2 * Block driver for the QCOW version 2 format
4 * Copyright (c) 2004-2006 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
28 #include "crypto/cipher.h"
29 #include "qemu/coroutine.h"
32 //#define DEBUG_ALLOC2
35 #define QCOW_MAGIC (('Q' << 24) | ('F' << 16) | ('I' << 8) | 0xfb)
37 #define QCOW_CRYPT_NONE 0
38 #define QCOW_CRYPT_AES 1
40 #define QCOW_MAX_CRYPT_CLUSTERS 32
41 #define QCOW_MAX_SNAPSHOTS 65536
43 /* 8 MB refcount table is enough for 2 PB images at 64k cluster size
44 * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */
45 #define QCOW_MAX_REFTABLE_SIZE 0x800000
47 /* 32 MB L1 table is enough for 2 PB images at 64k cluster size
48 * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */
49 #define QCOW_MAX_L1_SIZE 0x2000000
51 /* Allow for an average of 1k per snapshot table entry, should be plenty of
52 * space for snapshot names and IDs */
53 #define QCOW_MAX_SNAPSHOTS_SIZE (1024 * QCOW_MAX_SNAPSHOTS)
55 /* indicate that the refcount of the referenced cluster is exactly one. */
56 #define QCOW_OFLAG_COPIED (1ULL << 63)
57 /* indicate that the cluster is compressed (they never have the copied flag) */
58 #define QCOW_OFLAG_COMPRESSED (1ULL << 62)
59 /* The cluster reads as all zeros */
60 #define QCOW_OFLAG_ZERO (1ULL << 0)
62 #define MIN_CLUSTER_BITS 9
63 #define MAX_CLUSTER_BITS 21
65 /* Must be at least 2 to cover COW */
66 #define MIN_L2_CACHE_SIZE 2 /* clusters */
68 /* Must be at least 4 to cover all cases of refcount table growth */
69 #define MIN_REFCOUNT_CACHE_SIZE 4 /* clusters */
71 /* Whichever is more */
72 #define DEFAULT_L2_CACHE_CLUSTERS 8 /* clusters */
73 #define DEFAULT_L2_CACHE_BYTE_SIZE 1048576 /* bytes */
75 /* The refblock cache needs only a fourth of the L2 cache size to cover as many
77 #define DEFAULT_L2_REFCOUNT_SIZE_RATIO 4
79 #define DEFAULT_CLUSTER_SIZE 65536
82 #define QCOW2_OPT_LAZY_REFCOUNTS "lazy-refcounts"
83 #define QCOW2_OPT_DISCARD_REQUEST "pass-discard-request"
84 #define QCOW2_OPT_DISCARD_SNAPSHOT "pass-discard-snapshot"
85 #define QCOW2_OPT_DISCARD_OTHER "pass-discard-other"
86 #define QCOW2_OPT_OVERLAP "overlap-check"
87 #define QCOW2_OPT_OVERLAP_TEMPLATE "overlap-check.template"
88 #define QCOW2_OPT_OVERLAP_MAIN_HEADER "overlap-check.main-header"
89 #define QCOW2_OPT_OVERLAP_ACTIVE_L1 "overlap-check.active-l1"
90 #define QCOW2_OPT_OVERLAP_ACTIVE_L2 "overlap-check.active-l2"
91 #define QCOW2_OPT_OVERLAP_REFCOUNT_TABLE "overlap-check.refcount-table"
92 #define QCOW2_OPT_OVERLAP_REFCOUNT_BLOCK "overlap-check.refcount-block"
93 #define QCOW2_OPT_OVERLAP_SNAPSHOT_TABLE "overlap-check.snapshot-table"
94 #define QCOW2_OPT_OVERLAP_INACTIVE_L1 "overlap-check.inactive-l1"
95 #define QCOW2_OPT_OVERLAP_INACTIVE_L2 "overlap-check.inactive-l2"
96 #define QCOW2_OPT_CACHE_SIZE "cache-size"
97 #define QCOW2_OPT_L2_CACHE_SIZE "l2-cache-size"
98 #define QCOW2_OPT_REFCOUNT_CACHE_SIZE "refcount-cache-size"
99 #define QCOW2_OPT_CACHE_CLEAN_INTERVAL "cache-clean-interval"
101 typedef struct QCowHeader
{
104 uint64_t backing_file_offset
;
105 uint32_t backing_file_size
;
106 uint32_t cluster_bits
;
107 uint64_t size
; /* in bytes */
108 uint32_t crypt_method
;
109 uint32_t l1_size
; /* XXX: save number of clusters instead ? */
110 uint64_t l1_table_offset
;
111 uint64_t refcount_table_offset
;
112 uint32_t refcount_table_clusters
;
113 uint32_t nb_snapshots
;
114 uint64_t snapshots_offset
;
116 /* The following fields are only valid for version >= 3 */
117 uint64_t incompatible_features
;
118 uint64_t compatible_features
;
119 uint64_t autoclear_features
;
121 uint32_t refcount_order
;
122 uint32_t header_length
;
123 } QEMU_PACKED QCowHeader
;
125 typedef struct QEMU_PACKED QCowSnapshotHeader
{
126 /* header is 8 byte aligned */
127 uint64_t l1_table_offset
;
130 uint16_t id_str_size
;
136 uint64_t vm_clock_nsec
;
138 uint32_t vm_state_size
;
139 uint32_t extra_data_size
; /* for extension */
140 /* extra data follows */
143 } QCowSnapshotHeader
;
145 typedef struct QEMU_PACKED QCowSnapshotExtraData
{
146 uint64_t vm_state_size_large
;
148 } QCowSnapshotExtraData
;
151 typedef struct QCowSnapshot
{
152 uint64_t l1_table_offset
;
157 uint64_t vm_state_size
;
160 uint64_t vm_clock_nsec
;
164 typedef struct Qcow2Cache Qcow2Cache
;
166 typedef struct Qcow2UnknownHeaderExtension
{
169 QLIST_ENTRY(Qcow2UnknownHeaderExtension
) next
;
171 } Qcow2UnknownHeaderExtension
;
174 QCOW2_FEAT_TYPE_INCOMPATIBLE
= 0,
175 QCOW2_FEAT_TYPE_COMPATIBLE
= 1,
176 QCOW2_FEAT_TYPE_AUTOCLEAR
= 2,
179 /* Incompatible feature bits */
181 QCOW2_INCOMPAT_DIRTY_BITNR
= 0,
182 QCOW2_INCOMPAT_CORRUPT_BITNR
= 1,
183 QCOW2_INCOMPAT_DIRTY
= 1 << QCOW2_INCOMPAT_DIRTY_BITNR
,
184 QCOW2_INCOMPAT_CORRUPT
= 1 << QCOW2_INCOMPAT_CORRUPT_BITNR
,
186 QCOW2_INCOMPAT_MASK
= QCOW2_INCOMPAT_DIRTY
187 | QCOW2_INCOMPAT_CORRUPT
,
190 /* Compatible feature bits */
192 QCOW2_COMPAT_LAZY_REFCOUNTS_BITNR
= 0,
193 QCOW2_COMPAT_LAZY_REFCOUNTS
= 1 << QCOW2_COMPAT_LAZY_REFCOUNTS_BITNR
,
195 QCOW2_COMPAT_FEAT_MASK
= QCOW2_COMPAT_LAZY_REFCOUNTS
,
198 enum qcow2_discard_type
{
199 QCOW2_DISCARD_NEVER
= 0,
200 QCOW2_DISCARD_ALWAYS
,
201 QCOW2_DISCARD_REQUEST
,
202 QCOW2_DISCARD_SNAPSHOT
,
207 typedef struct Qcow2Feature
{
211 } QEMU_PACKED Qcow2Feature
;
213 typedef struct Qcow2DiscardRegion
{
214 BlockDriverState
*bs
;
217 QTAILQ_ENTRY(Qcow2DiscardRegion
) next
;
218 } Qcow2DiscardRegion
;
220 typedef uint64_t Qcow2GetRefcountFunc(const void *refcount_array
,
222 typedef void Qcow2SetRefcountFunc(void *refcount_array
,
223 uint64_t index
, uint64_t value
);
225 typedef struct BDRVQcow2State
{
232 int l1_vm_state_index
;
233 int refcount_block_bits
;
234 int refcount_block_size
;
237 uint64_t cluster_offset_mask
;
238 uint64_t l1_table_offset
;
241 Qcow2Cache
* l2_table_cache
;
242 Qcow2Cache
* refcount_block_cache
;
243 QEMUTimer
*cache_clean_timer
;
244 unsigned cache_clean_interval
;
246 uint8_t *cluster_cache
;
247 uint8_t *cluster_data
;
248 uint64_t cluster_cache_offset
;
249 QLIST_HEAD(QCowClusterAlloc
, QCowL2Meta
) cluster_allocs
;
251 uint64_t *refcount_table
;
252 uint64_t refcount_table_offset
;
253 uint32_t refcount_table_size
;
254 uint64_t free_cluster_index
;
255 uint64_t free_byte_offset
;
259 QCryptoCipher
*cipher
; /* current cipher, NULL if no key yet */
260 uint32_t crypt_method_header
;
261 uint64_t snapshots_offset
;
263 unsigned int nb_snapshots
;
264 QCowSnapshot
*snapshots
;
268 bool use_lazy_refcounts
;
271 uint64_t refcount_max
;
273 Qcow2GetRefcountFunc
*get_refcount
;
274 Qcow2SetRefcountFunc
*set_refcount
;
276 bool discard_passthrough
[QCOW2_DISCARD_MAX
];
278 int overlap_check
; /* bitmask of Qcow2MetadataOverlap values */
279 bool signaled_corruption
;
281 uint64_t incompatible_features
;
282 uint64_t compatible_features
;
283 uint64_t autoclear_features
;
285 size_t unknown_header_fields_size
;
286 void* unknown_header_fields
;
287 QLIST_HEAD(, Qcow2UnknownHeaderExtension
) unknown_header_ext
;
288 QTAILQ_HEAD (, Qcow2DiscardRegion
) discards
;
291 /* Backing file path and format as stored in the image (this is not the
292 * effective path/format, which may be the result of a runtime option
294 char *image_backing_file
;
295 char *image_backing_format
;
298 typedef struct Qcow2COWRegion
{
300 * Offset of the COW region in bytes from the start of the first cluster
301 * touched by the request.
305 /** Number of bytes to copy */
310 * Describes an in-flight (part of a) write request that writes to clusters
311 * that are not referenced in their L2 table yet.
313 typedef struct QCowL2Meta
315 /** Guest offset of the first newly allocated cluster */
318 /** Host offset of the first newly allocated cluster */
319 uint64_t alloc_offset
;
321 /** Number of newly allocated clusters */
325 * Requests that overlap with this allocation and wait to be restarted
326 * when the allocating request has completed.
328 CoQueue dependent_requests
;
331 * The COW Region between the start of the first allocated cluster and the
332 * area the guest actually writes to.
334 Qcow2COWRegion cow_start
;
337 * The COW Region between the area the guest actually writes to and the
338 * end of the last allocated cluster.
340 Qcow2COWRegion cow_end
;
342 /** Pointer to next L2Meta of the same write request */
343 struct QCowL2Meta
*next
;
345 QLIST_ENTRY(QCowL2Meta
) next_in_flight
;
349 QCOW2_CLUSTER_UNALLOCATED
,
350 QCOW2_CLUSTER_NORMAL
,
351 QCOW2_CLUSTER_COMPRESSED
,
355 typedef enum QCow2MetadataOverlap
{
356 QCOW2_OL_MAIN_HEADER_BITNR
= 0,
357 QCOW2_OL_ACTIVE_L1_BITNR
= 1,
358 QCOW2_OL_ACTIVE_L2_BITNR
= 2,
359 QCOW2_OL_REFCOUNT_TABLE_BITNR
= 3,
360 QCOW2_OL_REFCOUNT_BLOCK_BITNR
= 4,
361 QCOW2_OL_SNAPSHOT_TABLE_BITNR
= 5,
362 QCOW2_OL_INACTIVE_L1_BITNR
= 6,
363 QCOW2_OL_INACTIVE_L2_BITNR
= 7,
365 QCOW2_OL_MAX_BITNR
= 8,
368 QCOW2_OL_MAIN_HEADER
= (1 << QCOW2_OL_MAIN_HEADER_BITNR
),
369 QCOW2_OL_ACTIVE_L1
= (1 << QCOW2_OL_ACTIVE_L1_BITNR
),
370 QCOW2_OL_ACTIVE_L2
= (1 << QCOW2_OL_ACTIVE_L2_BITNR
),
371 QCOW2_OL_REFCOUNT_TABLE
= (1 << QCOW2_OL_REFCOUNT_TABLE_BITNR
),
372 QCOW2_OL_REFCOUNT_BLOCK
= (1 << QCOW2_OL_REFCOUNT_BLOCK_BITNR
),
373 QCOW2_OL_SNAPSHOT_TABLE
= (1 << QCOW2_OL_SNAPSHOT_TABLE_BITNR
),
374 QCOW2_OL_INACTIVE_L1
= (1 << QCOW2_OL_INACTIVE_L1_BITNR
),
375 /* NOTE: Checking overlaps with inactive L2 tables will result in bdrv
377 QCOW2_OL_INACTIVE_L2
= (1 << QCOW2_OL_INACTIVE_L2_BITNR
),
378 } QCow2MetadataOverlap
;
380 /* Perform all overlap checks which can be done in constant time */
381 #define QCOW2_OL_CONSTANT \
382 (QCOW2_OL_MAIN_HEADER | QCOW2_OL_ACTIVE_L1 | QCOW2_OL_REFCOUNT_TABLE | \
383 QCOW2_OL_SNAPSHOT_TABLE)
385 /* Perform all overlap checks which don't require disk access */
386 #define QCOW2_OL_CACHED \
387 (QCOW2_OL_CONSTANT | QCOW2_OL_ACTIVE_L2 | QCOW2_OL_REFCOUNT_BLOCK | \
388 QCOW2_OL_INACTIVE_L1)
390 /* Perform all overlap checks */
391 #define QCOW2_OL_ALL \
392 (QCOW2_OL_CACHED | QCOW2_OL_INACTIVE_L2)
394 #define L1E_OFFSET_MASK 0x00fffffffffffe00ULL
395 #define L2E_OFFSET_MASK 0x00fffffffffffe00ULL
396 #define L2E_COMPRESSED_OFFSET_SIZE_MASK 0x3fffffffffffffffULL
398 #define REFT_OFFSET_MASK 0xfffffffffffffe00ULL
400 static inline int64_t start_of_cluster(BDRVQcow2State
*s
, int64_t offset
)
402 return offset
& ~(s
->cluster_size
- 1);
405 static inline int64_t offset_into_cluster(BDRVQcow2State
*s
, int64_t offset
)
407 return offset
& (s
->cluster_size
- 1);
410 static inline uint64_t size_to_clusters(BDRVQcow2State
*s
, uint64_t size
)
412 return (size
+ (s
->cluster_size
- 1)) >> s
->cluster_bits
;
415 static inline int64_t size_to_l1(BDRVQcow2State
*s
, int64_t size
)
417 int shift
= s
->cluster_bits
+ s
->l2_bits
;
418 return (size
+ (1ULL << shift
) - 1) >> shift
;
421 static inline int offset_to_l2_index(BDRVQcow2State
*s
, int64_t offset
)
423 return (offset
>> s
->cluster_bits
) & (s
->l2_size
- 1);
426 static inline int64_t align_offset(int64_t offset
, int n
)
428 offset
= (offset
+ n
- 1) & ~(n
- 1);
432 static inline int64_t qcow2_vm_state_offset(BDRVQcow2State
*s
)
434 return (int64_t)s
->l1_vm_state_index
<< (s
->cluster_bits
+ s
->l2_bits
);
437 static inline uint64_t qcow2_max_refcount_clusters(BDRVQcow2State
*s
)
439 return QCOW_MAX_REFTABLE_SIZE
>> s
->cluster_bits
;
442 static inline int qcow2_get_cluster_type(uint64_t l2_entry
)
444 if (l2_entry
& QCOW_OFLAG_COMPRESSED
) {
445 return QCOW2_CLUSTER_COMPRESSED
;
446 } else if (l2_entry
& QCOW_OFLAG_ZERO
) {
447 return QCOW2_CLUSTER_ZERO
;
448 } else if (!(l2_entry
& L2E_OFFSET_MASK
)) {
449 return QCOW2_CLUSTER_UNALLOCATED
;
451 return QCOW2_CLUSTER_NORMAL
;
455 /* Check whether refcounts are eager or lazy */
456 static inline bool qcow2_need_accurate_refcounts(BDRVQcow2State
*s
)
458 return !(s
->incompatible_features
& QCOW2_INCOMPAT_DIRTY
);
461 static inline uint64_t l2meta_cow_start(QCowL2Meta
*m
)
463 return m
->offset
+ m
->cow_start
.offset
;
466 static inline uint64_t l2meta_cow_end(QCowL2Meta
*m
)
468 return m
->offset
+ m
->cow_end
.offset
+ m
->cow_end
.nb_bytes
;
471 static inline uint64_t refcount_diff(uint64_t r1
, uint64_t r2
)
473 return r1
> r2
? r1
- r2
: r2
- r1
;
476 // FIXME Need qcow2_ prefix to global functions
478 /* qcow2.c functions */
479 int qcow2_backing_read1(BlockDriverState
*bs
, QEMUIOVector
*qiov
,
480 int64_t sector_num
, int nb_sectors
);
482 int qcow2_mark_dirty(BlockDriverState
*bs
);
483 int qcow2_mark_corrupt(BlockDriverState
*bs
);
484 int qcow2_mark_consistent(BlockDriverState
*bs
);
485 int qcow2_update_header(BlockDriverState
*bs
);
487 void qcow2_signal_corruption(BlockDriverState
*bs
, bool fatal
, int64_t offset
,
488 int64_t size
, const char *message_format
, ...)
491 /* qcow2-refcount.c functions */
492 int qcow2_refcount_init(BlockDriverState
*bs
);
493 void qcow2_refcount_close(BlockDriverState
*bs
);
495 int qcow2_get_refcount(BlockDriverState
*bs
, int64_t cluster_index
,
498 int qcow2_update_cluster_refcount(BlockDriverState
*bs
, int64_t cluster_index
,
499 uint64_t addend
, bool decrease
,
500 enum qcow2_discard_type type
);
502 int64_t qcow2_alloc_clusters(BlockDriverState
*bs
, uint64_t size
);
503 int64_t qcow2_alloc_clusters_at(BlockDriverState
*bs
, uint64_t offset
,
504 int64_t nb_clusters
);
505 int64_t qcow2_alloc_bytes(BlockDriverState
*bs
, int size
);
506 void qcow2_free_clusters(BlockDriverState
*bs
,
507 int64_t offset
, int64_t size
,
508 enum qcow2_discard_type type
);
509 void qcow2_free_any_clusters(BlockDriverState
*bs
, uint64_t l2_entry
,
510 int nb_clusters
, enum qcow2_discard_type type
);
512 int qcow2_update_snapshot_refcount(BlockDriverState
*bs
,
513 int64_t l1_table_offset
, int l1_size
, int addend
);
515 int qcow2_check_refcounts(BlockDriverState
*bs
, BdrvCheckResult
*res
,
518 void qcow2_process_discards(BlockDriverState
*bs
, int ret
);
520 int qcow2_check_metadata_overlap(BlockDriverState
*bs
, int ign
, int64_t offset
,
522 int qcow2_pre_write_overlap_check(BlockDriverState
*bs
, int ign
, int64_t offset
,
525 int qcow2_change_refcount_order(BlockDriverState
*bs
, int refcount_order
,
526 BlockDriverAmendStatusCB
*status_cb
,
527 void *cb_opaque
, Error
**errp
);
529 /* qcow2-cluster.c functions */
530 int qcow2_grow_l1_table(BlockDriverState
*bs
, uint64_t min_size
,
532 int qcow2_write_l1_entry(BlockDriverState
*bs
, int l1_index
);
533 int qcow2_decompress_cluster(BlockDriverState
*bs
, uint64_t cluster_offset
);
534 int qcow2_encrypt_sectors(BDRVQcow2State
*s
, int64_t sector_num
,
535 uint8_t *out_buf
, const uint8_t *in_buf
,
536 int nb_sectors
, bool enc
, Error
**errp
);
538 int qcow2_get_cluster_offset(BlockDriverState
*bs
, uint64_t offset
,
539 unsigned int *bytes
, uint64_t *cluster_offset
);
540 int qcow2_alloc_cluster_offset(BlockDriverState
*bs
, uint64_t offset
,
541 unsigned int *bytes
, uint64_t *host_offset
,
543 uint64_t qcow2_alloc_compressed_cluster_offset(BlockDriverState
*bs
,
545 int compressed_size
);
547 int qcow2_alloc_cluster_link_l2(BlockDriverState
*bs
, QCowL2Meta
*m
);
548 int qcow2_discard_clusters(BlockDriverState
*bs
, uint64_t offset
,
549 int nb_sectors
, enum qcow2_discard_type type
, bool full_discard
);
550 int qcow2_zero_clusters(BlockDriverState
*bs
, uint64_t offset
, int nb_sectors
);
552 int qcow2_expand_zero_clusters(BlockDriverState
*bs
,
553 BlockDriverAmendStatusCB
*status_cb
,
556 /* qcow2-snapshot.c functions */
557 int qcow2_snapshot_create(BlockDriverState
*bs
, QEMUSnapshotInfo
*sn_info
);
558 int qcow2_snapshot_goto(BlockDriverState
*bs
, const char *snapshot_id
);
559 int qcow2_snapshot_delete(BlockDriverState
*bs
,
560 const char *snapshot_id
,
563 int qcow2_snapshot_list(BlockDriverState
*bs
, QEMUSnapshotInfo
**psn_tab
);
564 int qcow2_snapshot_load_tmp(BlockDriverState
*bs
,
565 const char *snapshot_id
,
569 void qcow2_free_snapshots(BlockDriverState
*bs
);
570 int qcow2_read_snapshots(BlockDriverState
*bs
);
572 /* qcow2-cache.c functions */
573 Qcow2Cache
*qcow2_cache_create(BlockDriverState
*bs
, int num_tables
);
574 int qcow2_cache_destroy(BlockDriverState
* bs
, Qcow2Cache
*c
);
576 void qcow2_cache_entry_mark_dirty(BlockDriverState
*bs
, Qcow2Cache
*c
,
578 int qcow2_cache_flush(BlockDriverState
*bs
, Qcow2Cache
*c
);
579 int qcow2_cache_write(BlockDriverState
*bs
, Qcow2Cache
*c
);
580 int qcow2_cache_set_dependency(BlockDriverState
*bs
, Qcow2Cache
*c
,
581 Qcow2Cache
*dependency
);
582 void qcow2_cache_depends_on_flush(Qcow2Cache
*c
);
584 void qcow2_cache_clean_unused(BlockDriverState
*bs
, Qcow2Cache
*c
);
585 int qcow2_cache_empty(BlockDriverState
*bs
, Qcow2Cache
*c
);
587 int qcow2_cache_get(BlockDriverState
*bs
, Qcow2Cache
*c
, uint64_t offset
,
589 int qcow2_cache_get_empty(BlockDriverState
*bs
, Qcow2Cache
*c
, uint64_t offset
,
591 void qcow2_cache_put(BlockDriverState
*bs
, Qcow2Cache
*c
, void **table
);