2 * QEMU System Emulator block driver
4 * Copyright (c) 2003 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25 #include "qemu/osdep.h"
26 #include "block/trace.h"
27 #include "block/block_int.h"
28 #include "block/blockjob.h"
29 #include "block/nbd.h"
30 #include "block/qdict.h"
31 #include "qemu/error-report.h"
32 #include "module_block.h"
33 #include "qemu/main-loop.h"
34 #include "qemu/module.h"
35 #include "qapi/error.h"
36 #include "qapi/qmp/qdict.h"
37 #include "qapi/qmp/qjson.h"
38 #include "qapi/qmp/qnull.h"
39 #include "qapi/qmp/qstring.h"
40 #include "qapi/qobject-output-visitor.h"
41 #include "qapi/qapi-visit-block-core.h"
42 #include "sysemu/block-backend.h"
43 #include "sysemu/sysemu.h"
44 #include "qemu/notify.h"
45 #include "qemu/option.h"
46 #include "qemu/coroutine.h"
47 #include "block/qapi.h"
48 #include "qemu/timer.h"
49 #include "qemu/cutils.h"
53 #include <sys/ioctl.h>
54 #include <sys/queue.h>
64 #define NOT_DONE 0x7fffffff /* used while emulated sync operation in progress */
66 static QTAILQ_HEAD(, BlockDriverState) graph_bdrv_states =
67 QTAILQ_HEAD_INITIALIZER(graph_bdrv_states);
69 static QTAILQ_HEAD(, BlockDriverState) all_bdrv_states =
70 QTAILQ_HEAD_INITIALIZER(all_bdrv_states);
72 static QLIST_HEAD(, BlockDriver) bdrv_drivers =
73 QLIST_HEAD_INITIALIZER(bdrv_drivers);
75 static BlockDriverState *bdrv_open_inherit(const char *filename,
76 const char *reference,
77 QDict *options, int flags,
78 BlockDriverState *parent,
79 const BdrvChildClass *child_class,
80 BdrvChildRole child_role,
83 /* If non-zero, use only whitelisted block drivers */
84 static int use_bdrv_whitelist;
87 static int is_windows_drive_prefix(const char *filename)
89 return (((filename[0] >= 'a' && filename[0] <= 'z') ||
90 (filename[0] >= 'A' && filename[0] <= 'Z')) &&
94 int is_windows_drive(const char *filename)
96 if (is_windows_drive_prefix(filename) &&
99 if (strstart(filename, "\\\\.\\", NULL) ||
100 strstart(filename, "//./", NULL))
106 size_t bdrv_opt_mem_align(BlockDriverState *bs)
108 if (!bs || !bs->drv) {
109 /* page size or 4k (hdd sector size) should be on the safe side */
110 return MAX(4096, qemu_real_host_page_size);
113 return bs->bl.opt_mem_alignment;
116 size_t bdrv_min_mem_align(BlockDriverState *bs)
118 if (!bs || !bs->drv) {
119 /* page size or 4k (hdd sector size) should be on the safe side */
120 return MAX(4096, qemu_real_host_page_size);
123 return bs->bl.min_mem_alignment;
126 /* check if the path starts with "<protocol>:" */
127 int path_has_protocol(const char *path)
132 if (is_windows_drive(path) ||
133 is_windows_drive_prefix(path)) {
136 p = path + strcspn(path, ":/\\");
138 p = path + strcspn(path, ":/");
144 int path_is_absolute(const char *path)
147 /* specific case for names like: "\\.\d:" */
148 if (is_windows_drive(path) || is_windows_drive_prefix(path)) {
151 return (*path == '/' || *path == '\\');
153 return (*path == '/');
157 /* if filename is absolute, just return its duplicate. Otherwise, build a
158 path to it by considering it is relative to base_path. URL are
160 char *path_combine(const char *base_path, const char *filename)
162 const char *protocol_stripped = NULL;
167 if (path_is_absolute(filename)) {
168 return g_strdup(filename);
171 if (path_has_protocol(base_path)) {
172 protocol_stripped = strchr(base_path, ':');
173 if (protocol_stripped) {
177 p = protocol_stripped ?: base_path;
179 p1 = strrchr(base_path, '/');
183 p2 = strrchr(base_path, '\\');
184 if (!p1 || p2 > p1) {
199 result = g_malloc(len + strlen(filename) + 1);
200 memcpy(result, base_path, len);
201 strcpy(result + len, filename);
207 * Helper function for bdrv_parse_filename() implementations to remove optional
208 * protocol prefixes (especially "file:") from a filename and for putting the
209 * stripped filename into the options QDict if there is such a prefix.
211 void bdrv_parse_filename_strip_prefix(const char *filename, const char *prefix,
214 if (strstart(filename, prefix, &filename)) {
215 /* Stripping the explicit protocol prefix may result in a protocol
216 * prefix being (wrongly) detected (if the filename contains a colon) */
217 if (path_has_protocol(filename)) {
218 QString *fat_filename;
220 /* This means there is some colon before the first slash; therefore,
221 * this cannot be an absolute path */
222 assert(!path_is_absolute(filename));
224 /* And we can thus fix the protocol detection issue by prefixing it
226 fat_filename = qstring_from_str("./");
227 qstring_append(fat_filename, filename);
229 assert(!path_has_protocol(qstring_get_str(fat_filename)));
231 qdict_put(options, "filename", fat_filename);
233 /* If no protocol prefix was detected, we can use the shortened
235 qdict_put_str(options, "filename", filename);
241 /* Returns whether the image file is opened as read-only. Note that this can
242 * return false and writing to the image file is still not possible because the
243 * image is inactivated. */
244 bool bdrv_is_read_only(BlockDriverState *bs)
246 return bs->read_only;
249 int bdrv_can_set_read_only(BlockDriverState *bs, bool read_only,
250 bool ignore_allow_rdw, Error **errp)
252 /* Do not set read_only if copy_on_read is enabled */
253 if (bs->copy_on_read && read_only) {
254 error_setg(errp, "Can't set node '%s' to r/o with copy-on-read enabled",
255 bdrv_get_device_or_node_name(bs));
259 /* Do not clear read_only if it is prohibited */
260 if (!read_only && !(bs->open_flags & BDRV_O_ALLOW_RDWR) &&
263 error_setg(errp, "Node '%s' is read only",
264 bdrv_get_device_or_node_name(bs));
272 * Called by a driver that can only provide a read-only image.
274 * Returns 0 if the node is already read-only or it could switch the node to
275 * read-only because BDRV_O_AUTO_RDONLY is set.
277 * Returns -EACCES if the node is read-write and BDRV_O_AUTO_RDONLY is not set
278 * or bdrv_can_set_read_only() forbids making the node read-only. If @errmsg
279 * is not NULL, it is used as the error message for the Error object.
281 int bdrv_apply_auto_read_only(BlockDriverState *bs, const char *errmsg,
286 if (!(bs->open_flags & BDRV_O_RDWR)) {
289 if (!(bs->open_flags & BDRV_O_AUTO_RDONLY)) {
293 ret = bdrv_can_set_read_only(bs, true, false, NULL);
298 bs->read_only = true;
299 bs->open_flags &= ~BDRV_O_RDWR;
304 error_setg(errp, "%s", errmsg ?: "Image is read-only");
309 * If @backing is empty, this function returns NULL without setting
310 * @errp. In all other cases, NULL will only be returned with @errp
313 * Therefore, a return value of NULL without @errp set means that
314 * there is no backing file; if @errp is set, there is one but its
315 * absolute filename cannot be generated.
317 char *bdrv_get_full_backing_filename_from_filename(const char *backed,
321 if (backing[0] == '\0') {
323 } else if (path_has_protocol(backing) || path_is_absolute(backing)) {
324 return g_strdup(backing);
325 } else if (backed[0] == '\0' || strstart(backed, "json:", NULL)) {
326 error_setg(errp, "Cannot use relative backing file names for '%s'",
330 return path_combine(backed, backing);
335 * If @filename is empty or NULL, this function returns NULL without
336 * setting @errp. In all other cases, NULL will only be returned with
339 static char *bdrv_make_absolute_filename(BlockDriverState *relative_to,
340 const char *filename, Error **errp)
342 char *dir, *full_name;
344 if (!filename || filename[0] == '\0') {
346 } else if (path_has_protocol(filename) || path_is_absolute(filename)) {
347 return g_strdup(filename);
350 dir = bdrv_dirname(relative_to, errp);
355 full_name = g_strconcat(dir, filename, NULL);
360 char *bdrv_get_full_backing_filename(BlockDriverState *bs, Error **errp)
362 return bdrv_make_absolute_filename(bs, bs->backing_file, errp);
365 void bdrv_register(BlockDriver *bdrv)
367 assert(bdrv->format_name);
368 QLIST_INSERT_HEAD(&bdrv_drivers, bdrv, list);
371 BlockDriverState *bdrv_new(void)
373 BlockDriverState *bs;
376 bs = g_new0(BlockDriverState, 1);
377 QLIST_INIT(&bs->dirty_bitmaps);
378 for (i = 0; i < BLOCK_OP_TYPE_MAX; i++) {
379 QLIST_INIT(&bs->op_blockers[i]);
381 notifier_with_return_list_init(&bs->before_write_notifiers);
382 qemu_co_mutex_init(&bs->reqs_lock);
383 qemu_mutex_init(&bs->dirty_bitmap_mutex);
385 bs->aio_context = qemu_get_aio_context();
387 qemu_co_queue_init(&bs->flush_queue);
389 for (i = 0; i < bdrv_drain_all_count; i++) {
390 bdrv_drained_begin(bs);
393 QTAILQ_INSERT_TAIL(&all_bdrv_states, bs, bs_list);
398 static BlockDriver *bdrv_do_find_format(const char *format_name)
402 QLIST_FOREACH(drv1, &bdrv_drivers, list) {
403 if (!strcmp(drv1->format_name, format_name)) {
411 BlockDriver *bdrv_find_format(const char *format_name)
416 drv1 = bdrv_do_find_format(format_name);
421 /* The driver isn't registered, maybe we need to load a module */
422 for (i = 0; i < (int)ARRAY_SIZE(block_driver_modules); ++i) {
423 if (!strcmp(block_driver_modules[i].format_name, format_name)) {
424 block_module_load_one(block_driver_modules[i].library_name);
429 return bdrv_do_find_format(format_name);
432 static int bdrv_format_is_whitelisted(const char *format_name, bool read_only)
434 static const char *whitelist_rw[] = {
435 CONFIG_BDRV_RW_WHITELIST
437 static const char *whitelist_ro[] = {
438 CONFIG_BDRV_RO_WHITELIST
442 if (!whitelist_rw[0] && !whitelist_ro[0]) {
443 return 1; /* no whitelist, anything goes */
446 for (p = whitelist_rw; *p; p++) {
447 if (!strcmp(format_name, *p)) {
452 for (p = whitelist_ro; *p; p++) {
453 if (!strcmp(format_name, *p)) {
461 int bdrv_is_whitelisted(BlockDriver *drv, bool read_only)
463 return bdrv_format_is_whitelisted(drv->format_name, read_only);
466 bool bdrv_uses_whitelist(void)
468 return use_bdrv_whitelist;
471 typedef struct CreateCo {
479 static void coroutine_fn bdrv_create_co_entry(void *opaque)
481 Error *local_err = NULL;
484 CreateCo *cco = opaque;
487 ret = cco->drv->bdrv_co_create_opts(cco->drv,
488 cco->filename, cco->opts, &local_err);
489 error_propagate(&cco->err, local_err);
493 int bdrv_create(BlockDriver *drv, const char* filename,
494 QemuOpts *opts, Error **errp)
501 .filename = g_strdup(filename),
507 if (!drv->bdrv_co_create_opts) {
508 error_setg(errp, "Driver '%s' does not support image creation", drv->format_name);
513 if (qemu_in_coroutine()) {
514 /* Fast-path if already in coroutine context */
515 bdrv_create_co_entry(&cco);
517 co = qemu_coroutine_create(bdrv_create_co_entry, &cco);
518 qemu_coroutine_enter(co);
519 while (cco.ret == NOT_DONE) {
520 aio_poll(qemu_get_aio_context(), true);
527 error_propagate(errp, cco.err);
529 error_setg_errno(errp, -ret, "Could not create image");
534 g_free(cco.filename);
539 * Helper function for bdrv_create_file_fallback(): Resize @blk to at
540 * least the given @minimum_size.
542 * On success, return @blk's actual length.
543 * Otherwise, return -errno.
545 static int64_t create_file_fallback_truncate(BlockBackend *blk,
546 int64_t minimum_size, Error **errp)
548 Error *local_err = NULL;
552 ret = blk_truncate(blk, minimum_size, false, PREALLOC_MODE_OFF, 0,
554 if (ret < 0 && ret != -ENOTSUP) {
555 error_propagate(errp, local_err);
559 size = blk_getlength(blk);
561 error_free(local_err);
562 error_setg_errno(errp, -size,
563 "Failed to inquire the new image file's length");
567 if (size < minimum_size) {
568 /* Need to grow the image, but we failed to do that */
569 error_propagate(errp, local_err);
573 error_free(local_err);
580 * Helper function for bdrv_create_file_fallback(): Zero the first
581 * sector to remove any potentially pre-existing image header.
583 static int create_file_fallback_zero_first_sector(BlockBackend *blk,
584 int64_t current_size,
587 int64_t bytes_to_clear;
590 bytes_to_clear = MIN(current_size, BDRV_SECTOR_SIZE);
591 if (bytes_to_clear) {
592 ret = blk_pwrite_zeroes(blk, 0, bytes_to_clear, BDRV_REQ_MAY_UNMAP);
594 error_setg_errno(errp, -ret,
595 "Failed to clear the new image's first sector");
604 * Simple implementation of bdrv_co_create_opts for protocol drivers
605 * which only support creation via opening a file
606 * (usually existing raw storage device)
608 int coroutine_fn bdrv_co_create_opts_simple(BlockDriver *drv,
609 const char *filename,
617 PreallocMode prealloc;
618 Error *local_err = NULL;
621 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0);
622 buf = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC);
623 prealloc = qapi_enum_parse(&PreallocMode_lookup, buf,
624 PREALLOC_MODE_OFF, &local_err);
627 error_propagate(errp, local_err);
631 if (prealloc != PREALLOC_MODE_OFF) {
632 error_setg(errp, "Unsupported preallocation mode '%s'",
633 PreallocMode_str(prealloc));
637 options = qdict_new();
638 qdict_put_str(options, "driver", drv->format_name);
640 blk = blk_new_open(filename, NULL, options,
641 BDRV_O_RDWR | BDRV_O_RESIZE, errp);
643 error_prepend(errp, "Protocol driver '%s' does not support image "
644 "creation, and opening the image failed: ",
649 size = create_file_fallback_truncate(blk, size, errp);
655 ret = create_file_fallback_zero_first_sector(blk, size, errp);
666 int bdrv_create_file(const char *filename, QemuOpts *opts, Error **errp)
670 drv = bdrv_find_protocol(filename, true, errp);
675 return bdrv_create(drv, filename, opts, errp);
678 int coroutine_fn bdrv_co_delete_file(BlockDriverState *bs, Error **errp)
680 Error *local_err = NULL;
686 error_setg(errp, "Block node '%s' is not opened", bs->filename);
690 if (!bs->drv->bdrv_co_delete_file) {
691 error_setg(errp, "Driver '%s' does not support image deletion",
692 bs->drv->format_name);
696 ret = bs->drv->bdrv_co_delete_file(bs, &local_err);
698 error_propagate(errp, local_err);
705 * Try to get @bs's logical and physical block size.
706 * On success, store them in @bsz struct and return 0.
707 * On failure return -errno.
708 * @bs must not be empty.
710 int bdrv_probe_blocksizes(BlockDriverState *bs, BlockSizes *bsz)
712 BlockDriver *drv = bs->drv;
714 if (drv && drv->bdrv_probe_blocksizes) {
715 return drv->bdrv_probe_blocksizes(bs, bsz);
716 } else if (drv && drv->is_filter && bs->file) {
717 return bdrv_probe_blocksizes(bs->file->bs, bsz);
724 * Try to get @bs's geometry (cyls, heads, sectors).
725 * On success, store them in @geo struct and return 0.
726 * On failure return -errno.
727 * @bs must not be empty.
729 int bdrv_probe_geometry(BlockDriverState *bs, HDGeometry *geo)
731 BlockDriver *drv = bs->drv;
733 if (drv && drv->bdrv_probe_geometry) {
734 return drv->bdrv_probe_geometry(bs, geo);
735 } else if (drv && drv->is_filter && bs->file) {
736 return bdrv_probe_geometry(bs->file->bs, geo);
743 * Create a uniquely-named empty temporary file.
744 * Return 0 upon success, otherwise a negative errno value.
746 int get_tmp_filename(char *filename, int size)
749 char temp_dir[MAX_PATH];
750 /* GetTempFileName requires that its output buffer (4th param)
751 have length MAX_PATH or greater. */
752 assert(size >= MAX_PATH);
753 return (GetTempPath(MAX_PATH, temp_dir)
754 && GetTempFileName(temp_dir, "qem", 0, filename)
755 ? 0 : -GetLastError());
759 tmpdir = getenv("TMPDIR");
763 if (snprintf(filename, size, "%s/vl.XXXXXX", tmpdir) >= size) {
766 fd = mkstemp(filename);
770 if (close(fd) != 0) {
779 * Detect host devices. By convention, /dev/cdrom[N] is always
780 * recognized as a host CDROM.
782 static BlockDriver *find_hdev_driver(const char *filename)
784 int score_max = 0, score;
785 BlockDriver *drv = NULL, *d;
787 QLIST_FOREACH(d, &bdrv_drivers, list) {
788 if (d->bdrv_probe_device) {
789 score = d->bdrv_probe_device(filename);
790 if (score > score_max) {
800 static BlockDriver *bdrv_do_find_protocol(const char *protocol)
804 QLIST_FOREACH(drv1, &bdrv_drivers, list) {
805 if (drv1->protocol_name && !strcmp(drv1->protocol_name, protocol)) {
813 BlockDriver *bdrv_find_protocol(const char *filename,
814 bool allow_protocol_prefix,
823 /* TODO Drivers without bdrv_file_open must be specified explicitly */
826 * XXX(hch): we really should not let host device detection
827 * override an explicit protocol specification, but moving this
828 * later breaks access to device names with colons in them.
829 * Thanks to the brain-dead persistent naming schemes on udev-
830 * based Linux systems those actually are quite common.
832 drv1 = find_hdev_driver(filename);
837 if (!path_has_protocol(filename) || !allow_protocol_prefix) {
841 p = strchr(filename, ':');
844 if (len > sizeof(protocol) - 1)
845 len = sizeof(protocol) - 1;
846 memcpy(protocol, filename, len);
847 protocol[len] = '\0';
849 drv1 = bdrv_do_find_protocol(protocol);
854 for (i = 0; i < (int)ARRAY_SIZE(block_driver_modules); ++i) {
855 if (block_driver_modules[i].protocol_name &&
856 !strcmp(block_driver_modules[i].protocol_name, protocol)) {
857 block_module_load_one(block_driver_modules[i].library_name);
862 drv1 = bdrv_do_find_protocol(protocol);
864 error_setg(errp, "Unknown protocol '%s'", protocol);
870 * Guess image format by probing its contents.
871 * This is not a good idea when your image is raw (CVE-2008-2004), but
872 * we do it anyway for backward compatibility.
874 * @buf contains the image's first @buf_size bytes.
875 * @buf_size is the buffer size in bytes (generally BLOCK_PROBE_BUF_SIZE,
876 * but can be smaller if the image file is smaller)
877 * @filename is its filename.
879 * For all block drivers, call the bdrv_probe() method to get its
881 * Return the first block driver with the highest probing score.
883 BlockDriver *bdrv_probe_all(const uint8_t *buf, int buf_size,
884 const char *filename)
886 int score_max = 0, score;
887 BlockDriver *drv = NULL, *d;
889 QLIST_FOREACH(d, &bdrv_drivers, list) {
891 score = d->bdrv_probe(buf, buf_size, filename);
892 if (score > score_max) {
902 static int find_image_format(BlockBackend *file, const char *filename,
903 BlockDriver **pdrv, Error **errp)
906 uint8_t buf[BLOCK_PROBE_BUF_SIZE];
909 /* Return the raw BlockDriver * to scsi-generic devices or empty drives */
910 if (blk_is_sg(file) || !blk_is_inserted(file) || blk_getlength(file) == 0) {
915 ret = blk_pread(file, 0, buf, sizeof(buf));
917 error_setg_errno(errp, -ret, "Could not read image for determining its "
923 drv = bdrv_probe_all(buf, ret, filename);
925 error_setg(errp, "Could not determine image format: No compatible "
934 * Set the current 'total_sectors' value
935 * Return 0 on success, -errno on error.
937 int refresh_total_sectors(BlockDriverState *bs, int64_t hint)
939 BlockDriver *drv = bs->drv;
945 /* Do not attempt drv->bdrv_getlength() on scsi-generic devices */
949 /* query actual device if possible, otherwise just trust the hint */
950 if (drv->bdrv_getlength) {
951 int64_t length = drv->bdrv_getlength(bs);
955 hint = DIV_ROUND_UP(length, BDRV_SECTOR_SIZE);
958 bs->total_sectors = hint;
963 * Combines a QDict of new block driver @options with any missing options taken
964 * from @old_options, so that leaving out an option defaults to its old value.
966 static void bdrv_join_options(BlockDriverState *bs, QDict *options,
969 if (bs->drv && bs->drv->bdrv_join_options) {
970 bs->drv->bdrv_join_options(options, old_options);
972 qdict_join(options, old_options, false);
976 static BlockdevDetectZeroesOptions bdrv_parse_detect_zeroes(QemuOpts *opts,
980 Error *local_err = NULL;
981 char *value = qemu_opt_get_del(opts, "detect-zeroes");
982 BlockdevDetectZeroesOptions detect_zeroes =
983 qapi_enum_parse(&BlockdevDetectZeroesOptions_lookup, value,
984 BLOCKDEV_DETECT_ZEROES_OPTIONS_OFF, &local_err);
987 error_propagate(errp, local_err);
988 return detect_zeroes;
991 if (detect_zeroes == BLOCKDEV_DETECT_ZEROES_OPTIONS_UNMAP &&
992 !(open_flags & BDRV_O_UNMAP))
994 error_setg(errp, "setting detect-zeroes to unmap is not allowed "
995 "without setting discard operation to unmap");
998 return detect_zeroes;
1002 * Set open flags for aio engine
1004 * Return 0 on success, -1 if the engine specified is invalid
1006 int bdrv_parse_aio(const char *mode, int *flags)
1008 if (!strcmp(mode, "threads")) {
1009 /* do nothing, default */
1010 } else if (!strcmp(mode, "native")) {
1011 *flags |= BDRV_O_NATIVE_AIO;
1012 #ifdef CONFIG_LINUX_IO_URING
1013 } else if (!strcmp(mode, "io_uring")) {
1014 *flags |= BDRV_O_IO_URING;
1024 * Set open flags for a given discard mode
1026 * Return 0 on success, -1 if the discard mode was invalid.
1028 int bdrv_parse_discard_flags(const char *mode, int *flags)
1030 *flags &= ~BDRV_O_UNMAP;
1032 if (!strcmp(mode, "off") || !strcmp(mode, "ignore")) {
1034 } else if (!strcmp(mode, "on") || !strcmp(mode, "unmap")) {
1035 *flags |= BDRV_O_UNMAP;
1044 * Set open flags for a given cache mode
1046 * Return 0 on success, -1 if the cache mode was invalid.
1048 int bdrv_parse_cache_mode(const char *mode, int *flags, bool *writethrough)
1050 *flags &= ~BDRV_O_CACHE_MASK;
1052 if (!strcmp(mode, "off") || !strcmp(mode, "none")) {
1053 *writethrough = false;
1054 *flags |= BDRV_O_NOCACHE;
1055 } else if (!strcmp(mode, "directsync")) {
1056 *writethrough = true;
1057 *flags |= BDRV_O_NOCACHE;
1058 } else if (!strcmp(mode, "writeback")) {
1059 *writethrough = false;
1060 } else if (!strcmp(mode, "unsafe")) {
1061 *writethrough = false;
1062 *flags |= BDRV_O_NO_FLUSH;
1063 } else if (!strcmp(mode, "writethrough")) {
1064 *writethrough = true;
1072 static char *bdrv_child_get_parent_desc(BdrvChild *c)
1074 BlockDriverState *parent = c->opaque;
1075 return g_strdup(bdrv_get_device_or_node_name(parent));
1078 static void bdrv_child_cb_drained_begin(BdrvChild *child)
1080 BlockDriverState *bs = child->opaque;
1081 bdrv_do_drained_begin_quiesce(bs, NULL, false);
1084 static bool bdrv_child_cb_drained_poll(BdrvChild *child)
1086 BlockDriverState *bs = child->opaque;
1087 return bdrv_drain_poll(bs, false, NULL, false);
1090 static void bdrv_child_cb_drained_end(BdrvChild *child,
1091 int *drained_end_counter)
1093 BlockDriverState *bs = child->opaque;
1094 bdrv_drained_end_no_poll(bs, drained_end_counter);
1097 static void bdrv_child_cb_attach(BdrvChild *child)
1099 BlockDriverState *bs = child->opaque;
1100 bdrv_apply_subtree_drain(child, bs);
1103 static void bdrv_child_cb_detach(BdrvChild *child)
1105 BlockDriverState *bs = child->opaque;
1106 bdrv_unapply_subtree_drain(child, bs);
1109 static int bdrv_child_cb_inactivate(BdrvChild *child)
1111 BlockDriverState *bs = child->opaque;
1112 assert(bs->open_flags & BDRV_O_INACTIVE);
1116 static bool bdrv_child_cb_can_set_aio_ctx(BdrvChild *child, AioContext *ctx,
1117 GSList **ignore, Error **errp)
1119 BlockDriverState *bs = child->opaque;
1120 return bdrv_can_set_aio_context(bs, ctx, ignore, errp);
1123 static void bdrv_child_cb_set_aio_ctx(BdrvChild *child, AioContext *ctx,
1126 BlockDriverState *bs = child->opaque;
1127 return bdrv_set_aio_context_ignore(bs, ctx, ignore);
1131 * Returns the options and flags that a temporary snapshot should get, based on
1132 * the originally requested flags (the originally requested image will have
1133 * flags like a backing file)
1135 static void bdrv_temp_snapshot_options(int *child_flags, QDict *child_options,
1136 int parent_flags, QDict *parent_options)
1138 *child_flags = (parent_flags & ~BDRV_O_SNAPSHOT) | BDRV_O_TEMPORARY;
1140 /* For temporary files, unconditional cache=unsafe is fine */
1141 qdict_set_default_str(child_options, BDRV_OPT_CACHE_DIRECT, "off");
1142 qdict_set_default_str(child_options, BDRV_OPT_CACHE_NO_FLUSH, "on");
1144 /* Copy the read-only and discard options from the parent */
1145 qdict_copy_default(child_options, parent_options, BDRV_OPT_READ_ONLY);
1146 qdict_copy_default(child_options, parent_options, BDRV_OPT_DISCARD);
1148 /* aio=native doesn't work for cache.direct=off, so disable it for the
1149 * temporary snapshot */
1150 *child_flags &= ~BDRV_O_NATIVE_AIO;
1154 * Returns the options and flags that bs->file should get if a protocol driver
1155 * is expected, based on the given options and flags for the parent BDS
1157 static void bdrv_inherited_options(BdrvChildRole role, bool parent_is_format,
1158 int *child_flags, QDict *child_options,
1159 int parent_flags, QDict *parent_options)
1161 int flags = parent_flags;
1163 /* Enable protocol handling, disable format probing for bs->file */
1164 flags |= BDRV_O_PROTOCOL;
1166 /* If the cache mode isn't explicitly set, inherit direct and no-flush from
1168 qdict_copy_default(child_options, parent_options, BDRV_OPT_CACHE_DIRECT);
1169 qdict_copy_default(child_options, parent_options, BDRV_OPT_CACHE_NO_FLUSH);
1170 qdict_copy_default(child_options, parent_options, BDRV_OPT_FORCE_SHARE);
1172 /* Inherit the read-only option from the parent if it's not set */
1173 qdict_copy_default(child_options, parent_options, BDRV_OPT_READ_ONLY);
1174 qdict_copy_default(child_options, parent_options, BDRV_OPT_AUTO_READ_ONLY);
1176 /* Our block drivers take care to send flushes and respect unmap policy,
1177 * so we can default to enable both on lower layers regardless of the
1178 * corresponding parent options. */
1179 qdict_set_default_str(child_options, BDRV_OPT_DISCARD, "unmap");
1181 /* Clear flags that only apply to the top layer */
1182 flags &= ~(BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING | BDRV_O_COPY_ON_READ |
1185 *child_flags = flags;
1188 const BdrvChildClass child_file = {
1189 .parent_is_bds = true,
1190 .get_parent_desc = bdrv_child_get_parent_desc,
1191 .inherit_options = bdrv_inherited_options,
1192 .drained_begin = bdrv_child_cb_drained_begin,
1193 .drained_poll = bdrv_child_cb_drained_poll,
1194 .drained_end = bdrv_child_cb_drained_end,
1195 .attach = bdrv_child_cb_attach,
1196 .detach = bdrv_child_cb_detach,
1197 .inactivate = bdrv_child_cb_inactivate,
1198 .can_set_aio_ctx = bdrv_child_cb_can_set_aio_ctx,
1199 .set_aio_ctx = bdrv_child_cb_set_aio_ctx,
1203 * Returns the options and flags that bs->file should get if the use of formats
1204 * (and not only protocols) is permitted for it, based on the given options and
1205 * flags for the parent BDS
1207 static void bdrv_inherited_fmt_options(BdrvChildRole role,
1208 bool parent_is_format,
1209 int *child_flags, QDict *child_options,
1210 int parent_flags, QDict *parent_options)
1212 child_file.inherit_options(role, parent_is_format,
1213 child_flags, child_options,
1214 parent_flags, parent_options);
1216 *child_flags &= ~(BDRV_O_PROTOCOL | BDRV_O_NO_IO);
1219 const BdrvChildClass child_format = {
1220 .parent_is_bds = true,
1221 .get_parent_desc = bdrv_child_get_parent_desc,
1222 .inherit_options = bdrv_inherited_fmt_options,
1223 .drained_begin = bdrv_child_cb_drained_begin,
1224 .drained_poll = bdrv_child_cb_drained_poll,
1225 .drained_end = bdrv_child_cb_drained_end,
1226 .attach = bdrv_child_cb_attach,
1227 .detach = bdrv_child_cb_detach,
1228 .inactivate = bdrv_child_cb_inactivate,
1229 .can_set_aio_ctx = bdrv_child_cb_can_set_aio_ctx,
1230 .set_aio_ctx = bdrv_child_cb_set_aio_ctx,
1233 static void bdrv_backing_attach(BdrvChild *c)
1235 BlockDriverState *parent = c->opaque;
1236 BlockDriverState *backing_hd = c->bs;
1238 assert(!parent->backing_blocker);
1239 error_setg(&parent->backing_blocker,
1240 "node is used as backing hd of '%s'",
1241 bdrv_get_device_or_node_name(parent));
1243 bdrv_refresh_filename(backing_hd);
1245 parent->open_flags &= ~BDRV_O_NO_BACKING;
1246 pstrcpy(parent->backing_file, sizeof(parent->backing_file),
1247 backing_hd->filename);
1248 pstrcpy(parent->backing_format, sizeof(parent->backing_format),
1249 backing_hd->drv ? backing_hd->drv->format_name : "");
1251 bdrv_op_block_all(backing_hd, parent->backing_blocker);
1252 /* Otherwise we won't be able to commit or stream */
1253 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_COMMIT_TARGET,
1254 parent->backing_blocker);
1255 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_STREAM,
1256 parent->backing_blocker);
1258 * We do backup in 3 ways:
1260 * The target bs is new opened, and the source is top BDS
1261 * 2. blockdev backup
1262 * Both the source and the target are top BDSes.
1263 * 3. internal backup(used for block replication)
1264 * Both the source and the target are backing file
1266 * In case 1 and 2, neither the source nor the target is the backing file.
1267 * In case 3, we will block the top BDS, so there is only one block job
1268 * for the top BDS and its backing chain.
1270 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_BACKUP_SOURCE,
1271 parent->backing_blocker);
1272 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_BACKUP_TARGET,
1273 parent->backing_blocker);
1275 bdrv_child_cb_attach(c);
1278 static void bdrv_backing_detach(BdrvChild *c)
1280 BlockDriverState *parent = c->opaque;
1282 assert(parent->backing_blocker);
1283 bdrv_op_unblock_all(c->bs, parent->backing_blocker);
1284 error_free(parent->backing_blocker);
1285 parent->backing_blocker = NULL;
1287 bdrv_child_cb_detach(c);
1291 * Returns the options and flags that bs->backing should get, based on the
1292 * given options and flags for the parent BDS
1294 static void bdrv_backing_options(BdrvChildRole role, bool parent_is_format,
1295 int *child_flags, QDict *child_options,
1296 int parent_flags, QDict *parent_options)
1298 int flags = parent_flags;
1300 /* The cache mode is inherited unmodified for backing files; except WCE,
1301 * which is only applied on the top level (BlockBackend) */
1302 qdict_copy_default(child_options, parent_options, BDRV_OPT_CACHE_DIRECT);
1303 qdict_copy_default(child_options, parent_options, BDRV_OPT_CACHE_NO_FLUSH);
1304 qdict_copy_default(child_options, parent_options, BDRV_OPT_FORCE_SHARE);
1306 /* backing files always opened read-only */
1307 qdict_set_default_str(child_options, BDRV_OPT_READ_ONLY, "on");
1308 qdict_set_default_str(child_options, BDRV_OPT_AUTO_READ_ONLY, "off");
1309 flags &= ~BDRV_O_COPY_ON_READ;
1311 /* snapshot=on is handled on the top layer */
1312 flags &= ~(BDRV_O_SNAPSHOT | BDRV_O_TEMPORARY);
1314 *child_flags = flags;
1317 static int bdrv_backing_update_filename(BdrvChild *c, BlockDriverState *base,
1318 const char *filename, Error **errp)
1320 BlockDriverState *parent = c->opaque;
1321 bool read_only = bdrv_is_read_only(parent);
1325 ret = bdrv_reopen_set_read_only(parent, false, errp);
1331 ret = bdrv_change_backing_file(parent, filename,
1332 base->drv ? base->drv->format_name : "");
1334 error_setg_errno(errp, -ret, "Could not update backing file link");
1338 bdrv_reopen_set_read_only(parent, true, NULL);
1344 const BdrvChildClass child_backing = {
1345 .parent_is_bds = true,
1346 .get_parent_desc = bdrv_child_get_parent_desc,
1347 .attach = bdrv_backing_attach,
1348 .detach = bdrv_backing_detach,
1349 .inherit_options = bdrv_backing_options,
1350 .drained_begin = bdrv_child_cb_drained_begin,
1351 .drained_poll = bdrv_child_cb_drained_poll,
1352 .drained_end = bdrv_child_cb_drained_end,
1353 .inactivate = bdrv_child_cb_inactivate,
1354 .update_filename = bdrv_backing_update_filename,
1355 .can_set_aio_ctx = bdrv_child_cb_can_set_aio_ctx,
1356 .set_aio_ctx = bdrv_child_cb_set_aio_ctx,
1359 static int bdrv_open_flags(BlockDriverState *bs, int flags)
1361 int open_flags = flags;
1364 * Clear flags that are internal to the block layer before opening the
1367 open_flags &= ~(BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING | BDRV_O_PROTOCOL);
1372 static void update_flags_from_options(int *flags, QemuOpts *opts)
1374 *flags &= ~(BDRV_O_CACHE_MASK | BDRV_O_RDWR | BDRV_O_AUTO_RDONLY);
1376 if (qemu_opt_get_bool_del(opts, BDRV_OPT_CACHE_NO_FLUSH, false)) {
1377 *flags |= BDRV_O_NO_FLUSH;
1380 if (qemu_opt_get_bool_del(opts, BDRV_OPT_CACHE_DIRECT, false)) {
1381 *flags |= BDRV_O_NOCACHE;
1384 if (!qemu_opt_get_bool_del(opts, BDRV_OPT_READ_ONLY, false)) {
1385 *flags |= BDRV_O_RDWR;
1388 if (qemu_opt_get_bool_del(opts, BDRV_OPT_AUTO_READ_ONLY, false)) {
1389 *flags |= BDRV_O_AUTO_RDONLY;
1393 static void update_options_from_flags(QDict *options, int flags)
1395 if (!qdict_haskey(options, BDRV_OPT_CACHE_DIRECT)) {
1396 qdict_put_bool(options, BDRV_OPT_CACHE_DIRECT, flags & BDRV_O_NOCACHE);
1398 if (!qdict_haskey(options, BDRV_OPT_CACHE_NO_FLUSH)) {
1399 qdict_put_bool(options, BDRV_OPT_CACHE_NO_FLUSH,
1400 flags & BDRV_O_NO_FLUSH);
1402 if (!qdict_haskey(options, BDRV_OPT_READ_ONLY)) {
1403 qdict_put_bool(options, BDRV_OPT_READ_ONLY, !(flags & BDRV_O_RDWR));
1405 if (!qdict_haskey(options, BDRV_OPT_AUTO_READ_ONLY)) {
1406 qdict_put_bool(options, BDRV_OPT_AUTO_READ_ONLY,
1407 flags & BDRV_O_AUTO_RDONLY);
1411 static void bdrv_assign_node_name(BlockDriverState *bs,
1412 const char *node_name,
1415 char *gen_node_name = NULL;
1418 node_name = gen_node_name = id_generate(ID_BLOCK);
1419 } else if (!id_wellformed(node_name)) {
1421 * Check for empty string or invalid characters, but not if it is
1422 * generated (generated names use characters not available to the user)
1424 error_setg(errp, "Invalid node name");
1428 /* takes care of avoiding namespaces collisions */
1429 if (blk_by_name(node_name)) {
1430 error_setg(errp, "node-name=%s is conflicting with a device id",
1435 /* takes care of avoiding duplicates node names */
1436 if (bdrv_find_node(node_name)) {
1437 error_setg(errp, "Duplicate node name");
1441 /* Make sure that the node name isn't truncated */
1442 if (strlen(node_name) >= sizeof(bs->node_name)) {
1443 error_setg(errp, "Node name too long");
1447 /* copy node name into the bs and insert it into the graph list */
1448 pstrcpy(bs->node_name, sizeof(bs->node_name), node_name);
1449 QTAILQ_INSERT_TAIL(&graph_bdrv_states, bs, node_list);
1451 g_free(gen_node_name);
1454 static int bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv,
1455 const char *node_name, QDict *options,
1456 int open_flags, Error **errp)
1458 Error *local_err = NULL;
1461 bdrv_assign_node_name(bs, node_name, &local_err);
1463 error_propagate(errp, local_err);
1468 bs->read_only = !(bs->open_flags & BDRV_O_RDWR);
1469 bs->opaque = g_malloc0(drv->instance_size);
1471 if (drv->bdrv_file_open) {
1472 assert(!drv->bdrv_needs_filename || bs->filename[0]);
1473 ret = drv->bdrv_file_open(bs, options, open_flags, &local_err);
1474 } else if (drv->bdrv_open) {
1475 ret = drv->bdrv_open(bs, options, open_flags, &local_err);
1482 error_propagate(errp, local_err);
1483 } else if (bs->filename[0]) {
1484 error_setg_errno(errp, -ret, "Could not open '%s'", bs->filename);
1486 error_setg_errno(errp, -ret, "Could not open image");
1491 ret = refresh_total_sectors(bs, bs->total_sectors);
1493 error_setg_errno(errp, -ret, "Could not refresh total sector count");
1497 bdrv_refresh_limits(bs, &local_err);
1499 error_propagate(errp, local_err);
1503 assert(bdrv_opt_mem_align(bs) != 0);
1504 assert(bdrv_min_mem_align(bs) != 0);
1505 assert(is_power_of_2(bs->bl.request_alignment));
1507 for (i = 0; i < bs->quiesce_counter; i++) {
1508 if (drv->bdrv_co_drain_begin) {
1509 drv->bdrv_co_drain_begin(bs);
1516 if (bs->file != NULL) {
1517 bdrv_unref_child(bs, bs->file);
1525 BlockDriverState *bdrv_new_open_driver(BlockDriver *drv, const char *node_name,
1526 int flags, Error **errp)
1528 BlockDriverState *bs;
1532 bs->open_flags = flags;
1533 bs->explicit_options = qdict_new();
1534 bs->options = qdict_new();
1537 update_options_from_flags(bs->options, flags);
1539 ret = bdrv_open_driver(bs, drv, node_name, bs->options, flags, errp);
1541 qobject_unref(bs->explicit_options);
1542 bs->explicit_options = NULL;
1543 qobject_unref(bs->options);
1552 QemuOptsList bdrv_runtime_opts = {
1553 .name = "bdrv_common",
1554 .head = QTAILQ_HEAD_INITIALIZER(bdrv_runtime_opts.head),
1557 .name = "node-name",
1558 .type = QEMU_OPT_STRING,
1559 .help = "Node name of the block device node",
1563 .type = QEMU_OPT_STRING,
1564 .help = "Block driver to use for the node",
1567 .name = BDRV_OPT_CACHE_DIRECT,
1568 .type = QEMU_OPT_BOOL,
1569 .help = "Bypass software writeback cache on the host",
1572 .name = BDRV_OPT_CACHE_NO_FLUSH,
1573 .type = QEMU_OPT_BOOL,
1574 .help = "Ignore flush requests",
1577 .name = BDRV_OPT_READ_ONLY,
1578 .type = QEMU_OPT_BOOL,
1579 .help = "Node is opened in read-only mode",
1582 .name = BDRV_OPT_AUTO_READ_ONLY,
1583 .type = QEMU_OPT_BOOL,
1584 .help = "Node can become read-only if opening read-write fails",
1587 .name = "detect-zeroes",
1588 .type = QEMU_OPT_STRING,
1589 .help = "try to optimize zero writes (off, on, unmap)",
1592 .name = BDRV_OPT_DISCARD,
1593 .type = QEMU_OPT_STRING,
1594 .help = "discard operation (ignore/off, unmap/on)",
1597 .name = BDRV_OPT_FORCE_SHARE,
1598 .type = QEMU_OPT_BOOL,
1599 .help = "always accept other writers (default: off)",
1601 { /* end of list */ }
1605 QemuOptsList bdrv_create_opts_simple = {
1606 .name = "simple-create-opts",
1607 .head = QTAILQ_HEAD_INITIALIZER(bdrv_create_opts_simple.head),
1610 .name = BLOCK_OPT_SIZE,
1611 .type = QEMU_OPT_SIZE,
1612 .help = "Virtual disk size"
1615 .name = BLOCK_OPT_PREALLOC,
1616 .type = QEMU_OPT_STRING,
1617 .help = "Preallocation mode (allowed values: off)"
1619 { /* end of list */ }
1624 * Common part for opening disk images and files
1626 * Removes all processed options from *options.
1628 static int bdrv_open_common(BlockDriverState *bs, BlockBackend *file,
1629 QDict *options, Error **errp)
1631 int ret, open_flags;
1632 const char *filename;
1633 const char *driver_name = NULL;
1634 const char *node_name = NULL;
1635 const char *discard;
1638 Error *local_err = NULL;
1640 assert(bs->file == NULL);
1641 assert(options != NULL && bs->options != options);
1643 opts = qemu_opts_create(&bdrv_runtime_opts, NULL, 0, &error_abort);
1644 qemu_opts_absorb_qdict(opts, options, &local_err);
1646 error_propagate(errp, local_err);
1651 update_flags_from_options(&bs->open_flags, opts);
1653 driver_name = qemu_opt_get(opts, "driver");
1654 drv = bdrv_find_format(driver_name);
1655 assert(drv != NULL);
1657 bs->force_share = qemu_opt_get_bool(opts, BDRV_OPT_FORCE_SHARE, false);
1659 if (bs->force_share && (bs->open_flags & BDRV_O_RDWR)) {
1661 BDRV_OPT_FORCE_SHARE
1662 "=on can only be used with read-only images");
1668 bdrv_refresh_filename(blk_bs(file));
1669 filename = blk_bs(file)->filename;
1672 * Caution: while qdict_get_try_str() is fine, getting
1673 * non-string types would require more care. When @options
1674 * come from -blockdev or blockdev_add, its members are typed
1675 * according to the QAPI schema, but when they come from
1676 * -drive, they're all QString.
1678 filename = qdict_get_try_str(options, "filename");
1681 if (drv->bdrv_needs_filename && (!filename || !filename[0])) {
1682 error_setg(errp, "The '%s' block driver requires a file name",
1688 trace_bdrv_open_common(bs, filename ?: "", bs->open_flags,
1691 bs->read_only = !(bs->open_flags & BDRV_O_RDWR);
1693 if (use_bdrv_whitelist && !bdrv_is_whitelisted(drv, bs->read_only)) {
1694 if (!bs->read_only && bdrv_is_whitelisted(drv, true)) {
1695 ret = bdrv_apply_auto_read_only(bs, NULL, NULL);
1701 !bs->read_only && bdrv_is_whitelisted(drv, true)
1702 ? "Driver '%s' can only be used for read-only devices"
1703 : "Driver '%s' is not whitelisted",
1709 /* bdrv_new() and bdrv_close() make it so */
1710 assert(atomic_read(&bs->copy_on_read) == 0);
1712 if (bs->open_flags & BDRV_O_COPY_ON_READ) {
1713 if (!bs->read_only) {
1714 bdrv_enable_copy_on_read(bs);
1716 error_setg(errp, "Can't use copy-on-read on read-only device");
1722 discard = qemu_opt_get(opts, BDRV_OPT_DISCARD);
1723 if (discard != NULL) {
1724 if (bdrv_parse_discard_flags(discard, &bs->open_flags) != 0) {
1725 error_setg(errp, "Invalid discard option");
1732 bdrv_parse_detect_zeroes(opts, bs->open_flags, &local_err);
1734 error_propagate(errp, local_err);
1739 if (filename != NULL) {
1740 pstrcpy(bs->filename, sizeof(bs->filename), filename);
1742 bs->filename[0] = '\0';
1744 pstrcpy(bs->exact_filename, sizeof(bs->exact_filename), bs->filename);
1746 /* Open the image, either directly or using a protocol */
1747 open_flags = bdrv_open_flags(bs, bs->open_flags);
1748 node_name = qemu_opt_get(opts, "node-name");
1750 assert(!drv->bdrv_file_open || file == NULL);
1751 ret = bdrv_open_driver(bs, drv, node_name, options, open_flags, errp);
1756 qemu_opts_del(opts);
1760 qemu_opts_del(opts);
1764 static QDict *parse_json_filename(const char *filename, Error **errp)
1766 QObject *options_obj;
1770 ret = strstart(filename, "json:", &filename);
1773 options_obj = qobject_from_json(filename, errp);
1775 error_prepend(errp, "Could not parse the JSON options: ");
1779 options = qobject_to(QDict, options_obj);
1781 qobject_unref(options_obj);
1782 error_setg(errp, "Invalid JSON object given");
1786 qdict_flatten(options);
1791 static void parse_json_protocol(QDict *options, const char **pfilename,
1794 QDict *json_options;
1795 Error *local_err = NULL;
1797 /* Parse json: pseudo-protocol */
1798 if (!*pfilename || !g_str_has_prefix(*pfilename, "json:")) {
1802 json_options = parse_json_filename(*pfilename, &local_err);
1804 error_propagate(errp, local_err);
1808 /* Options given in the filename have lower priority than options
1809 * specified directly */
1810 qdict_join(options, json_options, false);
1811 qobject_unref(json_options);
1816 * Fills in default options for opening images and converts the legacy
1817 * filename/flags pair to option QDict entries.
1818 * The BDRV_O_PROTOCOL flag in *flags will be set or cleared accordingly if a
1819 * block driver has been specified explicitly.
1821 static int bdrv_fill_options(QDict **options, const char *filename,
1822 int *flags, Error **errp)
1824 const char *drvname;
1825 bool protocol = *flags & BDRV_O_PROTOCOL;
1826 bool parse_filename = false;
1827 BlockDriver *drv = NULL;
1828 Error *local_err = NULL;
1831 * Caution: while qdict_get_try_str() is fine, getting non-string
1832 * types would require more care. When @options come from
1833 * -blockdev or blockdev_add, its members are typed according to
1834 * the QAPI schema, but when they come from -drive, they're all
1837 drvname = qdict_get_try_str(*options, "driver");
1839 drv = bdrv_find_format(drvname);
1841 error_setg(errp, "Unknown driver '%s'", drvname);
1844 /* If the user has explicitly specified the driver, this choice should
1845 * override the BDRV_O_PROTOCOL flag */
1846 protocol = drv->bdrv_file_open;
1850 *flags |= BDRV_O_PROTOCOL;
1852 *flags &= ~BDRV_O_PROTOCOL;
1855 /* Translate cache options from flags into options */
1856 update_options_from_flags(*options, *flags);
1858 /* Fetch the file name from the options QDict if necessary */
1859 if (protocol && filename) {
1860 if (!qdict_haskey(*options, "filename")) {
1861 qdict_put_str(*options, "filename", filename);
1862 parse_filename = true;
1864 error_setg(errp, "Can't specify 'file' and 'filename' options at "
1870 /* Find the right block driver */
1871 /* See cautionary note on accessing @options above */
1872 filename = qdict_get_try_str(*options, "filename");
1874 if (!drvname && protocol) {
1876 drv = bdrv_find_protocol(filename, parse_filename, errp);
1881 drvname = drv->format_name;
1882 qdict_put_str(*options, "driver", drvname);
1884 error_setg(errp, "Must specify either driver or file");
1889 assert(drv || !protocol);
1891 /* Driver-specific filename parsing */
1892 if (drv && drv->bdrv_parse_filename && parse_filename) {
1893 drv->bdrv_parse_filename(filename, *options, &local_err);
1895 error_propagate(errp, local_err);
1899 if (!drv->bdrv_needs_filename) {
1900 qdict_del(*options, "filename");
1907 static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q,
1908 uint64_t perm, uint64_t shared,
1909 GSList *ignore_children,
1910 bool *tighten_restrictions, Error **errp);
1911 static void bdrv_child_abort_perm_update(BdrvChild *c);
1912 static void bdrv_child_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared);
1914 typedef struct BlockReopenQueueEntry {
1917 BDRVReopenState state;
1918 QTAILQ_ENTRY(BlockReopenQueueEntry) entry;
1919 } BlockReopenQueueEntry;
1922 * Return the flags that @bs will have after the reopens in @q have
1923 * successfully completed. If @q is NULL (or @bs is not contained in @q),
1924 * return the current flags.
1926 static int bdrv_reopen_get_flags(BlockReopenQueue *q, BlockDriverState *bs)
1928 BlockReopenQueueEntry *entry;
1931 QTAILQ_FOREACH(entry, q, entry) {
1932 if (entry->state.bs == bs) {
1933 return entry->state.flags;
1938 return bs->open_flags;
1941 /* Returns whether the image file can be written to after the reopen queue @q
1942 * has been successfully applied, or right now if @q is NULL. */
1943 static bool bdrv_is_writable_after_reopen(BlockDriverState *bs,
1944 BlockReopenQueue *q)
1946 int flags = bdrv_reopen_get_flags(q, bs);
1948 return (flags & (BDRV_O_RDWR | BDRV_O_INACTIVE)) == BDRV_O_RDWR;
1952 * Return whether the BDS can be written to. This is not necessarily
1953 * the same as !bdrv_is_read_only(bs), as inactivated images may not
1954 * be written to but do not count as read-only images.
1956 bool bdrv_is_writable(BlockDriverState *bs)
1958 return bdrv_is_writable_after_reopen(bs, NULL);
1961 static void bdrv_child_perm(BlockDriverState *bs, BlockDriverState *child_bs,
1962 BdrvChild *c, const BdrvChildClass *child_class,
1963 BdrvChildRole role, BlockReopenQueue *reopen_queue,
1964 uint64_t parent_perm, uint64_t parent_shared,
1965 uint64_t *nperm, uint64_t *nshared)
1967 assert(bs->drv && bs->drv->bdrv_child_perm);
1968 bs->drv->bdrv_child_perm(bs, c, child_class, role, reopen_queue,
1969 parent_perm, parent_shared,
1971 /* TODO Take force_share from reopen_queue */
1972 if (child_bs && child_bs->force_share) {
1973 *nshared = BLK_PERM_ALL;
1978 * Check whether permissions on this node can be changed in a way that
1979 * @cumulative_perms and @cumulative_shared_perms are the new cumulative
1980 * permissions of all its parents. This involves checking whether all necessary
1981 * permission changes to child nodes can be performed.
1983 * Will set *tighten_restrictions to true if and only if new permissions have to
1984 * be taken or currently shared permissions are to be unshared. Otherwise,
1985 * errors are not fatal as long as the caller accepts that the restrictions
1986 * remain tighter than they need to be. The caller still has to abort the
1988 * @tighten_restrictions cannot be used together with @q: When reopening, we may
1989 * encounter fatal errors even though no restrictions are to be tightened. For
1990 * example, changing a node from RW to RO will fail if the WRITE permission is
1993 * A call to this function must always be followed by a call to bdrv_set_perm()
1994 * or bdrv_abort_perm_update().
1996 static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
1997 uint64_t cumulative_perms,
1998 uint64_t cumulative_shared_perms,
1999 GSList *ignore_children,
2000 bool *tighten_restrictions, Error **errp)
2002 BlockDriver *drv = bs->drv;
2006 assert(!q || !tighten_restrictions);
2008 if (tighten_restrictions) {
2009 uint64_t current_perms, current_shared;
2010 uint64_t added_perms, removed_shared_perms;
2012 bdrv_get_cumulative_perm(bs, ¤t_perms, ¤t_shared);
2014 added_perms = cumulative_perms & ~current_perms;
2015 removed_shared_perms = current_shared & ~cumulative_shared_perms;
2017 *tighten_restrictions = added_perms || removed_shared_perms;
2020 /* Write permissions never work with read-only images */
2021 if ((cumulative_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) &&
2022 !bdrv_is_writable_after_reopen(bs, q))
2024 if (!bdrv_is_writable_after_reopen(bs, NULL)) {
2025 error_setg(errp, "Block node is read-only");
2027 uint64_t current_perms, current_shared;
2028 bdrv_get_cumulative_perm(bs, ¤t_perms, ¤t_shared);
2029 if (current_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) {
2030 error_setg(errp, "Cannot make block node read-only, there is "
2033 error_setg(errp, "Cannot make block node read-only and create "
2041 /* Check this node */
2046 if (drv->bdrv_check_perm) {
2047 return drv->bdrv_check_perm(bs, cumulative_perms,
2048 cumulative_shared_perms, errp);
2051 /* Drivers that never have children can omit .bdrv_child_perm() */
2052 if (!drv->bdrv_child_perm) {
2053 assert(QLIST_EMPTY(&bs->children));
2057 /* Check all children */
2058 QLIST_FOREACH(c, &bs->children, next) {
2059 uint64_t cur_perm, cur_shared;
2060 bool child_tighten_restr;
2062 bdrv_child_perm(bs, c->bs, c, c->klass, c->role, q,
2063 cumulative_perms, cumulative_shared_perms,
2064 &cur_perm, &cur_shared);
2065 ret = bdrv_child_check_perm(c, q, cur_perm, cur_shared, ignore_children,
2066 tighten_restrictions ? &child_tighten_restr
2069 if (tighten_restrictions) {
2070 *tighten_restrictions |= child_tighten_restr;
2081 * Notifies drivers that after a previous bdrv_check_perm() call, the
2082 * permission update is not performed and any preparations made for it (e.g.
2083 * taken file locks) need to be undone.
2085 * This function recursively notifies all child nodes.
2087 static void bdrv_abort_perm_update(BlockDriverState *bs)
2089 BlockDriver *drv = bs->drv;
2096 if (drv->bdrv_abort_perm_update) {
2097 drv->bdrv_abort_perm_update(bs);
2100 QLIST_FOREACH(c, &bs->children, next) {
2101 bdrv_child_abort_perm_update(c);
2105 static void bdrv_set_perm(BlockDriverState *bs, uint64_t cumulative_perms,
2106 uint64_t cumulative_shared_perms)
2108 BlockDriver *drv = bs->drv;
2115 /* Update this node */
2116 if (drv->bdrv_set_perm) {
2117 drv->bdrv_set_perm(bs, cumulative_perms, cumulative_shared_perms);
2120 /* Drivers that never have children can omit .bdrv_child_perm() */
2121 if (!drv->bdrv_child_perm) {
2122 assert(QLIST_EMPTY(&bs->children));
2126 /* Update all children */
2127 QLIST_FOREACH(c, &bs->children, next) {
2128 uint64_t cur_perm, cur_shared;
2129 bdrv_child_perm(bs, c->bs, c, c->klass, c->role, NULL,
2130 cumulative_perms, cumulative_shared_perms,
2131 &cur_perm, &cur_shared);
2132 bdrv_child_set_perm(c, cur_perm, cur_shared);
2136 void bdrv_get_cumulative_perm(BlockDriverState *bs, uint64_t *perm,
2137 uint64_t *shared_perm)
2140 uint64_t cumulative_perms = 0;
2141 uint64_t cumulative_shared_perms = BLK_PERM_ALL;
2143 QLIST_FOREACH(c, &bs->parents, next_parent) {
2144 cumulative_perms |= c->perm;
2145 cumulative_shared_perms &= c->shared_perm;
2148 *perm = cumulative_perms;
2149 *shared_perm = cumulative_shared_perms;
2152 static char *bdrv_child_user_desc(BdrvChild *c)
2154 if (c->klass->get_parent_desc) {
2155 return c->klass->get_parent_desc(c);
2158 return g_strdup("another user");
2161 char *bdrv_perm_names(uint64_t perm)
2167 { BLK_PERM_CONSISTENT_READ, "consistent read" },
2168 { BLK_PERM_WRITE, "write" },
2169 { BLK_PERM_WRITE_UNCHANGED, "write unchanged" },
2170 { BLK_PERM_RESIZE, "resize" },
2171 { BLK_PERM_GRAPH_MOD, "change children" },
2175 GString *result = g_string_sized_new(30);
2176 struct perm_name *p;
2178 for (p = permissions; p->name; p++) {
2179 if (perm & p->perm) {
2180 if (result->len > 0) {
2181 g_string_append(result, ", ");
2183 g_string_append(result, p->name);
2187 return g_string_free(result, FALSE);
2191 * Checks whether a new reference to @bs can be added if the new user requires
2192 * @new_used_perm/@new_shared_perm as its permissions. If @ignore_children is
2193 * set, the BdrvChild objects in this list are ignored in the calculations;
2194 * this allows checking permission updates for an existing reference.
2196 * See bdrv_check_perm() for the semantics of @tighten_restrictions.
2198 * Needs to be followed by a call to either bdrv_set_perm() or
2199 * bdrv_abort_perm_update(). */
2200 static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
2201 uint64_t new_used_perm,
2202 uint64_t new_shared_perm,
2203 GSList *ignore_children,
2204 bool *tighten_restrictions,
2208 uint64_t cumulative_perms = new_used_perm;
2209 uint64_t cumulative_shared_perms = new_shared_perm;
2211 assert(!q || !tighten_restrictions);
2213 /* There is no reason why anyone couldn't tolerate write_unchanged */
2214 assert(new_shared_perm & BLK_PERM_WRITE_UNCHANGED);
2216 QLIST_FOREACH(c, &bs->parents, next_parent) {
2217 if (g_slist_find(ignore_children, c)) {
2221 if ((new_used_perm & c->shared_perm) != new_used_perm) {
2222 char *user = bdrv_child_user_desc(c);
2223 char *perm_names = bdrv_perm_names(new_used_perm & ~c->shared_perm);
2225 if (tighten_restrictions) {
2226 *tighten_restrictions = true;
2229 error_setg(errp, "Conflicts with use by %s as '%s', which does not "
2231 user, c->name, perm_names, bdrv_get_node_name(c->bs));
2237 if ((c->perm & new_shared_perm) != c->perm) {
2238 char *user = bdrv_child_user_desc(c);
2239 char *perm_names = bdrv_perm_names(c->perm & ~new_shared_perm);
2241 if (tighten_restrictions) {
2242 *tighten_restrictions = true;
2245 error_setg(errp, "Conflicts with use by %s as '%s', which uses "
2247 user, c->name, perm_names, bdrv_get_node_name(c->bs));
2253 cumulative_perms |= c->perm;
2254 cumulative_shared_perms &= c->shared_perm;
2257 return bdrv_check_perm(bs, q, cumulative_perms, cumulative_shared_perms,
2258 ignore_children, tighten_restrictions, errp);
2261 /* Needs to be followed by a call to either bdrv_child_set_perm() or
2262 * bdrv_child_abort_perm_update(). */
2263 static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q,
2264 uint64_t perm, uint64_t shared,
2265 GSList *ignore_children,
2266 bool *tighten_restrictions, Error **errp)
2270 ignore_children = g_slist_prepend(g_slist_copy(ignore_children), c);
2271 ret = bdrv_check_update_perm(c->bs, q, perm, shared, ignore_children,
2272 tighten_restrictions, errp);
2273 g_slist_free(ignore_children);
2279 if (!c->has_backup_perm) {
2280 c->has_backup_perm = true;
2281 c->backup_perm = c->perm;
2282 c->backup_shared_perm = c->shared_perm;
2285 * Note: it's OK if c->has_backup_perm was already set, as we can find the
2286 * same child twice during check_perm procedure
2290 c->shared_perm = shared;
2295 static void bdrv_child_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared)
2297 uint64_t cumulative_perms, cumulative_shared_perms;
2299 c->has_backup_perm = false;
2302 c->shared_perm = shared;
2304 bdrv_get_cumulative_perm(c->bs, &cumulative_perms,
2305 &cumulative_shared_perms);
2306 bdrv_set_perm(c->bs, cumulative_perms, cumulative_shared_perms);
2309 static void bdrv_child_abort_perm_update(BdrvChild *c)
2311 if (c->has_backup_perm) {
2312 c->perm = c->backup_perm;
2313 c->shared_perm = c->backup_shared_perm;
2314 c->has_backup_perm = false;
2317 bdrv_abort_perm_update(c->bs);
2320 int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
2323 Error *local_err = NULL;
2325 bool tighten_restrictions;
2327 ret = bdrv_child_check_perm(c, NULL, perm, shared, NULL,
2328 &tighten_restrictions, &local_err);
2330 bdrv_child_abort_perm_update(c);
2331 if (tighten_restrictions) {
2332 error_propagate(errp, local_err);
2335 * Our caller may intend to only loosen restrictions and
2336 * does not expect this function to fail. Errors are not
2337 * fatal in such a case, so we can just hide them from our
2340 error_free(local_err);
2346 bdrv_child_set_perm(c, perm, shared);
2351 int bdrv_child_refresh_perms(BlockDriverState *bs, BdrvChild *c, Error **errp)
2353 uint64_t parent_perms, parent_shared;
2354 uint64_t perms, shared;
2356 bdrv_get_cumulative_perm(bs, &parent_perms, &parent_shared);
2357 bdrv_child_perm(bs, c->bs, c, c->klass, c->role, NULL,
2358 parent_perms, parent_shared, &perms, &shared);
2360 return bdrv_child_try_set_perm(c, perms, shared, errp);
2363 void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
2364 const BdrvChildClass *child_class,
2366 BlockReopenQueue *reopen_queue,
2367 uint64_t perm, uint64_t shared,
2368 uint64_t *nperm, uint64_t *nshared)
2370 *nperm = perm & DEFAULT_PERM_PASSTHROUGH;
2371 *nshared = (shared & DEFAULT_PERM_PASSTHROUGH) | DEFAULT_PERM_UNCHANGED;
2374 void bdrv_format_default_perms(BlockDriverState *bs, BdrvChild *c,
2375 const BdrvChildClass *child_class,
2377 BlockReopenQueue *reopen_queue,
2378 uint64_t perm, uint64_t shared,
2379 uint64_t *nperm, uint64_t *nshared)
2381 bool backing = (child_class == &child_backing);
2382 assert(child_class == &child_backing || child_class == &child_file);
2385 int flags = bdrv_reopen_get_flags(reopen_queue, bs);
2387 /* Apart from the modifications below, the same permissions are
2388 * forwarded and left alone as for filters */
2389 bdrv_filter_default_perms(bs, c, child_class, role, reopen_queue,
2390 perm, shared, &perm, &shared);
2392 /* Format drivers may touch metadata even if the guest doesn't write */
2393 if (bdrv_is_writable_after_reopen(bs, reopen_queue)) {
2394 perm |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
2397 /* bs->file always needs to be consistent because of the metadata. We
2398 * can never allow other users to resize or write to it. */
2399 if (!(flags & BDRV_O_NO_IO)) {
2400 perm |= BLK_PERM_CONSISTENT_READ;
2402 shared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
2404 /* We want consistent read from backing files if the parent needs it.
2405 * No other operations are performed on backing files. */
2406 perm &= BLK_PERM_CONSISTENT_READ;
2408 /* If the parent can deal with changing data, we're okay with a
2409 * writable and resizable backing file. */
2410 /* TODO Require !(perm & BLK_PERM_CONSISTENT_READ), too? */
2411 if (shared & BLK_PERM_WRITE) {
2412 shared = BLK_PERM_WRITE | BLK_PERM_RESIZE;
2417 shared |= BLK_PERM_CONSISTENT_READ | BLK_PERM_GRAPH_MOD |
2418 BLK_PERM_WRITE_UNCHANGED;
2421 if (bs->open_flags & BDRV_O_INACTIVE) {
2422 shared |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
2429 uint64_t bdrv_qapi_perm_to_blk_perm(BlockPermission qapi_perm)
2431 static const uint64_t permissions[] = {
2432 [BLOCK_PERMISSION_CONSISTENT_READ] = BLK_PERM_CONSISTENT_READ,
2433 [BLOCK_PERMISSION_WRITE] = BLK_PERM_WRITE,
2434 [BLOCK_PERMISSION_WRITE_UNCHANGED] = BLK_PERM_WRITE_UNCHANGED,
2435 [BLOCK_PERMISSION_RESIZE] = BLK_PERM_RESIZE,
2436 [BLOCK_PERMISSION_GRAPH_MOD] = BLK_PERM_GRAPH_MOD,
2439 QEMU_BUILD_BUG_ON(ARRAY_SIZE(permissions) != BLOCK_PERMISSION__MAX);
2440 QEMU_BUILD_BUG_ON(1UL << ARRAY_SIZE(permissions) != BLK_PERM_ALL + 1);
2442 assert(qapi_perm < BLOCK_PERMISSION__MAX);
2444 return permissions[qapi_perm];
2447 static void bdrv_replace_child_noperm(BdrvChild *child,
2448 BlockDriverState *new_bs)
2450 BlockDriverState *old_bs = child->bs;
2451 int new_bs_quiesce_counter;
2454 assert(!child->frozen);
2456 if (old_bs && new_bs) {
2457 assert(bdrv_get_aio_context(old_bs) == bdrv_get_aio_context(new_bs));
2460 new_bs_quiesce_counter = (new_bs ? new_bs->quiesce_counter : 0);
2461 drain_saldo = new_bs_quiesce_counter - child->parent_quiesce_counter;
2464 * If the new child node is drained but the old one was not, flush
2465 * all outstanding requests to the old child node.
2467 while (drain_saldo > 0 && child->klass->drained_begin) {
2468 bdrv_parent_drained_begin_single(child, true);
2473 /* Detach first so that the recursive drain sections coming from @child
2474 * are already gone and we only end the drain sections that came from
2476 if (child->klass->detach) {
2477 child->klass->detach(child);
2479 QLIST_REMOVE(child, next_parent);
2485 QLIST_INSERT_HEAD(&new_bs->parents, child, next_parent);
2488 * Detaching the old node may have led to the new node's
2489 * quiesce_counter having been decreased. Not a problem, we
2490 * just need to recognize this here and then invoke
2491 * drained_end appropriately more often.
2493 assert(new_bs->quiesce_counter <= new_bs_quiesce_counter);
2494 drain_saldo += new_bs->quiesce_counter - new_bs_quiesce_counter;
2496 /* Attach only after starting new drained sections, so that recursive
2497 * drain sections coming from @child don't get an extra .drained_begin
2499 if (child->klass->attach) {
2500 child->klass->attach(child);
2505 * If the old child node was drained but the new one is not, allow
2506 * requests to come in only after the new node has been attached.
2508 while (drain_saldo < 0 && child->klass->drained_end) {
2509 bdrv_parent_drained_end_single(child);
2515 * Updates @child to change its reference to point to @new_bs, including
2516 * checking and applying the necessary permisson updates both to the old node
2519 * NULL is passed as @new_bs for removing the reference before freeing @child.
2521 * If @new_bs is not NULL, bdrv_check_perm() must be called beforehand, as this
2522 * function uses bdrv_set_perm() to update the permissions according to the new
2523 * reference that @new_bs gets.
2525 static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
2527 BlockDriverState *old_bs = child->bs;
2528 uint64_t perm, shared_perm;
2530 bdrv_replace_child_noperm(child, new_bs);
2533 * Start with the new node's permissions. If @new_bs is a (direct
2534 * or indirect) child of @old_bs, we must complete the permission
2535 * update on @new_bs before we loosen the restrictions on @old_bs.
2536 * Otherwise, bdrv_check_perm() on @old_bs would re-initiate
2537 * updating the permissions of @new_bs, and thus not purely loosen
2541 bdrv_get_cumulative_perm(new_bs, &perm, &shared_perm);
2542 bdrv_set_perm(new_bs, perm, shared_perm);
2546 /* Update permissions for old node. This is guaranteed to succeed
2547 * because we're just taking a parent away, so we're loosening
2549 bool tighten_restrictions;
2552 bdrv_get_cumulative_perm(old_bs, &perm, &shared_perm);
2553 ret = bdrv_check_perm(old_bs, NULL, perm, shared_perm, NULL,
2554 &tighten_restrictions, NULL);
2555 assert(tighten_restrictions == false);
2557 /* We only tried to loosen restrictions, so errors are not fatal */
2558 bdrv_abort_perm_update(old_bs);
2560 bdrv_set_perm(old_bs, perm, shared_perm);
2563 /* When the parent requiring a non-default AioContext is removed, the
2564 * node moves back to the main AioContext */
2565 bdrv_try_set_aio_context(old_bs, qemu_get_aio_context(), NULL);
2570 * This function steals the reference to child_bs from the caller.
2571 * That reference is later dropped by bdrv_root_unref_child().
2573 * On failure NULL is returned, errp is set and the reference to
2574 * child_bs is also dropped.
2576 * The caller must hold the AioContext lock @child_bs, but not that of @ctx
2577 * (unless @child_bs is already in @ctx).
2579 BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
2580 const char *child_name,
2581 const BdrvChildClass *child_class,
2582 BdrvChildRole child_role,
2584 uint64_t perm, uint64_t shared_perm,
2585 void *opaque, Error **errp)
2588 Error *local_err = NULL;
2591 ret = bdrv_check_update_perm(child_bs, NULL, perm, shared_perm, NULL, NULL,
2594 bdrv_abort_perm_update(child_bs);
2595 bdrv_unref(child_bs);
2599 child = g_new(BdrvChild, 1);
2600 *child = (BdrvChild) {
2602 .name = g_strdup(child_name),
2603 .klass = child_class,
2606 .shared_perm = shared_perm,
2610 /* If the AioContexts don't match, first try to move the subtree of
2611 * child_bs into the AioContext of the new parent. If this doesn't work,
2612 * try moving the parent into the AioContext of child_bs instead. */
2613 if (bdrv_get_aio_context(child_bs) != ctx) {
2614 ret = bdrv_try_set_aio_context(child_bs, ctx, &local_err);
2615 if (ret < 0 && child_class->can_set_aio_ctx) {
2616 GSList *ignore = g_slist_prepend(NULL, child);
2617 ctx = bdrv_get_aio_context(child_bs);
2618 if (child_class->can_set_aio_ctx(child, ctx, &ignore, NULL)) {
2619 error_free(local_err);
2621 g_slist_free(ignore);
2622 ignore = g_slist_prepend(NULL, child);
2623 child_class->set_aio_ctx(child, ctx, &ignore);
2625 g_slist_free(ignore);
2628 error_propagate(errp, local_err);
2630 bdrv_abort_perm_update(child_bs);
2631 bdrv_unref(child_bs);
2636 /* This performs the matching bdrv_set_perm() for the above check. */
2637 bdrv_replace_child(child, child_bs);
2643 * This function transfers the reference to child_bs from the caller
2644 * to parent_bs. That reference is later dropped by parent_bs on
2645 * bdrv_close() or if someone calls bdrv_unref_child().
2647 * On failure NULL is returned, errp is set and the reference to
2648 * child_bs is also dropped.
2650 * If @parent_bs and @child_bs are in different AioContexts, the caller must
2651 * hold the AioContext lock for @child_bs, but not for @parent_bs.
2653 BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs,
2654 BlockDriverState *child_bs,
2655 const char *child_name,
2656 const BdrvChildClass *child_class,
2657 BdrvChildRole child_role,
2661 uint64_t perm, shared_perm;
2663 bdrv_get_cumulative_perm(parent_bs, &perm, &shared_perm);
2665 assert(parent_bs->drv);
2666 bdrv_child_perm(parent_bs, child_bs, NULL, child_class, child_role, NULL,
2667 perm, shared_perm, &perm, &shared_perm);
2669 child = bdrv_root_attach_child(child_bs, child_name, child_class,
2670 child_role, bdrv_get_aio_context(parent_bs),
2671 perm, shared_perm, parent_bs, errp);
2672 if (child == NULL) {
2676 QLIST_INSERT_HEAD(&parent_bs->children, child, next);
2680 static void bdrv_detach_child(BdrvChild *child)
2682 QLIST_SAFE_REMOVE(child, next);
2684 bdrv_replace_child(child, NULL);
2686 g_free(child->name);
2690 void bdrv_root_unref_child(BdrvChild *child)
2692 BlockDriverState *child_bs;
2694 child_bs = child->bs;
2695 bdrv_detach_child(child);
2696 bdrv_unref(child_bs);
2700 * Clear all inherits_from pointers from children and grandchildren of
2701 * @root that point to @root, where necessary.
2703 static void bdrv_unset_inherits_from(BlockDriverState *root, BdrvChild *child)
2707 if (child->bs->inherits_from == root) {
2709 * Remove inherits_from only when the last reference between root and
2710 * child->bs goes away.
2712 QLIST_FOREACH(c, &root->children, next) {
2713 if (c != child && c->bs == child->bs) {
2718 child->bs->inherits_from = NULL;
2722 QLIST_FOREACH(c, &child->bs->children, next) {
2723 bdrv_unset_inherits_from(root, c);
2727 void bdrv_unref_child(BlockDriverState *parent, BdrvChild *child)
2729 if (child == NULL) {
2733 bdrv_unset_inherits_from(parent, child);
2734 bdrv_root_unref_child(child);
2738 static void bdrv_parent_cb_change_media(BlockDriverState *bs, bool load)
2741 QLIST_FOREACH(c, &bs->parents, next_parent) {
2742 if (c->klass->change_media) {
2743 c->klass->change_media(c, load);
2748 /* Return true if you can reach parent going through child->inherits_from
2749 * recursively. If parent or child are NULL, return false */
2750 static bool bdrv_inherits_from_recursive(BlockDriverState *child,
2751 BlockDriverState *parent)
2753 while (child && child != parent) {
2754 child = child->inherits_from;
2757 return child != NULL;
2761 * Sets the backing file link of a BDS. A new reference is created; callers
2762 * which don't need their own reference any more must call bdrv_unref().
2764 void bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd,
2767 bool update_inherits_from = bdrv_chain_contains(bs, backing_hd) &&
2768 bdrv_inherits_from_recursive(backing_hd, bs);
2770 if (bdrv_is_backing_chain_frozen(bs, backing_bs(bs), errp)) {
2775 bdrv_ref(backing_hd);
2779 bdrv_unref_child(bs, bs->backing);
2787 bs->backing = bdrv_attach_child(bs, backing_hd, "backing", &child_backing,
2789 /* If backing_hd was already part of bs's backing chain, and
2790 * inherits_from pointed recursively to bs then let's update it to
2791 * point directly to bs (else it will become NULL). */
2792 if (bs->backing && update_inherits_from) {
2793 backing_hd->inherits_from = bs;
2797 bdrv_refresh_limits(bs, NULL);
2801 * Opens the backing file for a BlockDriverState if not yet open
2803 * bdref_key specifies the key for the image's BlockdevRef in the options QDict.
2804 * That QDict has to be flattened; therefore, if the BlockdevRef is a QDict
2805 * itself, all options starting with "${bdref_key}." are considered part of the
2808 * TODO Can this be unified with bdrv_open_image()?
2810 int bdrv_open_backing_file(BlockDriverState *bs, QDict *parent_options,
2811 const char *bdref_key, Error **errp)
2813 char *backing_filename = NULL;
2814 char *bdref_key_dot;
2815 const char *reference = NULL;
2817 bool implicit_backing = false;
2818 BlockDriverState *backing_hd;
2820 QDict *tmp_parent_options = NULL;
2821 Error *local_err = NULL;
2823 if (bs->backing != NULL) {
2827 /* NULL means an empty set of options */
2828 if (parent_options == NULL) {
2829 tmp_parent_options = qdict_new();
2830 parent_options = tmp_parent_options;
2833 bs->open_flags &= ~BDRV_O_NO_BACKING;
2835 bdref_key_dot = g_strdup_printf("%s.", bdref_key);
2836 qdict_extract_subqdict(parent_options, &options, bdref_key_dot);
2837 g_free(bdref_key_dot);
2840 * Caution: while qdict_get_try_str() is fine, getting non-string
2841 * types would require more care. When @parent_options come from
2842 * -blockdev or blockdev_add, its members are typed according to
2843 * the QAPI schema, but when they come from -drive, they're all
2846 reference = qdict_get_try_str(parent_options, bdref_key);
2847 if (reference || qdict_haskey(options, "file.filename")) {
2848 /* keep backing_filename NULL */
2849 } else if (bs->backing_file[0] == '\0' && qdict_size(options) == 0) {
2850 qobject_unref(options);
2853 if (qdict_size(options) == 0) {
2854 /* If the user specifies options that do not modify the
2855 * backing file's behavior, we might still consider it the
2856 * implicit backing file. But it's easier this way, and
2857 * just specifying some of the backing BDS's options is
2858 * only possible with -drive anyway (otherwise the QAPI
2859 * schema forces the user to specify everything). */
2860 implicit_backing = !strcmp(bs->auto_backing_file, bs->backing_file);
2863 backing_filename = bdrv_get_full_backing_filename(bs, &local_err);
2866 error_propagate(errp, local_err);
2867 qobject_unref(options);
2872 if (!bs->drv || !bs->drv->supports_backing) {
2874 error_setg(errp, "Driver doesn't support backing files");
2875 qobject_unref(options);
2880 bs->backing_format[0] != '\0' && !qdict_haskey(options, "driver")) {
2881 qdict_put_str(options, "driver", bs->backing_format);
2884 backing_hd = bdrv_open_inherit(backing_filename, reference, options, 0, bs,
2885 &child_backing, 0, errp);
2887 bs->open_flags |= BDRV_O_NO_BACKING;
2888 error_prepend(errp, "Could not open backing file: ");
2893 if (implicit_backing) {
2894 bdrv_refresh_filename(backing_hd);
2895 pstrcpy(bs->auto_backing_file, sizeof(bs->auto_backing_file),
2896 backing_hd->filename);
2899 /* Hook up the backing file link; drop our reference, bs owns the
2900 * backing_hd reference now */
2901 bdrv_set_backing_hd(bs, backing_hd, &local_err);
2902 bdrv_unref(backing_hd);
2904 error_propagate(errp, local_err);
2909 qdict_del(parent_options, bdref_key);
2912 g_free(backing_filename);
2913 qobject_unref(tmp_parent_options);
2917 static BlockDriverState *
2918 bdrv_open_child_bs(const char *filename, QDict *options, const char *bdref_key,
2919 BlockDriverState *parent, const BdrvChildClass *child_class,
2920 BdrvChildRole child_role, bool allow_none, Error **errp)
2922 BlockDriverState *bs = NULL;
2923 QDict *image_options;
2924 char *bdref_key_dot;
2925 const char *reference;
2927 assert(child_class != NULL);
2929 bdref_key_dot = g_strdup_printf("%s.", bdref_key);
2930 qdict_extract_subqdict(options, &image_options, bdref_key_dot);
2931 g_free(bdref_key_dot);
2934 * Caution: while qdict_get_try_str() is fine, getting non-string
2935 * types would require more care. When @options come from
2936 * -blockdev or blockdev_add, its members are typed according to
2937 * the QAPI schema, but when they come from -drive, they're all
2940 reference = qdict_get_try_str(options, bdref_key);
2941 if (!filename && !reference && !qdict_size(image_options)) {
2943 error_setg(errp, "A block device must be specified for \"%s\"",
2946 qobject_unref(image_options);
2950 bs = bdrv_open_inherit(filename, reference, image_options, 0,
2951 parent, child_class, child_role, errp);
2957 qdict_del(options, bdref_key);
2962 * Opens a disk image whose options are given as BlockdevRef in another block
2965 * If allow_none is true, no image will be opened if filename is false and no
2966 * BlockdevRef is given. NULL will be returned, but errp remains unset.
2968 * bdrev_key specifies the key for the image's BlockdevRef in the options QDict.
2969 * That QDict has to be flattened; therefore, if the BlockdevRef is a QDict
2970 * itself, all options starting with "${bdref_key}." are considered part of the
2973 * The BlockdevRef will be removed from the options QDict.
2975 BdrvChild *bdrv_open_child(const char *filename,
2976 QDict *options, const char *bdref_key,
2977 BlockDriverState *parent,
2978 const BdrvChildClass *child_class,
2979 BdrvChildRole child_role,
2980 bool allow_none, Error **errp)
2982 BlockDriverState *bs;
2984 bs = bdrv_open_child_bs(filename, options, bdref_key, parent, child_class,
2985 child_role, allow_none, errp);
2990 return bdrv_attach_child(parent, bs, bdref_key, child_class, child_role,
2995 * TODO Future callers may need to specify parent/child_class in order for
2996 * option inheritance to work. Existing callers use it for the root node.
2998 BlockDriverState *bdrv_open_blockdev_ref(BlockdevRef *ref, Error **errp)
3000 BlockDriverState *bs = NULL;
3001 QObject *obj = NULL;
3002 QDict *qdict = NULL;
3003 const char *reference = NULL;
3006 if (ref->type == QTYPE_QSTRING) {
3007 reference = ref->u.reference;
3009 BlockdevOptions *options = &ref->u.definition;
3010 assert(ref->type == QTYPE_QDICT);
3012 v = qobject_output_visitor_new(&obj);
3013 visit_type_BlockdevOptions(v, NULL, &options, &error_abort);
3014 visit_complete(v, &obj);
3016 qdict = qobject_to(QDict, obj);
3017 qdict_flatten(qdict);
3019 /* bdrv_open_inherit() defaults to the values in bdrv_flags (for
3020 * compatibility with other callers) rather than what we want as the
3021 * real defaults. Apply the defaults here instead. */
3022 qdict_set_default_str(qdict, BDRV_OPT_CACHE_DIRECT, "off");
3023 qdict_set_default_str(qdict, BDRV_OPT_CACHE_NO_FLUSH, "off");
3024 qdict_set_default_str(qdict, BDRV_OPT_READ_ONLY, "off");
3025 qdict_set_default_str(qdict, BDRV_OPT_AUTO_READ_ONLY, "off");
3029 bs = bdrv_open_inherit(NULL, reference, qdict, 0, NULL, NULL, 0, errp);
3036 static BlockDriverState *bdrv_append_temp_snapshot(BlockDriverState *bs,
3038 QDict *snapshot_options,
3041 /* TODO: extra byte is a hack to ensure MAX_PATH space on Windows. */
3042 char *tmp_filename = g_malloc0(PATH_MAX + 1);
3044 QemuOpts *opts = NULL;
3045 BlockDriverState *bs_snapshot = NULL;
3046 Error *local_err = NULL;
3049 /* if snapshot, we create a temporary backing file and open it
3050 instead of opening 'filename' directly */
3052 /* Get the required size from the image */
3053 total_size = bdrv_getlength(bs);
3054 if (total_size < 0) {
3055 error_setg_errno(errp, -total_size, "Could not get image size");
3059 /* Create the temporary image */
3060 ret = get_tmp_filename(tmp_filename, PATH_MAX + 1);
3062 error_setg_errno(errp, -ret, "Could not get temporary filename");
3066 opts = qemu_opts_create(bdrv_qcow2.create_opts, NULL, 0,
3068 qemu_opt_set_number(opts, BLOCK_OPT_SIZE, total_size, &error_abort);
3069 ret = bdrv_create(&bdrv_qcow2, tmp_filename, opts, errp);
3070 qemu_opts_del(opts);
3072 error_prepend(errp, "Could not create temporary overlay '%s': ",
3077 /* Prepare options QDict for the temporary file */
3078 qdict_put_str(snapshot_options, "file.driver", "file");
3079 qdict_put_str(snapshot_options, "file.filename", tmp_filename);
3080 qdict_put_str(snapshot_options, "driver", "qcow2");
3082 bs_snapshot = bdrv_open(NULL, NULL, snapshot_options, flags, errp);
3083 snapshot_options = NULL;
3088 /* bdrv_append() consumes a strong reference to bs_snapshot
3089 * (i.e. it will call bdrv_unref() on it) even on error, so in
3090 * order to be able to return one, we have to increase
3091 * bs_snapshot's refcount here */
3092 bdrv_ref(bs_snapshot);
3093 bdrv_append(bs_snapshot, bs, &local_err);
3095 error_propagate(errp, local_err);
3101 qobject_unref(snapshot_options);
3102 g_free(tmp_filename);
3107 * Opens a disk image (raw, qcow2, vmdk, ...)
3109 * options is a QDict of options to pass to the block drivers, or NULL for an
3110 * empty set of options. The reference to the QDict belongs to the block layer
3111 * after the call (even on failure), so if the caller intends to reuse the
3112 * dictionary, it needs to use qobject_ref() before calling bdrv_open.
3114 * If *pbs is NULL, a new BDS will be created with a pointer to it stored there.
3115 * If it is not NULL, the referenced BDS will be reused.
3117 * The reference parameter may be used to specify an existing block device which
3118 * should be opened. If specified, neither options nor a filename may be given,
3119 * nor can an existing BDS be reused (that is, *pbs has to be NULL).
3121 static BlockDriverState *bdrv_open_inherit(const char *filename,
3122 const char *reference,
3123 QDict *options, int flags,
3124 BlockDriverState *parent,
3125 const BdrvChildClass *child_class,
3126 BdrvChildRole child_role,
3130 BlockBackend *file = NULL;
3131 BlockDriverState *bs;
3132 BlockDriver *drv = NULL;
3134 const char *drvname;
3135 const char *backing;
3136 Error *local_err = NULL;
3137 QDict *snapshot_options = NULL;
3138 int snapshot_flags = 0;
3140 assert(!child_class || !flags);
3141 assert(!child_class == !parent);
3144 bool options_non_empty = options ? qdict_size(options) : false;
3145 qobject_unref(options);
3147 if (filename || options_non_empty) {
3148 error_setg(errp, "Cannot reference an existing block device with "
3149 "additional options or a new filename");
3153 bs = bdrv_lookup_bs(reference, reference, errp);
3164 /* NULL means an empty set of options */
3165 if (options == NULL) {
3166 options = qdict_new();
3169 /* json: syntax counts as explicit options, as if in the QDict */
3170 parse_json_protocol(options, &filename, &local_err);
3175 bs->explicit_options = qdict_clone_shallow(options);
3178 bool parent_is_format;
3181 parent_is_format = parent->drv->is_format;
3184 * parent->drv is not set yet because this node is opened for
3185 * (potential) format probing. That means that @parent is going
3186 * to be a format node.
3188 parent_is_format = true;
3191 bs->inherits_from = parent;
3192 child_class->inherit_options(child_role, parent_is_format,
3194 parent->open_flags, parent->options);
3197 ret = bdrv_fill_options(&options, filename, &flags, &local_err);
3203 * Set the BDRV_O_RDWR and BDRV_O_ALLOW_RDWR flags.
3204 * Caution: getting a boolean member of @options requires care.
3205 * When @options come from -blockdev or blockdev_add, members are
3206 * typed according to the QAPI schema, but when they come from
3207 * -drive, they're all QString.
3209 if (g_strcmp0(qdict_get_try_str(options, BDRV_OPT_READ_ONLY), "on") &&
3210 !qdict_get_try_bool(options, BDRV_OPT_READ_ONLY, false)) {
3211 flags |= (BDRV_O_RDWR | BDRV_O_ALLOW_RDWR);
3213 flags &= ~BDRV_O_RDWR;
3216 if (flags & BDRV_O_SNAPSHOT) {
3217 snapshot_options = qdict_new();
3218 bdrv_temp_snapshot_options(&snapshot_flags, snapshot_options,
3220 /* Let bdrv_backing_options() override "read-only" */
3221 qdict_del(options, BDRV_OPT_READ_ONLY);
3222 bdrv_backing_options(0, true, &flags, options, flags, options);
3225 bs->open_flags = flags;
3226 bs->options = options;
3227 options = qdict_clone_shallow(options);
3229 /* Find the right image format driver */
3230 /* See cautionary note on accessing @options above */
3231 drvname = qdict_get_try_str(options, "driver");
3233 drv = bdrv_find_format(drvname);
3235 error_setg(errp, "Unknown driver: '%s'", drvname);
3240 assert(drvname || !(flags & BDRV_O_PROTOCOL));
3242 /* See cautionary note on accessing @options above */
3243 backing = qdict_get_try_str(options, "backing");
3244 if (qobject_to(QNull, qdict_get(options, "backing")) != NULL ||
3245 (backing && *backing == '\0'))
3248 warn_report("Use of \"backing\": \"\" is deprecated; "
3249 "use \"backing\": null instead");
3251 flags |= BDRV_O_NO_BACKING;
3252 qdict_del(bs->explicit_options, "backing");
3253 qdict_del(bs->options, "backing");
3254 qdict_del(options, "backing");
3257 /* Open image file without format layer. This BlockBackend is only used for
3258 * probing, the block drivers will do their own bdrv_open_child() for the
3259 * same BDS, which is why we put the node name back into options. */
3260 if ((flags & BDRV_O_PROTOCOL) == 0) {
3261 BlockDriverState *file_bs;
3263 file_bs = bdrv_open_child_bs(filename, options, "file", bs,
3264 &child_file, 0, true, &local_err);
3268 if (file_bs != NULL) {
3269 /* Not requesting BLK_PERM_CONSISTENT_READ because we're only
3270 * looking at the header to guess the image format. This works even
3271 * in cases where a guest would not see a consistent state. */
3272 file = blk_new(bdrv_get_aio_context(file_bs), 0, BLK_PERM_ALL);
3273 blk_insert_bs(file, file_bs, &local_err);
3274 bdrv_unref(file_bs);
3279 qdict_put_str(options, "file", bdrv_get_node_name(file_bs));
3283 /* Image format probing */
3286 ret = find_image_format(file, filename, &drv, &local_err);
3291 * This option update would logically belong in bdrv_fill_options(),
3292 * but we first need to open bs->file for the probing to work, while
3293 * opening bs->file already requires the (mostly) final set of options
3294 * so that cache mode etc. can be inherited.
3296 * Adding the driver later is somewhat ugly, but it's not an option
3297 * that would ever be inherited, so it's correct. We just need to make
3298 * sure to update both bs->options (which has the full effective
3299 * options for bs) and options (which has file.* already removed).
3301 qdict_put_str(bs->options, "driver", drv->format_name);
3302 qdict_put_str(options, "driver", drv->format_name);
3304 error_setg(errp, "Must specify either driver or file");
3308 /* BDRV_O_PROTOCOL must be set iff a protocol BDS is about to be created */
3309 assert(!!(flags & BDRV_O_PROTOCOL) == !!drv->bdrv_file_open);
3310 /* file must be NULL if a protocol BDS is about to be created
3311 * (the inverse results in an error message from bdrv_open_common()) */
3312 assert(!(flags & BDRV_O_PROTOCOL) || !file);
3314 /* Open the image */
3315 ret = bdrv_open_common(bs, file, options, &local_err);
3325 /* If there is a backing file, use it */
3326 if ((flags & BDRV_O_NO_BACKING) == 0) {
3327 ret = bdrv_open_backing_file(bs, options, "backing", &local_err);
3329 goto close_and_fail;
3333 /* Remove all children options and references
3334 * from bs->options and bs->explicit_options */
3335 QLIST_FOREACH(child, &bs->children, next) {
3336 char *child_key_dot;
3337 child_key_dot = g_strdup_printf("%s.", child->name);
3338 qdict_extract_subqdict(bs->explicit_options, NULL, child_key_dot);
3339 qdict_extract_subqdict(bs->options, NULL, child_key_dot);
3340 qdict_del(bs->explicit_options, child->name);
3341 qdict_del(bs->options, child->name);
3342 g_free(child_key_dot);
3345 /* Check if any unknown options were used */
3346 if (qdict_size(options) != 0) {
3347 const QDictEntry *entry = qdict_first(options);
3348 if (flags & BDRV_O_PROTOCOL) {
3349 error_setg(errp, "Block protocol '%s' doesn't support the option "
3350 "'%s'", drv->format_name, entry->key);
3353 "Block format '%s' does not support the option '%s'",
3354 drv->format_name, entry->key);
3357 goto close_and_fail;
3360 bdrv_parent_cb_change_media(bs, true);
3362 qobject_unref(options);
3365 /* For snapshot=on, create a temporary qcow2 overlay. bs points to the
3366 * temporary snapshot afterwards. */
3367 if (snapshot_flags) {
3368 BlockDriverState *snapshot_bs;
3369 snapshot_bs = bdrv_append_temp_snapshot(bs, snapshot_flags,
3370 snapshot_options, &local_err);
3371 snapshot_options = NULL;
3373 goto close_and_fail;
3375 /* We are not going to return bs but the overlay on top of it
3376 * (snapshot_bs); thus, we have to drop the strong reference to bs
3377 * (which we obtained by calling bdrv_new()). bs will not be deleted,
3378 * though, because the overlay still has a reference to it. */
3387 qobject_unref(snapshot_options);
3388 qobject_unref(bs->explicit_options);
3389 qobject_unref(bs->options);
3390 qobject_unref(options);
3392 bs->explicit_options = NULL;
3394 error_propagate(errp, local_err);
3399 qobject_unref(snapshot_options);
3400 qobject_unref(options);
3401 error_propagate(errp, local_err);
3405 BlockDriverState *bdrv_open(const char *filename, const char *reference,
3406 QDict *options, int flags, Error **errp)
3408 return bdrv_open_inherit(filename, reference, options, flags, NULL,
3412 /* Return true if the NULL-terminated @list contains @str */
3413 static bool is_str_in_list(const char *str, const char *const *list)
3417 for (i = 0; list[i] != NULL; i++) {
3418 if (!strcmp(str, list[i])) {
3427 * Check that every option set in @bs->options is also set in
3430 * Options listed in the common_options list and in
3431 * @bs->drv->mutable_opts are skipped.
3433 * Return 0 on success, otherwise return -EINVAL and set @errp.
3435 static int bdrv_reset_options_allowed(BlockDriverState *bs,
3436 const QDict *new_opts, Error **errp)
3438 const QDictEntry *e;
3439 /* These options are common to all block drivers and are handled
3440 * in bdrv_reopen_prepare() so they can be left out of @new_opts */
3441 const char *const common_options[] = {
3442 "node-name", "discard", "cache.direct", "cache.no-flush",
3443 "read-only", "auto-read-only", "detect-zeroes", NULL
3446 for (e = qdict_first(bs->options); e; e = qdict_next(bs->options, e)) {
3447 if (!qdict_haskey(new_opts, e->key) &&
3448 !is_str_in_list(e->key, common_options) &&
3449 !is_str_in_list(e->key, bs->drv->mutable_opts)) {
3450 error_setg(errp, "Option '%s' cannot be reset "
3451 "to its default value", e->key);
3460 * Returns true if @child can be reached recursively from @bs
3462 static bool bdrv_recurse_has_child(BlockDriverState *bs,
3463 BlockDriverState *child)
3471 QLIST_FOREACH(c, &bs->children, next) {
3472 if (bdrv_recurse_has_child(c->bs, child)) {
3481 * Adds a BlockDriverState to a simple queue for an atomic, transactional
3482 * reopen of multiple devices.
3484 * bs_queue can either be an existing BlockReopenQueue that has had QTAILQ_INIT
3485 * already performed, or alternatively may be NULL a new BlockReopenQueue will
3486 * be created and initialized. This newly created BlockReopenQueue should be
3487 * passed back in for subsequent calls that are intended to be of the same
3490 * bs is the BlockDriverState to add to the reopen queue.
3492 * options contains the changed options for the associated bs
3493 * (the BlockReopenQueue takes ownership)
3495 * flags contains the open flags for the associated bs
3497 * returns a pointer to bs_queue, which is either the newly allocated
3498 * bs_queue, or the existing bs_queue being used.
3500 * bs must be drained between bdrv_reopen_queue() and bdrv_reopen_multiple().
3502 static BlockReopenQueue *bdrv_reopen_queue_child(BlockReopenQueue *bs_queue,
3503 BlockDriverState *bs,
3505 const BdrvChildClass *klass,
3507 bool parent_is_format,
3508 QDict *parent_options,
3514 BlockReopenQueueEntry *bs_entry;
3516 QDict *old_options, *explicit_options, *options_copy;
3520 /* Make sure that the caller remembered to use a drained section. This is
3521 * important to avoid graph changes between the recursive queuing here and
3522 * bdrv_reopen_multiple(). */
3523 assert(bs->quiesce_counter > 0);
3525 if (bs_queue == NULL) {
3526 bs_queue = g_new0(BlockReopenQueue, 1);
3527 QTAILQ_INIT(bs_queue);
3531 options = qdict_new();
3534 /* Check if this BlockDriverState is already in the queue */
3535 QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
3536 if (bs == bs_entry->state.bs) {
3542 * Precedence of options:
3543 * 1. Explicitly passed in options (highest)
3544 * 2. Retained from explicitly set options of bs
3545 * 3. Inherited from parent node
3546 * 4. Retained from effective options of bs
3549 /* Old explicitly set values (don't overwrite by inherited value) */
3550 if (bs_entry || keep_old_opts) {
3551 old_options = qdict_clone_shallow(bs_entry ?
3552 bs_entry->state.explicit_options :
3553 bs->explicit_options);
3554 bdrv_join_options(bs, options, old_options);
3555 qobject_unref(old_options);
3558 explicit_options = qdict_clone_shallow(options);
3560 /* Inherit from parent node */
3561 if (parent_options) {
3563 klass->inherit_options(role, parent_is_format, &flags, options,
3564 parent_flags, parent_options);
3566 flags = bdrv_get_flags(bs);
3569 if (keep_old_opts) {
3570 /* Old values are used for options that aren't set yet */
3571 old_options = qdict_clone_shallow(bs->options);
3572 bdrv_join_options(bs, options, old_options);
3573 qobject_unref(old_options);
3576 /* We have the final set of options so let's update the flags */
3577 options_copy = qdict_clone_shallow(options);
3578 opts = qemu_opts_create(&bdrv_runtime_opts, NULL, 0, &error_abort);
3579 qemu_opts_absorb_qdict(opts, options_copy, NULL);
3580 update_flags_from_options(&flags, opts);
3581 qemu_opts_del(opts);
3582 qobject_unref(options_copy);
3584 /* bdrv_open_inherit() sets and clears some additional flags internally */
3585 flags &= ~BDRV_O_PROTOCOL;
3586 if (flags & BDRV_O_RDWR) {
3587 flags |= BDRV_O_ALLOW_RDWR;
3591 bs_entry = g_new0(BlockReopenQueueEntry, 1);
3592 QTAILQ_INSERT_TAIL(bs_queue, bs_entry, entry);
3594 qobject_unref(bs_entry->state.options);
3595 qobject_unref(bs_entry->state.explicit_options);
3598 bs_entry->state.bs = bs;
3599 bs_entry->state.options = options;
3600 bs_entry->state.explicit_options = explicit_options;
3601 bs_entry->state.flags = flags;
3603 /* This needs to be overwritten in bdrv_reopen_prepare() */
3604 bs_entry->state.perm = UINT64_MAX;
3605 bs_entry->state.shared_perm = 0;
3608 * If keep_old_opts is false then it means that unspecified
3609 * options must be reset to their original value. We don't allow
3610 * resetting 'backing' but we need to know if the option is
3611 * missing in order to decide if we have to return an error.
3613 if (!keep_old_opts) {
3614 bs_entry->state.backing_missing =
3615 !qdict_haskey(options, "backing") &&
3616 !qdict_haskey(options, "backing.driver");
3619 QLIST_FOREACH(child, &bs->children, next) {
3620 QDict *new_child_options = NULL;
3621 bool child_keep_old = keep_old_opts;
3623 /* reopen can only change the options of block devices that were
3624 * implicitly created and inherited options. For other (referenced)
3625 * block devices, a syntax like "backing.foo" results in an error. */
3626 if (child->bs->inherits_from != bs) {
3630 /* Check if the options contain a child reference */
3631 if (qdict_haskey(options, child->name)) {
3632 const char *childref = qdict_get_try_str(options, child->name);
3634 * The current child must not be reopened if the child
3635 * reference is null or points to a different node.
3637 if (g_strcmp0(childref, child->bs->node_name)) {
3641 * If the child reference points to the current child then
3642 * reopen it with its existing set of options (note that
3643 * it can still inherit new options from the parent).
3645 child_keep_old = true;
3647 /* Extract child options ("child-name.*") */
3648 char *child_key_dot = g_strdup_printf("%s.", child->name);
3649 qdict_extract_subqdict(explicit_options, NULL, child_key_dot);
3650 qdict_extract_subqdict(options, &new_child_options, child_key_dot);
3651 g_free(child_key_dot);
3654 bdrv_reopen_queue_child(bs_queue, child->bs, new_child_options,
3655 child->klass, child->role, bs->drv->is_format,
3656 options, flags, child_keep_old);
3662 BlockReopenQueue *bdrv_reopen_queue(BlockReopenQueue *bs_queue,
3663 BlockDriverState *bs,
3664 QDict *options, bool keep_old_opts)
3666 return bdrv_reopen_queue_child(bs_queue, bs, options, NULL, 0, false,
3667 NULL, 0, keep_old_opts);
3671 * Reopen multiple BlockDriverStates atomically & transactionally.
3673 * The queue passed in (bs_queue) must have been built up previous
3674 * via bdrv_reopen_queue().
3676 * Reopens all BDS specified in the queue, with the appropriate
3677 * flags. All devices are prepared for reopen, and failure of any
3678 * device will cause all device changes to be abandoned, and intermediate
3681 * If all devices prepare successfully, then the changes are committed
3684 * All affected nodes must be drained between bdrv_reopen_queue() and
3685 * bdrv_reopen_multiple().
3687 int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
3690 BlockReopenQueueEntry *bs_entry, *next;
3692 assert(bs_queue != NULL);
3694 QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
3695 assert(bs_entry->state.bs->quiesce_counter > 0);
3696 if (bdrv_reopen_prepare(&bs_entry->state, bs_queue, errp)) {
3699 bs_entry->prepared = true;
3702 QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
3703 BDRVReopenState *state = &bs_entry->state;
3704 ret = bdrv_check_perm(state->bs, bs_queue, state->perm,
3705 state->shared_perm, NULL, NULL, errp);
3709 /* Check if new_backing_bs would accept the new permissions */
3710 if (state->replace_backing_bs && state->new_backing_bs) {
3711 uint64_t nperm, nshared;
3712 bdrv_child_perm(state->bs, state->new_backing_bs,
3713 NULL, &child_backing, 0, bs_queue,
3714 state->perm, state->shared_perm,
3716 ret = bdrv_check_update_perm(state->new_backing_bs, NULL,
3717 nperm, nshared, NULL, NULL, errp);
3722 bs_entry->perms_checked = true;
3726 * If we reach this point, we have success and just need to apply the
3729 * Reverse order is used to comfort qcow2 driver: on commit it need to write
3730 * IN_USE flag to the image, to mark bitmaps in the image as invalid. But
3731 * children are usually goes after parents in reopen-queue, so go from last
3734 QTAILQ_FOREACH_REVERSE(bs_entry, bs_queue, entry) {
3735 bdrv_reopen_commit(&bs_entry->state);
3740 QTAILQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) {
3741 BDRVReopenState *state = &bs_entry->state;
3743 if (!bs_entry->perms_checked) {
3748 bdrv_set_perm(state->bs, state->perm, state->shared_perm);
3750 bdrv_abort_perm_update(state->bs);
3751 if (state->replace_backing_bs && state->new_backing_bs) {
3752 bdrv_abort_perm_update(state->new_backing_bs);
3758 QTAILQ_FOREACH_REVERSE(bs_entry, bs_queue, entry) {
3759 BlockDriverState *bs = bs_entry->state.bs;
3761 if (bs->drv->bdrv_reopen_commit_post)
3762 bs->drv->bdrv_reopen_commit_post(&bs_entry->state);
3766 QTAILQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) {
3768 if (bs_entry->prepared) {
3769 bdrv_reopen_abort(&bs_entry->state);
3771 qobject_unref(bs_entry->state.explicit_options);
3772 qobject_unref(bs_entry->state.options);
3774 if (bs_entry->state.new_backing_bs) {
3775 bdrv_unref(bs_entry->state.new_backing_bs);
3784 int bdrv_reopen_set_read_only(BlockDriverState *bs, bool read_only,
3788 BlockReopenQueue *queue;
3789 QDict *opts = qdict_new();
3791 qdict_put_bool(opts, BDRV_OPT_READ_ONLY, read_only);
3793 bdrv_subtree_drained_begin(bs);
3794 queue = bdrv_reopen_queue(NULL, bs, opts, true);
3795 ret = bdrv_reopen_multiple(queue, errp);
3796 bdrv_subtree_drained_end(bs);
3801 static BlockReopenQueueEntry *find_parent_in_reopen_queue(BlockReopenQueue *q,
3804 BlockReopenQueueEntry *entry;
3806 QTAILQ_FOREACH(entry, q, entry) {
3807 BlockDriverState *bs = entry->state.bs;
3810 QLIST_FOREACH(child, &bs->children, next) {
3820 static void bdrv_reopen_perm(BlockReopenQueue *q, BlockDriverState *bs,
3821 uint64_t *perm, uint64_t *shared)
3824 BlockReopenQueueEntry *parent;
3825 uint64_t cumulative_perms = 0;
3826 uint64_t cumulative_shared_perms = BLK_PERM_ALL;
3828 QLIST_FOREACH(c, &bs->parents, next_parent) {
3829 parent = find_parent_in_reopen_queue(q, c);
3831 cumulative_perms |= c->perm;
3832 cumulative_shared_perms &= c->shared_perm;
3834 uint64_t nperm, nshared;
3836 bdrv_child_perm(parent->state.bs, bs, c, c->klass, c->role, q,
3837 parent->state.perm, parent->state.shared_perm,
3840 cumulative_perms |= nperm;
3841 cumulative_shared_perms &= nshared;
3844 *perm = cumulative_perms;
3845 *shared = cumulative_shared_perms;
3848 static bool bdrv_reopen_can_attach(BlockDriverState *parent,
3850 BlockDriverState *new_child,
3853 AioContext *parent_ctx = bdrv_get_aio_context(parent);
3854 AioContext *child_ctx = bdrv_get_aio_context(new_child);
3858 ignore = g_slist_prepend(NULL, child);
3859 ret = bdrv_can_set_aio_context(new_child, parent_ctx, &ignore, NULL);
3860 g_slist_free(ignore);
3865 ignore = g_slist_prepend(NULL, child);
3866 ret = bdrv_can_set_aio_context(parent, child_ctx, &ignore, errp);
3867 g_slist_free(ignore);
3872 * Take a BDRVReopenState and check if the value of 'backing' in the
3873 * reopen_state->options QDict is valid or not.
3875 * If 'backing' is missing from the QDict then return 0.
3877 * If 'backing' contains the node name of the backing file of
3878 * reopen_state->bs then return 0.
3880 * If 'backing' contains a different node name (or is null) then check
3881 * whether the current backing file can be replaced with the new one.
3882 * If that's the case then reopen_state->replace_backing_bs is set to
3883 * true and reopen_state->new_backing_bs contains a pointer to the new
3884 * backing BlockDriverState (or NULL).
3886 * Return 0 on success, otherwise return < 0 and set @errp.
3888 static int bdrv_reopen_parse_backing(BDRVReopenState *reopen_state,
3891 BlockDriverState *bs = reopen_state->bs;
3892 BlockDriverState *overlay_bs, *new_backing_bs;
3896 value = qdict_get(reopen_state->options, "backing");
3897 if (value == NULL) {
3901 switch (qobject_type(value)) {
3903 new_backing_bs = NULL;
3906 str = qobject_get_try_str(value);
3907 new_backing_bs = bdrv_lookup_bs(NULL, str, errp);
3908 if (new_backing_bs == NULL) {
3910 } else if (bdrv_recurse_has_child(new_backing_bs, bs)) {
3911 error_setg(errp, "Making '%s' a backing file of '%s' "
3912 "would create a cycle", str, bs->node_name);
3917 /* 'backing' does not allow any other data type */
3918 g_assert_not_reached();
3922 * Check AioContext compatibility so that the bdrv_set_backing_hd() call in
3923 * bdrv_reopen_commit() won't fail.
3925 if (new_backing_bs) {
3926 if (!bdrv_reopen_can_attach(bs, bs->backing, new_backing_bs, errp)) {
3932 * Find the "actual" backing file by skipping all links that point
3933 * to an implicit node, if any (e.g. a commit filter node).
3936 while (backing_bs(overlay_bs) && backing_bs(overlay_bs)->implicit) {
3937 overlay_bs = backing_bs(overlay_bs);
3940 /* If we want to replace the backing file we need some extra checks */
3941 if (new_backing_bs != backing_bs(overlay_bs)) {
3942 /* Check for implicit nodes between bs and its backing file */
3943 if (bs != overlay_bs) {
3944 error_setg(errp, "Cannot change backing link if '%s' has "
3945 "an implicit backing file", bs->node_name);
3948 /* Check if the backing link that we want to replace is frozen */
3949 if (bdrv_is_backing_chain_frozen(overlay_bs, backing_bs(overlay_bs),
3953 reopen_state->replace_backing_bs = true;
3954 if (new_backing_bs) {
3955 bdrv_ref(new_backing_bs);
3956 reopen_state->new_backing_bs = new_backing_bs;
3964 * Prepares a BlockDriverState for reopen. All changes are staged in the
3965 * 'opaque' field of the BDRVReopenState, which is used and allocated by
3966 * the block driver layer .bdrv_reopen_prepare()
3968 * bs is the BlockDriverState to reopen
3969 * flags are the new open flags
3970 * queue is the reopen queue
3972 * Returns 0 on success, non-zero on error. On error errp will be set
3975 * On failure, bdrv_reopen_abort() will be called to clean up any data.
3976 * It is the responsibility of the caller to then call the abort() or
3977 * commit() for any other BDS that have been left in a prepare() state
3980 int bdrv_reopen_prepare(BDRVReopenState *reopen_state, BlockReopenQueue *queue,
3985 Error *local_err = NULL;
3988 QDict *orig_reopen_opts;
3989 char *discard = NULL;
3991 bool drv_prepared = false;
3993 assert(reopen_state != NULL);
3994 assert(reopen_state->bs->drv != NULL);
3995 drv = reopen_state->bs->drv;
3997 /* This function and each driver's bdrv_reopen_prepare() remove
3998 * entries from reopen_state->options as they are processed, so
3999 * we need to make a copy of the original QDict. */
4000 orig_reopen_opts = qdict_clone_shallow(reopen_state->options);
4002 /* Process generic block layer options */
4003 opts = qemu_opts_create(&bdrv_runtime_opts, NULL, 0, &error_abort);
4004 qemu_opts_absorb_qdict(opts, reopen_state->options, &local_err);
4006 error_propagate(errp, local_err);
4011 /* This was already called in bdrv_reopen_queue_child() so the flags
4012 * are up-to-date. This time we simply want to remove the options from
4013 * QemuOpts in order to indicate that they have been processed. */
4014 old_flags = reopen_state->flags;
4015 update_flags_from_options(&reopen_state->flags, opts);
4016 assert(old_flags == reopen_state->flags);
4018 discard = qemu_opt_get_del(opts, BDRV_OPT_DISCARD);
4019 if (discard != NULL) {
4020 if (bdrv_parse_discard_flags(discard, &reopen_state->flags) != 0) {
4021 error_setg(errp, "Invalid discard option");
4027 reopen_state->detect_zeroes =
4028 bdrv_parse_detect_zeroes(opts, reopen_state->flags, &local_err);
4030 error_propagate(errp, local_err);
4035 /* All other options (including node-name and driver) must be unchanged.
4036 * Put them back into the QDict, so that they are checked at the end
4037 * of this function. */
4038 qemu_opts_to_qdict(opts, reopen_state->options);
4040 /* If we are to stay read-only, do not allow permission change
4041 * to r/w. Attempting to set to r/w may fail if either BDRV_O_ALLOW_RDWR is
4042 * not set, or if the BDS still has copy_on_read enabled */
4043 read_only = !(reopen_state->flags & BDRV_O_RDWR);
4044 ret = bdrv_can_set_read_only(reopen_state->bs, read_only, true, &local_err);
4046 error_propagate(errp, local_err);
4050 /* Calculate required permissions after reopening */
4051 bdrv_reopen_perm(queue, reopen_state->bs,
4052 &reopen_state->perm, &reopen_state->shared_perm);
4054 ret = bdrv_flush(reopen_state->bs);
4056 error_setg_errno(errp, -ret, "Error flushing drive");
4060 if (drv->bdrv_reopen_prepare) {
4062 * If a driver-specific option is missing, it means that we
4063 * should reset it to its default value.
4064 * But not all options allow that, so we need to check it first.
4066 ret = bdrv_reset_options_allowed(reopen_state->bs,
4067 reopen_state->options, errp);
4072 ret = drv->bdrv_reopen_prepare(reopen_state, queue, &local_err);
4074 if (local_err != NULL) {
4075 error_propagate(errp, local_err);
4077 bdrv_refresh_filename(reopen_state->bs);
4078 error_setg(errp, "failed while preparing to reopen image '%s'",
4079 reopen_state->bs->filename);
4084 /* It is currently mandatory to have a bdrv_reopen_prepare()
4085 * handler for each supported drv. */
4086 error_setg(errp, "Block format '%s' used by node '%s' "
4087 "does not support reopening files", drv->format_name,
4088 bdrv_get_device_or_node_name(reopen_state->bs));
4093 drv_prepared = true;
4096 * We must provide the 'backing' option if the BDS has a backing
4097 * file or if the image file has a backing file name as part of
4098 * its metadata. Otherwise the 'backing' option can be omitted.
4100 if (drv->supports_backing && reopen_state->backing_missing &&
4101 (backing_bs(reopen_state->bs) || reopen_state->bs->backing_file[0])) {
4102 error_setg(errp, "backing is missing for '%s'",
4103 reopen_state->bs->node_name);
4109 * Allow changing the 'backing' option. The new value can be
4110 * either a reference to an existing node (using its node name)
4111 * or NULL to simply detach the current backing file.
4113 ret = bdrv_reopen_parse_backing(reopen_state, errp);
4117 qdict_del(reopen_state->options, "backing");
4119 /* Options that are not handled are only okay if they are unchanged
4120 * compared to the old state. It is expected that some options are only
4121 * used for the initial open, but not reopen (e.g. filename) */
4122 if (qdict_size(reopen_state->options)) {
4123 const QDictEntry *entry = qdict_first(reopen_state->options);
4126 QObject *new = entry->value;
4127 QObject *old = qdict_get(reopen_state->bs->options, entry->key);
4129 /* Allow child references (child_name=node_name) as long as they
4130 * point to the current child (i.e. everything stays the same). */
4131 if (qobject_type(new) == QTYPE_QSTRING) {
4133 QLIST_FOREACH(child, &reopen_state->bs->children, next) {
4134 if (!strcmp(child->name, entry->key)) {
4140 const char *str = qobject_get_try_str(new);
4141 if (!strcmp(child->bs->node_name, str)) {
4142 continue; /* Found child with this name, skip option */
4148 * TODO: When using -drive to specify blockdev options, all values
4149 * will be strings; however, when using -blockdev, blockdev-add or
4150 * filenames using the json:{} pseudo-protocol, they will be
4152 * In contrast, reopening options are (currently) always strings
4153 * (because you can only specify them through qemu-io; all other
4154 * callers do not specify any options).
4155 * Therefore, when using anything other than -drive to create a BDS,
4156 * this cannot detect non-string options as unchanged, because
4157 * qobject_is_equal() always returns false for objects of different
4158 * type. In the future, this should be remedied by correctly typing
4159 * all options. For now, this is not too big of an issue because
4160 * the user can simply omit options which cannot be changed anyway,
4161 * so they will stay unchanged.
4163 if (!qobject_is_equal(new, old)) {
4164 error_setg(errp, "Cannot change the option '%s'", entry->key);
4168 } while ((entry = qdict_next(reopen_state->options, entry)));
4173 /* Restore the original reopen_state->options QDict */
4174 qobject_unref(reopen_state->options);
4175 reopen_state->options = qobject_ref(orig_reopen_opts);
4178 if (ret < 0 && drv_prepared) {
4179 /* drv->bdrv_reopen_prepare() has succeeded, so we need to
4180 * call drv->bdrv_reopen_abort() before signaling an error
4181 * (bdrv_reopen_multiple() will not call bdrv_reopen_abort()
4182 * when the respective bdrv_reopen_prepare() has failed) */
4183 if (drv->bdrv_reopen_abort) {
4184 drv->bdrv_reopen_abort(reopen_state);
4187 qemu_opts_del(opts);
4188 qobject_unref(orig_reopen_opts);
4194 * Takes the staged changes for the reopen from bdrv_reopen_prepare(), and
4195 * makes them final by swapping the staging BlockDriverState contents into
4196 * the active BlockDriverState contents.
4198 void bdrv_reopen_commit(BDRVReopenState *reopen_state)
4201 BlockDriverState *bs;
4204 assert(reopen_state != NULL);
4205 bs = reopen_state->bs;
4207 assert(drv != NULL);
4209 /* If there are any driver level actions to take */
4210 if (drv->bdrv_reopen_commit) {
4211 drv->bdrv_reopen_commit(reopen_state);
4214 /* set BDS specific flags now */
4215 qobject_unref(bs->explicit_options);
4216 qobject_unref(bs->options);
4218 bs->explicit_options = reopen_state->explicit_options;
4219 bs->options = reopen_state->options;
4220 bs->open_flags = reopen_state->flags;
4221 bs->read_only = !(reopen_state->flags & BDRV_O_RDWR);
4222 bs->detect_zeroes = reopen_state->detect_zeroes;
4224 if (reopen_state->replace_backing_bs) {
4225 qdict_del(bs->explicit_options, "backing");
4226 qdict_del(bs->options, "backing");
4229 /* Remove child references from bs->options and bs->explicit_options.
4230 * Child options were already removed in bdrv_reopen_queue_child() */
4231 QLIST_FOREACH(child, &bs->children, next) {
4232 qdict_del(bs->explicit_options, child->name);
4233 qdict_del(bs->options, child->name);
4237 * Change the backing file if a new one was specified. We do this
4238 * after updating bs->options, so bdrv_refresh_filename() (called
4239 * from bdrv_set_backing_hd()) has the new values.
4241 if (reopen_state->replace_backing_bs) {
4242 BlockDriverState *old_backing_bs = backing_bs(bs);
4243 assert(!old_backing_bs || !old_backing_bs->implicit);
4244 /* Abort the permission update on the backing bs we're detaching */
4245 if (old_backing_bs) {
4246 bdrv_abort_perm_update(old_backing_bs);
4248 bdrv_set_backing_hd(bs, reopen_state->new_backing_bs, &error_abort);
4251 bdrv_refresh_limits(bs, NULL);
4255 * Abort the reopen, and delete and free the staged changes in
4258 void bdrv_reopen_abort(BDRVReopenState *reopen_state)
4262 assert(reopen_state != NULL);
4263 drv = reopen_state->bs->drv;
4264 assert(drv != NULL);
4266 if (drv->bdrv_reopen_abort) {
4267 drv->bdrv_reopen_abort(reopen_state);
4272 static void bdrv_close(BlockDriverState *bs)
4274 BdrvAioNotifier *ban, *ban_next;
4275 BdrvChild *child, *next;
4277 assert(!bs->refcnt);
4279 bdrv_drained_begin(bs); /* complete I/O */
4281 bdrv_drain(bs); /* in case flush left pending I/O */
4284 if (bs->drv->bdrv_close) {
4285 bs->drv->bdrv_close(bs);
4290 QLIST_FOREACH_SAFE(child, &bs->children, next, next) {
4291 bdrv_unref_child(bs, child);
4298 atomic_set(&bs->copy_on_read, 0);
4299 bs->backing_file[0] = '\0';
4300 bs->backing_format[0] = '\0';
4301 bs->total_sectors = 0;
4302 bs->encrypted = false;
4304 qobject_unref(bs->options);
4305 qobject_unref(bs->explicit_options);
4307 bs->explicit_options = NULL;
4308 qobject_unref(bs->full_open_options);
4309 bs->full_open_options = NULL;
4311 bdrv_release_named_dirty_bitmaps(bs);
4312 assert(QLIST_EMPTY(&bs->dirty_bitmaps));
4314 QLIST_FOREACH_SAFE(ban, &bs->aio_notifiers, list, ban_next) {
4317 QLIST_INIT(&bs->aio_notifiers);
4318 bdrv_drained_end(bs);
4321 void bdrv_close_all(void)
4323 assert(job_next(NULL) == NULL);
4324 nbd_export_close_all();
4326 /* Drop references from requests still in flight, such as canceled block
4327 * jobs whose AIO context has not been polled yet */
4330 blk_remove_all_bs();
4331 blockdev_close_all_bdrv_states();
4333 assert(QTAILQ_EMPTY(&all_bdrv_states));
4336 static bool should_update_child(BdrvChild *c, BlockDriverState *to)
4342 if (c->klass->stay_at_node) {
4346 /* If the child @c belongs to the BDS @to, replacing the current
4347 * c->bs by @to would mean to create a loop.
4349 * Such a case occurs when appending a BDS to a backing chain.
4350 * For instance, imagine the following chain:
4352 * guest device -> node A -> further backing chain...
4354 * Now we create a new BDS B which we want to put on top of this
4355 * chain, so we first attach A as its backing node:
4360 * guest device -> node A -> further backing chain...
4362 * Finally we want to replace A by B. When doing that, we want to
4363 * replace all pointers to A by pointers to B -- except for the
4364 * pointer from B because (1) that would create a loop, and (2)
4365 * that pointer should simply stay intact:
4367 * guest device -> node B
4370 * node A -> further backing chain...
4372 * In general, when replacing a node A (c->bs) by a node B (@to),
4373 * if A is a child of B, that means we cannot replace A by B there
4374 * because that would create a loop. Silently detaching A from B
4375 * is also not really an option. So overall just leaving A in
4376 * place there is the most sensible choice.
4378 * We would also create a loop in any cases where @c is only
4379 * indirectly referenced by @to. Prevent this by returning false
4380 * if @c is found (by breadth-first search) anywhere in the whole
4385 found = g_hash_table_new(NULL, NULL);
4386 g_hash_table_add(found, to);
4387 queue = g_queue_new();
4388 g_queue_push_tail(queue, to);
4390 while (!g_queue_is_empty(queue)) {
4391 BlockDriverState *v = g_queue_pop_head(queue);
4394 QLIST_FOREACH(c2, &v->children, next) {
4400 if (g_hash_table_contains(found, c2->bs)) {
4404 g_queue_push_tail(queue, c2->bs);
4405 g_hash_table_add(found, c2->bs);
4409 g_queue_free(queue);
4410 g_hash_table_destroy(found);
4415 void bdrv_replace_node(BlockDriverState *from, BlockDriverState *to,
4418 BdrvChild *c, *next;
4419 GSList *list = NULL, *p;
4420 uint64_t perm = 0, shared = BLK_PERM_ALL;
4423 /* Make sure that @from doesn't go away until we have successfully attached
4424 * all of its parents to @to. */
4427 assert(qemu_get_current_aio_context() == qemu_get_aio_context());
4428 assert(bdrv_get_aio_context(from) == bdrv_get_aio_context(to));
4429 bdrv_drained_begin(from);
4431 /* Put all parents into @list and calculate their cumulative permissions */
4432 QLIST_FOREACH_SAFE(c, &from->parents, next_parent, next) {
4433 assert(c->bs == from);
4434 if (!should_update_child(c, to)) {
4438 error_setg(errp, "Cannot change '%s' link to '%s'",
4439 c->name, from->node_name);
4442 list = g_slist_prepend(list, c);
4444 shared &= c->shared_perm;
4447 /* Check whether the required permissions can be granted on @to, ignoring
4448 * all BdrvChild in @list so that they can't block themselves. */
4449 ret = bdrv_check_update_perm(to, NULL, perm, shared, list, NULL, errp);
4451 bdrv_abort_perm_update(to);
4455 /* Now actually perform the change. We performed the permission check for
4456 * all elements of @list at once, so set the permissions all at once at the
4458 for (p = list; p != NULL; p = p->next) {
4462 bdrv_replace_child_noperm(c, to);
4466 bdrv_get_cumulative_perm(to, &perm, &shared);
4467 bdrv_set_perm(to, perm, shared);
4471 bdrv_drained_end(from);
4476 * Add new bs contents at the top of an image chain while the chain is
4477 * live, while keeping required fields on the top layer.
4479 * This will modify the BlockDriverState fields, and swap contents
4480 * between bs_new and bs_top. Both bs_new and bs_top are modified.
4482 * bs_new must not be attached to a BlockBackend.
4484 * This function does not create any image files.
4486 * bdrv_append() takes ownership of a bs_new reference and unrefs it because
4487 * that's what the callers commonly need. bs_new will be referenced by the old
4488 * parents of bs_top after bdrv_append() returns. If the caller needs to keep a
4489 * reference of its own, it must call bdrv_ref().
4491 void bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top,
4494 Error *local_err = NULL;
4496 bdrv_set_backing_hd(bs_new, bs_top, &local_err);
4498 error_propagate(errp, local_err);
4502 bdrv_replace_node(bs_top, bs_new, &local_err);
4504 error_propagate(errp, local_err);
4505 bdrv_set_backing_hd(bs_new, NULL, &error_abort);
4509 /* bs_new is now referenced by its new parents, we don't need the
4510 * additional reference any more. */
4515 static void bdrv_delete(BlockDriverState *bs)
4517 assert(bdrv_op_blocker_is_empty(bs));
4518 assert(!bs->refcnt);
4520 /* remove from list, if necessary */
4521 if (bs->node_name[0] != '\0') {
4522 QTAILQ_REMOVE(&graph_bdrv_states, bs, node_list);
4524 QTAILQ_REMOVE(&all_bdrv_states, bs, bs_list);
4532 * Run consistency checks on an image
4534 * Returns 0 if the check could be completed (it doesn't mean that the image is
4535 * free of errors) or -errno when an internal error occurred. The results of the
4536 * check are stored in res.
4538 static int coroutine_fn bdrv_co_check(BlockDriverState *bs,
4539 BdrvCheckResult *res, BdrvCheckMode fix)
4541 if (bs->drv == NULL) {
4544 if (bs->drv->bdrv_co_check == NULL) {
4548 memset(res, 0, sizeof(*res));
4549 return bs->drv->bdrv_co_check(bs, res, fix);
4552 typedef struct CheckCo {
4553 BlockDriverState *bs;
4554 BdrvCheckResult *res;
4559 static void coroutine_fn bdrv_check_co_entry(void *opaque)
4561 CheckCo *cco = opaque;
4562 cco->ret = bdrv_co_check(cco->bs, cco->res, cco->fix);
4566 int bdrv_check(BlockDriverState *bs,
4567 BdrvCheckResult *res, BdrvCheckMode fix)
4573 .ret = -EINPROGRESS,
4577 if (qemu_in_coroutine()) {
4578 /* Fast-path if already in coroutine context */
4579 bdrv_check_co_entry(&cco);
4581 co = qemu_coroutine_create(bdrv_check_co_entry, &cco);
4582 bdrv_coroutine_enter(bs, co);
4583 BDRV_POLL_WHILE(bs, cco.ret == -EINPROGRESS);
4592 * -EINVAL - backing format specified, but no file
4593 * -ENOSPC - can't update the backing file because no space is left in the
4595 * -ENOTSUP - format driver doesn't support changing the backing file
4597 int bdrv_change_backing_file(BlockDriverState *bs,
4598 const char *backing_file, const char *backing_fmt)
4600 BlockDriver *drv = bs->drv;
4607 /* Backing file format doesn't make sense without a backing file */
4608 if (backing_fmt && !backing_file) {
4612 if (drv->bdrv_change_backing_file != NULL) {
4613 ret = drv->bdrv_change_backing_file(bs, backing_file, backing_fmt);
4619 pstrcpy(bs->backing_file, sizeof(bs->backing_file), backing_file ?: "");
4620 pstrcpy(bs->backing_format, sizeof(bs->backing_format), backing_fmt ?: "");
4621 pstrcpy(bs->auto_backing_file, sizeof(bs->auto_backing_file),
4622 backing_file ?: "");
4628 * Finds the image layer in the chain that has 'bs' as its backing file.
4630 * active is the current topmost image.
4632 * Returns NULL if bs is not found in active's image chain,
4633 * or if active == bs.
4635 * Returns the bottommost base image if bs == NULL.
4637 BlockDriverState *bdrv_find_overlay(BlockDriverState *active,
4638 BlockDriverState *bs)
4640 while (active && bs != backing_bs(active)) {
4641 active = backing_bs(active);
4647 /* Given a BDS, searches for the base layer. */
4648 BlockDriverState *bdrv_find_base(BlockDriverState *bs)
4650 return bdrv_find_overlay(bs, NULL);
4654 * Return true if at least one of the backing links between @bs and
4655 * @base is frozen. @errp is set if that's the case.
4656 * @base must be reachable from @bs, or NULL.
4658 bool bdrv_is_backing_chain_frozen(BlockDriverState *bs, BlockDriverState *base,
4661 BlockDriverState *i;
4663 for (i = bs; i != base; i = backing_bs(i)) {
4664 if (i->backing && i->backing->frozen) {
4665 error_setg(errp, "Cannot change '%s' link from '%s' to '%s'",
4666 i->backing->name, i->node_name,
4667 backing_bs(i)->node_name);
4676 * Freeze all backing links between @bs and @base.
4677 * If any of the links is already frozen the operation is aborted and
4678 * none of the links are modified.
4679 * @base must be reachable from @bs, or NULL.
4680 * Returns 0 on success. On failure returns < 0 and sets @errp.
4682 int bdrv_freeze_backing_chain(BlockDriverState *bs, BlockDriverState *base,
4685 BlockDriverState *i;
4687 if (bdrv_is_backing_chain_frozen(bs, base, errp)) {
4691 for (i = bs; i != base; i = backing_bs(i)) {
4692 if (i->backing && backing_bs(i)->never_freeze) {
4693 error_setg(errp, "Cannot freeze '%s' link to '%s'",
4694 i->backing->name, backing_bs(i)->node_name);
4699 for (i = bs; i != base; i = backing_bs(i)) {
4701 i->backing->frozen = true;
4709 * Unfreeze all backing links between @bs and @base. The caller must
4710 * ensure that all links are frozen before using this function.
4711 * @base must be reachable from @bs, or NULL.
4713 void bdrv_unfreeze_backing_chain(BlockDriverState *bs, BlockDriverState *base)
4715 BlockDriverState *i;
4717 for (i = bs; i != base; i = backing_bs(i)) {
4719 assert(i->backing->frozen);
4720 i->backing->frozen = false;
4726 * Drops images above 'base' up to and including 'top', and sets the image
4727 * above 'top' to have base as its backing file.
4729 * Requires that the overlay to 'top' is opened r/w, so that the backing file
4730 * information in 'bs' can be properly updated.
4732 * E.g., this will convert the following chain:
4733 * bottom <- base <- intermediate <- top <- active
4737 * bottom <- base <- active
4739 * It is allowed for bottom==base, in which case it converts:
4741 * base <- intermediate <- top <- active
4747 * If backing_file_str is non-NULL, it will be used when modifying top's
4748 * overlay image metadata.
4751 * if active == top, that is considered an error
4754 int bdrv_drop_intermediate(BlockDriverState *top, BlockDriverState *base,
4755 const char *backing_file_str)
4757 BlockDriverState *explicit_top = top;
4758 bool update_inherits_from;
4759 BdrvChild *c, *next;
4760 Error *local_err = NULL;
4764 bdrv_subtree_drained_begin(top);
4766 if (!top->drv || !base->drv) {
4770 /* Make sure that base is in the backing chain of top */
4771 if (!bdrv_chain_contains(top, base)) {
4775 /* This function changes all links that point to top and makes
4776 * them point to base. Check that none of them is frozen. */
4777 QLIST_FOREACH(c, &top->parents, next_parent) {
4783 /* If 'base' recursively inherits from 'top' then we should set
4784 * base->inherits_from to top->inherits_from after 'top' and all
4785 * other intermediate nodes have been dropped.
4786 * If 'top' is an implicit node (e.g. "commit_top") we should skip
4787 * it because no one inherits from it. We use explicit_top for that. */
4788 while (explicit_top && explicit_top->implicit) {
4789 explicit_top = backing_bs(explicit_top);
4791 update_inherits_from = bdrv_inherits_from_recursive(base, explicit_top);
4793 /* success - we can delete the intermediate states, and link top->base */
4794 /* TODO Check graph modification op blockers (BLK_PERM_GRAPH_MOD) once
4795 * we've figured out how they should work. */
4796 if (!backing_file_str) {
4797 bdrv_refresh_filename(base);
4798 backing_file_str = base->filename;
4801 QLIST_FOREACH_SAFE(c, &top->parents, next_parent, next) {
4802 /* Check whether we are allowed to switch c from top to base */
4803 GSList *ignore_children = g_slist_prepend(NULL, c);
4804 ret = bdrv_check_update_perm(base, NULL, c->perm, c->shared_perm,
4805 ignore_children, NULL, &local_err);
4806 g_slist_free(ignore_children);
4808 error_report_err(local_err);
4812 /* If so, update the backing file path in the image file */
4813 if (c->klass->update_filename) {
4814 ret = c->klass->update_filename(c, base, backing_file_str,
4817 bdrv_abort_perm_update(base);
4818 error_report_err(local_err);
4823 /* Do the actual switch in the in-memory graph.
4824 * Completes bdrv_check_update_perm() transaction internally. */
4826 bdrv_replace_child(c, base);
4830 if (update_inherits_from) {
4831 base->inherits_from = explicit_top->inherits_from;
4836 bdrv_subtree_drained_end(top);
4842 * Length of a allocated file in bytes. Sparse files are counted by actual
4843 * allocated space. Return < 0 if error or unknown.
4845 int64_t bdrv_get_allocated_file_size(BlockDriverState *bs)
4847 BlockDriver *drv = bs->drv;
4851 if (drv->bdrv_get_allocated_file_size) {
4852 return drv->bdrv_get_allocated_file_size(bs);
4855 return bdrv_get_allocated_file_size(bs->file->bs);
4862 * @drv: Format driver
4863 * @opts: Creation options for new image
4864 * @in_bs: Existing image containing data for new image (may be NULL)
4865 * @errp: Error object
4866 * Returns: A #BlockMeasureInfo (free using qapi_free_BlockMeasureInfo())
4869 * Calculate file size required to create a new image.
4871 * If @in_bs is given then space for allocated clusters and zero clusters
4872 * from that image are included in the calculation. If @opts contains a
4873 * backing file that is shared by @in_bs then backing clusters may be omitted
4874 * from the calculation.
4876 * If @in_bs is NULL then the calculation includes no allocated clusters
4877 * unless a preallocation option is given in @opts.
4879 * Note that @in_bs may use a different BlockDriver from @drv.
4881 * If an error occurs the @errp pointer is set.
4883 BlockMeasureInfo *bdrv_measure(BlockDriver *drv, QemuOpts *opts,
4884 BlockDriverState *in_bs, Error **errp)
4886 if (!drv->bdrv_measure) {
4887 error_setg(errp, "Block driver '%s' does not support size measurement",
4892 return drv->bdrv_measure(opts, in_bs, errp);
4896 * Return number of sectors on success, -errno on error.
4898 int64_t bdrv_nb_sectors(BlockDriverState *bs)
4900 BlockDriver *drv = bs->drv;
4905 if (drv->has_variable_length) {
4906 int ret = refresh_total_sectors(bs, bs->total_sectors);
4911 return bs->total_sectors;
4915 * Return length in bytes on success, -errno on error.
4916 * The length is always a multiple of BDRV_SECTOR_SIZE.
4918 int64_t bdrv_getlength(BlockDriverState *bs)
4920 int64_t ret = bdrv_nb_sectors(bs);
4922 ret = ret > INT64_MAX / BDRV_SECTOR_SIZE ? -EFBIG : ret;
4923 return ret < 0 ? ret : ret * BDRV_SECTOR_SIZE;
4926 /* return 0 as number of sectors if no device present or error */
4927 void bdrv_get_geometry(BlockDriverState *bs, uint64_t *nb_sectors_ptr)
4929 int64_t nb_sectors = bdrv_nb_sectors(bs);
4931 *nb_sectors_ptr = nb_sectors < 0 ? 0 : nb_sectors;
4934 bool bdrv_is_sg(BlockDriverState *bs)
4939 bool bdrv_is_encrypted(BlockDriverState *bs)
4941 if (bs->backing && bs->backing->bs->encrypted) {
4944 return bs->encrypted;
4947 const char *bdrv_get_format_name(BlockDriverState *bs)
4949 return bs->drv ? bs->drv->format_name : NULL;
4952 static int qsort_strcmp(const void *a, const void *b)
4954 return strcmp(*(char *const *)a, *(char *const *)b);
4957 void bdrv_iterate_format(void (*it)(void *opaque, const char *name),
4958 void *opaque, bool read_only)
4963 const char **formats = NULL;
4965 QLIST_FOREACH(drv, &bdrv_drivers, list) {
4966 if (drv->format_name) {
4970 if (use_bdrv_whitelist && !bdrv_is_whitelisted(drv, read_only)) {
4974 while (formats && i && !found) {
4975 found = !strcmp(formats[--i], drv->format_name);
4979 formats = g_renew(const char *, formats, count + 1);
4980 formats[count++] = drv->format_name;
4985 for (i = 0; i < (int)ARRAY_SIZE(block_driver_modules); i++) {
4986 const char *format_name = block_driver_modules[i].format_name;
4992 if (use_bdrv_whitelist &&
4993 !bdrv_format_is_whitelisted(format_name, read_only)) {
4997 while (formats && j && !found) {
4998 found = !strcmp(formats[--j], format_name);
5002 formats = g_renew(const char *, formats, count + 1);
5003 formats[count++] = format_name;
5008 qsort(formats, count, sizeof(formats[0]), qsort_strcmp);
5010 for (i = 0; i < count; i++) {
5011 it(opaque, formats[i]);
5017 /* This function is to find a node in the bs graph */
5018 BlockDriverState *bdrv_find_node(const char *node_name)
5020 BlockDriverState *bs;
5024 QTAILQ_FOREACH(bs, &graph_bdrv_states, node_list) {
5025 if (!strcmp(node_name, bs->node_name)) {
5032 /* Put this QMP function here so it can access the static graph_bdrv_states. */
5033 BlockDeviceInfoList *bdrv_named_nodes_list(bool flat,
5036 BlockDeviceInfoList *list, *entry;
5037 BlockDriverState *bs;
5040 QTAILQ_FOREACH(bs, &graph_bdrv_states, node_list) {
5041 BlockDeviceInfo *info = bdrv_block_device_info(NULL, bs, flat, errp);
5043 qapi_free_BlockDeviceInfoList(list);
5046 entry = g_malloc0(sizeof(*entry));
5047 entry->value = info;
5055 #define QAPI_LIST_ADD(list, element) do { \
5056 typeof(list) _tmp = g_new(typeof(*(list)), 1); \
5057 _tmp->value = (element); \
5058 _tmp->next = (list); \
5062 typedef struct XDbgBlockGraphConstructor {
5063 XDbgBlockGraph *graph;
5064 GHashTable *graph_nodes;
5065 } XDbgBlockGraphConstructor;
5067 static XDbgBlockGraphConstructor *xdbg_graph_new(void)
5069 XDbgBlockGraphConstructor *gr = g_new(XDbgBlockGraphConstructor, 1);
5071 gr->graph = g_new0(XDbgBlockGraph, 1);
5072 gr->graph_nodes = g_hash_table_new(NULL, NULL);
5077 static XDbgBlockGraph *xdbg_graph_finalize(XDbgBlockGraphConstructor *gr)
5079 XDbgBlockGraph *graph = gr->graph;
5081 g_hash_table_destroy(gr->graph_nodes);
5087 static uintptr_t xdbg_graph_node_num(XDbgBlockGraphConstructor *gr, void *node)
5089 uintptr_t ret = (uintptr_t)g_hash_table_lookup(gr->graph_nodes, node);
5096 * Start counting from 1, not 0, because 0 interferes with not-found (NULL)
5097 * answer of g_hash_table_lookup.
5099 ret = g_hash_table_size(gr->graph_nodes) + 1;
5100 g_hash_table_insert(gr->graph_nodes, node, (void *)ret);
5105 static void xdbg_graph_add_node(XDbgBlockGraphConstructor *gr, void *node,
5106 XDbgBlockGraphNodeType type, const char *name)
5108 XDbgBlockGraphNode *n;
5110 n = g_new0(XDbgBlockGraphNode, 1);
5112 n->id = xdbg_graph_node_num(gr, node);
5114 n->name = g_strdup(name);
5116 QAPI_LIST_ADD(gr->graph->nodes, n);
5119 static void xdbg_graph_add_edge(XDbgBlockGraphConstructor *gr, void *parent,
5120 const BdrvChild *child)
5122 BlockPermission qapi_perm;
5123 XDbgBlockGraphEdge *edge;
5125 edge = g_new0(XDbgBlockGraphEdge, 1);
5127 edge->parent = xdbg_graph_node_num(gr, parent);
5128 edge->child = xdbg_graph_node_num(gr, child->bs);
5129 edge->name = g_strdup(child->name);
5131 for (qapi_perm = 0; qapi_perm < BLOCK_PERMISSION__MAX; qapi_perm++) {
5132 uint64_t flag = bdrv_qapi_perm_to_blk_perm(qapi_perm);
5134 if (flag & child->perm) {
5135 QAPI_LIST_ADD(edge->perm, qapi_perm);
5137 if (flag & child->shared_perm) {
5138 QAPI_LIST_ADD(edge->shared_perm, qapi_perm);
5142 QAPI_LIST_ADD(gr->graph->edges, edge);
5146 XDbgBlockGraph *bdrv_get_xdbg_block_graph(Error **errp)
5150 BlockDriverState *bs;
5152 XDbgBlockGraphConstructor *gr = xdbg_graph_new();
5154 for (blk = blk_all_next(NULL); blk; blk = blk_all_next(blk)) {
5155 char *allocated_name = NULL;
5156 const char *name = blk_name(blk);
5159 name = allocated_name = blk_get_attached_dev_id(blk);
5161 xdbg_graph_add_node(gr, blk, X_DBG_BLOCK_GRAPH_NODE_TYPE_BLOCK_BACKEND,
5163 g_free(allocated_name);
5164 if (blk_root(blk)) {
5165 xdbg_graph_add_edge(gr, blk, blk_root(blk));
5169 for (job = block_job_next(NULL); job; job = block_job_next(job)) {
5172 xdbg_graph_add_node(gr, job, X_DBG_BLOCK_GRAPH_NODE_TYPE_BLOCK_JOB,
5174 for (el = job->nodes; el; el = el->next) {
5175 xdbg_graph_add_edge(gr, job, (BdrvChild *)el->data);
5179 QTAILQ_FOREACH(bs, &graph_bdrv_states, node_list) {
5180 xdbg_graph_add_node(gr, bs, X_DBG_BLOCK_GRAPH_NODE_TYPE_BLOCK_DRIVER,
5182 QLIST_FOREACH(child, &bs->children, next) {
5183 xdbg_graph_add_edge(gr, bs, child);
5187 return xdbg_graph_finalize(gr);
5190 BlockDriverState *bdrv_lookup_bs(const char *device,
5191 const char *node_name,
5195 BlockDriverState *bs;
5198 blk = blk_by_name(device);
5203 error_setg(errp, "Device '%s' has no medium", device);
5211 bs = bdrv_find_node(node_name);
5218 error_setg(errp, "Cannot find device=%s nor node_name=%s",
5219 device ? device : "",
5220 node_name ? node_name : "");
5224 /* If 'base' is in the same chain as 'top', return true. Otherwise,
5225 * return false. If either argument is NULL, return false. */
5226 bool bdrv_chain_contains(BlockDriverState *top, BlockDriverState *base)
5228 while (top && top != base) {
5229 top = backing_bs(top);
5235 BlockDriverState *bdrv_next_node(BlockDriverState *bs)
5238 return QTAILQ_FIRST(&graph_bdrv_states);
5240 return QTAILQ_NEXT(bs, node_list);
5243 BlockDriverState *bdrv_next_all_states(BlockDriverState *bs)
5246 return QTAILQ_FIRST(&all_bdrv_states);
5248 return QTAILQ_NEXT(bs, bs_list);
5251 const char *bdrv_get_node_name(const BlockDriverState *bs)
5253 return bs->node_name;
5256 const char *bdrv_get_parent_name(const BlockDriverState *bs)
5261 /* If multiple parents have a name, just pick the first one. */
5262 QLIST_FOREACH(c, &bs->parents, next_parent) {
5263 if (c->klass->get_name) {
5264 name = c->klass->get_name(c);
5265 if (name && *name) {
5274 /* TODO check what callers really want: bs->node_name or blk_name() */
5275 const char *bdrv_get_device_name(const BlockDriverState *bs)
5277 return bdrv_get_parent_name(bs) ?: "";
5280 /* This can be used to identify nodes that might not have a device
5281 * name associated. Since node and device names live in the same
5282 * namespace, the result is unambiguous. The exception is if both are
5283 * absent, then this returns an empty (non-null) string. */
5284 const char *bdrv_get_device_or_node_name(const BlockDriverState *bs)
5286 return bdrv_get_parent_name(bs) ?: bs->node_name;
5289 int bdrv_get_flags(BlockDriverState *bs)
5291 return bs->open_flags;
5294 int bdrv_has_zero_init_1(BlockDriverState *bs)
5299 int bdrv_has_zero_init(BlockDriverState *bs)
5305 /* If BS is a copy on write image, it is initialized to
5306 the contents of the base image, which may not be zeroes. */
5310 if (bs->drv->bdrv_has_zero_init) {
5311 return bs->drv->bdrv_has_zero_init(bs);
5313 if (bs->file && bs->drv->is_filter) {
5314 return bdrv_has_zero_init(bs->file->bs);
5321 bool bdrv_unallocated_blocks_are_zero(BlockDriverState *bs)
5323 BlockDriverInfo bdi;
5329 if (bdrv_get_info(bs, &bdi) == 0) {
5330 return bdi.unallocated_blocks_are_zero;
5336 bool bdrv_can_write_zeroes_with_unmap(BlockDriverState *bs)
5338 if (!(bs->open_flags & BDRV_O_UNMAP)) {
5342 return bs->supported_zero_flags & BDRV_REQ_MAY_UNMAP;
5345 void bdrv_get_backing_filename(BlockDriverState *bs,
5346 char *filename, int filename_size)
5348 pstrcpy(filename, filename_size, bs->backing_file);
5351 int bdrv_get_info(BlockDriverState *bs, BlockDriverInfo *bdi)
5353 BlockDriver *drv = bs->drv;
5354 /* if bs->drv == NULL, bs is closed, so there's nothing to do here */
5358 if (!drv->bdrv_get_info) {
5359 if (bs->file && drv->is_filter) {
5360 return bdrv_get_info(bs->file->bs, bdi);
5364 memset(bdi, 0, sizeof(*bdi));
5365 return drv->bdrv_get_info(bs, bdi);
5368 ImageInfoSpecific *bdrv_get_specific_info(BlockDriverState *bs,
5371 BlockDriver *drv = bs->drv;
5372 if (drv && drv->bdrv_get_specific_info) {
5373 return drv->bdrv_get_specific_info(bs, errp);
5378 BlockStatsSpecific *bdrv_get_specific_stats(BlockDriverState *bs)
5380 BlockDriver *drv = bs->drv;
5381 if (!drv || !drv->bdrv_get_specific_stats) {
5384 return drv->bdrv_get_specific_stats(bs);
5387 void bdrv_debug_event(BlockDriverState *bs, BlkdebugEvent event)
5389 if (!bs || !bs->drv || !bs->drv->bdrv_debug_event) {
5393 bs->drv->bdrv_debug_event(bs, event);
5396 static BlockDriverState *bdrv_find_debug_node(BlockDriverState *bs)
5398 while (bs && bs->drv && !bs->drv->bdrv_debug_breakpoint) {
5404 if (bs->drv->is_filter && bs->backing) {
5405 bs = bs->backing->bs;
5412 if (bs && bs->drv && bs->drv->bdrv_debug_breakpoint) {
5413 assert(bs->drv->bdrv_debug_remove_breakpoint);
5420 int bdrv_debug_breakpoint(BlockDriverState *bs, const char *event,
5423 bs = bdrv_find_debug_node(bs);
5425 return bs->drv->bdrv_debug_breakpoint(bs, event, tag);
5431 int bdrv_debug_remove_breakpoint(BlockDriverState *bs, const char *tag)
5433 bs = bdrv_find_debug_node(bs);
5435 return bs->drv->bdrv_debug_remove_breakpoint(bs, tag);
5441 int bdrv_debug_resume(BlockDriverState *bs, const char *tag)
5443 while (bs && (!bs->drv || !bs->drv->bdrv_debug_resume)) {
5444 bs = bs->file ? bs->file->bs : NULL;
5447 if (bs && bs->drv && bs->drv->bdrv_debug_resume) {
5448 return bs->drv->bdrv_debug_resume(bs, tag);
5454 bool bdrv_debug_is_suspended(BlockDriverState *bs, const char *tag)
5456 while (bs && bs->drv && !bs->drv->bdrv_debug_is_suspended) {
5457 bs = bs->file ? bs->file->bs : NULL;
5460 if (bs && bs->drv && bs->drv->bdrv_debug_is_suspended) {
5461 return bs->drv->bdrv_debug_is_suspended(bs, tag);
5467 /* backing_file can either be relative, or absolute, or a protocol. If it is
5468 * relative, it must be relative to the chain. So, passing in bs->filename
5469 * from a BDS as backing_file should not be done, as that may be relative to
5470 * the CWD rather than the chain. */
5471 BlockDriverState *bdrv_find_backing_image(BlockDriverState *bs,
5472 const char *backing_file)
5474 char *filename_full = NULL;
5475 char *backing_file_full = NULL;
5476 char *filename_tmp = NULL;
5477 int is_protocol = 0;
5478 BlockDriverState *curr_bs = NULL;
5479 BlockDriverState *retval = NULL;
5481 if (!bs || !bs->drv || !backing_file) {
5485 filename_full = g_malloc(PATH_MAX);
5486 backing_file_full = g_malloc(PATH_MAX);
5488 is_protocol = path_has_protocol(backing_file);
5490 for (curr_bs = bs; curr_bs->backing; curr_bs = curr_bs->backing->bs) {
5492 /* If either of the filename paths is actually a protocol, then
5493 * compare unmodified paths; otherwise make paths relative */
5494 if (is_protocol || path_has_protocol(curr_bs->backing_file)) {
5495 char *backing_file_full_ret;
5497 if (strcmp(backing_file, curr_bs->backing_file) == 0) {
5498 retval = curr_bs->backing->bs;
5501 /* Also check against the full backing filename for the image */
5502 backing_file_full_ret = bdrv_get_full_backing_filename(curr_bs,
5504 if (backing_file_full_ret) {
5505 bool equal = strcmp(backing_file, backing_file_full_ret) == 0;
5506 g_free(backing_file_full_ret);
5508 retval = curr_bs->backing->bs;
5513 /* If not an absolute filename path, make it relative to the current
5514 * image's filename path */
5515 filename_tmp = bdrv_make_absolute_filename(curr_bs, backing_file,
5517 /* We are going to compare canonicalized absolute pathnames */
5518 if (!filename_tmp || !realpath(filename_tmp, filename_full)) {
5519 g_free(filename_tmp);
5522 g_free(filename_tmp);
5524 /* We need to make sure the backing filename we are comparing against
5525 * is relative to the current image filename (or absolute) */
5526 filename_tmp = bdrv_get_full_backing_filename(curr_bs, NULL);
5527 if (!filename_tmp || !realpath(filename_tmp, backing_file_full)) {
5528 g_free(filename_tmp);
5531 g_free(filename_tmp);
5533 if (strcmp(backing_file_full, filename_full) == 0) {
5534 retval = curr_bs->backing->bs;
5540 g_free(filename_full);
5541 g_free(backing_file_full);
5545 void bdrv_init(void)
5547 module_call_init(MODULE_INIT_BLOCK);
5550 void bdrv_init_with_whitelist(void)
5552 use_bdrv_whitelist = 1;
5556 static void coroutine_fn bdrv_co_invalidate_cache(BlockDriverState *bs,
5559 BdrvChild *child, *parent;
5560 uint64_t perm, shared_perm;
5561 Error *local_err = NULL;
5563 BdrvDirtyBitmap *bm;
5569 QLIST_FOREACH(child, &bs->children, next) {
5570 bdrv_co_invalidate_cache(child->bs, &local_err);
5572 error_propagate(errp, local_err);
5578 * Update permissions, they may differ for inactive nodes.
5580 * Note that the required permissions of inactive images are always a
5581 * subset of the permissions required after activating the image. This
5582 * allows us to just get the permissions upfront without restricting
5583 * drv->bdrv_invalidate_cache().
5585 * It also means that in error cases, we don't have to try and revert to
5586 * the old permissions (which is an operation that could fail, too). We can
5587 * just keep the extended permissions for the next time that an activation
5588 * of the image is tried.
5590 if (bs->open_flags & BDRV_O_INACTIVE) {
5591 bs->open_flags &= ~BDRV_O_INACTIVE;
5592 bdrv_get_cumulative_perm(bs, &perm, &shared_perm);
5593 ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, NULL, &local_err);
5595 bs->open_flags |= BDRV_O_INACTIVE;
5596 error_propagate(errp, local_err);
5599 bdrv_set_perm(bs, perm, shared_perm);
5601 if (bs->drv->bdrv_co_invalidate_cache) {
5602 bs->drv->bdrv_co_invalidate_cache(bs, &local_err);
5604 bs->open_flags |= BDRV_O_INACTIVE;
5605 error_propagate(errp, local_err);
5610 FOR_EACH_DIRTY_BITMAP(bs, bm) {
5611 bdrv_dirty_bitmap_skip_store(bm, false);
5614 ret = refresh_total_sectors(bs, bs->total_sectors);
5616 bs->open_flags |= BDRV_O_INACTIVE;
5617 error_setg_errno(errp, -ret, "Could not refresh total sector count");
5622 QLIST_FOREACH(parent, &bs->parents, next_parent) {
5623 if (parent->klass->activate) {
5624 parent->klass->activate(parent, &local_err);
5626 bs->open_flags |= BDRV_O_INACTIVE;
5627 error_propagate(errp, local_err);
5634 typedef struct InvalidateCacheCo {
5635 BlockDriverState *bs;
5638 } InvalidateCacheCo;
5640 static void coroutine_fn bdrv_invalidate_cache_co_entry(void *opaque)
5642 InvalidateCacheCo *ico = opaque;
5643 bdrv_co_invalidate_cache(ico->bs, ico->errp);
5648 void bdrv_invalidate_cache(BlockDriverState *bs, Error **errp)
5651 InvalidateCacheCo ico = {
5657 if (qemu_in_coroutine()) {
5658 /* Fast-path if already in coroutine context */
5659 bdrv_invalidate_cache_co_entry(&ico);
5661 co = qemu_coroutine_create(bdrv_invalidate_cache_co_entry, &ico);
5662 bdrv_coroutine_enter(bs, co);
5663 BDRV_POLL_WHILE(bs, !ico.done);
5667 void bdrv_invalidate_cache_all(Error **errp)
5669 BlockDriverState *bs;
5670 Error *local_err = NULL;
5671 BdrvNextIterator it;
5673 for (bs = bdrv_first(&it); bs; bs = bdrv_next(&it)) {
5674 AioContext *aio_context = bdrv_get_aio_context(bs);
5676 aio_context_acquire(aio_context);
5677 bdrv_invalidate_cache(bs, &local_err);
5678 aio_context_release(aio_context);
5680 error_propagate(errp, local_err);
5681 bdrv_next_cleanup(&it);
5687 static bool bdrv_has_bds_parent(BlockDriverState *bs, bool only_active)
5691 QLIST_FOREACH(parent, &bs->parents, next_parent) {
5692 if (parent->klass->parent_is_bds) {
5693 BlockDriverState *parent_bs = parent->opaque;
5694 if (!only_active || !(parent_bs->open_flags & BDRV_O_INACTIVE)) {
5703 static int bdrv_inactivate_recurse(BlockDriverState *bs)
5705 BdrvChild *child, *parent;
5706 bool tighten_restrictions;
5707 uint64_t perm, shared_perm;
5714 /* Make sure that we don't inactivate a child before its parent.
5715 * It will be covered by recursion from the yet active parent. */
5716 if (bdrv_has_bds_parent(bs, true)) {
5720 assert(!(bs->open_flags & BDRV_O_INACTIVE));
5722 /* Inactivate this node */
5723 if (bs->drv->bdrv_inactivate) {
5724 ret = bs->drv->bdrv_inactivate(bs);
5730 QLIST_FOREACH(parent, &bs->parents, next_parent) {
5731 if (parent->klass->inactivate) {
5732 ret = parent->klass->inactivate(parent);
5739 bs->open_flags |= BDRV_O_INACTIVE;
5741 /* Update permissions, they may differ for inactive nodes */
5742 bdrv_get_cumulative_perm(bs, &perm, &shared_perm);
5743 ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL,
5744 &tighten_restrictions, NULL);
5745 assert(tighten_restrictions == false);
5747 /* We only tried to loosen restrictions, so errors are not fatal */
5748 bdrv_abort_perm_update(bs);
5750 bdrv_set_perm(bs, perm, shared_perm);
5754 /* Recursively inactivate children */
5755 QLIST_FOREACH(child, &bs->children, next) {
5756 ret = bdrv_inactivate_recurse(child->bs);
5765 int bdrv_inactivate_all(void)
5767 BlockDriverState *bs = NULL;
5768 BdrvNextIterator it;
5770 GSList *aio_ctxs = NULL, *ctx;
5772 for (bs = bdrv_first(&it); bs; bs = bdrv_next(&it)) {
5773 AioContext *aio_context = bdrv_get_aio_context(bs);
5775 if (!g_slist_find(aio_ctxs, aio_context)) {
5776 aio_ctxs = g_slist_prepend(aio_ctxs, aio_context);
5777 aio_context_acquire(aio_context);
5781 for (bs = bdrv_first(&it); bs; bs = bdrv_next(&it)) {
5782 /* Nodes with BDS parents are covered by recursion from the last
5783 * parent that gets inactivated. Don't inactivate them a second
5784 * time if that has already happened. */
5785 if (bdrv_has_bds_parent(bs, false)) {
5788 ret = bdrv_inactivate_recurse(bs);
5790 bdrv_next_cleanup(&it);
5796 for (ctx = aio_ctxs; ctx != NULL; ctx = ctx->next) {
5797 AioContext *aio_context = ctx->data;
5798 aio_context_release(aio_context);
5800 g_slist_free(aio_ctxs);
5805 /**************************************************************/
5806 /* removable device support */
5809 * Return TRUE if the media is present
5811 bool bdrv_is_inserted(BlockDriverState *bs)
5813 BlockDriver *drv = bs->drv;
5819 if (drv->bdrv_is_inserted) {
5820 return drv->bdrv_is_inserted(bs);
5822 QLIST_FOREACH(child, &bs->children, next) {
5823 if (!bdrv_is_inserted(child->bs)) {
5831 * If eject_flag is TRUE, eject the media. Otherwise, close the tray
5833 void bdrv_eject(BlockDriverState *bs, bool eject_flag)
5835 BlockDriver *drv = bs->drv;
5837 if (drv && drv->bdrv_eject) {
5838 drv->bdrv_eject(bs, eject_flag);
5843 * Lock or unlock the media (if it is locked, the user won't be able
5844 * to eject it manually).
5846 void bdrv_lock_medium(BlockDriverState *bs, bool locked)
5848 BlockDriver *drv = bs->drv;
5850 trace_bdrv_lock_medium(bs, locked);
5852 if (drv && drv->bdrv_lock_medium) {
5853 drv->bdrv_lock_medium(bs, locked);
5857 /* Get a reference to bs */
5858 void bdrv_ref(BlockDriverState *bs)
5863 /* Release a previously grabbed reference to bs.
5864 * If after releasing, reference count is zero, the BlockDriverState is
5866 void bdrv_unref(BlockDriverState *bs)
5871 assert(bs->refcnt > 0);
5872 if (--bs->refcnt == 0) {
5877 struct BdrvOpBlocker {
5879 QLIST_ENTRY(BdrvOpBlocker) list;
5882 bool bdrv_op_is_blocked(BlockDriverState *bs, BlockOpType op, Error **errp)
5884 BdrvOpBlocker *blocker;
5885 assert((int) op >= 0 && op < BLOCK_OP_TYPE_MAX);
5886 if (!QLIST_EMPTY(&bs->op_blockers[op])) {
5887 blocker = QLIST_FIRST(&bs->op_blockers[op]);
5888 error_propagate_prepend(errp, error_copy(blocker->reason),
5889 "Node '%s' is busy: ",
5890 bdrv_get_device_or_node_name(bs));
5896 void bdrv_op_block(BlockDriverState *bs, BlockOpType op, Error *reason)
5898 BdrvOpBlocker *blocker;
5899 assert((int) op >= 0 && op < BLOCK_OP_TYPE_MAX);
5901 blocker = g_new0(BdrvOpBlocker, 1);
5902 blocker->reason = reason;
5903 QLIST_INSERT_HEAD(&bs->op_blockers[op], blocker, list);
5906 void bdrv_op_unblock(BlockDriverState *bs, BlockOpType op, Error *reason)
5908 BdrvOpBlocker *blocker, *next;
5909 assert((int) op >= 0 && op < BLOCK_OP_TYPE_MAX);
5910 QLIST_FOREACH_SAFE(blocker, &bs->op_blockers[op], list, next) {
5911 if (blocker->reason == reason) {
5912 QLIST_REMOVE(blocker, list);
5918 void bdrv_op_block_all(BlockDriverState *bs, Error *reason)
5921 for (i = 0; i < BLOCK_OP_TYPE_MAX; i++) {
5922 bdrv_op_block(bs, i, reason);
5926 void bdrv_op_unblock_all(BlockDriverState *bs, Error *reason)
5929 for (i = 0; i < BLOCK_OP_TYPE_MAX; i++) {
5930 bdrv_op_unblock(bs, i, reason);
5934 bool bdrv_op_blocker_is_empty(BlockDriverState *bs)
5938 for (i = 0; i < BLOCK_OP_TYPE_MAX; i++) {
5939 if (!QLIST_EMPTY(&bs->op_blockers[i])) {
5946 void bdrv_img_create(const char *filename, const char *fmt,
5947 const char *base_filename, const char *base_fmt,
5948 char *options, uint64_t img_size, int flags, bool quiet,
5951 QemuOptsList *create_opts = NULL;
5952 QemuOpts *opts = NULL;
5953 const char *backing_fmt, *backing_file;
5955 BlockDriver *drv, *proto_drv;
5956 Error *local_err = NULL;
5959 /* Find driver and parse its options */
5960 drv = bdrv_find_format(fmt);
5962 error_setg(errp, "Unknown file format '%s'", fmt);
5966 proto_drv = bdrv_find_protocol(filename, true, errp);
5971 if (!drv->create_opts) {
5972 error_setg(errp, "Format driver '%s' does not support image creation",
5977 if (!proto_drv->create_opts) {
5978 error_setg(errp, "Protocol driver '%s' does not support image creation",
5979 proto_drv->format_name);
5983 /* Create parameter list */
5984 create_opts = qemu_opts_append(create_opts, drv->create_opts);
5985 create_opts = qemu_opts_append(create_opts, proto_drv->create_opts);
5987 opts = qemu_opts_create(create_opts, NULL, 0, &error_abort);
5989 /* Parse -o options */
5991 qemu_opts_do_parse(opts, options, NULL, &local_err);
5997 if (!qemu_opt_get(opts, BLOCK_OPT_SIZE)) {
5998 qemu_opt_set_number(opts, BLOCK_OPT_SIZE, img_size, &error_abort);
5999 } else if (img_size != UINT64_C(-1)) {
6000 error_setg(errp, "The image size must be specified only once");
6004 if (base_filename) {
6005 qemu_opt_set(opts, BLOCK_OPT_BACKING_FILE, base_filename, &local_err);
6007 error_setg(errp, "Backing file not supported for file format '%s'",
6014 qemu_opt_set(opts, BLOCK_OPT_BACKING_FMT, base_fmt, &local_err);
6016 error_setg(errp, "Backing file format not supported for file "
6017 "format '%s'", fmt);
6022 backing_file = qemu_opt_get(opts, BLOCK_OPT_BACKING_FILE);
6024 if (!strcmp(filename, backing_file)) {
6025 error_setg(errp, "Error: Trying to create an image with the "
6026 "same filename as the backing file");
6031 backing_fmt = qemu_opt_get(opts, BLOCK_OPT_BACKING_FMT);
6033 /* The size for the image must always be specified, unless we have a backing
6034 * file and we have not been forbidden from opening it. */
6035 size = qemu_opt_get_size(opts, BLOCK_OPT_SIZE, img_size);
6036 if (backing_file && !(flags & BDRV_O_NO_BACKING)) {
6037 BlockDriverState *bs;
6040 QDict *backing_options = NULL;
6043 bdrv_get_full_backing_filename_from_filename(filename, backing_file,
6048 assert(full_backing);
6050 /* backing files always opened read-only */
6052 back_flags &= ~(BDRV_O_RDWR | BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING);
6054 backing_options = qdict_new();
6056 qdict_put_str(backing_options, "driver", backing_fmt);
6058 qdict_put_bool(backing_options, BDRV_OPT_FORCE_SHARE, true);
6060 bs = bdrv_open(full_backing, NULL, backing_options, back_flags,
6062 g_free(full_backing);
6063 if (!bs && size != -1) {
6064 /* Couldn't open BS, but we have a size, so it's nonfatal */
6065 warn_reportf_err(local_err,
6066 "Could not verify backing image. "
6067 "This may become an error in future versions.\n");
6070 /* Couldn't open bs, do not have size */
6071 error_append_hint(&local_err,
6072 "Could not open backing image to determine size.\n");
6076 /* Opened BS, have no size */
6077 size = bdrv_getlength(bs);
6079 error_setg_errno(errp, -size, "Could not get size of '%s'",
6084 qemu_opt_set_number(opts, BLOCK_OPT_SIZE, size, &error_abort);
6088 } /* (backing_file && !(flags & BDRV_O_NO_BACKING)) */
6091 error_setg(errp, "Image creation needs a size parameter");
6096 printf("Formatting '%s', fmt=%s ", filename, fmt);
6097 qemu_opts_print(opts, " ");
6101 ret = bdrv_create(drv, filename, opts, &local_err);
6103 if (ret == -EFBIG) {
6104 /* This is generally a better message than whatever the driver would
6105 * deliver (especially because of the cluster_size_hint), since that
6106 * is most probably not much different from "image too large". */
6107 const char *cluster_size_hint = "";
6108 if (qemu_opt_get_size(opts, BLOCK_OPT_CLUSTER_SIZE, 0)) {
6109 cluster_size_hint = " (try using a larger cluster size)";
6111 error_setg(errp, "The image size is too large for file format '%s'"
6112 "%s", fmt, cluster_size_hint);
6113 error_free(local_err);
6118 qemu_opts_del(opts);
6119 qemu_opts_free(create_opts);
6120 error_propagate(errp, local_err);
6123 AioContext *bdrv_get_aio_context(BlockDriverState *bs)
6125 return bs ? bs->aio_context : qemu_get_aio_context();
6128 void bdrv_coroutine_enter(BlockDriverState *bs, Coroutine *co)
6130 aio_co_enter(bdrv_get_aio_context(bs), co);
6133 static void bdrv_do_remove_aio_context_notifier(BdrvAioNotifier *ban)
6135 QLIST_REMOVE(ban, list);
6139 static void bdrv_detach_aio_context(BlockDriverState *bs)
6141 BdrvAioNotifier *baf, *baf_tmp;
6143 assert(!bs->walking_aio_notifiers);
6144 bs->walking_aio_notifiers = true;
6145 QLIST_FOREACH_SAFE(baf, &bs->aio_notifiers, list, baf_tmp) {
6147 bdrv_do_remove_aio_context_notifier(baf);
6149 baf->detach_aio_context(baf->opaque);
6152 /* Never mind iterating again to check for ->deleted. bdrv_close() will
6153 * remove remaining aio notifiers if we aren't called again.
6155 bs->walking_aio_notifiers = false;
6157 if (bs->drv && bs->drv->bdrv_detach_aio_context) {
6158 bs->drv->bdrv_detach_aio_context(bs);
6161 if (bs->quiesce_counter) {
6162 aio_enable_external(bs->aio_context);
6164 bs->aio_context = NULL;
6167 static void bdrv_attach_aio_context(BlockDriverState *bs,
6168 AioContext *new_context)
6170 BdrvAioNotifier *ban, *ban_tmp;
6172 if (bs->quiesce_counter) {
6173 aio_disable_external(new_context);
6176 bs->aio_context = new_context;
6178 if (bs->drv && bs->drv->bdrv_attach_aio_context) {
6179 bs->drv->bdrv_attach_aio_context(bs, new_context);
6182 assert(!bs->walking_aio_notifiers);
6183 bs->walking_aio_notifiers = true;
6184 QLIST_FOREACH_SAFE(ban, &bs->aio_notifiers, list, ban_tmp) {
6186 bdrv_do_remove_aio_context_notifier(ban);
6188 ban->attached_aio_context(new_context, ban->opaque);
6191 bs->walking_aio_notifiers = false;
6195 * Changes the AioContext used for fd handlers, timers, and BHs by this
6196 * BlockDriverState and all its children and parents.
6198 * Must be called from the main AioContext.
6200 * The caller must own the AioContext lock for the old AioContext of bs, but it
6201 * must not own the AioContext lock for new_context (unless new_context is the
6202 * same as the current context of bs).
6204 * @ignore will accumulate all visited BdrvChild object. The caller is
6205 * responsible for freeing the list afterwards.
6207 void bdrv_set_aio_context_ignore(BlockDriverState *bs,
6208 AioContext *new_context, GSList **ignore)
6210 AioContext *old_context = bdrv_get_aio_context(bs);
6213 g_assert(qemu_get_current_aio_context() == qemu_get_aio_context());
6215 if (old_context == new_context) {
6219 bdrv_drained_begin(bs);
6221 QLIST_FOREACH(child, &bs->children, next) {
6222 if (g_slist_find(*ignore, child)) {
6225 *ignore = g_slist_prepend(*ignore, child);
6226 bdrv_set_aio_context_ignore(child->bs, new_context, ignore);
6228 QLIST_FOREACH(child, &bs->parents, next_parent) {
6229 if (g_slist_find(*ignore, child)) {
6232 assert(child->klass->set_aio_ctx);
6233 *ignore = g_slist_prepend(*ignore, child);
6234 child->klass->set_aio_ctx(child, new_context, ignore);
6237 bdrv_detach_aio_context(bs);
6239 /* Acquire the new context, if necessary */
6240 if (qemu_get_aio_context() != new_context) {
6241 aio_context_acquire(new_context);
6244 bdrv_attach_aio_context(bs, new_context);
6247 * If this function was recursively called from
6248 * bdrv_set_aio_context_ignore(), there may be nodes in the
6249 * subtree that have not yet been moved to the new AioContext.
6250 * Release the old one so bdrv_drained_end() can poll them.
6252 if (qemu_get_aio_context() != old_context) {
6253 aio_context_release(old_context);
6256 bdrv_drained_end(bs);
6258 if (qemu_get_aio_context() != old_context) {
6259 aio_context_acquire(old_context);
6261 if (qemu_get_aio_context() != new_context) {
6262 aio_context_release(new_context);
6266 static bool bdrv_parent_can_set_aio_context(BdrvChild *c, AioContext *ctx,
6267 GSList **ignore, Error **errp)
6269 if (g_slist_find(*ignore, c)) {
6272 *ignore = g_slist_prepend(*ignore, c);
6275 * A BdrvChildClass that doesn't handle AioContext changes cannot
6276 * tolerate any AioContext changes
6278 if (!c->klass->can_set_aio_ctx) {
6279 char *user = bdrv_child_user_desc(c);
6280 error_setg(errp, "Changing iothreads is not supported by %s", user);
6284 if (!c->klass->can_set_aio_ctx(c, ctx, ignore, errp)) {
6285 assert(!errp || *errp);
6291 bool bdrv_child_can_set_aio_context(BdrvChild *c, AioContext *ctx,
6292 GSList **ignore, Error **errp)
6294 if (g_slist_find(*ignore, c)) {
6297 *ignore = g_slist_prepend(*ignore, c);
6298 return bdrv_can_set_aio_context(c->bs, ctx, ignore, errp);
6301 /* @ignore will accumulate all visited BdrvChild object. The caller is
6302 * responsible for freeing the list afterwards. */
6303 bool bdrv_can_set_aio_context(BlockDriverState *bs, AioContext *ctx,
6304 GSList **ignore, Error **errp)
6308 if (bdrv_get_aio_context(bs) == ctx) {
6312 QLIST_FOREACH(c, &bs->parents, next_parent) {
6313 if (!bdrv_parent_can_set_aio_context(c, ctx, ignore, errp)) {
6317 QLIST_FOREACH(c, &bs->children, next) {
6318 if (!bdrv_child_can_set_aio_context(c, ctx, ignore, errp)) {
6326 int bdrv_child_try_set_aio_context(BlockDriverState *bs, AioContext *ctx,
6327 BdrvChild *ignore_child, Error **errp)
6332 ignore = ignore_child ? g_slist_prepend(NULL, ignore_child) : NULL;
6333 ret = bdrv_can_set_aio_context(bs, ctx, &ignore, errp);
6334 g_slist_free(ignore);
6340 ignore = ignore_child ? g_slist_prepend(NULL, ignore_child) : NULL;
6341 bdrv_set_aio_context_ignore(bs, ctx, &ignore);
6342 g_slist_free(ignore);
6347 int bdrv_try_set_aio_context(BlockDriverState *bs, AioContext *ctx,
6350 return bdrv_child_try_set_aio_context(bs, ctx, NULL, errp);
6353 void bdrv_add_aio_context_notifier(BlockDriverState *bs,
6354 void (*attached_aio_context)(AioContext *new_context, void *opaque),
6355 void (*detach_aio_context)(void *opaque), void *opaque)
6357 BdrvAioNotifier *ban = g_new(BdrvAioNotifier, 1);
6358 *ban = (BdrvAioNotifier){
6359 .attached_aio_context = attached_aio_context,
6360 .detach_aio_context = detach_aio_context,
6364 QLIST_INSERT_HEAD(&bs->aio_notifiers, ban, list);
6367 void bdrv_remove_aio_context_notifier(BlockDriverState *bs,
6368 void (*attached_aio_context)(AioContext *,
6370 void (*detach_aio_context)(void *),
6373 BdrvAioNotifier *ban, *ban_next;
6375 QLIST_FOREACH_SAFE(ban, &bs->aio_notifiers, list, ban_next) {
6376 if (ban->attached_aio_context == attached_aio_context &&
6377 ban->detach_aio_context == detach_aio_context &&
6378 ban->opaque == opaque &&
6379 ban->deleted == false)
6381 if (bs->walking_aio_notifiers) {
6382 ban->deleted = true;
6384 bdrv_do_remove_aio_context_notifier(ban);
6393 int bdrv_amend_options(BlockDriverState *bs, QemuOpts *opts,
6394 BlockDriverAmendStatusCB *status_cb, void *cb_opaque,
6398 error_setg(errp, "Node is ejected");
6401 if (!bs->drv->bdrv_amend_options) {
6402 error_setg(errp, "Block driver '%s' does not support option amendment",
6403 bs->drv->format_name);
6406 return bs->drv->bdrv_amend_options(bs, opts, status_cb, cb_opaque, errp);
6410 * This function checks whether the given @to_replace is allowed to be
6411 * replaced by a node that always shows the same data as @bs. This is
6412 * used for example to verify whether the mirror job can replace
6413 * @to_replace by the target mirrored from @bs.
6414 * To be replaceable, @bs and @to_replace may either be guaranteed to
6415 * always show the same data (because they are only connected through
6416 * filters), or some driver may allow replacing one of its children
6417 * because it can guarantee that this child's data is not visible at
6418 * all (for example, for dissenting quorum children that have no other
6421 bool bdrv_recurse_can_replace(BlockDriverState *bs,
6422 BlockDriverState *to_replace)
6424 if (!bs || !bs->drv) {
6428 if (bs == to_replace) {
6432 /* See what the driver can do */
6433 if (bs->drv->bdrv_recurse_can_replace) {
6434 return bs->drv->bdrv_recurse_can_replace(bs, to_replace);
6437 /* For filters without an own implementation, we can recurse on our own */
6438 if (bs->drv->is_filter) {
6439 BdrvChild *child = bs->file ?: bs->backing;
6440 return bdrv_recurse_can_replace(child->bs, to_replace);
6448 * Check whether the given @node_name can be replaced by a node that
6449 * has the same data as @parent_bs. If so, return @node_name's BDS;
6452 * @node_name must be a (recursive) *child of @parent_bs (or this
6453 * function will return NULL).
6455 * The result (whether the node can be replaced or not) is only valid
6456 * for as long as no graph or permission changes occur.
6458 BlockDriverState *check_to_replace_node(BlockDriverState *parent_bs,
6459 const char *node_name, Error **errp)
6461 BlockDriverState *to_replace_bs = bdrv_find_node(node_name);
6462 AioContext *aio_context;
6464 if (!to_replace_bs) {
6465 error_setg(errp, "Node name '%s' not found", node_name);
6469 aio_context = bdrv_get_aio_context(to_replace_bs);
6470 aio_context_acquire(aio_context);
6472 if (bdrv_op_is_blocked(to_replace_bs, BLOCK_OP_TYPE_REPLACE, errp)) {
6473 to_replace_bs = NULL;
6477 /* We don't want arbitrary node of the BDS chain to be replaced only the top
6478 * most non filter in order to prevent data corruption.
6479 * Another benefit is that this tests exclude backing files which are
6480 * blocked by the backing blockers.
6482 if (!bdrv_recurse_can_replace(parent_bs, to_replace_bs)) {
6483 error_setg(errp, "Cannot replace '%s' by a node mirrored from '%s', "
6484 "because it cannot be guaranteed that doing so would not "
6485 "lead to an abrupt change of visible data",
6486 node_name, parent_bs->node_name);
6487 to_replace_bs = NULL;
6492 aio_context_release(aio_context);
6493 return to_replace_bs;
6497 * Iterates through the list of runtime option keys that are said to
6498 * be "strong" for a BDS. An option is called "strong" if it changes
6499 * a BDS's data. For example, the null block driver's "size" and
6500 * "read-zeroes" options are strong, but its "latency-ns" option is
6503 * If a key returned by this function ends with a dot, all options
6504 * starting with that prefix are strong.
6506 static const char *const *strong_options(BlockDriverState *bs,
6507 const char *const *curopt)
6509 static const char *const global_options[] = {
6510 "driver", "filename", NULL
6514 return &global_options[0];
6518 if (curopt == &global_options[ARRAY_SIZE(global_options) - 1] && bs->drv) {
6519 curopt = bs->drv->strong_runtime_opts;
6522 return (curopt && *curopt) ? curopt : NULL;
6526 * Copies all strong runtime options from bs->options to the given
6527 * QDict. The set of strong option keys is determined by invoking
6530 * Returns true iff any strong option was present in bs->options (and
6531 * thus copied to the target QDict) with the exception of "filename"
6532 * and "driver". The caller is expected to use this value to decide
6533 * whether the existence of strong options prevents the generation of
6536 static bool append_strong_runtime_options(QDict *d, BlockDriverState *bs)
6538 bool found_any = false;
6539 const char *const *option_name = NULL;
6545 while ((option_name = strong_options(bs, option_name))) {
6546 bool option_given = false;
6548 assert(strlen(*option_name) > 0);
6549 if ((*option_name)[strlen(*option_name) - 1] != '.') {
6550 QObject *entry = qdict_get(bs->options, *option_name);
6555 qdict_put_obj(d, *option_name, qobject_ref(entry));
6556 option_given = true;
6558 const QDictEntry *entry;
6559 for (entry = qdict_first(bs->options); entry;
6560 entry = qdict_next(bs->options, entry))
6562 if (strstart(qdict_entry_key(entry), *option_name, NULL)) {
6563 qdict_put_obj(d, qdict_entry_key(entry),
6564 qobject_ref(qdict_entry_value(entry)));
6565 option_given = true;
6570 /* While "driver" and "filename" need to be included in a JSON filename,
6571 * their existence does not prohibit generation of a plain filename. */
6572 if (!found_any && option_given &&
6573 strcmp(*option_name, "driver") && strcmp(*option_name, "filename"))
6579 if (!qdict_haskey(d, "driver")) {
6580 /* Drivers created with bdrv_new_open_driver() may not have a
6581 * @driver option. Add it here. */
6582 qdict_put_str(d, "driver", bs->drv->format_name);
6588 /* Note: This function may return false positives; it may return true
6589 * even if opening the backing file specified by bs's image header
6590 * would result in exactly bs->backing. */
6591 static bool bdrv_backing_overridden(BlockDriverState *bs)
6594 return strcmp(bs->auto_backing_file,
6595 bs->backing->bs->filename);
6597 /* No backing BDS, so if the image header reports any backing
6598 * file, it must have been suppressed */
6599 return bs->auto_backing_file[0] != '\0';
6603 /* Updates the following BDS fields:
6604 * - exact_filename: A filename which may be used for opening a block device
6605 * which (mostly) equals the given BDS (even without any
6606 * other options; so reading and writing must return the same
6607 * results, but caching etc. may be different)
6608 * - full_open_options: Options which, when given when opening a block device
6609 * (without a filename), result in a BDS (mostly)
6610 * equalling the given one
6611 * - filename: If exact_filename is set, it is copied here. Otherwise,
6612 * full_open_options is converted to a JSON object, prefixed with
6613 * "json:" (for use through the JSON pseudo protocol) and put here.
6615 void bdrv_refresh_filename(BlockDriverState *bs)
6617 BlockDriver *drv = bs->drv;
6620 bool backing_overridden;
6621 bool generate_json_filename; /* Whether our default implementation should
6622 fill exact_filename (false) or not (true) */
6628 /* This BDS's file name may depend on any of its children's file names, so
6629 * refresh those first */
6630 QLIST_FOREACH(child, &bs->children, next) {
6631 bdrv_refresh_filename(child->bs);
6635 /* For implicit nodes, just copy everything from the single child */
6636 child = QLIST_FIRST(&bs->children);
6637 assert(QLIST_NEXT(child, next) == NULL);
6639 pstrcpy(bs->exact_filename, sizeof(bs->exact_filename),
6640 child->bs->exact_filename);
6641 pstrcpy(bs->filename, sizeof(bs->filename), child->bs->filename);
6643 qobject_unref(bs->full_open_options);
6644 bs->full_open_options = qobject_ref(child->bs->full_open_options);
6649 backing_overridden = bdrv_backing_overridden(bs);
6651 if (bs->open_flags & BDRV_O_NO_IO) {
6652 /* Without I/O, the backing file does not change anything.
6653 * Therefore, in such a case (primarily qemu-img), we can
6654 * pretend the backing file has not been overridden even if
6655 * it technically has been. */
6656 backing_overridden = false;
6659 /* Gather the options QDict */
6661 generate_json_filename = append_strong_runtime_options(opts, bs);
6662 generate_json_filename |= backing_overridden;
6664 if (drv->bdrv_gather_child_options) {
6665 /* Some block drivers may not want to present all of their children's
6666 * options, or name them differently from BdrvChild.name */
6667 drv->bdrv_gather_child_options(bs, opts, backing_overridden);
6669 QLIST_FOREACH(child, &bs->children, next) {
6670 if (child->klass == &child_backing && !backing_overridden) {
6671 /* We can skip the backing BDS if it has not been overridden */
6675 qdict_put(opts, child->name,
6676 qobject_ref(child->bs->full_open_options));
6679 if (backing_overridden && !bs->backing) {
6680 /* Force no backing file */
6681 qdict_put_null(opts, "backing");
6685 qobject_unref(bs->full_open_options);
6686 bs->full_open_options = opts;
6688 if (drv->bdrv_refresh_filename) {
6689 /* Obsolete information is of no use here, so drop the old file name
6690 * information before refreshing it */
6691 bs->exact_filename[0] = '\0';
6693 drv->bdrv_refresh_filename(bs);
6694 } else if (bs->file) {
6695 /* Try to reconstruct valid information from the underlying file */
6697 bs->exact_filename[0] = '\0';
6700 * We can use the underlying file's filename if:
6701 * - it has a filename,
6702 * - the file is a protocol BDS, and
6703 * - opening that file (as this BDS's format) will automatically create
6704 * the BDS tree we have right now, that is:
6705 * - the user did not significantly change this BDS's behavior with
6706 * some explicit (strong) options
6707 * - no non-file child of this BDS has been overridden by the user
6708 * Both of these conditions are represented by generate_json_filename.
6710 if (bs->file->bs->exact_filename[0] &&
6711 bs->file->bs->drv->bdrv_file_open &&
6712 !generate_json_filename)
6714 strcpy(bs->exact_filename, bs->file->bs->exact_filename);
6718 if (bs->exact_filename[0]) {
6719 pstrcpy(bs->filename, sizeof(bs->filename), bs->exact_filename);
6721 QString *json = qobject_to_json(QOBJECT(bs->full_open_options));
6722 snprintf(bs->filename, sizeof(bs->filename), "json:%s",
6723 qstring_get_str(json));
6724 qobject_unref(json);
6728 char *bdrv_dirname(BlockDriverState *bs, Error **errp)
6730 BlockDriver *drv = bs->drv;
6733 error_setg(errp, "Node '%s' is ejected", bs->node_name);
6737 if (drv->bdrv_dirname) {
6738 return drv->bdrv_dirname(bs, errp);
6742 return bdrv_dirname(bs->file->bs, errp);
6745 bdrv_refresh_filename(bs);
6746 if (bs->exact_filename[0] != '\0') {
6747 return path_combine(bs->exact_filename, "");
6750 error_setg(errp, "Cannot generate a base directory for %s nodes",
6756 * Hot add/remove a BDS's child. So the user can take a child offline when
6757 * it is broken and take a new child online
6759 void bdrv_add_child(BlockDriverState *parent_bs, BlockDriverState *child_bs,
6763 if (!parent_bs->drv || !parent_bs->drv->bdrv_add_child) {
6764 error_setg(errp, "The node %s does not support adding a child",
6765 bdrv_get_device_or_node_name(parent_bs));
6769 if (!QLIST_EMPTY(&child_bs->parents)) {
6770 error_setg(errp, "The node %s already has a parent",
6771 child_bs->node_name);
6775 parent_bs->drv->bdrv_add_child(parent_bs, child_bs, errp);
6778 void bdrv_del_child(BlockDriverState *parent_bs, BdrvChild *child, Error **errp)
6782 if (!parent_bs->drv || !parent_bs->drv->bdrv_del_child) {
6783 error_setg(errp, "The node %s does not support removing a child",
6784 bdrv_get_device_or_node_name(parent_bs));
6788 QLIST_FOREACH(tmp, &parent_bs->children, next) {
6795 error_setg(errp, "The node %s does not have a child named %s",
6796 bdrv_get_device_or_node_name(parent_bs),
6797 bdrv_get_device_or_node_name(child->bs));
6801 parent_bs->drv->bdrv_del_child(parent_bs, child, errp);
6804 int bdrv_make_empty(BdrvChild *c, Error **errp)
6806 BlockDriver *drv = c->bs->drv;
6809 assert(c->perm & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED));
6811 if (!drv->bdrv_make_empty) {
6812 error_setg(errp, "%s does not support emptying nodes",
6817 ret = drv->bdrv_make_empty(c->bs);
6819 error_setg_errno(errp, -ret, "Failed to empty %s",
projects / qemu.git / blob