828 
1829     assert(nb_sectors <= s->buf_sectors);
1830     while (nb_sectors > 0) {
1831         BlockBackend *blk;
1832         int src_cur;
1833         int64_t bs_sectors, src_cur_offset;
1834         uint64_t offset;
1835 
1836         /* In the case of compression with multiple source files, we can get a
1837          * nb_sectors that spreads into the next part. So we must be able to
1838          * read across multiple BDSes for one convert_read() call. */
1839         convert_select_part(s, sector_num, &src_cur, &src_cur_offset);
1840         blk = s->src[src_cur];
1841         bs_sectors = s->src_sectors[src_cur];
1842 
1843         offset = (sector_num - src_cur_offset) << BDRV_SECTOR_BITS;
1844 
1845         n = MIN(nb_sectors, bs_sectors - (sector_num - src_cur_offset));
1846         if (single_read_until > offset) {
1847             n = 1;
1848         }
1849 
1850         ret = blk_co_pread(blk, offset, n << BDRV_SECTOR_BITS, buf, 0);
1851         if (ret < 0) {
1852             if (s->salvage) {
1853                 if (n > 1) {
1854                     single_read_until = offset + (n << BDRV_SECTOR_BITS);
1855                     continue;
1856                 } else {
1857                     if (!s->quiet) {
1858                         warn_report("error while reading offset %" PRIu64
1859                                     ": %s", offset, strerror(-ret));
1860                     }
1861                     memset(buf, 0, BDRV_SECTOR_SIZE);
1862                 }
1863             } else {
1864                 return ret;
1865             }
1866         }
1867 
1868         sector_num += n;
1869         nb_sectors -= n;
1870         buf += n * BDRV_SECTOR_SIZE;
1871     }
1872 
1873     return 0;
1874 }
1875 
1876 
1877 static int coroutine_fn convert_co_write(ImgConvertState *s, int64_t sector_num,
1878                                          int nb_sectors, uint8_t *buf,
1879                                          enum ImgConvertBlockStatus status)
1880 {
1881     int ret;
1882 
1883     while (nb_sectors > 0) {
1884         int n = nb_sectors;
1885         BdrvRequestFlags flags = s->compressed ? BDRV_REQ_WRITE_COMPRESSED : 0;
1886 
1887         switch (status) {
1888         case BLK_BACKING_FILE:
1889             /* If we have a backing file, leave clusters unallocated that are
1890              * unallocated in the source image, so that the backing file is
1891              * visible at the respective offset. */
1892             assert(s->target_has_backing);
1893             break;
1894 
1895         case BLK_DATA:
1896             /* If we're told to keep the target fully allocated (-S 0) or there
1897              * is real non-zero data, we must write it. Otherwise we can treat
1898              * it as zero sectors.
1899              * Compressed clusters need to be written as a whole, so in that
1900              * case we can only save the write if the buffer is completely
1901              * zeroed. */
1902             if (!s->min_sparse ||
1903                 (!s->compressed &&
1904                  is_allocated_sectors_min(buf, n, &n, s->min_sparse,
1905                                           sector_num, s->alignment)) ||
1906                 (s->compressed &&
1907                  !buffer_is_zero(buf, n * BDRV_SECTOR_SIZE)))
1908             {
1909                 ret = blk_co_pwrite(s->target, sector_num << BDRV_SECTOR_BITS,
1910                                     n << BDRV_SECTOR_BITS, buf, flags);
1911                 if (ret < 0) {
1912                     return ret;
1913                 }
1914                 break;
1915             }
1916             /* fall-through */
1917 
1918         case BLK_ZERO:
1919             if (s->has_zero_init) {
1920                 assert(!s->target_has_backing);
1921                 break;
1922             }
1923             ret = blk_co_pwrite_zeroes(s->target,
1924                                        sector_num << BDRV_SECTOR_BITS,
1925                                        n << BDRV_SECTOR_BITS,
1926                                        BDRV_REQ_MAY_UNMAP);
1927             if (ret < 0) {
1928                 return ret;
1929             }
1930             break;
1931         }
1932 
1933         sector_num += n;
1934         nb_sectors -= n;
1935         buf += n * BDRV_SECTOR_SIZE;
1936     }
1937 
1938     return 0;
1939 }
1940 
1941 static int coroutine_fn convert_co_copy_range(ImgConvertState *s, int64_t sector_num,
1942                                               int nb_sectors)
1943 {
1944     int n, ret;
1945 
1946     while (nb_sectors > 0) {
1947         BlockBackend *blk;
1948         int src_cur;
1949         int64_t bs_sectors, src_cur_offset;
1950         int64_t offset;
1951 
1952         convert_select_part(s, sector_num, &src_cur, &src_cur_offset);
1953         offset = (sector_num - src_cur_offset) << BDRV_SECTOR_BITS;
1954         blk = s->src[src_cur];
1955         bs_sectors = s->src_sectors[src_cur];
1956 
1957         n = MIN(nb_sectors, bs_sectors - (sector_num - src_cur_offset));
1958 
1959         ret = blk_co_copy_range(blk, offset, s->target,
1960                                 sector_num << BDRV_SECTOR_BITS,
1961                                 n << BDRV_SECTOR_BITS, 0, 0);
1962         if (ret < 0) {
1963             return ret;
1964         }
1965 
1966         sector_num += n;
1967         nb_sectors -= n;
1968     }
1969     return 0;
1970 }
1971 
1972 static void coroutine_fn convert_co_do_copy(void *opaque)
1973 {
1974     ImgConvertState *s = opaque;
1975     uint8_t *buf = NULL;
1976     int ret, i;
1977     int index = -1;
1978 
1979     for (i = 0; i < s->num_coroutines; i++) {
1980         if (s->co[i] == qemu_coroutine_self()) {
1981             index = i;
1982             break;
1983         }
1984     }
1985     assert(index >= 0);
1986 
1987     s->running_coroutines++;
1988     buf = blk_blockalign(s->target, s->buf_sectors * BDRV_SECTOR_SIZE);
1989 
1990     while (1) {
1991         int n;
1992         int64_t sector_num;
1993         enum ImgConvertBlockStatus status;
1994         bool copy_range;
1995 
1996         qemu_co_mutex_lock(&s->lock);
1997         if (s->ret != -EINPROGRESS || s->sector_num >= s->total_sectors) {
1998             qemu_co_mutex_unlock(&s->lock);
1999             break;
2000         }
2001         WITH_GRAPH_RDLOCK_GUARD() {
2002             n = convert_iteration_sectors(s, s->sector_num);
2003         }
2004         if (n < 0) {
2005             qemu_co_mutex_unlock(&s->lock);
2006             s->ret = n;
2007             break;
2008         }
2009         /* save current sector and allocation status to local variables */
2010         sector_num = s->sector_num;
2011         status = s->status;
2012         if (!s->min_sparse && s->status == BLK_ZERO) {
2013             n = MIN(n, s->buf_sectors);
2014         }
2015         /* increment global sector counter so that other coroutines can
2016          * already continue reading beyond this request */
2017         s->sector_num += n;
2018         qemu_co_mutex_unlock(&s->lock);
2019 
2020         if (status == BLK_DATA || (!s->min_sparse && status == BLK_ZERO)) {
2021             s->allocated_done += n;
2022             qemu_progress_print(100.0 * s->allocated_done /
2023                                         s->allocated_sectors, 0);
2024         }
2025 
2026 retry:
2027         copy_range = s->copy_range && s->status == BLK_DATA;
2028         if (status == BLK_DATA && !copy_range) {
2029             ret = convert_co_read(s, sector_num, n, buf);
2030             if (ret < 0) {
2031                 error_report("error while reading at byte %lld: %s",
2032                              sector_num * BDRV_SECTOR_SIZE, strerror(-ret));
2033                 s->ret = ret;
2034             }
2035         } else if (!s->min_sparse && status == BLK_ZERO) {
2036             status = BLK_DATA;
2037             memset(buf, 0x00, n * BDRV_SECTOR_SIZE);
2038         }
2039 
2040         if (s->wr_in_order) {
2041             /* keep writes in order */
2042             while (s->wr_offs != sector_num && s->ret == -EINPROGRESS) {
2043                 s->wait_sector_num[index] = sector_num;
2044                 qemu_coroutine_yield();
2045             }
2046             s->wait_sector_num[index] = -1;
2047         }
2048 
2049         if (s->ret == -EINPROGRESS) {
2050             if (copy_range) {
2051                 WITH_GRAPH_RDLOCK_GUARD() {
2052                     ret = convert_co_copy_range(s, sector_num, n);
2053                 }
2054                 if (ret) {
2055                     s->copy_range = false;
2056                     goto retry;
2057                 }
2058             } else {
2059                 ret = convert_co_write(s, sector_num, n, buf, status);
2060             }
2061             if (ret < 0) {
2062                 error_report("error while writing at byte %lld: %s",
2063                              sector_num * BDRV_SECTOR_SIZE, strerror(-ret));
2064                 s->ret = ret;
2065             }
2066         }
2067 
2068         if (s->wr_in_order) {
2069             /* reenter the coroutine that might have waited
2070              * for this write to complete */
2071             s->wr_offs = sector_num + n;
2072             for (i = 0; i < s->num_coroutines; i++) {
2073                 if (s->co[i] && s->wait_sector_num[i] == s->wr_offs) {
2074                     /*
2075                      * A -> B -> A cannot occur because A has
2076                      * s->wait_sector_num[i] == -1 during A -> B.  Therefore
2077                      * B will never enter A during this time window.
2078                      */
2079                     qemu_coroutine_enter(s->co[i]);
2080                     break;
2081                 }
2082             }
2083         }
2084     }
2085 
2086     qemu_vfree(buf);
2087     s->co[index] = NULL;
2088     s->running_coroutines--;
2089     if (!s->running_coroutines && s->ret == -EINPROGRESS) {
2090         /* the convert job finished successfully */
2091         s->ret = 0;
2092     }
2093 }
2094 
2095 static int convert_do_copy(ImgConvertState *s)
2096 {
2097     int ret, i, n;
2098     int64_t sector_num = 0;
2099 
2100     /* Check whether we have zero initialisation or can get it efficiently */
2101     if (!s->has_zero_init && s->target_is_new && s->min_sparse &&
2102         !s->target_has_backing) {
2103         bdrv_graph_rdlock_main_loop();
2104         s->has_zero_init = bdrv_has_zero_init(blk_bs(s->target));
2105         bdrv_graph_rdunlock_main_loop();
2106     }
2107 
2108     /* Allocate buffer for copied data. For compressed images, only one cluster
2109      * can be copied at a time. */
2110     if (s->compressed) {
2111         if (s->cluster_sectors <= 0 || s->cluster_sectors > s->buf_sectors) {
2112             error_report("invalid cluster size");
2113             return -EINVAL;
2114         }
2115         s->buf_sectors = s->cluster_sectors;
2116     }
2117 
2118     while (sector_num < s->total_sectors) {
2119         bdrv_graph_rdlock_main_loop();
2120         n = convert_iteration_sectors(s, sector_num);
2121         bdrv_graph_rdunlock_main_loop();
2122         if (n < 0) {
2123             return n;
2124         }
2125         if (s->status == BLK_DATA || (!s->min_sparse && s->status == BLK_ZERO))
2126         {
2127             s->allocated_sectors += n;
2128         }
2129         sector_num += n;
2130     }
2131 
2132     /* Do the copy */
2133     s->sector_next_status = 0;
2134     s->ret = -EINPROGRESS;
2135 
2136     qemu_co_mutex_init(&s->lock);
2137     for (i = 0; i < s->num_coroutines; i++) {
2138         s->co[i] = qemu_coroutine_create(convert_co_do_copy, s);
2139         s->wait_sector_num[i] = -1;
2140         qemu_coroutine_enter(s->co[i]);
2141     }
2142 
2143     while (s->running_coroutines) {
2144         main_loop_wait(false);
2145     }
2146 
2147     if (s->compressed && !s->ret) {
2148         /* signal EOF to align */
2149         ret = blk_pwrite_compressed(s->target, 0, 0, NULL);
2150         if (ret < 0) {
2151             return ret;
2152         }
2153     }
2154 
2155     return s->ret;
2156 }
2157 
2158 /* Check that bitmaps can be copied, or output an error */
2159 static int convert_check_bitmaps(BlockDriverState *src, bool skip_broken)
2160 {
2161     BdrvDirtyBitmap *bm;
2162 
2163     if (!bdrv_supports_persistent_dirty_bitmap(src)) {
2164         error_report("Source lacks bitmap support");
2165         return -1;
2166     }
2167     FOR_EACH_DIRTY_BITMAP(src, bm) {
2168         if (!bdrv_dirty_bitmap_get_persistence(bm)) {
2169             continue;
2170         }
2171         if (!skip_broken && bdrv_dirty_bitmap_inconsistent(bm)) {
2172             error_report("Cannot copy inconsistent bitmap '%s'",
2173                          bdrv_dirty_bitmap_name(bm));
2174             error_printf("Try --skip-broken-bitmaps, or "
2175                          "use 'qemu-img bitmap --remove' to delete it\n");
2176             return -1;
2177         }
2178     }
2179     return 0;
2180 }
2181 
2182 static int convert_copy_bitmaps(BlockDriverState *src, BlockDriverState *dst,
2183                                 bool skip_broken)
2184 {
2185     BdrvDirtyBitmap *bm;
2186     Error *err = NULL;
2187 
2188     FOR_EACH_DIRTY_BITMAP(src, bm) {
2189         const char *name;
2190 
2191         if (!bdrv_dirty_bitmap_get_persistence(bm)) {
2192             continue;
2193         }
2194         name = bdrv_dirty_bitmap_name(bm);
2195         if (skip_broken && bdrv_dirty_bitmap_inconsistent(bm)) {
2196             warn_report("Skipping inconsistent bitmap '%s'", name);
2197             continue;
2198         }
2199         qmp_block_dirty_bitmap_add(dst->node_name, name,
2200                                    true, bdrv_dirty_bitmap_granularity(bm),
2201                                    true, true,
2202                                    true, !bdrv_dirty_bitmap_enabled(bm),
2203                                    &err);
2204         if (err) {
2205             error_reportf_err(err, "Failed to create bitmap %s: ", name);
2206             return -1;
2207         }
2208 
2209         do_dirty_bitmap_merge(dst->node_name, name, src->node_name, name,
2210                               &err);
2211         if (err) {
2212             error_reportf_err(err, "Failed to populate bitmap %s: ", name);
2213             qmp_block_dirty_bitmap_remove(dst->node_name, name, NULL);
2214             return -1;
2215         }
2216     }
2217 
2218     return 0;
2219 }
2220 
2221 #define MAX_BUF_SECTORS 32768
2222 
2223 static void set_rate_limit(BlockBackend *blk, int64_t rate_limit)
2224 {
2225     ThrottleConfig cfg;
2226 
2227     throttle_config_init(&cfg);
2228     cfg.buckets[THROTTLE_BPS_WRITE].avg = rate_limit;
2229 
2230     blk_io_limits_enable(blk, CONVERT_THROTTLE_GROUP);
2231     blk_set_io_limits(blk, &cfg);
2232 }
2233 
2234 static int img_convert(int argc, char **argv)
2235 {
2236     int c, bs_i, flags, src_flags = BDRV_O_NO_SHARE;
2237     const char *fmt = NULL, *out_fmt = NULL, *cache = "unsafe",
2238                *src_cache = BDRV_DEFAULT_CACHE, *out_baseimg = NULL,
2239                *out_filename, *out_baseimg_param, *snapshot_name = NULL,
2240                *backing_fmt = NULL;
2241     BlockDriver *drv = NULL, *proto_drv = NULL;
2242     BlockDriverInfo bdi;
2243     BlockDriverState *out_bs;
2244     QemuOpts *opts = NULL, *sn_opts = NULL;
2245     QemuOptsList *create_opts = NULL;
2246     QDict *open_opts = NULL;
2247     char *options = NULL;
2248     Error *local_err = NULL;
2249     bool writethrough, src_writethrough, image_opts = false,
2250          skip_create = false, progress = false, tgt_image_opts = false;
2251     int64_t ret = -EINVAL;
2252     bool force_share = false;
2253     bool explict_min_sparse = false;
2254     bool bitmaps = false;
2255     bool skip_broken = false;
2256     int64_t rate_limit = 0;
2257 
2258     ImgConvertState s = (ImgConvertState) {
2259         /* Need at least 4k of zeros for sparse detection */
2260         .min_sparse         = 8,
2261         .copy_range         = false,
2262         .buf_sectors        = IO_BUF_SIZE / BDRV_SECTOR_SIZE,
2263         .wr_in_order        = true,
2264         .num_coroutines     = 8,
2265     };
2266 
2267     for(;;) {
2268         static const struct option long_options[] = {
2269             {"help", no_argument, 0, 'h'},
2270             {"object", required_argument, 0, OPTION_OBJECT},
2271             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
2272             {"force-share", no_argument, 0, 'U'},
2273             {"target-image-opts", no_argument, 0, OPTION_TARGET_IMAGE_OPTS},
2274             {"salvage", no_argument, 0, OPTION_SALVAGE},
2275             {"target-is-zero", no_argument, 0, OPTION_TARGET_IS_ZERO},
2276             {"bitmaps", no_argument, 0, OPTION_BITMAPS},
2277             {"skip-broken-bitmaps", no_argument, 0, OPTION_SKIP_BROKEN},
2278             {0, 0, 0, 0}
2279         };
2280         c = getopt_long(argc, argv, ":hf:O:B:CcF:o:l:S:pt:T:qnm:WUr:",
2281                         long_options, NULL);
2282         if (c == -1) {
2283             break;
2284         }
2285         switch(c) {
2286         case ':':
2287             missing_argument(argv[optind - 1]);
2288             break;
2289         case '?':
2290             unrecognized_option(argv[optind - 1]);
2291             break;
2292         case 'h':
2293             help();
2294             break;
2295         case 'f':
2296             fmt = optarg;
2297             break;
2298         case 'O':
2299             out_fmt = optarg;
2300             break;
2301         case 'B':
2302             out_baseimg = optarg;
2303             break;
2304         case 'C':
2305             s.copy_range = true;
2306             break;
2307         case 'c':
2308             s.compressed = true;
2309             break;
2310         case 'F':
2311             backing_fmt = optarg;
2312             break;
2313         case 'o':
2314             if (accumulate_options(&options, optarg) < 0) {
2315                 goto fail_getopt;
2316             }
2317             break;
2318         case 'l':
2319             if (strstart(optarg, SNAPSHOT_OPT_BASE, NULL)) {
2320                 sn_opts = qemu_opts_parse_noisily(&internal_snapshot_opts,
2321                                                   optarg, false);
2322                 if (!sn_opts) {
2323                     error_report("Failed in parsing snapshot param '%s'",
2324                                  optarg);
2325                     goto fail_getopt;
2326                 }
2327             } else {
2328                 snapshot_name = optarg;
2329             }
2330             break;
2331         case 'S':
2332         {
2333             int64_t sval;
2334 
2335             sval = cvtnum("buffer size for sparse output", optarg);
2336             if (sval < 0) {
2337                 goto fail_getopt;
2338             } else if (!QEMU_IS_ALIGNED(sval, BDRV_SECTOR_SIZE) ||
2339                 sval / BDRV_SECTOR_SIZE > MAX_BUF_SECTORS) {
2340                 error_report("Invalid buffer size for sparse output specified. "
2341                     "Valid sizes are multiples of %llu up to %llu. Select "
2342                     "0 to disable sparse detection (fully allocates output).",
2343                     BDRV_SECTOR_SIZE, MAX_BUF_SECTORS * BDRV_SECTOR_SIZE);
2344                 goto fail_getopt;
2345             }
2346 
2347             s.min_sparse = sval / BDRV_SECTOR_SIZE;
2348             explict_min_sparse = true;
2349             break;
2350         }
2351         case 'p':
2352             progress = true;
2353             break;
2354         case 't':
2355             cache = optarg;
2356             break;
2357         case 'T':
2358             src_cache = optarg;
2359             break;
2360         case 'q':
2361             s.quiet = true;
2362             break;
2363         case 'n':
2364             skip_create = true;
2365             break;
2366         case 'm':
2367             if (qemu_strtol(optarg, NULL, 0, &s.num_coroutines) ||
2368                 s.num_coroutines < 1 || s.num_coroutines > MAX_COROUTINES) {
2369                 error_report("Invalid number of coroutines. Allowed number of"
2370                              " coroutines is between 1 and %d", MAX_COROUTINES);
2371                 goto fail_getopt;
2372             }
2373             break;
2374         case 'W':
2375             s.wr_in_order = false;
2376             break;
2377         case 'U':
2378             force_share = true;
2379             break;
2380         case 'r':
2381             rate_limit = cvtnum("rate limit", optarg);
2382             if (rate_limit < 0) {
2383                 goto fail_getopt;
2384             }
2385             break;
2386         case OPTION_OBJECT:
2387             user_creatable_process_cmdline(optarg);
2388             break;
2389         case OPTION_IMAGE_OPTS:
2390             image_opts = true;
2391             break;
2392         case OPTION_SALVAGE:
2393             s.salvage = true;
2394             break;
2395         case OPTION_TARGET_IMAGE_OPTS:
2396             tgt_image_opts = true;
2397             break;
2398         case OPTION_TARGET_IS_ZERO:
2399             /*
2400              * The user asserting that the target is blank has the
2401              * same effect as the target driver supporting zero
2402              * initialisation.
2403              */
2404             s.has_zero_init = true;
2405             break;
2406         case OPTION_BITMAPS:
2407             bitmaps = true;
2408             break;
2409         case OPTION_SKIP_BROKEN:
2410             skip_broken = true;
2411             break;
2412         }
2413     }
2414 
2415     if (!out_fmt && !tgt_image_opts) {
2416         out_fmt = "raw";
2417     }
2418 
2419     if (skip_broken && !bitmaps) {
2420         error_report("Use of --skip-broken-bitmaps requires --bitmaps");
2421         goto fail_getopt;
2422     }
2423 
2424     if (s.compressed && s.copy_range) {
2425         error_report("Cannot enable copy offloading when -c is used");
2426         goto fail_getopt;
2427     }
2428 
2429     if (explict_min_sparse && s.copy_range) {
2430         error_report("Cannot enable copy offloading when -S is used");
2431         goto fail_getopt;
2432     }
2433 
2434     if (s.copy_range && s.salvage) {
2435         error_report("Cannot use copy offloading in salvaging mode");
2436         goto fail_getopt;
2437     }
2438 
2439     if (tgt_image_opts && !skip_create) {
2440         error_report("--target-image-opts requires use of -n flag");
2441         goto fail_getopt;
2442     }
2443 
2444     if (skip_create && options) {
2445         error_report("-o has no effect when skipping image creation");
2446         goto fail_getopt;
2447     }
2448 
2449     if (s.has_zero_init && !skip_create) {
2450         error_report("--target-is-zero requires use of -n flag");
2451         goto fail_getopt;
2452     }
2453 
2454     s.src_num = argc - optind - 1;
2455     out_filename = s.src_num >= 1 ? argv[argc - 1] : NULL;
2456 
2457     if (options && has_help_option(options)) {
2458         if (out_fmt) {
2459             ret = print_block_option_help(out_filename, out_fmt);
2460             goto fail_getopt;
2461         } else {
2462             error_report("Option help requires a format be specified");
2463             goto fail_getopt;
2464         }
2465     }
2466 
2467     if (s.src_num < 1) {
2468         error_report("Must specify image file name");
2469         goto fail_getopt;
2470     }
2471 
2472     /* ret is still -EINVAL until here */
2473     ret = bdrv_parse_cache_mode(src_cache, &src_flags, &src_writethrough);
2474     if (ret < 0) {
2475         error_report("Invalid source cache option: %s", src_cache);
2476         goto fail_getopt;
2477     }
2478 
2479     /* Initialize before goto out */
2480     if (s.quiet) {
2481         progress = false;
2482     }
2483     qemu_progress_init(progress, 1.0);
2484     qemu_progress_print(0, 100);
2485 
2486     s.src = g_new0(BlockBackend *, s.src_num);
2487     s.src_sectors = g_new(int64_t, s.src_num);
2488     s.src_alignment = g_new(int, s.src_num);
2489 
2490     for (bs_i = 0; bs_i < s.src_num; bs_i++) {
2491         BlockDriverState *src_bs;
2492         s.src[bs_i] = img_open(image_opts, argv[optind + bs_i],
2493                                fmt, src_flags, src_writethrough, s.quiet,
2494                                force_share);
2495         if (!s.src[bs_i]) {
2496             ret = -1;
2497             goto out;
2498         }
2499         s.src_sectors[bs_i] = blk_nb_sectors(s.src[bs_i]);
2500         if (s.src_sectors[bs_i] < 0) {
2501             error_report("Could not get size of %s: %s",
2502                          argv[optind + bs_i], strerror(-s.src_sectors[bs_i]));
2503             ret = -1;
2504             goto out;
2505         }
2506         src_bs = blk_bs(s.src[bs_i]);
2507         s.src_alignment[bs_i] = DIV_ROUND_UP(src_bs->bl.request_alignment,
2508                                              BDRV_SECTOR_SIZE);
2509         if (!bdrv_get_info(src_bs, &bdi)) {
2510             s.src_alignment[bs_i] = MAX(s.src_alignment[bs_i],
2511                                         bdi.cluster_size / BDRV_SECTOR_SIZE);
2512         }
2513         s.total_sectors += s.src_sectors[bs_i];
2514     }
2515 
2516     if (sn_opts) {
2517         bdrv_snapshot_load_tmp(blk_bs(s.src[0]),
2518                                qemu_opt_get(sn_opts, SNAPSHOT_OPT_ID),
2519                                qemu_opt_get(sn_opts, SNAPSHOT_OPT_NAME),
2520                                &local_err);
2521     } else if (snapshot_name != NULL) {
2522         if (s.src_num > 1) {
2523             error_report("No support for concatenating multiple snapshot");
2524             ret = -1;
2525             goto out;
2526         }
2527 
2528         bdrv_snapshot_load_tmp_by_id_or_name(blk_bs(s.src[0]), snapshot_name,
2529                                              &local_err);
2530     }
2531     if (local_err) {
2532         error_reportf_err(local_err, "Failed to load snapshot: ");
2533         ret = -1;
2534         goto out;
2535     }
2536 
2537     if (!skip_create) {
2538         /* Find driver and parse its options */
2539         drv = bdrv_find_format(out_fmt);
2540         if (!drv) {
2541             error_report("Unknown file format '%s'", out_fmt);
2542             ret = -1;
2543             goto out;
2544         }
2545 
2546         proto_drv = bdrv_find_protocol(out_filename, true, &local_err);
2547         if (!proto_drv) {
2548             error_report_err(local_err);
2549             ret = -1;
2550             goto out;
2551         }
2552 
2553         if (!drv->create_opts) {
2554             error_report("Format driver '%s' does not support image creation",
2555                          drv->format_name);
2556             ret = -1;
2557             goto out;
2558         }
2559 
2560         if (!proto_drv->create_opts) {
2561             error_report("Protocol driver '%s' does not support image creation",
2562                          proto_drv->format_name);
2563             ret = -1;
2564             goto out;
2565         }
2566 
2567         create_opts = qemu_opts_append(create_opts, drv->create_opts);
2568         create_opts = qemu_opts_append(create_opts, proto_drv->create_opts);
2569 
2570         opts = qemu_opts_create(create_opts, NULL, 0, &error_abort);
2571         if (options) {
2572             if (!qemu_opts_do_parse(opts, options, NULL, &local_err)) {
2573                 error_report_err(local_err);
2574                 ret = -1;
2575                 goto out;
2576             }
2577         }
2578 
2579         qemu_opt_set_number(opts, BLOCK_OPT_SIZE,
2580                             s.total_sectors * BDRV_SECTOR_SIZE, &error_abort);
2581         ret = add_old_style_options(out_fmt, opts, out_baseimg, backing_fmt);
2582         if (ret < 0) {
2583             goto out;
2584         }
2585     }
2586 
2587     /* Get backing file name if -o backing_file was used */
2588     out_baseimg_param = qemu_opt_get(opts, BLOCK_OPT_BACKING_FILE);
2589     if (out_baseimg_param) {
2590         out_baseimg = out_baseimg_param;
2591     }
2592     s.target_has_backing = (bool) out_baseimg;
2593 
2594     if (s.has_zero_init && s.target_has_backing) {
2595         error_report("Cannot use --target-is-zero when the destination "
2596                      "image has a backing file");
2597         goto out;
2598     }
2599 
2600     if (s.src_num > 1 && out_baseimg) {
2601         error_report("Having a backing file for the target makes no sense when "
2602                      "concatenating multiple input images");
2603         ret = -1;
2604         goto out;
2605     }
2606 
2607     if (out_baseimg_param) {
2608         if (!qemu_opt_get(opts, BLOCK_OPT_BACKING_FMT)) {
2609             error_report("Use of backing file requires explicit "
2610                          "backing format");
2611             ret = -1;
2612             goto out;
2613         }
2614     }
2615 
2616     /* Check if compression is supported */
2617     if (s.compressed) {
2618         bool encryption =
2619             qemu_opt_get_bool(opts, BLOCK_OPT_ENCRYPT, false);
2620         const char *encryptfmt =
2621             qemu_opt_get(opts, BLOCK_OPT_ENCRYPT_FORMAT);
2622         const char *preallocation =
2623             qemu_opt_get(opts, BLOCK_OPT_PREALLOC);
2624 
2625         if (drv && !block_driver_can_compress(drv)) {
2626             error_report("Compression not supported for this file format");
2627             ret = -1;
2628             goto out;
2629         }
2630 
2631         if (encryption || encryptfmt) {
2632             error_report("Compression and encryption not supported at "
2633                          "the same time");
2634             ret = -1;
2635             goto out;
2636         }
2637 
2638         if (preallocation
2639             && strcmp(preallocation, "off"))
2640         {
2641             error_report("Compression and preallocation not supported at "
2642                          "the same time");
2643             ret = -1;
2644             goto out;
2645         }
2646     }
2647 
2648     /* Determine if bitmaps need copying */
2649     if (bitmaps) {
2650         if (s.src_num > 1) {
2651             error_report("Copying bitmaps only possible with single source");
2652             ret = -1;
2653             goto out;
2654         }
2655         ret = convert_check_bitmaps(blk_bs(s.src[0]), skip_broken);
2656         if (ret < 0) {
2657             goto out;
2658         }
2659     }
2660 
2661     /*
2662      * The later open call will need any decryption secrets, and
2663      * bdrv_create() will purge "opts", so extract them now before
2664      * they are lost.
2665      */
2666     if (!skip_create) {
2667         open_opts = qdict_new();
2668         qemu_opt_foreach(opts, img_add_key_secrets, open_opts, &error_abort);
2669 
2670         /* Create the new image */
2671         ret = bdrv_create(drv, out_filename, opts, &local_err);
2672         if (ret < 0) {
2673             error_reportf_err(local_err, "%s: error while converting %s: ",
2674                               out_filename, out_fmt);
2675             goto out;
2676         }
2677     }
2678 
2679     s.target_is_new = !skip_create;
2680 
2681     flags = s.min_sparse ? (BDRV_O_RDWR | BDRV_O_UNMAP) : BDRV_O_RDWR;
2682     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
2683     if (ret < 0) {
2684         error_report("Invalid cache option: %s", cache);
2685         goto out;
2686     }
2687 
2688     if (flags & BDRV_O_NOCACHE) {
2689         /*
2690          * If we open the target with O_DIRECT, it may be necessary to
2691          * extend its size to align to the physical sector size.
2692          */
2693         flags |= BDRV_O_RESIZE;
2694     }
2695 
2696     if (skip_create) {
2697         s.target = img_open(tgt_image_opts, out_filename, out_fmt,
2698                             flags, writethrough, s.quiet, false);
2699     } else {
2700         /* TODO ultimately we should allow --target-image-opts
2701          * to be used even when -n is not given.
2702          * That has to wait for bdrv_create to be improved
2703          * to allow filenames in option syntax
2704          */
2705         s.target = img_open_file(out_filename, open_opts, out_fmt,
2706                                  flags, writethrough, s.quiet, false);
2707         open_opts = NULL; /* blk_new_open will have freed it */
2708     }
2709     if (!s.target) {
2710         ret = -1;
2711         goto out;
2712     }
2713     out_bs = blk_bs(s.target);
2714 
2715     if (bitmaps && !bdrv_supports_persistent_dirty_bitmap(out_bs)) {
2716         error_report("Format driver '%s' does not support bitmaps",
2717                      out_bs->drv->format_name);
2718         ret = -1;
2719         goto out;
2720     }
2721 
2722     if (s.compressed && !block_driver_can_compress(out_bs->drv)) {
2723         error_report("Compression not supported for this file format");
2724         ret = -1;
2725         goto out;
2726     }
2727 
2728     /* increase bufsectors from the default 4096 (2M) if opt_transfer
2729      * or discard_alignment of the out_bs is greater. Limit to
2730      * MAX_BUF_SECTORS as maximum which is currently 32768 (16MB). */
2731     s.buf_sectors = MIN(MAX_BUF_SECTORS,
2732                         MAX(s.buf_sectors,
2733                             MAX(out_bs->bl.opt_transfer >> BDRV_SECTOR_BITS,
2734                                 out_bs->bl.pdiscard_alignment >>
2735                                 BDRV_SECTOR_BITS)));
2736 
2737     /* try to align the write requests to the destination to avoid unnecessary
2738      * RMW cycles. */
2739     s.alignment = MAX(pow2floor(s.min_sparse),
2740                       DIV_ROUND_UP(out_bs->bl.request_alignment,
2741                                    BDRV_SECTOR_SIZE));
2742     assert(is_power_of_2(s.alignment));
2743 
2744     if (skip_create) {
2745         int64_t output_sectors = blk_nb_sectors(s.target);
2746         if (output_sectors < 0) {
2747             error_report("unable to get output image length: %s",
2748                          strerror(-output_sectors));
2749             ret = -1;
2750             goto out;
2751         } else if (output_sectors < s.total_sectors) {
2752             error_report("output file is smaller than input file");
2753             ret = -1;
2754             goto out;
2755         }
2756     }
2757 
2758     if (s.target_has_backing && s.target_is_new) {
2759         /* Errors are treated as "backing length unknown" (which means
2760          * s.target_backing_sectors has to be negative, which it will
2761          * be automatically).  The backing file length is used only
2762          * for optimizations, so such a case is not fatal. */
2763         bdrv_graph_rdlock_main_loop();
2764         s.target_backing_sectors =
2765             bdrv_nb_sectors(bdrv_backing_chain_next(out_bs));
2766         bdrv_graph_rdunlock_main_loop();
2767     } else {
2768         s.target_backing_sectors = -1;
2769     }
2770 
2771     ret = bdrv_get_info(out_bs, &bdi);
2772     if (ret < 0) {
2773         if (s.compressed) {
2774             error_report("could not get block driver info");
2775             goto out;
2776         }
2777     } else {
2778         s.compressed = s.compressed || bdi.needs_compressed_writes;
2779         s.cluster_sectors = bdi.cluster_size / BDRV_SECTOR_SIZE;
2780     }
2781 
2782     if (rate_limit) {
2783         set_rate_limit(s.target, rate_limit);
2784     }
2785 
2786     ret = convert_do_copy(&s);
2787 
2788     /* Now copy the bitmaps */
2789     if (bitmaps && ret == 0) {
2790         ret = convert_copy_bitmaps(blk_bs(s.src[0]), out_bs, skip_broken);
2791     }
2792 
2793 out:
2794     if (!ret) {
2795         qemu_progress_print(100, 0);
2796     }
2797     qemu_progress_end();
2798     qemu_opts_del(opts);
2799     qemu_opts_free(create_opts);
2800     qobject_unref(open_opts);
2801     blk_unref(s.target);
2802     if (s.src) {
2803         for (bs_i = 0; bs_i < s.src_num; bs_i++) {
2804             blk_unref(s.src[bs_i]);
2805         }
2806         g_free(s.src);
2807     }
2808     g_free(s.src_sectors);
2809     g_free(s.src_alignment);
2810 fail_getopt:
2811     qemu_opts_del(sn_opts);
2812     g_free(options);
2813 
2814     return !!ret;
2815 }
2816 
2817 
2818 static void dump_snapshots(BlockDriverState *bs)
2819 {
2820     QEMUSnapshotInfo *sn_tab, *sn;
2821     int nb_sns, i;
2822 
2823     nb_sns = bdrv_snapshot_list(bs, &sn_tab);
2824     if (nb_sns <= 0)
2825         return;
2826     printf("Snapshot list:\n");
2827     bdrv_snapshot_dump(NULL);
2828     printf("\n");
2829     for(i = 0; i < nb_sns; i++) {
2830         sn = &sn_tab[i];
2831         bdrv_snapshot_dump(sn);
2832         printf("\n");
2833     }
2834     g_free(sn_tab);
2835 }
2836 
2837 static void dump_json_block_graph_info_list(BlockGraphInfoList *list)
2838 {
2839     GString *str;
2840     QObject *obj;
2841     Visitor *v = qobject_output_visitor_new(&obj);
2842 
2843     visit_type_BlockGraphInfoList(v, NULL, &list, &error_abort);
2844     visit_complete(v, &obj);
2845     str = qobject_to_json_pretty(obj, true);
2846     assert(str != NULL);
2847     printf("%s\n", str->str);
2848     qobject_unref(obj);
2849     visit_free(v);
2850     g_string_free(str, true);
2851 }
2852 
2853 static void dump_json_block_graph_info(BlockGraphInfo *info)
2854 {
2855     GString *str;
2856     QObject *obj;
2857     Visitor *v = qobject_output_visitor_new(&obj);
2858 
2859     visit_type_BlockGraphInfo(v, NULL, &info, &error_abort);
2860     visit_complete(v, &obj);
2861     str = qobject_to_json_pretty(obj, true);
2862     assert(str != NULL);
2863     printf("%s\n", str->str);
2864     qobject_unref(obj);
2865     visit_free(v);
2866     g_string_free(str, true);
2867 }
2868 
2869 static void dump_human_image_info(BlockGraphInfo *info, int indentation,
2870                                   const char *path)
2871 {
2872     BlockChildInfoList *children_list;
2873 
2874     bdrv_node_info_dump(qapi_BlockGraphInfo_base(info), indentation,
2875                         info->children == NULL);
2876 
2877     for (children_list = info->children; children_list;
2878          children_list = children_list->next)
2879     {
2880         BlockChildInfo *child = children_list->value;
2881         g_autofree char *child_path = NULL;
2882 
2883         printf("%*sChild node '%s%s':\n",
2884                indentation * 4, "", path, child->name);
2885         child_path = g_strdup_printf("%s%s/", path, child->name);
2886         dump_human_image_info(child->info, indentation + 1, child_path);
2887     }
2888 }
2889 
2890 static void dump_human_image_info_list(BlockGraphInfoList *list)
2891 {
2892     BlockGraphInfoList *elem;
2893     bool delim = false;
2894 
2895     for (elem = list; elem; elem = elem->next) {
2896         if (delim) {
2897             printf("\n");
2898         }
2899         delim = true;
2900 
2901         dump_human_image_info(elem->value, 0, "/");
2902     }
2903 }
2904 
2905 static gboolean str_equal_func(gconstpointer a, gconstpointer b)
2906 {
2907     return strcmp(a, b) == 0;
2908 }
2909 
2910 /**
2911  * Open an image file chain and return an BlockGraphInfoList
2912  *
2913  * @filename: topmost image filename
2914  * @fmt: topmost image format (may be NULL to autodetect)
2915  * @chain: true  - enumerate entire backing file chain
2916  *         false - only topmost image file
2917  *
2918  * Returns a list of BlockNodeInfo objects or NULL if there was an error
2919  * opening an image file.  If there was an error a message will have been
2920  * printed to stderr.
2921  */
2922 static BlockGraphInfoList *collect_image_info_list(bool image_opts,
2923                                                    const char *filename,
2924                                                    const char *fmt,
2925                                                    bool chain, bool force_share)
2926 {
2927     BlockGraphInfoList *head = NULL;
2928     BlockGraphInfoList **tail = &head;
2929     GHashTable *filenames;
2930     Error *err = NULL;
2931 
2932     filenames = g_hash_table_new_full(g_str_hash, str_equal_func, NULL, NULL);
2933 
2934     while (filename) {
2935         BlockBackend *blk;
2936         BlockDriverState *bs;
2937         BlockGraphInfo *info;
2938 
2939         if (g_hash_table_lookup_extended(filenames, filename, NULL, NULL)) {
2940             error_report("Backing file '%s' creates an infinite loop.",
2941                          filename);
2942             goto err;
2943         }
2944         g_hash_table_insert(filenames, (gpointer)filename, NULL);
2945 
2946         blk = img_open(image_opts, filename, fmt,
2947                        BDRV_O_NO_BACKING | BDRV_O_NO_IO, false, false,
2948                        force_share);
2949         if (!blk) {
2950             goto err;
2951         }
2952         bs = blk_bs(blk);
2953 
2954         /*
2955          * Note that the returned BlockGraphInfo object will not have
2956          * information about this image's backing node, because we have opened
2957          * it with BDRV_O_NO_BACKING.  Printing this object will therefore not
2958          * duplicate the backing chain information that we obtain by walking
2959          * the chain manually here.
2960          */
2961         bdrv_graph_rdlock_main_loop();
2962         bdrv_query_block_graph_info(bs, &info, &err);
2963         bdrv_graph_rdunlock_main_loop();
2964 
2965         if (err) {
2966             error_report_err(err);
2967             blk_unref(blk);
2968             goto err;
2969         }
2970 
2971         QAPI_LIST_APPEND(tail, info);
2972 
2973         blk_unref(blk);
2974 
2975         /* Clear parameters that only apply to the topmost image */
2976         filename = fmt = NULL;
2977         image_opts = false;
2978 
2979         if (chain) {
2980             if (info->full_backing_filename) {
2981                 filename = info->full_backing_filename;
2982             } else if (info->backing_filename) {
2983                 error_report("Could not determine absolute backing filename,"
2984                              " but backing filename '%s' present",
2985                              info->backing_filename);
2986                 goto err;
2987             }
2988             if (info->backing_filename_format) {
2989                 fmt = info->backing_filename_format;
2990             }
2991         }
2992     }
2993     g_hash_table_destroy(filenames);
2994     return head;
2995 
2996 err:
2997     qapi_free_BlockGraphInfoList(head);
2998     g_hash_table_destroy(filenames);
2999     return NULL;
3000 }
3001 
3002 static int img_info(int argc, char **argv)
3003 {
3004     int c;
3005     OutputFormat output_format = OFORMAT_HUMAN;
3006     bool chain = false;
3007     const char *filename, *fmt, *output;
3008     BlockGraphInfoList *list;
3009     bool image_opts = false;
3010     bool force_share = false;
3011 
3012     fmt = NULL;
3013     output = NULL;
3014     for(;;) {
3015         int option_index = 0;
3016         static const struct option long_options[] = {
3017             {"help", no_argument, 0, 'h'},
3018             {"format", required_argument, 0, 'f'},
3019             {"output", required_argument, 0, OPTION_OUTPUT},
3020             {"backing-chain", no_argument, 0, OPTION_BACKING_CHAIN},
3021             {"object", required_argument, 0, OPTION_OBJECT},
3022             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
3023             {"force-share", no_argument, 0, 'U'},
3024             {0, 0, 0, 0}
3025         };
3026         c = getopt_long(argc, argv, ":f:hU",
3027                         long_options, &option_index);
3028         if (c == -1) {
3029             break;
3030         }
3031         switch(c) {
3032         case ':':
3033             missing_argument(argv[optind - 1]);
3034             break;
3035         case '?':
3036             unrecognized_option(argv[optind - 1]);
3037             break;
3038         case 'h':
3039             help();
3040             break;
3041         case 'f':
3042             fmt = optarg;
3043             break;
3044         case 'U':
3045             force_share = true;
3046             break;
3047         case OPTION_OUTPUT:
3048             output = optarg;
3049             break;
3050         case OPTION_BACKING_CHAIN:
3051             chain = true;
3052             break;
3053         case OPTION_OBJECT:
3054             user_creatable_process_cmdline(optarg);
3055             break;
3056         case OPTION_IMAGE_OPTS:
3057             image_opts = true;
3058             break;
3059         }
3060     }
3061     if (optind != argc - 1) {
3062         error_exit("Expecting one image file name");
3063     }
3064     filename = argv[optind++];
3065 
3066     if (output && !strcmp(output, "json")) {
3067         output_format = OFORMAT_JSON;
3068     } else if (output && !strcmp(output, "human")) {
3069         output_format = OFORMAT_HUMAN;
3070     } else if (output) {
3071         error_report("--output must be used with human or json as argument.");
3072         return 1;
3073     }
3074 
3075     list = collect_image_info_list(image_opts, filename, fmt, chain,
3076                                    force_share);
3077     if (!list) {
3078         return 1;
3079     }
3080 
3081     switch (output_format) {
3082     case OFORMAT_HUMAN:
3083         dump_human_image_info_list(list);
3084         break;
3085     case OFORMAT_JSON:
3086         if (chain) {
3087             dump_json_block_graph_info_list(list);
3088         } else {
3089             dump_json_block_graph_info(list->value);
3090         }
3091         break;
3092     }
3093 
3094     qapi_free_BlockGraphInfoList(list);
3095     return 0;
3096 }
3097 
3098 static int dump_map_entry(OutputFormat output_format, MapEntry *e,
3099                           MapEntry *next)
3100 {
3101     switch (output_format) {
3102     case OFORMAT_HUMAN:
3103         if (e->data && !e->has_offset) {
3104             error_report("File contains external, encrypted or compressed clusters.");
3105             return -1;
3106         }
3107         if (e->data && !e->zero) {
3108             printf("%#-16"PRIx64"%#-16"PRIx64"%#-16"PRIx64"%s\n",
3109                    e->start, e->length,
3110                    e->has_offset ? e->offset : 0,
3111                    e->filename ?: "");
3112         }
3113         /* This format ignores the distinction between 0, ZERO and ZERO|DATA.
3114          * Modify the flags here to allow more coalescing.
3115          */
3116         if (next && (!next->data || next->zero)) {
3117             next->data = false;
3118             next->zero = true;
3119         }
3120         break;
3121     case OFORMAT_JSON:
3122         printf("{ \"start\": %"PRId64", \"length\": %"PRId64","
3123                " \"depth\": %"PRId64", \"present\": %s, \"zero\": %s,"
3124                " \"data\": %s, \"compressed\": %s",
3125                e->start, e->length, e->depth,
3126                e->present ? "true" : "false",
3127                e->zero ? "true" : "false",
3128                e->data ? "true" : "false",
3129                e->compressed ? "true" : "false");
3130         if (e->has_offset) {
3131             printf(", \"offset\": %"PRId64"", e->offset);
3132         }
3133         putchar('}');
3134 
3135         if (next) {
3136             puts(",");
3137         }
3138         break;
3139     }
3140     return 0;
3141 }
3142 
3143 static int get_block_status(BlockDriverState *bs, int64_t offset,
3144                             int64_t bytes, MapEntry *e)
3145 {
3146     int ret;
3147     int depth;
3148     BlockDriverState *file;
3149     bool has_offset;
3150     int64_t map;
3151     char *filename = NULL;
3152 
3153     GLOBAL_STATE_CODE();
3154     GRAPH_RDLOCK_GUARD_MAINLOOP();
3155 
3156     /* As an optimization, we could cache the current range of unallocated
3157      * clusters in each file of the chain, and avoid querying the same
3158      * range repeatedly.
3159      */
3160 
3161     depth = 0;
3162     for (;;) {
3163         bs = bdrv_skip_filters(bs);
3164         ret = bdrv_block_status(bs, offset, bytes, &bytes, &map, &file);
3165         if (ret < 0) {
3166             return ret;
3167         }
3168         assert(bytes);
3169         if (ret & (BDRV_BLOCK_ZERO|BDRV_BLOCK_DATA)) {
3170             break;
3171         }
3172         bs = bdrv_cow_bs(bs);
3173         if (bs == NULL) {
3174             ret = 0;
3175             break;
3176         }
3177 
3178         depth++;
3179     }
3180 
3181     has_offset = !!(ret & BDRV_BLOCK_OFFSET_VALID);
3182 
3183     if (file && has_offset) {
3184         bdrv_refresh_filename(file);
3185         filename = file->filename;
3186     }
3187 
3188     *e = (MapEntry) {
3189         .start = offset,
3190         .length = bytes,
3191         .data = !!(ret & BDRV_BLOCK_DATA),
3192         .zero = !!(ret & BDRV_BLOCK_ZERO),
3193         .compressed = !!(ret & BDRV_BLOCK_COMPRESSED),
3194         .offset = map,
3195         .has_offset = has_offset,
3196         .depth = depth,
3197         .present = !!(ret & BDRV_BLOCK_ALLOCATED),
3198         .filename = filename,
3199     };
3200 
3201     return 0;
3202 }
3203 
3204 static inline bool entry_mergeable(const MapEntry *curr, const MapEntry *next)
3205 {
3206     if (curr->length == 0) {
3207         return false;
3208     }
3209     if (curr->zero != next->zero ||
3210         curr->data != next->data ||
3211         curr->compressed != next->compressed ||
3212         curr->depth != next->depth ||
3213         curr->present != next->present ||
3214         !curr->filename != !next->filename ||
3215         curr->has_offset != next->has_offset) {
3216         return false;
3217     }
3218     if (curr->filename && strcmp(curr->filename, next->filename)) {
3219         return false;
3220     }
3221     if (curr->has_offset && curr->offset + curr->length != next->offset) {
3222         return false;
3223     }
3224     return true;
3225 }
3226 
3227 static int img_map(int argc, char **argv)
3228 {
3229     int c;
3230     OutputFormat output_format = OFORMAT_HUMAN;
3231     BlockBackend *blk;
3232     BlockDriverState *bs;
3233     const char *filename, *fmt, *output;
3234     int64_t length;
3235     MapEntry curr = { .length = 0 }, next;
3236     int ret = 0;
3237     bool image_opts = false;
3238     bool force_share = false;
3239     int64_t start_offset = 0;
3240     int64_t max_length = -1;
3241 
3242     fmt = NULL;
3243     output = NULL;
3244     for (;;) {
3245         int option_index = 0;
3246         static const struct option long_options[] = {
3247             {"help", no_argument, 0, 'h'},
3248             {"format", required_argument, 0, 'f'},
3249             {"output", required_argument, 0, OPTION_OUTPUT},
3250             {"object", required_argument, 0, OPTION_OBJECT},
3251             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
3252             {"force-share", no_argument, 0, 'U'},
3253             {"start-offset", required_argument, 0, 's'},
3254             {"max-length", required_argument, 0, 'l'},
3255             {0, 0, 0, 0}
3256         };
3257         c = getopt_long(argc, argv, ":f:s:l:hU",
3258                         long_options, &option_index);
3259         if (c == -1) {
3260             break;
3261         }
3262         switch (c) {
3263         case ':':
3264             missing_argument(argv[optind - 1]);
3265             break;
3266         case '?':
3267             unrecognized_option(argv[optind - 1]);
3268             break;
3269         case 'h':
3270             help();
3271             break;
3272         case 'f':
3273             fmt = optarg;
3274             break;
3275         case 'U':
3276             force_share = true;
3277             break;
3278         case OPTION_OUTPUT:
3279             output = optarg;
3280             break;
3281         case 's':
3282             start_offset = cvtnum("start offset", optarg);
3283             if (start_offset < 0) {
3284                 return 1;
3285             }
3286             break;
3287         case 'l':
3288             max_length = cvtnum("max length", optarg);
3289             if (max_length < 0) {
3290                 return 1;
3291             }
3292             break;
3293         case OPTION_OBJECT:
3294             user_creatable_process_cmdline(optarg);
3295             break;
3296         case OPTION_IMAGE_OPTS:
3297             image_opts = true;
3298             break;
3299         }
3300     }
3301     if (optind != argc - 1) {
3302         error_exit("Expecting one image file name");
3303     }
3304     filename = argv[optind];
3305 
3306     if (output && !strcmp(output, "json")) {
3307         output_format = OFORMAT_JSON;
3308     } else if (output && !strcmp(output, "human")) {
3309         output_format = OFORMAT_HUMAN;
3310     } else if (output) {
3311         error_report("--output must be used with human or json as argument.");
3312         return 1;
3313     }
3314 
3315     blk = img_open(image_opts, filename, fmt, 0, false, false, force_share);
3316     if (!blk) {
3317         return 1;
3318     }
3319     bs = blk_bs(blk);
3320 
3321     if (output_format == OFORMAT_HUMAN) {
3322         printf("%-16s%-16s%-16s%s\n", "Offset", "Length", "Mapped to", "File");
3323     } else if (output_format == OFORMAT_JSON) {
3324         putchar('[');
3325     }
3326 
3327     length = blk_getlength(blk);
3328     if (length < 0) {
3329         error_report("Failed to get size for '%s'", filename);
3330         return 1;
3331     }
3332     if (max_length != -1) {
3333         length = MIN(start_offset + max_length, length);
3334     }
3335 
3336     curr.start = start_offset;
3337     while (curr.start + curr.length < length) {
3338         int64_t offset = curr.start + curr.length;
3339         int64_t n = length - offset;
3340 
3341         ret = get_block_status(bs, offset, n, &next);
3342         if (ret < 0) {
3343             error_report("Could not read file metadata: %s", strerror(-ret));
3344             goto out;
3345         }
3346 
3347         if (entry_mergeable(&curr, &next)) {
3348             curr.length += next.length;
3349             continue;
3350         }
3351 
3352         if (curr.length > 0) {
3353             ret = dump_map_entry(output_format, &curr, &next);
3354             if (ret < 0) {
3355                 goto out;
3356             }
3357         }
3358         curr = next;
3359     }
3360 
3361     ret = dump_map_entry(output_format, &curr, NULL);
3362     if (output_format == OFORMAT_JSON) {
3363         puts("]");
3364     }
3365 
3366 out:
3367     blk_unref(blk);
3368     return ret < 0;
3369 }
3370 
3371 #define SNAPSHOT_LIST   1
3372 #define SNAPSHOT_CREATE 2
3373 #define SNAPSHOT_APPLY  3
3374 #define SNAPSHOT_DELETE 4
3375 
3376 static int img_snapshot(int argc, char **argv)
3377 {
3378     BlockBackend *blk;
3379     BlockDriverState *bs;
3380     QEMUSnapshotInfo sn;
3381     char *filename, *snapshot_name = NULL;
3382     int c, ret = 0, bdrv_oflags;
3383     int action = 0;
3384     bool quiet = false;
3385     Error *err = NULL;
3386     bool image_opts = false;
3387     bool force_share = false;
3388     int64_t rt;
3389 
3390     bdrv_oflags = BDRV_O_RDWR;
3391     /* Parse commandline parameters */
3392     for(;;) {
3393         static const struct option long_options[] = {
3394             {"help", no_argument, 0, 'h'},
3395             {"object", required_argument, 0, OPTION_OBJECT},
3396             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
3397             {"force-share", no_argument, 0, 'U'},
3398             {0, 0, 0, 0}
3399         };
3400         c = getopt_long(argc, argv, ":la:c:d:hqU",
3401                         long_options, NULL);
3402         if (c == -1) {
3403             break;
3404         }
3405         switch(c) {
3406         case ':':
3407             missing_argument(argv[optind - 1]);
3408             break;
3409         case '?':
3410             unrecognized_option(argv[optind - 1]);
3411             break;
3412         case 'h':
3413             help();
3414             return 0;
3415         case 'l':
3416             if (action) {
3417                 error_exit("Cannot mix '-l', '-a', '-c', '-d'");
3418                 return 0;
3419             }
3420             action = SNAPSHOT_LIST;
3421             bdrv_oflags &= ~BDRV_O_RDWR; /* no need for RW */
3422             break;
3423         case 'a':
3424             if (action) {
3425                 error_exit("Cannot mix '-l', '-a', '-c', '-d'");
3426                 return 0;
3427             }
3428             action = SNAPSHOT_APPLY;
3429             snapshot_name = optarg;
3430             break;
3431         case 'c':
3432             if (action) {
3433                 error_exit("Cannot mix '-l', '-a', '-c', '-d'");
3434                 return 0;
3435             }
3436             action = SNAPSHOT_CREATE;
3437             snapshot_name = optarg;
3438             break;
3439         case 'd':
3440             if (action) {
3441                 error_exit("Cannot mix '-l', '-a', '-c', '-d'");
3442                 return 0;
3443             }
3444             action = SNAPSHOT_DELETE;
3445             snapshot_name = optarg;
3446             break;
3447         case 'q':
3448             quiet = true;
3449             break;
3450         case 'U':
3451             force_share = true;
3452             break;
3453         case OPTION_OBJECT:
3454             user_creatable_process_cmdline(optarg);
3455             break;
3456         case OPTION_IMAGE_OPTS:
3457             image_opts = true;
3458             break;
3459         }
3460     }
3461 
3462     if (optind != argc - 1) {
3463         error_exit("Expecting one image file name");
3464     }
3465     filename = argv[optind++];
3466 
3467     /* Open the image */
3468     blk = img_open(image_opts, filename, NULL, bdrv_oflags, false, quiet,
3469                    force_share);
3470     if (!blk) {
3471         return 1;
3472     }
3473     bs = blk_bs(blk);
3474 
3475     /* Perform the requested action */
3476     switch(action) {
3477     case SNAPSHOT_LIST:
3478         dump_snapshots(bs);
3479         break;
3480 
3481     case SNAPSHOT_CREATE:
3482         memset(&sn, 0, sizeof(sn));
3483         pstrcpy(sn.name, sizeof(sn.name), snapshot_name);
3484 
3485         rt = g_get_real_time();
3486         sn.date_sec = rt / G_USEC_PER_SEC;
3487         sn.date_nsec = (rt % G_USEC_PER_SEC) * 1000;
3488 
3489         bdrv_graph_rdlock_main_loop();
3490         ret = bdrv_snapshot_create(bs, &sn);
3491         bdrv_graph_rdunlock_main_loop();
3492 
3493         if (ret) {
3494             error_report("Could not create snapshot '%s': %s",
3495                 snapshot_name, strerror(-ret));
3496         }
3497         break;
3498 
3499     case SNAPSHOT_APPLY:
3500         ret = bdrv_snapshot_goto(bs, snapshot_name, &err);
3501         if (ret) {
3502             error_reportf_err(err, "Could not apply snapshot '%s': ",
3503                               snapshot_name);
3504         }
3505         break;
3506 
3507     case SNAPSHOT_DELETE:
3508         bdrv_graph_rdlock_main_loop();
3509         ret = bdrv_snapshot_find(bs, &sn, snapshot_name);
3510         if (ret < 0) {
3511             error_report("Could not delete snapshot '%s': snapshot not "
3512                          "found", snapshot_name);
3513             ret = 1;
3514         } else {
3515             ret = bdrv_snapshot_delete(bs, sn.id_str, sn.name, &err);
3516             if (ret < 0) {
3517                 error_reportf_err(err, "Could not delete snapshot '%s': ",
3518                                   snapshot_name);
3519                 ret = 1;
3520             }
3521         }
3522         bdrv_graph_rdunlock_main_loop();
3523         break;
3524     }
3525 
3526     /* Cleanup */
3527     blk_unref(blk);
3528     if (ret) {
3529         return 1;
3530     }
3531     return 0;
3532 }
3533 
3534 static int img_rebase(int argc, char **argv)
3535 {
3536     BlockBackend *blk = NULL, *blk_old_backing = NULL, *blk_new_backing = NULL;
3537     uint8_t *buf_old = NULL;
3538     uint8_t *buf_new = NULL;
3539     BlockDriverState *bs = NULL, *prefix_chain_bs = NULL;
3540     BlockDriverState *unfiltered_bs, *unfiltered_bs_cow;
3541     BlockDriverInfo bdi = {0};
3542     char *filename;
3543     const char *fmt, *cache, *src_cache, *out_basefmt, *out_baseimg;
3544     int c, flags, src_flags, ret;
3545     BdrvRequestFlags write_flags = 0;
3546     bool writethrough, src_writethrough;
3547     int unsafe = 0;
3548     bool force_share = false;
3549     int progress = 0;
3550     bool quiet = false;
3551     bool compress = false;
3552     Error *local_err = NULL;
3553     bool image_opts = false;
3554     int64_t write_align;
3555 
3556     /* Parse commandline parameters */
3557     fmt = NULL;
3558     cache = BDRV_DEFAULT_CACHE;
3559     src_cache = BDRV_DEFAULT_CACHE;
3560     out_baseimg = NULL;
3561     out_basefmt = NULL;
3562     for(;;) {
3563         static const struct option long_options[] = {
3564             {"help", no_argument, 0, 'h'},
3565             {"object", required_argument, 0, OPTION_OBJECT},
3566             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
3567             {"force-share", no_argument, 0, 'U'},
3568             {"compress", no_argument, 0, 'c'},
3569             {0, 0, 0, 0}
3570         };
3571         c = getopt_long(argc, argv, ":hf:F:b:upt:T:qUc",
3572                         long_options, NULL);
3573         if (c == -1) {
3574             break;
3575         }
3576         switch(c) {
3577         case ':':
3578             missing_argument(argv[optind - 1]);
3579             break;
3580         case '?':
3581             unrecognized_option(argv[optind - 1]);
3582             break;
3583         case 'h':
3584             help();
3585             return 0;
3586         case 'f':
3587             fmt = optarg;
3588             break;
3589         case 'F':
3590             out_basefmt = optarg;
3591             break;
3592         case 'b':
3593             out_baseimg = optarg;
3594             break;
3595         case 'u':
3596             unsafe = 1;
3597             break;
3598         case 'p':
3599             progress = 1;
3600             break;
3601         case 't':
3602             cache = optarg;
3603             break;
3604         case 'T':
3605             src_cache = optarg;
3606             break;
3607         case 'q':
3608             quiet = true;
3609             break;
3610         case OPTION_OBJECT:
3611             user_creatable_process_cmdline(optarg);
3612             break;
3613         case OPTION_IMAGE_OPTS:
3614             image_opts = true;
3615             break;
3616         case 'U':
3617             force_share = true;
3618             break;
3619         case 'c':
3620             compress = true;
3621             break;
3622         }
3623     }
3624 
3625     if (quiet) {
3626         progress = 0;
3627     }
3628 
3629     if (optind != argc - 1) {
3630         error_exit("Expecting one image file name");
3631     }
3632     if (!unsafe && !out_baseimg) {
3633         error_exit("Must specify backing file (-b) or use unsafe mode (-u)");
3634     }
3635     filename = argv[optind++];
3636 
3637     qemu_progress_init(progress, 2.0);
3638     qemu_progress_print(0, 100);
3639 
3640     flags = BDRV_O_RDWR | (unsafe ? BDRV_O_NO_BACKING : 0);
3641     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
3642     if (ret < 0) {
3643         error_report("Invalid cache option: %s", cache);
3644         goto out;
3645     }
3646 
3647     src_flags = 0;
3648     ret = bdrv_parse_cache_mode(src_cache, &src_flags, &src_writethrough);
3649     if (ret < 0) {
3650         error_report("Invalid source cache option: %s", src_cache);
3651         goto out;
3652     }
3653 
3654     /* The source files are opened read-only, don't care about WCE */
3655     assert((src_flags & BDRV_O_RDWR) == 0);
3656     (void) src_writethrough;
3657 
3658     /*
3659      * Open the images.
3660      *
3661      * Ignore the old backing file for unsafe rebase in case we want to correct
3662      * the reference to a renamed or moved backing file.
3663      */
3664     blk = img_open(image_opts, filename, fmt, flags, writethrough, quiet,
3665                    false);
3666     if (!blk) {
3667         ret = -1;
3668         goto out;
3669     }
3670     bs = blk_bs(blk);
3671 
3672     bdrv_graph_rdlock_main_loop();
3673     unfiltered_bs = bdrv_skip_filters(bs);
3674     unfiltered_bs_cow = bdrv_cow_bs(unfiltered_bs);
3675     bdrv_graph_rdunlock_main_loop();
3676 
3677     if (compress && !block_driver_can_compress(unfiltered_bs->drv)) {
3678         error_report("Compression not supported for this file format");
3679         ret = -1;
3680         goto out;
3681     } else if (compress) {
3682         write_flags |= BDRV_REQ_WRITE_COMPRESSED;
3683     }
3684 
3685     if (out_basefmt != NULL) {
3686         if (bdrv_find_format(out_basefmt) == NULL) {
3687             error_report("Invalid format name: '%s'", out_basefmt);
3688             ret = -1;
3689             goto out;
3690         }
3691     }
3692 
3693     /*
3694      * We need overlay subcluster size (or cluster size in case writes are
3695      * compressed) to make sure write requests are aligned.
3696      */
3697     ret = bdrv_get_info(unfiltered_bs, &bdi);
3698     if (ret < 0) {
3699         error_report("could not get block driver info");
3700         goto out;
3701     } else if (bdi.subcluster_size == 0) {
3702         bdi.cluster_size = bdi.subcluster_size = 1;
3703     }
3704 
3705     write_align = compress ? bdi.cluster_size : bdi.subcluster_size;
3706 
3707     /* For safe rebasing we need to compare old and new backing file */
3708     if (!unsafe) {
3709         QDict *options = NULL;
3710         BlockDriverState *base_bs;
3711 
3712         bdrv_graph_rdlock_main_loop();
3713         base_bs = bdrv_cow_bs(unfiltered_bs);
3714         bdrv_graph_rdunlock_main_loop();
3715 
3716         if (base_bs) {
3717             blk_old_backing = blk_new(qemu_get_aio_context(),
3718                                       BLK_PERM_CONSISTENT_READ,
3719                                       BLK_PERM_ALL);
3720             ret = blk_insert_bs(blk_old_backing, base_bs,
3721                                 &local_err);
3722             if (ret < 0) {
3723                 error_reportf_err(local_err,
3724                                   "Could not reuse old backing file '%s': ",
3725                                   base_bs->filename);
3726                 goto out;
3727             }
3728         } else {
3729             blk_old_backing = NULL;
3730         }
3731 
3732         if (out_baseimg[0]) {
3733             const char *overlay_filename;
3734             char *out_real_path;
3735 
3736             options = qdict_new();
3737             if (out_basefmt) {
3738                 qdict_put_str(options, "driver", out_basefmt);
3739             }
3740             if (force_share) {
3741                 qdict_put_bool(options, BDRV_OPT_FORCE_SHARE, true);
3742             }
3743 
3744             bdrv_graph_rdlock_main_loop();
3745             bdrv_refresh_filename(bs);
3746             bdrv_graph_rdunlock_main_loop();
3747             overlay_filename = bs->exact_filename[0] ? bs->exact_filename
3748                                                      : bs->filename;
3749             out_real_path =
3750                 bdrv_get_full_backing_filename_from_filename(overlay_filename,
3751                                                              out_baseimg,
3752                                                              &local_err);
3753             if (local_err) {
3754                 qobject_unref(options);
3755                 error_reportf_err(local_err,
3756                                   "Could not resolve backing filename: ");
3757                 ret = -1;
3758                 goto out;
3759             }
3760 
3761             /*
3762              * Find out whether we rebase an image on top of a previous image
3763              * in its chain.
3764              */
3765             prefix_chain_bs = bdrv_find_backing_image(bs, out_real_path);
3766             if (prefix_chain_bs) {
3767                 qobject_unref(options);
3768                 g_free(out_real_path);
3769 
3770                 blk_new_backing = blk_new(qemu_get_aio_context(),
3771                                           BLK_PERM_CONSISTENT_READ,
3772                                           BLK_PERM_ALL);
3773                 ret = blk_insert_bs(blk_new_backing, prefix_chain_bs,
3774                                     &local_err);
3775                 if (ret < 0) {
3776                     error_reportf_err(local_err,
3777                                       "Could not reuse backing file '%s': ",
3778                                       out_baseimg);
3779                     goto out;
3780                 }
3781             } else {
3782                 blk_new_backing = blk_new_open(out_real_path, NULL,
3783                                                options, src_flags, &local_err);
3784                 g_free(out_real_path);
3785                 if (!blk_new_backing) {
3786                     error_reportf_err(local_err,
3787                                       "Could not open new backing file '%s': ",
3788                                       out_baseimg);
3789                     ret = -1;
3790                     goto out;
3791                 }
3792             }
3793         }
3794     }
3795 
3796     /*
3797      * Check each unallocated cluster in the COW file. If it is unallocated,
3798      * accesses go to the backing file. We must therefore compare this cluster
3799      * in the old and new backing file, and if they differ we need to copy it
3800      * from the old backing file into the COW file.
3801      *
3802      * If qemu-img crashes during this step, no harm is done. The content of
3803      * the image is the same as the original one at any time.
3804      */
3805     if (!unsafe) {
3806         int64_t size;
3807         int64_t old_backing_size = 0;
3808         int64_t new_backing_size = 0;
3809         uint64_t offset;
3810         int64_t n, n_old = 0, n_new = 0;
3811         float local_progress = 0;
3812 
3813         if (blk_old_backing && bdrv_opt_mem_align(blk_bs(blk_old_backing)) >
3814             bdrv_opt_mem_align(blk_bs(blk))) {
3815             buf_old = blk_blockalign(blk_old_backing, IO_BUF_SIZE);
3816         } else {
3817             buf_old = blk_blockalign(blk, IO_BUF_SIZE);
3818         }
3819         buf_new = blk_blockalign(blk_new_backing, IO_BUF_SIZE);
3820 
3821         size = blk_getlength(blk);
3822         if (size < 0) {
3823             error_report("Could not get size of '%s': %s",
3824                          filename, strerror(-size));
3825             ret = -1;
3826             goto out;
3827         }
3828         if (blk_old_backing) {
3829             old_backing_size = blk_getlength(blk_old_backing);
3830             if (old_backing_size < 0) {
3831                 char backing_name[PATH_MAX];
3832 
3833                 bdrv_get_backing_filename(bs, backing_name,
3834                                           sizeof(backing_name));
3835                 error_report("Could not get size of '%s': %s",
3836                              backing_name, strerror(-old_backing_size));
3837                 ret = -1;
3838                 goto out;
3839             }
3840         }
3841         if (blk_new_backing) {
3842             new_backing_size = blk_getlength(blk_new_backing);
3843             if (new_backing_size < 0) {
3844                 error_report("Could not get size of '%s': %s",
3845                              out_baseimg, strerror(-new_backing_size));
3846                 ret = -1;
3847                 goto out;
3848             }
3849         }
3850 
3851         if (size != 0) {
3852             local_progress = (float)100 / (size / MIN(size, IO_BUF_SIZE));
3853         }
3854 
3855         for (offset = 0; offset < size; offset += n) {
3856             bool old_backing_eof = false;
3857             int64_t n_alloc;
3858 
3859             /* How many bytes can we handle with the next read? */
3860             n = MIN(IO_BUF_SIZE, size - offset);
3861 
3862             /* If the cluster is allocated, we don't need to take action */
3863             ret = bdrv_is_allocated(unfiltered_bs, offset, n, &n);
3864             if (ret < 0) {
3865                 error_report("error while reading image metadata: %s",
3866                              strerror(-ret));
3867                 goto out;
3868             }
3869             if (ret) {
3870                 continue;
3871             }
3872 
3873             if (prefix_chain_bs) {
3874                 uint64_t bytes = n;
3875 
3876                 /*
3877                  * If cluster wasn't changed since prefix_chain, we don't need
3878                  * to take action
3879                  */
3880                 ret = bdrv_is_allocated_above(unfiltered_bs_cow,
3881                                               prefix_chain_bs, false,
3882                                               offset, n, &n);
3883                 if (ret < 0) {
3884                     error_report("error while reading image metadata: %s",
3885                                  strerror(-ret));
3886                     goto out;
3887                 }
3888                 if (!ret && n) {
3889                     continue;
3890                 }
3891                 if (!n) {
3892                     /*
3893                      * If we've reached EOF of the old backing, it means that
3894                      * offsets beyond the old backing size were read as zeroes.
3895                      * Now we will need to explicitly zero the cluster in
3896                      * order to preserve that state after the rebase.
3897                      */
3898                     n = bytes;
3899                 }
3900             }
3901 
3902             /*
3903              * At this point we know that the region [offset; offset + n)
3904              * is unallocated within the target image.  This region might be
3905              * unaligned to the target image's (sub)cluster boundaries, as
3906              * old backing may have smaller clusters (or have subclusters).
3907              * We extend it to the aligned boundaries to avoid CoW on
3908              * partial writes in blk_pwrite(),
3909              */
3910             n += offset - QEMU_ALIGN_DOWN(offset, write_align);
3911             offset = QEMU_ALIGN_DOWN(offset, write_align);
3912             n += QEMU_ALIGN_UP(offset + n, write_align) - (offset + n);
3913             n = MIN(n, size - offset);
3914             assert(!bdrv_is_allocated(unfiltered_bs, offset, n, &n_alloc) &&
3915                    n_alloc == n);
3916 
3917             /*
3918              * Much like with the target image, we'll try to read as much
3919              * of the old and new backings as we can.
3920              */
3921             n_old = MIN(n, MAX(0, old_backing_size - (int64_t) offset));
3922             n_new = MIN(n, MAX(0, new_backing_size - (int64_t) offset));
3923 
3924             /*
3925              * Read old and new backing file and take into consideration that
3926              * backing files may be smaller than the COW image.
3927              */
3928             memset(buf_old + n_old, 0, n - n_old);
3929             if (!n_old) {
3930                 old_backing_eof = true;
3931             } else {
3932                 ret = blk_pread(blk_old_backing, offset, n_old, buf_old, 0);
3933                 if (ret < 0) {
3934                     error_report("error while reading from old backing file");
3935                     goto out;
3936                 }
3937             }
3938 
3939             memset(buf_new + n_new, 0, n - n_new);
3940             if (n_new) {
3941                 ret = blk_pread(blk_new_backing, offset, n_new, buf_new, 0);
3942                 if (ret < 0) {
3943                     error_report("error while reading from new backing file");
3944                     goto out;
3945                 }
3946             }
3947 
3948             /* If they differ, we need to write to the COW file */
3949             uint64_t written = 0;
3950 
3951             while (written < n) {
3952                 int64_t pnum;
3953 
3954                 if (compare_buffers(buf_old + written, buf_new + written,
3955                                     n - written, write_align, &pnum))
3956                 {
3957                     if (old_backing_eof) {
3958                         ret = blk_pwrite_zeroes(blk, offset + written, pnum, 0);
3959                     } else {
3960                         assert(written + pnum <= IO_BUF_SIZE);
3961                         ret = blk_pwrite(blk, offset + written, pnum,
3962                                          buf_old + written, write_flags);
3963                     }
3964                     if (ret < 0) {
3965                         error_report("Error while writing to COW image: %s",
3966                             strerror(-ret));
3967                         goto out;
3968                     }
3969                 }
3970 
3971                 written += pnum;
3972                 if (offset + written >= old_backing_size) {
3973                     old_backing_eof = true;
3974                 }
3975             }
3976             qemu_progress_print(local_progress, 100);
3977         }
3978     }
3979 
3980     /*
3981      * Change the backing file. All clusters that are different from the old
3982      * backing file are overwritten in the COW file now, so the visible content
3983      * doesn't change when we switch the backing file.
3984      */
3985     if (out_baseimg && *out_baseimg) {
3986         ret = bdrv_change_backing_file(unfiltered_bs, out_baseimg, out_basefmt,
3987                                        true);
3988     } else {
3989         ret = bdrv_change_backing_file(unfiltered_bs, NULL, NULL, false);
3990     }
3991 
3992     if (ret == -ENOSPC) {
3993         error_report("Could not change the backing file to '%s': No "
3994                      "space left in the file header", out_baseimg);
3995     } else if (ret == -EINVAL && out_baseimg && !out_basefmt) {
3996         error_report("Could not change the backing file to '%s': backing "
3997                      "format must be specified", out_baseimg);
3998     } else if (ret < 0) {
3999         error_report("Could not change the backing file to '%s': %s",
4000             out_baseimg, strerror(-ret));
4001     }
4002 
4003     qemu_progress_print(100, 0);
4004     /*
4005      * TODO At this point it is possible to check if any clusters that are
4006      * allocated in the COW file are the same in the backing file. If so, they
4007      * could be dropped from the COW file. Don't do this before switching the
4008      * backing file, in case of a crash this would lead to corruption.
4009      */
4010 out:
4011     qemu_progress_end();
4012     /* Cleanup */
4013     if (!unsafe) {
4014         blk_unref(blk_old_backing);
4015         blk_unref(blk_new_backing);
4016     }
4017     qemu_vfree(buf_old);
4018     qemu_vfree(buf_new);
4019 
4020     blk_unref(blk);
4021     if (ret) {
4022         return 1;
4023     }
4024     return 0;
4025 }
4026 
4027 static int img_resize(int argc, char **argv)
4028 {
4029     Error *err = NULL;
4030     int c, ret, relative;
4031     const char *filename, *fmt, *size;
4032     int64_t n, total_size, current_size;
4033     bool quiet = false;
4034     BlockBackend *blk = NULL;
4035     PreallocMode prealloc = PREALLOC_MODE_OFF;
4036     QemuOpts *param;
4037 
4038     static QemuOptsList resize_options = {
4039         .name = "resize_options",
4040         .head = QTAILQ_HEAD_INITIALIZER(resize_options.head),
4041         .desc = {
4042             {
4043                 .name = BLOCK_OPT_SIZE,
4044                 .type = QEMU_OPT_SIZE,
4045                 .help = "Virtual disk size"
4046             }, {
4047                 /* end of list */
4048             }
4049         },
4050     };
4051     bool image_opts = false;
4052     bool shrink = false;
4053 
4054     /* Remove size from argv manually so that negative numbers are not treated
4055      * as options by getopt. */
4056     if (argc < 3) {
4057         error_exit("Not enough arguments");
4058         return 1;
4059     }
4060 
4061     size = argv[--argc];
4062 
4063     /* Parse getopt arguments */
4064     fmt = NULL;
4065     for(;;) {
4066         static const struct option long_options[] = {
4067             {"help", no_argument, 0, 'h'},
4068             {"object", required_argument, 0, OPTION_OBJECT},
4069             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
4070             {"preallocation", required_argument, 0, OPTION_PREALLOCATION},
4071             {"shrink", no_argument, 0, OPTION_SHRINK},
4072             {0, 0, 0, 0}
4073         };
4074         c = getopt_long(argc, argv, ":f:hq",
4075                         long_options, NULL);
4076         if (c == -1) {
4077             break;
4078         }
4079         switch(c) {
4080         case ':':
4081             missing_argument(argv[optind - 1]);
4082             break;
4083         case '?':
4084             unrecognized_option(argv[optind - 1]);
4085             break;
4086         case 'h':
4087             help();
4088             break;
4089         case 'f':
4090             fmt = optarg;
4091             break;
4092         case 'q':
4093             quiet = true;
4094             break;
4095         case OPTION_OBJECT:
4096             user_creatable_process_cmdline(optarg);
4097             break;
4098         case OPTION_IMAGE_OPTS:
4099             image_opts = true;
4100             break;
4101         case OPTION_PREALLOCATION:
4102             prealloc = qapi_enum_parse(&PreallocMode_lookup, optarg,
4103                                        PREALLOC_MODE__MAX, NULL);
4104             if (prealloc == PREALLOC_MODE__MAX) {
4105                 error_report("Invalid preallocation mode '%s'", optarg);
4106                 return 1;
4107             }
4108             break;
4109         case OPTION_SHRINK:
4110             shrink = true;
4111             break;
4112         }
4113     }
4114     if (optind != argc - 1) {
4115         error_exit("Expecting image file name and size");
4116     }
4117     filename = argv[optind++];
4118 
4119     /* Choose grow, shrink, or absolute resize mode */
4120     switch (size[0]) {
4121     case '+':
4122         relative = 1;
4123         size++;
4124         break;
4125     case '-':
4126         relative = -1;
4127         size++;
4128         break;
4129     default:
4130         relative = 0;
4131         break;
4132     }
4133 
4134     /* Parse size */
4135     param = qemu_opts_create(&resize_options, NULL, 0, &error_abort);
4136     if (!qemu_opt_set(param, BLOCK_OPT_SIZE, size, &err)) {
4137         error_report_err(err);
4138         ret = -1;
4139         qemu_opts_del(param);
4140         goto out;
4141     }
4142     n = qemu_opt_get_size(param, BLOCK_OPT_SIZE, 0);
4143     qemu_opts_del(param);
4144 
4145     blk = img_open(image_opts, filename, fmt,
4146                    BDRV_O_RDWR | BDRV_O_RESIZE, false, quiet,
4147                    false);
4148     if (!blk) {
4149         ret = -1;
4150         goto out;
4151     }
4152 
4153     current_size = blk_getlength(blk);
4154     if (current_size < 0) {
4155         error_report("Failed to inquire current image length: %s",
4156                      strerror(-current_size));
4157         ret = -1;
4158         goto out;
4159     }
4160 
4161     if (relative) {
4162         total_size = current_size + n * relative;
4163     } else {
4164         total_size = n;
4165     }
4166     if (total_size <= 0) {
4167         error_report("New image size must be positive");
4168         ret = -1;
4169         goto out;
4170     }
4171 
4172     if (total_size <= current_size && prealloc != PREALLOC_MODE_OFF) {
4173         error_report("Preallocation can only be used for growing images");
4174         ret = -1;
4175         goto out;
4176     }
4177 
4178     if (total_size < current_size && !shrink) {
4179         error_report("Use the --shrink option to perform a shrink operation.");
4180         warn_report("Shrinking an image will delete all data beyond the "
4181                     "shrunken image's end. Before performing such an "
4182                     "operation, make sure there is no important data there.");
4183         ret = -1;
4184         goto out;
4185     }
4186 
4187     /*
4188      * The user expects the image to have the desired size after
4189      * resizing, so pass @exact=true.  It is of no use to report
4190      * success when the image has not actually been resized.
4191      */
4192     ret = blk_truncate(blk, total_size, true, prealloc, 0, &err);
4193     if (!ret) {
4194         qprintf(quiet, "Image resized.\n");
4195     } else {
4196         error_report_err(err);
4197     }
4198 out:
4199     blk_unref(blk);
4200     if (ret) {
4201         return 1;
4202     }
4203     return 0;
4204 }
4205 
4206 static void amend_status_cb(BlockDriverState *bs,
4207                             int64_t offset, int64_t total_work_size,
4208                             void *opaque)
4209 {
4210     qemu_progress_print(100.f * offset / total_work_size, 0);
4211 }
4212 
4213 static int print_amend_option_help(const char *format)
4214 {
4215     BlockDriver *drv;
4216 
4217     GRAPH_RDLOCK_GUARD_MAINLOOP();
4218 
4219     /* Find driver and parse its options */
4220     drv = bdrv_find_format(format);
4221     if (!drv) {
4222         error_report("Unknown file format '%s'", format);
4223         return 1;
4224     }
4225 
4226     if (!drv->bdrv_amend_options) {
4227         error_report("Format driver '%s' does not support option amendment",
4228                      format);
4229         return 1;
4230     }
4231 
4232     /* Every driver supporting amendment must have amend_opts */
4233     assert(drv->amend_opts);
4234 
4235     printf("Amend options for '%s':\n", format);
4236     qemu_opts_print_help(drv->amend_opts, false);
4237     return 0;
4238 }
4239 
4240 static int img_amend(int argc, char **argv)
4241 {
4242     Error *err = NULL;
4243     int c, ret = 0;
4244     char *options = NULL;
4245     QemuOptsList *amend_opts = NULL;
4246     QemuOpts *opts = NULL;
4247     const char *fmt = NULL, *filename, *cache;
4248     int flags;
4249     bool writethrough;
4250     bool quiet = false, progress = false;
4251     BlockBackend *blk = NULL;
4252     BlockDriverState *bs = NULL;
4253     bool image_opts = false;
4254     bool force = false;
4255 
4256     cache = BDRV_DEFAULT_CACHE;
4257     for (;;) {
4258         static const struct option long_options[] = {
4259             {"help", no_argument, 0, 'h'},
4260             {"object", required_argument, 0, OPTION_OBJECT},
4261             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
4262             {"force", no_argument, 0, OPTION_FORCE},
4263             {0, 0, 0, 0}
4264         };
4265         c = getopt_long(argc, argv, ":ho:f:t:pq",
4266                         long_options, NULL);
4267         if (c == -1) {
4268             break;
4269         }
4270 
4271         switch (c) {
4272         case ':':
4273             missing_argument(argv[optind - 1]);
4274             break;
4275         case '?':
4276             unrecognized_option(argv[optind - 1]);
4277             break;
4278         case 'h':
4279             help();
4280             break;
4281         case 'o':
4282             if (accumulate_options(&options, optarg) < 0) {
4283                 ret = -1;
4284                 goto out_no_progress;
4285             }
4286             break;
4287         case 'f':
4288             fmt = optarg;
4289             break;
4290         case 't':
4291             cache = optarg;
4292             break;
4293         case 'p':
4294             progress = true;
4295             break;
4296         case 'q':
4297             quiet = true;
4298             break;
4299         case OPTION_OBJECT:
4300             user_creatable_process_cmdline(optarg);
4301             break;
4302         case OPTION_IMAGE_OPTS:
4303             image_opts = true;
4304             break;
4305         case OPTION_FORCE:
4306             force = true;
4307             break;
4308         }
4309     }
4310 
4311     if (!options) {
4312         error_exit("Must specify options (-o)");
4313     }
4314 
4315     if (quiet) {
4316         progress = false;
4317     }
4318     qemu_progress_init(progress, 1.0);
4319 
4320     filename = (optind == argc - 1) ? argv[argc - 1] : NULL;
4321     if (fmt && has_help_option(options)) {
4322         /* If a format is explicitly specified (and possibly no filename is
4323          * given), print option help here */
4324         ret = print_amend_option_help(fmt);
4325         goto out;
4326     }
4327 
4328     if (optind != argc - 1) {
4329         error_report("Expecting one image file name");
4330         ret = -1;
4331         goto out;
4332     }
4333 
4334     flags = BDRV_O_RDWR;
4335     ret = bdrv_parse_cache_mode(cache, &flags, &writethrough);
4336     if (ret < 0) {
4337         error_report("Invalid cache option: %s", cache);
4338         goto out;
4339     }
4340 
4341     blk = img_open(image_opts, filename, fmt, flags, writethrough, quiet,
4342                    false);
4343     if (!blk) {
4344         ret = -1;
4345         goto out;
4346     }
4347     bs = blk_bs(blk);
4348 
4349     fmt = bs->drv->format_name;
4350 
4351     if (has_help_option(options)) {
4352         /* If the format was auto-detected, print option help here */
4353         ret = print_amend_option_help(fmt);
4354         goto out;
4355     }
4356 
4357     bdrv_graph_rdlock_main_loop();
4358     if (!bs->drv->bdrv_amend_options) {
4359         error_report("Format driver '%s' does not support option amendment",
4360                      fmt);
4361         bdrv_graph_rdunlock_main_loop();
4362         ret = -1;
4363         goto out;
4364     }
4365 
4366     /* Every driver supporting amendment must have amend_opts */
4367     assert(bs->drv->amend_opts);
4368 
4369     amend_opts = qemu_opts_append(amend_opts, bs->drv->amend_opts);
4370     opts = qemu_opts_create(amend_opts, NULL, 0, &error_abort);
4371     if (!qemu_opts_do_parse(opts, options, NULL, &err)) {
4372         /* Try to parse options using the create options */
4373         amend_opts = qemu_opts_append(amend_opts, bs->drv->create_opts);
4374         qemu_opts_del(opts);
4375         opts = qemu_opts_create(amend_opts, NULL, 0, &error_abort);
4376         if (qemu_opts_do_parse(opts, options, NULL, NULL)) {
4377             error_append_hint(&err,
4378                               "This option is only supported for image creation\n");
4379         }
4380 
4381         bdrv_graph_rdunlock_main_loop();
4382         error_report_err(err);
4383         ret = -1;
4384         goto out;
4385     }
4386 
4387     /* In case the driver does not call amend_status_cb() */
4388     qemu_progress_print(0.f, 0);
4389     ret = bdrv_amend_options(bs, opts, &amend_status_cb, NULL, force, &err);
4390     qemu_progress_print(100.f, 0);
4391     bdrv_graph_rdunlock_main_loop();
4392 
4393     if (ret < 0) {
4394         error_report_err(err);
4395         goto out;
4396     }
4397 
4398 out:
4399     qemu_progress_end();
4400 
4401 out_no_progress:
4402     blk_unref(blk);
4403     qemu_opts_del(opts);
4404     qemu_opts_free(amend_opts);
4405     g_free(options);
4406 
4407     if (ret) {
4408         return 1;
4409     }
4410     return 0;
4411 }
4412 
4413 typedef struct BenchData {
4414     BlockBackend *blk;
4415     uint64_t image_size;
4416     bool write;
4417     int bufsize;
4418     int step;
4419     int nrreq;
4420     int n;
4421     int flush_interval;
4422     bool drain_on_flush;
4423     uint8_t *buf;
4424     QEMUIOVector *qiov;
4425 
4426     int in_flight;
4427     bool in_flush;
4428     uint64_t offset;
4429 } BenchData;
4430 
4431 static void bench_undrained_flush_cb(void *opaque, int ret)
4432 {
4433     if (ret < 0) {
4434         error_report("Failed flush request: %s", strerror(-ret));
4435         exit(EXIT_FAILURE);
4436     }
4437 }
4438 
4439 static void bench_cb(void *opaque, int ret)
4440 {
4441     BenchData *b = opaque;
4442     BlockAIOCB *acb;
4443 
4444     if (ret < 0) {
4445         error_report("Failed request: %s", strerror(-ret));
4446         exit(EXIT_FAILURE);
4447     }
4448 
4449     if (b->in_flush) {
4450         /* Just finished a flush with drained queue: Start next requests */
4451         assert(b->in_flight == 0);
4452         b->in_flush = false;
4453     } else if (b->in_flight > 0) {
4454         int remaining = b->n - b->in_flight;
4455 
4456         b->n--;
4457         b->in_flight--;
4458 
4459         /* Time for flush? Drain queue if requested, then flush */
4460         if (b->flush_interval && remaining % b->flush_interval == 0) {
4461             if (!b->in_flight || !b->drain_on_flush) {
4462                 BlockCompletionFunc *cb;
4463 
4464                 if (b->drain_on_flush) {
4465                     b->in_flush = true;
4466                     cb = bench_cb;
4467                 } else {
4468                     cb = bench_undrained_flush_cb;
4469                 }
4470 
4471                 acb = blk_aio_flush(b->blk, cb, b);
4472                 if (!acb) {
4473                     error_report("Failed to issue flush request");
4474                     exit(EXIT_FAILURE);
4475                 }
4476             }
4477             if (b->drain_on_flush) {
4478                 return;
4479             }
4480         }
4481     }
4482 
4483     while (b->n > b->in_flight && b->in_flight < b->nrreq) {
4484         int64_t offset = b->offset;
4485         /* blk_aio_* might look for completed I/Os and kick bench_cb
4486          * again, so make sure this operation is counted by in_flight
4487          * and b->offset is ready for the next submission.
4488          */
4489         b->in_flight++;
4490         b->offset += b->step;
4491         b->offset %= b->image_size;
4492         if (b->write) {
4493             acb = blk_aio_pwritev(b->blk, offset, b->qiov, 0, bench_cb, b);
4494         } else {
4495             acb = blk_aio_preadv(b->blk, offset, b->qiov, 0, bench_cb, b);
4496         }
4497         if (!acb) {
4498             error_report("Failed to issue request");
4499             exit(EXIT_FAILURE);
4500         }
4501     }
4502 }
4503 
4504 static int img_bench(int argc, char **argv)
4505 {
4506     int c, ret = 0;
4507     const char *fmt = NULL, *filename;
4508     bool quiet = false;
4509     bool image_opts = false;
4510     bool is_write = false;
4511     int count = 75000;
4512     int depth = 64;
4513     int64_t offset = 0;
4514     size_t bufsize = 4096;
4515     int pattern = 0;
4516     size_t step = 0;
4517     int flush_interval = 0;
4518     bool drain_on_flush = true;
4519     int64_t image_size;
4520     BlockBackend *blk = NULL;
4521     BenchData data = {};
4522     int flags = 0;
4523     bool writethrough = false;
4524     struct timeval t1, t2;
4525     int i;
4526     bool force_share = false;
4527     size_t buf_size = 0;
4528 
4529     for (;;) {
4530         static const struct option long_options[] = {
4531             {"help", no_argument, 0, 'h'},
4532             {"flush-interval", required_argument, 0, OPTION_FLUSH_INTERVAL},
4533             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
4534             {"pattern", required_argument, 0, OPTION_PATTERN},
4535             {"no-drain", no_argument, 0, OPTION_NO_DRAIN},
4536             {"force-share", no_argument, 0, 'U'},
4537             {0, 0, 0, 0}
4538         };
4539         c = getopt_long(argc, argv, ":hc:d:f:ni:o:qs:S:t:wU", long_options,
4540                         NULL);
4541         if (c == -1) {
4542             break;
4543         }
4544 
4545         switch (c) {
4546         case ':':
4547             missing_argument(argv[optind - 1]);
4548             break;
4549         case '?':
4550             unrecognized_option(argv[optind - 1]);
4551             break;
4552         case 'h':
4553             help();
4554             break;
4555         case 'c':
4556         {
4557             unsigned long res;
4558 
4559             if (qemu_strtoul(optarg, NULL, 0, &res) < 0 || res > INT_MAX) {
4560                 error_report("Invalid request count specified");
4561                 return 1;
4562             }
4563             count = res;
4564             break;
4565         }
4566         case 'd':
4567         {
4568             unsigned long res;
4569 
4570             if (qemu_strtoul(optarg, NULL, 0, &res) < 0 || res > INT_MAX) {
4571                 error_report("Invalid queue depth specified");
4572                 return 1;
4573             }
4574             depth = res;
4575             break;
4576         }
4577         case 'f':
4578             fmt = optarg;
4579             break;
4580         case 'n':
4581             flags |= BDRV_O_NATIVE_AIO;
4582             break;
4583         case 'i':
4584             ret = bdrv_parse_aio(optarg, &flags);
4585             if (ret < 0) {
4586                 error_report("Invalid aio option: %s", optarg);
4587                 ret = -1;
4588                 goto out;
4589             }
4590             break;
4591         case 'o':
4592         {
4593             offset = cvtnum("offset", optarg);
4594             if (offset < 0) {
4595                 return 1;
4596             }
4597             break;
4598         }
4599             break;
4600         case 'q':
4601             quiet = true;
4602             break;
4603         case 's':
4604         {
4605             int64_t sval;
4606 
4607             sval = cvtnum_full("buffer size", optarg, 0, INT_MAX);
4608             if (sval < 0) {
4609                 return 1;
4610             }
4611 
4612             bufsize = sval;
4613             break;
4614         }
4615         case 'S':
4616         {
4617             int64_t sval;
4618 
4619             sval = cvtnum_full("step_size", optarg, 0, INT_MAX);
4620             if (sval < 0) {
4621                 return 1;
4622             }
4623 
4624             step = sval;
4625             break;
4626         }
4627         case 't':
4628             ret = bdrv_parse_cache_mode(optarg, &flags, &writethrough);
4629             if (ret < 0) {
4630                 error_report("Invalid cache mode");
4631                 ret = -1;
4632                 goto out;
4633             }
4634             break;
4635         case 'w':
4636             flags |= BDRV_O_RDWR;
4637             is_write = true;
4638             break;
4639         case 'U':
4640             force_share = true;
4641             break;
4642         case OPTION_PATTERN:
4643         {
4644             unsigned long res;
4645 
4646             if (qemu_strtoul(optarg, NULL, 0, &res) < 0 || res > 0xff) {
4647                 error_report("Invalid pattern byte specified");
4648                 return 1;
4649             }
4650             pattern = res;
4651             break;
4652         }
4653         case OPTION_FLUSH_INTERVAL:
4654         {
4655             unsigned long res;
4656 
4657             if (qemu_strtoul(optarg, NULL, 0, &res) < 0 || res > INT_MAX) {
4658                 error_report("Invalid flush interval specified");
4659                 return 1;
4660             }
4661             flush_interval = res;
4662             break;
4663         }
4664         case OPTION_NO_DRAIN:
4665             drain_on_flush = false;
4666             break;
4667         case OPTION_IMAGE_OPTS:
4668             image_opts = true;
4669             break;
4670         }
4671     }
4672 
4673     if (optind != argc - 1) {
4674         error_exit("Expecting one image file name");
4675     }
4676     filename = argv[argc - 1];
4677 
4678     if (!is_write && flush_interval) {
4679         error_report("--flush-interval is only available in write tests");
4680         ret = -1;
4681         goto out;
4682     }
4683     if (flush_interval && flush_interval < depth) {
4684         error_report("Flush interval can't be smaller than depth");
4685         ret = -1;
4686         goto out;
4687     }
4688 
4689     blk = img_open(image_opts, filename, fmt, flags, writethrough, quiet,
4690                    force_share);
4691     if (!blk) {
4692         ret = -1;
4693         goto out;
4694     }
4695 
4696     image_size = blk_getlength(blk);
4697     if (image_size < 0) {
4698         ret = image_size;
4699         goto out;
4700     }
4701 
4702     data = (BenchData) {
4703         .blk            = blk,
4704         .image_size     = image_size,
4705         .bufsize        = bufsize,
4706         .step           = step ?: bufsize,
4707         .nrreq          = depth,
4708         .n              = count,
4709         .offset         = offset,
4710         .write          = is_write,
4711         .flush_interval = flush_interval,
4712         .drain_on_flush = drain_on_flush,
4713     };
4714     printf("Sending %d %s requests, %d bytes each, %d in parallel "
4715            "(starting at offset %" PRId64 ", step size %d)\n",
4716            data.n, data.write ? "write" : "read", data.bufsize, data.nrreq,
4717            data.offset, data.step);
4718     if (flush_interval) {
4719         printf("Sending flush every %d requests\n", flush_interval);
4720     }
4721 
4722     buf_size = data.nrreq * data.bufsize;
4723     data.buf = blk_blockalign(blk, buf_size);
4724     memset(data.buf, pattern, data.nrreq * data.bufsize);
4725 
4726     blk_register_buf(blk, data.buf, buf_size, &error_fatal);
4727 
4728     data.qiov = g_new(QEMUIOVector, data.nrreq);
4729     for (i = 0; i < data.nrreq; i++) {
4730         qemu_iovec_init(&data.qiov[i], 1);
4731         qemu_iovec_add(&data.qiov[i],
4732                        data.buf + i * data.bufsize, data.bufsize);
4733     }
4734 
4735     gettimeofday(&t1, NULL);
4736     bench_cb(&data, 0);
4737 
4738     while (data.n > 0) {
4739         main_loop_wait(false);
4740     }
4741     gettimeofday(&t2, NULL);
4742 
4743     printf("Run completed in %3.3f seconds.\n",
4744            (t2.tv_sec - t1.tv_sec)
4745            + ((double)(t2.tv_usec - t1.tv_usec) / 1000000));
4746 
4747 out:
4748     if (data.buf) {
4749         blk_unregister_buf(blk, data.buf, buf_size);
4750     }
4751     qemu_vfree(data.buf);
4752     blk_unref(blk);
4753 
4754     if (ret) {
4755         return 1;
4756     }
4757     return 0;
4758 }
4759 
4760 enum ImgBitmapAct {
4761     BITMAP_ADD,
4762     BITMAP_REMOVE,
4763     BITMAP_CLEAR,
4764     BITMAP_ENABLE,
4765     BITMAP_DISABLE,
4766     BITMAP_MERGE,
4767 };
4768 typedef struct ImgBitmapAction {
4769     enum ImgBitmapAct act;
4770     const char *src; /* only used for merge */
4771     QSIMPLEQ_ENTRY(ImgBitmapAction) next;
4772 } ImgBitmapAction;
4773 
4774 static int img_bitmap(int argc, char **argv)
4775 {
4776     Error *err = NULL;
4777     int c, ret = 1;
4778     QemuOpts *opts = NULL;
4779     const char *fmt = NULL, *src_fmt = NULL, *src_filename = NULL;
4780     const char *filename, *bitmap;
4781     BlockBackend *blk = NULL, *src = NULL;
4782     BlockDriverState *bs = NULL, *src_bs = NULL;
4783     bool image_opts = false;
4784     int64_t granularity = 0;
4785     bool add = false, merge = false;
4786     QSIMPLEQ_HEAD(, ImgBitmapAction) actions;
4787     ImgBitmapAction *act, *act_next;
4788     const char *op;
4789     int inactivate_ret;
4790 
4791     QSIMPLEQ_INIT(&actions);
4792 
4793     for (;;) {
4794         static const struct option long_options[] = {
4795             {"help", no_argument, 0, 'h'},
4796             {"object", required_argument, 0, OPTION_OBJECT},
4797             {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
4798             {"add", no_argument, 0, OPTION_ADD},
4799             {"remove", no_argument, 0, OPTION_REMOVE},
4800             {"clear", no_argument, 0, OPTION_CLEAR},
4801             {"enable", no_argument, 0, OPTION_ENABLE},
4802             {"disable", no_argument, 0, OPTION_DISABLE},
4803             {"merge", required_argument, 0, OPTION_MERGE},
4804             {"granularity", required_argument, 0, 'g'},
4805             {"source-file", required_argument, 0, 'b'},
4806             {"source-format", required_argument, 0, 'F'},
4807             {0, 0, 0, 0}
4808         };
4809         c = getopt_long(argc, argv, ":b:f:F:g:h", long_options, NULL);
4810         if (c == -1) {
4811             break;
4812         }
4813 
4814         switch (c) {
4815         case ':':
4816             missing_argument(argv[optind - 1]);
4817             break;
4818         case '?':
4819             unrecognized_option(argv[optind - 1]);
4820             break;
4821         case 'h':
4822             help();
4823             break;
4824         case 'b':
4825             src_filename = optarg;
4826             break;
4827         case 'f':
4828             fmt = optarg;
4829             break;
4830         case 'F':
4831             src_fmt = optarg;
4832             break;
4833         case 'g':
4834             granularity = cvtnum("granularity", optarg);
4835             if (granularity < 0) {
4836                 return 1;
4837             }
4838             break;
4839         case OPTION_ADD:
4840             act = g_new0(ImgBitmapAction, 1);
4841             act->act = BITMAP_ADD;
4842             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4843             add = true;
4844             break;
4845         case OPTION_REMOVE:
4846             act = g_new0(ImgBitmapAction, 1);
4847             act->act = BITMAP_REMOVE;
4848             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4849             break;
4850         case OPTION_CLEAR:
4851             act = g_new0(ImgBitmapAction, 1);
4852             act->act = BITMAP_CLEAR;
4853             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4854             break;
4855         case OPTION_ENABLE:
4856             act = g_new0(ImgBitmapAction, 1);
4857             act->act = BITMAP_ENABLE;
4858             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4859             break;
4860         case OPTION_DISABLE:
4861             act = g_new0(ImgBitmapAction, 1);
4862             act->act = BITMAP_DISABLE;
4863             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4864             break;
4865         case OPTION_MERGE:
4866             act = g_new0(ImgBitmapAction, 1);
4867             act->act = BITMAP_MERGE;
4868             act->src = optarg;
4869             QSIMPLEQ_INSERT_TAIL(&actions, act, next);
4870             merge = true;
4871             break;
4872         case OPTION_OBJECT:
4873             user_creatable_process_cmdline(optarg);
4874             break;
4875         case OPTION_IMAGE_OPTS:
4876             image_opts = true;
4877             break;
4878         }
4879     }
4880 
4881     if (QSIMPLEQ_EMPTY(&actions)) {
4882         error_report("Need at least one of --add, --remove, --clear, "
4883                      "--enable, --disable, or --merge");
4884         goto out;
4885     }
4886 
4887     if (granularity && !add) {
4888         error_report("granularity only supported with --add");
4889         goto out;
4890     }
4891     if (src_fmt && !src_filename) {
4892         error_report("-F only supported with -b");
4893         goto out;
4894     }
4895     if (src_filename && !merge) {
4896         error_report("Merge bitmap source file only supported with "
4897                      "--merge");
4898         goto out;
4899     }
4900 
4901     if (optind != argc - 2) {
4902         error_report("Expecting filename and bitmap name");
4903         goto out;
4904     }
4905 
4906     filename = argv[optind];
4907     bitmap = argv[optind + 1];
4908 
4909     /*
4910      * No need to open backing chains; we will be manipulating bitmaps
4911      * directly in this image without reference to image contents.
4912      */
4913     blk = img_open(image_opts, filename, fmt, BDRV_O_RDWR | BDRV_O_NO_BACKING,
4914                    false, false, false);
4915     if (!blk) {
4916         goto out;
4917     }
4918     bs = blk_bs(blk);
4919     if (src_filename) {
4920         src = img_open(false, src_filename, src_fmt, BDRV_O_NO_BACKING,
4921                        false, false, false);
4922         if (!src) {
4923             goto out;
4924         }
4925         src_bs = blk_bs(src);
4926     } else {
4927         src_bs = bs;
4928     }
4929 
4930     QSIMPLEQ_FOREACH_SAFE(act, &actions, next, act_next) {
4931         switch (act->act) {
4932         case BITMAP_ADD:
4933             qmp_block_dirty_bitmap_add(bs->node_name, bitmap,
4934                                        !!granularity, granularity, true, true,
4935                                        false, false, &err);
4936             op = "add";
4937             break;
4938         case BITMAP_REMOVE:
4939             qmp_block_dirty_bitmap_remove(bs->node_name, bitmap, &err);
4940             op = "remove";
4941             break;
4942         case BITMAP_CLEAR:
4943             qmp_block_dirty_bitmap_clear(bs->node_name, bitmap, &err);
4944             op = "clear";
4945             break;
4946         case BITMAP_ENABLE:
4947             qmp_block_dirty_bitmap_enable(bs->node_name, bitmap, &err);
4948             op = "enable";
4949             break;
4950         case BITMAP_DISABLE:
4951             qmp_block_dirty_bitmap_disable(bs->node_name, bitmap, &err);
4952             op = "disable";
4953             break;
4954         case BITMAP_MERGE:
4955             do_dirty_bitmap_merge(bs->node_name, bitmap, src_bs->node_name,
4956                                   act->src, &err);
4957             op = "merge";
4958             break;
4959         default:
4960             g_assert_not_reached();
4961         }
4962 
4963         if (err) {
4964             error_reportf_err(err, "Operation %s on bitmap %s failed: ",
4965                               op, bitmap);
4966             goto out;
4967         }
4968         g_free(act);
4969     }
4970 
4971     ret = 0;
4972 
4973  out:
4974     /*
4975      * Manually inactivate the images first because this way we can know whether
4976      * an error occurred. blk_unref() doesn't tell us about failures.
4977      */
4978     inactivate_ret = bdrv_inactivate_all();
4979     if (inactivate_ret < 0) {
4980         error_report("Error while closing the image: %s", strerror(-inactivate_ret));
4981         ret = 1;
4982     }
4983 
4984     blk_unref(src);
4985     blk_unref(blk);
4986     qemu_opts_del(opts);
4987     return ret;
4988 }
4989 
4990 #define C_BS      01
4991 #define C_COUNT   02
4992 #define C_IF      04
4993 #define C_OF      010
4994 #define C_SKIP    020
4995 
4996 struct DdInfo {
4997     unsigned int flags;
4998     int64_t count;
4999 };
5000 
5001 struct DdIo {
5002     int bsz;    /* Block size */
5003     char *filename;
5004     uint8_t *buf;
5005     int64_t offset;
5006 };
5007 
5008 struct DdOpts {
5009     const char *name;
5010     int (*f)(const char *, struct DdIo *, struct DdIo *, struct DdInfo *);
5011     unsigned int flag;
5012 };
5013 
5014 static int img_dd_bs(const char *arg,
5015                      struct DdIo *in, struct DdIo *out,
5016                      struct DdInfo *dd)
5017 {
5018     int64_t res;
5019 
5020     res = cvtnum_full("bs", arg, 1, INT_MAX);
5021 
5022     if (res < 0) {
5023         return 1;
5024     }
5025     in->bsz = out->bsz = res;
5026 
5027     return 0;
5028 }
5029 
5030 static int img_dd_count(const char *arg,
5031                         struct DdIo *in, struct DdIo *out,
5032                         struct DdInfo *dd)
5033 {
5034     dd->count = cvtnum("count", arg);
5035 
5036     if (dd->count < 0) {
5037         return 1;
5038     }
5039 
5040     return 0;
5041 }
5042 
5043 static int img_dd_if(const char *arg,
5044                      struct DdIo *in, struct DdIo *out,
5045                      struct DdInfo *dd)
5046 {
5047     in->filename = g_strdup(arg);
5048 
5049     return 0;
5050 }
5051 
5052 static int img_dd_of(const char *arg,
5053                      struct DdIo *in, struct DdIo *out,
5054                      struct DdInfo *dd)
5055 {
5056     out->filename = g_strdup(arg);
5057 
5058     return 0;
5059 }
5060 
5061 static int img_dd_skip(const char *arg,
5062                        struct DdIo *in, struct DdIo *out,
5063                        struct DdInfo *dd)
5064 {
5065     in->offset = cvtnum("skip", arg);
5066 
5067     if (in->offset < 0) {
5068         return 1;
5069     }
5070 
5071     return 0;
5072 }
5073 
5074 static int img_dd(int argc, char **argv)
5075 {
5076     int ret = 0;
5077     char *arg = NULL;
5078     char *tmp;
5079     BlockDriver *drv = NULL, *proto_drv = NULL;
5080     BlockBackend *blk1 = NULL, *blk2 = NULL;
5081     QemuOpts *opts = NULL;
5082     QemuOptsList *create_opts = NULL;
5083     Error *local_err = NULL;
5084     bool image_opts = false;
5085     int c, i;
5086     const char *out_fmt = "raw";
5087     const char *fmt = NULL;
5088     int64_t size = 0;
5089     int64_t out_pos, in_pos;
5090     bool force_share = false;
5091     struct DdInfo dd = {
5092         .flags = 0,
5093         .count = 0,
5094     };
5095     struct DdIo in = {
5096         .bsz = 512, /* Block size is by default 512 bytes */
5097         .filename = NULL,
5098         .buf = NULL,
5099         .offset = 0
5100     };
5101     struct DdIo out = {
5102         .bsz = 512,
5103         .filename = NULL,
5104         .buf = NULL,
5105         .offset = 0
5106     };
5107 
5108     const struct DdOpts options[] = {
5109         { "bs", img_dd_bs, C_BS },
5110         { "count", img_dd_count, C_COUNT },
5111         { "if", img_dd_if, C_IF },
5112         { "of", img_dd_of, C_OF },
5113         { "skip", img_dd_skip, C_SKIP },
5114         { NULL, NULL, 0 }
5115     };
5116     const struct option long_options[] = {
5117         { "help", no_argument, 0, 'h'},
5118         { "object", required_argument, 0, OPTION_OBJECT},
5119         { "image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
5120         { "force-share", no_argument, 0, 'U'},
5121         { 0, 0, 0, 0 }
5122     };
5123 
5124     while ((c = getopt_long(argc, argv, ":hf:O:U", long_options, NULL))) {
5125         if (c == EOF) {
5126             break;
5127         }
5128         switch (c) {
5129         case 'O':
5130             out_fmt = optarg;
5131             break;
5132         case 'f':
5133             fmt = optarg;
5134             break;
5135         case ':':
5136             missing_argument(argv[optind - 1]);
5137             break;
5138         case '?':
5139             unrecognized_option(argv[optind - 1]);
5140             break;
5141         case 'h':
5142             help();
5143             break;
5144         case 'U':
5145             force_share = true;
5146             break;
5147         case OPTION_OBJECT:
5148             user_creatable_process_cmdline(optarg);
5149             break;
5150         case OPTION_IMAGE_OPTS:
5151             image_opts = true;
5152             break;
5153         }
5154     }
5155 
5156     for (i = optind; i < argc; i++) {
5157         int j;
5158         arg = g_strdup(argv[i]);
5159 
5160         tmp = strchr(arg, '=');
5161         if (tmp == NULL) {
5162             error_report("unrecognized operand %s", arg);
5163             ret = -1;
5164             goto out;
5165         }
5166 
5167         *tmp++ = '\0';
5168 
5169         for (j = 0; options[j].name != NULL; j++) {
5170             if (!strcmp(arg, options[j].name)) {
5171                 break;
5172             }
5173         }
5174         if (options[j].name == NULL) {
5175             error_report("unrecognized operand %s", arg);
5176             ret = -1;
5177             goto out;
5178         }
5179 
5180         if (options[j].f(tmp, &in, &out, &dd) != 0) {
5181             ret = -1;
5182             goto out;
5183         }
5184         dd.flags |= options[j].flag;
5185         g_free(arg);
5186         arg = NULL;
5187     }
5188 
5189     if (!(dd.flags & C_IF && dd.flags & C_OF)) {
5190         error_report("Must specify both input and output files");
5191         ret = -1;
5192         goto out;
5193     }
5194 
5195     blk1 = img_open(image_opts, in.filename, fmt, 0, false, false,
5196                     force_share);
5197 
5198     if (!blk1) {
5199         ret = -1;
5200         goto out;
5201     }
5202 
5203     drv = bdrv_find_format(out_fmt);
5204     if (!drv) {
5205         error_report("Unknown file format");
5206         ret = -1;
5207         goto out;
5208     }
5209     proto_drv = bdrv_find_protocol(out.filename, true, &local_err);
5210 
5211     if (!proto_drv) {
5212         error_report_err(local_err);
5213         ret = -1;
5214         goto out;
5215     }
5216     if (!drv->create_opts) {
5217         error_report("Format driver '%s' does not support image creation",
5218                      drv->format_name);
5219         ret = -1;
5220         goto out;
5221     }
5222     if (!proto_drv->create_opts) {
5223         error_report("Protocol driver '%s' does not support image creation",
5224                      proto_drv->format_name);
5225         ret = -1;
5226         goto out;
5227     }
5228     create_opts = qemu_opts_append(create_opts, drv->create_opts);
5229     create_opts = qemu_opts_append(create_opts, proto_drv->create_opts);
5230 
5231     opts = qemu_opts_create(create_opts, NULL, 0, &error_abort);
5232 
5233     size = blk_getlength(blk1);
5234     if (size < 0) {
5235         error_report("Failed to get size for '%s'", in.filename);
5236         ret = -1;
5237         goto out;
5238     }
5239 
5240     if (dd.flags & C_COUNT && dd.count <= INT64_MAX / in.bsz &&
5241         dd.count * in.bsz < size) {
5242         size = dd.count * in.bsz;
5243     }
5244 
5245     /* Overflow means the specified offset is beyond input image's size */
5246     if (dd.flags & C_SKIP && (in.offset > INT64_MAX / in.bsz ||
5247                               size < in.bsz * in.offset)) {
5248         qemu_opt_set_number(opts, BLOCK_OPT_SIZE, 0, &error_abort);
5249     } else {
5250         qemu_opt_set_number(opts, BLOCK_OPT_SIZE,
5251                             size - in.bsz * in.offset, &error_abort);
5252     }
5253 
5254     ret = bdrv_create(drv, out.filename, opts, &local_err);
5255     if (ret < 0) {
5256         error_reportf_err(local_err,
5257                           "%s: error while creating output image: ",
5258                           out.filename);
5259         ret = -1;
5260         goto out;
5261     }
5262 
5263     /* TODO, we can't honour --image-opts for the target,
5264      * since it needs to be given in a format compatible
5265      * with the bdrv_create() call above which does not
5266      * support image-opts style.
5267      */
5268     blk2 = img_open_file(out.filename, NULL, out_fmt, BDRV_O_RDWR,
5269                          false, false, false);
5270 
5271     if (!blk2) {
5272         ret = -1;
5273         goto out;
5274     }
5275 
5276     if (dd.flags & C_SKIP && (in.offset > INT64_MAX / in.bsz ||
5277                               size < in.offset * in.bsz)) {
5278         /* We give a warning if the skip option is bigger than the input
5279          * size and create an empty output disk image (i.e. like dd(1)).
5280          */
5281         error_report("%s: cannot skip to specified offset", in.filename);
5282         in_pos = size;
5283     } else {
5284         in_pos = in.offset * in.bsz;
5285     }
5286 
5287     in.buf = g_new(uint8_t, in.bsz);
5288 
5289     for (out_pos = 0; in_pos < size; ) {
5290         int bytes = (in_pos + in.bsz > size) ? size - in_pos : in.bsz;
5291 
5292         ret = blk_pread(blk1, in_pos, bytes, in.buf, 0);
5293         if (ret < 0) {
5294             error_report("error while reading from input image file: %s",
5295                          strerror(-ret));
5296             goto out;
5297         }
5298         in_pos += bytes;
5299 
5300         ret = blk_pwrite(blk2, out_pos, bytes, in.buf, 0);
5301         if (ret < 0) {
5302             error_report("error while writing to output image file: %s",
5303                          strerror(-ret));
5304             goto out;
5305         }
5306         out_pos += bytes;
5307     }
5308 
5309 out:
5310     g_free(arg);
5311     qemu_opts_del(opts);
5312     qemu_opts_free(create_opts);
5313     blk_unref(blk1);
5314     blk_unref(blk2);
5315     g_free(in.filename);
5316     g_free(out.filename);
5317     g_free(in.buf);
5318     g_free(out.buf);
5319 
5320     if (ret) {
5321         return 1;
5322     }
5323     return 0;
5324 }
5325 
5326 static void dump_json_block_measure_info(BlockMeasureInfo *info)
5327 {
5328     GString *str;
5329     QObject *obj;
5330     Visitor *v = qobject_output_visitor_new(&obj);
5331 
5332     visit_type_BlockMeasureInfo(v, NULL, &info, &error_abort);
5333     visit_complete(v, &obj);
5334     str = qobject_to_json_pretty(obj, true);
5335     assert(str != NULL);
5336     printf("%s\n", str->str);
5337     qobject_unref(obj);
5338     visit_free(v);
5339     g_string_free(str, true);
5340 }
5341 
5342 static int img_measure(int argc, char **argv)
5343 {
5344     static const struct option long_options[] = {
5345         {"help", no_argument, 0, 'h'},
5346         {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
5347         {"object", required_argument, 0, OPTION_OBJECT},
5348         {"output", required_argument, 0, OPTION_OUTPUT},
5349         {"size", required_argument, 0, OPTION_SIZE},
5350         {"force-share", no_argument, 0, 'U'},
5351         {0, 0, 0, 0}
5352     };
5353     OutputFormat output_format = OFORMAT_HUMAN;
5354     BlockBackend *in_blk = NULL;
5355     BlockDriver *drv;
5356     const char *filename = NULL;
5357     const char *fmt = NULL;
5358     const char *out_fmt = "raw";
5359     char *options = NULL;
5360     char *snapshot_name = NULL;
5361     bool force_share = false;
5362     QemuOpts *opts = NULL;
5363     QemuOpts *object_opts = NULL;
5364     QemuOpts *sn_opts = NULL;
5365     QemuOptsList *create_opts = NULL;
5366     bool image_opts = false;
5367     uint64_t img_size = UINT64_MAX;
5368     BlockMeasureInfo *info = NULL;
5369     Error *local_err = NULL;
5370     int ret = 1;
5371     int c;
5372 
5373     while ((c = getopt_long(argc, argv, "hf:O:o:l:U",
5374                             long_options, NULL)) != -1) {
5375         switch (c) {
5376         case '?':
5377         case 'h':
5378             help();
5379             break;
5380         case 'f':
5381             fmt = optarg;
5382             break;
5383         case 'O':
5384             out_fmt = optarg;
5385             break;
5386         case 'o':
5387             if (accumulate_options(&options, optarg) < 0) {
5388                 goto out;
5389             }
5390             break;
5391         case 'l':
5392             if (strstart(optarg, SNAPSHOT_OPT_BASE, NULL)) {
5393                 sn_opts = qemu_opts_parse_noisily(&internal_snapshot_opts,
5394                                                   optarg, false);
5395                 if (!sn_opts) {
5396                     error_report("Failed in parsing snapshot param '%s'",
5397                                  optarg);
5398                     goto out;
5399                 }
5400             } else {
5401                 snapshot_name = optarg;
5402             }
5403             break;
5404         case 'U':
5405             force_share = true;
5406             break;
5407         case OPTION_OBJECT:
5408             user_creatable_process_cmdline(optarg);
5409             break;
5410         case OPTION_IMAGE_OPTS:
5411             image_opts = true;
5412             break;
5413         case OPTION_OUTPUT:
5414             if (!strcmp(optarg, "json")) {
5415                 output_format = OFORMAT_JSON;
5416             } else if (!strcmp(optarg, "human")) {
5417                 output_format = OFORMAT_HUMAN;
5418             } else {
5419                 error_report("--output must be used with human or json "
5420                              "as argument.");
5421                 goto out;
5422             }
5423             break;
5424         case OPTION_SIZE:
5425         {
5426             int64_t sval;
5427 
5428             sval = cvtnum("image size", optarg);
5429             if (sval < 0) {
5430                 goto out;
5431             }
5432             img_size = (uint64_t)sval;
5433         }
5434         break;
5435         }
5436     }
5437 
5438     if (argc - optind > 1) {
5439         error_report("At most one filename argument is allowed.");
5440         goto out;
5441     } else if (argc - optind == 1) {
5442         filename = argv[optind];
5443     }
5444 
5445     if (!filename && (image_opts || fmt || snapshot_name || sn_opts)) {
5446         error_report("--image-opts, -f, and -l require a filename argument.");
5447         goto out;
5448     }
5449     if (filename && img_size != UINT64_MAX) {
5450         error_report("--size N cannot be used together with a filename.");
5451         goto out;
5452     }
5453     if (!filename && img_size == UINT64_MAX) {
5454         error_report("Either --size N or one filename must be specified.");
5455         goto out;
5456     }
5457 
5458     if (filename) {
5459         in_blk = img_open(image_opts, filename, fmt, 0,
5460                           false, false, force_share);
5461         if (!in_blk) {
5462             goto out;
5463         }
5464 
5465         if (sn_opts) {
5466             bdrv_snapshot_load_tmp(blk_bs(in_blk),
5467                     qemu_opt_get(sn_opts, SNAPSHOT_OPT_ID),
5468                     qemu_opt_get(sn_opts, SNAPSHOT_OPT_NAME),
5469                     &local_err);
5470         } else if (snapshot_name != NULL) {
5471             bdrv_snapshot_load_tmp_by_id_or_name(blk_bs(in_blk),
5472                     snapshot_name, &local_err);
5473         }
5474         if (local_err) {
5475             error_reportf_err(local_err, "Failed to load snapshot: ");
5476             goto out;
5477         }
5478     }
5479 
5480     drv = bdrv_find_format(out_fmt);
5481     if (!drv) {
5482         error_report("Unknown file format '%s'", out_fmt);
5483         goto out;
5484     }
5485     if (!drv->create_opts) {
5486         error_report("Format driver '%s' does not support image creation",
5487                      drv->format_name);
5488         goto out;
5489     }
5490 
5491     create_opts = qemu_opts_append(create_opts, drv->create_opts);
5492     create_opts = qemu_opts_append(create_opts, bdrv_file.create_opts);
5493     opts = qemu_opts_create(create_opts, NULL, 0, &error_abort);
5494     if (options) {
5495         if (!qemu_opts_do_parse(opts, options, NULL, &local_err)) {
5496             error_report_err(local_err);
5497             error_report("Invalid options for file format '%s'", out_fmt);
5498             goto out;
5499         }
5500     }
5501     if (img_size != UINT64_MAX) {
5502         qemu_opt_set_number(opts, BLOCK_OPT_SIZE, img_size, &error_abort);
5503     }
5504 
5505     info = bdrv_measure(drv, opts, in_blk ? blk_bs(in_blk) : NULL, &local_err);
5506     if (local_err) {
5507         error_report_err(local_err);
5508         goto out;
5509     }
5510 
5511     if (output_format == OFORMAT_HUMAN) {
5512         printf("required size: %" PRIu64 "\n", info->required);
5513         printf("fully allocated size: %" PRIu64 "\n", info->fully_allocated);
5514         if (info->has_bitmaps) {
5515             printf("bitmaps size: %" PRIu64 "\n", info->bitmaps);
5516         }
5517     } else {
5518         dump_json_block_measure_info(info);
5519     }
5520 
5521     ret = 0;
5522 
5523 out:
5524     qapi_free_BlockMeasureInfo(info);
5525     qemu_opts_del(object_opts);
5526     qemu_opts_del(opts);
5527     qemu_opts_del(sn_opts);
5528     qemu_opts_free(create_opts);
5529     g_free(options);
5530     blk_unref(in_blk);
5531     return ret;
5532 }
5533 
5534 static const img_cmd_t img_cmds[] = {
5535 #define DEF(option, callback, arg_string)        \
5536     { option, callback },
5537 #include "qemu-img-cmds.h"
5538 #undef DEF
5539     { NULL, NULL, },
5540 };
5541 
5542 int main(int argc, char **argv)
5543 {
5544     const img_cmd_t *cmd;
5545     const char *cmdname;
5546     int c;
5547     static const struct option long_options[] = {
5548         {"help", no_argument, 0, 'h'},
5549         {"version", no_argument, 0, 'V'},
5550         {"trace", required_argument, NULL, 'T'},
5551         {0, 0, 0, 0}
5552     };
5553 
5554 #ifdef CONFIG_POSIX
5555     signal(SIGPIPE, SIG_IGN);
5556 #endif
5557 
5558     socket_init();
5559     error_init(argv[0]);
5560     module_call_init(MODULE_INIT_TRACE);
5561     qemu_init_exec_dir(argv[0]);
5562 
5563     qemu_init_main_loop(&error_fatal);
5564 
5565     qcrypto_init(&error_fatal);
5566 
5567     module_call_init(MODULE_INIT_QOM);
5568     bdrv_init();
5569     if (argc < 2) {
5570         error_exit("Not enough arguments");
5571     }
5572 
5573     qemu_add_opts(&qemu_source_opts);
5574     qemu_add_opts(&qemu_trace_opts);
5575 
5576     while ((c = getopt_long(argc, argv, "+:hVT:", long_options, NULL)) != -1) {
5577         switch (c) {
5578         case ':':
5579             missing_argument(argv[optind - 1]);
5580             return 0;
5581         case '?':
5582             unrecognized_option(argv[optind - 1]);
5583             return 0;
5584         case 'h':
5585             help();
5586             return 0;
5587         case 'V':
5588             printf(QEMU_IMG_VERSION);
5589             return 0;
5590         case 'T':
5591             trace_opt_parse(optarg);
5592             break;
5593         }
5594     }
5595 
5596     cmdname = argv[optind];
5597 
5598     /* reset getopt_long scanning */
5599     argc -= optind;
5600     if (argc < 1) {
5601         return 0;
5602     }
5603     argv += optind;
5604     qemu_reset_optind();
5605 
5606     if (!trace_init_backends()) {
5607         exit(1);
5608     }
5609     trace_init_file();
5610     qemu_set_log(LOG_TRACE, &error_fatal);
5611 
5612     /* find the command */
5613     for (cmd = img_cmds; cmd->name != NULL; cmd++) {
5614         if (!strcmp(cmdname, cmd->name)) {
5615             return cmd->handler(argc, argv);
5616         }
5617     }
5618 
5619     /* not found */
5620     error_exit("Command not found: %s", cmdname);
5621 }
5622