hw/misc/led: Add yellow LED
[qemu/ar7.git] / block.c
blobf377158c425566d91361c04b793d71e7112da2d1
1 /*
2 * QEMU System Emulator block driver
4 * Copyright (c) 2003 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
25 #include "qemu/osdep.h"
26 #include "block/trace.h"
27 #include "block/block_int.h"
28 #include "block/blockjob.h"
29 #include "block/fuse.h"
30 #include "block/nbd.h"
31 #include "block/qdict.h"
32 #include "qemu/error-report.h"
33 #include "block/module_block.h"
34 #include "qemu/main-loop.h"
35 #include "qemu/module.h"
36 #include "qapi/error.h"
37 #include "qapi/qmp/qdict.h"
38 #include "qapi/qmp/qjson.h"
39 #include "qapi/qmp/qnull.h"
40 #include "qapi/qmp/qstring.h"
41 #include "qapi/qobject-output-visitor.h"
42 #include "qapi/qapi-visit-block-core.h"
43 #include "sysemu/block-backend.h"
44 #include "sysemu/sysemu.h"
45 #include "qemu/notify.h"
46 #include "qemu/option.h"
47 #include "qemu/coroutine.h"
48 #include "block/qapi.h"
49 #include "qemu/timer.h"
50 #include "qemu/cutils.h"
51 #include "qemu/id.h"
52 #include "block/coroutines.h"
54 #ifdef CONFIG_BSD
55 #include <sys/ioctl.h>
56 #include <sys/queue.h>
57 #ifndef __DragonFly__
58 #include <sys/disk.h>
59 #endif
60 #endif
62 #ifdef _WIN32
63 #include <windows.h>
64 #endif
66 #define NOT_DONE 0x7fffffff /* used while emulated sync operation in progress */
68 static QTAILQ_HEAD(, BlockDriverState) graph_bdrv_states =
69 QTAILQ_HEAD_INITIALIZER(graph_bdrv_states);
71 static QTAILQ_HEAD(, BlockDriverState) all_bdrv_states =
72 QTAILQ_HEAD_INITIALIZER(all_bdrv_states);
74 static QLIST_HEAD(, BlockDriver) bdrv_drivers =
75 QLIST_HEAD_INITIALIZER(bdrv_drivers);
77 static BlockDriverState *bdrv_open_inherit(const char *filename,
78 const char *reference,
79 QDict *options, int flags,
80 BlockDriverState *parent,
81 const BdrvChildClass *child_class,
82 BdrvChildRole child_role,
83 Error **errp);
85 /* If non-zero, use only whitelisted block drivers */
86 static int use_bdrv_whitelist;
88 #ifdef _WIN32
89 static int is_windows_drive_prefix(const char *filename)
91 return (((filename[0] >= 'a' && filename[0] <= 'z') ||
92 (filename[0] >= 'A' && filename[0] <= 'Z')) &&
93 filename[1] == ':');
96 int is_windows_drive(const char *filename)
98 if (is_windows_drive_prefix(filename) &&
99 filename[2] == '\0')
100 return 1;
101 if (strstart(filename, "\\\\.\\", NULL) ||
102 strstart(filename, "//./", NULL))
103 return 1;
104 return 0;
106 #endif
108 size_t bdrv_opt_mem_align(BlockDriverState *bs)
110 if (!bs || !bs->drv) {
111 /* page size or 4k (hdd sector size) should be on the safe side */
112 return MAX(4096, qemu_real_host_page_size);
115 return bs->bl.opt_mem_alignment;
118 size_t bdrv_min_mem_align(BlockDriverState *bs)
120 if (!bs || !bs->drv) {
121 /* page size or 4k (hdd sector size) should be on the safe side */
122 return MAX(4096, qemu_real_host_page_size);
125 return bs->bl.min_mem_alignment;
128 /* check if the path starts with "<protocol>:" */
129 int path_has_protocol(const char *path)
131 const char *p;
133 #ifdef _WIN32
134 if (is_windows_drive(path) ||
135 is_windows_drive_prefix(path)) {
136 return 0;
138 p = path + strcspn(path, ":/\\");
139 #else
140 p = path + strcspn(path, ":/");
141 #endif
143 return *p == ':';
146 int path_is_absolute(const char *path)
148 #ifdef _WIN32
149 /* specific case for names like: "\\.\d:" */
150 if (is_windows_drive(path) || is_windows_drive_prefix(path)) {
151 return 1;
153 return (*path == '/' || *path == '\\');
154 #else
155 return (*path == '/');
156 #endif
159 /* if filename is absolute, just return its duplicate. Otherwise, build a
160 path to it by considering it is relative to base_path. URL are
161 supported. */
162 char *path_combine(const char *base_path, const char *filename)
164 const char *protocol_stripped = NULL;
165 const char *p, *p1;
166 char *result;
167 int len;
169 if (path_is_absolute(filename)) {
170 return g_strdup(filename);
173 if (path_has_protocol(base_path)) {
174 protocol_stripped = strchr(base_path, ':');
175 if (protocol_stripped) {
176 protocol_stripped++;
179 p = protocol_stripped ?: base_path;
181 p1 = strrchr(base_path, '/');
182 #ifdef _WIN32
184 const char *p2;
185 p2 = strrchr(base_path, '\\');
186 if (!p1 || p2 > p1) {
187 p1 = p2;
190 #endif
191 if (p1) {
192 p1++;
193 } else {
194 p1 = base_path;
196 if (p1 > p) {
197 p = p1;
199 len = p - base_path;
201 result = g_malloc(len + strlen(filename) + 1);
202 memcpy(result, base_path, len);
203 strcpy(result + len, filename);
205 return result;
209 * Helper function for bdrv_parse_filename() implementations to remove optional
210 * protocol prefixes (especially "file:") from a filename and for putting the
211 * stripped filename into the options QDict if there is such a prefix.
213 void bdrv_parse_filename_strip_prefix(const char *filename, const char *prefix,
214 QDict *options)
216 if (strstart(filename, prefix, &filename)) {
217 /* Stripping the explicit protocol prefix may result in a protocol
218 * prefix being (wrongly) detected (if the filename contains a colon) */
219 if (path_has_protocol(filename)) {
220 GString *fat_filename;
222 /* This means there is some colon before the first slash; therefore,
223 * this cannot be an absolute path */
224 assert(!path_is_absolute(filename));
226 /* And we can thus fix the protocol detection issue by prefixing it
227 * by "./" */
228 fat_filename = g_string_new("./");
229 g_string_append(fat_filename, filename);
231 assert(!path_has_protocol(fat_filename->str));
233 qdict_put(options, "filename",
234 qstring_from_gstring(fat_filename));
235 } else {
236 /* If no protocol prefix was detected, we can use the shortened
237 * filename as-is */
238 qdict_put_str(options, "filename", filename);
244 /* Returns whether the image file is opened as read-only. Note that this can
245 * return false and writing to the image file is still not possible because the
246 * image is inactivated. */
247 bool bdrv_is_read_only(BlockDriverState *bs)
249 return bs->read_only;
252 int bdrv_can_set_read_only(BlockDriverState *bs, bool read_only,
253 bool ignore_allow_rdw, Error **errp)
255 /* Do not set read_only if copy_on_read is enabled */
256 if (bs->copy_on_read && read_only) {
257 error_setg(errp, "Can't set node '%s' to r/o with copy-on-read enabled",
258 bdrv_get_device_or_node_name(bs));
259 return -EINVAL;
262 /* Do not clear read_only if it is prohibited */
263 if (!read_only && !(bs->open_flags & BDRV_O_ALLOW_RDWR) &&
264 !ignore_allow_rdw)
266 error_setg(errp, "Node '%s' is read only",
267 bdrv_get_device_or_node_name(bs));
268 return -EPERM;
271 return 0;
275 * Called by a driver that can only provide a read-only image.
277 * Returns 0 if the node is already read-only or it could switch the node to
278 * read-only because BDRV_O_AUTO_RDONLY is set.
280 * Returns -EACCES if the node is read-write and BDRV_O_AUTO_RDONLY is not set
281 * or bdrv_can_set_read_only() forbids making the node read-only. If @errmsg
282 * is not NULL, it is used as the error message for the Error object.
284 int bdrv_apply_auto_read_only(BlockDriverState *bs, const char *errmsg,
285 Error **errp)
287 int ret = 0;
289 if (!(bs->open_flags & BDRV_O_RDWR)) {
290 return 0;
292 if (!(bs->open_flags & BDRV_O_AUTO_RDONLY)) {
293 goto fail;
296 ret = bdrv_can_set_read_only(bs, true, false, NULL);
297 if (ret < 0) {
298 goto fail;
301 bs->read_only = true;
302 bs->open_flags &= ~BDRV_O_RDWR;
304 return 0;
306 fail:
307 error_setg(errp, "%s", errmsg ?: "Image is read-only");
308 return -EACCES;
312 * If @backing is empty, this function returns NULL without setting
313 * @errp. In all other cases, NULL will only be returned with @errp
314 * set.
316 * Therefore, a return value of NULL without @errp set means that
317 * there is no backing file; if @errp is set, there is one but its
318 * absolute filename cannot be generated.
320 char *bdrv_get_full_backing_filename_from_filename(const char *backed,
321 const char *backing,
322 Error **errp)
324 if (backing[0] == '\0') {
325 return NULL;
326 } else if (path_has_protocol(backing) || path_is_absolute(backing)) {
327 return g_strdup(backing);
328 } else if (backed[0] == '\0' || strstart(backed, "json:", NULL)) {
329 error_setg(errp, "Cannot use relative backing file names for '%s'",
330 backed);
331 return NULL;
332 } else {
333 return path_combine(backed, backing);
338 * If @filename is empty or NULL, this function returns NULL without
339 * setting @errp. In all other cases, NULL will only be returned with
340 * @errp set.
342 static char *bdrv_make_absolute_filename(BlockDriverState *relative_to,
343 const char *filename, Error **errp)
345 char *dir, *full_name;
347 if (!filename || filename[0] == '\0') {
348 return NULL;
349 } else if (path_has_protocol(filename) || path_is_absolute(filename)) {
350 return g_strdup(filename);
353 dir = bdrv_dirname(relative_to, errp);
354 if (!dir) {
355 return NULL;
358 full_name = g_strconcat(dir, filename, NULL);
359 g_free(dir);
360 return full_name;
363 char *bdrv_get_full_backing_filename(BlockDriverState *bs, Error **errp)
365 return bdrv_make_absolute_filename(bs, bs->backing_file, errp);
368 void bdrv_register(BlockDriver *bdrv)
370 assert(bdrv->format_name);
371 QLIST_INSERT_HEAD(&bdrv_drivers, bdrv, list);
374 BlockDriverState *bdrv_new(void)
376 BlockDriverState *bs;
377 int i;
379 bs = g_new0(BlockDriverState, 1);
380 QLIST_INIT(&bs->dirty_bitmaps);
381 for (i = 0; i < BLOCK_OP_TYPE_MAX; i++) {
382 QLIST_INIT(&bs->op_blockers[i]);
384 notifier_with_return_list_init(&bs->before_write_notifiers);
385 qemu_co_mutex_init(&bs->reqs_lock);
386 qemu_mutex_init(&bs->dirty_bitmap_mutex);
387 bs->refcnt = 1;
388 bs->aio_context = qemu_get_aio_context();
390 qemu_co_queue_init(&bs->flush_queue);
392 for (i = 0; i < bdrv_drain_all_count; i++) {
393 bdrv_drained_begin(bs);
396 QTAILQ_INSERT_TAIL(&all_bdrv_states, bs, bs_list);
398 return bs;
401 static BlockDriver *bdrv_do_find_format(const char *format_name)
403 BlockDriver *drv1;
405 QLIST_FOREACH(drv1, &bdrv_drivers, list) {
406 if (!strcmp(drv1->format_name, format_name)) {
407 return drv1;
411 return NULL;
414 BlockDriver *bdrv_find_format(const char *format_name)
416 BlockDriver *drv1;
417 int i;
419 drv1 = bdrv_do_find_format(format_name);
420 if (drv1) {
421 return drv1;
424 /* The driver isn't registered, maybe we need to load a module */
425 for (i = 0; i < (int)ARRAY_SIZE(block_driver_modules); ++i) {
426 if (!strcmp(block_driver_modules[i].format_name, format_name)) {
427 block_module_load_one(block_driver_modules[i].library_name);
428 break;
432 return bdrv_do_find_format(format_name);
435 static int bdrv_format_is_whitelisted(const char *format_name, bool read_only)
437 static const char *whitelist_rw[] = {
438 CONFIG_BDRV_RW_WHITELIST
439 NULL
441 static const char *whitelist_ro[] = {
442 CONFIG_BDRV_RO_WHITELIST
443 NULL
445 const char **p;
447 if (!whitelist_rw[0] && !whitelist_ro[0]) {
448 return 1; /* no whitelist, anything goes */
451 for (p = whitelist_rw; *p; p++) {
452 if (!strcmp(format_name, *p)) {
453 return 1;
456 if (read_only) {
457 for (p = whitelist_ro; *p; p++) {
458 if (!strcmp(format_name, *p)) {
459 return 1;
463 return 0;
466 int bdrv_is_whitelisted(BlockDriver *drv, bool read_only)
468 return bdrv_format_is_whitelisted(drv->format_name, read_only);
471 bool bdrv_uses_whitelist(void)
473 return use_bdrv_whitelist;
476 typedef struct CreateCo {
477 BlockDriver *drv;
478 char *filename;
479 QemuOpts *opts;
480 int ret;
481 Error *err;
482 } CreateCo;
484 static void coroutine_fn bdrv_create_co_entry(void *opaque)
486 Error *local_err = NULL;
487 int ret;
489 CreateCo *cco = opaque;
490 assert(cco->drv);
492 ret = cco->drv->bdrv_co_create_opts(cco->drv,
493 cco->filename, cco->opts, &local_err);
494 error_propagate(&cco->err, local_err);
495 cco->ret = ret;
498 int bdrv_create(BlockDriver *drv, const char* filename,
499 QemuOpts *opts, Error **errp)
501 int ret;
503 Coroutine *co;
504 CreateCo cco = {
505 .drv = drv,
506 .filename = g_strdup(filename),
507 .opts = opts,
508 .ret = NOT_DONE,
509 .err = NULL,
512 if (!drv->bdrv_co_create_opts) {
513 error_setg(errp, "Driver '%s' does not support image creation", drv->format_name);
514 ret = -ENOTSUP;
515 goto out;
518 if (qemu_in_coroutine()) {
519 /* Fast-path if already in coroutine context */
520 bdrv_create_co_entry(&cco);
521 } else {
522 co = qemu_coroutine_create(bdrv_create_co_entry, &cco);
523 qemu_coroutine_enter(co);
524 while (cco.ret == NOT_DONE) {
525 aio_poll(qemu_get_aio_context(), true);
529 ret = cco.ret;
530 if (ret < 0) {
531 if (cco.err) {
532 error_propagate(errp, cco.err);
533 } else {
534 error_setg_errno(errp, -ret, "Could not create image");
538 out:
539 g_free(cco.filename);
540 return ret;
544 * Helper function for bdrv_create_file_fallback(): Resize @blk to at
545 * least the given @minimum_size.
547 * On success, return @blk's actual length.
548 * Otherwise, return -errno.
550 static int64_t create_file_fallback_truncate(BlockBackend *blk,
551 int64_t minimum_size, Error **errp)
553 Error *local_err = NULL;
554 int64_t size;
555 int ret;
557 ret = blk_truncate(blk, minimum_size, false, PREALLOC_MODE_OFF, 0,
558 &local_err);
559 if (ret < 0 && ret != -ENOTSUP) {
560 error_propagate(errp, local_err);
561 return ret;
564 size = blk_getlength(blk);
565 if (size < 0) {
566 error_free(local_err);
567 error_setg_errno(errp, -size,
568 "Failed to inquire the new image file's length");
569 return size;
572 if (size < minimum_size) {
573 /* Need to grow the image, but we failed to do that */
574 error_propagate(errp, local_err);
575 return -ENOTSUP;
578 error_free(local_err);
579 local_err = NULL;
581 return size;
585 * Helper function for bdrv_create_file_fallback(): Zero the first
586 * sector to remove any potentially pre-existing image header.
588 static int create_file_fallback_zero_first_sector(BlockBackend *blk,
589 int64_t current_size,
590 Error **errp)
592 int64_t bytes_to_clear;
593 int ret;
595 bytes_to_clear = MIN(current_size, BDRV_SECTOR_SIZE);
596 if (bytes_to_clear) {
597 ret = blk_pwrite_zeroes(blk, 0, bytes_to_clear, BDRV_REQ_MAY_UNMAP);
598 if (ret < 0) {
599 error_setg_errno(errp, -ret,
600 "Failed to clear the new image's first sector");
601 return ret;
605 return 0;
609 * Simple implementation of bdrv_co_create_opts for protocol drivers
610 * which only support creation via opening a file
611 * (usually existing raw storage device)
613 int coroutine_fn bdrv_co_create_opts_simple(BlockDriver *drv,
614 const char *filename,
615 QemuOpts *opts,
616 Error **errp)
618 BlockBackend *blk;
619 QDict *options;
620 int64_t size = 0;
621 char *buf = NULL;
622 PreallocMode prealloc;
623 Error *local_err = NULL;
624 int ret;
626 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0);
627 buf = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC);
628 prealloc = qapi_enum_parse(&PreallocMode_lookup, buf,
629 PREALLOC_MODE_OFF, &local_err);
630 g_free(buf);
631 if (local_err) {
632 error_propagate(errp, local_err);
633 return -EINVAL;
636 if (prealloc != PREALLOC_MODE_OFF) {
637 error_setg(errp, "Unsupported preallocation mode '%s'",
638 PreallocMode_str(prealloc));
639 return -ENOTSUP;
642 options = qdict_new();
643 qdict_put_str(options, "driver", drv->format_name);
645 blk = blk_new_open(filename, NULL, options,
646 BDRV_O_RDWR | BDRV_O_RESIZE, errp);
647 if (!blk) {
648 error_prepend(errp, "Protocol driver '%s' does not support image "
649 "creation, and opening the image failed: ",
650 drv->format_name);
651 return -EINVAL;
654 size = create_file_fallback_truncate(blk, size, errp);
655 if (size < 0) {
656 ret = size;
657 goto out;
660 ret = create_file_fallback_zero_first_sector(blk, size, errp);
661 if (ret < 0) {
662 goto out;
665 ret = 0;
666 out:
667 blk_unref(blk);
668 return ret;
671 int bdrv_create_file(const char *filename, QemuOpts *opts, Error **errp)
673 BlockDriver *drv;
675 drv = bdrv_find_protocol(filename, true, errp);
676 if (drv == NULL) {
677 return -ENOENT;
680 return bdrv_create(drv, filename, opts, errp);
683 int coroutine_fn bdrv_co_delete_file(BlockDriverState *bs, Error **errp)
685 Error *local_err = NULL;
686 int ret;
688 assert(bs != NULL);
690 if (!bs->drv) {
691 error_setg(errp, "Block node '%s' is not opened", bs->filename);
692 return -ENOMEDIUM;
695 if (!bs->drv->bdrv_co_delete_file) {
696 error_setg(errp, "Driver '%s' does not support image deletion",
697 bs->drv->format_name);
698 return -ENOTSUP;
701 ret = bs->drv->bdrv_co_delete_file(bs, &local_err);
702 if (ret < 0) {
703 error_propagate(errp, local_err);
706 return ret;
709 void coroutine_fn bdrv_co_delete_file_noerr(BlockDriverState *bs)
711 Error *local_err = NULL;
712 int ret;
714 if (!bs) {
715 return;
718 ret = bdrv_co_delete_file(bs, &local_err);
720 * ENOTSUP will happen if the block driver doesn't support
721 * the 'bdrv_co_delete_file' interface. This is a predictable
722 * scenario and shouldn't be reported back to the user.
724 if (ret == -ENOTSUP) {
725 error_free(local_err);
726 } else if (ret < 0) {
727 error_report_err(local_err);
732 * Try to get @bs's logical and physical block size.
733 * On success, store them in @bsz struct and return 0.
734 * On failure return -errno.
735 * @bs must not be empty.
737 int bdrv_probe_blocksizes(BlockDriverState *bs, BlockSizes *bsz)
739 BlockDriver *drv = bs->drv;
740 BlockDriverState *filtered = bdrv_filter_bs(bs);
742 if (drv && drv->bdrv_probe_blocksizes) {
743 return drv->bdrv_probe_blocksizes(bs, bsz);
744 } else if (filtered) {
745 return bdrv_probe_blocksizes(filtered, bsz);
748 return -ENOTSUP;
752 * Try to get @bs's geometry (cyls, heads, sectors).
753 * On success, store them in @geo struct and return 0.
754 * On failure return -errno.
755 * @bs must not be empty.
757 int bdrv_probe_geometry(BlockDriverState *bs, HDGeometry *geo)
759 BlockDriver *drv = bs->drv;
760 BlockDriverState *filtered = bdrv_filter_bs(bs);
762 if (drv && drv->bdrv_probe_geometry) {
763 return drv->bdrv_probe_geometry(bs, geo);
764 } else if (filtered) {
765 return bdrv_probe_geometry(filtered, geo);
768 return -ENOTSUP;
772 * Create a uniquely-named empty temporary file.
773 * Return 0 upon success, otherwise a negative errno value.
775 int get_tmp_filename(char *filename, int size)
777 #ifdef _WIN32
778 char temp_dir[MAX_PATH];
779 /* GetTempFileName requires that its output buffer (4th param)
780 have length MAX_PATH or greater. */
781 assert(size >= MAX_PATH);
782 return (GetTempPath(MAX_PATH, temp_dir)
783 && GetTempFileName(temp_dir, "qem", 0, filename)
784 ? 0 : -GetLastError());
785 #else
786 int fd;
787 const char *tmpdir;
788 tmpdir = getenv("TMPDIR");
789 if (!tmpdir) {
790 tmpdir = "/var/tmp";
792 if (snprintf(filename, size, "%s/vl.XXXXXX", tmpdir) >= size) {
793 return -EOVERFLOW;
795 fd = mkstemp(filename);
796 if (fd < 0) {
797 return -errno;
799 if (close(fd) != 0) {
800 unlink(filename);
801 return -errno;
803 return 0;
804 #endif
808 * Detect host devices. By convention, /dev/cdrom[N] is always
809 * recognized as a host CDROM.
811 static BlockDriver *find_hdev_driver(const char *filename)
813 int score_max = 0, score;
814 BlockDriver *drv = NULL, *d;
816 QLIST_FOREACH(d, &bdrv_drivers, list) {
817 if (d->bdrv_probe_device) {
818 score = d->bdrv_probe_device(filename);
819 if (score > score_max) {
820 score_max = score;
821 drv = d;
826 return drv;
829 static BlockDriver *bdrv_do_find_protocol(const char *protocol)
831 BlockDriver *drv1;
833 QLIST_FOREACH(drv1, &bdrv_drivers, list) {
834 if (drv1->protocol_name && !strcmp(drv1->protocol_name, protocol)) {
835 return drv1;
839 return NULL;
842 BlockDriver *bdrv_find_protocol(const char *filename,
843 bool allow_protocol_prefix,
844 Error **errp)
846 BlockDriver *drv1;
847 char protocol[128];
848 int len;
849 const char *p;
850 int i;
852 /* TODO Drivers without bdrv_file_open must be specified explicitly */
855 * XXX(hch): we really should not let host device detection
856 * override an explicit protocol specification, but moving this
857 * later breaks access to device names with colons in them.
858 * Thanks to the brain-dead persistent naming schemes on udev-
859 * based Linux systems those actually are quite common.
861 drv1 = find_hdev_driver(filename);
862 if (drv1) {
863 return drv1;
866 if (!path_has_protocol(filename) || !allow_protocol_prefix) {
867 return &bdrv_file;
870 p = strchr(filename, ':');
871 assert(p != NULL);
872 len = p - filename;
873 if (len > sizeof(protocol) - 1)
874 len = sizeof(protocol) - 1;
875 memcpy(protocol, filename, len);
876 protocol[len] = '\0';
878 drv1 = bdrv_do_find_protocol(protocol);
879 if (drv1) {
880 return drv1;
883 for (i = 0; i < (int)ARRAY_SIZE(block_driver_modules); ++i) {
884 if (block_driver_modules[i].protocol_name &&
885 !strcmp(block_driver_modules[i].protocol_name, protocol)) {
886 block_module_load_one(block_driver_modules[i].library_name);
887 break;
891 drv1 = bdrv_do_find_protocol(protocol);
892 if (!drv1) {
893 error_setg(errp, "Unknown protocol '%s'", protocol);
895 return drv1;
899 * Guess image format by probing its contents.
900 * This is not a good idea when your image is raw (CVE-2008-2004), but
901 * we do it anyway for backward compatibility.
903 * @buf contains the image's first @buf_size bytes.
904 * @buf_size is the buffer size in bytes (generally BLOCK_PROBE_BUF_SIZE,
905 * but can be smaller if the image file is smaller)
906 * @filename is its filename.
908 * For all block drivers, call the bdrv_probe() method to get its
909 * probing score.
910 * Return the first block driver with the highest probing score.
912 BlockDriver *bdrv_probe_all(const uint8_t *buf, int buf_size,
913 const char *filename)
915 int score_max = 0, score;
916 BlockDriver *drv = NULL, *d;
918 QLIST_FOREACH(d, &bdrv_drivers, list) {
919 if (d->bdrv_probe) {
920 score = d->bdrv_probe(buf, buf_size, filename);
921 if (score > score_max) {
922 score_max = score;
923 drv = d;
928 return drv;
931 static int find_image_format(BlockBackend *file, const char *filename,
932 BlockDriver **pdrv, Error **errp)
934 BlockDriver *drv;
935 uint8_t buf[BLOCK_PROBE_BUF_SIZE];
936 int ret = 0;
938 /* Return the raw BlockDriver * to scsi-generic devices or empty drives */
939 if (blk_is_sg(file) || !blk_is_inserted(file) || blk_getlength(file) == 0) {
940 *pdrv = &bdrv_raw;
941 return ret;
944 ret = blk_pread(file, 0, buf, sizeof(buf));
945 if (ret < 0) {
946 error_setg_errno(errp, -ret, "Could not read image for determining its "
947 "format");
948 *pdrv = NULL;
949 return ret;
952 drv = bdrv_probe_all(buf, ret, filename);
953 if (!drv) {
954 error_setg(errp, "Could not determine image format: No compatible "
955 "driver found");
956 ret = -ENOENT;
958 *pdrv = drv;
959 return ret;
963 * Set the current 'total_sectors' value
964 * Return 0 on success, -errno on error.
966 int refresh_total_sectors(BlockDriverState *bs, int64_t hint)
968 BlockDriver *drv = bs->drv;
970 if (!drv) {
971 return -ENOMEDIUM;
974 /* Do not attempt drv->bdrv_getlength() on scsi-generic devices */
975 if (bdrv_is_sg(bs))
976 return 0;
978 /* query actual device if possible, otherwise just trust the hint */
979 if (drv->bdrv_getlength) {
980 int64_t length = drv->bdrv_getlength(bs);
981 if (length < 0) {
982 return length;
984 hint = DIV_ROUND_UP(length, BDRV_SECTOR_SIZE);
987 bs->total_sectors = hint;
989 if (bs->total_sectors * BDRV_SECTOR_SIZE > BDRV_MAX_LENGTH) {
990 return -EFBIG;
993 return 0;
997 * Combines a QDict of new block driver @options with any missing options taken
998 * from @old_options, so that leaving out an option defaults to its old value.
1000 static void bdrv_join_options(BlockDriverState *bs, QDict *options,
1001 QDict *old_options)
1003 if (bs->drv && bs->drv->bdrv_join_options) {
1004 bs->drv->bdrv_join_options(options, old_options);
1005 } else {
1006 qdict_join(options, old_options, false);
1010 static BlockdevDetectZeroesOptions bdrv_parse_detect_zeroes(QemuOpts *opts,
1011 int open_flags,
1012 Error **errp)
1014 Error *local_err = NULL;
1015 char *value = qemu_opt_get_del(opts, "detect-zeroes");
1016 BlockdevDetectZeroesOptions detect_zeroes =
1017 qapi_enum_parse(&BlockdevDetectZeroesOptions_lookup, value,
1018 BLOCKDEV_DETECT_ZEROES_OPTIONS_OFF, &local_err);
1019 g_free(value);
1020 if (local_err) {
1021 error_propagate(errp, local_err);
1022 return detect_zeroes;
1025 if (detect_zeroes == BLOCKDEV_DETECT_ZEROES_OPTIONS_UNMAP &&
1026 !(open_flags & BDRV_O_UNMAP))
1028 error_setg(errp, "setting detect-zeroes to unmap is not allowed "
1029 "without setting discard operation to unmap");
1032 return detect_zeroes;
1036 * Set open flags for aio engine
1038 * Return 0 on success, -1 if the engine specified is invalid
1040 int bdrv_parse_aio(const char *mode, int *flags)
1042 if (!strcmp(mode, "threads")) {
1043 /* do nothing, default */
1044 } else if (!strcmp(mode, "native")) {
1045 *flags |= BDRV_O_NATIVE_AIO;
1046 #ifdef CONFIG_LINUX_IO_URING
1047 } else if (!strcmp(mode, "io_uring")) {
1048 *flags |= BDRV_O_IO_URING;
1049 #endif
1050 } else {
1051 return -1;
1054 return 0;
1058 * Set open flags for a given discard mode
1060 * Return 0 on success, -1 if the discard mode was invalid.
1062 int bdrv_parse_discard_flags(const char *mode, int *flags)
1064 *flags &= ~BDRV_O_UNMAP;
1066 if (!strcmp(mode, "off") || !strcmp(mode, "ignore")) {
1067 /* do nothing */
1068 } else if (!strcmp(mode, "on") || !strcmp(mode, "unmap")) {
1069 *flags |= BDRV_O_UNMAP;
1070 } else {
1071 return -1;
1074 return 0;
1078 * Set open flags for a given cache mode
1080 * Return 0 on success, -1 if the cache mode was invalid.
1082 int bdrv_parse_cache_mode(const char *mode, int *flags, bool *writethrough)
1084 *flags &= ~BDRV_O_CACHE_MASK;
1086 if (!strcmp(mode, "off") || !strcmp(mode, "none")) {
1087 *writethrough = false;
1088 *flags |= BDRV_O_NOCACHE;
1089 } else if (!strcmp(mode, "directsync")) {
1090 *writethrough = true;
1091 *flags |= BDRV_O_NOCACHE;
1092 } else if (!strcmp(mode, "writeback")) {
1093 *writethrough = false;
1094 } else if (!strcmp(mode, "unsafe")) {
1095 *writethrough = false;
1096 *flags |= BDRV_O_NO_FLUSH;
1097 } else if (!strcmp(mode, "writethrough")) {
1098 *writethrough = true;
1099 } else {
1100 return -1;
1103 return 0;
1106 static char *bdrv_child_get_parent_desc(BdrvChild *c)
1108 BlockDriverState *parent = c->opaque;
1109 return g_strdup(bdrv_get_device_or_node_name(parent));
1112 static void bdrv_child_cb_drained_begin(BdrvChild *child)
1114 BlockDriverState *bs = child->opaque;
1115 bdrv_do_drained_begin_quiesce(bs, NULL, false);
1118 static bool bdrv_child_cb_drained_poll(BdrvChild *child)
1120 BlockDriverState *bs = child->opaque;
1121 return bdrv_drain_poll(bs, false, NULL, false);
1124 static void bdrv_child_cb_drained_end(BdrvChild *child,
1125 int *drained_end_counter)
1127 BlockDriverState *bs = child->opaque;
1128 bdrv_drained_end_no_poll(bs, drained_end_counter);
1131 static int bdrv_child_cb_inactivate(BdrvChild *child)
1133 BlockDriverState *bs = child->opaque;
1134 assert(bs->open_flags & BDRV_O_INACTIVE);
1135 return 0;
1138 static bool bdrv_child_cb_can_set_aio_ctx(BdrvChild *child, AioContext *ctx,
1139 GSList **ignore, Error **errp)
1141 BlockDriverState *bs = child->opaque;
1142 return bdrv_can_set_aio_context(bs, ctx, ignore, errp);
1145 static void bdrv_child_cb_set_aio_ctx(BdrvChild *child, AioContext *ctx,
1146 GSList **ignore)
1148 BlockDriverState *bs = child->opaque;
1149 return bdrv_set_aio_context_ignore(bs, ctx, ignore);
1153 * Returns the options and flags that a temporary snapshot should get, based on
1154 * the originally requested flags (the originally requested image will have
1155 * flags like a backing file)
1157 static void bdrv_temp_snapshot_options(int *child_flags, QDict *child_options,
1158 int parent_flags, QDict *parent_options)
1160 *child_flags = (parent_flags & ~BDRV_O_SNAPSHOT) | BDRV_O_TEMPORARY;
1162 /* For temporary files, unconditional cache=unsafe is fine */
1163 qdict_set_default_str(child_options, BDRV_OPT_CACHE_DIRECT, "off");
1164 qdict_set_default_str(child_options, BDRV_OPT_CACHE_NO_FLUSH, "on");
1166 /* Copy the read-only and discard options from the parent */
1167 qdict_copy_default(child_options, parent_options, BDRV_OPT_READ_ONLY);
1168 qdict_copy_default(child_options, parent_options, BDRV_OPT_DISCARD);
1170 /* aio=native doesn't work for cache.direct=off, so disable it for the
1171 * temporary snapshot */
1172 *child_flags &= ~BDRV_O_NATIVE_AIO;
1175 static void bdrv_backing_attach(BdrvChild *c)
1177 BlockDriverState *parent = c->opaque;
1178 BlockDriverState *backing_hd = c->bs;
1180 assert(!parent->backing_blocker);
1181 error_setg(&parent->backing_blocker,
1182 "node is used as backing hd of '%s'",
1183 bdrv_get_device_or_node_name(parent));
1185 bdrv_refresh_filename(backing_hd);
1187 parent->open_flags &= ~BDRV_O_NO_BACKING;
1189 bdrv_op_block_all(backing_hd, parent->backing_blocker);
1190 /* Otherwise we won't be able to commit or stream */
1191 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_COMMIT_TARGET,
1192 parent->backing_blocker);
1193 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_STREAM,
1194 parent->backing_blocker);
1196 * We do backup in 3 ways:
1197 * 1. drive backup
1198 * The target bs is new opened, and the source is top BDS
1199 * 2. blockdev backup
1200 * Both the source and the target are top BDSes.
1201 * 3. internal backup(used for block replication)
1202 * Both the source and the target are backing file
1204 * In case 1 and 2, neither the source nor the target is the backing file.
1205 * In case 3, we will block the top BDS, so there is only one block job
1206 * for the top BDS and its backing chain.
1208 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_BACKUP_SOURCE,
1209 parent->backing_blocker);
1210 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_BACKUP_TARGET,
1211 parent->backing_blocker);
1214 static void bdrv_backing_detach(BdrvChild *c)
1216 BlockDriverState *parent = c->opaque;
1218 assert(parent->backing_blocker);
1219 bdrv_op_unblock_all(c->bs, parent->backing_blocker);
1220 error_free(parent->backing_blocker);
1221 parent->backing_blocker = NULL;
1224 static int bdrv_backing_update_filename(BdrvChild *c, BlockDriverState *base,
1225 const char *filename, Error **errp)
1227 BlockDriverState *parent = c->opaque;
1228 bool read_only = bdrv_is_read_only(parent);
1229 int ret;
1231 if (read_only) {
1232 ret = bdrv_reopen_set_read_only(parent, false, errp);
1233 if (ret < 0) {
1234 return ret;
1238 ret = bdrv_change_backing_file(parent, filename,
1239 base->drv ? base->drv->format_name : "",
1240 false);
1241 if (ret < 0) {
1242 error_setg_errno(errp, -ret, "Could not update backing file link");
1245 if (read_only) {
1246 bdrv_reopen_set_read_only(parent, true, NULL);
1249 return ret;
1253 * Returns the options and flags that a generic child of a BDS should
1254 * get, based on the given options and flags for the parent BDS.
1256 static void bdrv_inherited_options(BdrvChildRole role, bool parent_is_format,
1257 int *child_flags, QDict *child_options,
1258 int parent_flags, QDict *parent_options)
1260 int flags = parent_flags;
1263 * First, decide whether to set, clear, or leave BDRV_O_PROTOCOL.
1264 * Generally, the question to answer is: Should this child be
1265 * format-probed by default?
1269 * Pure and non-filtered data children of non-format nodes should
1270 * be probed by default (even when the node itself has BDRV_O_PROTOCOL
1271 * set). This only affects a very limited set of drivers (namely
1272 * quorum and blkverify when this comment was written).
1273 * Force-clear BDRV_O_PROTOCOL then.
1275 if (!parent_is_format &&
1276 (role & BDRV_CHILD_DATA) &&
1277 !(role & (BDRV_CHILD_METADATA | BDRV_CHILD_FILTERED)))
1279 flags &= ~BDRV_O_PROTOCOL;
1283 * All children of format nodes (except for COW children) and all
1284 * metadata children in general should never be format-probed.
1285 * Force-set BDRV_O_PROTOCOL then.
1287 if ((parent_is_format && !(role & BDRV_CHILD_COW)) ||
1288 (role & BDRV_CHILD_METADATA))
1290 flags |= BDRV_O_PROTOCOL;
1294 * If the cache mode isn't explicitly set, inherit direct and no-flush from
1295 * the parent.
1297 qdict_copy_default(child_options, parent_options, BDRV_OPT_CACHE_DIRECT);
1298 qdict_copy_default(child_options, parent_options, BDRV_OPT_CACHE_NO_FLUSH);
1299 qdict_copy_default(child_options, parent_options, BDRV_OPT_FORCE_SHARE);
1301 if (role & BDRV_CHILD_COW) {
1302 /* backing files are opened read-only by default */
1303 qdict_set_default_str(child_options, BDRV_OPT_READ_ONLY, "on");
1304 qdict_set_default_str(child_options, BDRV_OPT_AUTO_READ_ONLY, "off");
1305 } else {
1306 /* Inherit the read-only option from the parent if it's not set */
1307 qdict_copy_default(child_options, parent_options, BDRV_OPT_READ_ONLY);
1308 qdict_copy_default(child_options, parent_options,
1309 BDRV_OPT_AUTO_READ_ONLY);
1313 * bdrv_co_pdiscard() respects unmap policy for the parent, so we
1314 * can default to enable it on lower layers regardless of the
1315 * parent option.
1317 qdict_set_default_str(child_options, BDRV_OPT_DISCARD, "unmap");
1319 /* Clear flags that only apply to the top layer */
1320 flags &= ~(BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING | BDRV_O_COPY_ON_READ);
1322 if (role & BDRV_CHILD_METADATA) {
1323 flags &= ~BDRV_O_NO_IO;
1325 if (role & BDRV_CHILD_COW) {
1326 flags &= ~BDRV_O_TEMPORARY;
1329 *child_flags = flags;
1332 static void bdrv_child_cb_attach(BdrvChild *child)
1334 BlockDriverState *bs = child->opaque;
1336 if (child->role & BDRV_CHILD_COW) {
1337 bdrv_backing_attach(child);
1340 bdrv_apply_subtree_drain(child, bs);
1343 static void bdrv_child_cb_detach(BdrvChild *child)
1345 BlockDriverState *bs = child->opaque;
1347 if (child->role & BDRV_CHILD_COW) {
1348 bdrv_backing_detach(child);
1351 bdrv_unapply_subtree_drain(child, bs);
1354 static int bdrv_child_cb_update_filename(BdrvChild *c, BlockDriverState *base,
1355 const char *filename, Error **errp)
1357 if (c->role & BDRV_CHILD_COW) {
1358 return bdrv_backing_update_filename(c, base, filename, errp);
1360 return 0;
1363 const BdrvChildClass child_of_bds = {
1364 .parent_is_bds = true,
1365 .get_parent_desc = bdrv_child_get_parent_desc,
1366 .inherit_options = bdrv_inherited_options,
1367 .drained_begin = bdrv_child_cb_drained_begin,
1368 .drained_poll = bdrv_child_cb_drained_poll,
1369 .drained_end = bdrv_child_cb_drained_end,
1370 .attach = bdrv_child_cb_attach,
1371 .detach = bdrv_child_cb_detach,
1372 .inactivate = bdrv_child_cb_inactivate,
1373 .can_set_aio_ctx = bdrv_child_cb_can_set_aio_ctx,
1374 .set_aio_ctx = bdrv_child_cb_set_aio_ctx,
1375 .update_filename = bdrv_child_cb_update_filename,
1378 static int bdrv_open_flags(BlockDriverState *bs, int flags)
1380 int open_flags = flags;
1383 * Clear flags that are internal to the block layer before opening the
1384 * image.
1386 open_flags &= ~(BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING | BDRV_O_PROTOCOL);
1388 return open_flags;
1391 static void update_flags_from_options(int *flags, QemuOpts *opts)
1393 *flags &= ~(BDRV_O_CACHE_MASK | BDRV_O_RDWR | BDRV_O_AUTO_RDONLY);
1395 if (qemu_opt_get_bool_del(opts, BDRV_OPT_CACHE_NO_FLUSH, false)) {
1396 *flags |= BDRV_O_NO_FLUSH;
1399 if (qemu_opt_get_bool_del(opts, BDRV_OPT_CACHE_DIRECT, false)) {
1400 *flags |= BDRV_O_NOCACHE;
1403 if (!qemu_opt_get_bool_del(opts, BDRV_OPT_READ_ONLY, false)) {
1404 *flags |= BDRV_O_RDWR;
1407 if (qemu_opt_get_bool_del(opts, BDRV_OPT_AUTO_READ_ONLY, false)) {
1408 *flags |= BDRV_O_AUTO_RDONLY;
1412 static void update_options_from_flags(QDict *options, int flags)
1414 if (!qdict_haskey(options, BDRV_OPT_CACHE_DIRECT)) {
1415 qdict_put_bool(options, BDRV_OPT_CACHE_DIRECT, flags & BDRV_O_NOCACHE);
1417 if (!qdict_haskey(options, BDRV_OPT_CACHE_NO_FLUSH)) {
1418 qdict_put_bool(options, BDRV_OPT_CACHE_NO_FLUSH,
1419 flags & BDRV_O_NO_FLUSH);
1421 if (!qdict_haskey(options, BDRV_OPT_READ_ONLY)) {
1422 qdict_put_bool(options, BDRV_OPT_READ_ONLY, !(flags & BDRV_O_RDWR));
1424 if (!qdict_haskey(options, BDRV_OPT_AUTO_READ_ONLY)) {
1425 qdict_put_bool(options, BDRV_OPT_AUTO_READ_ONLY,
1426 flags & BDRV_O_AUTO_RDONLY);
1430 static void bdrv_assign_node_name(BlockDriverState *bs,
1431 const char *node_name,
1432 Error **errp)
1434 char *gen_node_name = NULL;
1436 if (!node_name) {
1437 node_name = gen_node_name = id_generate(ID_BLOCK);
1438 } else if (!id_wellformed(node_name)) {
1440 * Check for empty string or invalid characters, but not if it is
1441 * generated (generated names use characters not available to the user)
1443 error_setg(errp, "Invalid node-name: '%s'", node_name);
1444 return;
1447 /* takes care of avoiding namespaces collisions */
1448 if (blk_by_name(node_name)) {
1449 error_setg(errp, "node-name=%s is conflicting with a device id",
1450 node_name);
1451 goto out;
1454 /* takes care of avoiding duplicates node names */
1455 if (bdrv_find_node(node_name)) {
1456 error_setg(errp, "Duplicate nodes with node-name='%s'", node_name);
1457 goto out;
1460 /* Make sure that the node name isn't truncated */
1461 if (strlen(node_name) >= sizeof(bs->node_name)) {
1462 error_setg(errp, "Node name too long");
1463 goto out;
1466 /* copy node name into the bs and insert it into the graph list */
1467 pstrcpy(bs->node_name, sizeof(bs->node_name), node_name);
1468 QTAILQ_INSERT_TAIL(&graph_bdrv_states, bs, node_list);
1469 out:
1470 g_free(gen_node_name);
1473 static int bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv,
1474 const char *node_name, QDict *options,
1475 int open_flags, Error **errp)
1477 Error *local_err = NULL;
1478 int i, ret;
1480 bdrv_assign_node_name(bs, node_name, &local_err);
1481 if (local_err) {
1482 error_propagate(errp, local_err);
1483 return -EINVAL;
1486 bs->drv = drv;
1487 bs->read_only = !(bs->open_flags & BDRV_O_RDWR);
1488 bs->opaque = g_malloc0(drv->instance_size);
1490 if (drv->bdrv_file_open) {
1491 assert(!drv->bdrv_needs_filename || bs->filename[0]);
1492 ret = drv->bdrv_file_open(bs, options, open_flags, &local_err);
1493 } else if (drv->bdrv_open) {
1494 ret = drv->bdrv_open(bs, options, open_flags, &local_err);
1495 } else {
1496 ret = 0;
1499 if (ret < 0) {
1500 if (local_err) {
1501 error_propagate(errp, local_err);
1502 } else if (bs->filename[0]) {
1503 error_setg_errno(errp, -ret, "Could not open '%s'", bs->filename);
1504 } else {
1505 error_setg_errno(errp, -ret, "Could not open image");
1507 goto open_failed;
1510 ret = refresh_total_sectors(bs, bs->total_sectors);
1511 if (ret < 0) {
1512 error_setg_errno(errp, -ret, "Could not refresh total sector count");
1513 return ret;
1516 bdrv_refresh_limits(bs, &local_err);
1517 if (local_err) {
1518 error_propagate(errp, local_err);
1519 return -EINVAL;
1522 assert(bdrv_opt_mem_align(bs) != 0);
1523 assert(bdrv_min_mem_align(bs) != 0);
1524 assert(is_power_of_2(bs->bl.request_alignment));
1526 for (i = 0; i < bs->quiesce_counter; i++) {
1527 if (drv->bdrv_co_drain_begin) {
1528 drv->bdrv_co_drain_begin(bs);
1532 return 0;
1533 open_failed:
1534 bs->drv = NULL;
1535 if (bs->file != NULL) {
1536 bdrv_unref_child(bs, bs->file);
1537 bs->file = NULL;
1539 g_free(bs->opaque);
1540 bs->opaque = NULL;
1541 return ret;
1544 BlockDriverState *bdrv_new_open_driver(BlockDriver *drv, const char *node_name,
1545 int flags, Error **errp)
1547 BlockDriverState *bs;
1548 int ret;
1550 bs = bdrv_new();
1551 bs->open_flags = flags;
1552 bs->explicit_options = qdict_new();
1553 bs->options = qdict_new();
1554 bs->opaque = NULL;
1556 update_options_from_flags(bs->options, flags);
1558 ret = bdrv_open_driver(bs, drv, node_name, bs->options, flags, errp);
1559 if (ret < 0) {
1560 qobject_unref(bs->explicit_options);
1561 bs->explicit_options = NULL;
1562 qobject_unref(bs->options);
1563 bs->options = NULL;
1564 bdrv_unref(bs);
1565 return NULL;
1568 return bs;
1571 QemuOptsList bdrv_runtime_opts = {
1572 .name = "bdrv_common",
1573 .head = QTAILQ_HEAD_INITIALIZER(bdrv_runtime_opts.head),
1574 .desc = {
1576 .name = "node-name",
1577 .type = QEMU_OPT_STRING,
1578 .help = "Node name of the block device node",
1581 .name = "driver",
1582 .type = QEMU_OPT_STRING,
1583 .help = "Block driver to use for the node",
1586 .name = BDRV_OPT_CACHE_DIRECT,
1587 .type = QEMU_OPT_BOOL,
1588 .help = "Bypass software writeback cache on the host",
1591 .name = BDRV_OPT_CACHE_NO_FLUSH,
1592 .type = QEMU_OPT_BOOL,
1593 .help = "Ignore flush requests",
1596 .name = BDRV_OPT_READ_ONLY,
1597 .type = QEMU_OPT_BOOL,
1598 .help = "Node is opened in read-only mode",
1601 .name = BDRV_OPT_AUTO_READ_ONLY,
1602 .type = QEMU_OPT_BOOL,
1603 .help = "Node can become read-only if opening read-write fails",
1606 .name = "detect-zeroes",
1607 .type = QEMU_OPT_STRING,
1608 .help = "try to optimize zero writes (off, on, unmap)",
1611 .name = BDRV_OPT_DISCARD,
1612 .type = QEMU_OPT_STRING,
1613 .help = "discard operation (ignore/off, unmap/on)",
1616 .name = BDRV_OPT_FORCE_SHARE,
1617 .type = QEMU_OPT_BOOL,
1618 .help = "always accept other writers (default: off)",
1620 { /* end of list */ }
1624 QemuOptsList bdrv_create_opts_simple = {
1625 .name = "simple-create-opts",
1626 .head = QTAILQ_HEAD_INITIALIZER(bdrv_create_opts_simple.head),
1627 .desc = {
1629 .name = BLOCK_OPT_SIZE,
1630 .type = QEMU_OPT_SIZE,
1631 .help = "Virtual disk size"
1634 .name = BLOCK_OPT_PREALLOC,
1635 .type = QEMU_OPT_STRING,
1636 .help = "Preallocation mode (allowed values: off)"
1638 { /* end of list */ }
1643 * Common part for opening disk images and files
1645 * Removes all processed options from *options.
1647 static int bdrv_open_common(BlockDriverState *bs, BlockBackend *file,
1648 QDict *options, Error **errp)
1650 int ret, open_flags;
1651 const char *filename;
1652 const char *driver_name = NULL;
1653 const char *node_name = NULL;
1654 const char *discard;
1655 QemuOpts *opts;
1656 BlockDriver *drv;
1657 Error *local_err = NULL;
1659 assert(bs->file == NULL);
1660 assert(options != NULL && bs->options != options);
1662 opts = qemu_opts_create(&bdrv_runtime_opts, NULL, 0, &error_abort);
1663 if (!qemu_opts_absorb_qdict(opts, options, errp)) {
1664 ret = -EINVAL;
1665 goto fail_opts;
1668 update_flags_from_options(&bs->open_flags, opts);
1670 driver_name = qemu_opt_get(opts, "driver");
1671 drv = bdrv_find_format(driver_name);
1672 assert(drv != NULL);
1674 bs->force_share = qemu_opt_get_bool(opts, BDRV_OPT_FORCE_SHARE, false);
1676 if (bs->force_share && (bs->open_flags & BDRV_O_RDWR)) {
1677 error_setg(errp,
1678 BDRV_OPT_FORCE_SHARE
1679 "=on can only be used with read-only images");
1680 ret = -EINVAL;
1681 goto fail_opts;
1684 if (file != NULL) {
1685 bdrv_refresh_filename(blk_bs(file));
1686 filename = blk_bs(file)->filename;
1687 } else {
1689 * Caution: while qdict_get_try_str() is fine, getting
1690 * non-string types would require more care. When @options
1691 * come from -blockdev or blockdev_add, its members are typed
1692 * according to the QAPI schema, but when they come from
1693 * -drive, they're all QString.
1695 filename = qdict_get_try_str(options, "filename");
1698 if (drv->bdrv_needs_filename && (!filename || !filename[0])) {
1699 error_setg(errp, "The '%s' block driver requires a file name",
1700 drv->format_name);
1701 ret = -EINVAL;
1702 goto fail_opts;
1705 trace_bdrv_open_common(bs, filename ?: "", bs->open_flags,
1706 drv->format_name);
1708 bs->read_only = !(bs->open_flags & BDRV_O_RDWR);
1710 if (use_bdrv_whitelist && !bdrv_is_whitelisted(drv, bs->read_only)) {
1711 if (!bs->read_only && bdrv_is_whitelisted(drv, true)) {
1712 ret = bdrv_apply_auto_read_only(bs, NULL, NULL);
1713 } else {
1714 ret = -ENOTSUP;
1716 if (ret < 0) {
1717 error_setg(errp,
1718 !bs->read_only && bdrv_is_whitelisted(drv, true)
1719 ? "Driver '%s' can only be used for read-only devices"
1720 : "Driver '%s' is not whitelisted",
1721 drv->format_name);
1722 goto fail_opts;
1726 /* bdrv_new() and bdrv_close() make it so */
1727 assert(qatomic_read(&bs->copy_on_read) == 0);
1729 if (bs->open_flags & BDRV_O_COPY_ON_READ) {
1730 if (!bs->read_only) {
1731 bdrv_enable_copy_on_read(bs);
1732 } else {
1733 error_setg(errp, "Can't use copy-on-read on read-only device");
1734 ret = -EINVAL;
1735 goto fail_opts;
1739 discard = qemu_opt_get(opts, BDRV_OPT_DISCARD);
1740 if (discard != NULL) {
1741 if (bdrv_parse_discard_flags(discard, &bs->open_flags) != 0) {
1742 error_setg(errp, "Invalid discard option");
1743 ret = -EINVAL;
1744 goto fail_opts;
1748 bs->detect_zeroes =
1749 bdrv_parse_detect_zeroes(opts, bs->open_flags, &local_err);
1750 if (local_err) {
1751 error_propagate(errp, local_err);
1752 ret = -EINVAL;
1753 goto fail_opts;
1756 if (filename != NULL) {
1757 pstrcpy(bs->filename, sizeof(bs->filename), filename);
1758 } else {
1759 bs->filename[0] = '\0';
1761 pstrcpy(bs->exact_filename, sizeof(bs->exact_filename), bs->filename);
1763 /* Open the image, either directly or using a protocol */
1764 open_flags = bdrv_open_flags(bs, bs->open_flags);
1765 node_name = qemu_opt_get(opts, "node-name");
1767 assert(!drv->bdrv_file_open || file == NULL);
1768 ret = bdrv_open_driver(bs, drv, node_name, options, open_flags, errp);
1769 if (ret < 0) {
1770 goto fail_opts;
1773 qemu_opts_del(opts);
1774 return 0;
1776 fail_opts:
1777 qemu_opts_del(opts);
1778 return ret;
1781 static QDict *parse_json_filename(const char *filename, Error **errp)
1783 QObject *options_obj;
1784 QDict *options;
1785 int ret;
1787 ret = strstart(filename, "json:", &filename);
1788 assert(ret);
1790 options_obj = qobject_from_json(filename, errp);
1791 if (!options_obj) {
1792 error_prepend(errp, "Could not parse the JSON options: ");
1793 return NULL;
1796 options = qobject_to(QDict, options_obj);
1797 if (!options) {
1798 qobject_unref(options_obj);
1799 error_setg(errp, "Invalid JSON object given");
1800 return NULL;
1803 qdict_flatten(options);
1805 return options;
1808 static void parse_json_protocol(QDict *options, const char **pfilename,
1809 Error **errp)
1811 QDict *json_options;
1812 Error *local_err = NULL;
1814 /* Parse json: pseudo-protocol */
1815 if (!*pfilename || !g_str_has_prefix(*pfilename, "json:")) {
1816 return;
1819 json_options = parse_json_filename(*pfilename, &local_err);
1820 if (local_err) {
1821 error_propagate(errp, local_err);
1822 return;
1825 /* Options given in the filename have lower priority than options
1826 * specified directly */
1827 qdict_join(options, json_options, false);
1828 qobject_unref(json_options);
1829 *pfilename = NULL;
1833 * Fills in default options for opening images and converts the legacy
1834 * filename/flags pair to option QDict entries.
1835 * The BDRV_O_PROTOCOL flag in *flags will be set or cleared accordingly if a
1836 * block driver has been specified explicitly.
1838 static int bdrv_fill_options(QDict **options, const char *filename,
1839 int *flags, Error **errp)
1841 const char *drvname;
1842 bool protocol = *flags & BDRV_O_PROTOCOL;
1843 bool parse_filename = false;
1844 BlockDriver *drv = NULL;
1845 Error *local_err = NULL;
1848 * Caution: while qdict_get_try_str() is fine, getting non-string
1849 * types would require more care. When @options come from
1850 * -blockdev or blockdev_add, its members are typed according to
1851 * the QAPI schema, but when they come from -drive, they're all
1852 * QString.
1854 drvname = qdict_get_try_str(*options, "driver");
1855 if (drvname) {
1856 drv = bdrv_find_format(drvname);
1857 if (!drv) {
1858 error_setg(errp, "Unknown driver '%s'", drvname);
1859 return -ENOENT;
1861 /* If the user has explicitly specified the driver, this choice should
1862 * override the BDRV_O_PROTOCOL flag */
1863 protocol = drv->bdrv_file_open;
1866 if (protocol) {
1867 *flags |= BDRV_O_PROTOCOL;
1868 } else {
1869 *flags &= ~BDRV_O_PROTOCOL;
1872 /* Translate cache options from flags into options */
1873 update_options_from_flags(*options, *flags);
1875 /* Fetch the file name from the options QDict if necessary */
1876 if (protocol && filename) {
1877 if (!qdict_haskey(*options, "filename")) {
1878 qdict_put_str(*options, "filename", filename);
1879 parse_filename = true;
1880 } else {
1881 error_setg(errp, "Can't specify 'file' and 'filename' options at "
1882 "the same time");
1883 return -EINVAL;
1887 /* Find the right block driver */
1888 /* See cautionary note on accessing @options above */
1889 filename = qdict_get_try_str(*options, "filename");
1891 if (!drvname && protocol) {
1892 if (filename) {
1893 drv = bdrv_find_protocol(filename, parse_filename, errp);
1894 if (!drv) {
1895 return -EINVAL;
1898 drvname = drv->format_name;
1899 qdict_put_str(*options, "driver", drvname);
1900 } else {
1901 error_setg(errp, "Must specify either driver or file");
1902 return -EINVAL;
1906 assert(drv || !protocol);
1908 /* Driver-specific filename parsing */
1909 if (drv && drv->bdrv_parse_filename && parse_filename) {
1910 drv->bdrv_parse_filename(filename, *options, &local_err);
1911 if (local_err) {
1912 error_propagate(errp, local_err);
1913 return -EINVAL;
1916 if (!drv->bdrv_needs_filename) {
1917 qdict_del(*options, "filename");
1921 return 0;
1924 static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q,
1925 uint64_t perm, uint64_t shared,
1926 GSList *ignore_children, Error **errp);
1927 static void bdrv_child_abort_perm_update(BdrvChild *c);
1928 static void bdrv_child_set_perm(BdrvChild *c);
1930 typedef struct BlockReopenQueueEntry {
1931 bool prepared;
1932 bool perms_checked;
1933 BDRVReopenState state;
1934 QTAILQ_ENTRY(BlockReopenQueueEntry) entry;
1935 } BlockReopenQueueEntry;
1938 * Return the flags that @bs will have after the reopens in @q have
1939 * successfully completed. If @q is NULL (or @bs is not contained in @q),
1940 * return the current flags.
1942 static int bdrv_reopen_get_flags(BlockReopenQueue *q, BlockDriverState *bs)
1944 BlockReopenQueueEntry *entry;
1946 if (q != NULL) {
1947 QTAILQ_FOREACH(entry, q, entry) {
1948 if (entry->state.bs == bs) {
1949 return entry->state.flags;
1954 return bs->open_flags;
1957 /* Returns whether the image file can be written to after the reopen queue @q
1958 * has been successfully applied, or right now if @q is NULL. */
1959 static bool bdrv_is_writable_after_reopen(BlockDriverState *bs,
1960 BlockReopenQueue *q)
1962 int flags = bdrv_reopen_get_flags(q, bs);
1964 return (flags & (BDRV_O_RDWR | BDRV_O_INACTIVE)) == BDRV_O_RDWR;
1968 * Return whether the BDS can be written to. This is not necessarily
1969 * the same as !bdrv_is_read_only(bs), as inactivated images may not
1970 * be written to but do not count as read-only images.
1972 bool bdrv_is_writable(BlockDriverState *bs)
1974 return bdrv_is_writable_after_reopen(bs, NULL);
1977 static void bdrv_child_perm(BlockDriverState *bs, BlockDriverState *child_bs,
1978 BdrvChild *c, BdrvChildRole role,
1979 BlockReopenQueue *reopen_queue,
1980 uint64_t parent_perm, uint64_t parent_shared,
1981 uint64_t *nperm, uint64_t *nshared)
1983 assert(bs->drv && bs->drv->bdrv_child_perm);
1984 bs->drv->bdrv_child_perm(bs, c, role, reopen_queue,
1985 parent_perm, parent_shared,
1986 nperm, nshared);
1987 /* TODO Take force_share from reopen_queue */
1988 if (child_bs && child_bs->force_share) {
1989 *nshared = BLK_PERM_ALL;
1994 * Check whether permissions on this node can be changed in a way that
1995 * @cumulative_perms and @cumulative_shared_perms are the new cumulative
1996 * permissions of all its parents. This involves checking whether all necessary
1997 * permission changes to child nodes can be performed.
1999 * A call to this function must always be followed by a call to bdrv_set_perm()
2000 * or bdrv_abort_perm_update().
2002 static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
2003 uint64_t cumulative_perms,
2004 uint64_t cumulative_shared_perms,
2005 GSList *ignore_children, Error **errp)
2007 BlockDriver *drv = bs->drv;
2008 BdrvChild *c;
2009 int ret;
2011 /* Write permissions never work with read-only images */
2012 if ((cumulative_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) &&
2013 !bdrv_is_writable_after_reopen(bs, q))
2015 if (!bdrv_is_writable_after_reopen(bs, NULL)) {
2016 error_setg(errp, "Block node is read-only");
2017 } else {
2018 uint64_t current_perms, current_shared;
2019 bdrv_get_cumulative_perm(bs, &current_perms, &current_shared);
2020 if (current_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) {
2021 error_setg(errp, "Cannot make block node read-only, there is "
2022 "a writer on it");
2023 } else {
2024 error_setg(errp, "Cannot make block node read-only and create "
2025 "a writer on it");
2029 return -EPERM;
2033 * Unaligned requests will automatically be aligned to bl.request_alignment
2034 * and without RESIZE we can't extend requests to write to space beyond the
2035 * end of the image, so it's required that the image size is aligned.
2037 if ((cumulative_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) &&
2038 !(cumulative_perms & BLK_PERM_RESIZE))
2040 if ((bs->total_sectors * BDRV_SECTOR_SIZE) % bs->bl.request_alignment) {
2041 error_setg(errp, "Cannot get 'write' permission without 'resize': "
2042 "Image size is not a multiple of request "
2043 "alignment");
2044 return -EPERM;
2048 /* Check this node */
2049 if (!drv) {
2050 return 0;
2053 if (drv->bdrv_check_perm) {
2054 ret = drv->bdrv_check_perm(bs, cumulative_perms,
2055 cumulative_shared_perms, errp);
2056 if (ret < 0) {
2057 return ret;
2061 /* Drivers that never have children can omit .bdrv_child_perm() */
2062 if (!drv->bdrv_child_perm) {
2063 assert(QLIST_EMPTY(&bs->children));
2064 return 0;
2067 /* Check all children */
2068 QLIST_FOREACH(c, &bs->children, next) {
2069 uint64_t cur_perm, cur_shared;
2071 bdrv_child_perm(bs, c->bs, c, c->role, q,
2072 cumulative_perms, cumulative_shared_perms,
2073 &cur_perm, &cur_shared);
2074 ret = bdrv_child_check_perm(c, q, cur_perm, cur_shared, ignore_children,
2075 errp);
2076 if (ret < 0) {
2077 return ret;
2081 return 0;
2085 * Notifies drivers that after a previous bdrv_check_perm() call, the
2086 * permission update is not performed and any preparations made for it (e.g.
2087 * taken file locks) need to be undone.
2089 * This function recursively notifies all child nodes.
2091 static void bdrv_abort_perm_update(BlockDriverState *bs)
2093 BlockDriver *drv = bs->drv;
2094 BdrvChild *c;
2096 if (!drv) {
2097 return;
2100 if (drv->bdrv_abort_perm_update) {
2101 drv->bdrv_abort_perm_update(bs);
2104 QLIST_FOREACH(c, &bs->children, next) {
2105 bdrv_child_abort_perm_update(c);
2109 static void bdrv_set_perm(BlockDriverState *bs)
2111 uint64_t cumulative_perms, cumulative_shared_perms;
2112 BlockDriver *drv = bs->drv;
2113 BdrvChild *c;
2115 if (!drv) {
2116 return;
2119 bdrv_get_cumulative_perm(bs, &cumulative_perms, &cumulative_shared_perms);
2121 /* Update this node */
2122 if (drv->bdrv_set_perm) {
2123 drv->bdrv_set_perm(bs, cumulative_perms, cumulative_shared_perms);
2126 /* Drivers that never have children can omit .bdrv_child_perm() */
2127 if (!drv->bdrv_child_perm) {
2128 assert(QLIST_EMPTY(&bs->children));
2129 return;
2132 /* Update all children */
2133 QLIST_FOREACH(c, &bs->children, next) {
2134 bdrv_child_set_perm(c);
2138 void bdrv_get_cumulative_perm(BlockDriverState *bs, uint64_t *perm,
2139 uint64_t *shared_perm)
2141 BdrvChild *c;
2142 uint64_t cumulative_perms = 0;
2143 uint64_t cumulative_shared_perms = BLK_PERM_ALL;
2145 QLIST_FOREACH(c, &bs->parents, next_parent) {
2146 cumulative_perms |= c->perm;
2147 cumulative_shared_perms &= c->shared_perm;
2150 *perm = cumulative_perms;
2151 *shared_perm = cumulative_shared_perms;
2154 static char *bdrv_child_user_desc(BdrvChild *c)
2156 if (c->klass->get_parent_desc) {
2157 return c->klass->get_parent_desc(c);
2160 return g_strdup("another user");
2163 char *bdrv_perm_names(uint64_t perm)
2165 struct perm_name {
2166 uint64_t perm;
2167 const char *name;
2168 } permissions[] = {
2169 { BLK_PERM_CONSISTENT_READ, "consistent read" },
2170 { BLK_PERM_WRITE, "write" },
2171 { BLK_PERM_WRITE_UNCHANGED, "write unchanged" },
2172 { BLK_PERM_RESIZE, "resize" },
2173 { BLK_PERM_GRAPH_MOD, "change children" },
2174 { 0, NULL }
2177 GString *result = g_string_sized_new(30);
2178 struct perm_name *p;
2180 for (p = permissions; p->name; p++) {
2181 if (perm & p->perm) {
2182 if (result->len > 0) {
2183 g_string_append(result, ", ");
2185 g_string_append(result, p->name);
2189 return g_string_free(result, FALSE);
2193 * Checks whether a new reference to @bs can be added if the new user requires
2194 * @new_used_perm/@new_shared_perm as its permissions. If @ignore_children is
2195 * set, the BdrvChild objects in this list are ignored in the calculations;
2196 * this allows checking permission updates for an existing reference.
2198 * Needs to be followed by a call to either bdrv_set_perm() or
2199 * bdrv_abort_perm_update(). */
2200 static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
2201 uint64_t new_used_perm,
2202 uint64_t new_shared_perm,
2203 GSList *ignore_children,
2204 Error **errp)
2206 BdrvChild *c;
2207 uint64_t cumulative_perms = new_used_perm;
2208 uint64_t cumulative_shared_perms = new_shared_perm;
2211 /* There is no reason why anyone couldn't tolerate write_unchanged */
2212 assert(new_shared_perm & BLK_PERM_WRITE_UNCHANGED);
2214 QLIST_FOREACH(c, &bs->parents, next_parent) {
2215 if (g_slist_find(ignore_children, c)) {
2216 continue;
2219 if ((new_used_perm & c->shared_perm) != new_used_perm) {
2220 char *user = bdrv_child_user_desc(c);
2221 char *perm_names = bdrv_perm_names(new_used_perm & ~c->shared_perm);
2223 error_setg(errp, "Conflicts with use by %s as '%s', which does not "
2224 "allow '%s' on %s",
2225 user, c->name, perm_names, bdrv_get_node_name(c->bs));
2226 g_free(user);
2227 g_free(perm_names);
2228 return -EPERM;
2231 if ((c->perm & new_shared_perm) != c->perm) {
2232 char *user = bdrv_child_user_desc(c);
2233 char *perm_names = bdrv_perm_names(c->perm & ~new_shared_perm);
2235 error_setg(errp, "Conflicts with use by %s as '%s', which uses "
2236 "'%s' on %s",
2237 user, c->name, perm_names, bdrv_get_node_name(c->bs));
2238 g_free(user);
2239 g_free(perm_names);
2240 return -EPERM;
2243 cumulative_perms |= c->perm;
2244 cumulative_shared_perms &= c->shared_perm;
2247 return bdrv_check_perm(bs, q, cumulative_perms, cumulative_shared_perms,
2248 ignore_children, errp);
2251 /* Needs to be followed by a call to either bdrv_child_set_perm() or
2252 * bdrv_child_abort_perm_update(). */
2253 static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q,
2254 uint64_t perm, uint64_t shared,
2255 GSList *ignore_children, Error **errp)
2257 int ret;
2259 ignore_children = g_slist_prepend(g_slist_copy(ignore_children), c);
2260 ret = bdrv_check_update_perm(c->bs, q, perm, shared, ignore_children, errp);
2261 g_slist_free(ignore_children);
2263 if (ret < 0) {
2264 return ret;
2267 if (!c->has_backup_perm) {
2268 c->has_backup_perm = true;
2269 c->backup_perm = c->perm;
2270 c->backup_shared_perm = c->shared_perm;
2273 * Note: it's OK if c->has_backup_perm was already set, as we can find the
2274 * same child twice during check_perm procedure
2277 c->perm = perm;
2278 c->shared_perm = shared;
2280 return 0;
2283 static void bdrv_child_set_perm(BdrvChild *c)
2285 c->has_backup_perm = false;
2287 bdrv_set_perm(c->bs);
2290 static void bdrv_child_abort_perm_update(BdrvChild *c)
2292 if (c->has_backup_perm) {
2293 c->perm = c->backup_perm;
2294 c->shared_perm = c->backup_shared_perm;
2295 c->has_backup_perm = false;
2298 bdrv_abort_perm_update(c->bs);
2301 static int bdrv_refresh_perms(BlockDriverState *bs, Error **errp)
2303 int ret;
2304 uint64_t perm, shared_perm;
2306 bdrv_get_cumulative_perm(bs, &perm, &shared_perm);
2307 ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, errp);
2308 if (ret < 0) {
2309 bdrv_abort_perm_update(bs);
2310 return ret;
2312 bdrv_set_perm(bs);
2314 return 0;
2317 int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
2318 Error **errp)
2320 Error *local_err = NULL;
2321 int ret;
2323 ret = bdrv_child_check_perm(c, NULL, perm, shared, NULL, &local_err);
2324 if (ret < 0) {
2325 bdrv_child_abort_perm_update(c);
2326 if ((perm & ~c->perm) || (c->shared_perm & ~shared)) {
2327 /* tighten permissions */
2328 error_propagate(errp, local_err);
2329 } else {
2331 * Our caller may intend to only loosen restrictions and
2332 * does not expect this function to fail. Errors are not
2333 * fatal in such a case, so we can just hide them from our
2334 * caller.
2336 error_free(local_err);
2337 ret = 0;
2339 return ret;
2342 bdrv_child_set_perm(c);
2344 return 0;
2347 int bdrv_child_refresh_perms(BlockDriverState *bs, BdrvChild *c, Error **errp)
2349 uint64_t parent_perms, parent_shared;
2350 uint64_t perms, shared;
2352 bdrv_get_cumulative_perm(bs, &parent_perms, &parent_shared);
2353 bdrv_child_perm(bs, c->bs, c, c->role, NULL,
2354 parent_perms, parent_shared, &perms, &shared);
2356 return bdrv_child_try_set_perm(c, perms, shared, errp);
2360 * Default implementation for .bdrv_child_perm() for block filters:
2361 * Forward CONSISTENT_READ, WRITE, WRITE_UNCHANGED, and RESIZE to the
2362 * filtered child.
2364 static void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
2365 BdrvChildRole role,
2366 BlockReopenQueue *reopen_queue,
2367 uint64_t perm, uint64_t shared,
2368 uint64_t *nperm, uint64_t *nshared)
2370 *nperm = perm & DEFAULT_PERM_PASSTHROUGH;
2371 *nshared = (shared & DEFAULT_PERM_PASSTHROUGH) | DEFAULT_PERM_UNCHANGED;
2374 static void bdrv_default_perms_for_cow(BlockDriverState *bs, BdrvChild *c,
2375 BdrvChildRole role,
2376 BlockReopenQueue *reopen_queue,
2377 uint64_t perm, uint64_t shared,
2378 uint64_t *nperm, uint64_t *nshared)
2380 assert(role & BDRV_CHILD_COW);
2383 * We want consistent read from backing files if the parent needs it.
2384 * No other operations are performed on backing files.
2386 perm &= BLK_PERM_CONSISTENT_READ;
2389 * If the parent can deal with changing data, we're okay with a
2390 * writable and resizable backing file.
2391 * TODO Require !(perm & BLK_PERM_CONSISTENT_READ), too?
2393 if (shared & BLK_PERM_WRITE) {
2394 shared = BLK_PERM_WRITE | BLK_PERM_RESIZE;
2395 } else {
2396 shared = 0;
2399 shared |= BLK_PERM_CONSISTENT_READ | BLK_PERM_GRAPH_MOD |
2400 BLK_PERM_WRITE_UNCHANGED;
2402 if (bs->open_flags & BDRV_O_INACTIVE) {
2403 shared |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
2406 *nperm = perm;
2407 *nshared = shared;
2410 static void bdrv_default_perms_for_storage(BlockDriverState *bs, BdrvChild *c,
2411 BdrvChildRole role,
2412 BlockReopenQueue *reopen_queue,
2413 uint64_t perm, uint64_t shared,
2414 uint64_t *nperm, uint64_t *nshared)
2416 int flags;
2418 assert(role & (BDRV_CHILD_METADATA | BDRV_CHILD_DATA));
2420 flags = bdrv_reopen_get_flags(reopen_queue, bs);
2423 * Apart from the modifications below, the same permissions are
2424 * forwarded and left alone as for filters
2426 bdrv_filter_default_perms(bs, c, role, reopen_queue,
2427 perm, shared, &perm, &shared);
2429 if (role & BDRV_CHILD_METADATA) {
2430 /* Format drivers may touch metadata even if the guest doesn't write */
2431 if (bdrv_is_writable_after_reopen(bs, reopen_queue)) {
2432 perm |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
2436 * bs->file always needs to be consistent because of the
2437 * metadata. We can never allow other users to resize or write
2438 * to it.
2440 if (!(flags & BDRV_O_NO_IO)) {
2441 perm |= BLK_PERM_CONSISTENT_READ;
2443 shared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
2446 if (role & BDRV_CHILD_DATA) {
2448 * Technically, everything in this block is a subset of the
2449 * BDRV_CHILD_METADATA path taken above, and so this could
2450 * be an "else if" branch. However, that is not obvious, and
2451 * this function is not performance critical, therefore we let
2452 * this be an independent "if".
2456 * We cannot allow other users to resize the file because the
2457 * format driver might have some assumptions about the size
2458 * (e.g. because it is stored in metadata, or because the file
2459 * is split into fixed-size data files).
2461 shared &= ~BLK_PERM_RESIZE;
2464 * WRITE_UNCHANGED often cannot be performed as such on the
2465 * data file. For example, the qcow2 driver may still need to
2466 * write copied clusters on copy-on-read.
2468 if (perm & BLK_PERM_WRITE_UNCHANGED) {
2469 perm |= BLK_PERM_WRITE;
2473 * If the data file is written to, the format driver may
2474 * expect to be able to resize it by writing beyond the EOF.
2476 if (perm & BLK_PERM_WRITE) {
2477 perm |= BLK_PERM_RESIZE;
2481 if (bs->open_flags & BDRV_O_INACTIVE) {
2482 shared |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
2485 *nperm = perm;
2486 *nshared = shared;
2489 void bdrv_default_perms(BlockDriverState *bs, BdrvChild *c,
2490 BdrvChildRole role, BlockReopenQueue *reopen_queue,
2491 uint64_t perm, uint64_t shared,
2492 uint64_t *nperm, uint64_t *nshared)
2494 if (role & BDRV_CHILD_FILTERED) {
2495 assert(!(role & (BDRV_CHILD_DATA | BDRV_CHILD_METADATA |
2496 BDRV_CHILD_COW)));
2497 bdrv_filter_default_perms(bs, c, role, reopen_queue,
2498 perm, shared, nperm, nshared);
2499 } else if (role & BDRV_CHILD_COW) {
2500 assert(!(role & (BDRV_CHILD_DATA | BDRV_CHILD_METADATA)));
2501 bdrv_default_perms_for_cow(bs, c, role, reopen_queue,
2502 perm, shared, nperm, nshared);
2503 } else if (role & (BDRV_CHILD_METADATA | BDRV_CHILD_DATA)) {
2504 bdrv_default_perms_for_storage(bs, c, role, reopen_queue,
2505 perm, shared, nperm, nshared);
2506 } else {
2507 g_assert_not_reached();
2511 uint64_t bdrv_qapi_perm_to_blk_perm(BlockPermission qapi_perm)
2513 static const uint64_t permissions[] = {
2514 [BLOCK_PERMISSION_CONSISTENT_READ] = BLK_PERM_CONSISTENT_READ,
2515 [BLOCK_PERMISSION_WRITE] = BLK_PERM_WRITE,
2516 [BLOCK_PERMISSION_WRITE_UNCHANGED] = BLK_PERM_WRITE_UNCHANGED,
2517 [BLOCK_PERMISSION_RESIZE] = BLK_PERM_RESIZE,
2518 [BLOCK_PERMISSION_GRAPH_MOD] = BLK_PERM_GRAPH_MOD,
2521 QEMU_BUILD_BUG_ON(ARRAY_SIZE(permissions) != BLOCK_PERMISSION__MAX);
2522 QEMU_BUILD_BUG_ON(1UL << ARRAY_SIZE(permissions) != BLK_PERM_ALL + 1);
2524 assert(qapi_perm < BLOCK_PERMISSION__MAX);
2526 return permissions[qapi_perm];
2529 static void bdrv_replace_child_noperm(BdrvChild *child,
2530 BlockDriverState *new_bs)
2532 BlockDriverState *old_bs = child->bs;
2533 int new_bs_quiesce_counter;
2534 int drain_saldo;
2536 assert(!child->frozen);
2538 if (old_bs && new_bs) {
2539 assert(bdrv_get_aio_context(old_bs) == bdrv_get_aio_context(new_bs));
2542 new_bs_quiesce_counter = (new_bs ? new_bs->quiesce_counter : 0);
2543 drain_saldo = new_bs_quiesce_counter - child->parent_quiesce_counter;
2546 * If the new child node is drained but the old one was not, flush
2547 * all outstanding requests to the old child node.
2549 while (drain_saldo > 0 && child->klass->drained_begin) {
2550 bdrv_parent_drained_begin_single(child, true);
2551 drain_saldo--;
2554 if (old_bs) {
2555 /* Detach first so that the recursive drain sections coming from @child
2556 * are already gone and we only end the drain sections that came from
2557 * elsewhere. */
2558 if (child->klass->detach) {
2559 child->klass->detach(child);
2561 QLIST_REMOVE(child, next_parent);
2564 child->bs = new_bs;
2566 if (new_bs) {
2567 QLIST_INSERT_HEAD(&new_bs->parents, child, next_parent);
2570 * Detaching the old node may have led to the new node's
2571 * quiesce_counter having been decreased. Not a problem, we
2572 * just need to recognize this here and then invoke
2573 * drained_end appropriately more often.
2575 assert(new_bs->quiesce_counter <= new_bs_quiesce_counter);
2576 drain_saldo += new_bs->quiesce_counter - new_bs_quiesce_counter;
2578 /* Attach only after starting new drained sections, so that recursive
2579 * drain sections coming from @child don't get an extra .drained_begin
2580 * callback. */
2581 if (child->klass->attach) {
2582 child->klass->attach(child);
2587 * If the old child node was drained but the new one is not, allow
2588 * requests to come in only after the new node has been attached.
2590 while (drain_saldo < 0 && child->klass->drained_end) {
2591 bdrv_parent_drained_end_single(child);
2592 drain_saldo++;
2597 * Updates @child to change its reference to point to @new_bs, including
2598 * checking and applying the necessary permission updates both to the old node
2599 * and to @new_bs.
2601 * NULL is passed as @new_bs for removing the reference before freeing @child.
2603 * If @new_bs is not NULL, bdrv_check_perm() must be called beforehand, as this
2604 * function uses bdrv_set_perm() to update the permissions according to the new
2605 * reference that @new_bs gets.
2607 * Callers must ensure that child->frozen is false.
2609 static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
2611 BlockDriverState *old_bs = child->bs;
2613 /* Asserts that child->frozen == false */
2614 bdrv_replace_child_noperm(child, new_bs);
2617 * Start with the new node's permissions. If @new_bs is a (direct
2618 * or indirect) child of @old_bs, we must complete the permission
2619 * update on @new_bs before we loosen the restrictions on @old_bs.
2620 * Otherwise, bdrv_check_perm() on @old_bs would re-initiate
2621 * updating the permissions of @new_bs, and thus not purely loosen
2622 * restrictions.
2624 if (new_bs) {
2625 bdrv_set_perm(new_bs);
2628 if (old_bs) {
2630 * Update permissions for old node. We're just taking a parent away, so
2631 * we're loosening restrictions. Errors of permission update are not
2632 * fatal in this case, ignore them.
2634 bdrv_refresh_perms(old_bs, NULL);
2636 /* When the parent requiring a non-default AioContext is removed, the
2637 * node moves back to the main AioContext */
2638 bdrv_try_set_aio_context(old_bs, qemu_get_aio_context(), NULL);
2643 * This function steals the reference to child_bs from the caller.
2644 * That reference is later dropped by bdrv_root_unref_child().
2646 * On failure NULL is returned, errp is set and the reference to
2647 * child_bs is also dropped.
2649 * The caller must hold the AioContext lock @child_bs, but not that of @ctx
2650 * (unless @child_bs is already in @ctx).
2652 BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
2653 const char *child_name,
2654 const BdrvChildClass *child_class,
2655 BdrvChildRole child_role,
2656 AioContext *ctx,
2657 uint64_t perm, uint64_t shared_perm,
2658 void *opaque, Error **errp)
2660 BdrvChild *child;
2661 Error *local_err = NULL;
2662 int ret;
2664 ret = bdrv_check_update_perm(child_bs, NULL, perm, shared_perm, NULL, errp);
2665 if (ret < 0) {
2666 bdrv_abort_perm_update(child_bs);
2667 bdrv_unref(child_bs);
2668 return NULL;
2671 child = g_new(BdrvChild, 1);
2672 *child = (BdrvChild) {
2673 .bs = NULL,
2674 .name = g_strdup(child_name),
2675 .klass = child_class,
2676 .role = child_role,
2677 .perm = perm,
2678 .shared_perm = shared_perm,
2679 .opaque = opaque,
2682 /* If the AioContexts don't match, first try to move the subtree of
2683 * child_bs into the AioContext of the new parent. If this doesn't work,
2684 * try moving the parent into the AioContext of child_bs instead. */
2685 if (bdrv_get_aio_context(child_bs) != ctx) {
2686 ret = bdrv_try_set_aio_context(child_bs, ctx, &local_err);
2687 if (ret < 0 && child_class->can_set_aio_ctx) {
2688 GSList *ignore = g_slist_prepend(NULL, child);
2689 ctx = bdrv_get_aio_context(child_bs);
2690 if (child_class->can_set_aio_ctx(child, ctx, &ignore, NULL)) {
2691 error_free(local_err);
2692 ret = 0;
2693 g_slist_free(ignore);
2694 ignore = g_slist_prepend(NULL, child);
2695 child_class->set_aio_ctx(child, ctx, &ignore);
2697 g_slist_free(ignore);
2699 if (ret < 0) {
2700 error_propagate(errp, local_err);
2701 g_free(child);
2702 bdrv_abort_perm_update(child_bs);
2703 bdrv_unref(child_bs);
2704 return NULL;
2708 /* This performs the matching bdrv_set_perm() for the above check. */
2709 bdrv_replace_child(child, child_bs);
2711 return child;
2715 * This function transfers the reference to child_bs from the caller
2716 * to parent_bs. That reference is later dropped by parent_bs on
2717 * bdrv_close() or if someone calls bdrv_unref_child().
2719 * On failure NULL is returned, errp is set and the reference to
2720 * child_bs is also dropped.
2722 * If @parent_bs and @child_bs are in different AioContexts, the caller must
2723 * hold the AioContext lock for @child_bs, but not for @parent_bs.
2725 BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs,
2726 BlockDriverState *child_bs,
2727 const char *child_name,
2728 const BdrvChildClass *child_class,
2729 BdrvChildRole child_role,
2730 Error **errp)
2732 BdrvChild *child;
2733 uint64_t perm, shared_perm;
2735 bdrv_get_cumulative_perm(parent_bs, &perm, &shared_perm);
2737 assert(parent_bs->drv);
2738 bdrv_child_perm(parent_bs, child_bs, NULL, child_role, NULL,
2739 perm, shared_perm, &perm, &shared_perm);
2741 child = bdrv_root_attach_child(child_bs, child_name, child_class,
2742 child_role, bdrv_get_aio_context(parent_bs),
2743 perm, shared_perm, parent_bs, errp);
2744 if (child == NULL) {
2745 return NULL;
2748 QLIST_INSERT_HEAD(&parent_bs->children, child, next);
2749 return child;
2752 static void bdrv_detach_child(BdrvChild *child)
2754 QLIST_SAFE_REMOVE(child, next);
2756 bdrv_replace_child(child, NULL);
2758 g_free(child->name);
2759 g_free(child);
2762 /* Callers must ensure that child->frozen is false. */
2763 void bdrv_root_unref_child(BdrvChild *child)
2765 BlockDriverState *child_bs;
2767 child_bs = child->bs;
2768 bdrv_detach_child(child);
2769 bdrv_unref(child_bs);
2773 * Clear all inherits_from pointers from children and grandchildren of
2774 * @root that point to @root, where necessary.
2776 static void bdrv_unset_inherits_from(BlockDriverState *root, BdrvChild *child)
2778 BdrvChild *c;
2780 if (child->bs->inherits_from == root) {
2782 * Remove inherits_from only when the last reference between root and
2783 * child->bs goes away.
2785 QLIST_FOREACH(c, &root->children, next) {
2786 if (c != child && c->bs == child->bs) {
2787 break;
2790 if (c == NULL) {
2791 child->bs->inherits_from = NULL;
2795 QLIST_FOREACH(c, &child->bs->children, next) {
2796 bdrv_unset_inherits_from(root, c);
2800 /* Callers must ensure that child->frozen is false. */
2801 void bdrv_unref_child(BlockDriverState *parent, BdrvChild *child)
2803 if (child == NULL) {
2804 return;
2807 bdrv_unset_inherits_from(parent, child);
2808 bdrv_root_unref_child(child);
2812 static void bdrv_parent_cb_change_media(BlockDriverState *bs, bool load)
2814 BdrvChild *c;
2815 QLIST_FOREACH(c, &bs->parents, next_parent) {
2816 if (c->klass->change_media) {
2817 c->klass->change_media(c, load);
2822 /* Return true if you can reach parent going through child->inherits_from
2823 * recursively. If parent or child are NULL, return false */
2824 static bool bdrv_inherits_from_recursive(BlockDriverState *child,
2825 BlockDriverState *parent)
2827 while (child && child != parent) {
2828 child = child->inherits_from;
2831 return child != NULL;
2835 * Return the BdrvChildRole for @bs's backing child. bs->backing is
2836 * mostly used for COW backing children (role = COW), but also for
2837 * filtered children (role = FILTERED | PRIMARY).
2839 static BdrvChildRole bdrv_backing_role(BlockDriverState *bs)
2841 if (bs->drv && bs->drv->is_filter) {
2842 return BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY;
2843 } else {
2844 return BDRV_CHILD_COW;
2849 * Sets the bs->backing link of a BDS. A new reference is created; callers
2850 * which don't need their own reference any more must call bdrv_unref().
2852 int bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd,
2853 Error **errp)
2855 int ret = 0;
2856 bool update_inherits_from = bdrv_chain_contains(bs, backing_hd) &&
2857 bdrv_inherits_from_recursive(backing_hd, bs);
2859 if (bdrv_is_backing_chain_frozen(bs, child_bs(bs->backing), errp)) {
2860 return -EPERM;
2863 if (backing_hd) {
2864 bdrv_ref(backing_hd);
2867 if (bs->backing) {
2868 /* Cannot be frozen, we checked that above */
2869 bdrv_unref_child(bs, bs->backing);
2870 bs->backing = NULL;
2873 if (!backing_hd) {
2874 goto out;
2877 bs->backing = bdrv_attach_child(bs, backing_hd, "backing", &child_of_bds,
2878 bdrv_backing_role(bs), errp);
2879 if (!bs->backing) {
2880 ret = -EPERM;
2881 goto out;
2884 /* If backing_hd was already part of bs's backing chain, and
2885 * inherits_from pointed recursively to bs then let's update it to
2886 * point directly to bs (else it will become NULL). */
2887 if (update_inherits_from) {
2888 backing_hd->inherits_from = bs;
2891 out:
2892 bdrv_refresh_limits(bs, NULL);
2894 return ret;
2898 * Opens the backing file for a BlockDriverState if not yet open
2900 * bdref_key specifies the key for the image's BlockdevRef in the options QDict.
2901 * That QDict has to be flattened; therefore, if the BlockdevRef is a QDict
2902 * itself, all options starting with "${bdref_key}." are considered part of the
2903 * BlockdevRef.
2905 * TODO Can this be unified with bdrv_open_image()?
2907 int bdrv_open_backing_file(BlockDriverState *bs, QDict *parent_options,
2908 const char *bdref_key, Error **errp)
2910 char *backing_filename = NULL;
2911 char *bdref_key_dot;
2912 const char *reference = NULL;
2913 int ret = 0;
2914 bool implicit_backing = false;
2915 BlockDriverState *backing_hd;
2916 QDict *options;
2917 QDict *tmp_parent_options = NULL;
2918 Error *local_err = NULL;
2920 if (bs->backing != NULL) {
2921 goto free_exit;
2924 /* NULL means an empty set of options */
2925 if (parent_options == NULL) {
2926 tmp_parent_options = qdict_new();
2927 parent_options = tmp_parent_options;
2930 bs->open_flags &= ~BDRV_O_NO_BACKING;
2932 bdref_key_dot = g_strdup_printf("%s.", bdref_key);
2933 qdict_extract_subqdict(parent_options, &options, bdref_key_dot);
2934 g_free(bdref_key_dot);
2937 * Caution: while qdict_get_try_str() is fine, getting non-string
2938 * types would require more care. When @parent_options come from
2939 * -blockdev or blockdev_add, its members are typed according to
2940 * the QAPI schema, but when they come from -drive, they're all
2941 * QString.
2943 reference = qdict_get_try_str(parent_options, bdref_key);
2944 if (reference || qdict_haskey(options, "file.filename")) {
2945 /* keep backing_filename NULL */
2946 } else if (bs->backing_file[0] == '\0' && qdict_size(options) == 0) {
2947 qobject_unref(options);
2948 goto free_exit;
2949 } else {
2950 if (qdict_size(options) == 0) {
2951 /* If the user specifies options that do not modify the
2952 * backing file's behavior, we might still consider it the
2953 * implicit backing file. But it's easier this way, and
2954 * just specifying some of the backing BDS's options is
2955 * only possible with -drive anyway (otherwise the QAPI
2956 * schema forces the user to specify everything). */
2957 implicit_backing = !strcmp(bs->auto_backing_file, bs->backing_file);
2960 backing_filename = bdrv_get_full_backing_filename(bs, &local_err);
2961 if (local_err) {
2962 ret = -EINVAL;
2963 error_propagate(errp, local_err);
2964 qobject_unref(options);
2965 goto free_exit;
2969 if (!bs->drv || !bs->drv->supports_backing) {
2970 ret = -EINVAL;
2971 error_setg(errp, "Driver doesn't support backing files");
2972 qobject_unref(options);
2973 goto free_exit;
2976 if (!reference &&
2977 bs->backing_format[0] != '\0' && !qdict_haskey(options, "driver")) {
2978 qdict_put_str(options, "driver", bs->backing_format);
2981 backing_hd = bdrv_open_inherit(backing_filename, reference, options, 0, bs,
2982 &child_of_bds, bdrv_backing_role(bs), errp);
2983 if (!backing_hd) {
2984 bs->open_flags |= BDRV_O_NO_BACKING;
2985 error_prepend(errp, "Could not open backing file: ");
2986 ret = -EINVAL;
2987 goto free_exit;
2990 if (implicit_backing) {
2991 bdrv_refresh_filename(backing_hd);
2992 pstrcpy(bs->auto_backing_file, sizeof(bs->auto_backing_file),
2993 backing_hd->filename);
2996 /* Hook up the backing file link; drop our reference, bs owns the
2997 * backing_hd reference now */
2998 ret = bdrv_set_backing_hd(bs, backing_hd, errp);
2999 bdrv_unref(backing_hd);
3000 if (ret < 0) {
3001 goto free_exit;
3004 qdict_del(parent_options, bdref_key);
3006 free_exit:
3007 g_free(backing_filename);
3008 qobject_unref(tmp_parent_options);
3009 return ret;
3012 static BlockDriverState *
3013 bdrv_open_child_bs(const char *filename, QDict *options, const char *bdref_key,
3014 BlockDriverState *parent, const BdrvChildClass *child_class,
3015 BdrvChildRole child_role, bool allow_none, Error **errp)
3017 BlockDriverState *bs = NULL;
3018 QDict *image_options;
3019 char *bdref_key_dot;
3020 const char *reference;
3022 assert(child_class != NULL);
3024 bdref_key_dot = g_strdup_printf("%s.", bdref_key);
3025 qdict_extract_subqdict(options, &image_options, bdref_key_dot);
3026 g_free(bdref_key_dot);
3029 * Caution: while qdict_get_try_str() is fine, getting non-string
3030 * types would require more care. When @options come from
3031 * -blockdev or blockdev_add, its members are typed according to
3032 * the QAPI schema, but when they come from -drive, they're all
3033 * QString.
3035 reference = qdict_get_try_str(options, bdref_key);
3036 if (!filename && !reference && !qdict_size(image_options)) {
3037 if (!allow_none) {
3038 error_setg(errp, "A block device must be specified for \"%s\"",
3039 bdref_key);
3041 qobject_unref(image_options);
3042 goto done;
3045 bs = bdrv_open_inherit(filename, reference, image_options, 0,
3046 parent, child_class, child_role, errp);
3047 if (!bs) {
3048 goto done;
3051 done:
3052 qdict_del(options, bdref_key);
3053 return bs;
3057 * Opens a disk image whose options are given as BlockdevRef in another block
3058 * device's options.
3060 * If allow_none is true, no image will be opened if filename is false and no
3061 * BlockdevRef is given. NULL will be returned, but errp remains unset.
3063 * bdrev_key specifies the key for the image's BlockdevRef in the options QDict.
3064 * That QDict has to be flattened; therefore, if the BlockdevRef is a QDict
3065 * itself, all options starting with "${bdref_key}." are considered part of the
3066 * BlockdevRef.
3068 * The BlockdevRef will be removed from the options QDict.
3070 BdrvChild *bdrv_open_child(const char *filename,
3071 QDict *options, const char *bdref_key,
3072 BlockDriverState *parent,
3073 const BdrvChildClass *child_class,
3074 BdrvChildRole child_role,
3075 bool allow_none, Error **errp)
3077 BlockDriverState *bs;
3079 bs = bdrv_open_child_bs(filename, options, bdref_key, parent, child_class,
3080 child_role, allow_none, errp);
3081 if (bs == NULL) {
3082 return NULL;
3085 return bdrv_attach_child(parent, bs, bdref_key, child_class, child_role,
3086 errp);
3090 * TODO Future callers may need to specify parent/child_class in order for
3091 * option inheritance to work. Existing callers use it for the root node.
3093 BlockDriverState *bdrv_open_blockdev_ref(BlockdevRef *ref, Error **errp)
3095 BlockDriverState *bs = NULL;
3096 QObject *obj = NULL;
3097 QDict *qdict = NULL;
3098 const char *reference = NULL;
3099 Visitor *v = NULL;
3101 if (ref->type == QTYPE_QSTRING) {
3102 reference = ref->u.reference;
3103 } else {
3104 BlockdevOptions *options = &ref->u.definition;
3105 assert(ref->type == QTYPE_QDICT);
3107 v = qobject_output_visitor_new(&obj);
3108 visit_type_BlockdevOptions(v, NULL, &options, &error_abort);
3109 visit_complete(v, &obj);
3111 qdict = qobject_to(QDict, obj);
3112 qdict_flatten(qdict);
3114 /* bdrv_open_inherit() defaults to the values in bdrv_flags (for
3115 * compatibility with other callers) rather than what we want as the
3116 * real defaults. Apply the defaults here instead. */
3117 qdict_set_default_str(qdict, BDRV_OPT_CACHE_DIRECT, "off");
3118 qdict_set_default_str(qdict, BDRV_OPT_CACHE_NO_FLUSH, "off");
3119 qdict_set_default_str(qdict, BDRV_OPT_READ_ONLY, "off");
3120 qdict_set_default_str(qdict, BDRV_OPT_AUTO_READ_ONLY, "off");
3124 bs = bdrv_open_inherit(NULL, reference, qdict, 0, NULL, NULL, 0, errp);
3125 obj = NULL;
3126 qobject_unref(obj);
3127 visit_free(v);
3128 return bs;
3131 static BlockDriverState *bdrv_append_temp_snapshot(BlockDriverState *bs,
3132 int flags,
3133 QDict *snapshot_options,
3134 Error **errp)
3136 /* TODO: extra byte is a hack to ensure MAX_PATH space on Windows. */
3137 char *tmp_filename = g_malloc0(PATH_MAX + 1);
3138 int64_t total_size;
3139 QemuOpts *opts = NULL;
3140 BlockDriverState *bs_snapshot = NULL;
3141 int ret;
3143 /* if snapshot, we create a temporary backing file and open it
3144 instead of opening 'filename' directly */
3146 /* Get the required size from the image */
3147 total_size = bdrv_getlength(bs);
3148 if (total_size < 0) {
3149 error_setg_errno(errp, -total_size, "Could not get image size");
3150 goto out;
3153 /* Create the temporary image */
3154 ret = get_tmp_filename(tmp_filename, PATH_MAX + 1);
3155 if (ret < 0) {
3156 error_setg_errno(errp, -ret, "Could not get temporary filename");
3157 goto out;
3160 opts = qemu_opts_create(bdrv_qcow2.create_opts, NULL, 0,
3161 &error_abort);
3162 qemu_opt_set_number(opts, BLOCK_OPT_SIZE, total_size, &error_abort);
3163 ret = bdrv_create(&bdrv_qcow2, tmp_filename, opts, errp);
3164 qemu_opts_del(opts);
3165 if (ret < 0) {
3166 error_prepend(errp, "Could not create temporary overlay '%s': ",
3167 tmp_filename);
3168 goto out;
3171 /* Prepare options QDict for the temporary file */
3172 qdict_put_str(snapshot_options, "file.driver", "file");
3173 qdict_put_str(snapshot_options, "file.filename", tmp_filename);
3174 qdict_put_str(snapshot_options, "driver", "qcow2");
3176 bs_snapshot = bdrv_open(NULL, NULL, snapshot_options, flags, errp);
3177 snapshot_options = NULL;
3178 if (!bs_snapshot) {
3179 goto out;
3182 /* bdrv_append() consumes a strong reference to bs_snapshot
3183 * (i.e. it will call bdrv_unref() on it) even on error, so in
3184 * order to be able to return one, we have to increase
3185 * bs_snapshot's refcount here */
3186 bdrv_ref(bs_snapshot);
3187 ret = bdrv_append(bs_snapshot, bs, errp);
3188 if (ret < 0) {
3189 bs_snapshot = NULL;
3190 goto out;
3193 out:
3194 qobject_unref(snapshot_options);
3195 g_free(tmp_filename);
3196 return bs_snapshot;
3200 * Opens a disk image (raw, qcow2, vmdk, ...)
3202 * options is a QDict of options to pass to the block drivers, or NULL for an
3203 * empty set of options. The reference to the QDict belongs to the block layer
3204 * after the call (even on failure), so if the caller intends to reuse the
3205 * dictionary, it needs to use qobject_ref() before calling bdrv_open.
3207 * If *pbs is NULL, a new BDS will be created with a pointer to it stored there.
3208 * If it is not NULL, the referenced BDS will be reused.
3210 * The reference parameter may be used to specify an existing block device which
3211 * should be opened. If specified, neither options nor a filename may be given,
3212 * nor can an existing BDS be reused (that is, *pbs has to be NULL).
3214 static BlockDriverState *bdrv_open_inherit(const char *filename,
3215 const char *reference,
3216 QDict *options, int flags,
3217 BlockDriverState *parent,
3218 const BdrvChildClass *child_class,
3219 BdrvChildRole child_role,
3220 Error **errp)
3222 int ret;
3223 BlockBackend *file = NULL;
3224 BlockDriverState *bs;
3225 BlockDriver *drv = NULL;
3226 BdrvChild *child;
3227 const char *drvname;
3228 const char *backing;
3229 Error *local_err = NULL;
3230 QDict *snapshot_options = NULL;
3231 int snapshot_flags = 0;
3233 assert(!child_class || !flags);
3234 assert(!child_class == !parent);
3236 if (reference) {
3237 bool options_non_empty = options ? qdict_size(options) : false;
3238 qobject_unref(options);
3240 if (filename || options_non_empty) {
3241 error_setg(errp, "Cannot reference an existing block device with "
3242 "additional options or a new filename");
3243 return NULL;
3246 bs = bdrv_lookup_bs(reference, reference, errp);
3247 if (!bs) {
3248 return NULL;
3251 bdrv_ref(bs);
3252 return bs;
3255 bs = bdrv_new();
3257 /* NULL means an empty set of options */
3258 if (options == NULL) {
3259 options = qdict_new();
3262 /* json: syntax counts as explicit options, as if in the QDict */
3263 parse_json_protocol(options, &filename, &local_err);
3264 if (local_err) {
3265 goto fail;
3268 bs->explicit_options = qdict_clone_shallow(options);
3270 if (child_class) {
3271 bool parent_is_format;
3273 if (parent->drv) {
3274 parent_is_format = parent->drv->is_format;
3275 } else {
3277 * parent->drv is not set yet because this node is opened for
3278 * (potential) format probing. That means that @parent is going
3279 * to be a format node.
3281 parent_is_format = true;
3284 bs->inherits_from = parent;
3285 child_class->inherit_options(child_role, parent_is_format,
3286 &flags, options,
3287 parent->open_flags, parent->options);
3290 ret = bdrv_fill_options(&options, filename, &flags, &local_err);
3291 if (ret < 0) {
3292 goto fail;
3296 * Set the BDRV_O_RDWR and BDRV_O_ALLOW_RDWR flags.
3297 * Caution: getting a boolean member of @options requires care.
3298 * When @options come from -blockdev or blockdev_add, members are
3299 * typed according to the QAPI schema, but when they come from
3300 * -drive, they're all QString.
3302 if (g_strcmp0(qdict_get_try_str(options, BDRV_OPT_READ_ONLY), "on") &&
3303 !qdict_get_try_bool(options, BDRV_OPT_READ_ONLY, false)) {
3304 flags |= (BDRV_O_RDWR | BDRV_O_ALLOW_RDWR);
3305 } else {
3306 flags &= ~BDRV_O_RDWR;
3309 if (flags & BDRV_O_SNAPSHOT) {
3310 snapshot_options = qdict_new();
3311 bdrv_temp_snapshot_options(&snapshot_flags, snapshot_options,
3312 flags, options);
3313 /* Let bdrv_backing_options() override "read-only" */
3314 qdict_del(options, BDRV_OPT_READ_ONLY);
3315 bdrv_inherited_options(BDRV_CHILD_COW, true,
3316 &flags, options, flags, options);
3319 bs->open_flags = flags;
3320 bs->options = options;
3321 options = qdict_clone_shallow(options);
3323 /* Find the right image format driver */
3324 /* See cautionary note on accessing @options above */
3325 drvname = qdict_get_try_str(options, "driver");
3326 if (drvname) {
3327 drv = bdrv_find_format(drvname);
3328 if (!drv) {
3329 error_setg(errp, "Unknown driver: '%s'", drvname);
3330 goto fail;
3334 assert(drvname || !(flags & BDRV_O_PROTOCOL));
3336 /* See cautionary note on accessing @options above */
3337 backing = qdict_get_try_str(options, "backing");
3338 if (qobject_to(QNull, qdict_get(options, "backing")) != NULL ||
3339 (backing && *backing == '\0'))
3341 if (backing) {
3342 warn_report("Use of \"backing\": \"\" is deprecated; "
3343 "use \"backing\": null instead");
3345 flags |= BDRV_O_NO_BACKING;
3346 qdict_del(bs->explicit_options, "backing");
3347 qdict_del(bs->options, "backing");
3348 qdict_del(options, "backing");
3351 /* Open image file without format layer. This BlockBackend is only used for
3352 * probing, the block drivers will do their own bdrv_open_child() for the
3353 * same BDS, which is why we put the node name back into options. */
3354 if ((flags & BDRV_O_PROTOCOL) == 0) {
3355 BlockDriverState *file_bs;
3357 file_bs = bdrv_open_child_bs(filename, options, "file", bs,
3358 &child_of_bds, BDRV_CHILD_IMAGE,
3359 true, &local_err);
3360 if (local_err) {
3361 goto fail;
3363 if (file_bs != NULL) {
3364 /* Not requesting BLK_PERM_CONSISTENT_READ because we're only
3365 * looking at the header to guess the image format. This works even
3366 * in cases where a guest would not see a consistent state. */
3367 file = blk_new(bdrv_get_aio_context(file_bs), 0, BLK_PERM_ALL);
3368 blk_insert_bs(file, file_bs, &local_err);
3369 bdrv_unref(file_bs);
3370 if (local_err) {
3371 goto fail;
3374 qdict_put_str(options, "file", bdrv_get_node_name(file_bs));
3378 /* Image format probing */
3379 bs->probed = !drv;
3380 if (!drv && file) {
3381 ret = find_image_format(file, filename, &drv, &local_err);
3382 if (ret < 0) {
3383 goto fail;
3386 * This option update would logically belong in bdrv_fill_options(),
3387 * but we first need to open bs->file for the probing to work, while
3388 * opening bs->file already requires the (mostly) final set of options
3389 * so that cache mode etc. can be inherited.
3391 * Adding the driver later is somewhat ugly, but it's not an option
3392 * that would ever be inherited, so it's correct. We just need to make
3393 * sure to update both bs->options (which has the full effective
3394 * options for bs) and options (which has file.* already removed).
3396 qdict_put_str(bs->options, "driver", drv->format_name);
3397 qdict_put_str(options, "driver", drv->format_name);
3398 } else if (!drv) {
3399 error_setg(errp, "Must specify either driver or file");
3400 goto fail;
3403 /* BDRV_O_PROTOCOL must be set iff a protocol BDS is about to be created */
3404 assert(!!(flags & BDRV_O_PROTOCOL) == !!drv->bdrv_file_open);
3405 /* file must be NULL if a protocol BDS is about to be created
3406 * (the inverse results in an error message from bdrv_open_common()) */
3407 assert(!(flags & BDRV_O_PROTOCOL) || !file);
3409 /* Open the image */
3410 ret = bdrv_open_common(bs, file, options, &local_err);
3411 if (ret < 0) {
3412 goto fail;
3415 if (file) {
3416 blk_unref(file);
3417 file = NULL;
3420 /* If there is a backing file, use it */
3421 if ((flags & BDRV_O_NO_BACKING) == 0) {
3422 ret = bdrv_open_backing_file(bs, options, "backing", &local_err);
3423 if (ret < 0) {
3424 goto close_and_fail;
3428 /* Remove all children options and references
3429 * from bs->options and bs->explicit_options */
3430 QLIST_FOREACH(child, &bs->children, next) {
3431 char *child_key_dot;
3432 child_key_dot = g_strdup_printf("%s.", child->name);
3433 qdict_extract_subqdict(bs->explicit_options, NULL, child_key_dot);
3434 qdict_extract_subqdict(bs->options, NULL, child_key_dot);
3435 qdict_del(bs->explicit_options, child->name);
3436 qdict_del(bs->options, child->name);
3437 g_free(child_key_dot);
3440 /* Check if any unknown options were used */
3441 if (qdict_size(options) != 0) {
3442 const QDictEntry *entry = qdict_first(options);
3443 if (flags & BDRV_O_PROTOCOL) {
3444 error_setg(errp, "Block protocol '%s' doesn't support the option "
3445 "'%s'", drv->format_name, entry->key);
3446 } else {
3447 error_setg(errp,
3448 "Block format '%s' does not support the option '%s'",
3449 drv->format_name, entry->key);
3452 goto close_and_fail;
3455 bdrv_parent_cb_change_media(bs, true);
3457 qobject_unref(options);
3458 options = NULL;
3460 /* For snapshot=on, create a temporary qcow2 overlay. bs points to the
3461 * temporary snapshot afterwards. */
3462 if (snapshot_flags) {
3463 BlockDriverState *snapshot_bs;
3464 snapshot_bs = bdrv_append_temp_snapshot(bs, snapshot_flags,
3465 snapshot_options, &local_err);
3466 snapshot_options = NULL;
3467 if (local_err) {
3468 goto close_and_fail;
3470 /* We are not going to return bs but the overlay on top of it
3471 * (snapshot_bs); thus, we have to drop the strong reference to bs
3472 * (which we obtained by calling bdrv_new()). bs will not be deleted,
3473 * though, because the overlay still has a reference to it. */
3474 bdrv_unref(bs);
3475 bs = snapshot_bs;
3478 return bs;
3480 fail:
3481 blk_unref(file);
3482 qobject_unref(snapshot_options);
3483 qobject_unref(bs->explicit_options);
3484 qobject_unref(bs->options);
3485 qobject_unref(options);
3486 bs->options = NULL;
3487 bs->explicit_options = NULL;
3488 bdrv_unref(bs);
3489 error_propagate(errp, local_err);
3490 return NULL;
3492 close_and_fail:
3493 bdrv_unref(bs);
3494 qobject_unref(snapshot_options);
3495 qobject_unref(options);
3496 error_propagate(errp, local_err);
3497 return NULL;
3500 BlockDriverState *bdrv_open(const char *filename, const char *reference,
3501 QDict *options, int flags, Error **errp)
3503 return bdrv_open_inherit(filename, reference, options, flags, NULL,
3504 NULL, 0, errp);
3507 /* Return true if the NULL-terminated @list contains @str */
3508 static bool is_str_in_list(const char *str, const char *const *list)
3510 if (str && list) {
3511 int i;
3512 for (i = 0; list[i] != NULL; i++) {
3513 if (!strcmp(str, list[i])) {
3514 return true;
3518 return false;
3522 * Check that every option set in @bs->options is also set in
3523 * @new_opts.
3525 * Options listed in the common_options list and in
3526 * @bs->drv->mutable_opts are skipped.
3528 * Return 0 on success, otherwise return -EINVAL and set @errp.
3530 static int bdrv_reset_options_allowed(BlockDriverState *bs,
3531 const QDict *new_opts, Error **errp)
3533 const QDictEntry *e;
3534 /* These options are common to all block drivers and are handled
3535 * in bdrv_reopen_prepare() so they can be left out of @new_opts */
3536 const char *const common_options[] = {
3537 "node-name", "discard", "cache.direct", "cache.no-flush",
3538 "read-only", "auto-read-only", "detect-zeroes", NULL
3541 for (e = qdict_first(bs->options); e; e = qdict_next(bs->options, e)) {
3542 if (!qdict_haskey(new_opts, e->key) &&
3543 !is_str_in_list(e->key, common_options) &&
3544 !is_str_in_list(e->key, bs->drv->mutable_opts)) {
3545 error_setg(errp, "Option '%s' cannot be reset "
3546 "to its default value", e->key);
3547 return -EINVAL;
3551 return 0;
3555 * Returns true if @child can be reached recursively from @bs
3557 static bool bdrv_recurse_has_child(BlockDriverState *bs,
3558 BlockDriverState *child)
3560 BdrvChild *c;
3562 if (bs == child) {
3563 return true;
3566 QLIST_FOREACH(c, &bs->children, next) {
3567 if (bdrv_recurse_has_child(c->bs, child)) {
3568 return true;
3572 return false;
3576 * Adds a BlockDriverState to a simple queue for an atomic, transactional
3577 * reopen of multiple devices.
3579 * bs_queue can either be an existing BlockReopenQueue that has had QTAILQ_INIT
3580 * already performed, or alternatively may be NULL a new BlockReopenQueue will
3581 * be created and initialized. This newly created BlockReopenQueue should be
3582 * passed back in for subsequent calls that are intended to be of the same
3583 * atomic 'set'.
3585 * bs is the BlockDriverState to add to the reopen queue.
3587 * options contains the changed options for the associated bs
3588 * (the BlockReopenQueue takes ownership)
3590 * flags contains the open flags for the associated bs
3592 * returns a pointer to bs_queue, which is either the newly allocated
3593 * bs_queue, or the existing bs_queue being used.
3595 * bs must be drained between bdrv_reopen_queue() and bdrv_reopen_multiple().
3597 static BlockReopenQueue *bdrv_reopen_queue_child(BlockReopenQueue *bs_queue,
3598 BlockDriverState *bs,
3599 QDict *options,
3600 const BdrvChildClass *klass,
3601 BdrvChildRole role,
3602 bool parent_is_format,
3603 QDict *parent_options,
3604 int parent_flags,
3605 bool keep_old_opts)
3607 assert(bs != NULL);
3609 BlockReopenQueueEntry *bs_entry;
3610 BdrvChild *child;
3611 QDict *old_options, *explicit_options, *options_copy;
3612 int flags;
3613 QemuOpts *opts;
3615 /* Make sure that the caller remembered to use a drained section. This is
3616 * important to avoid graph changes between the recursive queuing here and
3617 * bdrv_reopen_multiple(). */
3618 assert(bs->quiesce_counter > 0);
3620 if (bs_queue == NULL) {
3621 bs_queue = g_new0(BlockReopenQueue, 1);
3622 QTAILQ_INIT(bs_queue);
3625 if (!options) {
3626 options = qdict_new();
3629 /* Check if this BlockDriverState is already in the queue */
3630 QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
3631 if (bs == bs_entry->state.bs) {
3632 break;
3637 * Precedence of options:
3638 * 1. Explicitly passed in options (highest)
3639 * 2. Retained from explicitly set options of bs
3640 * 3. Inherited from parent node
3641 * 4. Retained from effective options of bs
3644 /* Old explicitly set values (don't overwrite by inherited value) */
3645 if (bs_entry || keep_old_opts) {
3646 old_options = qdict_clone_shallow(bs_entry ?
3647 bs_entry->state.explicit_options :
3648 bs->explicit_options);
3649 bdrv_join_options(bs, options, old_options);
3650 qobject_unref(old_options);
3653 explicit_options = qdict_clone_shallow(options);
3655 /* Inherit from parent node */
3656 if (parent_options) {
3657 flags = 0;
3658 klass->inherit_options(role, parent_is_format, &flags, options,
3659 parent_flags, parent_options);
3660 } else {
3661 flags = bdrv_get_flags(bs);
3664 if (keep_old_opts) {
3665 /* Old values are used for options that aren't set yet */
3666 old_options = qdict_clone_shallow(bs->options);
3667 bdrv_join_options(bs, options, old_options);
3668 qobject_unref(old_options);
3671 /* We have the final set of options so let's update the flags */
3672 options_copy = qdict_clone_shallow(options);
3673 opts = qemu_opts_create(&bdrv_runtime_opts, NULL, 0, &error_abort);
3674 qemu_opts_absorb_qdict(opts, options_copy, NULL);
3675 update_flags_from_options(&flags, opts);
3676 qemu_opts_del(opts);
3677 qobject_unref(options_copy);
3679 /* bdrv_open_inherit() sets and clears some additional flags internally */
3680 flags &= ~BDRV_O_PROTOCOL;
3681 if (flags & BDRV_O_RDWR) {
3682 flags |= BDRV_O_ALLOW_RDWR;
3685 if (!bs_entry) {
3686 bs_entry = g_new0(BlockReopenQueueEntry, 1);
3687 QTAILQ_INSERT_TAIL(bs_queue, bs_entry, entry);
3688 } else {
3689 qobject_unref(bs_entry->state.options);
3690 qobject_unref(bs_entry->state.explicit_options);
3693 bs_entry->state.bs = bs;
3694 bs_entry->state.options = options;
3695 bs_entry->state.explicit_options = explicit_options;
3696 bs_entry->state.flags = flags;
3698 /* This needs to be overwritten in bdrv_reopen_prepare() */
3699 bs_entry->state.perm = UINT64_MAX;
3700 bs_entry->state.shared_perm = 0;
3703 * If keep_old_opts is false then it means that unspecified
3704 * options must be reset to their original value. We don't allow
3705 * resetting 'backing' but we need to know if the option is
3706 * missing in order to decide if we have to return an error.
3708 if (!keep_old_opts) {
3709 bs_entry->state.backing_missing =
3710 !qdict_haskey(options, "backing") &&
3711 !qdict_haskey(options, "backing.driver");
3714 QLIST_FOREACH(child, &bs->children, next) {
3715 QDict *new_child_options = NULL;
3716 bool child_keep_old = keep_old_opts;
3718 /* reopen can only change the options of block devices that were
3719 * implicitly created and inherited options. For other (referenced)
3720 * block devices, a syntax like "backing.foo" results in an error. */
3721 if (child->bs->inherits_from != bs) {
3722 continue;
3725 /* Check if the options contain a child reference */
3726 if (qdict_haskey(options, child->name)) {
3727 const char *childref = qdict_get_try_str(options, child->name);
3729 * The current child must not be reopened if the child
3730 * reference is null or points to a different node.
3732 if (g_strcmp0(childref, child->bs->node_name)) {
3733 continue;
3736 * If the child reference points to the current child then
3737 * reopen it with its existing set of options (note that
3738 * it can still inherit new options from the parent).
3740 child_keep_old = true;
3741 } else {
3742 /* Extract child options ("child-name.*") */
3743 char *child_key_dot = g_strdup_printf("%s.", child->name);
3744 qdict_extract_subqdict(explicit_options, NULL, child_key_dot);
3745 qdict_extract_subqdict(options, &new_child_options, child_key_dot);
3746 g_free(child_key_dot);
3749 bdrv_reopen_queue_child(bs_queue, child->bs, new_child_options,
3750 child->klass, child->role, bs->drv->is_format,
3751 options, flags, child_keep_old);
3754 return bs_queue;
3757 BlockReopenQueue *bdrv_reopen_queue(BlockReopenQueue *bs_queue,
3758 BlockDriverState *bs,
3759 QDict *options, bool keep_old_opts)
3761 return bdrv_reopen_queue_child(bs_queue, bs, options, NULL, 0, false,
3762 NULL, 0, keep_old_opts);
3766 * Reopen multiple BlockDriverStates atomically & transactionally.
3768 * The queue passed in (bs_queue) must have been built up previous
3769 * via bdrv_reopen_queue().
3771 * Reopens all BDS specified in the queue, with the appropriate
3772 * flags. All devices are prepared for reopen, and failure of any
3773 * device will cause all device changes to be abandoned, and intermediate
3774 * data cleaned up.
3776 * If all devices prepare successfully, then the changes are committed
3777 * to all devices.
3779 * All affected nodes must be drained between bdrv_reopen_queue() and
3780 * bdrv_reopen_multiple().
3782 int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
3784 int ret = -1;
3785 BlockReopenQueueEntry *bs_entry, *next;
3787 assert(bs_queue != NULL);
3789 QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
3790 assert(bs_entry->state.bs->quiesce_counter > 0);
3791 if (bdrv_reopen_prepare(&bs_entry->state, bs_queue, errp)) {
3792 goto cleanup;
3794 bs_entry->prepared = true;
3797 QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
3798 BDRVReopenState *state = &bs_entry->state;
3799 ret = bdrv_check_perm(state->bs, bs_queue, state->perm,
3800 state->shared_perm, NULL, errp);
3801 if (ret < 0) {
3802 goto cleanup_perm;
3804 /* Check if new_backing_bs would accept the new permissions */
3805 if (state->replace_backing_bs && state->new_backing_bs) {
3806 uint64_t nperm, nshared;
3807 bdrv_child_perm(state->bs, state->new_backing_bs,
3808 NULL, bdrv_backing_role(state->bs),
3809 bs_queue, state->perm, state->shared_perm,
3810 &nperm, &nshared);
3811 ret = bdrv_check_update_perm(state->new_backing_bs, NULL,
3812 nperm, nshared, NULL, errp);
3813 if (ret < 0) {
3814 goto cleanup_perm;
3817 bs_entry->perms_checked = true;
3821 * If we reach this point, we have success and just need to apply the
3822 * changes.
3824 * Reverse order is used to comfort qcow2 driver: on commit it need to write
3825 * IN_USE flag to the image, to mark bitmaps in the image as invalid. But
3826 * children are usually goes after parents in reopen-queue, so go from last
3827 * to first element.
3829 QTAILQ_FOREACH_REVERSE(bs_entry, bs_queue, entry) {
3830 bdrv_reopen_commit(&bs_entry->state);
3833 ret = 0;
3834 cleanup_perm:
3835 QTAILQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) {
3836 BDRVReopenState *state = &bs_entry->state;
3838 if (!bs_entry->perms_checked) {
3839 continue;
3842 if (ret == 0) {
3843 uint64_t perm, shared;
3845 bdrv_get_cumulative_perm(state->bs, &perm, &shared);
3846 assert(perm == state->perm);
3847 assert(shared == state->shared_perm);
3849 bdrv_set_perm(state->bs);
3850 } else {
3851 bdrv_abort_perm_update(state->bs);
3852 if (state->replace_backing_bs && state->new_backing_bs) {
3853 bdrv_abort_perm_update(state->new_backing_bs);
3858 if (ret == 0) {
3859 QTAILQ_FOREACH_REVERSE(bs_entry, bs_queue, entry) {
3860 BlockDriverState *bs = bs_entry->state.bs;
3862 if (bs->drv->bdrv_reopen_commit_post)
3863 bs->drv->bdrv_reopen_commit_post(&bs_entry->state);
3866 cleanup:
3867 QTAILQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) {
3868 if (ret) {
3869 if (bs_entry->prepared) {
3870 bdrv_reopen_abort(&bs_entry->state);
3872 qobject_unref(bs_entry->state.explicit_options);
3873 qobject_unref(bs_entry->state.options);
3875 if (bs_entry->state.new_backing_bs) {
3876 bdrv_unref(bs_entry->state.new_backing_bs);
3878 g_free(bs_entry);
3880 g_free(bs_queue);
3882 return ret;
3885 int bdrv_reopen_set_read_only(BlockDriverState *bs, bool read_only,
3886 Error **errp)
3888 int ret;
3889 BlockReopenQueue *queue;
3890 QDict *opts = qdict_new();
3892 qdict_put_bool(opts, BDRV_OPT_READ_ONLY, read_only);
3894 bdrv_subtree_drained_begin(bs);
3895 queue = bdrv_reopen_queue(NULL, bs, opts, true);
3896 ret = bdrv_reopen_multiple(queue, errp);
3897 bdrv_subtree_drained_end(bs);
3899 return ret;
3902 static BlockReopenQueueEntry *find_parent_in_reopen_queue(BlockReopenQueue *q,
3903 BdrvChild *c)
3905 BlockReopenQueueEntry *entry;
3907 QTAILQ_FOREACH(entry, q, entry) {
3908 BlockDriverState *bs = entry->state.bs;
3909 BdrvChild *child;
3911 QLIST_FOREACH(child, &bs->children, next) {
3912 if (child == c) {
3913 return entry;
3918 return NULL;
3921 static void bdrv_reopen_perm(BlockReopenQueue *q, BlockDriverState *bs,
3922 uint64_t *perm, uint64_t *shared)
3924 BdrvChild *c;
3925 BlockReopenQueueEntry *parent;
3926 uint64_t cumulative_perms = 0;
3927 uint64_t cumulative_shared_perms = BLK_PERM_ALL;
3929 QLIST_FOREACH(c, &bs->parents, next_parent) {
3930 parent = find_parent_in_reopen_queue(q, c);
3931 if (!parent) {
3932 cumulative_perms |= c->perm;
3933 cumulative_shared_perms &= c->shared_perm;
3934 } else {
3935 uint64_t nperm, nshared;
3937 bdrv_child_perm(parent->state.bs, bs, c, c->role, q,
3938 parent->state.perm, parent->state.shared_perm,
3939 &nperm, &nshared);
3941 cumulative_perms |= nperm;
3942 cumulative_shared_perms &= nshared;
3945 *perm = cumulative_perms;
3946 *shared = cumulative_shared_perms;
3949 static bool bdrv_reopen_can_attach(BlockDriverState *parent,
3950 BdrvChild *child,
3951 BlockDriverState *new_child,
3952 Error **errp)
3954 AioContext *parent_ctx = bdrv_get_aio_context(parent);
3955 AioContext *child_ctx = bdrv_get_aio_context(new_child);
3956 GSList *ignore;
3957 bool ret;
3959 ignore = g_slist_prepend(NULL, child);
3960 ret = bdrv_can_set_aio_context(new_child, parent_ctx, &ignore, NULL);
3961 g_slist_free(ignore);
3962 if (ret) {
3963 return ret;
3966 ignore = g_slist_prepend(NULL, child);
3967 ret = bdrv_can_set_aio_context(parent, child_ctx, &ignore, errp);
3968 g_slist_free(ignore);
3969 return ret;
3973 * Take a BDRVReopenState and check if the value of 'backing' in the
3974 * reopen_state->options QDict is valid or not.
3976 * If 'backing' is missing from the QDict then return 0.
3978 * If 'backing' contains the node name of the backing file of
3979 * reopen_state->bs then return 0.
3981 * If 'backing' contains a different node name (or is null) then check
3982 * whether the current backing file can be replaced with the new one.
3983 * If that's the case then reopen_state->replace_backing_bs is set to
3984 * true and reopen_state->new_backing_bs contains a pointer to the new
3985 * backing BlockDriverState (or NULL).
3987 * Return 0 on success, otherwise return < 0 and set @errp.
3989 static int bdrv_reopen_parse_backing(BDRVReopenState *reopen_state,
3990 Error **errp)
3992 BlockDriverState *bs = reopen_state->bs;
3993 BlockDriverState *overlay_bs, *below_bs, *new_backing_bs;
3994 QObject *value;
3995 const char *str;
3997 value = qdict_get(reopen_state->options, "backing");
3998 if (value == NULL) {
3999 return 0;
4002 switch (qobject_type(value)) {
4003 case QTYPE_QNULL:
4004 new_backing_bs = NULL;
4005 break;
4006 case QTYPE_QSTRING:
4007 str = qstring_get_str(qobject_to(QString, value));
4008 new_backing_bs = bdrv_lookup_bs(NULL, str, errp);
4009 if (new_backing_bs == NULL) {
4010 return -EINVAL;
4011 } else if (bdrv_recurse_has_child(new_backing_bs, bs)) {
4012 error_setg(errp, "Making '%s' a backing file of '%s' "
4013 "would create a cycle", str, bs->node_name);
4014 return -EINVAL;
4016 break;
4017 default:
4018 /* 'backing' does not allow any other data type */
4019 g_assert_not_reached();
4023 * Check AioContext compatibility so that the bdrv_set_backing_hd() call in
4024 * bdrv_reopen_commit() won't fail.
4026 if (new_backing_bs) {
4027 if (!bdrv_reopen_can_attach(bs, bs->backing, new_backing_bs, errp)) {
4028 return -EINVAL;
4033 * Ensure that @bs can really handle backing files, because we are
4034 * about to give it one (or swap the existing one)
4036 if (bs->drv->is_filter) {
4037 /* Filters always have a file or a backing child */
4038 if (!bs->backing) {
4039 error_setg(errp, "'%s' is a %s filter node that does not support a "
4040 "backing child", bs->node_name, bs->drv->format_name);
4041 return -EINVAL;
4043 } else if (!bs->drv->supports_backing) {
4044 error_setg(errp, "Driver '%s' of node '%s' does not support backing "
4045 "files", bs->drv->format_name, bs->node_name);
4046 return -EINVAL;
4050 * Find the "actual" backing file by skipping all links that point
4051 * to an implicit node, if any (e.g. a commit filter node).
4052 * We cannot use any of the bdrv_skip_*() functions here because
4053 * those return the first explicit node, while we are looking for
4054 * its overlay here.
4056 overlay_bs = bs;
4057 for (below_bs = bdrv_filter_or_cow_bs(overlay_bs);
4058 below_bs && below_bs->implicit;
4059 below_bs = bdrv_filter_or_cow_bs(overlay_bs))
4061 overlay_bs = below_bs;
4064 /* If we want to replace the backing file we need some extra checks */
4065 if (new_backing_bs != bdrv_filter_or_cow_bs(overlay_bs)) {
4066 /* Check for implicit nodes between bs and its backing file */
4067 if (bs != overlay_bs) {
4068 error_setg(errp, "Cannot change backing link if '%s' has "
4069 "an implicit backing file", bs->node_name);
4070 return -EPERM;
4073 * Check if the backing link that we want to replace is frozen.
4074 * Note that
4075 * bdrv_filter_or_cow_child(overlay_bs) == overlay_bs->backing,
4076 * because we know that overlay_bs == bs, and that @bs
4077 * either is a filter that uses ->backing or a COW format BDS
4078 * with bs->drv->supports_backing == true.
4080 if (bdrv_is_backing_chain_frozen(overlay_bs,
4081 child_bs(overlay_bs->backing), errp))
4083 return -EPERM;
4085 reopen_state->replace_backing_bs = true;
4086 if (new_backing_bs) {
4087 bdrv_ref(new_backing_bs);
4088 reopen_state->new_backing_bs = new_backing_bs;
4092 return 0;
4096 * Prepares a BlockDriverState for reopen. All changes are staged in the
4097 * 'opaque' field of the BDRVReopenState, which is used and allocated by
4098 * the block driver layer .bdrv_reopen_prepare()
4100 * bs is the BlockDriverState to reopen
4101 * flags are the new open flags
4102 * queue is the reopen queue
4104 * Returns 0 on success, non-zero on error. On error errp will be set
4105 * as well.
4107 * On failure, bdrv_reopen_abort() will be called to clean up any data.
4108 * It is the responsibility of the caller to then call the abort() or
4109 * commit() for any other BDS that have been left in a prepare() state
4112 int bdrv_reopen_prepare(BDRVReopenState *reopen_state, BlockReopenQueue *queue,
4113 Error **errp)
4115 int ret = -1;
4116 int old_flags;
4117 Error *local_err = NULL;
4118 BlockDriver *drv;
4119 QemuOpts *opts;
4120 QDict *orig_reopen_opts;
4121 char *discard = NULL;
4122 bool read_only;
4123 bool drv_prepared = false;
4125 assert(reopen_state != NULL);
4126 assert(reopen_state->bs->drv != NULL);
4127 drv = reopen_state->bs->drv;
4129 /* This function and each driver's bdrv_reopen_prepare() remove
4130 * entries from reopen_state->options as they are processed, so
4131 * we need to make a copy of the original QDict. */
4132 orig_reopen_opts = qdict_clone_shallow(reopen_state->options);
4134 /* Process generic block layer options */
4135 opts = qemu_opts_create(&bdrv_runtime_opts, NULL, 0, &error_abort);
4136 if (!qemu_opts_absorb_qdict(opts, reopen_state->options, errp)) {
4137 ret = -EINVAL;
4138 goto error;
4141 /* This was already called in bdrv_reopen_queue_child() so the flags
4142 * are up-to-date. This time we simply want to remove the options from
4143 * QemuOpts in order to indicate that they have been processed. */
4144 old_flags = reopen_state->flags;
4145 update_flags_from_options(&reopen_state->flags, opts);
4146 assert(old_flags == reopen_state->flags);
4148 discard = qemu_opt_get_del(opts, BDRV_OPT_DISCARD);
4149 if (discard != NULL) {
4150 if (bdrv_parse_discard_flags(discard, &reopen_state->flags) != 0) {
4151 error_setg(errp, "Invalid discard option");
4152 ret = -EINVAL;
4153 goto error;
4157 reopen_state->detect_zeroes =
4158 bdrv_parse_detect_zeroes(opts, reopen_state->flags, &local_err);
4159 if (local_err) {
4160 error_propagate(errp, local_err);
4161 ret = -EINVAL;
4162 goto error;
4165 /* All other options (including node-name and driver) must be unchanged.
4166 * Put them back into the QDict, so that they are checked at the end
4167 * of this function. */
4168 qemu_opts_to_qdict(opts, reopen_state->options);
4170 /* If we are to stay read-only, do not allow permission change
4171 * to r/w. Attempting to set to r/w may fail if either BDRV_O_ALLOW_RDWR is
4172 * not set, or if the BDS still has copy_on_read enabled */
4173 read_only = !(reopen_state->flags & BDRV_O_RDWR);
4174 ret = bdrv_can_set_read_only(reopen_state->bs, read_only, true, &local_err);
4175 if (local_err) {
4176 error_propagate(errp, local_err);
4177 goto error;
4180 /* Calculate required permissions after reopening */
4181 bdrv_reopen_perm(queue, reopen_state->bs,
4182 &reopen_state->perm, &reopen_state->shared_perm);
4184 ret = bdrv_flush(reopen_state->bs);
4185 if (ret) {
4186 error_setg_errno(errp, -ret, "Error flushing drive");
4187 goto error;
4190 if (drv->bdrv_reopen_prepare) {
4192 * If a driver-specific option is missing, it means that we
4193 * should reset it to its default value.
4194 * But not all options allow that, so we need to check it first.
4196 ret = bdrv_reset_options_allowed(reopen_state->bs,
4197 reopen_state->options, errp);
4198 if (ret) {
4199 goto error;
4202 ret = drv->bdrv_reopen_prepare(reopen_state, queue, &local_err);
4203 if (ret) {
4204 if (local_err != NULL) {
4205 error_propagate(errp, local_err);
4206 } else {
4207 bdrv_refresh_filename(reopen_state->bs);
4208 error_setg(errp, "failed while preparing to reopen image '%s'",
4209 reopen_state->bs->filename);
4211 goto error;
4213 } else {
4214 /* It is currently mandatory to have a bdrv_reopen_prepare()
4215 * handler for each supported drv. */
4216 error_setg(errp, "Block format '%s' used by node '%s' "
4217 "does not support reopening files", drv->format_name,
4218 bdrv_get_device_or_node_name(reopen_state->bs));
4219 ret = -1;
4220 goto error;
4223 drv_prepared = true;
4226 * We must provide the 'backing' option if the BDS has a backing
4227 * file or if the image file has a backing file name as part of
4228 * its metadata. Otherwise the 'backing' option can be omitted.
4230 if (drv->supports_backing && reopen_state->backing_missing &&
4231 (reopen_state->bs->backing || reopen_state->bs->backing_file[0])) {
4232 error_setg(errp, "backing is missing for '%s'",
4233 reopen_state->bs->node_name);
4234 ret = -EINVAL;
4235 goto error;
4239 * Allow changing the 'backing' option. The new value can be
4240 * either a reference to an existing node (using its node name)
4241 * or NULL to simply detach the current backing file.
4243 ret = bdrv_reopen_parse_backing(reopen_state, errp);
4244 if (ret < 0) {
4245 goto error;
4247 qdict_del(reopen_state->options, "backing");
4249 /* Options that are not handled are only okay if they are unchanged
4250 * compared to the old state. It is expected that some options are only
4251 * used for the initial open, but not reopen (e.g. filename) */
4252 if (qdict_size(reopen_state->options)) {
4253 const QDictEntry *entry = qdict_first(reopen_state->options);
4255 do {
4256 QObject *new = entry