ahci: fix buffer overrun on invalid state load
[qemu.git] / block / mirror.c
blob1c38aa8f7700250fb2fa4201d21b96cdac201b16
1 /*
2 * Image mirroring
4 * Copyright Red Hat, Inc. 2012
6 * Authors:
7 * Paolo Bonzini <pbonzini@redhat.com>
9 * This work is licensed under the terms of the GNU LGPL, version 2 or later.
10 * See the COPYING.LIB file in the top-level directory.
14 #include "trace.h"
15 #include "block/blockjob.h"
16 #include "block/block_int.h"
17 #include "qemu/ratelimit.h"
18 #include "qemu/bitmap.h"
20 #define SLICE_TIME 100000000ULL /* ns */
21 #define MAX_IN_FLIGHT 16
23 /* The mirroring buffer is a list of granularity-sized chunks.
24 * Free chunks are organized in a list.
26 typedef struct MirrorBuffer {
27 QSIMPLEQ_ENTRY(MirrorBuffer) next;
28 } MirrorBuffer;
30 typedef struct MirrorBlockJob {
31 BlockJob common;
32 RateLimit limit;
33 BlockDriverState *target;
34 BlockDriverState *base;
35 bool is_none_mode;
36 BlockdevOnError on_source_error, on_target_error;
37 bool synced;
38 bool should_complete;
39 int64_t sector_num;
40 int64_t granularity;
41 size_t buf_size;
42 unsigned long *cow_bitmap;
43 BdrvDirtyBitmap *dirty_bitmap;
44 HBitmapIter hbi;
45 uint8_t *buf;
46 QSIMPLEQ_HEAD(, MirrorBuffer) buf_free;
47 int buf_free_count;
49 unsigned long *in_flight_bitmap;
50 int in_flight;
51 int ret;
52 } MirrorBlockJob;
54 typedef struct MirrorOp {
55 MirrorBlockJob *s;
56 QEMUIOVector qiov;
57 int64_t sector_num;
58 int nb_sectors;
59 } MirrorOp;
61 static BlockErrorAction mirror_error_action(MirrorBlockJob *s, bool read,
62 int error)
64 s->synced = false;
65 if (read) {
66 return block_job_error_action(&s->common, s->common.bs,
67 s->on_source_error, true, error);
68 } else {
69 return block_job_error_action(&s->common, s->target,
70 s->on_target_error, false, error);
74 static void mirror_iteration_done(MirrorOp *op, int ret)
76 MirrorBlockJob *s = op->s;
77 struct iovec *iov;
78 int64_t chunk_num;
79 int i, nb_chunks, sectors_per_chunk;
81 trace_mirror_iteration_done(s, op->sector_num, op->nb_sectors, ret);
83 s->in_flight--;
84 iov = op->qiov.iov;
85 for (i = 0; i < op->qiov.niov; i++) {
86 MirrorBuffer *buf = (MirrorBuffer *) iov[i].iov_base;
87 QSIMPLEQ_INSERT_TAIL(&s->buf_free, buf, next);
88 s->buf_free_count++;
91 sectors_per_chunk = s->granularity >> BDRV_SECTOR_BITS;
92 chunk_num = op->sector_num / sectors_per_chunk;
93 nb_chunks = op->nb_sectors / sectors_per_chunk;
94 bitmap_clear(s->in_flight_bitmap, chunk_num, nb_chunks);
95 if (s->cow_bitmap && ret >= 0) {
96 bitmap_set(s->cow_bitmap, chunk_num, nb_chunks);
99 qemu_iovec_destroy(&op->qiov);
100 g_slice_free(MirrorOp, op);
102 /* Enter coroutine when it is not sleeping. The coroutine sleeps to
103 * rate-limit itself. The coroutine will eventually resume since there is
104 * a sleep timeout so don't wake it early.
106 if (s->common.busy) {
107 qemu_coroutine_enter(s->common.co, NULL);
111 static void mirror_write_complete(void *opaque, int ret)
113 MirrorOp *op = opaque;
114 MirrorBlockJob *s = op->s;
115 if (ret < 0) {
116 BlockDriverState *source = s->common.bs;
117 BlockErrorAction action;
119 bdrv_set_dirty(source, op->sector_num, op->nb_sectors);
120 action = mirror_error_action(s, false, -ret);
121 if (action == BDRV_ACTION_REPORT && s->ret >= 0) {
122 s->ret = ret;
125 mirror_iteration_done(op, ret);
128 static void mirror_read_complete(void *opaque, int ret)
130 MirrorOp *op = opaque;
131 MirrorBlockJob *s = op->s;
132 if (ret < 0) {
133 BlockDriverState *source = s->common.bs;
134 BlockErrorAction action;
136 bdrv_set_dirty(source, op->sector_num, op->nb_sectors);
137 action = mirror_error_action(s, true, -ret);
138 if (action == BDRV_ACTION_REPORT && s->ret >= 0) {
139 s->ret = ret;
142 mirror_iteration_done(op, ret);
143 return;
145 bdrv_aio_writev(s->target, op->sector_num, &op->qiov, op->nb_sectors,
146 mirror_write_complete, op);
149 static uint64_t coroutine_fn mirror_iteration(MirrorBlockJob *s)
151 BlockDriverState *source = s->common.bs;
152 int nb_sectors, sectors_per_chunk, nb_chunks;
153 int64_t end, sector_num, next_chunk, next_sector, hbitmap_next_sector;
154 uint64_t delay_ns;
155 MirrorOp *op;
157 s->sector_num = hbitmap_iter_next(&s->hbi);
158 if (s->sector_num < 0) {
159 bdrv_dirty_iter_init(source, s->dirty_bitmap, &s->hbi);
160 s->sector_num = hbitmap_iter_next(&s->hbi);
161 trace_mirror_restart_iter(s,
162 bdrv_get_dirty_count(source, s->dirty_bitmap));
163 assert(s->sector_num >= 0);
166 hbitmap_next_sector = s->sector_num;
167 sector_num = s->sector_num;
168 sectors_per_chunk = s->granularity >> BDRV_SECTOR_BITS;
169 end = s->common.len >> BDRV_SECTOR_BITS;
171 /* Extend the QEMUIOVector to include all adjacent blocks that will
172 * be copied in this operation.
174 * We have to do this if we have no backing file yet in the destination,
175 * and the cluster size is very large. Then we need to do COW ourselves.
176 * The first time a cluster is copied, copy it entirely. Note that,
177 * because both the granularity and the cluster size are powers of two,
178 * the number of sectors to copy cannot exceed one cluster.
180 * We also want to extend the QEMUIOVector to include more adjacent
181 * dirty blocks if possible, to limit the number of I/O operations and
182 * run efficiently even with a small granularity.
184 nb_chunks = 0;
185 nb_sectors = 0;
186 next_sector = sector_num;
187 next_chunk = sector_num / sectors_per_chunk;
189 /* Wait for I/O to this cluster (from a previous iteration) to be done. */
190 while (test_bit(next_chunk, s->in_flight_bitmap)) {
191 trace_mirror_yield_in_flight(s, sector_num, s->in_flight);
192 qemu_coroutine_yield();
195 do {
196 int added_sectors, added_chunks;
198 if (!bdrv_get_dirty(source, s->dirty_bitmap, next_sector) ||
199 test_bit(next_chunk, s->in_flight_bitmap)) {
200 assert(nb_sectors > 0);
201 break;
204 added_sectors = sectors_per_chunk;
205 if (s->cow_bitmap && !test_bit(next_chunk, s->cow_bitmap)) {
206 bdrv_round_to_clusters(s->target,
207 next_sector, added_sectors,
208 &next_sector, &added_sectors);
210 /* On the first iteration, the rounding may make us copy
211 * sectors before the first dirty one.
213 if (next_sector < sector_num) {
214 assert(nb_sectors == 0);
215 sector_num = next_sector;
216 next_chunk = next_sector / sectors_per_chunk;
220 added_sectors = MIN(added_sectors, end - (sector_num + nb_sectors));
221 added_chunks = (added_sectors + sectors_per_chunk - 1) / sectors_per_chunk;
223 /* When doing COW, it may happen that there is not enough space for
224 * a full cluster. Wait if that is the case.
226 while (nb_chunks == 0 && s->buf_free_count < added_chunks) {
227 trace_mirror_yield_buf_busy(s, nb_chunks, s->in_flight);
228 qemu_coroutine_yield();
230 if (s->buf_free_count < nb_chunks + added_chunks) {
231 trace_mirror_break_buf_busy(s, nb_chunks, s->in_flight);
232 break;
235 /* We have enough free space to copy these sectors. */
236 bitmap_set(s->in_flight_bitmap, next_chunk, added_chunks);
238 nb_sectors += added_sectors;
239 nb_chunks += added_chunks;
240 next_sector += added_sectors;
241 next_chunk += added_chunks;
242 if (!s->synced && s->common.speed) {
243 delay_ns = ratelimit_calculate_delay(&s->limit, added_sectors);
244 } else {
245 delay_ns = 0;
247 } while (delay_ns == 0 && next_sector < end);
249 /* Allocate a MirrorOp that is used as an AIO callback. */
250 op = g_slice_new(MirrorOp);
251 op->s = s;
252 op->sector_num = sector_num;
253 op->nb_sectors = nb_sectors;
255 /* Now make a QEMUIOVector taking enough granularity-sized chunks
256 * from s->buf_free.
258 qemu_iovec_init(&op->qiov, nb_chunks);
259 next_sector = sector_num;
260 while (nb_chunks-- > 0) {
261 MirrorBuffer *buf = QSIMPLEQ_FIRST(&s->buf_free);
262 QSIMPLEQ_REMOVE_HEAD(&s->buf_free, next);
263 s->buf_free_count--;
264 qemu_iovec_add(&op->qiov, buf, s->granularity);
266 /* Advance the HBitmapIter in parallel, so that we do not examine
267 * the same sector twice.
269 if (next_sector > hbitmap_next_sector
270 && bdrv_get_dirty(source, s->dirty_bitmap, next_sector)) {
271 hbitmap_next_sector = hbitmap_iter_next(&s->hbi);
274 next_sector += sectors_per_chunk;
277 bdrv_reset_dirty(source, sector_num, nb_sectors);
279 /* Copy the dirty cluster. */
280 s->in_flight++;
281 trace_mirror_one_iteration(s, sector_num, nb_sectors);
282 bdrv_aio_readv(source, sector_num, &op->qiov, nb_sectors,
283 mirror_read_complete, op);
284 return delay_ns;
287 static void mirror_free_init(MirrorBlockJob *s)
289 int granularity = s->granularity;
290 size_t buf_size = s->buf_size;
291 uint8_t *buf = s->buf;
293 assert(s->buf_free_count == 0);
294 QSIMPLEQ_INIT(&s->buf_free);
295 while (buf_size != 0) {
296 MirrorBuffer *cur = (MirrorBuffer *)buf;
297 QSIMPLEQ_INSERT_TAIL(&s->buf_free, cur, next);
298 s->buf_free_count++;
299 buf_size -= granularity;
300 buf += granularity;
304 static void mirror_drain(MirrorBlockJob *s)
306 while (s->in_flight > 0) {
307 qemu_coroutine_yield();
311 static void coroutine_fn mirror_run(void *opaque)
313 MirrorBlockJob *s = opaque;
314 BlockDriverState *bs = s->common.bs;
315 int64_t sector_num, end, sectors_per_chunk, length;
316 uint64_t last_pause_ns;
317 BlockDriverInfo bdi;
318 char backing_filename[1024];
319 int ret = 0;
320 int n;
322 if (block_job_is_cancelled(&s->common)) {
323 goto immediate_exit;
326 s->common.len = bdrv_getlength(bs);
327 if (s->common.len <= 0) {
328 ret = s->common.len;
329 goto immediate_exit;
332 length = DIV_ROUND_UP(s->common.len, s->granularity);
333 s->in_flight_bitmap = bitmap_new(length);
335 /* If we have no backing file yet in the destination, we cannot let
336 * the destination do COW. Instead, we copy sectors around the
337 * dirty data if needed. We need a bitmap to do that.
339 bdrv_get_backing_filename(s->target, backing_filename,
340 sizeof(backing_filename));
341 if (backing_filename[0] && !s->target->backing_hd) {
342 ret = bdrv_get_info(s->target, &bdi);
343 if (ret < 0) {
344 goto immediate_exit;
346 if (s->granularity < bdi.cluster_size) {
347 s->buf_size = MAX(s->buf_size, bdi.cluster_size);
348 s->cow_bitmap = bitmap_new(length);
352 end = s->common.len >> BDRV_SECTOR_BITS;
353 s->buf = qemu_blockalign(bs, s->buf_size);
354 sectors_per_chunk = s->granularity >> BDRV_SECTOR_BITS;
355 mirror_free_init(s);
357 if (!s->is_none_mode) {
358 /* First part, loop on the sectors and initialize the dirty bitmap. */
359 BlockDriverState *base = s->base;
360 for (sector_num = 0; sector_num < end; ) {
361 int64_t next = (sector_num | (sectors_per_chunk - 1)) + 1;
362 ret = bdrv_is_allocated_above(bs, base,
363 sector_num, next - sector_num, &n);
365 if (ret < 0) {
366 goto immediate_exit;
369 assert(n > 0);
370 if (ret == 1) {
371 bdrv_set_dirty(bs, sector_num, n);
372 sector_num = next;
373 } else {
374 sector_num += n;
379 bdrv_dirty_iter_init(bs, s->dirty_bitmap, &s->hbi);
380 last_pause_ns = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
381 for (;;) {
382 uint64_t delay_ns = 0;
383 int64_t cnt;
384 bool should_complete;
386 if (s->ret < 0) {
387 ret = s->ret;
388 goto immediate_exit;
391 cnt = bdrv_get_dirty_count(bs, s->dirty_bitmap);
393 /* Note that even when no rate limit is applied we need to yield
394 * periodically with no pending I/O so that qemu_aio_flush() returns.
395 * We do so every SLICE_TIME nanoseconds, or when there is an error,
396 * or when the source is clean, whichever comes first.
398 if (qemu_clock_get_ns(QEMU_CLOCK_REALTIME) - last_pause_ns < SLICE_TIME &&
399 s->common.iostatus == BLOCK_DEVICE_IO_STATUS_OK) {
400 if (s->in_flight == MAX_IN_FLIGHT || s->buf_free_count == 0 ||
401 (cnt == 0 && s->in_flight > 0)) {
402 trace_mirror_yield(s, s->in_flight, s->buf_free_count, cnt);
403 qemu_coroutine_yield();
404 continue;
405 } else if (cnt != 0) {
406 delay_ns = mirror_iteration(s);
407 if (delay_ns == 0) {
408 continue;
413 should_complete = false;
414 if (s->in_flight == 0 && cnt == 0) {
415 trace_mirror_before_flush(s);
416 ret = bdrv_flush(s->target);
417 if (ret < 0) {
418 if (mirror_error_action(s, false, -ret) == BDRV_ACTION_REPORT) {
419 goto immediate_exit;
421 } else {
422 /* We're out of the streaming phase. From now on, if the job
423 * is cancelled we will actually complete all pending I/O and
424 * report completion. This way, block-job-cancel will leave
425 * the target in a consistent state.
427 s->common.offset = end * BDRV_SECTOR_SIZE;
428 if (!s->synced) {
429 block_job_ready(&s->common);
430 s->synced = true;
433 should_complete = s->should_complete ||
434 block_job_is_cancelled(&s->common);
435 cnt = bdrv_get_dirty_count(bs, s->dirty_bitmap);
439 if (cnt == 0 && should_complete) {
440 /* The dirty bitmap is not updated while operations are pending.
441 * If we're about to exit, wait for pending operations before
442 * calling bdrv_get_dirty_count(bs), or we may exit while the
443 * source has dirty data to copy!
445 * Note that I/O can be submitted by the guest while
446 * mirror_populate runs.
448 trace_mirror_before_drain(s, cnt);
449 bdrv_drain_all();
450 cnt = bdrv_get_dirty_count(bs, s->dirty_bitmap);
453 ret = 0;
454 trace_mirror_before_sleep(s, cnt, s->synced, delay_ns);
455 if (!s->synced) {
456 /* Publish progress */
457 s->common.offset = (end - cnt) * BDRV_SECTOR_SIZE;
458 block_job_sleep_ns(&s->common, QEMU_CLOCK_REALTIME, delay_ns);
459 if (block_job_is_cancelled(&s->common)) {
460 break;
462 } else if (!should_complete) {
463 delay_ns = (s->in_flight == 0 && cnt == 0 ? SLICE_TIME : 0);
464 block_job_sleep_ns(&s->common, QEMU_CLOCK_REALTIME, delay_ns);
465 } else if (cnt == 0) {
466 /* The two disks are in sync. Exit and report successful
467 * completion.
469 assert(QLIST_EMPTY(&bs->tracked_requests));
470 s->common.cancelled = false;
471 break;
473 last_pause_ns = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
476 immediate_exit:
477 if (s->in_flight > 0) {
478 /* We get here only if something went wrong. Either the job failed,
479 * or it was cancelled prematurely so that we do not guarantee that
480 * the target is a copy of the source.
482 assert(ret < 0 || (!s->synced && block_job_is_cancelled(&s->common)));
483 mirror_drain(s);
486 assert(s->in_flight == 0);
487 qemu_vfree(s->buf);
488 g_free(s->cow_bitmap);
489 g_free(s->in_flight_bitmap);
490 bdrv_release_dirty_bitmap(bs, s->dirty_bitmap);
491 bdrv_iostatus_disable(s->target);
492 if (s->should_complete && ret == 0) {
493 if (bdrv_get_flags(s->target) != bdrv_get_flags(s->common.bs)) {
494 bdrv_reopen(s->target, bdrv_get_flags(s->common.bs), NULL);
496 bdrv_swap(s->target, s->common.bs);
497 if (s->common.driver->job_type == BLOCK_JOB_TYPE_COMMIT) {
498 /* drop the bs loop chain formed by the swap: break the loop then
499 * trigger the unref from the top one */
500 BlockDriverState *p = s->base->backing_hd;
501 s->base->backing_hd = NULL;
502 bdrv_unref(p);
505 bdrv_unref(s->target);
506 block_job_completed(&s->common, ret);
509 static void mirror_set_speed(BlockJob *job, int64_t speed, Error **errp)
511 MirrorBlockJob *s = container_of(job, MirrorBlockJob, common);
513 if (speed < 0) {
514 error_set(errp, QERR_INVALID_PARAMETER, "speed");
515 return;
517 ratelimit_set_speed(&s->limit, speed / BDRV_SECTOR_SIZE, SLICE_TIME);
520 static void mirror_iostatus_reset(BlockJob *job)
522 MirrorBlockJob *s = container_of(job, MirrorBlockJob, common);
524 bdrv_iostatus_reset(s->target);
527 static void mirror_complete(BlockJob *job, Error **errp)
529 MirrorBlockJob *s = container_of(job, MirrorBlockJob, common);
530 Error *local_err = NULL;
531 int ret;
533 ret = bdrv_open_backing_file(s->target, NULL, &local_err);
534 if (ret < 0) {
535 error_propagate(errp, local_err);
536 return;
538 if (!s->synced) {
539 error_set(errp, QERR_BLOCK_JOB_NOT_READY, job->bs->device_name);
540 return;
543 s->should_complete = true;
544 block_job_resume(job);
547 static const BlockJobDriver mirror_job_driver = {
548 .instance_size = sizeof(MirrorBlockJob),
549 .job_type = BLOCK_JOB_TYPE_MIRROR,
550 .set_speed = mirror_set_speed,
551 .iostatus_reset= mirror_iostatus_reset,
552 .complete = mirror_complete,
555 static const BlockJobDriver commit_active_job_driver = {
556 .instance_size = sizeof(MirrorBlockJob),
557 .job_type = BLOCK_JOB_TYPE_COMMIT,
558 .set_speed = mirror_set_speed,
559 .iostatus_reset
560 = mirror_iostatus_reset,
561 .complete = mirror_complete,
564 static void mirror_start_job(BlockDriverState *bs, BlockDriverState *target,
565 int64_t speed, int64_t granularity,
566 int64_t buf_size,
567 BlockdevOnError on_source_error,
568 BlockdevOnError on_target_error,
569 BlockDriverCompletionFunc *cb,
570 void *opaque, Error **errp,
571 const BlockJobDriver *driver,
572 bool is_none_mode, BlockDriverState *base)
574 MirrorBlockJob *s;
576 if (granularity == 0) {
577 /* Choose the default granularity based on the target file's cluster
578 * size, clamped between 4k and 64k. */
579 BlockDriverInfo bdi;
580 if (bdrv_get_info(target, &bdi) >= 0 && bdi.cluster_size != 0) {
581 granularity = MAX(4096, bdi.cluster_size);
582 granularity = MIN(65536, granularity);
583 } else {
584 granularity = 65536;
588 assert ((granularity & (granularity - 1)) == 0);
590 if ((on_source_error == BLOCKDEV_ON_ERROR_STOP ||
591 on_source_error == BLOCKDEV_ON_ERROR_ENOSPC) &&
592 !bdrv_iostatus_is_enabled(bs)) {
593 error_set(errp, QERR_INVALID_PARAMETER, "on-source-error");
594 return;
598 s = block_job_create(driver, bs, speed, cb, opaque, errp);
599 if (!s) {
600 return;
603 s->on_source_error = on_source_error;
604 s->on_target_error = on_target_error;
605 s->target = target;
606 s->is_none_mode = is_none_mode;
607 s->base = base;
608 s->granularity = granularity;
609 s->buf_size = MAX(buf_size, granularity);
611 s->dirty_bitmap = bdrv_create_dirty_bitmap(bs, granularity, errp);
612 if (!s->dirty_bitmap) {
613 return;
615 bdrv_set_enable_write_cache(s->target, true);
616 bdrv_set_on_error(s->target, on_target_error, on_target_error);
617 bdrv_iostatus_enable(s->target);
618 s->common.co = qemu_coroutine_create(mirror_run);
619 trace_mirror_start(bs, s, s->common.co, opaque);
620 qemu_coroutine_enter(s->common.co, s);
623 void mirror_start(BlockDriverState *bs, BlockDriverState *target,
624 int64_t speed, int64_t granularity, int64_t buf_size,
625 MirrorSyncMode mode, BlockdevOnError on_source_error,
626 BlockdevOnError on_target_error,
627 BlockDriverCompletionFunc *cb,
628 void *opaque, Error **errp)
630 bool is_none_mode;
631 BlockDriverState *base;
633 is_none_mode = mode == MIRROR_SYNC_MODE_NONE;
634 base = mode == MIRROR_SYNC_MODE_TOP ? bs->backing_hd : NULL;
635 mirror_start_job(bs, target, speed, granularity, buf_size,
636 on_source_error, on_target_error, cb, opaque, errp,
637 &mirror_job_driver, is_none_mode, base);
640 void commit_active_start(BlockDriverState *bs, BlockDriverState *base,
641 int64_t speed,
642 BlockdevOnError on_error,
643 BlockDriverCompletionFunc *cb,
644 void *opaque, Error **errp)
646 int64_t length, base_length;
647 int orig_base_flags;
648 int ret;
649 Error *local_err = NULL;
651 orig_base_flags = bdrv_get_flags(base);
653 if (bdrv_reopen(base, bs->open_flags, errp)) {
654 return;
657 length = bdrv_getlength(bs);
658 if (length < 0) {
659 error_setg_errno(errp, -length,
660 "Unable to determine length of %s", bs->filename);
661 goto error_restore_flags;
664 base_length = bdrv_getlength(base);
665 if (base_length < 0) {
666 error_setg_errno(errp, -base_length,
667 "Unable to determine length of %s", base->filename);
668 goto error_restore_flags;
671 if (length > base_length) {
672 ret = bdrv_truncate(base, length);
673 if (ret < 0) {
674 error_setg_errno(errp, -ret,
675 "Top image %s is larger than base image %s, and "
676 "resize of base image failed",
677 bs->filename, base->filename);
678 goto error_restore_flags;
682 bdrv_ref(base);
683 mirror_start_job(bs, base, speed, 0, 0,
684 on_error, on_error, cb, opaque, &local_err,
685 &commit_active_job_driver, false, base);
686 if (local_err) {
687 error_propagate(errp, local_err);
688 goto error_restore_flags;
691 return;
693 error_restore_flags:
694 /* ignore error and errp for bdrv_reopen, because we want to propagate
695 * the original error */
696 bdrv_reopen(base, orig_base_flags, NULL);
697 return;