1 | /* |
2 | * Block driver for Hyper-V VHDX Images |
3 | * |
4 | * Copyright (c) 2013 Red Hat, Inc., |
5 | * |
6 | * Authors: |
7 | * Jeff Cody <jcody@redhat.com> |
8 | * |
9 | * This is based on the "VHDX Format Specification v1.00", published 8/25/2012 |
10 | * by Microsoft: |
11 | * https://www.microsoft.com/en-us/download/details.aspx?id=34750 |
12 | * |
13 | * This work is licensed under the terms of the GNU LGPL, version 2 or later. |
14 | * See the COPYING.LIB file in the top-level directory. |
15 | * |
16 | */ |
17 | |
18 | #include "qemu/osdep.h" |
19 | #include "qapi/error.h" |
20 | #include "block/block_int.h" |
21 | #include "block/qdict.h" |
22 | #include "sysemu/block-backend.h" |
23 | #include "qemu/module.h" |
24 | #include "qemu/option.h" |
25 | #include "qemu/crc32c.h" |
26 | #include "qemu/bswap.h" |
27 | #include "vhdx.h" |
28 | #include "migration/blocker.h" |
29 | #include "qemu/uuid.h" |
30 | #include "qapi/qmp/qdict.h" |
31 | #include "qapi/qobject-input-visitor.h" |
32 | #include "qapi/qapi-visit-block-core.h" |
33 | |
34 | /* Options for VHDX creation */ |
35 | |
36 | #define VHDX_BLOCK_OPT_LOG_SIZE "log_size" |
37 | #define VHDX_BLOCK_OPT_BLOCK_SIZE "block_size" |
38 | #define VHDX_BLOCK_OPT_ZERO "block_state_zero" |
39 | |
40 | typedef enum VHDXImageType { |
41 | VHDX_TYPE_DYNAMIC = 0, |
42 | VHDX_TYPE_FIXED, |
43 | VHDX_TYPE_DIFFERENCING, /* Currently unsupported */ |
44 | } VHDXImageType; |
45 | |
46 | static QemuOptsList vhdx_create_opts; |
47 | |
48 | /* Several metadata and region table data entries are identified by |
49 | * guids in a MS-specific GUID format. */ |
50 | |
51 | |
52 | /* ------- Known Region Table GUIDs ---------------------- */ |
53 | static const MSGUID bat_guid = { .data1 = 0x2dc27766, |
54 | .data2 = 0xf623, |
55 | .data3 = 0x4200, |
56 | .data4 = { 0x9d, 0x64, 0x11, 0x5e, |
57 | 0x9b, 0xfd, 0x4a, 0x08} }; |
58 | |
59 | static const MSGUID metadata_guid = { .data1 = 0x8b7ca206, |
60 | .data2 = 0x4790, |
61 | .data3 = 0x4b9a, |
62 | .data4 = { 0xb8, 0xfe, 0x57, 0x5f, |
63 | 0x05, 0x0f, 0x88, 0x6e} }; |
64 | |
65 | |
66 | |
67 | /* ------- Known Metadata Entry GUIDs ---------------------- */ |
68 | static const MSGUID file_param_guid = { .data1 = 0xcaa16737, |
69 | .data2 = 0xfa36, |
70 | .data3 = 0x4d43, |
71 | .data4 = { 0xb3, 0xb6, 0x33, 0xf0, |
72 | 0xaa, 0x44, 0xe7, 0x6b} }; |
73 | |
74 | static const MSGUID virtual_size_guid = { .data1 = 0x2FA54224, |
75 | .data2 = 0xcd1b, |
76 | .data3 = 0x4876, |
77 | .data4 = { 0xb2, 0x11, 0x5d, 0xbe, |
78 | 0xd8, 0x3b, 0xf4, 0xb8} }; |
79 | |
80 | static const MSGUID page83_guid = { .data1 = 0xbeca12ab, |
81 | .data2 = 0xb2e6, |
82 | .data3 = 0x4523, |
83 | .data4 = { 0x93, 0xef, 0xc3, 0x09, |
84 | 0xe0, 0x00, 0xc7, 0x46} }; |
85 | |
86 | |
87 | static const MSGUID phys_sector_guid = { .data1 = 0xcda348c7, |
88 | .data2 = 0x445d, |
89 | .data3 = 0x4471, |
90 | .data4 = { 0x9c, 0xc9, 0xe9, 0x88, |
91 | 0x52, 0x51, 0xc5, 0x56} }; |
92 | |
93 | static const MSGUID parent_locator_guid = { .data1 = 0xa8d35f2d, |
94 | .data2 = 0xb30b, |
95 | .data3 = 0x454d, |
96 | .data4 = { 0xab, 0xf7, 0xd3, |
97 | 0xd8, 0x48, 0x34, |
98 | 0xab, 0x0c} }; |
99 | |
100 | static const MSGUID logical_sector_guid = { .data1 = 0x8141bf1d, |
101 | .data2 = 0xa96f, |
102 | .data3 = 0x4709, |
103 | .data4 = { 0xba, 0x47, 0xf2, |
104 | 0x33, 0xa8, 0xfa, |
105 | 0xab, 0x5f} }; |
106 | |
107 | /* Each parent type must have a valid GUID; this is for parent images |
108 | * of type 'VHDX'. If we were to allow e.g. a QCOW2 parent, we would |
109 | * need to make up our own QCOW2 GUID type */ |
110 | static const MSGUID parent_vhdx_guid __attribute__((unused)) |
111 | = { .data1 = 0xb04aefb7, |
112 | .data2 = 0xd19e, |
113 | .data3 = 0x4a81, |
114 | .data4 = { 0xb7, 0x89, 0x25, 0xb8, |
115 | 0xe9, 0x44, 0x59, 0x13} }; |
116 | |
117 | |
118 | #define META_FILE_PARAMETER_PRESENT 0x01 |
119 | #define META_VIRTUAL_DISK_SIZE_PRESENT 0x02 |
120 | #define META_PAGE_83_PRESENT 0x04 |
121 | #define META_LOGICAL_SECTOR_SIZE_PRESENT 0x08 |
122 | #define META_PHYS_SECTOR_SIZE_PRESENT 0x10 |
123 | #define META_PARENT_LOCATOR_PRESENT 0x20 |
124 | |
125 | #define META_ALL_PRESENT \ |
126 | (META_FILE_PARAMETER_PRESENT | META_VIRTUAL_DISK_SIZE_PRESENT | \ |
127 | META_PAGE_83_PRESENT | META_LOGICAL_SECTOR_SIZE_PRESENT | \ |
128 | META_PHYS_SECTOR_SIZE_PRESENT) |
129 | |
130 | |
131 | typedef struct VHDXSectorInfo { |
132 | uint32_t bat_idx; /* BAT entry index */ |
133 | uint32_t sectors_avail; /* sectors available in payload block */ |
134 | uint32_t bytes_left; /* bytes left in the block after data to r/w */ |
135 | uint32_t bytes_avail; /* bytes available in payload block */ |
136 | uint64_t file_offset; /* absolute offset in bytes, in file */ |
137 | uint64_t block_offset; /* block offset, in bytes */ |
138 | } VHDXSectorInfo; |
139 | |
140 | /* Calculates new checksum. |
141 | * |
142 | * Zero is substituted during crc calculation for the original crc field |
143 | * crc_offset: byte offset in buf of the buffer crc |
144 | * buf: buffer pointer |
145 | * size: size of buffer (must be > crc_offset+4) |
146 | * |
147 | * Note: The buffer should have all multi-byte data in little-endian format, |
148 | * and the resulting checksum is in little endian format. |
149 | */ |
150 | uint32_t vhdx_update_checksum(uint8_t *buf, size_t size, int crc_offset) |
151 | { |
152 | uint32_t crc; |
153 | |
154 | assert(buf != NULL); |
155 | assert(size > (crc_offset + sizeof(crc))); |
156 | |
157 | memset(buf + crc_offset, 0, sizeof(crc)); |
158 | crc = crc32c(0xffffffff, buf, size); |
159 | crc = cpu_to_le32(crc); |
160 | memcpy(buf + crc_offset, &crc, sizeof(crc)); |
161 | |
162 | return crc; |
163 | } |
164 | |
165 | uint32_t vhdx_checksum_calc(uint32_t crc, uint8_t *buf, size_t size, |
166 | int crc_offset) |
167 | { |
168 | uint32_t crc_new; |
169 | uint32_t crc_orig; |
170 | assert(buf != NULL); |
171 | |
172 | if (crc_offset > 0) { |
173 | memcpy(&crc_orig, buf + crc_offset, sizeof(crc_orig)); |
174 | memset(buf + crc_offset, 0, sizeof(crc_orig)); |
175 | } |
176 | |
177 | crc_new = crc32c(crc, buf, size); |
178 | if (crc_offset > 0) { |
179 | memcpy(buf + crc_offset, &crc_orig, sizeof(crc_orig)); |
180 | } |
181 | |
182 | return crc_new; |
183 | } |
184 | |
185 | /* Validates the checksum of the buffer, with an in-place CRC. |
186 | * |
187 | * Zero is substituted during crc calculation for the original crc field, |
188 | * and the crc field is restored afterwards. But the buffer will be modified |
189 | * during the calculation, so this may not be not suitable for multi-threaded |
190 | * use. |
191 | * |
192 | * crc_offset: byte offset in buf of the buffer crc |
193 | * buf: buffer pointer |
194 | * size: size of buffer (must be > crc_offset+4) |
195 | * |
196 | * returns true if checksum is valid, false otherwise |
197 | */ |
198 | bool vhdx_checksum_is_valid(uint8_t *buf, size_t size, int crc_offset) |
199 | { |
200 | uint32_t crc_orig; |
201 | uint32_t crc; |
202 | |
203 | assert(buf != NULL); |
204 | assert(size > (crc_offset + 4)); |
205 | |
206 | memcpy(&crc_orig, buf + crc_offset, sizeof(crc_orig)); |
207 | crc_orig = le32_to_cpu(crc_orig); |
208 | |
209 | crc = vhdx_checksum_calc(0xffffffff, buf, size, crc_offset); |
210 | |
211 | return crc == crc_orig; |
212 | } |
213 | |
214 | |
215 | /* |
216 | * This generates a UUID that is compliant with the MS GUIDs used |
217 | * in the VHDX spec (and elsewhere). |
218 | */ |
219 | void vhdx_guid_generate(MSGUID *guid) |
220 | { |
221 | QemuUUID uuid; |
222 | assert(guid != NULL); |
223 | |
224 | qemu_uuid_generate(&uuid); |
225 | memcpy(guid, &uuid, sizeof(MSGUID)); |
226 | } |
227 | |
228 | /* Check for region overlaps inside the VHDX image */ |
229 | static int vhdx_region_check(BDRVVHDXState *s, uint64_t start, uint64_t length) |
230 | { |
231 | int ret = 0; |
232 | uint64_t end; |
233 | VHDXRegionEntry *r; |
234 | |
235 | end = start + length; |
236 | QLIST_FOREACH(r, &s->regions, entries) { |
237 | if (!((start >= r->end) || (end <= r->start))) { |
238 | ret = -EINVAL; |
239 | goto exit; |
240 | } |
241 | } |
242 | |
243 | exit: |
244 | return ret; |
245 | } |
246 | |
247 | /* Register a region for future checks */ |
248 | static void vhdx_region_register(BDRVVHDXState *s, |
249 | uint64_t start, uint64_t length) |
250 | { |
251 | VHDXRegionEntry *r; |
252 | |
253 | r = g_malloc0(sizeof(*r)); |
254 | |
255 | r->start = start; |
256 | r->end = start + length; |
257 | |
258 | QLIST_INSERT_HEAD(&s->regions, r, entries); |
259 | } |
260 | |
261 | /* Free all registered regions */ |
262 | static void vhdx_region_unregister_all(BDRVVHDXState *s) |
263 | { |
264 | VHDXRegionEntry *r, *r_next; |
265 | |
266 | QLIST_FOREACH_SAFE(r, &s->regions, entries, r_next) { |
267 | QLIST_REMOVE(r, entries); |
268 | g_free(r); |
269 | } |
270 | } |
271 | |
272 | static void vhdx_set_shift_bits(BDRVVHDXState *s) |
273 | { |
274 | s->logical_sector_size_bits = ctz32(s->logical_sector_size); |
275 | s->sectors_per_block_bits = ctz32(s->sectors_per_block); |
276 | s->chunk_ratio_bits = ctz64(s->chunk_ratio); |
277 | s->block_size_bits = ctz32(s->block_size); |
278 | } |
279 | |
280 | /* |
281 | * Per the MS VHDX Specification, for every VHDX file: |
282 | * - The header section is fixed size - 1 MB |
283 | * - The header section is always the first "object" |
284 | * - The first 64KB of the header is the File Identifier |
285 | * - The first uint64 (8 bytes) is the VHDX Signature ("vhdxfile") |
286 | * - The following 512 bytes constitute a UTF-16 string identifiying the |
287 | * software that created the file, and is optional and diagnostic only. |
288 | * |
289 | * Therefore, we probe by looking for the vhdxfile signature "vhdxfile" |
290 | */ |
291 | static int vhdx_probe(const uint8_t *buf, int buf_size, const char *filename) |
292 | { |
293 | if (buf_size >= 8 && !memcmp(buf, "vhdxfile" , 8)) { |
294 | return 100; |
295 | } |
296 | return 0; |
297 | } |
298 | |
299 | /* |
300 | * Writes the header to the specified offset. |
301 | * |
302 | * This will optionally read in buffer data from disk (otherwise zero-fill), |
303 | * and then update the header checksum. Header is converted to proper |
304 | * endianness before being written to the specified file offset |
305 | */ |
306 | static int (BdrvChild *file, VHDXHeader *hdr, |
307 | uint64_t offset, bool read) |
308 | { |
309 | BlockDriverState *bs_file = file->bs; |
310 | uint8_t *buffer = NULL; |
311 | int ret; |
312 | VHDXHeader *; |
313 | |
314 | assert(bs_file != NULL); |
315 | assert(hdr != NULL); |
316 | |
317 | /* the header checksum is not over just the packed size of VHDXHeader, |
318 | * but rather over the entire 'reserved' range for the header, which is |
319 | * 4KB (VHDX_HEADER_SIZE). */ |
320 | |
321 | buffer = qemu_blockalign(bs_file, VHDX_HEADER_SIZE); |
322 | if (read) { |
323 | /* if true, we can't assume the extra reserved bytes are 0 */ |
324 | ret = bdrv_pread(file, offset, buffer, VHDX_HEADER_SIZE); |
325 | if (ret < 0) { |
326 | goto exit; |
327 | } |
328 | } else { |
329 | memset(buffer, 0, VHDX_HEADER_SIZE); |
330 | } |
331 | |
332 | /* overwrite the actual VHDXHeader portion */ |
333 | header_le = (VHDXHeader *)buffer; |
334 | memcpy(header_le, hdr, sizeof(VHDXHeader)); |
335 | vhdx_header_le_export(hdr, header_le); |
336 | vhdx_update_checksum(buffer, VHDX_HEADER_SIZE, |
337 | offsetof(VHDXHeader, checksum)); |
338 | ret = bdrv_pwrite_sync(file, offset, header_le, sizeof(VHDXHeader)); |
339 | |
340 | exit: |
341 | qemu_vfree(buffer); |
342 | return ret; |
343 | } |
344 | |
345 | /* Update the VHDX headers |
346 | * |
347 | * This follows the VHDX spec procedures for header updates. |
348 | * |
349 | * - non-current header is updated with largest sequence number |
350 | */ |
351 | static int (BlockDriverState *bs, BDRVVHDXState *s, |
352 | bool generate_data_write_guid, MSGUID *log_guid) |
353 | { |
354 | int ret = 0; |
355 | int hdr_idx = 0; |
356 | uint64_t = VHDX_HEADER1_OFFSET; |
357 | |
358 | VHDXHeader *; |
359 | VHDXHeader *; |
360 | |
361 | /* operate on the non-current header */ |
362 | if (s->curr_header == 0) { |
363 | hdr_idx = 1; |
364 | header_offset = VHDX_HEADER2_OFFSET; |
365 | } |
366 | |
367 | active_header = s->headers[s->curr_header]; |
368 | inactive_header = s->headers[hdr_idx]; |
369 | |
370 | inactive_header->sequence_number = active_header->sequence_number + 1; |
371 | |
372 | /* a new file guid must be generated before any file write, including |
373 | * headers */ |
374 | inactive_header->file_write_guid = s->session_guid; |
375 | |
376 | /* a new data guid only needs to be generated before any guest-visible |
377 | * writes (i.e. something observable via virtual disk read) */ |
378 | if (generate_data_write_guid) { |
379 | vhdx_guid_generate(&inactive_header->data_write_guid); |
380 | } |
381 | |
382 | /* update the log guid if present */ |
383 | if (log_guid) { |
384 | inactive_header->log_guid = *log_guid; |
385 | } |
386 | |
387 | ret = vhdx_write_header(bs->file, inactive_header, header_offset, true); |
388 | if (ret < 0) { |
389 | goto exit; |
390 | } |
391 | s->curr_header = hdr_idx; |
392 | |
393 | exit: |
394 | return ret; |
395 | } |
396 | |
397 | /* |
398 | * The VHDX spec calls for header updates to be performed twice, so that both |
399 | * the current and non-current header have valid info |
400 | */ |
401 | int (BlockDriverState *bs, BDRVVHDXState *s, |
402 | bool generate_data_write_guid, MSGUID *log_guid) |
403 | { |
404 | int ret; |
405 | |
406 | ret = vhdx_update_header(bs, s, generate_data_write_guid, log_guid); |
407 | if (ret < 0) { |
408 | return ret; |
409 | } |
410 | ret = vhdx_update_header(bs, s, generate_data_write_guid, log_guid); |
411 | return ret; |
412 | } |
413 | |
414 | /* opens the specified header block from the VHDX file header section */ |
415 | static void (BlockDriverState *bs, BDRVVHDXState *s, |
416 | Error **errp) |
417 | { |
418 | int ret; |
419 | VHDXHeader *; |
420 | VHDXHeader *; |
421 | bool h1_valid = false; |
422 | bool h2_valid = false; |
423 | uint64_t h1_seq = 0; |
424 | uint64_t h2_seq = 0; |
425 | uint8_t *buffer; |
426 | |
427 | /* header1 & header2 are freed in vhdx_close() */ |
428 | header1 = qemu_blockalign(bs, sizeof(VHDXHeader)); |
429 | header2 = qemu_blockalign(bs, sizeof(VHDXHeader)); |
430 | |
431 | buffer = qemu_blockalign(bs, VHDX_HEADER_SIZE); |
432 | |
433 | s->headers[0] = header1; |
434 | s->headers[1] = header2; |
435 | |
436 | /* We have to read the whole VHDX_HEADER_SIZE instead of |
437 | * sizeof(VHDXHeader), because the checksum is over the whole |
438 | * region */ |
439 | ret = bdrv_pread(bs->file, VHDX_HEADER1_OFFSET, buffer, |
440 | VHDX_HEADER_SIZE); |
441 | if (ret < 0) { |
442 | goto fail; |
443 | } |
444 | /* copy over just the relevant portion that we need */ |
445 | memcpy(header1, buffer, sizeof(VHDXHeader)); |
446 | |
447 | if (vhdx_checksum_is_valid(buffer, VHDX_HEADER_SIZE, 4)) { |
448 | vhdx_header_le_import(header1); |
449 | if (header1->signature == VHDX_HEADER_SIGNATURE && |
450 | header1->version == 1) { |
451 | h1_seq = header1->sequence_number; |
452 | h1_valid = true; |
453 | } |
454 | } |
455 | |
456 | ret = bdrv_pread(bs->file, VHDX_HEADER2_OFFSET, buffer, |
457 | VHDX_HEADER_SIZE); |
458 | if (ret < 0) { |
459 | goto fail; |
460 | } |
461 | /* copy over just the relevant portion that we need */ |
462 | memcpy(header2, buffer, sizeof(VHDXHeader)); |
463 | |
464 | if (vhdx_checksum_is_valid(buffer, VHDX_HEADER_SIZE, 4)) { |
465 | vhdx_header_le_import(header2); |
466 | if (header2->signature == VHDX_HEADER_SIGNATURE && |
467 | header2->version == 1) { |
468 | h2_seq = header2->sequence_number; |
469 | h2_valid = true; |
470 | } |
471 | } |
472 | |
473 | /* If there is only 1 valid header (or no valid headers), we |
474 | * don't care what the sequence numbers are */ |
475 | if (h1_valid && !h2_valid) { |
476 | s->curr_header = 0; |
477 | } else if (!h1_valid && h2_valid) { |
478 | s->curr_header = 1; |
479 | } else if (!h1_valid && !h2_valid) { |
480 | goto fail; |
481 | } else { |
482 | /* If both headers are valid, then we choose the active one by the |
483 | * highest sequence number. If the sequence numbers are equal, that is |
484 | * invalid */ |
485 | if (h1_seq > h2_seq) { |
486 | s->curr_header = 0; |
487 | } else if (h2_seq > h1_seq) { |
488 | s->curr_header = 1; |
489 | } else { |
490 | /* The Microsoft Disk2VHD tool will create 2 identical |
491 | * headers, with identical sequence numbers. If the headers are |
492 | * identical, don't consider the file corrupt */ |
493 | if (!memcmp(header1, header2, sizeof(VHDXHeader))) { |
494 | s->curr_header = 0; |
495 | } else { |
496 | goto fail; |
497 | } |
498 | } |
499 | } |
500 | |
501 | vhdx_region_register(s, s->headers[s->curr_header]->log_offset, |
502 | s->headers[s->curr_header]->log_length); |
503 | goto exit; |
504 | |
505 | fail: |
506 | error_setg_errno(errp, -ret, "No valid VHDX header found" ); |
507 | qemu_vfree(header1); |
508 | qemu_vfree(header2); |
509 | s->headers[0] = NULL; |
510 | s->headers[1] = NULL; |
511 | exit: |
512 | qemu_vfree(buffer); |
513 | } |
514 | |
515 | |
516 | static int vhdx_open_region_tables(BlockDriverState *bs, BDRVVHDXState *s) |
517 | { |
518 | int ret = 0; |
519 | uint8_t *buffer; |
520 | int offset = 0; |
521 | VHDXRegionTableEntry rt_entry; |
522 | uint32_t i; |
523 | bool bat_rt_found = false; |
524 | bool metadata_rt_found = false; |
525 | |
526 | /* We have to read the whole 64KB block, because the crc32 is over the |
527 | * whole block */ |
528 | buffer = qemu_blockalign(bs, VHDX_HEADER_BLOCK_SIZE); |
529 | |
530 | ret = bdrv_pread(bs->file, VHDX_REGION_TABLE_OFFSET, buffer, |
531 | VHDX_HEADER_BLOCK_SIZE); |
532 | if (ret < 0) { |
533 | goto fail; |
534 | } |
535 | memcpy(&s->rt, buffer, sizeof(s->rt)); |
536 | offset += sizeof(s->rt); |
537 | |
538 | if (!vhdx_checksum_is_valid(buffer, VHDX_HEADER_BLOCK_SIZE, 4)) { |
539 | ret = -EINVAL; |
540 | goto fail; |
541 | } |
542 | |
543 | vhdx_region_header_le_import(&s->rt); |
544 | |
545 | if (s->rt.signature != VHDX_REGION_SIGNATURE) { |
546 | ret = -EINVAL; |
547 | goto fail; |
548 | } |
549 | |
550 | |
551 | /* Per spec, maximum region table entry count is 2047 */ |
552 | if (s->rt.entry_count > 2047) { |
553 | ret = -EINVAL; |
554 | goto fail; |
555 | } |
556 | |
557 | for (i = 0; i < s->rt.entry_count; i++) { |
558 | memcpy(&rt_entry, buffer + offset, sizeof(rt_entry)); |
559 | offset += sizeof(rt_entry); |
560 | |
561 | vhdx_region_entry_le_import(&rt_entry); |
562 | |
563 | /* check for region overlap between these entries, and any |
564 | * other memory regions in the file */ |
565 | ret = vhdx_region_check(s, rt_entry.file_offset, rt_entry.length); |
566 | if (ret < 0) { |
567 | goto fail; |
568 | } |
569 | |
570 | vhdx_region_register(s, rt_entry.file_offset, rt_entry.length); |
571 | |
572 | /* see if we recognize the entry */ |
573 | if (guid_eq(rt_entry.guid, bat_guid)) { |
574 | /* must be unique; if we have already found it this is invalid */ |
575 | if (bat_rt_found) { |
576 | ret = -EINVAL; |
577 | goto fail; |
578 | } |
579 | bat_rt_found = true; |
580 | s->bat_rt = rt_entry; |
581 | continue; |
582 | } |
583 | |
584 | if (guid_eq(rt_entry.guid, metadata_guid)) { |
585 | /* must be unique; if we have already found it this is invalid */ |
586 | if (metadata_rt_found) { |
587 | ret = -EINVAL; |
588 | goto fail; |
589 | } |
590 | metadata_rt_found = true; |
591 | s->metadata_rt = rt_entry; |
592 | continue; |
593 | } |
594 | |
595 | if (rt_entry.data_bits & VHDX_REGION_ENTRY_REQUIRED) { |
596 | /* cannot read vhdx file - required region table entry that |
597 | * we do not understand. per spec, we must fail to open */ |
598 | ret = -ENOTSUP; |
599 | goto fail; |
600 | } |
601 | } |
602 | |
603 | if (!bat_rt_found || !metadata_rt_found) { |
604 | ret = -EINVAL; |
605 | goto fail; |
606 | } |
607 | |
608 | ret = 0; |
609 | |
610 | fail: |
611 | qemu_vfree(buffer); |
612 | return ret; |
613 | } |
614 | |
615 | |
616 | |
617 | /* Metadata initial parser |
618 | * |
619 | * This loads all the metadata entry fields. This may cause additional |
620 | * fields to be processed (e.g. parent locator, etc..). |
621 | * |
622 | * There are 5 Metadata items that are always required: |
623 | * - File Parameters (block size, has a parent) |
624 | * - Virtual Disk Size (size, in bytes, of the virtual drive) |
625 | * - Page 83 Data (scsi page 83 guid) |
626 | * - Logical Sector Size (logical sector size in bytes, either 512 or |
627 | * 4096. We only support 512 currently) |
628 | * - Physical Sector Size (512 or 4096) |
629 | * |
630 | * Also, if the File Parameters indicate this is a differencing file, |
631 | * we must also look for the Parent Locator metadata item. |
632 | */ |
633 | static int vhdx_parse_metadata(BlockDriverState *bs, BDRVVHDXState *s) |
634 | { |
635 | int ret = 0; |
636 | uint8_t *buffer; |
637 | int offset = 0; |
638 | uint32_t i = 0; |
639 | VHDXMetadataTableEntry md_entry; |
640 | |
641 | buffer = qemu_blockalign(bs, VHDX_METADATA_TABLE_MAX_SIZE); |
642 | |
643 | ret = bdrv_pread(bs->file, s->metadata_rt.file_offset, buffer, |
644 | VHDX_METADATA_TABLE_MAX_SIZE); |
645 | if (ret < 0) { |
646 | goto exit; |
647 | } |
648 | memcpy(&s->metadata_hdr, buffer, sizeof(s->metadata_hdr)); |
649 | offset += sizeof(s->metadata_hdr); |
650 | |
651 | vhdx_metadata_header_le_import(&s->metadata_hdr); |
652 | |
653 | if (s->metadata_hdr.signature != VHDX_METADATA_SIGNATURE) { |
654 | ret = -EINVAL; |
655 | goto exit; |
656 | } |
657 | |
658 | s->metadata_entries.present = 0; |
659 | |
660 | if ((s->metadata_hdr.entry_count * sizeof(md_entry)) > |
661 | (VHDX_METADATA_TABLE_MAX_SIZE - offset)) { |
662 | ret = -EINVAL; |
663 | goto exit; |
664 | } |
665 | |
666 | for (i = 0; i < s->metadata_hdr.entry_count; i++) { |
667 | memcpy(&md_entry, buffer + offset, sizeof(md_entry)); |
668 | offset += sizeof(md_entry); |
669 | |
670 | vhdx_metadata_entry_le_import(&md_entry); |
671 | |
672 | if (guid_eq(md_entry.item_id, file_param_guid)) { |
673 | if (s->metadata_entries.present & META_FILE_PARAMETER_PRESENT) { |
674 | ret = -EINVAL; |
675 | goto exit; |
676 | } |
677 | s->metadata_entries.file_parameters_entry = md_entry; |
678 | s->metadata_entries.present |= META_FILE_PARAMETER_PRESENT; |
679 | continue; |
680 | } |
681 | |
682 | if (guid_eq(md_entry.item_id, virtual_size_guid)) { |
683 | if (s->metadata_entries.present & META_VIRTUAL_DISK_SIZE_PRESENT) { |
684 | ret = -EINVAL; |
685 | goto exit; |
686 | } |
687 | s->metadata_entries.virtual_disk_size_entry = md_entry; |
688 | s->metadata_entries.present |= META_VIRTUAL_DISK_SIZE_PRESENT; |
689 | continue; |
690 | } |
691 | |
692 | if (guid_eq(md_entry.item_id, page83_guid)) { |
693 | if (s->metadata_entries.present & META_PAGE_83_PRESENT) { |
694 | ret = -EINVAL; |
695 | goto exit; |
696 | } |
697 | s->metadata_entries.page83_data_entry = md_entry; |
698 | s->metadata_entries.present |= META_PAGE_83_PRESENT; |
699 | continue; |
700 | } |
701 | |
702 | if (guid_eq(md_entry.item_id, logical_sector_guid)) { |
703 | if (s->metadata_entries.present & |
704 | META_LOGICAL_SECTOR_SIZE_PRESENT) { |
705 | ret = -EINVAL; |
706 | goto exit; |
707 | } |
708 | s->metadata_entries.logical_sector_size_entry = md_entry; |
709 | s->metadata_entries.present |= META_LOGICAL_SECTOR_SIZE_PRESENT; |
710 | continue; |
711 | } |
712 | |
713 | if (guid_eq(md_entry.item_id, phys_sector_guid)) { |
714 | if (s->metadata_entries.present & META_PHYS_SECTOR_SIZE_PRESENT) { |
715 | ret = -EINVAL; |
716 | goto exit; |
717 | } |
718 | s->metadata_entries.phys_sector_size_entry = md_entry; |
719 | s->metadata_entries.present |= META_PHYS_SECTOR_SIZE_PRESENT; |
720 | continue; |
721 | } |
722 | |
723 | if (guid_eq(md_entry.item_id, parent_locator_guid)) { |
724 | if (s->metadata_entries.present & META_PARENT_LOCATOR_PRESENT) { |
725 | ret = -EINVAL; |
726 | goto exit; |
727 | } |
728 | s->metadata_entries.parent_locator_entry = md_entry; |
729 | s->metadata_entries.present |= META_PARENT_LOCATOR_PRESENT; |
730 | continue; |
731 | } |
732 | |
733 | if (md_entry.data_bits & VHDX_META_FLAGS_IS_REQUIRED) { |
734 | /* cannot read vhdx file - required region table entry that |
735 | * we do not understand. per spec, we must fail to open */ |
736 | ret = -ENOTSUP; |
737 | goto exit; |
738 | } |
739 | } |
740 | |
741 | if (s->metadata_entries.present != META_ALL_PRESENT) { |
742 | ret = -ENOTSUP; |
743 | goto exit; |
744 | } |
745 | |
746 | ret = bdrv_pread(bs->file, |
747 | s->metadata_entries.file_parameters_entry.offset |
748 | + s->metadata_rt.file_offset, |
749 | &s->params, |
750 | sizeof(s->params)); |
751 | |
752 | if (ret < 0) { |
753 | goto exit; |
754 | } |
755 | |
756 | s->params.block_size = le32_to_cpu(s->params.block_size); |
757 | s->params.data_bits = le32_to_cpu(s->params.data_bits); |
758 | |
759 | |
760 | /* We now have the file parameters, so we can tell if this is a |
761 | * differencing file (i.e.. has_parent), is dynamic or fixed |
762 | * sized (leave_blocks_allocated), and the block size */ |
763 | |
764 | /* The parent locator required iff the file parameters has_parent set */ |
765 | if (s->params.data_bits & VHDX_PARAMS_HAS_PARENT) { |
766 | if (s->metadata_entries.present & META_PARENT_LOCATOR_PRESENT) { |
767 | /* TODO: parse parent locator fields */ |
768 | ret = -ENOTSUP; /* temp, until differencing files are supported */ |
769 | goto exit; |
770 | } else { |
771 | /* if has_parent is set, but there is not parent locator present, |
772 | * then that is an invalid combination */ |
773 | ret = -EINVAL; |
774 | goto exit; |
775 | } |
776 | } |
777 | |
778 | /* determine virtual disk size, logical sector size, |
779 | * and phys sector size */ |
780 | |
781 | ret = bdrv_pread(bs->file, |
782 | s->metadata_entries.virtual_disk_size_entry.offset |
783 | + s->metadata_rt.file_offset, |
784 | &s->virtual_disk_size, |
785 | sizeof(uint64_t)); |
786 | if (ret < 0) { |
787 | goto exit; |
788 | } |
789 | ret = bdrv_pread(bs->file, |
790 | s->metadata_entries.logical_sector_size_entry.offset |
791 | + s->metadata_rt.file_offset, |
792 | &s->logical_sector_size, |
793 | sizeof(uint32_t)); |
794 | if (ret < 0) { |
795 | goto exit; |
796 | } |
797 | ret = bdrv_pread(bs->file, |
798 | s->metadata_entries.phys_sector_size_entry.offset |
799 | + s->metadata_rt.file_offset, |
800 | &s->physical_sector_size, |
801 | sizeof(uint32_t)); |
802 | if (ret < 0) { |
803 | goto exit; |
804 | } |
805 | |
806 | s->virtual_disk_size = le64_to_cpu(s->virtual_disk_size); |
807 | s->logical_sector_size = le32_to_cpu(s->logical_sector_size); |
808 | s->physical_sector_size = le32_to_cpu(s->physical_sector_size); |
809 | |
810 | if (s->params.block_size < VHDX_BLOCK_SIZE_MIN || |
811 | s->params.block_size > VHDX_BLOCK_SIZE_MAX) { |
812 | ret = -EINVAL; |
813 | goto exit; |
814 | } |
815 | |
816 | /* only 2 supported sector sizes */ |
817 | if (s->logical_sector_size != 512 && s->logical_sector_size != 4096) { |
818 | ret = -EINVAL; |
819 | goto exit; |
820 | } |
821 | |
822 | /* Both block_size and sector_size are guaranteed powers of 2, below. |
823 | Due to range checks above, s->sectors_per_block can never be < 256 */ |
824 | s->sectors_per_block = s->params.block_size / s->logical_sector_size; |
825 | s->chunk_ratio = (VHDX_MAX_SECTORS_PER_BLOCK) * |
826 | (uint64_t)s->logical_sector_size / |
827 | (uint64_t)s->params.block_size; |
828 | |
829 | /* These values are ones we will want to use for division / multiplication |
830 | * later on, and they are all guaranteed (per the spec) to be powers of 2, |
831 | * so we can take advantage of that for shift operations during |
832 | * reads/writes */ |
833 | if (s->logical_sector_size & (s->logical_sector_size - 1)) { |
834 | ret = -EINVAL; |
835 | goto exit; |
836 | } |
837 | if (s->sectors_per_block & (s->sectors_per_block - 1)) { |
838 | ret = -EINVAL; |
839 | goto exit; |
840 | } |
841 | if (s->chunk_ratio & (s->chunk_ratio - 1)) { |
842 | ret = -EINVAL; |
843 | goto exit; |
844 | } |
845 | s->block_size = s->params.block_size; |
846 | if (s->block_size & (s->block_size - 1)) { |
847 | ret = -EINVAL; |
848 | goto exit; |
849 | } |
850 | |
851 | vhdx_set_shift_bits(s); |
852 | |
853 | ret = 0; |
854 | |
855 | exit: |
856 | qemu_vfree(buffer); |
857 | return ret; |
858 | } |
859 | |
860 | /* |
861 | * Calculate the number of BAT entries, including sector |
862 | * bitmap entries. |
863 | */ |
864 | static void vhdx_calc_bat_entries(BDRVVHDXState *s) |
865 | { |
866 | uint32_t data_blocks_cnt, bitmap_blocks_cnt; |
867 | |
868 | data_blocks_cnt = DIV_ROUND_UP(s->virtual_disk_size, s->block_size); |
869 | bitmap_blocks_cnt = DIV_ROUND_UP(data_blocks_cnt, s->chunk_ratio); |
870 | |
871 | if (s->parent_entries) { |
872 | s->bat_entries = bitmap_blocks_cnt * (s->chunk_ratio + 1); |
873 | } else { |
874 | s->bat_entries = data_blocks_cnt + |
875 | ((data_blocks_cnt - 1) >> s->chunk_ratio_bits); |
876 | } |
877 | |
878 | } |
879 | |
880 | static void vhdx_close(BlockDriverState *bs) |
881 | { |
882 | BDRVVHDXState *s = bs->opaque; |
883 | qemu_vfree(s->headers[0]); |
884 | s->headers[0] = NULL; |
885 | qemu_vfree(s->headers[1]); |
886 | s->headers[1] = NULL; |
887 | qemu_vfree(s->bat); |
888 | s->bat = NULL; |
889 | qemu_vfree(s->parent_entries); |
890 | s->parent_entries = NULL; |
891 | migrate_del_blocker(s->migration_blocker); |
892 | error_free(s->migration_blocker); |
893 | qemu_vfree(s->log.hdr); |
894 | s->log.hdr = NULL; |
895 | vhdx_region_unregister_all(s); |
896 | } |
897 | |
898 | static int vhdx_open(BlockDriverState *bs, QDict *options, int flags, |
899 | Error **errp) |
900 | { |
901 | BDRVVHDXState *s = bs->opaque; |
902 | int ret = 0; |
903 | uint32_t i; |
904 | uint64_t signature; |
905 | Error *local_err = NULL; |
906 | |
907 | bs->file = bdrv_open_child(NULL, options, "file" , bs, &child_file, |
908 | false, errp); |
909 | if (!bs->file) { |
910 | return -EINVAL; |
911 | } |
912 | |
913 | s->bat = NULL; |
914 | s->first_visible_write = true; |
915 | |
916 | qemu_co_mutex_init(&s->lock); |
917 | QLIST_INIT(&s->regions); |
918 | |
919 | /* validate the file signature */ |
920 | ret = bdrv_pread(bs->file, 0, &signature, sizeof(uint64_t)); |
921 | if (ret < 0) { |
922 | goto fail; |
923 | } |
924 | if (memcmp(&signature, "vhdxfile" , 8)) { |
925 | ret = -EINVAL; |
926 | goto fail; |
927 | } |
928 | |
929 | /* This is used for any header updates, for the file_write_guid. |
930 | * The spec dictates that a new value should be used for the first |
931 | * header update */ |
932 | vhdx_guid_generate(&s->session_guid); |
933 | |
934 | vhdx_parse_header(bs, s, &local_err); |
935 | if (local_err != NULL) { |
936 | error_propagate(errp, local_err); |
937 | ret = -EINVAL; |
938 | goto fail; |
939 | } |
940 | |
941 | ret = vhdx_parse_log(bs, s, &s->log_replayed_on_open, errp); |
942 | if (ret < 0) { |
943 | goto fail; |
944 | } |
945 | |
946 | ret = vhdx_open_region_tables(bs, s); |
947 | if (ret < 0) { |
948 | goto fail; |
949 | } |
950 | |
951 | ret = vhdx_parse_metadata(bs, s); |
952 | if (ret < 0) { |
953 | goto fail; |
954 | } |
955 | |
956 | s->block_size = s->params.block_size; |
957 | |
958 | /* the VHDX spec dictates that virtual_disk_size is always a multiple of |
959 | * logical_sector_size */ |
960 | bs->total_sectors = s->virtual_disk_size >> s->logical_sector_size_bits; |
961 | |
962 | vhdx_calc_bat_entries(s); |
963 | |
964 | s->bat_offset = s->bat_rt.file_offset; |
965 | |
966 | if (s->bat_entries > s->bat_rt.length / sizeof(VHDXBatEntry)) { |
967 | /* BAT allocation is not large enough for all entries */ |
968 | ret = -EINVAL; |
969 | goto fail; |
970 | } |
971 | |
972 | /* s->bat is freed in vhdx_close() */ |
973 | s->bat = qemu_try_blockalign(bs->file->bs, s->bat_rt.length); |
974 | if (s->bat == NULL) { |
975 | ret = -ENOMEM; |
976 | goto fail; |
977 | } |
978 | |
979 | ret = bdrv_pread(bs->file, s->bat_offset, s->bat, s->bat_rt.length); |
980 | if (ret < 0) { |
981 | goto fail; |
982 | } |
983 | |
984 | uint64_t payblocks = s->chunk_ratio; |
985 | /* endian convert, and verify populated BAT field file offsets against |
986 | * region table and log entries */ |
987 | for (i = 0; i < s->bat_entries; i++) { |
988 | s->bat[i] = le64_to_cpu(s->bat[i]); |
989 | if (payblocks--) { |
990 | /* payload bat entries */ |
991 | if ((s->bat[i] & VHDX_BAT_STATE_BIT_MASK) == |
992 | PAYLOAD_BLOCK_FULLY_PRESENT) { |
993 | ret = vhdx_region_check(s, s->bat[i] & VHDX_BAT_FILE_OFF_MASK, |
994 | s->block_size); |
995 | if (ret < 0) { |
996 | goto fail; |
997 | } |
998 | } |
999 | } else { |
1000 | payblocks = s->chunk_ratio; |
1001 | /* Once differencing files are supported, verify sector bitmap |
1002 | * blocks here */ |
1003 | } |
1004 | } |
1005 | |
1006 | /* Disable migration when VHDX images are used */ |
1007 | error_setg(&s->migration_blocker, "The vhdx format used by node '%s' " |
1008 | "does not support live migration" , |
1009 | bdrv_get_device_or_node_name(bs)); |
1010 | ret = migrate_add_blocker(s->migration_blocker, &local_err); |
1011 | if (local_err) { |
1012 | error_propagate(errp, local_err); |
1013 | error_free(s->migration_blocker); |
1014 | goto fail; |
1015 | } |
1016 | |
1017 | /* TODO: differencing files */ |
1018 | |
1019 | return 0; |
1020 | fail: |
1021 | vhdx_close(bs); |
1022 | return ret; |
1023 | } |
1024 | |
1025 | static int vhdx_reopen_prepare(BDRVReopenState *state, |
1026 | BlockReopenQueue *queue, Error **errp) |
1027 | { |
1028 | return 0; |
1029 | } |
1030 | |
1031 | |
1032 | /* |
1033 | * Perform sector to block offset translations, to get various |
1034 | * sector and file offsets into the image. See VHDXSectorInfo |
1035 | */ |
1036 | static void vhdx_block_translate(BDRVVHDXState *s, int64_t sector_num, |
1037 | int nb_sectors, VHDXSectorInfo *sinfo) |
1038 | { |
1039 | uint32_t block_offset; |
1040 | |
1041 | sinfo->bat_idx = sector_num >> s->sectors_per_block_bits; |
1042 | /* effectively a modulo - this gives us the offset into the block |
1043 | * (in sector sizes) for our sector number */ |
1044 | block_offset = sector_num - (sinfo->bat_idx << s->sectors_per_block_bits); |
1045 | /* the chunk ratio gives us the interleaving of the sector |
1046 | * bitmaps, so we need to advance our page block index by the |
1047 | * sector bitmaps entry number */ |
1048 | sinfo->bat_idx += sinfo->bat_idx >> s->chunk_ratio_bits; |
1049 | |
1050 | /* the number of sectors we can read/write in this cycle */ |
1051 | sinfo->sectors_avail = s->sectors_per_block - block_offset; |
1052 | |
1053 | sinfo->bytes_left = sinfo->sectors_avail << s->logical_sector_size_bits; |
1054 | |
1055 | if (sinfo->sectors_avail > nb_sectors) { |
1056 | sinfo->sectors_avail = nb_sectors; |
1057 | } |
1058 | |
1059 | sinfo->bytes_avail = sinfo->sectors_avail << s->logical_sector_size_bits; |
1060 | |
1061 | sinfo->file_offset = s->bat[sinfo->bat_idx] & VHDX_BAT_FILE_OFF_MASK; |
1062 | |
1063 | sinfo->block_offset = block_offset << s->logical_sector_size_bits; |
1064 | |
1065 | /* The file offset must be past the header section, so must be > 0 */ |
1066 | if (sinfo->file_offset == 0) { |
1067 | return; |
1068 | } |
1069 | |
1070 | /* block offset is the offset in vhdx logical sectors, in |
1071 | * the payload data block. Convert that to a byte offset |
1072 | * in the block, and add in the payload data block offset |
1073 | * in the file, in bytes, to get the final read address */ |
1074 | |
1075 | sinfo->file_offset += sinfo->block_offset; |
1076 | } |
1077 | |
1078 | |
1079 | static int vhdx_get_info(BlockDriverState *bs, BlockDriverInfo *bdi) |
1080 | { |
1081 | BDRVVHDXState *s = bs->opaque; |
1082 | |
1083 | bdi->cluster_size = s->block_size; |
1084 | |
1085 | bdi->unallocated_blocks_are_zero = |
1086 | (s->params.data_bits & VHDX_PARAMS_HAS_PARENT) == 0; |
1087 | |
1088 | return 0; |
1089 | } |
1090 | |
1091 | |
1092 | static coroutine_fn int vhdx_co_readv(BlockDriverState *bs, int64_t sector_num, |
1093 | int nb_sectors, QEMUIOVector *qiov) |
1094 | { |
1095 | BDRVVHDXState *s = bs->opaque; |
1096 | int ret = 0; |
1097 | VHDXSectorInfo sinfo; |
1098 | uint64_t bytes_done = 0; |
1099 | QEMUIOVector hd_qiov; |
1100 | |
1101 | qemu_iovec_init(&hd_qiov, qiov->niov); |
1102 | |
1103 | qemu_co_mutex_lock(&s->lock); |
1104 | |
1105 | while (nb_sectors > 0) { |
1106 | /* We are a differencing file, so we need to inspect the sector bitmap |
1107 | * to see if we have the data or not */ |
1108 | if (s->params.data_bits & VHDX_PARAMS_HAS_PARENT) { |
1109 | /* not supported yet */ |
1110 | ret = -ENOTSUP; |
1111 | goto exit; |
1112 | } else { |
1113 | vhdx_block_translate(s, sector_num, nb_sectors, &sinfo); |
1114 | |
1115 | qemu_iovec_reset(&hd_qiov); |
1116 | qemu_iovec_concat(&hd_qiov, qiov, bytes_done, sinfo.bytes_avail); |
1117 | |
1118 | /* check the payload block state */ |
1119 | switch (s->bat[sinfo.bat_idx] & VHDX_BAT_STATE_BIT_MASK) { |
1120 | case PAYLOAD_BLOCK_NOT_PRESENT: /* fall through */ |
1121 | case PAYLOAD_BLOCK_UNDEFINED: |
1122 | case PAYLOAD_BLOCK_UNMAPPED: |
1123 | case PAYLOAD_BLOCK_UNMAPPED_v095: |
1124 | case PAYLOAD_BLOCK_ZERO: |
1125 | /* return zero */ |
1126 | qemu_iovec_memset(&hd_qiov, 0, 0, sinfo.bytes_avail); |
1127 | break; |
1128 | case PAYLOAD_BLOCK_FULLY_PRESENT: |
1129 | qemu_co_mutex_unlock(&s->lock); |
1130 | ret = bdrv_co_preadv(bs->file, sinfo.file_offset, |
1131 | sinfo.sectors_avail * BDRV_SECTOR_SIZE, |
1132 | &hd_qiov, 0); |
1133 | qemu_co_mutex_lock(&s->lock); |
1134 | if (ret < 0) { |
1135 | goto exit; |
1136 | } |
1137 | break; |
1138 | case PAYLOAD_BLOCK_PARTIALLY_PRESENT: |
1139 | /* we don't yet support difference files, fall through |
1140 | * to error */ |
1141 | default: |
1142 | ret = -EIO; |
1143 | goto exit; |
1144 | break; |
1145 | } |
1146 | nb_sectors -= sinfo.sectors_avail; |
1147 | sector_num += sinfo.sectors_avail; |
1148 | bytes_done += sinfo.bytes_avail; |
1149 | } |
1150 | } |
1151 | ret = 0; |
1152 | exit: |
1153 | qemu_co_mutex_unlock(&s->lock); |
1154 | qemu_iovec_destroy(&hd_qiov); |
1155 | return ret; |
1156 | } |
1157 | |
1158 | /* |
1159 | * Allocate a new payload block at the end of the file. |
1160 | * |
1161 | * Allocation will happen at 1MB alignment inside the file |
1162 | * |
1163 | * Returns the file offset start of the new payload block |
1164 | */ |
1165 | static int vhdx_allocate_block(BlockDriverState *bs, BDRVVHDXState *s, |
1166 | uint64_t *new_offset) |
1167 | { |
1168 | int64_t current_len; |
1169 | |
1170 | current_len = bdrv_getlength(bs->file->bs); |
1171 | if (current_len < 0) { |
1172 | return current_len; |
1173 | } |
1174 | |
1175 | *new_offset = current_len; |
1176 | |
1177 | /* per the spec, the address for a block is in units of 1MB */ |
1178 | *new_offset = ROUND_UP(*new_offset, 1 * MiB); |
1179 | if (*new_offset > INT64_MAX) { |
1180 | return -EINVAL; |
1181 | } |
1182 | |
1183 | return bdrv_truncate(bs->file, *new_offset + s->block_size, |
1184 | PREALLOC_MODE_OFF, NULL); |
1185 | } |
1186 | |
1187 | /* |
1188 | * Update the BAT table entry with the new file offset, and the new entry |
1189 | * state */ |
1190 | static void vhdx_update_bat_table_entry(BlockDriverState *bs, BDRVVHDXState *s, |
1191 | VHDXSectorInfo *sinfo, |
1192 | uint64_t *bat_entry_le, |
1193 | uint64_t *bat_offset, int state) |
1194 | { |
1195 | /* The BAT entry is a uint64, with 44 bits for the file offset in units of |
1196 | * 1MB, and 3 bits for the block state. */ |
1197 | if ((state == PAYLOAD_BLOCK_ZERO) || |
1198 | (state == PAYLOAD_BLOCK_UNDEFINED) || |
1199 | (state == PAYLOAD_BLOCK_NOT_PRESENT) || |
1200 | (state == PAYLOAD_BLOCK_UNMAPPED)) { |
1201 | s->bat[sinfo->bat_idx] = 0; /* For PAYLOAD_BLOCK_ZERO, the |
1202 | FileOffsetMB field is denoted as |
1203 | 'reserved' in the v1.0 spec. If it is |
1204 | non-zero, MS Hyper-V will fail to read |
1205 | the disk image */ |
1206 | } else { |
1207 | s->bat[sinfo->bat_idx] = sinfo->file_offset; |
1208 | } |
1209 | |
1210 | s->bat[sinfo->bat_idx] |= state & VHDX_BAT_STATE_BIT_MASK; |
1211 | |
1212 | *bat_entry_le = cpu_to_le64(s->bat[sinfo->bat_idx]); |
1213 | *bat_offset = s->bat_offset + sinfo->bat_idx * sizeof(VHDXBatEntry); |
1214 | |
1215 | } |
1216 | |
1217 | /* Per the spec, on the first write of guest-visible data to the file the |
1218 | * data write guid must be updated in the header */ |
1219 | int vhdx_user_visible_write(BlockDriverState *bs, BDRVVHDXState *s) |
1220 | { |
1221 | int ret = 0; |
1222 | if (s->first_visible_write) { |
1223 | s->first_visible_write = false; |
1224 | ret = vhdx_update_headers(bs, s, true, NULL); |
1225 | } |
1226 | return ret; |
1227 | } |
1228 | |
1229 | static coroutine_fn int vhdx_co_writev(BlockDriverState *bs, int64_t sector_num, |
1230 | int nb_sectors, QEMUIOVector *qiov, |
1231 | int flags) |
1232 | { |
1233 | int ret = -ENOTSUP; |
1234 | BDRVVHDXState *s = bs->opaque; |
1235 | VHDXSectorInfo sinfo; |
1236 | uint64_t bytes_done = 0; |
1237 | uint64_t bat_entry = 0; |
1238 | uint64_t bat_entry_offset = 0; |
1239 | QEMUIOVector hd_qiov; |
1240 | struct iovec iov1 = { 0 }; |
1241 | struct iovec iov2 = { 0 }; |
1242 | int sectors_to_write; |
1243 | int bat_state; |
1244 | uint64_t bat_prior_offset = 0; |
1245 | bool bat_update = false; |
1246 | |
1247 | assert(!flags); |
1248 | qemu_iovec_init(&hd_qiov, qiov->niov); |
1249 | |
1250 | qemu_co_mutex_lock(&s->lock); |
1251 | |
1252 | ret = vhdx_user_visible_write(bs, s); |
1253 | if (ret < 0) { |
1254 | goto exit; |
1255 | } |
1256 | |
1257 | while (nb_sectors > 0) { |
1258 | bool use_zero_buffers = false; |
1259 | bat_update = false; |
1260 | if (s->params.data_bits & VHDX_PARAMS_HAS_PARENT) { |
1261 | /* not supported yet */ |
1262 | ret = -ENOTSUP; |
1263 | goto exit; |
1264 | } else { |
1265 | vhdx_block_translate(s, sector_num, nb_sectors, &sinfo); |
1266 | sectors_to_write = sinfo.sectors_avail; |
1267 | |
1268 | qemu_iovec_reset(&hd_qiov); |
1269 | /* check the payload block state */ |
1270 | bat_state = s->bat[sinfo.bat_idx] & VHDX_BAT_STATE_BIT_MASK; |
1271 | switch (bat_state) { |
1272 | case PAYLOAD_BLOCK_ZERO: |
1273 | /* in this case, we need to preserve zero writes for |
1274 | * data that is not part of this write, so we must pad |
1275 | * the rest of the buffer to zeroes */ |
1276 | |
1277 | /* if we are on a posix system with ftruncate() that extends |
1278 | * a file, then it is zero-filled for us. On Win32, the raw |
1279 | * layer uses SetFilePointer and SetFileEnd, which does not |
1280 | * zero fill AFAIK */ |
1281 | |
1282 | /* Queue another write of zero buffers if the underlying file |
1283 | * does not zero-fill on file extension */ |
1284 | |
1285 | if (bdrv_has_zero_init_truncate(bs->file->bs) == 0) { |
1286 | use_zero_buffers = true; |
1287 | |
1288 | /* zero fill the front, if any */ |
1289 | if (sinfo.block_offset) { |
1290 | iov1.iov_len = sinfo.block_offset; |
1291 | iov1.iov_base = qemu_blockalign(bs, iov1.iov_len); |
1292 | memset(iov1.iov_base, 0, iov1.iov_len); |
1293 | qemu_iovec_concat_iov(&hd_qiov, &iov1, 1, 0, |
1294 | iov1.iov_len); |
1295 | sectors_to_write += iov1.iov_len >> BDRV_SECTOR_BITS; |
1296 | } |
1297 | |
1298 | /* our actual data */ |
1299 | qemu_iovec_concat(&hd_qiov, qiov, bytes_done, |
1300 | sinfo.bytes_avail); |
1301 | |
1302 | /* zero fill the back, if any */ |
1303 | if ((sinfo.bytes_avail - sinfo.block_offset) < |
1304 | s->block_size) { |
1305 | iov2.iov_len = s->block_size - |
1306 | (sinfo.bytes_avail + sinfo.block_offset); |
1307 | iov2.iov_base = qemu_blockalign(bs, iov2.iov_len); |
1308 | memset(iov2.iov_base, 0, iov2.iov_len); |
1309 | qemu_iovec_concat_iov(&hd_qiov, &iov2, 1, 0, |
1310 | iov2.iov_len); |
1311 | sectors_to_write += iov2.iov_len >> BDRV_SECTOR_BITS; |
1312 | } |
1313 | } |
1314 | /* fall through */ |
1315 | case PAYLOAD_BLOCK_NOT_PRESENT: /* fall through */ |
1316 | case PAYLOAD_BLOCK_UNMAPPED: |
1317 | case PAYLOAD_BLOCK_UNMAPPED_v095: |
1318 | case PAYLOAD_BLOCK_UNDEFINED: |
1319 | bat_prior_offset = sinfo.file_offset; |
1320 | ret = vhdx_allocate_block(bs, s, &sinfo.file_offset); |
1321 | if (ret < 0) { |
1322 | goto exit; |
1323 | } |
1324 | /* once we support differencing files, this may also be |
1325 | * partially present */ |
1326 | /* update block state to the newly specified state */ |
1327 | vhdx_update_bat_table_entry(bs, s, &sinfo, &bat_entry, |
1328 | &bat_entry_offset, |
1329 | PAYLOAD_BLOCK_FULLY_PRESENT); |
1330 | bat_update = true; |
1331 | /* since we just allocated a block, file_offset is the |
1332 | * beginning of the payload block. It needs to be the |
1333 | * write address, which includes the offset into the block */ |
1334 | if (!use_zero_buffers) { |
1335 | sinfo.file_offset += sinfo.block_offset; |
1336 | } |
1337 | /* fall through */ |
1338 | case PAYLOAD_BLOCK_FULLY_PRESENT: |
1339 | /* if the file offset address is in the header zone, |
1340 | * there is a problem */ |
1341 | if (sinfo.file_offset < (1 * MiB)) { |
1342 | ret = -EFAULT; |
1343 | goto error_bat_restore; |
1344 | } |
1345 | |
1346 | if (!use_zero_buffers) { |
1347 | qemu_iovec_concat(&hd_qiov, qiov, bytes_done, |
1348 | sinfo.bytes_avail); |
1349 | } |
1350 | /* block exists, so we can just overwrite it */ |
1351 | qemu_co_mutex_unlock(&s->lock); |
1352 | ret = bdrv_co_pwritev(bs->file, sinfo.file_offset, |
1353 | sectors_to_write * BDRV_SECTOR_SIZE, |
1354 | &hd_qiov, 0); |
1355 | qemu_co_mutex_lock(&s->lock); |
1356 | if (ret < 0) { |
1357 | goto error_bat_restore; |
1358 | } |
1359 | break; |
1360 | case PAYLOAD_BLOCK_PARTIALLY_PRESENT: |
1361 | /* we don't yet support difference files, fall through |
1362 | * to error */ |
1363 | default: |
1364 | ret = -EIO; |
1365 | goto exit; |
1366 | break; |
1367 | } |
1368 | |
1369 | if (bat_update) { |
1370 | /* this will update the BAT entry into the log journal, and |
1371 | * then flush the log journal out to disk */ |
1372 | ret = vhdx_log_write_and_flush(bs, s, &bat_entry, |
1373 | sizeof(VHDXBatEntry), |
1374 | bat_entry_offset); |
1375 | if (ret < 0) { |
1376 | goto exit; |
1377 | } |
1378 | } |
1379 | |
1380 | nb_sectors -= sinfo.sectors_avail; |
1381 | sector_num += sinfo.sectors_avail; |
1382 | bytes_done += sinfo.bytes_avail; |
1383 | |
1384 | } |
1385 | } |
1386 | |
1387 | goto exit; |
1388 | |
1389 | error_bat_restore: |
1390 | if (bat_update) { |
1391 | /* keep metadata in sync, and restore the bat entry state |
1392 | * if error. */ |
1393 | sinfo.file_offset = bat_prior_offset; |
1394 | vhdx_update_bat_table_entry(bs, s, &sinfo, &bat_entry, |
1395 | &bat_entry_offset, bat_state); |
1396 | } |
1397 | exit: |
1398 | qemu_vfree(iov1.iov_base); |
1399 | qemu_vfree(iov2.iov_base); |
1400 | qemu_co_mutex_unlock(&s->lock); |
1401 | qemu_iovec_destroy(&hd_qiov); |
1402 | return ret; |
1403 | } |
1404 | |
1405 | |
1406 | |
1407 | /* |
1408 | * Create VHDX Headers |
1409 | * |
1410 | * There are 2 headers, and the highest sequence number will represent |
1411 | * the active header |
1412 | */ |
1413 | static int (BlockBackend *blk, uint64_t image_size, |
1414 | uint32_t log_size) |
1415 | { |
1416 | BlockDriverState *bs = blk_bs(blk); |
1417 | BdrvChild *child; |
1418 | int ret = 0; |
1419 | VHDXHeader *hdr = NULL; |
1420 | |
1421 | hdr = g_new0(VHDXHeader, 1); |
1422 | |
1423 | hdr->signature = VHDX_HEADER_SIGNATURE; |
1424 | hdr->sequence_number = g_random_int(); |
1425 | hdr->log_version = 0; |
1426 | hdr->version = 1; |
1427 | hdr->log_length = log_size; |
1428 | hdr->log_offset = VHDX_HEADER_SECTION_END; |
1429 | vhdx_guid_generate(&hdr->file_write_guid); |
1430 | vhdx_guid_generate(&hdr->data_write_guid); |
1431 | |
1432 | /* XXX Ugly way to get blk->root, but that's a feature, not a bug. This |
1433 | * hack makes it obvious that vhdx_write_header() bypasses the BlockBackend |
1434 | * here, which it really shouldn't be doing. */ |
1435 | child = QLIST_FIRST(&bs->parents); |
1436 | assert(!QLIST_NEXT(child, next_parent)); |
1437 | |
1438 | ret = vhdx_write_header(child, hdr, VHDX_HEADER1_OFFSET, false); |
1439 | if (ret < 0) { |
1440 | goto exit; |
1441 | } |
1442 | hdr->sequence_number++; |
1443 | ret = vhdx_write_header(child, hdr, VHDX_HEADER2_OFFSET, false); |
1444 | if (ret < 0) { |
1445 | goto exit; |
1446 | } |
1447 | |
1448 | exit: |
1449 | g_free(hdr); |
1450 | return ret; |
1451 | } |
1452 | |
1453 | #define VHDX_METADATA_ENTRY_BUFFER_SIZE \ |
1454 | (sizeof(VHDXFileParameters) +\ |
1455 | sizeof(VHDXVirtualDiskSize) +\ |
1456 | sizeof(VHDXPage83Data) +\ |
1457 | sizeof(VHDXVirtualDiskLogicalSectorSize) +\ |
1458 | sizeof(VHDXVirtualDiskPhysicalSectorSize)) |
1459 | |
1460 | /* |
1461 | * Create the Metadata entries. |
1462 | * |
1463 | * For more details on the entries, see section 3.5 (pg 29) in the |
1464 | * VHDX 1.00 specification. |
1465 | * |
1466 | * We support 5 metadata entries (all required by spec): |
1467 | * File Parameters, |
1468 | * Virtual Disk Size, |
1469 | * Page 83 Data, |
1470 | * Logical Sector Size, |
1471 | * Physical Sector Size |
1472 | * |
1473 | * The first 64KB of the Metadata section is reserved for the metadata |
1474 | * header and entries; beyond that, the metadata items themselves reside. |
1475 | */ |
1476 | static int vhdx_create_new_metadata(BlockBackend *blk, |
1477 | uint64_t image_size, |
1478 | uint32_t block_size, |
1479 | uint32_t sector_size, |
1480 | uint64_t metadata_offset, |
1481 | VHDXImageType type) |
1482 | { |
1483 | int ret = 0; |
1484 | uint32_t offset = 0; |
1485 | void *buffer = NULL; |
1486 | void *entry_buffer; |
1487 | VHDXMetadataTableHeader *md_table; |
1488 | VHDXMetadataTableEntry *md_table_entry; |
1489 | |
1490 | /* Metadata entries */ |
1491 | VHDXFileParameters *mt_file_params; |
1492 | VHDXVirtualDiskSize *mt_virtual_size; |
1493 | VHDXPage83Data *mt_page83; |
1494 | VHDXVirtualDiskLogicalSectorSize *mt_log_sector_size; |
1495 | VHDXVirtualDiskPhysicalSectorSize *mt_phys_sector_size; |
1496 | |
1497 | entry_buffer = g_malloc0(VHDX_METADATA_ENTRY_BUFFER_SIZE); |
1498 | |
1499 | mt_file_params = entry_buffer; |
1500 | offset += sizeof(VHDXFileParameters); |
1501 | mt_virtual_size = entry_buffer + offset; |
1502 | offset += sizeof(VHDXVirtualDiskSize); |
1503 | mt_page83 = entry_buffer + offset; |
1504 | offset += sizeof(VHDXPage83Data); |
1505 | mt_log_sector_size = entry_buffer + offset; |
1506 | offset += sizeof(VHDXVirtualDiskLogicalSectorSize); |
1507 | mt_phys_sector_size = entry_buffer + offset; |
1508 | |
1509 | mt_file_params->block_size = cpu_to_le32(block_size); |
1510 | if (type == VHDX_TYPE_FIXED) { |
1511 | mt_file_params->data_bits |= VHDX_PARAMS_LEAVE_BLOCKS_ALLOCED; |
1512 | mt_file_params->data_bits = cpu_to_le32(mt_file_params->data_bits); |
1513 | } |
1514 | |
1515 | vhdx_guid_generate(&mt_page83->page_83_data); |
1516 | cpu_to_leguids(&mt_page83->page_83_data); |
1517 | mt_virtual_size->virtual_disk_size = cpu_to_le64(image_size); |
1518 | mt_log_sector_size->logical_sector_size = cpu_to_le32(sector_size); |
1519 | mt_phys_sector_size->physical_sector_size = cpu_to_le32(sector_size); |
1520 | |
1521 | buffer = g_malloc0(VHDX_HEADER_BLOCK_SIZE); |
1522 | md_table = buffer; |
1523 | |
1524 | md_table->signature = VHDX_METADATA_SIGNATURE; |
1525 | md_table->entry_count = 5; |
1526 | vhdx_metadata_header_le_export(md_table); |
1527 | |
1528 | |
1529 | /* This will reference beyond the reserved table portion */ |
1530 | offset = 64 * KiB; |
1531 | |
1532 | md_table_entry = buffer + sizeof(VHDXMetadataTableHeader); |
1533 | |
1534 | md_table_entry[0].item_id = file_param_guid; |
1535 | md_table_entry[0].offset = offset; |
1536 | md_table_entry[0].length = sizeof(VHDXFileParameters); |
1537 | md_table_entry[0].data_bits |= VHDX_META_FLAGS_IS_REQUIRED; |
1538 | offset += md_table_entry[0].length; |
1539 | vhdx_metadata_entry_le_export(&md_table_entry[0]); |
1540 | |
1541 | md_table_entry[1].item_id = virtual_size_guid; |
1542 | md_table_entry[1].offset = offset; |
1543 | md_table_entry[1].length = sizeof(VHDXVirtualDiskSize); |
1544 | md_table_entry[1].data_bits |= VHDX_META_FLAGS_IS_REQUIRED | |
1545 | VHDX_META_FLAGS_IS_VIRTUAL_DISK; |
1546 | offset += md_table_entry[1].length; |
1547 | vhdx_metadata_entry_le_export(&md_table_entry[1]); |
1548 | |
1549 | md_table_entry[2].item_id = page83_guid; |
1550 | md_table_entry[2].offset = offset; |
1551 | md_table_entry[2].length = sizeof(VHDXPage83Data); |
1552 | md_table_entry[2].data_bits |= VHDX_META_FLAGS_IS_REQUIRED | |
1553 | VHDX_META_FLAGS_IS_VIRTUAL_DISK; |
1554 | offset += md_table_entry[2].length; |
1555 | vhdx_metadata_entry_le_export(&md_table_entry[2]); |
1556 | |
1557 | md_table_entry[3].item_id = logical_sector_guid; |
1558 | md_table_entry[3].offset = offset; |
1559 | md_table_entry[3].length = sizeof(VHDXVirtualDiskLogicalSectorSize); |
1560 | md_table_entry[3].data_bits |= VHDX_META_FLAGS_IS_REQUIRED | |
1561 | VHDX_META_FLAGS_IS_VIRTUAL_DISK; |
1562 | offset += md_table_entry[3].length; |
1563 | vhdx_metadata_entry_le_export(&md_table_entry[3]); |
1564 | |
1565 | md_table_entry[4].item_id = phys_sector_guid; |
1566 | md_table_entry[4].offset = offset; |
1567 | md_table_entry[4].length = sizeof(VHDXVirtualDiskPhysicalSectorSize); |
1568 | md_table_entry[4].data_bits |= VHDX_META_FLAGS_IS_REQUIRED | |
1569 | VHDX_META_FLAGS_IS_VIRTUAL_DISK; |
1570 | vhdx_metadata_entry_le_export(&md_table_entry[4]); |
1571 | |
1572 | ret = blk_pwrite(blk, metadata_offset, buffer, VHDX_HEADER_BLOCK_SIZE, 0); |
1573 | if (ret < 0) { |
1574 | goto exit; |
1575 | } |
1576 | |
1577 | ret = blk_pwrite(blk, metadata_offset + (64 * KiB), entry_buffer, |
1578 | VHDX_METADATA_ENTRY_BUFFER_SIZE, 0); |
1579 | if (ret < 0) { |
1580 | goto exit; |
1581 | } |
1582 | |
1583 | |
1584 | exit: |
1585 | g_free(buffer); |
1586 | g_free(entry_buffer); |
1587 | return ret; |
1588 | } |
1589 | |
1590 | /* This create the actual BAT itself. We currently only support |
1591 | * 'Dynamic' and 'Fixed' image types. |
1592 | * |
1593 | * Dynamic images: default state of the BAT is all zeroes. |
1594 | * |
1595 | * Fixed images: default state of the BAT is fully populated, with |
1596 | * file offsets and state PAYLOAD_BLOCK_FULLY_PRESENT. |
1597 | */ |
1598 | static int vhdx_create_bat(BlockBackend *blk, BDRVVHDXState *s, |
1599 | uint64_t image_size, VHDXImageType type, |
1600 | bool use_zero_blocks, uint64_t file_offset, |
1601 | uint32_t length, Error **errp) |
1602 | { |
1603 | int ret = 0; |
1604 | uint64_t data_file_offset; |
1605 | uint64_t total_sectors = 0; |
1606 | uint64_t sector_num = 0; |
1607 | uint64_t unused; |
1608 | int block_state; |
1609 | VHDXSectorInfo sinfo; |
1610 | |
1611 | assert(s->bat == NULL); |
1612 | |
1613 | /* this gives a data start after BAT/bitmap entries, and well |
1614 | * past any metadata entries (with a 4 MB buffer for future |
1615 | * expansion */ |
1616 | data_file_offset = file_offset + length + 5 * MiB; |
1617 | total_sectors = image_size >> s->logical_sector_size_bits; |
1618 | |
1619 | if (type == VHDX_TYPE_DYNAMIC) { |
1620 | /* All zeroes, so we can just extend the file - the end of the BAT |
1621 | * is the furthest thing we have written yet */ |
1622 | ret = blk_truncate(blk, data_file_offset, PREALLOC_MODE_OFF, errp); |
1623 | if (ret < 0) { |
1624 | goto exit; |
1625 | } |
1626 | } else if (type == VHDX_TYPE_FIXED) { |
1627 | ret = blk_truncate(blk, data_file_offset + image_size, |
1628 | PREALLOC_MODE_OFF, errp); |
1629 | if (ret < 0) { |
1630 | goto exit; |
1631 | } |
1632 | } else { |
1633 | error_setg(errp, "Unsupported image type" ); |
1634 | ret = -ENOTSUP; |
1635 | goto exit; |
1636 | } |
1637 | |
1638 | if (type == VHDX_TYPE_FIXED || |
1639 | use_zero_blocks || |
1640 | bdrv_has_zero_init(blk_bs(blk)) == 0) { |
1641 | /* for a fixed file, the default BAT entry is not zero */ |
1642 | s->bat = g_try_malloc0(length); |
1643 | if (length && s->bat == NULL) { |
1644 | error_setg(errp, "Failed to allocate memory for the BAT" ); |
1645 | ret = -ENOMEM; |
1646 | goto exit; |
1647 | } |
1648 | block_state = type == VHDX_TYPE_FIXED ? PAYLOAD_BLOCK_FULLY_PRESENT : |
1649 | PAYLOAD_BLOCK_NOT_PRESENT; |
1650 | block_state = use_zero_blocks ? PAYLOAD_BLOCK_ZERO : block_state; |
1651 | /* fill the BAT by emulating sector writes of sectors_per_block size */ |
1652 | while (sector_num < total_sectors) { |
1653 | vhdx_block_translate(s, sector_num, s->sectors_per_block, &sinfo); |
1654 | sinfo.file_offset = data_file_offset + |
1655 | (sector_num << s->logical_sector_size_bits); |
1656 | sinfo.file_offset = ROUND_UP(sinfo.file_offset, MiB); |
1657 | vhdx_update_bat_table_entry(blk_bs(blk), s, &sinfo, &unused, &unused, |
1658 | block_state); |
1659 | s->bat[sinfo.bat_idx] = cpu_to_le64(s->bat[sinfo.bat_idx]); |
1660 | sector_num += s->sectors_per_block; |
1661 | } |
1662 | ret = blk_pwrite(blk, file_offset, s->bat, length, 0); |
1663 | if (ret < 0) { |
1664 | error_setg_errno(errp, -ret, "Failed to write the BAT" ); |
1665 | goto exit; |
1666 | } |
1667 | } |
1668 | |
1669 | |
1670 | |
1671 | exit: |
1672 | g_free(s->bat); |
1673 | return ret; |
1674 | } |
1675 | |
1676 | /* Creates the region table header, and region table entries. |
1677 | * There are 2 supported region table entries: BAT, and Metadata/ |
1678 | * |
1679 | * As the calculations for the BAT region table are also needed |
1680 | * to create the BAT itself, we will also cause the BAT to be |
1681 | * created. |
1682 | */ |
1683 | static int vhdx_create_new_region_table(BlockBackend *blk, |
1684 | uint64_t image_size, |
1685 | uint32_t block_size, |
1686 | uint32_t sector_size, |
1687 | uint32_t log_size, |
1688 | bool use_zero_blocks, |
1689 | VHDXImageType type, |
1690 | uint64_t *metadata_offset, |
1691 | Error **errp) |
1692 | { |
1693 | int ret = 0; |
1694 | uint32_t offset = 0; |
1695 | void *buffer = NULL; |
1696 | uint64_t bat_file_offset; |
1697 | uint32_t bat_length; |
1698 | BDRVVHDXState *s = NULL; |
1699 | VHDXRegionTableHeader *region_table; |
1700 | VHDXRegionTableEntry *rt_bat; |
1701 | VHDXRegionTableEntry *rt_metadata; |
1702 | |
1703 | assert(metadata_offset != NULL); |
1704 | |
1705 | /* Populate enough of the BDRVVHDXState to be able to use the |
1706 | * pre-existing BAT calculation, translation, and update functions */ |
1707 | s = g_new0(BDRVVHDXState, 1); |
1708 | |
1709 | s->chunk_ratio = (VHDX_MAX_SECTORS_PER_BLOCK) * |
1710 | (uint64_t) sector_size / (uint64_t) block_size; |
1711 | |
1712 | s->sectors_per_block = block_size / sector_size; |
1713 | s->virtual_disk_size = image_size; |
1714 | s->block_size = block_size; |
1715 | s->logical_sector_size = sector_size; |
1716 | |
1717 | vhdx_set_shift_bits(s); |
1718 | |
1719 | vhdx_calc_bat_entries(s); |
1720 | |
1721 | /* At this point the VHDX state is populated enough for creation */ |
1722 | |
1723 | /* a single buffer is used so we can calculate the checksum over the |
1724 | * entire 64KB block */ |
1725 | buffer = g_malloc0(VHDX_HEADER_BLOCK_SIZE); |
1726 | region_table = buffer; |
1727 | offset += sizeof(VHDXRegionTableHeader); |
1728 | rt_bat = buffer + offset; |
1729 | offset += sizeof(VHDXRegionTableEntry); |
1730 | rt_metadata = buffer + offset; |
1731 | |
1732 | region_table->signature = VHDX_REGION_SIGNATURE; |
1733 | region_table->entry_count = 2; /* BAT and Metadata */ |
1734 | |
1735 | rt_bat->guid = bat_guid; |
1736 | rt_bat->length = ROUND_UP(s->bat_entries * sizeof(VHDXBatEntry), MiB); |
1737 | rt_bat->file_offset = ROUND_UP(VHDX_HEADER_SECTION_END + log_size, MiB); |
1738 | s->bat_offset = rt_bat->file_offset; |
1739 | |
1740 | rt_metadata->guid = metadata_guid; |
1741 | rt_metadata->file_offset = ROUND_UP(rt_bat->file_offset + rt_bat->length, |
1742 | MiB); |
1743 | rt_metadata->length = 1 * MiB; /* min size, and more than enough */ |
1744 | *metadata_offset = rt_metadata->file_offset; |
1745 | |
1746 | bat_file_offset = rt_bat->file_offset; |
1747 | bat_length = rt_bat->length; |
1748 | |
1749 | vhdx_region_header_le_export(region_table); |
1750 | vhdx_region_entry_le_export(rt_bat); |
1751 | vhdx_region_entry_le_export(rt_metadata); |
1752 | |
1753 | vhdx_update_checksum(buffer, VHDX_HEADER_BLOCK_SIZE, |
1754 | offsetof(VHDXRegionTableHeader, checksum)); |
1755 | |
1756 | |
1757 | /* The region table gives us the data we need to create the BAT, |
1758 | * so do that now */ |
1759 | ret = vhdx_create_bat(blk, s, image_size, type, use_zero_blocks, |
1760 | bat_file_offset, bat_length, errp); |
1761 | if (ret < 0) { |
1762 | goto exit; |
1763 | } |
1764 | |
1765 | /* Now write out the region headers to disk */ |
1766 | ret = blk_pwrite(blk, VHDX_REGION_TABLE_OFFSET, buffer, |
1767 | VHDX_HEADER_BLOCK_SIZE, 0); |
1768 | if (ret < 0) { |
1769 | error_setg_errno(errp, -ret, "Failed to write first region table" ); |
1770 | goto exit; |
1771 | } |
1772 | |
1773 | ret = blk_pwrite(blk, VHDX_REGION_TABLE2_OFFSET, buffer, |
1774 | VHDX_HEADER_BLOCK_SIZE, 0); |
1775 | if (ret < 0) { |
1776 | error_setg_errno(errp, -ret, "Failed to write second region table" ); |
1777 | goto exit; |
1778 | } |
1779 | |
1780 | exit: |
1781 | g_free(s); |
1782 | g_free(buffer); |
1783 | return ret; |
1784 | } |
1785 | |
1786 | /* We need to create the following elements: |
1787 | * |
1788 | * .-----------------------------------------------------------------. |
1789 | * | (A) | (B) | (C) | (D) | (E) | |
1790 | * | File ID | Header1 | Header 2 | Region Tbl 1 | Region Tbl 2 | |
1791 | * | | | | | | |
1792 | * .-----------------------------------------------------------------. |
1793 | * 0 64KB 128KB 192KB 256KB 320KB |
1794 | * |
1795 | * |
1796 | * .---- ~ ----------- ~ ------------ ~ ---------------- ~ -----------. |
1797 | * | (F) | (G) | (H) | | |
1798 | * | Journal Log | BAT / Bitmap | Metadata | .... data ...... | |
1799 | * | | | | | |
1800 | * .---- ~ ----------- ~ ------------ ~ ---------------- ~ -----------. |
1801 | * 1MB |
1802 | */ |
1803 | static int coroutine_fn vhdx_co_create(BlockdevCreateOptions *opts, |
1804 | Error **errp) |
1805 | { |
1806 | BlockdevCreateOptionsVhdx *vhdx_opts; |
1807 | BlockBackend *blk = NULL; |
1808 | BlockDriverState *bs = NULL; |
1809 | |
1810 | int ret = 0; |
1811 | uint64_t image_size; |
1812 | uint32_t log_size; |
1813 | uint32_t block_size; |
1814 | uint64_t signature; |
1815 | uint64_t metadata_offset; |
1816 | bool use_zero_blocks = false; |
1817 | |
1818 | gunichar2 *creator = NULL; |
1819 | glong creator_items; |
1820 | VHDXImageType image_type; |
1821 | |
1822 | assert(opts->driver == BLOCKDEV_DRIVER_VHDX); |
1823 | vhdx_opts = &opts->u.vhdx; |
1824 | |
1825 | /* Validate options and set default values */ |
1826 | image_size = vhdx_opts->size; |
1827 | if (image_size > VHDX_MAX_IMAGE_SIZE) { |
1828 | error_setg(errp, "Image size too large; max of 64TB" ); |
1829 | return -EINVAL; |
1830 | } |
1831 | |
1832 | if (!vhdx_opts->has_log_size) { |
1833 | log_size = DEFAULT_LOG_SIZE; |
1834 | } else { |
1835 | if (vhdx_opts->log_size > UINT32_MAX) { |
1836 | error_setg(errp, "Log size must be smaller than 4 GB" ); |
1837 | return -EINVAL; |
1838 | } |
1839 | log_size = vhdx_opts->log_size; |
1840 | } |
1841 | if (log_size < MiB || (log_size % MiB) != 0) { |
1842 | error_setg(errp, "Log size must be a multiple of 1 MB" ); |
1843 | return -EINVAL; |
1844 | } |
1845 | |
1846 | if (!vhdx_opts->has_block_state_zero) { |
1847 | use_zero_blocks = true; |
1848 | } else { |
1849 | use_zero_blocks = vhdx_opts->block_state_zero; |
1850 | } |
1851 | |
1852 | if (!vhdx_opts->has_subformat) { |
1853 | vhdx_opts->subformat = BLOCKDEV_VHDX_SUBFORMAT_DYNAMIC; |
1854 | } |
1855 | |
1856 | switch (vhdx_opts->subformat) { |
1857 | case BLOCKDEV_VHDX_SUBFORMAT_DYNAMIC: |
1858 | image_type = VHDX_TYPE_DYNAMIC; |
1859 | break; |
1860 | case BLOCKDEV_VHDX_SUBFORMAT_FIXED: |
1861 | image_type = VHDX_TYPE_FIXED; |
1862 | break; |
1863 | default: |
1864 | g_assert_not_reached(); |
1865 | } |
1866 | |
1867 | /* These are pretty arbitrary, and mainly designed to keep the BAT |
1868 | * size reasonable to load into RAM */ |
1869 | if (vhdx_opts->has_block_size) { |
1870 | block_size = vhdx_opts->block_size; |
1871 | } else { |
1872 | if (image_size > 32 * TiB) { |
1873 | block_size = 64 * MiB; |
1874 | } else if (image_size > (uint64_t) 100 * GiB) { |
1875 | block_size = 32 * MiB; |
1876 | } else if (image_size > 1 * GiB) { |
1877 | block_size = 16 * MiB; |
1878 | } else { |
1879 | block_size = 8 * MiB; |
1880 | } |
1881 | } |
1882 | |
1883 | if (block_size < MiB || (block_size % MiB) != 0) { |
1884 | error_setg(errp, "Block size must be a multiple of 1 MB" ); |
1885 | return -EINVAL; |
1886 | } |
1887 | if (!is_power_of_2(block_size)) { |
1888 | error_setg(errp, "Block size must be a power of two" ); |
1889 | return -EINVAL; |
1890 | } |
1891 | if (block_size > VHDX_BLOCK_SIZE_MAX) { |
1892 | error_setg(errp, "Block size must not exceed %" PRId64, |
1893 | VHDX_BLOCK_SIZE_MAX); |
1894 | return -EINVAL; |
1895 | } |
1896 | |
1897 | /* Create BlockBackend to write to the image */ |
1898 | bs = bdrv_open_blockdev_ref(vhdx_opts->file, errp); |
1899 | if (bs == NULL) { |
1900 | return -EIO; |
1901 | } |
1902 | |
1903 | blk = blk_new(bdrv_get_aio_context(bs), |
1904 | BLK_PERM_WRITE | BLK_PERM_RESIZE, BLK_PERM_ALL); |
1905 | ret = blk_insert_bs(blk, bs, errp); |
1906 | if (ret < 0) { |
1907 | goto delete_and_exit; |
1908 | } |
1909 | blk_set_allow_write_beyond_eof(blk, true); |
1910 | |
1911 | /* Create (A) */ |
1912 | |
1913 | /* The creator field is optional, but may be useful for |
1914 | * debugging / diagnostics */ |
1915 | creator = g_utf8_to_utf16("QEMU v" QEMU_VERSION, -1, NULL, |
1916 | &creator_items, NULL); |
1917 | signature = cpu_to_le64(VHDX_FILE_SIGNATURE); |
1918 | ret = blk_pwrite(blk, VHDX_FILE_ID_OFFSET, &signature, sizeof(signature), |
1919 | 0); |
1920 | if (ret < 0) { |
1921 | error_setg_errno(errp, -ret, "Failed to write file signature" ); |
1922 | goto delete_and_exit; |
1923 | } |
1924 | if (creator) { |
1925 | ret = blk_pwrite(blk, VHDX_FILE_ID_OFFSET + sizeof(signature), |
1926 | creator, creator_items * sizeof(gunichar2), 0); |
1927 | if (ret < 0) { |
1928 | error_setg_errno(errp, -ret, "Failed to write creator field" ); |
1929 | goto delete_and_exit; |
1930 | } |
1931 | } |
1932 | |
1933 | |
1934 | /* Creates (B),(C) */ |
1935 | ret = vhdx_create_new_headers(blk, image_size, log_size); |
1936 | if (ret < 0) { |
1937 | error_setg_errno(errp, -ret, "Failed to write image headers" ); |
1938 | goto delete_and_exit; |
1939 | } |
1940 | |
1941 | /* Creates (D),(E),(G) explicitly. (F) created as by-product */ |
1942 | ret = vhdx_create_new_region_table(blk, image_size, block_size, 512, |
1943 | log_size, use_zero_blocks, image_type, |
1944 | &metadata_offset, errp); |
1945 | if (ret < 0) { |
1946 | goto delete_and_exit; |
1947 | } |
1948 | |
1949 | /* Creates (H) */ |
1950 | ret = vhdx_create_new_metadata(blk, image_size, block_size, 512, |
1951 | metadata_offset, image_type); |
1952 | if (ret < 0) { |
1953 | error_setg_errno(errp, -ret, "Failed to initialize metadata" ); |
1954 | goto delete_and_exit; |
1955 | } |
1956 | |
1957 | ret = 0; |
1958 | delete_and_exit: |
1959 | blk_unref(blk); |
1960 | bdrv_unref(bs); |
1961 | g_free(creator); |
1962 | return ret; |
1963 | } |
1964 | |
1965 | static int coroutine_fn vhdx_co_create_opts(const char *filename, |
1966 | QemuOpts *opts, |
1967 | Error **errp) |
1968 | { |
1969 | BlockdevCreateOptions *create_options = NULL; |
1970 | QDict *qdict; |
1971 | Visitor *v; |
1972 | BlockDriverState *bs = NULL; |
1973 | Error *local_err = NULL; |
1974 | int ret; |
1975 | |
1976 | static const QDictRenames opt_renames[] = { |
1977 | { VHDX_BLOCK_OPT_LOG_SIZE, "log-size" }, |
1978 | { VHDX_BLOCK_OPT_BLOCK_SIZE, "block-size" }, |
1979 | { VHDX_BLOCK_OPT_ZERO, "block-state-zero" }, |
1980 | { NULL, NULL }, |
1981 | }; |
1982 | |
1983 | /* Parse options and convert legacy syntax */ |
1984 | qdict = qemu_opts_to_qdict_filtered(opts, NULL, &vhdx_create_opts, true); |
1985 | |
1986 | if (!qdict_rename_keys(qdict, opt_renames, errp)) { |
1987 | ret = -EINVAL; |
1988 | goto fail; |
1989 | } |
1990 | |
1991 | /* Create and open the file (protocol layer) */ |
1992 | ret = bdrv_create_file(filename, opts, &local_err); |
1993 | if (ret < 0) { |
1994 | error_propagate(errp, local_err); |
1995 | goto fail; |
1996 | } |
1997 | |
1998 | bs = bdrv_open(filename, NULL, NULL, |
1999 | BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL, errp); |
2000 | if (bs == NULL) { |
2001 | ret = -EIO; |
2002 | goto fail; |
2003 | } |
2004 | |
2005 | /* Now get the QAPI type BlockdevCreateOptions */ |
2006 | qdict_put_str(qdict, "driver" , "vhdx" ); |
2007 | qdict_put_str(qdict, "file" , bs->node_name); |
2008 | |
2009 | v = qobject_input_visitor_new_flat_confused(qdict, errp); |
2010 | if (!v) { |
2011 | ret = -EINVAL; |
2012 | goto fail; |
2013 | } |
2014 | |
2015 | visit_type_BlockdevCreateOptions(v, NULL, &create_options, &local_err); |
2016 | visit_free(v); |
2017 | |
2018 | if (local_err) { |
2019 | error_propagate(errp, local_err); |
2020 | ret = -EINVAL; |
2021 | goto fail; |
2022 | } |
2023 | |
2024 | /* Silently round up sizes: |
2025 | * The image size is rounded to 512 bytes. Make the block and log size |
2026 | * close to what was specified, but must be at least 1MB, and a multiple of |
2027 | * 1 MB. Also respect VHDX_BLOCK_SIZE_MAX for block sizes. block_size = 0 |
2028 | * means auto, which is represented by a missing key in QAPI. */ |
2029 | assert(create_options->driver == BLOCKDEV_DRIVER_VHDX); |
2030 | create_options->u.vhdx.size = |
2031 | ROUND_UP(create_options->u.vhdx.size, BDRV_SECTOR_SIZE); |
2032 | |
2033 | if (create_options->u.vhdx.has_log_size) { |
2034 | create_options->u.vhdx.log_size = |
2035 | ROUND_UP(create_options->u.vhdx.log_size, MiB); |
2036 | } |
2037 | if (create_options->u.vhdx.has_block_size) { |
2038 | create_options->u.vhdx.block_size = |
2039 | ROUND_UP(create_options->u.vhdx.block_size, MiB); |
2040 | |
2041 | if (create_options->u.vhdx.block_size == 0) { |
2042 | create_options->u.vhdx.has_block_size = false; |
2043 | } |
2044 | if (create_options->u.vhdx.block_size > VHDX_BLOCK_SIZE_MAX) { |
2045 | create_options->u.vhdx.block_size = VHDX_BLOCK_SIZE_MAX; |
2046 | } |
2047 | } |
2048 | |
2049 | /* Create the vhdx image (format layer) */ |
2050 | ret = vhdx_co_create(create_options, errp); |
2051 | |
2052 | fail: |
2053 | qobject_unref(qdict); |
2054 | bdrv_unref(bs); |
2055 | qapi_free_BlockdevCreateOptions(create_options); |
2056 | return ret; |
2057 | } |
2058 | |
2059 | /* If opened r/w, the VHDX driver will automatically replay the log, |
2060 | * if one is present, inside the vhdx_open() call. |
2061 | * |
2062 | * If qemu-img check -r all is called, the image is automatically opened |
2063 | * r/w and any log has already been replayed, so there is nothing (currently) |
2064 | * for us to do here |
2065 | */ |
2066 | static int coroutine_fn vhdx_co_check(BlockDriverState *bs, |
2067 | BdrvCheckResult *result, |
2068 | BdrvCheckMode fix) |
2069 | { |
2070 | BDRVVHDXState *s = bs->opaque; |
2071 | |
2072 | if (s->log_replayed_on_open) { |
2073 | result->corruptions_fixed++; |
2074 | } |
2075 | return 0; |
2076 | } |
2077 | |
2078 | static int vhdx_has_zero_init(BlockDriverState *bs) |
2079 | { |
2080 | BDRVVHDXState *s = bs->opaque; |
2081 | int state; |
2082 | |
2083 | /* |
2084 | * Check the subformat: Fixed images have all BAT entries present, |
2085 | * dynamic images have none (right after creation). It is |
2086 | * therefore enough to check the first BAT entry. |
2087 | */ |
2088 | if (!s->bat_entries) { |
2089 | return 1; |
2090 | } |
2091 | |
2092 | state = s->bat[0] & VHDX_BAT_STATE_BIT_MASK; |
2093 | if (state == PAYLOAD_BLOCK_FULLY_PRESENT) { |
2094 | /* Fixed subformat */ |
2095 | return bdrv_has_zero_init(bs->file->bs); |
2096 | } |
2097 | |
2098 | /* Dynamic subformat */ |
2099 | return 1; |
2100 | } |
2101 | |
2102 | static QemuOptsList vhdx_create_opts = { |
2103 | .name = "vhdx-create-opts" , |
2104 | .head = QTAILQ_HEAD_INITIALIZER(vhdx_create_opts.head), |
2105 | .desc = { |
2106 | { |
2107 | .name = BLOCK_OPT_SIZE, |
2108 | .type = QEMU_OPT_SIZE, |
2109 | .help = "Virtual disk size; max of 64TB." |
2110 | }, |
2111 | { |
2112 | .name = VHDX_BLOCK_OPT_LOG_SIZE, |
2113 | .type = QEMU_OPT_SIZE, |
2114 | .def_value_str = stringify(DEFAULT_LOG_SIZE), |
2115 | .help = "Log size; min 1MB." |
2116 | }, |
2117 | { |
2118 | .name = VHDX_BLOCK_OPT_BLOCK_SIZE, |
2119 | .type = QEMU_OPT_SIZE, |
2120 | .def_value_str = stringify(0), |
2121 | .help = "Block Size; min 1MB, max 256MB. " \ |
2122 | "0 means auto-calculate based on image size." |
2123 | }, |
2124 | { |
2125 | .name = BLOCK_OPT_SUBFMT, |
2126 | .type = QEMU_OPT_STRING, |
2127 | .help = "VHDX format type, can be either 'dynamic' or 'fixed'. " \ |
2128 | "Default is 'dynamic'." |
2129 | }, |
2130 | { |
2131 | .name = VHDX_BLOCK_OPT_ZERO, |
2132 | .type = QEMU_OPT_BOOL, |
2133 | .help = "Force use of payload blocks of type 'ZERO'. " \ |
2134 | "Non-standard, but default. Do not set to 'off' when " \ |
2135 | "using 'qemu-img convert' with subformat=dynamic." |
2136 | }, |
2137 | { NULL } |
2138 | } |
2139 | }; |
2140 | |
2141 | static BlockDriver bdrv_vhdx = { |
2142 | .format_name = "vhdx" , |
2143 | .instance_size = sizeof(BDRVVHDXState), |
2144 | .bdrv_probe = vhdx_probe, |
2145 | .bdrv_open = vhdx_open, |
2146 | .bdrv_close = vhdx_close, |
2147 | .bdrv_reopen_prepare = vhdx_reopen_prepare, |
2148 | .bdrv_child_perm = bdrv_format_default_perms, |
2149 | .bdrv_co_readv = vhdx_co_readv, |
2150 | .bdrv_co_writev = vhdx_co_writev, |
2151 | .bdrv_co_create = vhdx_co_create, |
2152 | .bdrv_co_create_opts = vhdx_co_create_opts, |
2153 | .bdrv_get_info = vhdx_get_info, |
2154 | .bdrv_co_check = vhdx_co_check, |
2155 | .bdrv_has_zero_init = vhdx_has_zero_init, |
2156 | |
2157 | .create_opts = &vhdx_create_opts, |
2158 | }; |
2159 | |
2160 | static void bdrv_vhdx_init(void) |
2161 | { |
2162 | bdrv_register(&bdrv_vhdx); |
2163 | } |
2164 | |
2165 | block_init(bdrv_vhdx_init); |
2166 | |