aboutsummaryrefslogtreecommitdiff
path: root/block.c
AgeCommit message (Collapse)Author
2011-06-08bdrv_img_create: Fix segfaultKevin Wolf
Block drivers that don't support creating images don't have a size option. Fail gracefully instead of segfaulting when trying to access the option's value. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-06-08block: clarify the meaning of BDRV_O_NOCACHEChristoph Hellwig
Change BDRV_O_NOCACHE to only imply bypassing the host OS file cache, but no writeback semantics. All existing callers are changed to also specify BDRV_O_CACHE_WB to give them writeback semantics. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-05-19block: Remove type hint, it's guest matter, doesn't belong hereMarkus Armbruster
No users of bdrv_get_type_hint() left. bdrv_set_type_hint() can make the media removable by side effect. Make that explicit. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-05-19block QMP: Deprecate query-block's "type", drop info block's "type="Markus Armbruster
query-block's specification documents response member "type" with values "hd", "cdrom", "floppy", "unknown". Its value is unreliable: a block device used as floppy has type "floppy" if created with if=floppy, but type "hd" if created with if=none. That's because with if=none, the type is at best a declaration of intent: the drive can be connected to any guest device. Its type is really the guest device's business. Reporting it here is wrong. No known user of QMP uses "type". It's unlikely that any unknown users exist, because its value is useless unless you know how the block device was created. But then you also know the true value. Fixing the broken value risks breaking (hypothetical!) clients that somehow rely on the current behavior. Not fixing the value risks breaking (hypothetical!) clients that rely on the value to be accurate. Can't entirely avoid hypothetical lossage. Change the value to be always "unknown". This makes "info block" always report "type=unknown". Pointless. Change it to not report the type. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-05-08Fix typos in comments and code (occured -> occurred and related)Stefan Weil
The code changed here is an unused data type name (evt_flush_occurred). Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-05-06Fix typo in code and commentsStefan Weil
Replace writeable -> writable Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-04-07block: Do not cache device size for removable mediaStefan Hajnoczi
The block layer caches the device size to avoid doing lseek(fd, 0, SEEK_END) every time this value is needed. For removable media the device size becomes stale if a new medium is inserted. This patch simply prevents device size caching for removable media. A smarter solution is to update the cached device size when a new medium is inserted. Given that there are currently bugs with CD-ROM media change I do not want to implement that approach until we've gotten things correct first. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-04-07trace: Trace bdrv_set_locked()Stefan Hajnoczi
It can be handy to know when the guest locks/unlocks the CD-ROM tray. This trace event makes that possible. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-04-07Do not delete BlockDriverState when deleting the driveRyan Harper
When removing a drive from the host-side via drive_del we currently have the following path: drive_del qemu_aio_flush() bdrv_close() // zaps bs->drv, which makes any subsequent I/O get // dropped. Works as designed drive_uninit() bdrv_delete() // frees the bs. Since the device is still connected to // bs, any subsequent I/O is a use-after-free. The value of bs->drv becomes unpredictable on free. As long as it remains null, I/O still gets dropped, however it could become non-null at any point after the free resulting SEGVs or other QEMU state corruption. To resolve this issue as simply as possible, we can chose to not actually delete the BlockDriverState pointer. Since bdrv_close() handles setting the drv pointer to NULL, we just need to remove the BlockDriverState from the QLIST that is used to enumerate the block devices. This is currently handled within bdrv_delete, so move this into its own function, bdrv_make_anon(). The result is that we can now invoke drive_del, this closes the file descriptors and sets BlockDriverState->drv to NULL which prevents futher IO to the device, and since we do not free BlockDriverState, we don't have to worry about the copy retained in the block devices. We also don't attempt to remove the qdev property since we are no longer deleting the BlockDriverState on drives with associated drives. This also allows for removing Drives with no devices associated either. Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Ryan Harper <ryanh@us.ibm.com> Acked-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-03-15Don't allow multiwrites against a block device without underlying mediumRyan Harper
If the block device has been closed, we no longer have a medium to submit IO against, check for this before submitting io. This prevents a segfault further in the code where we dereference elements of the block driver. Signed-off-by: Ryan Harper <ryanh@us.ibm.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-03-07trace: Trace bdrv_aio_flush()Stefan Hajnoczi
Add a trace event for bdrv_aio_flush() to complement the existing bdrv_aio_readv() and bdrv_aio_writev() events. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-02-20fdc: move floppy geometry guessing to block.cBlue Swirl
Other geometry guessing functions already reside in block.c. Remove some unused or debugging only fields. Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2011-02-07block: enable in_use flagMarcelo Tosatti
Set block device in use during block migration, disallow drive_del and bdrv_truncate for in use devices. Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-02-07Add flag to indicate external users to block deviceMarcelo Tosatti
Certain operations such as drive_del or resize cannot be performed while external users (eg. block migration) reference the block device. Add a flag to indicate that. Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-31block: tell drivers about an image resizeChristoph Hellwig
Extend the change_cb callback with a reason argument, and use it to tell drivers about size changes. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-24block: Use backing format driver during image creationStefan Hajnoczi
The backing format should be honored during image creation. For some reason we currently use the image format to open the backing file. This fails when the backing file has a different format than the image being created. Keep the image and backing format drivers completely separate. Also print the backing filename if there is an error opening the backing file instead of the image filename. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Acked-by: Jes Sorensen <Jes.Sorensen@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2011-01-06block: delete a write-only variableBlue Swirl
Avoid a warning with GCC 4.6.0: /src/qemu/block.c: In function 'bdrv_img_create': /src/qemu/block.c:2862:25: error: variable 'fmt' set but not used [-Werror=unused-but-set-variable] CC: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-12-17block: add discard supportChristoph Hellwig
Add a new bdrv_discard method to free blocks in a mapping image, and a new drive property to set the granularity for these discard. If no discard granularity support is set discard support is disabled. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17bdrv_img_create() use proper errno return valuesJes Sorensen
Kevin suggested to have bdrv_img_create() return proper -errno values on error. Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17Prevent creating an image with the same filename as backing fileJes Sorensen
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17qemu-img.c: Re-factor img_create()Jes Sorensen
This patch re-factors img_create() moving the code doing the actual work into block.c where it can be shared with QEMU. This is needed to be able to create images from QEMU to be used for live snapshots. Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17block: Fix the use of protocols in backing filesStefan Hajnoczi
Backing filenames may contain a protocol. The code currently doesn't consider this case and produces filenames that embed "<protocol>:". Don't combine filenames if the backing filename contains a protocol. Based on an earlier patch by Anthony Liguori <aliguori@us.ibm.com>. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-17block: Introduce path_has_protocol() functionStefan Hajnoczi
The bdrv_find_protocol() function returns NULL if an unknown protocol name is given. It returns the "file" protocol when the filename contains no protocol at all. This makes it difficult to distinguish between paths which contain a protocol and those which do not. Factor out a helper function that tests whether or not a filename has a protocol. The next patch makes use of this function. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-12-14block: Make bdrv_create_file() ':' handling consistentStefan Hajnoczi
Filenames may start with "<protocol>:" to explicitly use a protocol like nbd. Filenames with unknown protocols are rejected in most of QEMU except for bdrv_create_file(). Even if a file with an invalid filename can be created, QEMU cannot use it since all the other relevant functions reject such paths. Make bdrv_create_file() consistent. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-11-21block: set sector dirty on AIO write completionMarcelo Tosatti
Sectors are marked dirty in the bitmap on AIO submission. This is wrong since data has not reached storage. Set a given sector as dirty in the dirty bitmap on AIO completion, so that reading a sector marked as dirty is guaranteed to return uptodate data. Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-11-21block: fix shift in dirty bitmap calculationMarcelo Tosatti
Otherwise upper 32 bits of bitmap entries are not correctly calculated. Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-11-04block: Allow bdrv_flush to return errorsKevin Wolf
This changes bdrv_flush to return 0 on success and -errno in case of failure. It's a requirement for implementing proper error handle in users of bdrv_flush. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2010-10-22Copy snapshots out of QCOW2 diskedison
In order to backup snapshots, created from QCOW2 iamge, we want to copy snapshots out of QCOW2 disk to a seperate storage. The following patch adds a new option in "qemu-img": qemu-img convert -f qcow2 -O qcow2 -s snapshot_name src_img bck_img. Right now, it only supports to copy the full snapshot, delta snapshot is on the way. Changes from V1: all the comments from Kevin are addressed: Add read-only checking Fix coding style Change the name from bdrv_snapshot_load to bdrv_snapshot_load_tmp Signed-off-by: Disheng Su <edison@cloud.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-10-09trace: Trace bdrv_aio_{readv,writev}Stefan Hajnoczi
Observing block layer aio readv/writev operations is useful for debugging image formats or understanding guest disk I/O patterns. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2010-09-09trace: Trace virtio-blk, multiwrite, and paio_submitStefan Hajnoczi
This patch adds trace events that make it possible to observe virtio-blk. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2010-09-08Revert "Make default invocation of block drivers safer (v3)"Anthony Liguori
This reverts commit 79368c81bf8cf93864d7afc88b81b05d8f0a2c90. Conflicts: block.c I haven't been able to come up with a solution yet for the corruption caused by unaligned requests from the IDE disk so revert until a solution can be written. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-08-30block: Fix image re-open in bdrv_commitKevin Wolf
Arguably we should re-open the backing file with the backing file format and not with the format of the snapshot image. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-08-03block: Change bdrv_eject() not to drop the imageMarkus Armbruster
bdrv_eject() gets called when a device model opens or closes the tray. If the block driver implements method bdrv_eject(), that method gets called. Drivers host_cdrom implements it, and it opens and closes the physical tray, and nothing else. When a device model opens, then closes the tray, media changes only if the user actively changes the physical media while the tray is open. This is matches how physical hardware behaves. If the block driver doesn't implement method bdrv_eject(), we do something quite different: opening the tray severs the connection to the image by calling bdrv_close(), and closing the tray does nothing. When the device model opens, then closes the tray, media is gone, unless the user actively inserts another one while the tray is open, with a suitable change command in the monitor. This isn't how physical hardware behaves. Rather inconvenient when programs "helpfully" eject media to give you a chance to change it. The way bdrv_eject() behaves here turns that chance into a must, which is not what these programs or their users expect. Change the default action not to call bdrv_close(). Instead, note the tray status in new BlockDriverState member tray_open. Use it in bdrv_is_inserted(). Arguably, the device models should keep track of tray status themselves. But this is less invasive. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-08-03block: Fix bdrv_has_zero_initKevin Wolf
Assuming that any image on a block device is not properly zero-initialized is actually wrong: Only raw images have this problem. Any other image format shouldn't care about it, they initialize everything properly themselves. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-08-03block: Change bdrv_commit to handle multiple sectors at onceKevin Wolf
bdrv_commit copies the image to its backing file sector by sector, which is (surprise!) relatively slow. Let's take a larger buffer and handle more sectors at once if possible. With a 1G qcow2 file, this brought the time bdrv_commit takes down from 5:06 min to 1:14 min for me. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-26Fix -snapshot deleting images on disk changeBlue Swirl
Block device change command did not copy BDRV_O_SNAPSHOT flag. Thus the new image did not have this flag and the file got deleted during opening. Fix by copying BDRV_O_SNAPSHOT flag. Signed-off-by: Blue Swirl <blauwirbel@gmail.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-26block: Use error codes from lower levels for error messageStefan Weil
"No such file or directory" is a misleading error message when a user tries to open a file with wrong permissions. Cc: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-15Make default invocation of block drivers safer (v3)Anthony Liguori
CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user could trick the block probing code into accessing arbitrary files in a guest. To mitigate this, we added an explicit format parameter to -drive which disabling block probing. Fast forward to today, and the vast majority of users do not use this parameter. libvirt does not use this by default nor does virt-manager. Most users want block probing so we should try to make it safer. This patch adds some logic to the raw device which attempts to detect a write operation to the beginning of a raw device. If the first 4 bytes happen to match an image file that has a backing file that we support, it scrubs the signature to all zeros. If a user specifies an explicit format parameter, this behavior is disabled. I contend that while a legitimate guest could write such a signature to the header, we would behave incorrectly anyway upon the next invocation of QEMU. This simply changes the incorrect behavior to not involve a security vulnerability. I've tested this pretty extensively both in the positive and negative case. I'm not 100% confident in the block layer's ability to deal with zero sized writes particularly with respect to the aio functions so some additional eyes would be appreciated. Even in the case of a single sector write, we have to make sure to invoked the completion from a bottom half so just removing the zero sized write is not an option. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-07-06qcow2/vdi: Change check to distinguish error casesKevin Wolf
This distinguishes between harmless leaks and real corruption. Hopefully users better understand what qemu-img check wants to tell them. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-06qemu-img check: Distinguish different kinds of errorsKevin Wolf
People think that their images are corrupted when in fact there are just some leaked clusters. Differentiating several error cases should make the messages more comprehensible. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-02block: Handle multiwrite errors only when all requests have completedKevin Wolf
Don't try to be clever by freeing all temporary data and calling all callbacks when the return value (an error) is certain. Doing so has at least two important problems: * The temporary data that is freed (qiov, possibly zero buffer) is still used by the requests that have not yet completed. * Calling the callbacks for all requests in the multiwrite means for the caller that it may free buffers etc. which are still in use. Just remember the error value and do the cleanup when all requests have completed. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-02block: Fix early failure in multiwriteKevin Wolf
bdrv_aio_writev may call the callback immediately (and it will commonly do so in error cases). Current code doesn't consider this. For details see the comment added by this patch. Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-02block: Fix virtual media change for if=noneMarkus Armbruster
BlockDriverState member removable controls whether virtual media change (monitor commands change, eject) is allowed. It is set when the "type hint" is BDRV_TYPE_CDROM or BDRV_TYPE_FLOPPY. The type hint is only set by drive_init(). It sets BDRV_TYPE_FLOPPY for if=floppy. It sets BDRV_TYPE_CDROM for media=cdrom and if=ide, scsi, xen, or none. if=ide and if=scsi work, because the type hint makes it a CD-ROM. if=xen likewise, I think. For the same reason, if=none works when it's used by ide-drive or scsi-disk. For other guest devices, there are problems: * fdc: you can't change virtual media $ qemu [...] -drive if=none,id=foo,... -global isa-fdc.driveA=foo QEMU 0.12.50 monitor - type 'help' for more information (qemu) eject foo Device 'foo' is not removable unless you add media=cdrom, but that makes it readonly. * virtio: if you add media=cdrom, you can change virtual media. If you eject, the guest gets I/O errors. If you change, the guest sees the drive's contents suddenly change. * scsi-generic: if you add media=cdrom, you can change virtual media. I didn't test what that does to the guest or the physical device, but it can't be pretty. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-02block: Clean up bdrv_snapshots()Markus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-02savevm: Survive hot-unplug of snapshot deviceMarkus Armbruster
savevm.c keeps a pointer to the snapshot block device. If you manage to get that device deleted, the pointer dangles, and the next snapshot operation will crash & burn. Unplugging a guest device that uses it does the trick: $ MALLOC_PERTURB_=234 qemu-system-x86_64 [...] QEMU 0.12.50 monitor - type 'help' for more information (qemu) info snapshots No available block device supports snapshots (qemu) drive_add auto if=none,file=tmp.qcow2 OK (qemu) device_add usb-storage,id=foo,drive=none1 (qemu) info snapshots Snapshot devices: none1 Snapshot list (from none1): ID TAG VM SIZE DATE VM CLOCK (qemu) device_del foo (qemu) info snapshots Snapshot devices: Segmentation fault (core dumped) Move management of that pointer to block.c, and zap it when the device it points becomes unusable. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-02block: Catch attempt to attach multiple devices to a blockdevMarkus Armbruster
For instance, -device scsi-disk,drive=foo -device scsi-disk,drive=foo happily creates two SCSI disks connected to the same block device. It's all downhill from there. Device usb-storage deliberately attaches twice to the same blockdev, which fails with the fix in place. Detach before the second attach there. Also catch attempt to delete while a guest device model is attached. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-02Don't reset bs->is_temporary in bdrv_open_commonRyan Harper
To fix https://bugs.launchpad.net/qemu/+bug/597402 where qemu fails to call unlink() on temporary snapshots due to bs->is_temporary getting clobbered in bdrv_open_common() after being set in bdrv_open() which calls the former. We don't need to initialize bs->is_temporary in bdrv_open_common(). Signed-off-by: Ryan Harper <ryanh@us.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-07-02block: allow filenames with colons again for host devicesChristoph Hellwig
Before the raw/file split we used to allow filenames with colons for host device only. While this was more by accident than by design people rely on it, so we need to bring it back. So move the host device probing to be before the protocol detection again. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-06-22block: Add bdrv_(p)write_syncKevin Wolf
Add new functions that write and flush the written data to disk immediately. This is what needs to be used for image format metadata to maintain integrity for cache=... modes that don't use O_DSYNC. (Actually, we only need barriers, and therefore the functions are defined as such, but flushes is what is implemented in this patch - we can try to change that later) Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2010-06-15block: fix a warning and possible truncationBlue Swirl
Fix a warning from OpenBSD gcc (3.3.5 (propolice)): /src/qemu/block.c: In function `bdrv_info_stats_bs': /src/qemu/block.c:1548: warning: long long int format, long unsigned int arg (arg 6) There may be also truncation effects. Signed-off-by: Blue Swirl <blauwirbel@gmail.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>