/* * Threaded data processing for Qcow2: compression, encryption * * Copyright (c) 2004-2006 Fabrice Bellard * Copyright (c) 2018 Virtuozzo International GmbH. All rights reserved. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ #include "qemu/osdep.h" #define ZLIB_CONST #include <zlib.h> #ifdef CONFIG_ZSTD #include <zstd.h> #include <zstd_errors.h> #endif #include "qcow2.h" #include "block/thread-pool.h" #include "crypto.h" static int coroutine_fn qcow2_co_process(BlockDriverState *bs, ThreadPoolFunc *func, void *arg) { int ret; BDRVQcow2State *s = bs->opaque; ThreadPool *pool = aio_get_thread_pool(bdrv_get_aio_context(bs)); qemu_co_mutex_lock(&s->lock); while (s->nb_threads >= QCOW2_MAX_THREADS) { qemu_co_queue_wait(&s->thread_task_queue, &s->lock); } s->nb_threads++; qemu_co_mutex_unlock(&s->lock); ret = thread_pool_submit_co(pool, func, arg); qemu_co_mutex_lock(&s->lock); s->nb_threads--; qemu_co_queue_next(&s->thread_task_queue); qemu_co_mutex_unlock(&s->lock); return ret; } /* * Compression */ typedef ssize_t (*Qcow2CompressFunc)(void *dest, size_t dest_size, const void *src, size_t src_size); typedef struct Qcow2CompressData { void *dest; size_t dest_size; const void *src; size_t src_size; ssize_t ret; Qcow2CompressFunc func; } Qcow2CompressData; /* * qcow2_zlib_compress() * * Compress @src_size bytes of data using zlib compression method * * @dest - destination buffer, @dest_size bytes * @src - source buffer, @src_size bytes * * Returns: compressed size on success * -ENOMEM destination buffer is not enough to store compressed data * -EIO on any other error */ static ssize_t qcow2_zlib_compress(void *dest, size_t dest_size, const void *src, size_t src_size) { ssize_t ret; z_stream strm; /* best compression, small window, no zlib header */ memset(&strm, 0, sizeof(strm)); ret = deflateInit2(&strm, Z_DEFAULT_COMPRESSION, Z_DEFLATED, -12, 9, Z_DEFAULT_STRATEGY); if (ret != Z_OK) { return -EIO; } /* * strm.next_in is not const in old zlib versions, such as those used on * OpenBSD/NetBSD, so cast the const away */ strm.avail_in = src_size; strm.next_in = (void *) src; strm.avail_out = dest_size; strm.next_out = dest; ret = deflate(&strm, Z_FINISH); if (ret == Z_STREAM_END) { ret = dest_size - strm.avail_out; } else { ret = (ret == Z_OK ? -ENOMEM : -EIO); } deflateEnd(&strm); return ret; } /* * qcow2_zlib_decompress() * * Decompress some data (not more than @src_size bytes) to produce exactly * @dest_size bytes using zlib compression method * * @dest - destination buffer, @dest_size bytes * @src - source buffer, @src_size bytes * * Returns: 0 on success * -EIO on fail */ static ssize_t qcow2_zlib_decompress(void *dest, size_t dest_size, const void *src, size_t src_size) { int ret; z_stream strm; memset(&strm, 0, sizeof(strm)); strm.avail_in = src_size; strm.next_in = (void *) src; strm.avail_out = dest_size; strm.next_out = dest; ret = inflateInit2(&strm, -12); if (ret != Z_OK) { return -EIO; } ret = inflate(&strm, Z_FINISH); if ((ret == Z_STREAM_END || ret == Z_BUF_ERROR) && strm.avail_out == 0) { /* * We approve Z_BUF_ERROR because we need @dest buffer to be filled, but * @src buffer may be processed partly (because in qcow2 we know size of * compressed data with precision of one sector) */ ret = 0; } else { ret = -EIO; } inflateEnd(&strm); return ret; } #ifdef CONFIG_ZSTD /* * qcow2_zstd_compress() * * Compress @src_size bytes of data using zstd compression method * * @dest - destination buffer, @dest_size bytes * @src - source buffer, @src_size bytes * * Returns: compressed size on success * -ENOMEM destination buffer is not enough to store compressed data * -EIO on any other error */ static ssize_t qcow2_zstd_compress(void *dest, size_t dest_size, const void *src, size_t src_size) { ssize_t ret; size_t zstd_ret; ZSTD_outBuffer output = { .dst = dest, .size = dest_size, .pos = 0 }; ZSTD_inBuffer input = { .src = src, .size = src_size, .pos = 0 }; ZSTD_CCtx *cctx = ZSTD_createCCtx(); if (!cctx) { return -EIO; } /* * Use the zstd streamed interface for symmetry with decompression, * where streaming is essential since we don't record the exact * compressed size. * * ZSTD_compressStream2() tries to compress everything it could * with a single call. Although, ZSTD docs says that: * "You must continue calling ZSTD_compressStream2() with ZSTD_e_end * until it returns 0, at which point you are free to start a new frame", * in out tests we saw the only case when it returned with >0 - * when the output buffer was too small. In that case, * ZSTD_compressStream2() expects a bigger buffer on the next call. * We can't provide a bigger buffer because we are limited with dest_size * which we pass to the ZSTD_compressStream2() at once. * So, we don't need any loops and just abort the compression when we * don't get 0 result on the first call. */ zstd_ret = ZSTD_compressStream2(cctx, &output, &input, ZSTD_e_end); if (zstd_ret) { if (zstd_ret > output.size - output.pos) { ret = -ENOMEM; } else { ret = -EIO; } goto out; } /* make sure that zstd didn't overflow the dest buffer */ assert(output.pos <= dest_size); ret = output.pos; out: ZSTD_freeCCtx(cctx); return ret; } /* * qcow2_zstd_decompress() * * Decompress some data (not more than @src_size bytes) to produce exactly * @dest_size bytes using zstd compression method * * @dest - destination buffer, @dest_size bytes * @src - source buffer, @src_size bytes * * Returns: 0 on success * -EIO on any error */ static ssize_t qcow2_zstd_decompress(void *dest, size_t dest_size, const void *src, size_t src_size) { size_t zstd_ret = 0; ssize_t ret = 0; ZSTD_outBuffer output = { .dst = dest, .size = dest_size, .pos = 0 }; ZSTD_inBuffer input = { .src = src, .size = src_size, .pos = 0 }; ZSTD_DCtx *dctx = ZSTD_createDCtx(); if (!dctx) { return -EIO; } /* * The compressed stream from the input buffer may consist of more * than one zstd frame. So we iterate until we get a fully * uncompressed cluster. * From zstd docs related to ZSTD_decompressStream: * "return : 0 when a frame is completely decoded and fully flushed" * We suppose that this means: each time ZSTD_decompressStream reads * only ONE full frame and returns 0 if and only if that frame * is completely decoded and flushed. Only after returning 0, * ZSTD_decompressStream reads another ONE full frame. */ while (output.pos < output.size) { size_t last_in_pos = input.pos; size_t last_out_pos = output.pos; zstd_ret = ZSTD_decompressStream(dctx, &output, &input); if (ZSTD_isError(zstd_ret)) { ret = -EIO; break; } /* * The ZSTD manual is vague about what to do if it reads * the buffer partially, and we don't want to get stuck * in an infinite loop where ZSTD_decompressStream * returns > 0 waiting for another input chunk. So, we add * a check which ensures that the loop makes some progress * on each step. */ if (last_in_pos >= input.pos && last_out_pos >= output.pos) { ret = -EIO; break; } } /* * Make sure that we have the frame fully flushed here * if not, we somehow managed to get uncompressed cluster * greater then the cluster size, possibly because of its * damage. */ if (zstd_ret > 0) { ret = -EIO; } ZSTD_freeDCtx(dctx); assert(ret == 0 || ret == -EIO); return ret; } #endif static int qcow2_compress_pool_func(void *opaque) { Qcow2CompressData *data = opaque; data->ret = data->func(data->dest, data->dest_size, data->src, data->src_size); return 0; } static ssize_t coroutine_fn qcow2_co_do_compress(BlockDriverState *bs, void *dest, size_t dest_size, const void *src, size_t src_size, Qcow2CompressFunc func) { Qcow2CompressData arg = { .dest = dest, .dest_size = dest_size, .src = src, .src_size = src_size, .func = func, }; qcow2_co_process(bs, qcow2_compress_pool_func, &arg); return arg.ret; } /* * qcow2_co_compress() * * Compress @src_size bytes of data using the compression * method defined by the image compression type * * @dest - destination buffer, @dest_size bytes * @src - source buffer, @src_size bytes * * Returns: compressed size on success * a negative error code on failure */ ssize_t coroutine_fn qcow2_co_compress(BlockDriverState *bs, void *dest, size_t dest_size, const void *src, size_t src_size) { BDRVQcow2State *s = bs->opaque; Qcow2CompressFunc fn; switch (s->compression_type) { case QCOW2_COMPRESSION_TYPE_ZLIB: fn = qcow2_zlib_compress; break; #ifdef CONFIG_ZSTD case QCOW2_COMPRESSION_TYPE_ZSTD: fn = qcow2_zstd_compress; break; #endif default: abort(); } return qcow2_co_do_compress(bs, dest, dest_size, src, src_size, fn); } /* * qcow2_co_decompress() * * Decompress some data (not more than @src_size bytes) to produce exactly * @dest_size bytes using the compression method defined by the image * compression type * * @dest - destination buffer, @dest_size bytes * @src - source buffer, @src_size bytes * * Returns: 0 on success * a negative error code on failure */ ssize_t coroutine_fn qcow2_co_decompress(BlockDriverState *bs, void *dest, size_t dest_size, const void *src, size_t src_size) { BDRVQcow2State *s = bs->opaque; Qcow2CompressFunc fn; switch (s->compression_type) { case QCOW2_COMPRESSION_TYPE_ZLIB: fn = qcow2_zlib_decompress; break; #ifdef CONFIG_ZSTD case QCOW2_COMPRESSION_TYPE_ZSTD: fn = qcow2_zstd_decompress; break; #endif default: abort(); } return qcow2_co_do_compress(bs, dest, dest_size, src, src_size, fn); } /* * Cryptography */ /* * Qcow2EncDecFunc: common prototype of qcrypto_block_encrypt() and * qcrypto_block_decrypt() functions. */ typedef int (*Qcow2EncDecFunc)(QCryptoBlock *block, uint64_t offset, uint8_t *buf, size_t len, Error **errp); typedef struct Qcow2EncDecData { QCryptoBlock *block; uint64_t offset; uint8_t *buf; size_t len; Qcow2EncDecFunc func; } Qcow2EncDecData; static int qcow2_encdec_pool_func(void *opaque) { Qcow2EncDecData *data = opaque; return data->func(data->block, data->offset, data->buf, data->len, NULL); } static int coroutine_fn qcow2_co_encdec(BlockDriverState *bs, uint64_t host_offset, uint64_t guest_offset, void *buf, size_t len, Qcow2EncDecFunc func) { BDRVQcow2State *s = bs->opaque; Qcow2EncDecData arg = { .block = s->crypto, .offset = s->crypt_physical_offset ? host_offset : guest_offset, .buf = buf, .len = len, .func = func, }; uint64_t sector_size; assert(s->crypto); sector_size = qcrypto_block_get_sector_size(s->crypto); assert(QEMU_IS_ALIGNED(guest_offset, sector_size)); assert(QEMU_IS_ALIGNED(host_offset, sector_size)); assert(QEMU_IS_ALIGNED(len, sector_size)); return len == 0 ? 0 : qcow2_co_process(bs, qcow2_encdec_pool_func, &arg); } /* * qcow2_co_encrypt() * * Encrypts one or more contiguous aligned sectors * * @host_offset - underlying storage offset of the first sector of the * data to be encrypted * * @guest_offset - guest (virtual) offset of the first sector of the * data to be encrypted * * @buf - buffer with the data to encrypt, that after encryption * will be written to the underlying storage device at * @host_offset * * @len - length of the buffer (must be a multiple of the encryption * sector size) * * Depending on the encryption method, @host_offset and/or @guest_offset * may be used for generating the initialization vector for * encryption. * * Note that while the whole range must be aligned on sectors, it * does not have to be aligned on clusters and can also cross cluster * boundaries */ int coroutine_fn qcow2_co_encrypt(BlockDriverState *bs, uint64_t host_offset, uint64_t guest_offset, void *buf, size_t len) { return qcow2_co_encdec(bs, host_offset, guest_offset, buf, len, qcrypto_block_encrypt); } /* * qcow2_co_decrypt() * * Decrypts one or more contiguous aligned sectors * Similar to qcow2_co_encrypt */ int coroutine_fn qcow2_co_decrypt(BlockDriverState *bs, uint64_t host_offset, uint64_t guest_offset, void *buf, size_t len) { return qcow2_co_encdec(bs, host_offset, guest_offset, buf, len, qcrypto_block_decrypt); }