exec/memory: Use struct Object typedef
[qemu/ar7.git] / block.c
bloba1f3cecd75525155e91da1eb7f024f31dc20d585
1 /*
2 * QEMU System Emulator block driver
4 * Copyright (c) 2003 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
25 #include "qemu/osdep.h"
26 #include "block/trace.h"
27 #include "block/block_int.h"
28 #include "block/blockjob.h"
29 #include "block/fuse.h"
30 #include "block/nbd.h"
31 #include "block/qdict.h"
32 #include "qemu/error-report.h"
33 #include "block/module_block.h"
34 #include "qemu/main-loop.h"
35 #include "qemu/module.h"
36 #include "qapi/error.h"
37 #include "qapi/qmp/qdict.h"
38 #include "qapi/qmp/qjson.h"
39 #include "qapi/qmp/qnull.h"
40 #include "qapi/qmp/qstring.h"
41 #include "qapi/qobject-output-visitor.h"
42 #include "qapi/qapi-visit-block-core.h"
43 #include "sysemu/block-backend.h"
44 #include "sysemu/sysemu.h"
45 #include "qemu/notify.h"
46 #include "qemu/option.h"
47 #include "qemu/coroutine.h"
48 #include "block/qapi.h"
49 #include "qemu/timer.h"
50 #include "qemu/cutils.h"
51 #include "qemu/id.h"
52 #include "block/coroutines.h"
54 #ifdef CONFIG_BSD
55 #include <sys/ioctl.h>
56 #include <sys/queue.h>
57 #ifndef __DragonFly__
58 #include <sys/disk.h>
59 #endif
60 #endif
62 #ifdef _WIN32
63 #include <windows.h>
64 #endif
66 #define NOT_DONE 0x7fffffff /* used while emulated sync operation in progress */
68 static QTAILQ_HEAD(, BlockDriverState) graph_bdrv_states =
69 QTAILQ_HEAD_INITIALIZER(graph_bdrv_states);
71 static QTAILQ_HEAD(, BlockDriverState) all_bdrv_states =
72 QTAILQ_HEAD_INITIALIZER(all_bdrv_states);
74 static QLIST_HEAD(, BlockDriver) bdrv_drivers =
75 QLIST_HEAD_INITIALIZER(bdrv_drivers);
77 static BlockDriverState *bdrv_open_inherit(const char *filename,
78 const char *reference,
79 QDict *options, int flags,
80 BlockDriverState *parent,
81 const BdrvChildClass *child_class,
82 BdrvChildRole child_role,
83 Error **errp);
85 /* If non-zero, use only whitelisted block drivers */
86 static int use_bdrv_whitelist;
88 #ifdef _WIN32
89 static int is_windows_drive_prefix(const char *filename)
91 return (((filename[0] >= 'a' && filename[0] <= 'z') ||
92 (filename[0] >= 'A' && filename[0] <= 'Z')) &&
93 filename[1] == ':');
96 int is_windows_drive(const char *filename)
98 if (is_windows_drive_prefix(filename) &&
99 filename[2] == '\0')
100 return 1;
101 if (strstart(filename, "\\\\.\\", NULL) ||
102 strstart(filename, "//./", NULL))
103 return 1;
104 return 0;
106 #endif
108 size_t bdrv_opt_mem_align(BlockDriverState *bs)
110 if (!bs || !bs->drv) {
111 /* page size or 4k (hdd sector size) should be on the safe side */
112 return MAX(4096, qemu_real_host_page_size);
115 return bs->bl.opt_mem_alignment;
118 size_t bdrv_min_mem_align(BlockDriverState *bs)
120 if (!bs || !bs->drv) {
121 /* page size or 4k (hdd sector size) should be on the safe side */
122 return MAX(4096, qemu_real_host_page_size);
125 return bs->bl.min_mem_alignment;
128 /* check if the path starts with "<protocol>:" */
129 int path_has_protocol(const char *path)
131 const char *p;
133 #ifdef _WIN32
134 if (is_windows_drive(path) ||
135 is_windows_drive_prefix(path)) {
136 return 0;
138 p = path + strcspn(path, ":/\\");
139 #else
140 p = path + strcspn(path, ":/");
141 #endif
143 return *p == ':';
146 int path_is_absolute(const char *path)
148 #ifdef _WIN32
149 /* specific case for names like: "\\.\d:" */
150 if (is_windows_drive(path) || is_windows_drive_prefix(path)) {
151 return 1;
153 return (*path == '/' || *path == '\\');
154 #else
155 return (*path == '/');
156 #endif
159 /* if filename is absolute, just return its duplicate. Otherwise, build a
160 path to it by considering it is relative to base_path. URL are
161 supported. */
162 char *path_combine(const char *base_path, const char *filename)
164 const char *protocol_stripped = NULL;
165 const char *p, *p1;
166 char *result;
167 int len;
169 if (path_is_absolute(filename)) {
170 return g_strdup(filename);
173 if (path_has_protocol(base_path)) {
174 protocol_stripped = strchr(base_path, ':');
175 if (protocol_stripped) {
176 protocol_stripped++;
179 p = protocol_stripped ?: base_path;
181 p1 = strrchr(base_path, '/');
182 #ifdef _WIN32
184 const char *p2;
185 p2 = strrchr(base_path, '\\');
186 if (!p1 || p2 > p1) {
187 p1 = p2;
190 #endif
191 if (p1) {
192 p1++;
193 } else {
194 p1 = base_path;
196 if (p1 > p) {
197 p = p1;
199 len = p - base_path;
201 result = g_malloc(len + strlen(filename) + 1);
202 memcpy(result, base_path, len);
203 strcpy(result + len, filename);
205 return result;
209 * Helper function for bdrv_parse_filename() implementations to remove optional
210 * protocol prefixes (especially "file:") from a filename and for putting the
211 * stripped filename into the options QDict if there is such a prefix.
213 void bdrv_parse_filename_strip_prefix(const char *filename, const char *prefix,
214 QDict *options)
216 if (strstart(filename, prefix, &filename)) {
217 /* Stripping the explicit protocol prefix may result in a protocol
218 * prefix being (wrongly) detected (if the filename contains a colon) */
219 if (path_has_protocol(filename)) {
220 GString *fat_filename;
222 /* This means there is some colon before the first slash; therefore,
223 * this cannot be an absolute path */
224 assert(!path_is_absolute(filename));
226 /* And we can thus fix the protocol detection issue by prefixing it
227 * by "./" */
228 fat_filename = g_string_new("./");
229 g_string_append(fat_filename, filename);
231 assert(!path_has_protocol(fat_filename->str));
233 qdict_put(options, "filename",
234 qstring_from_gstring(fat_filename));
235 } else {
236 /* If no protocol prefix was detected, we can use the shortened
237 * filename as-is */
238 qdict_put_str(options, "filename", filename);
244 /* Returns whether the image file is opened as read-only. Note that this can
245 * return false and writing to the image file is still not possible because the
246 * image is inactivated. */
247 bool bdrv_is_read_only(BlockDriverState *bs)
249 return bs->read_only;
252 int bdrv_can_set_read_only(BlockDriverState *bs, bool read_only,
253 bool ignore_allow_rdw, Error **errp)
255 /* Do not set read_only if copy_on_read is enabled */
256 if (bs->copy_on_read && read_only) {
257 error_setg(errp, "Can't set node '%s' to r/o with copy-on-read enabled",
258 bdrv_get_device_or_node_name(bs));
259 return -EINVAL;
262 /* Do not clear read_only if it is prohibited */
263 if (!read_only && !(bs->open_flags & BDRV_O_ALLOW_RDWR) &&
264 !ignore_allow_rdw)
266 error_setg(errp, "Node '%s' is read only",
267 bdrv_get_device_or_node_name(bs));
268 return -EPERM;
271 return 0;
275 * Called by a driver that can only provide a read-only image.
277 * Returns 0 if the node is already read-only or it could switch the node to
278 * read-only because BDRV_O_AUTO_RDONLY is set.
280 * Returns -EACCES if the node is read-write and BDRV_O_AUTO_RDONLY is not set
281 * or bdrv_can_set_read_only() forbids making the node read-only. If @errmsg
282 * is not NULL, it is used as the error message for the Error object.
284 int bdrv_apply_auto_read_only(BlockDriverState *bs, const char *errmsg,
285 Error **errp)
287 int ret = 0;
289 if (!(bs->open_flags & BDRV_O_RDWR)) {
290 return 0;
292 if (!(bs->open_flags & BDRV_O_AUTO_RDONLY)) {
293 goto fail;
296 ret = bdrv_can_set_read_only(bs, true, false, NULL);
297 if (ret < 0) {
298 goto fail;
301 bs->read_only = true;
302 bs->open_flags &= ~BDRV_O_RDWR;
304 return 0;
306 fail:
307 error_setg(errp, "%s", errmsg ?: "Image is read-only");
308 return -EACCES;
312 * If @backing is empty, this function returns NULL without setting
313 * @errp. In all other cases, NULL will only be returned with @errp
314 * set.
316 * Therefore, a return value of NULL without @errp set means that
317 * there is no backing file; if @errp is set, there is one but its
318 * absolute filename cannot be generated.
320 char *bdrv_get_full_backing_filename_from_filename(const char *backed,
321 const char *backing,
322 Error **errp)
324 if (backing[0] == '\0') {
325 return NULL;
326 } else if (path_has_protocol(backing) || path_is_absolute(backing)) {
327 return g_strdup(backing);
328 } else if (backed[0] == '\0' || strstart(backed, "json:", NULL)) {
329 error_setg(errp, "Cannot use relative backing file names for '%s'",
330 backed);
331 return NULL;
332 } else {
333 return path_combine(backed, backing);
338 * If @filename is empty or NULL, this function returns NULL without
339 * setting @errp. In all other cases, NULL will only be returned with
340 * @errp set.
342 static char *bdrv_make_absolute_filename(BlockDriverState *relative_to,
343 const char *filename, Error **errp)
345 char *dir, *full_name;
347 if (!filename || filename[0] == '\0') {
348 return NULL;
349 } else if (path_has_protocol(filename) || path_is_absolute(filename)) {
350 return g_strdup(filename);
353 dir = bdrv_dirname(relative_to, errp);
354 if (!dir) {
355 return NULL;
358 full_name = g_strconcat(dir, filename, NULL);
359 g_free(dir);
360 return full_name;
363 char *bdrv_get_full_backing_filename(BlockDriverState *bs, Error **errp)
365 return bdrv_make_absolute_filename(bs, bs->backing_file, errp);
368 void bdrv_register(BlockDriver *bdrv)
370 assert(bdrv->format_name);
371 QLIST_INSERT_HEAD(&bdrv_drivers, bdrv, list);
374 BlockDriverState *bdrv_new(void)
376 BlockDriverState *bs;
377 int i;
379 bs = g_new0(BlockDriverState, 1);
380 QLIST_INIT(&bs->dirty_bitmaps);
381 for (i = 0; i < BLOCK_OP_TYPE_MAX; i++) {
382 QLIST_INIT(&bs->op_blockers[i]);
384 notifier_with_return_list_init(&bs->before_write_notifiers);
385 qemu_co_mutex_init(&bs->reqs_lock);
386 qemu_mutex_init(&bs->dirty_bitmap_mutex);
387 bs->refcnt = 1;
388 bs->aio_context = qemu_get_aio_context();
390 qemu_co_queue_init(&bs->flush_queue);
392 for (i = 0; i < bdrv_drain_all_count; i++) {
393 bdrv_drained_begin(bs);
396 QTAILQ_INSERT_TAIL(&all_bdrv_states, bs, bs_list);
398 return bs;
401 static BlockDriver *bdrv_do_find_format(const char *format_name)
403 BlockDriver *drv1;
405 QLIST_FOREACH(drv1, &bdrv_drivers, list) {
406 if (!strcmp(drv1->format_name, format_name)) {
407 return drv1;
411 return NULL;
414 BlockDriver *bdrv_find_format(const char *format_name)
416 BlockDriver *drv1;
417 int i;
419 drv1 = bdrv_do_find_format(format_name);
420 if (drv1) {
421 return drv1;
424 /* The driver isn't registered, maybe we need to load a module */
425 for (i = 0; i < (int)ARRAY_SIZE(block_driver_modules); ++i) {
426 if (!strcmp(block_driver_modules[i].format_name, format_name)) {
427 block_module_load_one(block_driver_modules[i].library_name);
428 break;
432 return bdrv_do_find_format(format_name);
435 static int bdrv_format_is_whitelisted(const char *format_name, bool read_only)
437 static const char *whitelist_rw[] = {
438 CONFIG_BDRV_RW_WHITELIST
439 NULL
441 static const char *whitelist_ro[] = {
442 CONFIG_BDRV_RO_WHITELIST
443 NULL
445 const char **p;
447 if (!whitelist_rw[0] && !whitelist_ro[0]) {
448 return 1; /* no whitelist, anything goes */
451 for (p = whitelist_rw; *p; p++) {
452 if (!strcmp(format_name, *p)) {
453 return 1;
456 if (read_only) {
457 for (p = whitelist_ro; *p; p++) {
458 if (!strcmp(format_name, *p)) {
459 return 1;
463 return 0;
466 int bdrv_is_whitelisted(BlockDriver *drv, bool read_only)
468 return bdrv_format_is_whitelisted(drv->format_name, read_only);
471 bool bdrv_uses_whitelist(void)
473 return use_bdrv_whitelist;
476 typedef struct CreateCo {
477 BlockDriver *drv;
478 char *filename;
479 QemuOpts *opts;
480 int ret;
481 Error *err;
482 } CreateCo;
484 static void coroutine_fn bdrv_create_co_entry(void *opaque)
486 Error *local_err = NULL;
487 int ret;
489 CreateCo *cco = opaque;
490 assert(cco->drv);
492 ret = cco->drv->bdrv_co_create_opts(cco->drv,
493 cco->filename, cco->opts, &local_err);
494 error_propagate(&cco->err, local_err);
495 cco->ret = ret;
498 int bdrv_create(BlockDriver *drv, const char* filename,
499 QemuOpts *opts, Error **errp)
501 int ret;
503 Coroutine *co;
504 CreateCo cco = {
505 .drv = drv,
506 .filename = g_strdup(filename),
507 .opts = opts,
508 .ret = NOT_DONE,
509 .err = NULL,
512 if (!drv->bdrv_co_create_opts) {
513 error_setg(errp, "Driver '%s' does not support image creation", drv->format_name);
514 ret = -ENOTSUP;
515 goto out;
518 if (qemu_in_coroutine()) {
519 /* Fast-path if already in coroutine context */
520 bdrv_create_co_entry(&cco);
521 } else {
522 co = qemu_coroutine_create(bdrv_create_co_entry, &cco);
523 qemu_coroutine_enter(co);
524 while (cco.ret == NOT_DONE) {
525 aio_poll(qemu_get_aio_context(), true);
529 ret = cco.ret;
530 if (ret < 0) {
531 if (cco.err) {
532 error_propagate(errp, cco.err);
533 } else {
534 error_setg_errno(errp, -ret, "Could not create image");
538 out:
539 g_free(cco.filename);
540 return ret;
544 * Helper function for bdrv_create_file_fallback(): Resize @blk to at
545 * least the given @minimum_size.
547 * On success, return @blk's actual length.
548 * Otherwise, return -errno.
550 static int64_t create_file_fallback_truncate(BlockBackend *blk,
551 int64_t minimum_size, Error **errp)
553 Error *local_err = NULL;
554 int64_t size;
555 int ret;
557 ret = blk_truncate(blk, minimum_size, false, PREALLOC_MODE_OFF, 0,
558 &local_err);
559 if (ret < 0 && ret != -ENOTSUP) {
560 error_propagate(errp, local_err);
561 return ret;
564 size = blk_getlength(blk);
565 if (size < 0) {
566 error_free(local_err);
567 error_setg_errno(errp, -size,
568 "Failed to inquire the new image file's length");
569 return size;
572 if (size < minimum_size) {
573 /* Need to grow the image, but we failed to do that */
574 error_propagate(errp, local_err);
575 return -ENOTSUP;
578 error_free(local_err);
579 local_err = NULL;
581 return size;
585 * Helper function for bdrv_create_file_fallback(): Zero the first
586 * sector to remove any potentially pre-existing image header.
588 static int create_file_fallback_zero_first_sector(BlockBackend *blk,
589 int64_t current_size,
590 Error **errp)
592 int64_t bytes_to_clear;
593 int ret;
595 bytes_to_clear = MIN(current_size, BDRV_SECTOR_SIZE);
596 if (bytes_to_clear) {
597 ret = blk_pwrite_zeroes(blk, 0, bytes_to_clear, BDRV_REQ_MAY_UNMAP);
598 if (ret < 0) {
599 error_setg_errno(errp, -ret,
600 "Failed to clear the new image's first sector");
601 return ret;
605 return 0;
609 * Simple implementation of bdrv_co_create_opts for protocol drivers
610 * which only support creation via opening a file
611 * (usually existing raw storage device)
613 int coroutine_fn bdrv_co_create_opts_simple(BlockDriver *drv,
614 const char *filename,
615 QemuOpts *opts,
616 Error **errp)
618 BlockBackend *blk;
619 QDict *options;
620 int64_t size = 0;
621 char *buf = NULL;
622 PreallocMode prealloc;
623 Error *local_err = NULL;
624 int ret;
626 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0);
627 buf = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC);
628 prealloc = qapi_enum_parse(&PreallocMode_lookup, buf,
629 PREALLOC_MODE_OFF, &local_err);
630 g_free(buf);
631 if (local_err) {
632 error_propagate(errp, local_err);
633 return -EINVAL;
636 if (prealloc != PREALLOC_MODE_OFF) {
637 error_setg(errp, "Unsupported preallocation mode '%s'",
638 PreallocMode_str(prealloc));
639 return -ENOTSUP;
642 options = qdict_new();
643 qdict_put_str(options, "driver", drv->format_name);
645 blk = blk_new_open(filename, NULL, options,
646 BDRV_O_RDWR | BDRV_O_RESIZE, errp);
647 if (!blk) {
648 error_prepend(errp, "Protocol driver '%s' does not support image "
649 "creation, and opening the image failed: ",
650 drv->format_name);
651 return -EINVAL;
654 size = create_file_fallback_truncate(blk, size, errp);
655 if (size < 0) {
656 ret = size;
657 goto out;
660 ret = create_file_fallback_zero_first_sector(blk, size, errp);
661 if (ret < 0) {
662 goto out;
665 ret = 0;
666 out:
667 blk_unref(blk);
668 return ret;
671 int bdrv_create_file(const char *filename, QemuOpts *opts, Error **errp)
673 BlockDriver *drv;
675 drv = bdrv_find_protocol(filename, true, errp);
676 if (drv == NULL) {
677 return -ENOENT;
680 return bdrv_create(drv, filename, opts, errp);
683 int coroutine_fn bdrv_co_delete_file(BlockDriverState *bs, Error **errp)
685 Error *local_err = NULL;
686 int ret;
688 assert(bs != NULL);
690 if (!bs->drv) {
691 error_setg(errp, "Block node '%s' is not opened", bs->filename);
692 return -ENOMEDIUM;
695 if (!bs->drv->bdrv_co_delete_file) {
696 error_setg(errp, "Driver '%s' does not support image deletion",
697 bs->drv->format_name);
698 return -ENOTSUP;
701 ret = bs->drv->bdrv_co_delete_file(bs, &local_err);
702 if (ret < 0) {
703 error_propagate(errp, local_err);
706 return ret;
709 void coroutine_fn bdrv_co_delete_file_noerr(BlockDriverState *bs)
711 Error *local_err = NULL;
712 int ret;
714 if (!bs) {
715 return;
718 ret = bdrv_co_delete_file(bs, &local_err);
720 * ENOTSUP will happen if the block driver doesn't support
721 * the 'bdrv_co_delete_file' interface. This is a predictable
722 * scenario and shouldn't be reported back to the user.
724 if (ret == -ENOTSUP) {
725 error_free(local_err);
726 } else if (ret < 0) {
727 error_report_err(local_err);
732 * Try to get @bs's logical and physical block size.
733 * On success, store them in @bsz struct and return 0.
734 * On failure return -errno.
735 * @bs must not be empty.
737 int bdrv_probe_blocksizes(BlockDriverState *bs, BlockSizes *bsz)
739 BlockDriver *drv = bs->drv;
740 BlockDriverState *filtered = bdrv_filter_bs(bs);
742 if (drv && drv->bdrv_probe_blocksizes) {
743 return drv->bdrv_probe_blocksizes(bs, bsz);
744 } else if (filtered) {
745 return bdrv_probe_blocksizes(filtered, bsz);
748 return -ENOTSUP;
752 * Try to get @bs's geometry (cyls, heads, sectors).
753 * On success, store them in @geo struct and return 0.
754 * On failure return -errno.
755 * @bs must not be empty.
757 int bdrv_probe_geometry(BlockDriverState *bs, HDGeometry *geo)
759 BlockDriver *drv = bs->drv;
760 BlockDriverState *filtered = bdrv_filter_bs(bs);
762 if (drv && drv->bdrv_probe_geometry) {
763 return drv->bdrv_probe_geometry(bs, geo);
764 } else if (filtered) {
765 return bdrv_probe_geometry(filtered, geo);
768 return -ENOTSUP;
772 * Create a uniquely-named empty temporary file.
773 * Return 0 upon success, otherwise a negative errno value.
775 int get_tmp_filename(char *filename, int size)
777 #ifdef _WIN32
778 char temp_dir[MAX_PATH];
779 /* GetTempFileName requires that its output buffer (4th param)
780 have length MAX_PATH or greater. */
781 assert(size >= MAX_PATH);
782 return (GetTempPath(MAX_PATH, temp_dir)
783 && GetTempFileName(temp_dir, "qem", 0, filename)
784 ? 0 : -GetLastError());
785 #else
786 int fd;
787 const char *tmpdir;
788 tmpdir = getenv("TMPDIR");
789 if (!tmpdir) {
790 tmpdir = "/var/tmp";
792 if (snprintf(filename, size, "%s/vl.XXXXXX", tmpdir) >= size) {
793 return -EOVERFLOW;
795 fd = mkstemp(filename);
796 if (fd < 0) {
797 return -errno;
799 if (close(fd) != 0) {
800 unlink(filename);
801 return -errno;
803 return 0;
804 #endif
808 * Detect host devices. By convention, /dev/cdrom[N] is always
809 * recognized as a host CDROM.
811 static BlockDriver *find_hdev_driver(const char *filename)
813 int score_max = 0, score;
814 BlockDriver *drv = NULL, *d;
816 QLIST_FOREACH(d, &bdrv_drivers, list) {
817 if (d->bdrv_probe_device) {
818 score = d->bdrv_probe_device(filename);
819 if (score > score_max) {
820 score_max = score;
821 drv = d;
826 return drv;
829 static BlockDriver *bdrv_do_find_protocol(const char *protocol)
831 BlockDriver *drv1;
833 QLIST_FOREACH(drv1, &bdrv_drivers, list) {
834 if (drv1->protocol_name && !strcmp(drv1->protocol_name, protocol)) {
835 return drv1;
839 return NULL;
842 BlockDriver *bdrv_find_protocol(const char *filename,
843 bool allow_protocol_prefix,
844 Error **errp)
846 BlockDriver *drv1;
847 char protocol[128];
848 int len;
849 const char *p;
850 int i;
852 /* TODO Drivers without bdrv_file_open must be specified explicitly */
855 * XXX(hch): we really should not let host device detection
856 * override an explicit protocol specification, but moving this
857 * later breaks access to device names with colons in them.
858 * Thanks to the brain-dead persistent naming schemes on udev-
859 * based Linux systems those actually are quite common.
861 drv1 = find_hdev_driver(filename);
862 if (drv1) {
863 return drv1;
866 if (!path_has_protocol(filename) || !allow_protocol_prefix) {
867 return &bdrv_file;
870 p = strchr(filename, ':');
871 assert(p != NULL);
872 len = p - filename;
873 if (len > sizeof(protocol) - 1)
874 len = sizeof(protocol) - 1;
875 memcpy(protocol, filename, len);
876 protocol[len] = '\0';
878 drv1 = bdrv_do_find_protocol(protocol);
879 if (drv1) {
880 return drv1;
883 for (i = 0; i < (int)ARRAY_SIZE(block_driver_modules); ++i) {
884 if (block_driver_modules[i].protocol_name &&
885 !strcmp(block_driver_modules[i].protocol_name, protocol)) {
886 block_module_load_one(block_driver_modules[i].library_name);
887 break;
891 drv1 = bdrv_do_find_protocol(protocol);
892 if (!drv1) {
893 error_setg(errp, "Unknown protocol '%s'", protocol);
895 return drv1;
899 * Guess image format by probing its contents.
900 * This is not a good idea when your image is raw (CVE-2008-2004), but
901 * we do it anyway for backward compatibility.
903 * @buf contains the image's first @buf_size bytes.
904 * @buf_size is the buffer size in bytes (generally BLOCK_PROBE_BUF_SIZE,
905 * but can be smaller if the image file is smaller)
906 * @filename is its filename.
908 * For all block drivers, call the bdrv_probe() method to get its
909 * probing score.
910 * Return the first block driver with the highest probing score.
912 BlockDriver *bdrv_probe_all(const uint8_t *buf, int buf_size,
913 const char *filename)
915 int score_max = 0, score;
916 BlockDriver *drv = NULL, *d;
918 QLIST_FOREACH(d, &bdrv_drivers, list) {
919 if (d->bdrv_probe) {
920 score = d->bdrv_probe(buf, buf_size, filename);
921 if (score > score_max) {
922 score_max = score;
923 drv = d;
928 return drv;
931 static int find_image_format(BlockBackend *file, const char *filename,
932 BlockDriver **pdrv, Error **errp)
934 BlockDriver *drv;
935 uint8_t buf[BLOCK_PROBE_BUF_SIZE];
936 int ret = 0;
938 /* Return the raw BlockDriver * to scsi-generic devices or empty drives */
939 if (blk_is_sg(file) || !blk_is_inserted(file) || blk_getlength(file) == 0) {
940 *pdrv = &bdrv_raw;
941 return ret;
944 ret = blk_pread(file, 0, buf, sizeof(buf));
945 if (ret < 0) {
946 error_setg_errno(errp, -ret, "Could not read image for determining its "
947 "format");
948 *pdrv = NULL;
949 return ret;
952 drv = bdrv_probe_all(buf, ret, filename);
953 if (!drv) {
954 error_setg(errp, "Could not determine image format: No compatible "
955 "driver found");
956 ret = -ENOENT;
958 *pdrv = drv;
959 return ret;
963 * Set the current 'total_sectors' value
964 * Return 0 on success, -errno on error.
966 int refresh_total_sectors(BlockDriverState *bs, int64_t hint)
968 BlockDriver *drv = bs->drv;
970 if (!drv) {
971 return -ENOMEDIUM;
974 /* Do not attempt drv->bdrv_getlength() on scsi-generic devices */
975 if (bdrv_is_sg(bs))
976 return 0;
978 /* query actual device if possible, otherwise just trust the hint */
979 if (drv->bdrv_getlength) {
980 int64_t length = drv->bdrv_getlength(bs);
981 if (length < 0) {
982 return length;
984 hint = DIV_ROUND_UP(length, BDRV_SECTOR_SIZE);
987 bs->total_sectors = hint;
989 if (bs->total_sectors * BDRV_SECTOR_SIZE > BDRV_MAX_LENGTH) {
990 return -EFBIG;
993 return 0;
997 * Combines a QDict of new block driver @options with any missing options taken
998 * from @old_options, so that leaving out an option defaults to its old value.
1000 static void bdrv_join_options(BlockDriverState *bs, QDict *options,
1001 QDict *old_options)
1003 if (bs->drv && bs->drv->bdrv_join_options) {
1004 bs->drv->bdrv_join_options(options, old_options);
1005 } else {
1006 qdict_join(options, old_options, false);
1010 static BlockdevDetectZeroesOptions bdrv_parse_detect_zeroes(QemuOpts *opts,
1011 int open_flags,
1012 Error **errp)
1014 Error *local_err = NULL;
1015 char *value = qemu_opt_get_del(opts, "detect-zeroes");
1016 BlockdevDetectZeroesOptions detect_zeroes =
1017 qapi_enum_parse(&BlockdevDetectZeroesOptions_lookup, value,
1018 BLOCKDEV_DETECT_ZEROES_OPTIONS_OFF, &local_err);
1019 g_free(value);
1020 if (local_err) {
1021 error_propagate(errp, local_err);
1022 return detect_zeroes;
1025 if (detect_zeroes == BLOCKDEV_DETECT_ZEROES_OPTIONS_UNMAP &&
1026 !(open_flags & BDRV_O_UNMAP))
1028 error_setg(errp, "setting detect-zeroes to unmap is not allowed "
1029 "without setting discard operation to unmap");
1032 return detect_zeroes;
1036 * Set open flags for aio engine
1038 * Return 0 on success, -1 if the engine specified is invalid
1040 int bdrv_parse_aio(const char *mode, int *flags)
1042 if (!strcmp(mode, "threads")) {
1043 /* do nothing, default */
1044 } else if (!strcmp(mode, "native")) {
1045 *flags |= BDRV_O_NATIVE_AIO;
1046 #ifdef CONFIG_LINUX_IO_URING
1047 } else if (!strcmp(mode, "io_uring")) {
1048 *flags |= BDRV_O_IO_URING;
1049 #endif
1050 } else {
1051 return -1;
1054 return 0;
1058 * Set open flags for a given discard mode
1060 * Return 0 on success, -1 if the discard mode was invalid.
1062 int bdrv_parse_discard_flags(const char *mode, int *flags)
1064 *flags &= ~BDRV_O_UNMAP;
1066 if (!strcmp(mode, "off") || !strcmp(mode, "ignore")) {
1067 /* do nothing */
1068 } else if (!strcmp(mode, "on") || !strcmp(mode, "unmap")) {
1069 *flags |= BDRV_O_UNMAP;
1070 } else {
1071 return -1;
1074 return 0;
1078 * Set open flags for a given cache mode
1080 * Return 0 on success, -1 if the cache mode was invalid.
1082 int bdrv_parse_cache_mode(const char *mode, int *flags, bool *writethrough)
1084 *flags &= ~BDRV_O_CACHE_MASK;
1086 if (!strcmp(mode, "off") || !strcmp(mode, "none")) {
1087 *writethrough = false;
1088 *flags |= BDRV_O_NOCACHE;
1089 } else if (!strcmp(mode, "directsync")) {
1090 *writethrough = true;
1091 *flags |= BDRV_O_NOCACHE;
1092 } else if (!strcmp(mode, "writeback")) {
1093 *writethrough = false;
1094 } else if (!strcmp(mode, "unsafe")) {
1095 *writethrough = false;
1096 *flags |= BDRV_O_NO_FLUSH;
1097 } else if (!strcmp(mode, "writethrough")) {
1098 *writethrough = true;
1099 } else {
1100 return -1;
1103 return 0;
1106 static char *bdrv_child_get_parent_desc(BdrvChild *c)
1108 BlockDriverState *parent = c->opaque;
1109 return g_strdup(bdrv_get_device_or_node_name(parent));
1112 static void bdrv_child_cb_drained_begin(BdrvChild *child)
1114 BlockDriverState *bs = child->opaque;
1115 bdrv_do_drained_begin_quiesce(bs, NULL, false);
1118 static bool bdrv_child_cb_drained_poll(BdrvChild *child)
1120 BlockDriverState *bs = child->opaque;
1121 return bdrv_drain_poll(bs, false, NULL, false);
1124 static void bdrv_child_cb_drained_end(BdrvChild *child,
1125 int *drained_end_counter)
1127 BlockDriverState *bs = child->opaque;
1128 bdrv_drained_end_no_poll(bs, drained_end_counter);
1131 static int bdrv_child_cb_inactivate(BdrvChild *child)
1133 BlockDriverState *bs = child->opaque;
1134 assert(bs->open_flags & BDRV_O_INACTIVE);
1135 return 0;
1138 static bool bdrv_child_cb_can_set_aio_ctx(BdrvChild *child, AioContext *ctx,
1139 GSList **ignore, Error **errp)
1141 BlockDriverState *bs = child->opaque;
1142 return bdrv_can_set_aio_context(bs, ctx, ignore, errp);
1145 static void bdrv_child_cb_set_aio_ctx(BdrvChild *child, AioContext *ctx,
1146 GSList **ignore)
1148 BlockDriverState *bs = child->opaque;
1149 return bdrv_set_aio_context_ignore(bs, ctx, ignore);
1153 * Returns the options and flags that a temporary snapshot should get, based on
1154 * the originally requested flags (the originally requested image will have
1155 * flags like a backing file)
1157 static void bdrv_temp_snapshot_options(int *child_flags, QDict *child_options,
1158 int parent_flags, QDict *parent_options)
1160 *child_flags = (parent_flags & ~BDRV_O_SNAPSHOT) | BDRV_O_TEMPORARY;
1162 /* For temporary files, unconditional cache=unsafe is fine */
1163 qdict_set_default_str(child_options, BDRV_OPT_CACHE_DIRECT, "off");
1164 qdict_set_default_str(child_options, BDRV_OPT_CACHE_NO_FLUSH, "on");
1166 /* Copy the read-only and discard options from the parent */
1167 qdict_copy_default(child_options, parent_options, BDRV_OPT_READ_ONLY);
1168 qdict_copy_default(child_options, parent_options, BDRV_OPT_DISCARD);
1170 /* aio=native doesn't work for cache.direct=off, so disable it for the
1171 * temporary snapshot */
1172 *child_flags &= ~BDRV_O_NATIVE_AIO;
1175 static void bdrv_backing_attach(BdrvChild *c)
1177 BlockDriverState *parent = c->opaque;
1178 BlockDriverState *backing_hd = c->bs;
1180 assert(!parent->backing_blocker);
1181 error_setg(&parent->backing_blocker,
1182 "node is used as backing hd of '%s'",
1183 bdrv_get_device_or_node_name(parent));
1185 bdrv_refresh_filename(backing_hd);
1187 parent->open_flags &= ~BDRV_O_NO_BACKING;
1189 bdrv_op_block_all(backing_hd, parent->backing_blocker);
1190 /* Otherwise we won't be able to commit or stream */
1191 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_COMMIT_TARGET,
1192 parent->backing_blocker);
1193 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_STREAM,
1194 parent->backing_blocker);
1196 * We do backup in 3 ways:
1197 * 1. drive backup
1198 * The target bs is new opened, and the source is top BDS
1199 * 2. blockdev backup
1200 * Both the source and the target are top BDSes.
1201 * 3. internal backup(used for block replication)
1202 * Both the source and the target are backing file
1204 * In case 1 and 2, neither the source nor the target is the backing file.
1205 * In case 3, we will block the top BDS, so there is only one block job
1206 * for the top BDS and its backing chain.
1208 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_BACKUP_SOURCE,
1209 parent->backing_blocker);
1210 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_BACKUP_TARGET,
1211 parent->backing_blocker);
1214 static void bdrv_backing_detach(BdrvChild *c)
1216 BlockDriverState *parent = c->opaque;
1218 assert(parent->backing_blocker);
1219 bdrv_op_unblock_all(c->bs, parent->backing_blocker);
1220 error_free(parent->backing_blocker);
1221 parent->backing_blocker = NULL;
1224 static int bdrv_backing_update_filename(BdrvChild *c, BlockDriverState *base,
1225 const char *filename, Error **errp)
1227 BlockDriverState *parent = c->opaque;
1228 bool read_only = bdrv_is_read_only(parent);
1229 int ret;
1231 if (read_only) {
1232 ret = bdrv_reopen_set_read_only(parent, false, errp);
1233 if (ret < 0) {
1234 return ret;
1238 ret = bdrv_change_backing_file(parent, filename,
1239 base->drv ? base->drv->format_name : "",
1240 false);
1241 if (ret < 0) {
1242 error_setg_errno(errp, -ret, "Could not update backing file link");
1245 if (read_only) {
1246 bdrv_reopen_set_read_only(parent, true, NULL);
1249 return ret;
1253 * Returns the options and flags that a generic child of a BDS should
1254 * get, based on the given options and flags for the parent BDS.
1256 static void bdrv_inherited_options(BdrvChildRole role, bool parent_is_format,
1257 int *child_flags, QDict *child_options,
1258 int parent_flags, QDict *parent_options)
1260 int flags = parent_flags;
1263 * First, decide whether to set, clear, or leave BDRV_O_PROTOCOL.
1264 * Generally, the question to answer is: Should this child be
1265 * format-probed by default?
1269 * Pure and non-filtered data children of non-format nodes should
1270 * be probed by default (even when the node itself has BDRV_O_PROTOCOL
1271 * set). This only affects a very limited set of drivers (namely
1272 * quorum and blkverify when this comment was written).
1273 * Force-clear BDRV_O_PROTOCOL then.
1275 if (!parent_is_format &&
1276 (role & BDRV_CHILD_DATA) &&
1277 !(role & (BDRV_CHILD_METADATA | BDRV_CHILD_FILTERED)))
1279 flags &= ~BDRV_O_PROTOCOL;
1283 * All children of format nodes (except for COW children) and all
1284 * metadata children in general should never be format-probed.
1285 * Force-set BDRV_O_PROTOCOL then.
1287 if ((parent_is_format && !(role & BDRV_CHILD_COW)) ||
1288 (role & BDRV_CHILD_METADATA))
1290 flags |= BDRV_O_PROTOCOL;
1294 * If the cache mode isn't explicitly set, inherit direct and no-flush from
1295 * the parent.
1297 qdict_copy_default(child_options, parent_options, BDRV_OPT_CACHE_DIRECT);
1298 qdict_copy_default(child_options, parent_options, BDRV_OPT_CACHE_NO_FLUSH);
1299 qdict_copy_default(child_options, parent_options, BDRV_OPT_FORCE_SHARE);
1301 if (role & BDRV_CHILD_COW) {
1302 /* backing files are opened read-only by default */
1303 qdict_set_default_str(child_options, BDRV_OPT_READ_ONLY, "on");
1304 qdict_set_default_str(child_options, BDRV_OPT_AUTO_READ_ONLY, "off");
1305 } else {
1306 /* Inherit the read-only option from the parent if it's not set */
1307 qdict_copy_default(child_options, parent_options, BDRV_OPT_READ_ONLY);
1308 qdict_copy_default(child_options, parent_options,
1309 BDRV_OPT_AUTO_READ_ONLY);
1313 * bdrv_co_pdiscard() respects unmap policy for the parent, so we
1314 * can default to enable it on lower layers regardless of the
1315 * parent option.
1317 qdict_set_default_str(child_options, BDRV_OPT_DISCARD, "unmap");
1319 /* Clear flags that only apply to the top layer */
1320 flags &= ~(BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING | BDRV_O_COPY_ON_READ);
1322 if (role & BDRV_CHILD_METADATA) {
1323 flags &= ~BDRV_O_NO_IO;
1325 if (role & BDRV_CHILD_COW) {
1326 flags &= ~BDRV_O_TEMPORARY;
1329 *child_flags = flags;
1332 static void bdrv_child_cb_attach(BdrvChild *child)
1334 BlockDriverState *bs = child->opaque;
1336 if (child->role & BDRV_CHILD_COW) {
1337 bdrv_backing_attach(child);
1340 bdrv_apply_subtree_drain(child, bs);
1343 static void bdrv_child_cb_detach(BdrvChild *child)
1345 BlockDriverState *bs = child->opaque;
1347 if (child->role & BDRV_CHILD_COW) {
1348 bdrv_backing_detach(child);
1351 bdrv_unapply_subtree_drain(child, bs);
1354 static int bdrv_child_cb_update_filename(BdrvChild *c, BlockDriverState *base,
1355 const char *filename, Error **errp)
1357 if (c->role & BDRV_CHILD_COW) {
1358 return bdrv_backing_update_filename(c, base, filename, errp);
1360 return 0;
1363 const BdrvChildClass child_of_bds = {
1364 .parent_is_bds = true,
1365 .get_parent_desc = bdrv_child_get_parent_desc,
1366 .inherit_options = bdrv_inherited_options,
1367 .drained_begin = bdrv_child_cb_drained_begin,
1368 .drained_poll = bdrv_child_cb_drained_poll,
1369 .drained_end = bdrv_child_cb_drained_end,
1370 .attach = bdrv_child_cb_attach,
1371 .detach = bdrv_child_cb_detach,
1372 .inactivate = bdrv_child_cb_inactivate,
1373 .can_set_aio_ctx = bdrv_child_cb_can_set_aio_ctx,
1374 .set_aio_ctx = bdrv_child_cb_set_aio_ctx,
1375 .update_filename = bdrv_child_cb_update_filename,
1378 static int bdrv_open_flags(BlockDriverState *bs, int flags)
1380 int open_flags = flags;
1383 * Clear flags that are internal to the block layer before opening the
1384 * image.
1386 open_flags &= ~(BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING | BDRV_O_PROTOCOL);
1388 return open_flags;
1391 static void update_flags_from_options(int *flags, QemuOpts *opts)
1393 *flags &= ~(BDRV_O_CACHE_MASK | BDRV_O_RDWR | BDRV_O_AUTO_RDONLY);
1395 if (qemu_opt_get_bool_del(opts, BDRV_OPT_CACHE_NO_FLUSH, false)) {
1396 *flags |= BDRV_O_NO_FLUSH;
1399 if (qemu_opt_get_bool_del(opts, BDRV_OPT_CACHE_DIRECT, false)) {
1400 *flags |= BDRV_O_NOCACHE;
1403 if (!qemu_opt_get_bool_del(opts, BDRV_OPT_READ_ONLY, false)) {
1404 *flags |= BDRV_O_RDWR;
1407 if (qemu_opt_get_bool_del(opts, BDRV_OPT_AUTO_READ_ONLY, false)) {
1408 *flags |= BDRV_O_AUTO_RDONLY;
1412 static void update_options_from_flags(QDict *options, int flags)
1414 if (!qdict_haskey(options, BDRV_OPT_CACHE_DIRECT)) {
1415 qdict_put_bool(options, BDRV_OPT_CACHE_DIRECT, flags & BDRV_O_NOCACHE);
1417 if (!qdict_haskey(options, BDRV_OPT_CACHE_NO_FLUSH)) {
1418 qdict_put_bool(options, BDRV_OPT_CACHE_NO_FLUSH,
1419 flags & BDRV_O_NO_FLUSH);
1421 if (!qdict_haskey(options, BDRV_OPT_READ_ONLY)) {
1422 qdict_put_bool(options, BDRV_OPT_READ_ONLY, !(flags & BDRV_O_RDWR));
1424 if (!qdict_haskey(options, BDRV_OPT_AUTO_READ_ONLY)) {
1425 qdict_put_bool(options, BDRV_OPT_AUTO_READ_ONLY,
1426 flags & BDRV_O_AUTO_RDONLY);
1430 static void bdrv_assign_node_name(BlockDriverState *bs,
1431 const char *node_name,
1432 Error **errp)
1434 char *gen_node_name = NULL;
1436 if (!node_name) {
1437 node_name = gen_node_name = id_generate(ID_BLOCK);
1438 } else if (!id_wellformed(node_name)) {
1440 * Check for empty string or invalid characters, but not if it is
1441 * generated (generated names use characters not available to the user)
1443 error_setg(errp, "Invalid node name");
1444 return;
1447 /* takes care of avoiding namespaces collisions */
1448 if (blk_by_name(node_name)) {
1449 error_setg(errp, "node-name=%s is conflicting with a device id",
1450 node_name);
1451 goto out;
1454 /* takes care of avoiding duplicates node names */
1455 if (bdrv_find_node(node_name)) {
1456 error_setg(errp, "Duplicate node name");
1457 goto out;
1460 /* Make sure that the node name isn't truncated */
1461 if (strlen(node_name) >= sizeof(bs->node_name)) {
1462 error_setg(errp, "Node name too long");
1463 goto out;
1466 /* copy node name into the bs and insert it into the graph list */
1467 pstrcpy(bs->node_name, sizeof(bs->node_name), node_name);
1468 QTAILQ_INSERT_TAIL(&graph_bdrv_states, bs, node_list);
1469 out:
1470 g_free(gen_node_name);
1473 static int bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv,
1474 const char *node_name, QDict *options,
1475 int open_flags, Error **errp)
1477 Error *local_err = NULL;
1478 int i, ret;
1480 bdrv_assign_node_name(bs, node_name, &local_err);
1481 if (local_err) {
1482 error_propagate(errp, local_err);
1483 return -EINVAL;
1486 bs->drv = drv;
1487 bs->read_only = !(bs->open_flags & BDRV_O_RDWR);
1488 bs->opaque = g_malloc0(drv->instance_size);
1490 if (drv->bdrv_file_open) {
1491 assert(!drv->bdrv_needs_filename || bs->filename[0]);
1492 ret = drv->bdrv_file_open(bs, options, open_flags, &local_err);
1493 } else if (drv->bdrv_open) {
1494 ret = drv->bdrv_open(bs, options, open_flags, &local_err);
1495 } else {
1496 ret = 0;
1499 if (ret < 0) {
1500 if (local_err) {
1501 error_propagate(errp, local_err);
1502 } else if (bs->filename[0]) {
1503 error_setg_errno(errp, -ret, "Could not open '%s'", bs->filename);
1504 } else {
1505 error_setg_errno(errp, -ret, "Could not open image");
1507 goto open_failed;
1510 ret = refresh_total_sectors(bs, bs->total_sectors);
1511 if (ret < 0) {
1512 error_setg_errno(errp, -ret, "Could not refresh total sector count");
1513 return ret;
1516 bdrv_refresh_limits(bs, &local_err);
1517 if (local_err) {
1518 error_propagate(errp, local_err);
1519 return -EINVAL;
1522 assert(bdrv_opt_mem_align(bs) != 0);
1523 assert(bdrv_min_mem_align(bs) != 0);
1524 assert(is_power_of_2(bs->bl.request_alignment));
1526 for (i = 0; i < bs->quiesce_counter; i++) {
1527 if (drv->bdrv_co_drain_begin) {
1528 drv->bdrv_co_drain_begin(bs);
1532 return 0;
1533 open_failed:
1534 bs->drv = NULL;
1535 if (bs->file != NULL) {
1536 bdrv_unref_child(bs, bs->file);
1537 bs->file = NULL;
1539 g_free(bs->opaque);
1540 bs->opaque = NULL;
1541 return ret;
1544 BlockDriverState *bdrv_new_open_driver(BlockDriver *drv, const char *node_name,
1545 int flags, Error **errp)
1547 BlockDriverState *bs;
1548 int ret;
1550 bs = bdrv_new();
1551 bs->open_flags = flags;
1552 bs->explicit_options = qdict_new();
1553 bs->options = qdict_new();
1554 bs->opaque = NULL;
1556 update_options_from_flags(bs->options, flags);
1558 ret = bdrv_open_driver(bs, drv, node_name, bs->options, flags, errp);
1559 if (ret < 0) {
1560 qobject_unref(bs->explicit_options);
1561 bs->explicit_options = NULL;
1562 qobject_unref(bs->options);
1563 bs->options = NULL;
1564 bdrv_unref(bs);
1565 return NULL;
1568 return bs;
1571 QemuOptsList bdrv_runtime_opts = {
1572 .name = "bdrv_common",
1573 .head = QTAILQ_HEAD_INITIALIZER(bdrv_runtime_opts.head),
1574 .desc = {
1576 .name = "node-name",
1577 .type = QEMU_OPT_STRING,
1578 .help = "Node name of the block device node",
1581 .name = "driver",
1582 .type = QEMU_OPT_STRING,
1583 .help = "Block driver to use for the node",
1586 .name = BDRV_OPT_CACHE_DIRECT,
1587 .type = QEMU_OPT_BOOL,
1588 .help = "Bypass software writeback cache on the host",
1591 .name = BDRV_OPT_CACHE_NO_FLUSH,
1592 .type = QEMU_OPT_BOOL,
1593 .help = "Ignore flush requests",
1596 .name = BDRV_OPT_READ_ONLY,
1597 .type = QEMU_OPT_BOOL,
1598 .help = "Node is opened in read-only mode",
1601 .name = BDRV_OPT_AUTO_READ_ONLY,
1602 .type = QEMU_OPT_BOOL,
1603 .help = "Node can become read-only if opening read-write fails",
1606 .name = "detect-zeroes",
1607 .type = QEMU_OPT_STRING,
1608 .help = "try to optimize zero writes (off, on, unmap)",
1611 .name = BDRV_OPT_DISCARD,
1612 .type = QEMU_OPT_STRING,
1613 .help = "discard operation (ignore/off, unmap/on)",
1616 .name = BDRV_OPT_FORCE_SHARE,
1617 .type = QEMU_OPT_BOOL,
1618 .help = "always accept other writers (default: off)",
1620 { /* end of list */ }
1624 QemuOptsList bdrv_create_opts_simple = {
1625 .name = "simple-create-opts",
1626 .head = QTAILQ_HEAD_INITIALIZER(bdrv_create_opts_simple.head),
1627 .desc = {
1629 .name = BLOCK_OPT_SIZE,
1630 .type = QEMU_OPT_SIZE,
1631 .help = "Virtual disk size"
1634 .name = BLOCK_OPT_PREALLOC,
1635 .type = QEMU_OPT_STRING,
1636 .help = "Preallocation mode (allowed values: off)"
1638 { /* end of list */ }
1643 * Common part for opening disk images and files
1645 * Removes all processed options from *options.
1647 static int bdrv_open_common(BlockDriverState *bs, BlockBackend *file,
1648 QDict *options, Error **errp)
1650 int ret, open_flags;
1651 const char *filename;
1652 const char *driver_name = NULL;
1653 const char *node_name = NULL;
1654 const char *discard;
1655 QemuOpts *opts;
1656 BlockDriver *drv;
1657 Error *local_err = NULL;
1659 assert(bs->file == NULL);
1660 assert(options != NULL && bs->options != options);
1662 opts = qemu_opts_create(&bdrv_runtime_opts, NULL, 0, &error_abort);
1663 if (!qemu_opts_absorb_qdict(opts, options, errp)) {
1664 ret = -EINVAL;
1665 goto fail_opts;
1668 update_flags_from_options(&bs->open_flags, opts);
1670 driver_name = qemu_opt_get(opts, "driver");
1671 drv = bdrv_find_format(driver_name);
1672 assert(drv != NULL);
1674 bs->force_share = qemu_opt_get_bool(opts, BDRV_OPT_FORCE_SHARE, false);
1676 if (bs->force_share && (bs->open_flags & BDRV_O_RDWR)) {
1677 error_setg(errp,
1678 BDRV_OPT_FORCE_SHARE
1679 "=on can only be used with read-only images");
1680 ret = -EINVAL;
1681 goto fail_opts;
1684 if (file != NULL) {
1685 bdrv_refresh_filename(blk_bs(file));
1686 filename = blk_bs(file)->filename;
1687 } else {
1689 * Caution: while qdict_get_try_str() is fine, getting
1690 * non-string types would require more care. When @options
1691 * come from -blockdev or blockdev_add, its members are typed
1692 * according to the QAPI schema, but when they come from
1693 * -drive, they're all QString.
1695 filename = qdict_get_try_str(options, "filename");
1698 if (drv->bdrv_needs_filename && (!filename || !filename[0])) {
1699 error_setg(errp, "The '%s' block driver requires a file name",
1700 drv->format_name);
1701 ret = -EINVAL;
1702 goto fail_opts;
1705 trace_bdrv_open_common(bs, filename ?: "", bs->open_flags,
1706 drv->format_name);
1708 bs->read_only = !(bs->open_flags & BDRV_O_RDWR);
1710 if (use_bdrv_whitelist && !bdrv_is_whitelisted(drv, bs->read_only)) {
1711 if (!bs->read_only && bdrv_is_whitelisted(drv, true)) {
1712 ret = bdrv_apply_auto_read_only(bs, NULL, NULL);
1713 } else {
1714 ret = -ENOTSUP;
1716 if (ret < 0) {
1717 error_setg(errp,
1718 !bs->read_only && bdrv_is_whitelisted(drv, true)
1719 ? "Driver '%s' can only be used for read-only devices"
1720 : "Driver '%s' is not whitelisted",
1721 drv->format_name);
1722 goto fail_opts;
1726 /* bdrv_new() and bdrv_close() make it so */
1727 assert(qatomic_read(&bs->copy_on_read) == 0);
1729 if (bs->open_flags & BDRV_O_COPY_ON_READ) {
1730 if (!bs->read_only) {
1731 bdrv_enable_copy_on_read(bs);
1732 } else {
1733 error_setg(errp, "Can't use copy-on-read on read-only device");
1734 ret = -EINVAL;
1735 goto fail_opts;
1739 discard = qemu_opt_get(opts, BDRV_OPT_DISCARD);
1740 if (discard != NULL) {
1741 if (bdrv_parse_discard_flags(discard, &bs->open_flags) != 0) {
1742 error_setg(errp, "Invalid discard option");
1743 ret = -EINVAL;
1744 goto fail_opts;
1748 bs->detect_zeroes =
1749 bdrv_parse_detect_zeroes(opts, bs->open_flags, &local_err);
1750 if (local_err) {
1751 error_propagate(errp, local_err);
1752 ret = -EINVAL;
1753 goto fail_opts;
1756 if (filename != NULL) {
1757 pstrcpy(bs->filename, sizeof(bs->filename), filename);
1758 } else {
1759 bs->filename[0] = '\0';
1761 pstrcpy(bs->exact_filename, sizeof(bs->exact_filename), bs->filename);
1763 /* Open the image, either directly or using a protocol */
1764 open_flags = bdrv_open_flags(bs, bs->open_flags);
1765 node_name = qemu_opt_get(opts, "node-name");
1767 assert(!drv->bdrv_file_open || file == NULL);
1768 ret = bdrv_open_driver(bs, drv, node_name, options, open_flags, errp);
1769 if (ret < 0) {
1770 goto fail_opts;
1773 qemu_opts_del(opts);
1774 return 0;
1776 fail_opts:
1777 qemu_opts_del(opts);
1778 return ret;
1781 static QDict *parse_json_filename(const char *filename, Error **errp)
1783 QObject *options_obj;
1784 QDict *options;
1785 int ret;
1787 ret = strstart(filename, "json:", &filename);
1788 assert(ret);
1790 options_obj = qobject_from_json(filename, errp);
1791 if (!options_obj) {
1792 error_prepend(errp, "Could not parse the JSON options: ");
1793 return NULL;
1796 options = qobject_to(QDict, options_obj);
1797 if (!options) {
1798 qobject_unref(options_obj);
1799 error_setg(errp, "Invalid JSON object given");
1800 return NULL;
1803 qdict_flatten(options);
1805 return options;
1808 static void parse_json_protocol(QDict *options, const char **pfilename,
1809 Error **errp)
1811 QDict *json_options;
1812 Error *local_err = NULL;
1814 /* Parse json: pseudo-protocol */
1815 if (!*pfilename || !g_str_has_prefix(*pfilename, "json:")) {
1816 return;
1819 json_options = parse_json_filename(*pfilename, &local_err);
1820 if (local_err) {
1821 error_propagate(errp, local_err);
1822 return;
1825 /* Options given in the filename have lower priority than options
1826 * specified directly */
1827 qdict_join(options, json_options, false);
1828 qobject_unref(json_options);
1829 *pfilename = NULL;
1833 * Fills in default options for opening images and converts the legacy
1834 * filename/flags pair to option QDict entries.
1835 * The BDRV_O_PROTOCOL flag in *flags will be set or cleared accordingly if a
1836 * block driver has been specified explicitly.
1838 static int bdrv_fill_options(QDict **options, const char *filename,
1839 int *flags, Error **errp)
1841 const char *drvname;
1842 bool protocol = *flags & BDRV_O_PROTOCOL;
1843 bool parse_filename = false;
1844 BlockDriver *drv = NULL;
1845 Error *local_err = NULL;
1848 * Caution: while qdict_get_try_str() is fine, getting non-string
1849 * types would require more care. When @options come from
1850 * -blockdev or blockdev_add, its members are typed according to
1851 * the QAPI schema, but when they come from -drive, they're all
1852 * QString.
1854 drvname = qdict_get_try_str(*options, "driver");
1855 if (drvname) {
1856 drv = bdrv_find_format(drvname);
1857 if (!drv) {
1858 error_setg(errp, "Unknown driver '%s'", drvname);
1859 return -ENOENT;
1861 /* If the user has explicitly specified the driver, this choice should
1862 * override the BDRV_O_PROTOCOL flag */
1863 protocol = drv->bdrv_file_open;
1866 if (protocol) {
1867 *flags |= BDRV_O_PROTOCOL;
1868 } else {
1869 *flags &= ~BDRV_O_PROTOCOL;
1872 /* Translate cache options from flags into options */
1873 update_options_from_flags(*options, *flags);
1875 /* Fetch the file name from the options QDict if necessary */
1876 if (protocol && filename) {
1877 if (!qdict_haskey(*options, "filename")) {
1878 qdict_put_str(*options, "filename", filename);
1879 parse_filename = true;
1880 } else {
1881 error_setg(errp, "Can't specify 'file' and 'filename' options at "
1882 "the same time");
1883 return -EINVAL;
1887 /* Find the right block driver */
1888 /* See cautionary note on accessing @options above */
1889 filename = qdict_get_try_str(*options, "filename");
1891 if (!drvname && protocol) {
1892 if (filename) {
1893 drv = bdrv_find_protocol(filename, parse_filename, errp);
1894 if (!drv) {
1895 return -EINVAL;
1898 drvname = drv->format_name;
1899 qdict_put_str(*options, "driver", drvname);
1900 } else {
1901 error_setg(errp, "Must specify either driver or file");
1902 return -EINVAL;
1906 assert(drv || !protocol);
1908 /* Driver-specific filename parsing */
1909 if (drv && drv->bdrv_parse_filename && parse_filename) {
1910 drv->bdrv_parse_filename(filename, *options, &local_err);
1911 if (local_err) {
1912 error_propagate(errp, local_err);
1913 return -EINVAL;
1916 if (!drv->bdrv_needs_filename) {
1917 qdict_del(*options, "filename");
1921 return 0;
1924 static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q,
1925 uint64_t perm, uint64_t shared,
1926 GSList *ignore_children, Error **errp);
1927 static void bdrv_child_abort_perm_update(BdrvChild *c);
1928 static void bdrv_child_set_perm(BdrvChild *c);
1930 typedef struct BlockReopenQueueEntry {
1931 bool prepared;
1932 bool perms_checked;
1933 BDRVReopenState state;
1934 QTAILQ_ENTRY(BlockReopenQueueEntry) entry;
1935 } BlockReopenQueueEntry;
1938 * Return the flags that @bs will have after the reopens in @q have
1939 * successfully completed. If @q is NULL (or @bs is not contained in @q),
1940 * return the current flags.
1942 static int bdrv_reopen_get_flags(BlockReopenQueue *q, BlockDriverState *bs)
1944 BlockReopenQueueEntry *entry;
1946 if (q != NULL) {
1947 QTAILQ_FOREACH(entry, q, entry) {
1948 if (entry->state.bs == bs) {
1949 return entry->state.flags;
1954 return bs->open_flags;
1957 /* Returns whether the image file can be written to after the reopen queue @q
1958 * has been successfully applied, or right now if @q is NULL. */
1959 static bool bdrv_is_writable_after_reopen(BlockDriverState *bs,
1960 BlockReopenQueue *q)
1962 int flags = bdrv_reopen_get_flags(q, bs);
1964 return (flags & (BDRV_O_RDWR | BDRV_O_INACTIVE)) == BDRV_O_RDWR;
1968 * Return whether the BDS can be written to. This is not necessarily
1969 * the same as !bdrv_is_read_only(bs), as inactivated images may not
1970 * be written to but do not count as read-only images.
1972 bool bdrv_is_writable(BlockDriverState *bs)
1974 return bdrv_is_writable_after_reopen(bs, NULL);
1977 static void bdrv_child_perm(BlockDriverState *bs, BlockDriverState *child_bs,
1978 BdrvChild *c, BdrvChildRole role,
1979 BlockReopenQueue *reopen_queue,
1980 uint64_t parent_perm, uint64_t parent_shared,
1981 uint64_t *nperm, uint64_t *nshared)
1983 assert(bs->drv && bs->drv->bdrv_child_perm);
1984 bs->drv->bdrv_child_perm(bs, c, role, reopen_queue,
1985 parent_perm, parent_shared,
1986 nperm, nshared);
1987 /* TODO Take force_share from reopen_queue */
1988 if (child_bs && child_bs->force_share) {
1989 *nshared = BLK_PERM_ALL;
1994 * Check whether permissions on this node can be changed in a way that
1995 * @cumulative_perms and @cumulative_shared_perms are the new cumulative
1996 * permissions of all its parents. This involves checking whether all necessary
1997 * permission changes to child nodes can be performed.
1999 * A call to this function must always be followed by a call to bdrv_set_perm()
2000 * or bdrv_abort_perm_update().
2002 static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
2003 uint64_t cumulative_perms,
2004 uint64_t cumulative_shared_perms,
2005 GSList *ignore_children, Error **errp)
2007 BlockDriver *drv = bs->drv;
2008 BdrvChild *c;
2009 int ret;
2011 /* Write permissions never work with read-only images */
2012 if ((cumulative_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) &&
2013 !bdrv_is_writable_after_reopen(bs, q))
2015 if (!bdrv_is_writable_after_reopen(bs, NULL)) {
2016 error_setg(errp, "Block node is read-only");
2017 } else {
2018 uint64_t current_perms, current_shared;
2019 bdrv_get_cumulative_perm(bs, &current_perms, &current_shared);
2020 if (current_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) {
2021 error_setg(errp, "Cannot make block node read-only, there is "
2022 "a writer on it");
2023 } else {
2024 error_setg(errp, "Cannot make block node read-only and create "
2025 "a writer on it");
2029 return -EPERM;
2033 * Unaligned requests will automatically be aligned to bl.request_alignment
2034 * and without RESIZE we can't extend requests to write to space beyond the
2035 * end of the image, so it's required that the image size is aligned.
2037 if ((cumulative_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) &&
2038 !(cumulative_perms & BLK_PERM_RESIZE))
2040 if ((bs->total_sectors * BDRV_SECTOR_SIZE) % bs->bl.request_alignment) {
2041 error_setg(errp, "Cannot get 'write' permission without 'resize': "
2042 "Image size is not a multiple of request "
2043 "alignment");
2044 return -EPERM;
2048 /* Check this node */
2049 if (!drv) {
2050 return 0;
2053 if (drv->bdrv_check_perm) {
2054 ret = drv->bdrv_check_perm(bs, cumulative_perms,
2055 cumulative_shared_perms, errp);
2056 if (ret < 0) {
2057 return ret;
2061 /* Drivers that never have children can omit .bdrv_child_perm() */
2062 if (!drv->bdrv_child_perm) {
2063 assert(QLIST_EMPTY(&bs->children));
2064 return 0;
2067 /* Check all children */
2068 QLIST_FOREACH(c, &bs->children, next) {
2069 uint64_t cur_perm, cur_shared;
2071 bdrv_child_perm(bs, c->bs, c, c->role, q,
2072 cumulative_perms, cumulative_shared_perms,
2073 &cur_perm, &cur_shared);
2074 ret = bdrv_child_check_perm(c, q, cur_perm, cur_shared, ignore_children,
2075 errp);
2076 if (ret < 0) {
2077 return ret;
2081 return 0;
2085 * Notifies drivers that after a previous bdrv_check_perm() call, the
2086 * permission update is not performed and any preparations made for it (e.g.
2087 * taken file locks) need to be undone.
2089 * This function recursively notifies all child nodes.
2091 static void bdrv_abort_perm_update(BlockDriverState *bs)
2093 BlockDriver *drv = bs->drv;
2094 BdrvChild *c;
2096 if (!drv) {
2097 return;
2100 if (drv->bdrv_abort_perm_update) {
2101 drv->bdrv_abort_perm_update(bs);
2104 QLIST_FOREACH(c, &bs->children, next) {
2105 bdrv_child_abort_perm_update(c);
2109 static void bdrv_set_perm(BlockDriverState *bs)
2111 uint64_t cumulative_perms, cumulative_shared_perms;
2112 BlockDriver *drv = bs->drv;
2113 BdrvChild *c;
2115 if (!drv) {
2116 return;
2119 bdrv_get_cumulative_perm(bs, &cumulative_perms, &cumulative_shared_perms);
2121 /* Update this node */
2122 if (drv->bdrv_set_perm) {
2123 drv->bdrv_set_perm(bs, cumulative_perms, cumulative_shared_perms);
2126 /* Drivers that never have children can omit .bdrv_child_perm() */
2127 if (!drv->bdrv_child_perm) {
2128 assert(QLIST_EMPTY(&bs->children));
2129 return;
2132 /* Update all children */
2133 QLIST_FOREACH(c, &bs->children, next) {
2134 bdrv_child_set_perm(c);
2138 void bdrv_get_cumulative_perm(BlockDriverState *bs, uint64_t *perm,
2139 uint64_t *shared_perm)
2141 BdrvChild *c;
2142 uint64_t cumulative_perms = 0;
2143 uint64_t cumulative_shared_perms = BLK_PERM_ALL;
2145 QLIST_FOREACH(c, &bs->parents, next_parent) {
2146 cumulative_perms |= c->perm;
2147 cumulative_shared_perms &= c->shared_perm;
2150 *perm = cumulative_perms;
2151 *shared_perm = cumulative_shared_perms;
2154 static char *bdrv_child_user_desc(BdrvChild *c)
2156 if (c->klass->get_parent_desc) {
2157 return c->klass->get_parent_desc(c);
2160 return g_strdup("another user");
2163 char *bdrv_perm_names(uint64_t perm)
2165 struct perm_name {
2166 uint64_t perm;
2167 const char *name;
2168 } permissions[] = {
2169 { BLK_PERM_CONSISTENT_READ, "consistent read" },
2170 { BLK_PERM_WRITE, "write" },
2171 { BLK_PERM_WRITE_UNCHANGED, "write unchanged" },
2172 { BLK_PERM_RESIZE, "resize" },
2173 { BLK_PERM_GRAPH_MOD, "change children" },
2174 { 0, NULL }
2177 GString *result = g_string_sized_new(30);
2178 struct perm_name *p;
2180 for (p = permissions; p->name; p++) {
2181 if (perm & p->perm) {
2182 if (result->len > 0) {
2183 g_string_append(result, ", ");
2185 g_string_append(result, p->name);
2189 return g_string_free(result, FALSE);
2193 * Checks whether a new reference to @bs can be added if the new user requires
2194 * @new_used_perm/@new_shared_perm as its permissions. If @ignore_children is
2195 * set, the BdrvChild objects in this list are ignored in the calculations;
2196 * this allows checking permission updates for an existing reference.
2198 * Needs to be followed by a call to either bdrv_set_perm() or
2199 * bdrv_abort_perm_update(). */
2200 static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
2201 uint64_t new_used_perm,
2202 uint64_t new_shared_perm,
2203 GSList *ignore_children,
2204 Error **errp)
2206 BdrvChild *c;
2207 uint64_t cumulative_perms = new_used_perm;
2208 uint64_t cumulative_shared_perms = new_shared_perm;
2211 /* There is no reason why anyone couldn't tolerate write_unchanged */
2212 assert(new_shared_perm & BLK_PERM_WRITE_UNCHANGED);
2214 QLIST_FOREACH(c, &bs->parents, next_parent) {
2215 if (g_slist_find(ignore_children, c)) {
2216 continue;
2219 if ((new_used_perm & c->shared_perm) != new_used_perm) {
2220 char *user = bdrv_child_user_desc(c);
2221 char *perm_names = bdrv_perm_names(new_used_perm & ~c->shared_perm);
2223 error_setg(errp, "Conflicts with use by %s as '%s', which does not "
2224 "allow '%s' on %s",
2225 user, c->name, perm_names, bdrv_get_node_name(c->bs));
2226 g_free(user);
2227 g_free(perm_names);
2228 return -EPERM;
2231 if ((c->perm & new_shared_perm) != c->perm) {
2232 char *user = bdrv_child_user_desc(c);
2233 char *perm_names = bdrv_perm_names(c->perm & ~new_shared_perm);
2235 error_setg(errp, "Conflicts with use by %s as '%s', which uses "
2236 "'%s' on %s",
2237 user, c->name, perm_names, bdrv_get_node_name(c->bs));
2238 g_free(user);
2239 g_free(perm_names);
2240 return -EPERM;
2243 cumulative_perms |= c->perm;
2244 cumulative_shared_perms &= c->shared_perm;
2247 return bdrv_check_perm(bs, q, cumulative_perms, cumulative_shared_perms,
2248 ignore_children, errp);
2251 /* Needs to be followed by a call to either bdrv_child_set_perm() or
2252 * bdrv_child_abort_perm_update(). */
2253 static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q,
2254 uint64_t perm, uint64_t shared,
2255 GSList *ignore_children, Error **errp)
2257 int ret;
2259 ignore_children = g_slist_prepend(g_slist_copy(ignore_children), c);
2260 ret = bdrv_check_update_perm(c->bs, q, perm, shared, ignore_children, errp);
2261 g_slist_free(ignore_children);
2263 if (ret < 0) {
2264 return ret;
2267 if (!c->has_backup_perm) {
2268 c->has_backup_perm = true;
2269 c->backup_perm = c->perm;
2270 c->backup_shared_perm = c->shared_perm;
2273 * Note: it's OK if c->has_backup_perm was already set, as we can find the
2274 * same child twice during check_perm procedure
2277 c->perm = perm;
2278 c->shared_perm = shared;
2280 return 0;
2283 static void bdrv_child_set_perm(BdrvChild *c)
2285 c->has_backup_perm = false;
2287 bdrv_set_perm(c->bs);
2290 static void bdrv_child_abort_perm_update(BdrvChild *c)
2292 if (c->has_backup_perm) {
2293 c->perm = c->backup_perm;
2294 c->shared_perm = c->backup_shared_perm;
2295 c->has_backup_perm = false;
2298 bdrv_abort_perm_update(c->bs);
2301 static int bdrv_refresh_perms(BlockDriverState *bs, Error **errp)
2303 int ret;
2304 uint64_t perm, shared_perm;
2306 bdrv_get_cumulative_perm(bs, &perm, &shared_perm);
2307 ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, errp);
2308 if (ret < 0) {
2309 bdrv_abort_perm_update(bs);
2310 return ret;
2312 bdrv_set_perm(bs);
2314 return 0;
2317 int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
2318 Error **errp)
2320 Error *local_err = NULL;
2321 int ret;
2323 ret = bdrv_child_check_perm(c, NULL, perm, shared, NULL, &local_err);
2324 if (ret < 0) {
2325 bdrv_child_abort_perm_update(c);
2326 if ((perm & ~c->perm) || (c->shared_perm & ~shared)) {
2327 /* tighten permissions */
2328 error_propagate(errp, local_err);
2329 } else {
2331 * Our caller may intend to only loosen restrictions and
2332 * does not expect this function to fail. Errors are not
2333 * fatal in such a case, so we can just hide them from our
2334 * caller.
2336 error_free(local_err);
2337 ret = 0;
2339 return ret;
2342 bdrv_child_set_perm(c);
2344 return 0;
2347 int bdrv_child_refresh_perms(BlockDriverState *bs, BdrvChild *c, Error **errp)
2349 uint64_t parent_perms, parent_shared;
2350 uint64_t perms, shared;
2352 bdrv_get_cumulative_perm(bs, &parent_perms, &parent_shared);
2353 bdrv_child_perm(bs, c->bs, c, c->role, NULL,
2354 parent_perms, parent_shared, &perms, &shared);
2356 return bdrv_child_try_set_perm(c, perms, shared, errp);
2360 * Default implementation for .bdrv_child_perm() for block filters:
2361 * Forward CONSISTENT_READ, WRITE, WRITE_UNCHANGED, and RESIZE to the
2362 * filtered child.
2364 static void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
2365 BdrvChildRole role,
2366 BlockReopenQueue *reopen_queue,
2367 uint64_t perm, uint64_t shared,
2368 uint64_t *nperm, uint64_t *nshared)
2370 *nperm = perm & DEFAULT_PERM_PASSTHROUGH;
2371 *nshared = (shared & DEFAULT_PERM_PASSTHROUGH) | DEFAULT_PERM_UNCHANGED;
2374 static void bdrv_default_perms_for_cow(BlockDriverState *bs, BdrvChild *c,
2375 BdrvChildRole role,
2376 BlockReopenQueue *reopen_queue,
2377 uint64_t perm, uint64_t shared,
2378 uint64_t *nperm, uint64_t *nshared)
2380 assert(role & BDRV_CHILD_COW);
2383 * We want consistent read from backing files if the parent needs it.
2384 * No other operations are performed on backing files.
2386 perm &= BLK_PERM_CONSISTENT_READ;
2389 * If the parent can deal with changing data, we're okay with a
2390 * writable and resizable backing file.
2391 * TODO Require !(perm & BLK_PERM_CONSISTENT_READ), too?
2393 if (shared & BLK_PERM_WRITE) {
2394 shared = BLK_PERM_WRITE | BLK_PERM_RESIZE;
2395 } else {
2396 shared = 0;
2399 shared |= BLK_PERM_CONSISTENT_READ | BLK_PERM_GRAPH_MOD |
2400 BLK_PERM_WRITE_UNCHANGED;
2402 if (bs->open_flags & BDRV_O_INACTIVE) {
2403 shared |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
2406 *nperm = perm;
2407 *nshared = shared;
2410 static void bdrv_default_perms_for_storage(BlockDriverState *bs, BdrvChild *c,
2411 BdrvChildRole role,
2412 BlockReopenQueue *reopen_queue,
2413 uint64_t perm, uint64_t shared,
2414 uint64_t *nperm, uint64_t *nshared)
2416 int flags;
2418 assert(role & (BDRV_CHILD_METADATA | BDRV_CHILD_DATA));
2420 flags = bdrv_reopen_get_flags(reopen_queue, bs);
2423 * Apart from the modifications below, the same permissions are
2424 * forwarded and left alone as for filters
2426 bdrv_filter_default_perms(bs, c, role, reopen_queue,
2427 perm, shared, &perm, &shared);
2429 if (role & BDRV_CHILD_METADATA) {
2430 /* Format drivers may touch metadata even if the guest doesn't write */
2431 if (bdrv_is_writable_after_reopen(bs, reopen_queue)) {
2432 perm |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
2436 * bs->file always needs to be consistent because of the
2437 * metadata. We can never allow other users to resize or write
2438 * to it.
2440 if (!(flags & BDRV_O_NO_IO)) {
2441 perm |= BLK_PERM_CONSISTENT_READ;
2443 shared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
2446 if (role & BDRV_CHILD_DATA) {
2448 * Technically, everything in this block is a subset of the
2449 * BDRV_CHILD_METADATA path taken above, and so this could
2450 * be an "else if" branch. However, that is not obvious, and
2451 * this function is not performance critical, therefore we let
2452 * this be an independent "if".
2456 * We cannot allow other users to resize the file because the
2457 * format driver might have some assumptions about the size
2458 * (e.g. because it is stored in metadata, or because the file
2459 * is split into fixed-size data files).
2461 shared &= ~BLK_PERM_RESIZE;
2464 * WRITE_UNCHANGED often cannot be performed as such on the
2465 * data file. For example, the qcow2 driver may still need to
2466 * write copied clusters on copy-on-read.
2468 if (perm & BLK_PERM_WRITE_UNCHANGED) {
2469 perm |= BLK_PERM_WRITE;
2473 * If the data file is written to, the format driver may
2474 * expect to be able to resize it by writing beyond the EOF.
2476 if (perm & BLK_PERM_WRITE) {
2477 perm |= BLK_PERM_RESIZE;
2481 if (bs->open_flags & BDRV_O_INACTIVE) {
2482 shared |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
2485 *nperm = perm;
2486 *nshared = shared;
2489 void bdrv_default_perms(BlockDriverState *bs, BdrvChild *c,
2490 BdrvChildRole role, BlockReopenQueue *reopen_queue,
2491 uint64_t perm, uint64_t shared,
2492 uint64_t *nperm, uint64_t *nshared)
2494 if (role & BDRV_CHILD_FILTERED) {
2495 assert(!(role & (BDRV_CHILD_DATA | BDRV_CHILD_METADATA |
2496 BDRV_CHILD_COW)));
2497 bdrv_filter_default_perms(bs, c, role, reopen_queue,
2498 perm, shared, nperm, nshared);
2499 } else if (role & BDRV_CHILD_COW) {
2500 assert(!(role & (BDRV_CHILD_DATA | BDRV_CHILD_METADATA)));
2501 bdrv_default_perms_for_cow(bs, c, role, reopen_queue,
2502 perm, shared, nperm, nshared);
2503 } else if (role & (BDRV_CHILD_METADATA | BDRV_CHILD_DATA)) {
2504 bdrv_default_perms_for_storage(bs, c, role, reopen_queue,
2505 perm, shared, nperm, nshared);
2506 } else {
2507 g_assert_not_reached();
2511 uint64_t bdrv_qapi_perm_to_blk_perm(BlockPermission qapi_perm)
2513 static const uint64_t permissions[] = {
2514 [BLOCK_PERMISSION_CONSISTENT_READ] = BLK_PERM_CONSISTENT_READ,
2515 [BLOCK_PERMISSION_WRITE] = BLK_PERM_WRITE,
2516 [BLOCK_PERMISSION_WRITE_UNCHANGED] = BLK_PERM_WRITE_UNCHANGED,
2517 [BLOCK_PERMISSION_RESIZE] = BLK_PERM_RESIZE,
2518 [BLOCK_PERMISSION_GRAPH_MOD] = BLK_PERM_GRAPH_MOD,
2521 QEMU_BUILD_BUG_ON(ARRAY_SIZE(permissions) != BLOCK_PERMISSION__MAX);
2522 QEMU_BUILD_BUG_ON(1UL << ARRAY_SIZE(permissions) != BLK_PERM_ALL + 1);
2524 assert(qapi_perm < BLOCK_PERMISSION__MAX);
2526 return permissions[qapi_perm];
2529 static void bdrv_replace_child_noperm(BdrvChild *child,
2530 BlockDriverState *new_bs)
2532 BlockDriverState *old_bs = child->bs;
2533 int new_bs_quiesce_counter;
2534 int drain_saldo;
2536 assert(!child->frozen);
2538 if (old_bs && new_bs) {
2539 assert(bdrv_get_aio_context(old_bs) == bdrv_get_aio_context(new_bs));
2542 new_bs_quiesce_counter = (new_bs ? new_bs->quiesce_counter : 0);
2543 drain_saldo = new_bs_quiesce_counter - child->parent_quiesce_counter;
2546 * If the new child node is drained but the old one was not, flush
2547 * all outstanding requests to the old child node.
2549 while (drain_saldo > 0 && child->klass->drained_begin) {
2550 bdrv_parent_drained_begin_single(child, true);
2551 drain_saldo--;
2554 if (old_bs) {
2555 /* Detach first so that the recursive drain sections coming from @child
2556 * are already gone and we only end the drain sections that came from
2557 * elsewhere. */
2558 if (child->klass->detach) {
2559 child->klass->detach(child);
2561 QLIST_REMOVE(child, next_parent);
2564 child->bs = new_bs;
2566 if (new_bs) {
2567 QLIST_INSERT_HEAD(&new_bs->parents, child, next_parent);
2570 * Detaching the old node may have led to the new node's
2571 * quiesce_counter having been decreased. Not a problem, we
2572 * just need to recognize this here and then invoke
2573 * drained_end appropriately more often.
2575 assert(new_bs->quiesce_counter <= new_bs_quiesce_counter);
2576 drain_saldo += new_bs->quiesce_counter - new_bs_quiesce_counter;
2578 /* Attach only after starting new drained sections, so that recursive
2579 * drain sections coming from @child don't get an extra .drained_begin
2580 * callback. */
2581 if (child->klass->attach) {
2582 child->klass->attach(child);
2587 * If the old child node was drained but the new one is not, allow
2588 * requests to come in only after the new node has been attached.
2590 while (drain_saldo < 0 && child->klass->drained_end) {
2591 bdrv_parent_drained_end_single(child);
2592 drain_saldo++;
2597 * Updates @child to change its reference to point to @new_bs, including
2598 * checking and applying the necessary permission updates both to the old node
2599 * and to @new_bs.
2601 * NULL is passed as @new_bs for removing the reference before freeing @child.
2603 * If @new_bs is not NULL, bdrv_check_perm() must be called beforehand, as this
2604 * function uses bdrv_set_perm() to update the permissions according to the new
2605 * reference that @new_bs gets.
2607 * Callers must ensure that child->frozen is false.
2609 static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
2611 BlockDriverState *old_bs = child->bs;
2613 /* Asserts that child->frozen == false */
2614 bdrv_replace_child_noperm(child, new_bs);
2617 * Start with the new node's permissions. If @new_bs is a (direct
2618 * or indirect) child of @old_bs, we must complete the permission
2619 * update on @new_bs before we loosen the restrictions on @old_bs.
2620 * Otherwise, bdrv_check_perm() on @old_bs would re-initiate
2621 * updating the permissions of @new_bs, and thus not purely loosen
2622 * restrictions.
2624 if (new_bs) {
2625 bdrv_set_perm(new_bs);
2628 if (old_bs) {
2630 * Update permissions for old node. We're just taking a parent away, so
2631 * we're loosening restrictions. Errors of permission update are not
2632 * fatal in this case, ignore them.
2634 bdrv_refresh_perms(old_bs, NULL);
2636 /* When the parent requiring a non-default AioContext is removed, the
2637 * node moves back to the main AioContext */
2638 bdrv_try_set_aio_context(old_bs, qemu_get_aio_context(), NULL);
2643 * This function steals the reference to child_bs from the caller.
2644 * That reference is later dropped by bdrv_root_unref_child().
2646 * On failure NULL is returned, errp is set and the reference to
2647 * child_bs is also dropped.
2649 * The caller must hold the AioContext lock @child_bs, but not that of @ctx
2650 * (unless @child_bs is already in @ctx).
2652 BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
2653 const char *child_name,
2654 const BdrvChildClass *child_class,
2655 BdrvChildRole child_role,
2656 AioContext *ctx,
2657 uint64_t perm, uint64_t shared_perm,
2658 void *opaque, Error **errp)
2660 BdrvChild *child;
2661 Error *local_err = NULL;
2662 int ret;
2664 ret = bdrv_check_update_perm(child_bs, NULL, perm, shared_perm, NULL, errp);
2665 if (ret < 0) {
2666 bdrv_abort_perm_update(child_bs);
2667 bdrv_unref(child_bs);
2668 return NULL;
2671 child = g_new(BdrvChild, 1);
2672 *child = (BdrvChild) {
2673 .bs = NULL,
2674 .name = g_strdup(child_name),
2675 .klass = child_class,
2676 .role = child_role,
2677 .perm = perm,
2678 .shared_perm = shared_perm,
2679 .opaque = opaque,
2682 /* If the AioContexts don't match, first try to move the subtree of
2683 * child_bs into the AioContext of the new parent. If this doesn't work,
2684 * try moving the parent into the AioContext of child_bs instead. */
2685 if (bdrv_get_aio_context(child_bs) != ctx) {
2686 ret = bdrv_try_set_aio_context(child_bs, ctx, &local_err);
2687 if (ret < 0 && child_class->can_set_aio_ctx) {
2688 GSList *ignore = g_slist_prepend(NULL, child);
2689 ctx = bdrv_get_aio_context(child_bs);
2690 if (child_class->can_set_aio_ctx(child, ctx, &ignore, NULL)) {
2691 error_free(local_err);
2692 ret = 0;
2693 g_slist_free(ignore);
2694 ignore = g_slist_prepend(NULL, child);
2695 child_class->set_aio_ctx(child, ctx, &ignore);
2697 g_slist_free(ignore);
2699 if (ret < 0) {
2700 error_propagate(errp, local_err);
2701 g_free(child);
2702 bdrv_abort_perm_update(child_bs);
2703 bdrv_unref(child_bs);
2704 return NULL;
2708 /* This performs the matching bdrv_set_perm() for the above check. */
2709 bdrv_replace_child(child, child_bs);
2711 return child;
2715 * This function transfers the reference to child_bs from the caller
2716 * to parent_bs. That reference is later dropped by parent_bs on
2717 * bdrv_close() or if someone calls bdrv_unref_child().
2719 * On failure NULL is returned, errp is set and the reference to
2720 * child_bs is also dropped.
2722 * If @parent_bs and @child_bs are in different AioContexts, the caller must
2723 * hold the AioContext lock for @child_bs, but not for @parent_bs.
2725 BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs,
2726 BlockDriverState *child_bs,
2727 const char *child_name,
2728 const BdrvChildClass *child_class,
2729 BdrvChildRole child_role,
2730 Error **errp)
2732 BdrvChild *child;
2733 uint64_t perm, shared_perm;
2735 bdrv_get_cumulative_perm(parent_bs, &perm, &shared_perm);
2737 assert(parent_bs->drv);
2738 bdrv_child_perm(parent_bs, child_bs, NULL, child_role, NULL,
2739 perm, shared_perm, &perm, &shared_perm);
2741 child = bdrv_root_attach_child(child_bs, child_name, child_class,
2742 child_role, bdrv_get_aio_context(parent_bs),
2743 perm, shared_perm, parent_bs, errp);
2744 if (child == NULL) {
2745 return NULL;
2748 QLIST_INSERT_HEAD(&parent_bs->children, child, next);
2749 return child;
2752 static void bdrv_detach_child(BdrvChild *child)
2754 QLIST_SAFE_REMOVE(child, next);
2756 bdrv_replace_child(child, NULL);
2758 g_free(child->name);
2759 g_free(child);
2762 /* Callers must ensure that child->frozen is false. */
2763 void bdrv_root_unref_child(BdrvChild *child)
2765 BlockDriverState *child_bs;
2767 child_bs = child->bs;
2768 bdrv_detach_child(child);
2769 bdrv_unref(child_bs);
2773 * Clear all inherits_from pointers from children and grandchildren of
2774 * @root that point to @root, where necessary.
2776 static void bdrv_unset_inherits_from(BlockDriverState *root, BdrvChild *child)
2778 BdrvChild *c;
2780 if (child->bs->inherits_from == root) {
2782 * Remove inherits_from only when the last reference between root and
2783 * child->bs goes away.
2785 QLIST_FOREACH(c, &root->children, next) {
2786 if (c != child && c->bs == child->bs) {
2787 break;
2790 if (c == NULL) {
2791 child->bs->inherits_from = NULL;
2795 QLIST_FOREACH(c, &child->bs->children, next) {
2796 bdrv_unset_inherits_from(root, c);
2800 /* Callers must ensure that child->frozen is false. */
2801 void bdrv_unref_child(BlockDriverState *parent, BdrvChild *child)
2803 if (child == NULL) {
2804 return;
2807 bdrv_unset_inherits_from(parent, child);
2808 bdrv_root_unref_child(child);
2812 static void bdrv_parent_cb_change_media(BlockDriverState *bs, bool load)
2814 BdrvChild *c;
2815 QLIST_FOREACH(c, &bs->parents, next_parent) {
2816 if (c->klass->change_media) {
2817 c->klass->change_media(c, load);
2822 /* Return true if you can reach parent going through child->inherits_from
2823 * recursively. If parent or child are NULL, return false */
2824 static bool bdrv_inherits_from_recursive(BlockDriverState *child,
2825 BlockDriverState *parent)
2827 while (child && child != parent) {
2828 child = child->inherits_from;
2831 return child != NULL;
2835 * Return the BdrvChildRole for @bs's backing child. bs->backing is
2836 * mostly used for COW backing children (role = COW), but also for
2837 * filtered children (role = FILTERED | PRIMARY).
2839 static BdrvChildRole bdrv_backing_role(BlockDriverState *bs)
2841 if (bs->drv && bs->drv->is_filter) {
2842 return BDRV_CHILD_FILTERED | BDRV_CHILD_PRIMARY;
2843 } else {
2844 return BDRV_CHILD_COW;
2849 * Sets the bs->backing link of a BDS. A new reference is created; callers
2850 * which don't need their own reference any more must call bdrv_unref().
2852 int bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd,
2853 Error **errp)
2855 int ret = 0;
2856 bool update_inherits_from = bdrv_chain_contains(bs, backing_hd) &&
2857 bdrv_inherits_from_recursive(backing_hd, bs);
2859 if (bdrv_is_backing_chain_frozen(bs, child_bs(bs->backing), errp)) {
2860 return -EPERM;
2863 if (backing_hd) {
2864 bdrv_ref(backing_hd);
2867 if (bs->backing) {
2868 /* Cannot be frozen, we checked that above */
2869 bdrv_unref_child(bs, bs->backing);
2870 bs->backing = NULL;
2873 if (!backing_hd) {
2874 goto out;
2877 bs->backing = bdrv_attach_child(bs, backing_hd, "backing", &child_of_bds,
2878 bdrv_backing_role(bs), errp);
2879 if (!bs->backing) {
2880 ret = -EPERM;
2881 goto out;
2884 /* If backing_hd was already part of bs's backing chain, and
2885 * inherits_from pointed recursively to bs then let's update it to
2886 * point directly to bs (else it will become NULL). */
2887 if (update_inherits_from) {
2888 backing_hd->inherits_from = bs;
2891 out:
2892 bdrv_refresh_limits(bs, NULL);
2894 return ret;
2898 * Opens the backing file for a BlockDriverState if not yet open
2900 * bdref_key specifies the key for the image's BlockdevRef in the options QDict.
2901 * That QDict has to be flattened; therefore, if the BlockdevRef is a QDict
2902 * itself, all options starting with "${bdref_key}." are considered part of the
2903 * BlockdevRef.
2905 * TODO Can this be unified with bdrv_open_image()?
2907 int bdrv_open_backing_file(BlockDriverState *bs, QDict *parent_options,
2908 const char *bdref_key, Error **errp)
2910 char *backing_filename = NULL;
2911 char *bdref_key_dot;
2912 const char *reference = NULL;
2913 int ret = 0;
2914 bool implicit_backing = false;
2915 BlockDriverState *backing_hd;
2916 QDict *options;
2917 QDict *tmp_parent_options = NULL;
2918 Error *local_err = NULL;
2920 if (bs->backing != NULL) {
2921 goto free_exit;
2924 /* NULL means an empty set of options */
2925 if (parent_options == NULL) {
2926 tmp_parent_options = qdict_new();
2927 parent_options = tmp_parent_options;
2930 bs->open_flags &= ~BDRV_O_NO_BACKING;
2932 bdref_key_dot = g_strdup_printf("%s.", bdref_key);
2933 qdict_extract_subqdict(parent_options, &options, bdref_key_dot);
2934 g_free(bdref_key_dot);
2937 * Caution: while qdict_get_try_str() is fine, getting non-string
2938 * types would require more care. When @parent_options come from
2939 * -blockdev or blockdev_add, its members are typed according to
2940 * the QAPI schema, but when they come from -drive, they're all
2941 * QString.
2943 reference = qdict_get_try_str(parent_options, bdref_key);
2944 if (reference || qdict_haskey(options, "file.filename")) {
2945 /* keep backing_filename NULL */
2946 } else if (bs->backing_file[0] == '\0' && qdict_size(options) == 0) {
2947 qobject_unref(options);
2948 goto free_exit;
2949 } else {
2950 if (qdict_size(options) == 0) {
2951 /* If the user specifies options that do not modify the
2952 * backing file's behavior, we might still consider it the
2953 * implicit backing file. But it's easier this way, and
2954 * just specifying some of the backing BDS's options is
2955 * only possible with -drive anyway (otherwise the QAPI
2956 * schema forces the user to specify everything). */
2957 implicit_backing = !strcmp(bs->auto_backing_file, bs->backing_file);
2960 backing_filename = bdrv_get_full_backing_filename(bs, &local_err);
2961 if (local_err) {
2962 ret = -EINVAL;
2963 error_propagate(errp, local_err);
2964 qobject_unref(options);
2965 goto free_exit;
2969 if (!bs->drv || !bs->drv->supports_backing) {
2970 ret = -EINVAL;
2971 error_setg(errp, "Driver doesn't support backing files");
2972 qobject_unref(options);
2973 goto free_exit;
2976 if (!reference &&
2977 bs->backing_format[0] != '\0' && !qdict_haskey(options, "driver")) {
2978 qdict_put_str(options, "driver", bs->backing_format);
2981 backing_hd = bdrv_open_inherit(backing_filename, reference, options, 0, bs,
2982 &child_of_bds, bdrv_backing_role(bs), errp);
2983 if (!backing_hd) {
2984 bs->open_flags |= BDRV_O_NO_BACKING;
2985 error_prepend(errp, "Could not open backing file: ");
2986 ret = -EINVAL;
2987 goto free_exit;
2990 if (implicit_backing) {
2991 bdrv_refresh_filename(backing_hd);
2992 pstrcpy(bs->auto_backing_file, sizeof(bs->auto_backing_file),
2993 backing_hd->filename);
2996 /* Hook up the backing file link; drop our reference, bs owns the
2997 * backing_hd reference now */
2998 bdrv_set_backing_hd(bs, backing_hd, &local_err);
2999 bdrv_unref(backing_hd);
3000 if (local_err) {
3001 error_propagate(errp, local_err);
3002 ret = -EINVAL;
3003 goto free_exit;
3006 qdict_del(parent_options, bdref_key);
3008 free_exit:
3009 g_free(backing_filename);
3010 qobject_unref(tmp_parent_options);
3011 return ret;
3014 static BlockDriverState *
3015 bdrv_open_child_bs(const char *filename, QDict *options, const char *bdref_key,
3016 BlockDriverState *parent, const BdrvChildClass *child_class,
3017 BdrvChildRole child_role, bool allow_none, Error **errp)
3019 BlockDriverState *bs = NULL;
3020 QDict *image_options;
3021 char *bdref_key_dot;
3022 const char *reference;
3024 assert(child_class != NULL);
3026 bdref_key_dot = g_strdup_printf("%s.", bdref_key);
3027 qdict_extract_subqdict(options, &image_options, bdref_key_dot);
3028 g_free(bdref_key_dot);
3031 * Caution: while qdict_get_try_str() is fine, getting non-string
3032 * types would require more care. When @options come from
3033 * -blockdev or blockdev_add, its members are typed according to
3034 * the QAPI schema, but when they come from -drive, they're all
3035 * QString.
3037 reference = qdict_get_try_str(options, bdref_key);
3038 if (!filename && !reference && !qdict_size(image_options)) {
3039 if (!allow_none) {
3040 error_setg(errp, "A block device must be specified for \"%s\"",
3041 bdref_key);
3043 qobject_unref(image_options);
3044 goto done;
3047 bs = bdrv_open_inherit(filename, reference, image_options, 0,
3048 parent, child_class, child_role, errp);
3049 if (!bs) {
3050 goto done;
3053 done:
3054 qdict_del(options, bdref_key);
3055 return bs;
3059 * Opens a disk image whose options are given as BlockdevRef in another block
3060 * device's options.
3062 * If allow_none is true, no image will be opened if filename is false and no
3063 * BlockdevRef is given. NULL will be returned, but errp remains unset.
3065 * bdrev_key specifies the key for the image's BlockdevRef in the options QDict.
3066 * That QDict has to be flattened; therefore, if the BlockdevRef is a QDict
3067 * itself, all options starting with "${bdref_key}." are considered part of the
3068 * BlockdevRef.
3070 * The BlockdevRef will be removed from the options QDict.
3072 BdrvChild *bdrv_open_child(const char *filename,
3073 QDict *options, const char *bdref_key,
3074 BlockDriverState *parent,
3075 const BdrvChildClass *child_class,
3076 BdrvChildRole child_role,
3077 bool allow_none, Error **errp)
3079 BlockDriverState *bs;
3081 bs = bdrv_open_child_bs(filename, options, bdref_key, parent, child_class,
3082 child_role, allow_none, errp);
3083 if (bs == NULL) {
3084 return NULL;
3087 return bdrv_attach_child(parent, bs, bdref_key, child_class, child_role,
3088 errp);
3092 * TODO Future callers may need to specify parent/child_class in order for
3093 * option inheritance to work. Existing callers use it for the root node.
3095 BlockDriverState *bdrv_open_blockdev_ref(BlockdevRef *ref, Error **errp)
3097 BlockDriverState *bs = NULL;
3098 QObject *obj = NULL;
3099 QDict *qdict = NULL;
3100 const char *reference = NULL;
3101 Visitor *v = NULL;
3103 if (ref->type == QTYPE_QSTRING) {
3104 reference = ref->u.reference;
3105 } else {
3106 BlockdevOptions *options = &ref->u.definition;
3107 assert(ref->type == QTYPE_QDICT);
3109 v = qobject_output_visitor_new(&obj);
3110 visit_type_BlockdevOptions(v, NULL, &options, &error_abort);
3111 visit_complete(v, &obj);
3113 qdict = qobject_to(QDict, obj);
3114 qdict_flatten(qdict);
3116 /* bdrv_open_inherit() defaults to the values in bdrv_flags (for
3117 * compatibility with other callers) rather than what we want as the
3118 * real defaults. Apply the defaults here instead. */
3119 qdict_set_default_str(qdict, BDRV_OPT_CACHE_DIRECT, "off");
3120 qdict_set_default_str(qdict, BDRV_OPT_CACHE_NO_FLUSH, "off");
3121 qdict_set_default_str(qdict, BDRV_OPT_READ_ONLY, "off");
3122 qdict_set_default_str(qdict, BDRV_OPT_AUTO_READ_ONLY, "off");
3126 bs = bdrv_open_inherit(NULL, reference, qdict, 0, NULL, NULL, 0, errp);
3127 obj = NULL;
3128 qobject_unref(obj);
3129 visit_free(v);
3130 return bs;
3133 static BlockDriverState *bdrv_append_temp_snapshot(BlockDriverState *bs,
3134 int flags,
3135 QDict *snapshot_options,
3136 Error **errp)
3138 /* TODO: extra byte is a hack to ensure MAX_PATH space on Windows. */
3139 char *tmp_filename = g_malloc0(PATH_MAX + 1);
3140 int64_t total_size;
3141 QemuOpts *opts = NULL;
3142 BlockDriverState *bs_snapshot = NULL;
3143 int ret;
3145 /* if snapshot, we create a temporary backing file and open it
3146 instead of opening 'filename' directly */
3148 /* Get the required size from the image */
3149 total_size = bdrv_getlength(bs);
3150 if (total_size < 0) {
3151 error_setg_errno(errp, -total_size, "Could not get image size");
3152 goto out;
3155 /* Create the temporary image */
3156 ret = get_tmp_filename(tmp_filename, PATH_MAX + 1);
3157 if (ret < 0) {
3158 error_setg_errno(errp, -ret, "Could not get temporary filename");
3159 goto out;
3162 opts = qemu_opts_create(bdrv_qcow2.create_opts, NULL, 0,
3163 &error_abort);
3164 qemu_opt_set_number(opts, BLOCK_OPT_SIZE, total_size, &error_abort);
3165 ret = bdrv_create(&bdrv_qcow2, tmp_filename, opts, errp);
3166 qemu_opts_del(opts);
3167 if (ret < 0) {
3168 error_prepend(errp, "Could not create temporary overlay '%s': ",
3169 tmp_filename);
3170 goto out;
3173 /* Prepare options QDict for the temporary file */
3174 qdict_put_str(snapshot_options, "file.driver", "file");
3175 qdict_put_str(snapshot_options, "file.filename", tmp_filename);
3176 qdict_put_str(snapshot_options, "driver", "qcow2");
3178 bs_snapshot = bdrv_open(NULL, NULL, snapshot_options, flags, errp);
3179 snapshot_options = NULL;
3180 if (!bs_snapshot) {
3181 goto out;
3184 /* bdrv_append() consumes a strong reference to bs_snapshot
3185 * (i.e. it will call bdrv_unref() on it) even on error, so in
3186 * order to be able to return one, we have to increase
3187 * bs_snapshot's refcount here */
3188 bdrv_ref(bs_snapshot);
3189 ret = bdrv_append(bs_snapshot, bs, errp);
3190 if (ret < 0) {
3191 bs_snapshot = NULL;
3192 goto out;
3195 out:
3196 qobject_unref(snapshot_options);
3197 g_free(tmp_filename);
3198 return bs_snapshot;
3202 * Opens a disk image (raw, qcow2, vmdk, ...)
3204 * options is a QDict of options to pass to the block drivers, or NULL for an
3205 * empty set of options. The reference to the QDict belongs to the block layer
3206 * after the call (even on failure), so if the caller intends to reuse the
3207 * dictionary, it needs to use qobject_ref() before calling bdrv_open.
3209 * If *pbs is NULL, a new BDS will be created with a pointer to it stored there.
3210 * If it is not NULL, the referenced BDS will be reused.
3212 * The reference parameter may be used to specify an existing block device which
3213 * should be opened. If specified, neither options nor a filename may be given,
3214 * nor can an existing BDS be reused (that is, *pbs has to be NULL).
3216 static BlockDriverState *bdrv_open_inherit(const char *filename,
3217 const char *reference,
3218 QDict *options, int flags,
3219 BlockDriverState *parent,
3220 const BdrvChildClass *child_class,
3221 BdrvChildRole child_role,
3222 Error **errp)
3224 int ret;
3225 BlockBackend *file = NULL;
3226 BlockDriverState *bs;
3227 BlockDriver *drv = NULL;
3228 BdrvChild *child;
3229 const char *drvname;
3230 const char *backing;
3231 Error *local_err = NULL;
3232 QDict *snapshot_options = NULL;
3233 int snapshot_flags = 0;
3235 assert(!child_class || !flags);
3236 assert(!child_class == !parent);
3238 if (reference) {
3239 bool options_non_empty = options ? qdict_size(options) : false;
3240 qobject_unref(options);
3242 if (filename || options_non_empty) {
3243 error_setg(errp, "Cannot reference an existing block device with "
3244 "additional options or a new filename");
3245 return NULL;
3248 bs = bdrv_lookup_bs(reference, reference, errp);
3249 if (!bs) {
3250 return NULL;
3253 bdrv_ref(bs);
3254 return bs;
3257 bs = bdrv_new();
3259 /* NULL means an empty set of options */
3260 if (options == NULL) {
3261 options = qdict_new();
3264 /* json: syntax counts as explicit options, as if in the QDict */
3265 parse_json_protocol(options, &filename, &local_err);
3266 if (local_err) {
3267 goto fail;
3270 bs->explicit_options = qdict_clone_shallow(options);
3272 if (child_class) {
3273 bool parent_is_format;
3275 if (parent->drv) {
3276 parent_is_format = parent->drv->is_format;
3277 } else {
3279 * parent->drv is not set yet because this node is opened for
3280 * (potential) format probing. That means that @parent is going
3281 * to be a format node.
3283 parent_is_format = true;
3286 bs->inherits_from = parent;
3287 child_class->inherit_options(child_role, parent_is_format,
3288 &flags, options,
3289 parent->open_flags, parent->options);
3292 ret = bdrv_fill_options(&options, filename, &flags, &local_err);
3293 if (ret < 0) {
3294 goto fail;
3298 * Set the BDRV_O_RDWR and BDRV_O_ALLOW_RDWR flags.
3299 * Caution: getting a boolean member of @options requires care.
3300 * When @options come from -blockdev or blockdev_add, members are
3301 * typed according to the QAPI schema, but when they come from
3302 * -drive, they're all QString.
3304 if (g_strcmp0(qdict_get_try_str(options, BDRV_OPT_READ_ONLY), "on") &&
3305 !qdict_get_try_bool(options, BDRV_OPT_READ_ONLY, false)) {
3306 flags |= (BDRV_O_RDWR | BDRV_O_ALLOW_RDWR);
3307 } else {
3308 flags &= ~BDRV_O_RDWR;
3311 if (flags & BDRV_O_SNAPSHOT) {
3312 snapshot_options = qdict_new();
3313 bdrv_temp_snapshot_options(&snapshot_flags, snapshot_options,
3314 flags, options);
3315 /* Let bdrv_backing_options() override "read-only" */
3316 qdict_del(options, BDRV_OPT_READ_ONLY);
3317 bdrv_inherited_options(BDRV_CHILD_COW, true,
3318 &flags, options, flags, options);
3321 bs->open_flags = flags;
3322 bs->options = options;
3323 options = qdict_clone_shallow(options);
3325 /* Find the right image format driver */
3326 /* See cautionary note on accessing @options above */
3327 drvname = qdict_get_try_str(options, "driver");
3328 if (drvname) {
3329 drv = bdrv_find_format(drvname);
3330 if (!drv) {
3331 error_setg(errp, "Unknown driver: '%s'", drvname);
3332 goto fail;
3336 assert(drvname || !(flags & BDRV_O_PROTOCOL));
3338 /* See cautionary note on accessing @options above */
3339 backing = qdict_get_try_str(options, "backing");
3340 if (qobject_to(QNull, qdict_get(options, "backing")) != NULL ||
3341 (backing && *backing == '\0'))
3343 if (backing) {
3344 warn_report("Use of \"backing\": \"\" is deprecated; "
3345 "use \"backing\": null instead");
3347 flags |= BDRV_O_NO_BACKING;
3348 qdict_del(bs->explicit_options, "backing");
3349 qdict_del(bs->options, "backing");
3350 qdict_del(options, "backing");
3353 /* Open image file without format layer. This BlockBackend is only used for
3354 * probing, the block drivers will do their own bdrv_open_child() for the
3355 * same BDS, which is why we put the node name back into options. */
3356 if ((flags & BDRV_O_PROTOCOL) == 0) {
3357 BlockDriverState *file_bs;
3359 file_bs = bdrv_open_child_bs(filename, options, "file", bs,
3360 &child_of_bds, BDRV_CHILD_IMAGE,
3361 true, &local_err);
3362 if (local_err) {
3363 goto fail;
3365 if (file_bs != NULL) {
3366 /* Not requesting BLK_PERM_CONSISTENT_READ because we're only
3367 * looking at the header to guess the image format. This works even
3368 * in cases where a guest would not see a consistent state. */
3369 file = blk_new(bdrv_get_aio_context(file_bs), 0, BLK_PERM_ALL);
3370 blk_insert_bs(file, file_bs, &local_err);
3371 bdrv_unref(file_bs);
3372 if (local_err) {
3373 goto fail;
3376 qdict_put_str(options, "file", bdrv_get_node_name(file_bs));
3380 /* Image format probing */
3381 bs->probed = !drv;
3382 if (!drv && file) {
3383 ret = find_image_format(file, filename, &drv, &local_err);
3384 if (ret < 0) {
3385 goto fail;
3388 * This option update would logically belong in bdrv_fill_options(),
3389 * but we first need to open bs->file for the probing to work, while
3390 * opening bs->file already requires the (mostly) final set of options
3391 * so that cache mode etc. can be inherited.
3393 * Adding the driver later is somewhat ugly, but it's not an option
3394 * that would ever be inherited, so it's correct. We just need to make
3395 * sure to update both bs->options (which has the full effective
3396 * options for bs) and options (which has file.* already removed).
3398 qdict_put_str(bs->options, "driver", drv->format_name);
3399 qdict_put_str(options, "driver", drv->format_name);
3400 } else if (!drv) {
3401 error_setg(errp, "Must specify either driver or file");
3402 goto fail;
3405 /* BDRV_O_PROTOCOL must be set iff a protocol BDS is about to be created */
3406 assert(!!(flags & BDRV_O_PROTOCOL) == !!drv->bdrv_file_open);
3407 /* file must be NULL if a protocol BDS is about to be created
3408 * (the inverse results in an error message from bdrv_open_common()) */
3409 assert(!(flags & BDRV_O_PROTOCOL) || !file);
3411 /* Open the image */
3412 ret = bdrv_open_common(bs, file, options, &local_err);
3413 if (ret < 0) {
3414 goto fail;
3417 if (file) {
3418 blk_unref(file);
3419 file = NULL;
3422 /* If there is a backing file, use it */
3423 if ((flags & BDRV_O_NO_BACKING) == 0) {
3424 ret = bdrv_open_backing_file(bs, options, "backing", &local_err);
3425 if (ret < 0) {
3426 goto close_and_fail;
3430 /* Remove all children options and references
3431 * from bs->options and bs->explicit_options */
3432 QLIST_FOREACH(child, &bs->children, next) {
3433 char *child_key_dot;
3434 child_key_dot = g_strdup_printf("%s.", child->name);
3435 qdict_extract_subqdict(bs->explicit_options, NULL, child_key_dot);
3436 qdict_extract_subqdict(bs->options, NULL, child_key_dot);
3437 qdict_del(bs->explicit_options, child->name);
3438 qdict_del(bs->options, child->name);
3439 g_free(child_key_dot);
3442 /* Check if any unknown options were used */
3443 if (qdict_size(options) != 0) {
3444 const QDictEntry *entry = qdict_first(options);
3445 if (flags & BDRV_O_PROTOCOL) {
3446 error_setg(errp, "Block protocol '%s' doesn't support the option "
3447 "'%s'", drv->format_name, entry->key);
3448 } else {
3449 error_setg(errp,
3450 "Block format '%s' does not support the option '%s'",
3451 drv->format_name, entry->key);
3454 goto close_and_fail;
3457 bdrv_parent_cb_change_media(bs, true);
3459 qobject_unref(options);
3460 options = NULL;
3462 /* For snapshot=on, create a temporary qcow2 overlay. bs points to the
3463 * temporary snapshot afterwards. */
3464 if (snapshot_flags) {
3465 BlockDriverState *snapshot_bs;
3466 snapshot_bs = bdrv_append_temp_snapshot(bs, snapshot_flags,
3467 snapshot_options, &local_err);
3468 snapshot_options = NULL;
3469 if (local_err) {
3470 goto close_and_fail;
3472 /* We are not going to return bs but the overlay on top of it
3473 * (snapshot_bs); thus, we have to drop the strong reference to bs
3474 * (which we obtained by calling bdrv_new()). bs will not be deleted,
3475 * though, because the overlay still has a reference to it. */
3476 bdrv_unref(bs);
3477 bs = snapshot_bs;
3480 return bs;
3482 fail:
3483 blk_unref(file);
3484 qobject_unref(snapshot_options);
3485 qobject_unref(bs->explicit_options);
3486 qobject_unref(bs->options);
3487 qobject_unref(options);
3488 bs->options = NULL;
3489 bs->explicit_options = NULL;
3490 bdrv_unref(bs);
3491 error_propagate(errp, local_err);
3492 return NULL;
3494 close_and_fail:
3495 bdrv_unref(bs);
3496 qobject_unref(snapshot_options);
3497 qobject_unref(options);
3498 error_propagate(errp, local_err);
3499 return NULL;
3502 BlockDriverState *bdrv_open(const char *filename, const char *reference,
3503 QDict *options, int flags, Error **errp)
3505 return bdrv_open_inherit(filename, reference, options, flags, NULL,
3506 NULL, 0, errp);
3509 /* Return true if the NULL-terminated @list contains @str */
3510 static bool is_str_in_list(const char *str, const char *const *list)
3512 if (str && list) {
3513 int i;
3514 for (i = 0; list[i] != NULL; i++) {
3515 if (!strcmp(str, list[i])) {
3516 return true;
3520 return false;
3524 * Check that every option set in @bs->options is also set in
3525 * @new_opts.
3527 * Options listed in the common_options list and in
3528 * @bs->drv->mutable_opts are skipped.
3530 * Return 0 on success, otherwise return -EINVAL and set @errp.
3532 static int bdrv_reset_options_allowed(BlockDriverState *bs,
3533 const QDict *new_opts, Error **errp)
3535 const QDictEntry *e;
3536 /* These options are common to all block drivers and are handled
3537 * in bdrv_reopen_prepare() so they can be left out of @new_opts */
3538 const char *const common_options[] = {
3539 "node-name", "discard", "cache.direct", "cache.no-flush",
3540 "read-only", "auto-read-only", "detect-zeroes", NULL
3543 for (e = qdict_first(bs->options); e; e = qdict_next(bs->options, e)) {
3544 if (!qdict_haskey(new_opts, e->key) &&
3545 !is_str_in_list(e->key, common_options) &&
3546 !is_str_in_list(e->key, bs->drv->mutable_opts)) {
3547 error_setg(errp, "Option '%s' cannot be reset "
3548 "to its default value", e->key);
3549 return -EINVAL;
3553 return 0;
3557 * Returns true if @child can be reached recursively from @bs
3559 static bool bdrv_recurse_has_child(BlockDriverState *bs,
3560 BlockDriverState *child)
3562 BdrvChild *c;
3564 if (bs == child) {
3565 return true;
3568 QLIST_FOREACH(c, &bs->children, next) {
3569 if (bdrv_recurse_has_child(c->bs, child)) {
3570 return true;
3574 return false;
3578 * Adds a BlockDriverState to a simple queue for an atomic, transactional
3579 * reopen of multiple devices.
3581 * bs_queue can either be an existing BlockReopenQueue that has had QTAILQ_INIT
3582 * already performed, or alternatively may be NULL a new BlockReopenQueue will
3583 * be created and initialized. This newly created BlockReopenQueue should be
3584 * passed back in for subsequent calls that are intended to be of the same
3585 * atomic 'set'.
3587 * bs is the BlockDriverState to add to the reopen queue.
3589 * options contains the changed options for the associated bs
3590 * (the BlockReopenQueue takes ownership)
3592 * flags contains the open flags for the associated bs
3594 * returns a pointer to bs_queue, which is either the newly allocated
3595 * bs_queue, or the existing bs_queue being used.
3597 * bs must be drained between bdrv_reopen_queue() and bdrv_reopen_multiple().
3599 static BlockReopenQueue *bdrv_reopen_queue_child(BlockReopenQueue *bs_queue,
3600 BlockDriverState *bs,
3601 QDict *options,
3602 const BdrvChildClass *klass,
3603 BdrvChildRole role,
3604 bool parent_is_format,
3605 QDict *parent_options,
3606 int parent_flags,
3607 bool keep_old_opts)
3609 assert(bs != NULL);
3611 BlockReopenQueueEntry *bs_entry;
3612 BdrvChild *child;
3613 QDict *old_options, *explicit_options, *options_copy;
3614 int flags;
3615 QemuOpts *opts;
3617 /* Make sure that the caller remembered to use a drained section. This is
3618 * important to avoid graph changes between the recursive queuing here and
3619 * bdrv_reopen_multiple(). */
3620 assert(bs->quiesce_counter > 0);
3622 if (bs_queue == NULL) {
3623 bs_queue = g_new0(BlockReopenQueue, 1);
3624 QTAILQ_INIT(bs_queue);
3627 if (!options) {
3628 options = qdict_new();
3631 /* Check if this BlockDriverState is already in the queue */
3632 QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
3633 if (bs == bs_entry->state.bs) {
3634 break;
3639 * Precedence of options:
3640 * 1. Explicitly passed in options (highest)
3641 * 2. Retained from explicitly set options of bs
3642 * 3. Inherited from parent node
3643 * 4. Retained from effective options of bs
3646 /* Old explicitly set values (don't overwrite by inherited value) */
3647 if (bs_entry || keep_old_opts) {
3648 old_options = qdict_clone_shallow(bs_entry ?
3649 bs_entry->state.explicit_options :
3650 bs->explicit_options);
3651 bdrv_join_options(bs, options, old_options);
3652 qobject_unref(old_options);
3655 explicit_options = qdict_clone_shallow(options);
3657 /* Inherit from parent node */
3658 if (parent_options) {
3659 flags = 0;
3660 klass->inherit_options(role, parent_is_format, &flags, options,
3661 parent_flags, parent_options);
3662 } else {
3663 flags = bdrv_get_flags(bs);
3666 if (keep_old_opts) {
3667 /* Old values are used for options that aren't set yet */
3668 old_options = qdict_clone_shallow(bs->options);
3669 bdrv_join_options(bs, options, old_options);
3670 qobject_unref(old_options);
3673 /* We have the final set of options so let's update the flags */
3674 options_copy = qdict_clone_shallow(options);
3675 opts = qemu_opts_create(&bdrv_runtime_opts, NULL, 0, &error_abort);
3676 qemu_opts_absorb_qdict(opts, options_copy, NULL);
3677 update_flags_from_options(&flags, opts);
3678 qemu_opts_del(opts);
3679 qobject_unref(options_copy);
3681 /* bdrv_open_inherit() sets and clears some additional flags internally */
3682 flags &= ~BDRV_O_PROTOCOL;
3683 if (flags & BDRV_O_RDWR) {
3684 flags |= BDRV_O_ALLOW_RDWR;
3687 if (!bs_entry) {
3688 bs_entry = g_new0(BlockReopenQueueEntry, 1);
3689 QTAILQ_INSERT_TAIL(bs_queue, bs_entry, entry);
3690 } else {
3691 qobject_unref(bs_entry->state.options);
3692 qobject_unref(bs_entry->state.explicit_options);
3695 bs_entry->state.bs = bs;
3696 bs_entry->state.options = options;
3697 bs_entry->state.explicit_options = explicit_options;
3698 bs_entry->state.flags = flags;
3700 /* This needs to be overwritten in bdrv_reopen_prepare() */
3701 bs_entry->state.perm = UINT64_MAX;
3702 bs_entry->state.shared_perm = 0;
3705 * If keep_old_opts is false then it means that unspecified
3706 * options must be reset to their original value. We don't allow
3707 * resetting 'backing' but we need to know if the option is
3708 * missing in order to decide if we have to return an error.
3710 if (!keep_old_opts) {
3711 bs_entry->state.backing_missing =
3712 !qdict_haskey(options, "backing") &&
3713 !qdict_haskey(options, "backing.driver");
3716 QLIST_FOREACH(child, &bs->children, next) {
3717 QDict *new_child_options = NULL;
3718 bool child_keep_old = keep_old_opts;
3720 /* reopen can only change the options of block devices that were
3721 * implicitly created and inherited options. For other (referenced)
3722 * block devices, a syntax like "backing.foo" results in an error. */
3723 if (child->bs->inherits_from != bs) {
3724 continue;
3727 /* Check if the options contain a child reference */
3728 if (qdict_haskey(options, child->name)) {
3729 const char *childref = qdict_get_try_str(options, child->name);
3731 * The current child must not be reopened if the child
3732 * reference is null or points to a different node.
3734 if (g_strcmp0(childref, child->bs->node_name)) {
3735 continue;
3738 * If the child reference points to the current child then
3739 * reopen it with its existing set of options (note that
3740 * it can still inherit new options from the parent).
3742 child_keep_old = true;
3743 } else {
3744 /* Extract child options ("child-name.*") */
3745 char *child_key_dot = g_strdup_printf("%s.", child->name);
3746 qdict_extract_subqdict(explicit_options, NULL, child_key_dot);
3747 qdict_extract_subqdict(options, &new_child_options, child_key_dot);
3748 g_free(child_key_dot);
3751 bdrv_reopen_queue_child(bs_queue, child->bs, new_child_options,
3752 child->klass, child->role, bs->drv->is_format,
3753 options, flags, child_keep_old);
3756 return bs_queue;
3759 BlockReopenQueue *bdrv_reopen_queue(BlockReopenQueue *bs_queue,
3760 BlockDriverState *bs,
3761 QDict *options, bool keep_old_opts)
3763 return bdrv_reopen_queue_child(bs_queue, bs, options, NULL, 0, false,
3764 NULL, 0, keep_old_opts);
3768 * Reopen multiple BlockDriverStates atomically & transactionally.
3770 * The queue passed in (bs_queue) must have been built up previous
3771 * via bdrv_reopen_queue().
3773 * Reopens all BDS specified in the queue, with the appropriate
3774 * flags. All devices are prepared for reopen, and failure of any
3775 * device will cause all device changes to be abandoned, and intermediate
3776 * data cleaned up.
3778 * If all devices prepare successfully, then the changes are committed
3779 * to all devices.
3781 * All affected nodes must be drained between bdrv_reopen_queue() and
3782 * bdrv_reopen_multiple().
3784 int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
3786 int ret = -1;
3787 BlockReopenQueueEntry *bs_entry, *next;
3789 assert(bs_queue != NULL);
3791 QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
3792 assert(bs_entry->state.bs->quiesce_counter > 0);
3793 if (bdrv_reopen_prepare(&bs_entry->state, bs_queue, errp)) {
3794 goto cleanup;
3796 bs_entry->prepared = true;
3799 QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
3800 BDRVReopenState *state = &bs_entry->state;
3801 ret = bdrv_check_perm(state->bs, bs_queue, state->perm,
3802 state->shared_perm, NULL, errp);
3803 if (ret < 0) {
3804 goto cleanup_perm;
3806 /* Check if new_backing_bs would accept the new permissions */
3807 if (state->replace_backing_bs && state->new_backing_bs) {
3808 uint64_t nperm, nshared;
3809 bdrv_child_perm(state->bs, state->new_backing_bs,
3810 NULL, bdrv_backing_role(state->bs),
3811 bs_queue, state->perm, state->shared_perm,
3812 &nperm, &nshared);
3813 ret = bdrv_check_update_perm(state->new_backing_bs, NULL,
3814 nperm, nshared, NULL, errp);
3815 if (ret < 0) {
3816 goto cleanup_perm;
3819 bs_entry->perms_checked = true;
3823 * If we reach this point, we have success and just need to apply the
3824 * changes.
3826 * Reverse order is used to comfort qcow2 driver: on commit it need to write
3827 * IN_USE flag to the image, to mark bitmaps in the image as invalid. But
3828 * children are usually goes after parents in reopen-queue, so go from last
3829 * to first element.
3831 QTAILQ_FOREACH_REVERSE(bs_entry, bs_queue, entry) {
3832 bdrv_reopen_commit(&bs_entry->state);
3835 ret = 0;
3836 cleanup_perm:
3837 QTAILQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) {
3838 BDRVReopenState *state = &bs_entry->state;
3840 if (!bs_entry->perms_checked) {
3841 continue;
3844 if (ret == 0) {
3845 uint64_t perm, shared;
3847 bdrv_get_cumulative_perm(state->bs, &perm, &shared);
3848 assert(perm == state->perm);
3849 assert(shared == state->shared_perm);
3851 bdrv_set_perm(state->bs);
3852 } else {
3853 bdrv_abort_perm_update(state->bs);
3854 if (state->replace_backing_bs && state->new_backing_bs) {
3855 bdrv_abort_perm_update(state->new_backing_bs);
3860 if (ret == 0) {
3861 QTAILQ_FOREACH_REVERSE(bs_entry, bs_queue, entry) {
3862 BlockDriverState *bs = bs_entry->state.bs;
3864 if (bs->drv->bdrv_reopen_commit_post)
3865 bs->drv->bdrv_reopen_commit_post(&bs_entry->state);
3868 cleanup:
3869 QTAILQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) {
3870 if (ret) {
3871 if (bs_entry->prepared) {
3872 bdrv_reopen_abort(&bs_entry->state);
3874 qobject_unref(bs_entry->state.explicit_options);
3875 qobject_unref(bs_entry->state.options);
3877 if (bs_entry->state.new_backing_bs) {
3878 bdrv_unref(bs_entry->state.new_backing_bs);
3880 g_free(bs_entry);
3882 g_free(bs_queue);
3884 return ret;
3887 int bdrv_reopen_set_read_only(BlockDriverState *bs, bool read_only,
3888 Error **errp)
3890 int ret;
3891 BlockReopenQueue *queue;
3892 QDict *opts = qdict_new();
3894 qdict_put_bool(opts, BDRV_OPT_READ_ONLY, read_only);
3896 bdrv_subtree_drained_begin(bs);
3897 queue = bdrv_reopen_queue(NULL, bs, opts, true);
3898 ret = bdrv_reopen_multiple(queue, errp);
3899 bdrv_subtree_drained_end(bs);
3901 return ret;
3904 static BlockReopenQueueEntry *find_parent_in_reopen_queue(BlockReopenQueue *q,
3905 BdrvChild *c)
3907 BlockReopenQueueEntry *entry;
3909 QTAILQ_FOREACH(entry, q, entry) {
3910 BlockDriverState *bs = entry->state.bs;
3911 BdrvChild *child;
3913 QLIST_FOREACH(child, &bs->children, next) {
3914 if (child == c) {
3915 return entry;
3920 return NULL;
3923 static void bdrv_reopen_perm(BlockReopenQueue *q, BlockDriverState *bs,
3924 uint64_t *perm, uint64_t *shared)
3926 BdrvChild *c;
3927 BlockReopenQueueEntry *parent;
3928 uint64_t cumulative_perms = 0;
3929 uint64_t cumulative_shared_perms = BLK_PERM_ALL;
3931 QLIST_FOREACH(c, &bs->parents, next_parent) {
3932 parent = find_parent_in_reopen_queue(q, c);
3933 if (!parent) {
3934 cumulative_perms |= c->perm;
3935 cumulative_shared_perms &= c->shared_perm;
3936 } else {
3937 uint64_t nperm, nshared;
3939 bdrv_child_perm(parent->state.bs, bs, c, c->role, q,
3940 parent->state.perm, parent->state.shared_perm,
3941 &nperm, &nshared);
3943 cumulative_perms |= nperm;
3944 cumulative_shared_perms &= nshared;
3947 *perm = cumulative_perms;
3948 *shared = cumulative_shared_perms;
3951 static bool bdrv_reopen_can_attach(BlockDriverState *parent,
3952 BdrvChild *child,
3953 BlockDriverState *new_child,
3954 Error **errp)
3956 AioContext *parent_ctx = bdrv_get_aio_context(parent);
3957 AioContext *child_ctx = bdrv_get_aio_context(new_child);
3958 GSList *ignore;
3959 bool ret;
3961 ignore = g_slist_prepend(NULL, child);
3962 ret = bdrv_can_set_aio_context(new_child, parent_ctx, &ignore, NULL);
3963 g_slist_free(ignore);
3964 if (ret) {
3965 return ret;
3968 ignore = g_slist_prepend(NULL, child);
3969 ret = bdrv_can_set_aio_context(parent, child_ctx, &ignore, errp);
3970 g_slist_free(ignore);
3971 return ret;
3975 * Take a BDRVReopenState and check if the value of 'backing' in the
3976 * reopen_state->options QDict is valid or not.
3978 * If 'backing' is missing from the QDict then return 0.
3980 * If 'backing' contains the node name of the backing file of
3981 * reopen_state->bs then return 0.
3983 * If 'backing' contains a different node name (or is null) then check
3984 * whether the current backing file can be replaced with the new one.
3985 * If that's the case then reopen_state->replace_backing_bs is set to
3986 * true and reopen_state->new_backing_bs contains a pointer to the new
3987 * backing BlockDriverState (or NULL).
3989 * Return 0 on success, otherwise return < 0 and set @errp.
3991 static int bdrv_reopen_parse_backing(BDRVReopenState *reopen_state,
3992 Error **errp)
3994 BlockDriverState *bs = reopen_state->bs;
3995 BlockDriverState *overlay_bs, *below_bs, *new_backing_bs;
3996 QObject *value;
3997 const char *str;
3999 value = qdict_get(reopen_state->options, "backing");
4000 if (value == NULL) {
4001 return 0;
4004 switch (qobject_type(value)) {
4005 case QTYPE_QNULL:
4006 new_backing_bs = NULL;
4007 break;
4008 case QTYPE_QSTRING:
4009 str = qstring_get_str(qobject_to(QString, value));
4010 new_backing_bs = bdrv_lookup_bs(NULL, str, errp);
4011 if (new_backing_bs == NULL) {
4012 return -EINVAL;
4013 } else if (bdrv_recurse_has_child(new_backing_bs, bs)) {
4014 error_setg(errp, "Making '%s' a backing file of '%s' "
4015 "would create a cycle", str, bs->node_name);
4016 return -EINVAL;
4018 break;
4019 default:
4020 /* 'backing' does not allow any other data type */
4021 g_assert_not_reached();
4025 * Check AioContext compatibility so that the bdrv_set_backing_hd() call in
4026 * bdrv_reopen_commit() won't fail.
4028 if (new_backing_bs) {
4029 if (!bdrv_reopen_can_attach(bs, bs->backing, new_backing_bs, errp)) {
4030 return -EINVAL;
4035 * Ensure that @bs can really handle backing files, because we are
4036 * about to give it one (or swap the existing one)
4038 if (bs->drv->is_filter) {
4039 /* Filters always have a file or a backing child */
4040 if (!bs->backing) {
4041 error_setg(errp, "'%s' is a %s filter node that does not support a "
4042 "backing child", bs->node_name, bs->drv->format_name);
4043 return -EINVAL;
4045 } else if (!bs->drv->supports_backing) {
4046 error_setg(errp, "Driver '%s' of node '%s' does not support backing "
4047 "files", bs->drv->format_name, bs->node_name);
4048 return -EINVAL;
4052 * Find the "actual" backing file by skipping all links that point
4053 * to an implicit node, if any (e.g. a commit filter node).
4054 * We cannot use any of the bdrv_skip_*() functions here because
4055 * those return the first explicit node, while we are looking for
4056 * its overlay here.
4058 overlay_bs = bs;
4059 for (below_bs = bdrv_filter_or_cow_bs(overlay_bs);
4060 below_bs && below_bs->implicit;
4061 below_bs = bdrv_filter_or_cow_bs(overlay_bs))
4063 overlay_bs = below_bs;
4066 /* If we want to replace the backing file we need some extra checks */
4067 if (new_backing_bs != bdrv_filter_or_cow_bs(overlay_bs)) {
4068 /* Check for implicit nodes between bs and its backing file */
4069 if (bs != overlay_bs) {
4070 error_setg(errp, "Cannot change backing link if '%s' has "
4071 "an implicit backing file", bs->node_name);
4072 return -EPERM;
4075 * Check if the backing link that we want to replace is frozen.
4076 * Note that
4077 * bdrv_filter_or_cow_child(overlay_bs) == overlay_bs->backing,
4078 * because we know that overlay_bs == bs, and that @bs
4079 * either is a filter that uses ->backing or a COW format BDS
4080 * with bs->drv->supports_backing == true.
4082 if (bdrv_is_backing_chain_frozen(overlay_bs,
4083 child_bs(overlay_bs->backing), errp))
4085 return -EPERM;
4087 reopen_state->replace_backing_bs = true;
4088 if (new_backing_bs) {
4089 bdrv_ref(new_backing_bs);
4090 reopen_state->new_backing_bs = new_backing_bs;
4094 return 0;
4098 * Prepares a BlockDriverState for reopen. All changes are staged in the
4099 * 'opaque' field of the BDRVReopenState, which is used and allocated by
4100 * the block driver layer .bdrv_reopen_prepare()
4102 * bs is the BlockDriverState to reopen
4103 * flags are the new open flags
4104 * queue is the reopen queue
4106 * Returns 0 on success, non-zero on error. On error errp will be set
4107 * as well.
4109 * On failure, bdrv_reopen_abort() will be called to clean up any data.
4110 * It is the responsibility of the caller to then call the abort() or
4111 * commit() for any other BDS that have been left in a prepare() state
4114 int bdrv_reopen_prepare(BDRVReopenState *reopen_state, BlockReopenQueue *queue,
4115 Error **errp)
4117 int ret = -1;
4118 int old_flags;
4119 Error *local_err = NULL;
4120 BlockDriver *drv;
4121 QemuOpts *opts;
4122 QDict *orig_reopen_opts;
4123 char *discard = NULL;
4124 bool read_only;
4125 bool drv_prepared = false;
4127 assert(reopen_state != NULL);
4128 assert(reopen_state->bs->drv != NULL);
4129 drv = reopen_state->bs->drv;
4131 /* This function and each driver's bdrv_reopen_prepare() remove
4132 * entries from reopen_state->options as they are processed, so
4133 * we need to make a copy of the original QDict. */
4134 orig_reopen_opts = qdict_clone_shallow(reopen_state->options);
4136 /* Process generic block layer options */
4137 opts = qemu_opts_create(&bdrv_runtime_opts, NULL, 0, &error_abort);
4138 if (!qemu_opts_absorb_qdict(opts, reopen_state->options, errp)) {
4139 ret = -EINVAL;
4140 goto error;
4143 /* This was already called in bdrv_reopen_queue_child() so the flags
4144 * are up-to-date. This time we simply want to remove the options from
4145 * QemuOpts in order to indicate that they have been processed. */
4146 old_flags = reopen_state->flags;
4147 update_flags_from_options(&reopen_state->flags, opts);
4148 assert(old_flags == reopen_state->flags);
4150 discard = qemu_opt_get_del(opts, BDRV_OPT_DISCARD);
4151 if (discard != NULL) {
4152 if (bdrv_parse_discard_flags(discard, &reopen_state->flags) != 0) {
4153 error_setg(errp, "Invalid discard option");
4154 ret = -EINVAL;
4155 goto error;
4159 reopen_state->detect_zeroes =
4160 bdrv_parse_detect_zeroes(opts, reopen_state->flags, &local_err);
4161 if (local_err) {
4162 error_propagate(errp, local_err);
4163 ret = -EINVAL;
4164 goto error;
4167 /* All other options (including node-name and driver) must be unchanged.
4168 * Put them back into the QDict, so that they are checked at the end
4169 * of this function. */
4170 qemu_opts_to_qdict(opts, reopen_state->options);
4172 /* If we are to stay read-only, do not allow permission change
4173 * to r/w. Attempting to set to r/w may fail if either BDRV_O_ALLOW_RDWR is
4174 * not set, or if the BDS still has copy_on_read enabled */
4175 read_only = !(reopen_state->flags & BDRV_O_RDWR);
4176 ret = bdrv_can_set_read_only(reopen_state->bs, read_only, true, &local_err);
4177 if (local_err) {
4178 error_propagate(errp, local_err);
4179 goto error;
4182 /* Calculate required permissions after reopening */
4183 bdrv_reopen_perm(queue, reopen_state->bs,
4184 &reopen_state->perm, &reopen_state->shared_perm);
4186 ret = bdrv_flush(reopen_state->bs);
4187 if (ret) {
4188 error_setg_errno(errp, -ret, "Error flushing drive");
4189 goto error;
4192 if (drv->bdrv_reopen_prepare) {
4194 * If a driver-specific option is missing, it means that we
4195 * should reset it to its default value.
4196 * But not all options allow that, so we need to check it first.
4198 ret = bdrv_reset_options_allowed(reopen_state->bs,
4199 reopen_state->options, errp);
4200 if (ret) {
4201 goto error;
4204 ret = drv->bdrv_reopen_prepare(reopen_state, queue, &local_err);
4205 if (ret) {
4206 if (local_err != NULL) {
4207 error_propagate(errp, local_err);
4208 } else {
4209 bdrv_refresh_filename(reopen_state->bs);
4210 error_setg(errp, "failed while preparing to reopen image '%s'",
4211 reopen_state->bs->filename);
4213 goto error;
4215 } else {
4216 /* It is currently mandatory to have a bdrv_reopen_prepare()
4217 * handler for each supported drv. */
4218 error_setg(errp, "Block format '%s' used by node '%s' "
4219 "does not support reopening files", drv->format_name,
4220 bdrv_get_device_or_node_name(reopen_state->bs));
4221 ret = -1;
4222 goto error;
4225 drv_prepared = true;
4228 * We must provide the 'backing' option if the BDS has a backing
4229 * file or if the image file has a backing file name as part of
4230 * its metadata. Otherwise the 'backing' option can be omitted.
4232 if (drv->supports_backing && reopen_state->backing_missing &&
4233 (reopen_state->bs->backing || reopen_state->bs->backing_file[0])) {
4234 error_setg(errp, "backing is missing for '%s'",
4235 reopen_state->bs->node_name);
4236 ret = -EINVAL;
4237 goto error;
4241 * Allow changing the 'backing' option. The new value can be
4242 * either a reference to an existing node (using its node name)
4243 * or NULL to simply detach the current backing file.
4245 ret = bdrv_reopen_parse_backing(reopen_state, errp);
4246 if (ret < 0) {
4247 goto error;
4249 qdict_del(reopen_state->options, "backing");
4251 /* Options that are not handled are only okay if they are unchanged
4252 * compared to the old state. It is expected that some options are only
4253 * used for the initial open, but not reopen (e.g. filename) */
4254 if (qdict_size(reopen_state->options)) {
4255 const QDictEntry *entry = qdict_first(reopen_state->options);