qxl: check release info object
[qemu.git] / block.c
1 /*
2 * QEMU System Emulator block driver
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25 #include "qemu/osdep.h"
26 #include "block/trace.h"
27 #include "block/block_int.h"
28 #include "block/blockjob.h"
29 #include "block/nbd.h"
30 #include "block/qdict.h"
31 #include "qemu/error-report.h"
32 #include "module_block.h"
33 #include "qemu/module.h"
34 #include "qapi/error.h"
35 #include "qapi/qmp/qdict.h"
36 #include "qapi/qmp/qjson.h"
37 #include "qapi/qmp/qnull.h"
38 #include "qapi/qmp/qstring.h"
39 #include "qapi/qobject-output-visitor.h"
40 #include "qapi/qapi-visit-block-core.h"
41 #include "sysemu/block-backend.h"
42 #include "sysemu/sysemu.h"
43 #include "qemu/notify.h"
44 #include "qemu/option.h"
45 #include "qemu/coroutine.h"
46 #include "block/qapi.h"
47 #include "qemu/timer.h"
48 #include "qemu/cutils.h"
49 #include "qemu/id.h"
50
51 #ifdef CONFIG_BSD
52 #include <sys/ioctl.h>
53 #include <sys/queue.h>
54 #ifndef __DragonFly__
55 #include <sys/disk.h>
56 #endif
57 #endif
58
59 #ifdef _WIN32
60 #include <windows.h>
61 #endif
62
63 #define NOT_DONE 0x7fffffff /* used while emulated sync operation in progress */
64
65 static QTAILQ_HEAD(, BlockDriverState) graph_bdrv_states =
66 QTAILQ_HEAD_INITIALIZER(graph_bdrv_states);
67
68 static QTAILQ_HEAD(, BlockDriverState) all_bdrv_states =
69 QTAILQ_HEAD_INITIALIZER(all_bdrv_states);
70
71 static QLIST_HEAD(, BlockDriver) bdrv_drivers =
72 QLIST_HEAD_INITIALIZER(bdrv_drivers);
73
74 static BlockDriverState *bdrv_open_inherit(const char *filename,
75 const char *reference,
76 QDict *options, int flags,
77 BlockDriverState *parent,
78 const BdrvChildRole *child_role,
79 Error **errp);
80
81 /* If non-zero, use only whitelisted block drivers */
82 static int use_bdrv_whitelist;
83
84 #ifdef _WIN32
85 static int is_windows_drive_prefix(const char *filename)
86 {
87 return (((filename[0] >= 'a' && filename[0] <= 'z') ||
88 (filename[0] >= 'A' && filename[0] <= 'Z')) &&
89 filename[1] == ':');
90 }
91
92 int is_windows_drive(const char *filename)
93 {
94 if (is_windows_drive_prefix(filename) &&
95 filename[2] == '\0')
96 return 1;
97 if (strstart(filename, "\\\\.\\", NULL) ||
98 strstart(filename, "//./", NULL))
99 return 1;
100 return 0;
101 }
102 #endif
103
104 size_t bdrv_opt_mem_align(BlockDriverState *bs)
105 {
106 if (!bs || !bs->drv) {
107 /* page size or 4k (hdd sector size) should be on the safe side */
108 return MAX(4096, getpagesize());
109 }
110
111 return bs->bl.opt_mem_alignment;
112 }
113
114 size_t bdrv_min_mem_align(BlockDriverState *bs)
115 {
116 if (!bs || !bs->drv) {
117 /* page size or 4k (hdd sector size) should be on the safe side */
118 return MAX(4096, getpagesize());
119 }
120
121 return bs->bl.min_mem_alignment;
122 }
123
124 /* check if the path starts with "<protocol>:" */
125 int path_has_protocol(const char *path)
126 {
127 const char *p;
128
129 #ifdef _WIN32
130 if (is_windows_drive(path) ||
131 is_windows_drive_prefix(path)) {
132 return 0;
133 }
134 p = path + strcspn(path, ":/\\");
135 #else
136 p = path + strcspn(path, ":/");
137 #endif
138
139 return *p == ':';
140 }
141
142 int path_is_absolute(const char *path)
143 {
144 #ifdef _WIN32
145 /* specific case for names like: "\\.\d:" */
146 if (is_windows_drive(path) || is_windows_drive_prefix(path)) {
147 return 1;
148 }
149 return (*path == '/' || *path == '\\');
150 #else
151 return (*path == '/');
152 #endif
153 }
154
155 /* if filename is absolute, just return its duplicate. Otherwise, build a
156 path to it by considering it is relative to base_path. URL are
157 supported. */
158 char *path_combine(const char *base_path, const char *filename)
159 {
160 const char *protocol_stripped = NULL;
161 const char *p, *p1;
162 char *result;
163 int len;
164
165 if (path_is_absolute(filename)) {
166 return g_strdup(filename);
167 }
168
169 if (path_has_protocol(base_path)) {
170 protocol_stripped = strchr(base_path, ':');
171 if (protocol_stripped) {
172 protocol_stripped++;
173 }
174 }
175 p = protocol_stripped ?: base_path;
176
177 p1 = strrchr(base_path, '/');
178 #ifdef _WIN32
179 {
180 const char *p2;
181 p2 = strrchr(base_path, '\\');
182 if (!p1 || p2 > p1) {
183 p1 = p2;
184 }
185 }
186 #endif
187 if (p1) {
188 p1++;
189 } else {
190 p1 = base_path;
191 }
192 if (p1 > p) {
193 p = p1;
194 }
195 len = p - base_path;
196
197 result = g_malloc(len + strlen(filename) + 1);
198 memcpy(result, base_path, len);
199 strcpy(result + len, filename);
200
201 return result;
202 }
203
204 /*
205 * Helper function for bdrv_parse_filename() implementations to remove optional
206 * protocol prefixes (especially "file:") from a filename and for putting the
207 * stripped filename into the options QDict if there is such a prefix.
208 */
209 void bdrv_parse_filename_strip_prefix(const char *filename, const char *prefix,
210 QDict *options)
211 {
212 if (strstart(filename, prefix, &filename)) {
213 /* Stripping the explicit protocol prefix may result in a protocol
214 * prefix being (wrongly) detected (if the filename contains a colon) */
215 if (path_has_protocol(filename)) {
216 QString *fat_filename;
217
218 /* This means there is some colon before the first slash; therefore,
219 * this cannot be an absolute path */
220 assert(!path_is_absolute(filename));
221
222 /* And we can thus fix the protocol detection issue by prefixing it
223 * by "./" */
224 fat_filename = qstring_from_str("./");
225 qstring_append(fat_filename, filename);
226
227 assert(!path_has_protocol(qstring_get_str(fat_filename)));
228
229 qdict_put(options, "filename", fat_filename);
230 } else {
231 /* If no protocol prefix was detected, we can use the shortened
232 * filename as-is */
233 qdict_put_str(options, "filename", filename);
234 }
235 }
236 }
237
238
239 /* Returns whether the image file is opened as read-only. Note that this can
240 * return false and writing to the image file is still not possible because the
241 * image is inactivated. */
242 bool bdrv_is_read_only(BlockDriverState *bs)
243 {
244 return bs->read_only;
245 }
246
247 int bdrv_can_set_read_only(BlockDriverState *bs, bool read_only,
248 bool ignore_allow_rdw, Error **errp)
249 {
250 /* Do not set read_only if copy_on_read is enabled */
251 if (bs->copy_on_read && read_only) {
252 error_setg(errp, "Can't set node '%s' to r/o with copy-on-read enabled",
253 bdrv_get_device_or_node_name(bs));
254 return -EINVAL;
255 }
256
257 /* Do not clear read_only if it is prohibited */
258 if (!read_only && !(bs->open_flags & BDRV_O_ALLOW_RDWR) &&
259 !ignore_allow_rdw)
260 {
261 error_setg(errp, "Node '%s' is read only",
262 bdrv_get_device_or_node_name(bs));
263 return -EPERM;
264 }
265
266 return 0;
267 }
268
269 /*
270 * Called by a driver that can only provide a read-only image.
271 *
272 * Returns 0 if the node is already read-only or it could switch the node to
273 * read-only because BDRV_O_AUTO_RDONLY is set.
274 *
275 * Returns -EACCES if the node is read-write and BDRV_O_AUTO_RDONLY is not set
276 * or bdrv_can_set_read_only() forbids making the node read-only. If @errmsg
277 * is not NULL, it is used as the error message for the Error object.
278 */
279 int bdrv_apply_auto_read_only(BlockDriverState *bs, const char *errmsg,
280 Error **errp)
281 {
282 int ret = 0;
283
284 if (!(bs->open_flags & BDRV_O_RDWR)) {
285 return 0;
286 }
287 if (!(bs->open_flags & BDRV_O_AUTO_RDONLY)) {
288 goto fail;
289 }
290
291 ret = bdrv_can_set_read_only(bs, true, false, NULL);
292 if (ret < 0) {
293 goto fail;
294 }
295
296 bs->read_only = true;
297 bs->open_flags &= ~BDRV_O_RDWR;
298
299 return 0;
300
301 fail:
302 error_setg(errp, "%s", errmsg ?: "Image is read-only");
303 return -EACCES;
304 }
305
306 /*
307 * If @backing is empty, this function returns NULL without setting
308 * @errp. In all other cases, NULL will only be returned with @errp
309 * set.
310 *
311 * Therefore, a return value of NULL without @errp set means that
312 * there is no backing file; if @errp is set, there is one but its
313 * absolute filename cannot be generated.
314 */
315 char *bdrv_get_full_backing_filename_from_filename(const char *backed,
316 const char *backing,
317 Error **errp)
318 {
319 if (backing[0] == '\0') {
320 return NULL;
321 } else if (path_has_protocol(backing) || path_is_absolute(backing)) {
322 return g_strdup(backing);
323 } else if (backed[0] == '\0' || strstart(backed, "json:", NULL)) {
324 error_setg(errp, "Cannot use relative backing file names for '%s'",
325 backed);
326 return NULL;
327 } else {
328 return path_combine(backed, backing);
329 }
330 }
331
332 /*
333 * If @filename is empty or NULL, this function returns NULL without
334 * setting @errp. In all other cases, NULL will only be returned with
335 * @errp set.
336 */
337 static char *bdrv_make_absolute_filename(BlockDriverState *relative_to,
338 const char *filename, Error **errp)
339 {
340 char *dir, *full_name;
341
342 if (!filename || filename[0] == '\0') {
343 return NULL;
344 } else if (path_has_protocol(filename) || path_is_absolute(filename)) {
345 return g_strdup(filename);
346 }
347
348 dir = bdrv_dirname(relative_to, errp);
349 if (!dir) {
350 return NULL;
351 }
352
353 full_name = g_strconcat(dir, filename, NULL);
354 g_free(dir);
355 return full_name;
356 }
357
358 char *bdrv_get_full_backing_filename(BlockDriverState *bs, Error **errp)
359 {
360 return bdrv_make_absolute_filename(bs, bs->backing_file, errp);
361 }
362
363 void bdrv_register(BlockDriver *bdrv)
364 {
365 QLIST_INSERT_HEAD(&bdrv_drivers, bdrv, list);
366 }
367
368 BlockDriverState *bdrv_new(void)
369 {
370 BlockDriverState *bs;
371 int i;
372
373 bs = g_new0(BlockDriverState, 1);
374 QLIST_INIT(&bs->dirty_bitmaps);
375 for (i = 0; i < BLOCK_OP_TYPE_MAX; i++) {
376 QLIST_INIT(&bs->op_blockers[i]);
377 }
378 notifier_with_return_list_init(&bs->before_write_notifiers);
379 qemu_co_mutex_init(&bs->reqs_lock);
380 qemu_mutex_init(&bs->dirty_bitmap_mutex);
381 bs->refcnt = 1;
382 bs->aio_context = qemu_get_aio_context();
383
384 qemu_co_queue_init(&bs->flush_queue);
385
386 for (i = 0; i < bdrv_drain_all_count; i++) {
387 bdrv_drained_begin(bs);
388 }
389
390 QTAILQ_INSERT_TAIL(&all_bdrv_states, bs, bs_list);
391
392 return bs;
393 }
394
395 static BlockDriver *bdrv_do_find_format(const char *format_name)
396 {
397 BlockDriver *drv1;
398
399 QLIST_FOREACH(drv1, &bdrv_drivers, list) {
400 if (!strcmp(drv1->format_name, format_name)) {
401 return drv1;
402 }
403 }
404
405 return NULL;
406 }
407
408 BlockDriver *bdrv_find_format(const char *format_name)
409 {
410 BlockDriver *drv1;
411 int i;
412
413 drv1 = bdrv_do_find_format(format_name);
414 if (drv1) {
415 return drv1;
416 }
417
418 /* The driver isn't registered, maybe we need to load a module */
419 for (i = 0; i < (int)ARRAY_SIZE(block_driver_modules); ++i) {
420 if (!strcmp(block_driver_modules[i].format_name, format_name)) {
421 block_module_load_one(block_driver_modules[i].library_name);
422 break;
423 }
424 }
425
426 return bdrv_do_find_format(format_name);
427 }
428
429 static int bdrv_format_is_whitelisted(const char *format_name, bool read_only)
430 {
431 static const char *whitelist_rw[] = {
432 CONFIG_BDRV_RW_WHITELIST
433 };
434 static const char *whitelist_ro[] = {
435 CONFIG_BDRV_RO_WHITELIST
436 };
437 const char **p;
438
439 if (!whitelist_rw[0] && !whitelist_ro[0]) {
440 return 1; /* no whitelist, anything goes */
441 }
442
443 for (p = whitelist_rw; *p; p++) {
444 if (!strcmp(format_name, *p)) {
445 return 1;
446 }
447 }
448 if (read_only) {
449 for (p = whitelist_ro; *p; p++) {
450 if (!strcmp(format_name, *p)) {
451 return 1;
452 }
453 }
454 }
455 return 0;
456 }
457
458 int bdrv_is_whitelisted(BlockDriver *drv, bool read_only)
459 {
460 return bdrv_format_is_whitelisted(drv->format_name, read_only);
461 }
462
463 bool bdrv_uses_whitelist(void)
464 {
465 return use_bdrv_whitelist;
466 }
467
468 typedef struct CreateCo {
469 BlockDriver *drv;
470 char *filename;
471 QemuOpts *opts;
472 int ret;
473 Error *err;
474 } CreateCo;
475
476 static void coroutine_fn bdrv_create_co_entry(void *opaque)
477 {
478 Error *local_err = NULL;
479 int ret;
480
481 CreateCo *cco = opaque;
482 assert(cco->drv);
483
484 ret = cco->drv->bdrv_co_create_opts(cco->filename, cco->opts, &local_err);
485 error_propagate(&cco->err, local_err);
486 cco->ret = ret;
487 }
488
489 int bdrv_create(BlockDriver *drv, const char* filename,
490 QemuOpts *opts, Error **errp)
491 {
492 int ret;
493
494 Coroutine *co;
495 CreateCo cco = {
496 .drv = drv,
497 .filename = g_strdup(filename),
498 .opts = opts,
499 .ret = NOT_DONE,
500 .err = NULL,
501 };
502
503 if (!drv->bdrv_co_create_opts) {
504 error_setg(errp, "Driver '%s' does not support image creation", drv->format_name);
505 ret = -ENOTSUP;
506 goto out;
507 }
508
509 if (qemu_in_coroutine()) {
510 /* Fast-path if already in coroutine context */
511 bdrv_create_co_entry(&cco);
512 } else {
513 co = qemu_coroutine_create(bdrv_create_co_entry, &cco);
514 qemu_coroutine_enter(co);
515 while (cco.ret == NOT_DONE) {
516 aio_poll(qemu_get_aio_context(), true);
517 }
518 }
519
520 ret = cco.ret;
521 if (ret < 0) {
522 if (cco.err) {
523 error_propagate(errp, cco.err);
524 } else {
525 error_setg_errno(errp, -ret, "Could not create image");
526 }
527 }
528
529 out:
530 g_free(cco.filename);
531 return ret;
532 }
533
534 int bdrv_create_file(const char *filename, QemuOpts *opts, Error **errp)
535 {
536 BlockDriver *drv;
537 Error *local_err = NULL;
538 int ret;
539
540 drv = bdrv_find_protocol(filename, true, errp);
541 if (drv == NULL) {
542 return -ENOENT;
543 }
544
545 ret = bdrv_create(drv, filename, opts, &local_err);
546 error_propagate(errp, local_err);
547 return ret;
548 }
549
550 /**
551 * Try to get @bs's logical and physical block size.
552 * On success, store them in @bsz struct and return 0.
553 * On failure return -errno.
554 * @bs must not be empty.
555 */
556 int bdrv_probe_blocksizes(BlockDriverState *bs, BlockSizes *bsz)
557 {
558 BlockDriver *drv = bs->drv;
559
560 if (drv && drv->bdrv_probe_blocksizes) {
561 return drv->bdrv_probe_blocksizes(bs, bsz);
562 } else if (drv && drv->is_filter && bs->file) {
563 return bdrv_probe_blocksizes(bs->file->bs, bsz);
564 }
565
566 return -ENOTSUP;
567 }
568
569 /**
570 * Try to get @bs's geometry (cyls, heads, sectors).
571 * On success, store them in @geo struct and return 0.
572 * On failure return -errno.
573 * @bs must not be empty.
574 */
575 int bdrv_probe_geometry(BlockDriverState *bs, HDGeometry *geo)
576 {
577 BlockDriver *drv = bs->drv;
578
579 if (drv && drv->bdrv_probe_geometry) {
580 return drv->bdrv_probe_geometry(bs, geo);
581 } else if (drv && drv->is_filter && bs->file) {
582 return bdrv_probe_geometry(bs->file->bs, geo);
583 }
584
585 return -ENOTSUP;
586 }
587
588 /*
589 * Create a uniquely-named empty temporary file.
590 * Return 0 upon success, otherwise a negative errno value.
591 */
592 int get_tmp_filename(char *filename, int size)
593 {
594 #ifdef _WIN32
595 char temp_dir[MAX_PATH];
596 /* GetTempFileName requires that its output buffer (4th param)
597 have length MAX_PATH or greater. */
598 assert(size >= MAX_PATH);
599 return (GetTempPath(MAX_PATH, temp_dir)
600 && GetTempFileName(temp_dir, "qem", 0, filename)
601 ? 0 : -GetLastError());
602 #else
603 int fd;
604 const char *tmpdir;
605 tmpdir = getenv("TMPDIR");
606 if (!tmpdir) {
607 tmpdir = "/var/tmp";
608 }
609 if (snprintf(filename, size, "%s/vl.XXXXXX", tmpdir) >= size) {
610 return -EOVERFLOW;
611 }
612 fd = mkstemp(filename);
613 if (fd < 0) {
614 return -errno;
615 }
616 if (close(fd) != 0) {
617 unlink(filename);
618 return -errno;
619 }
620 return 0;
621 #endif
622 }
623
624 /*
625 * Detect host devices. By convention, /dev/cdrom[N] is always
626 * recognized as a host CDROM.
627 */
628 static BlockDriver *find_hdev_driver(const char *filename)
629 {
630 int score_max = 0, score;
631 BlockDriver *drv = NULL, *d;
632
633 QLIST_FOREACH(d, &bdrv_drivers, list) {
634 if (d->bdrv_probe_device) {
635 score = d->bdrv_probe_device(filename);
636 if (score > score_max) {
637 score_max = score;
638 drv = d;
639 }
640 }
641 }
642
643 return drv;
644 }
645
646 static BlockDriver *bdrv_do_find_protocol(const char *protocol)
647 {
648 BlockDriver *drv1;
649
650 QLIST_FOREACH(drv1, &bdrv_drivers, list) {
651 if (drv1->protocol_name && !strcmp(drv1->protocol_name, protocol)) {
652 return drv1;
653 }
654 }
655
656 return NULL;
657 }
658
659 BlockDriver *bdrv_find_protocol(const char *filename,
660 bool allow_protocol_prefix,
661 Error **errp)
662 {
663 BlockDriver *drv1;
664 char protocol[128];
665 int len;
666 const char *p;
667 int i;
668
669 /* TODO Drivers without bdrv_file_open must be specified explicitly */
670
671 /*
672 * XXX(hch): we really should not let host device detection
673 * override an explicit protocol specification, but moving this
674 * later breaks access to device names with colons in them.
675 * Thanks to the brain-dead persistent naming schemes on udev-
676 * based Linux systems those actually are quite common.
677 */
678 drv1 = find_hdev_driver(filename);
679 if (drv1) {
680 return drv1;
681 }
682
683 if (!path_has_protocol(filename) || !allow_protocol_prefix) {
684 return &bdrv_file;
685 }
686
687 p = strchr(filename, ':');
688 assert(p != NULL);
689 len = p - filename;
690 if (len > sizeof(protocol) - 1)
691 len = sizeof(protocol) - 1;
692 memcpy(protocol, filename, len);
693 protocol[len] = '\0';
694
695 drv1 = bdrv_do_find_protocol(protocol);
696 if (drv1) {
697 return drv1;
698 }
699
700 for (i = 0; i < (int)ARRAY_SIZE(block_driver_modules); ++i) {
701 if (block_driver_modules[i].protocol_name &&
702 !strcmp(block_driver_modules[i].protocol_name, protocol)) {
703 block_module_load_one(block_driver_modules[i].library_name);
704 break;
705 }
706 }
707
708 drv1 = bdrv_do_find_protocol(protocol);
709 if (!drv1) {
710 error_setg(errp, "Unknown protocol '%s'", protocol);
711 }
712 return drv1;
713 }
714
715 /*
716 * Guess image format by probing its contents.
717 * This is not a good idea when your image is raw (CVE-2008-2004), but
718 * we do it anyway for backward compatibility.
719 *
720 * @buf contains the image's first @buf_size bytes.
721 * @buf_size is the buffer size in bytes (generally BLOCK_PROBE_BUF_SIZE,
722 * but can be smaller if the image file is smaller)
723 * @filename is its filename.
724 *
725 * For all block drivers, call the bdrv_probe() method to get its
726 * probing score.
727 * Return the first block driver with the highest probing score.
728 */
729 BlockDriver *bdrv_probe_all(const uint8_t *buf, int buf_size,
730 const char *filename)
731 {
732 int score_max = 0, score;
733 BlockDriver *drv = NULL, *d;
734
735 QLIST_FOREACH(d, &bdrv_drivers, list) {
736 if (d->bdrv_probe) {
737 score = d->bdrv_probe(buf, buf_size, filename);
738 if (score > score_max) {
739 score_max = score;
740 drv = d;
741 }
742 }
743 }
744
745 return drv;
746 }
747
748 static int find_image_format(BlockBackend *file, const char *filename,
749 BlockDriver **pdrv, Error **errp)
750 {
751 BlockDriver *drv;
752 uint8_t buf[BLOCK_PROBE_BUF_SIZE];
753 int ret = 0;
754
755 /* Return the raw BlockDriver * to scsi-generic devices or empty drives */
756 if (blk_is_sg(file) || !blk_is_inserted(file) || blk_getlength(file) == 0) {
757 *pdrv = &bdrv_raw;
758 return ret;
759 }
760
761 ret = blk_pread(file, 0, buf, sizeof(buf));
762 if (ret < 0) {
763 error_setg_errno(errp, -ret, "Could not read image for determining its "
764 "format");
765 *pdrv = NULL;
766 return ret;
767 }
768
769 drv = bdrv_probe_all(buf, ret, filename);
770 if (!drv) {
771 error_setg(errp, "Could not determine image format: No compatible "
772 "driver found");
773 ret = -ENOENT;
774 }
775 *pdrv = drv;
776 return ret;
777 }
778
779 /**
780 * Set the current 'total_sectors' value
781 * Return 0 on success, -errno on error.
782 */
783 int refresh_total_sectors(BlockDriverState *bs, int64_t hint)
784 {
785 BlockDriver *drv = bs->drv;
786
787 if (!drv) {
788 return -ENOMEDIUM;
789 }
790
791 /* Do not attempt drv->bdrv_getlength() on scsi-generic devices */
792 if (bdrv_is_sg(bs))
793 return 0;
794
795 /* query actual device if possible, otherwise just trust the hint */
796 if (drv->bdrv_getlength) {
797 int64_t length = drv->bdrv_getlength(bs);
798 if (length < 0) {
799 return length;
800 }
801 hint = DIV_ROUND_UP(length, BDRV_SECTOR_SIZE);
802 }
803
804 bs->total_sectors = hint;
805 return 0;
806 }
807
808 /**
809 * Combines a QDict of new block driver @options with any missing options taken
810 * from @old_options, so that leaving out an option defaults to its old value.
811 */
812 static void bdrv_join_options(BlockDriverState *bs, QDict *options,
813 QDict *old_options)
814 {
815 if (bs->drv && bs->drv->bdrv_join_options) {
816 bs->drv->bdrv_join_options(options, old_options);
817 } else {
818 qdict_join(options, old_options, false);
819 }
820 }
821
822 static BlockdevDetectZeroesOptions bdrv_parse_detect_zeroes(QemuOpts *opts,
823 int open_flags,
824 Error **errp)
825 {
826 Error *local_err = NULL;
827 char *value = qemu_opt_get_del(opts, "detect-zeroes");
828 BlockdevDetectZeroesOptions detect_zeroes =
829 qapi_enum_parse(&BlockdevDetectZeroesOptions_lookup, value,
830 BLOCKDEV_DETECT_ZEROES_OPTIONS_OFF, &local_err);
831 g_free(value);
832 if (local_err) {
833 error_propagate(errp, local_err);
834 return detect_zeroes;
835 }
836
837 if (detect_zeroes == BLOCKDEV_DETECT_ZEROES_OPTIONS_UNMAP &&
838 !(open_flags & BDRV_O_UNMAP))
839 {
840 error_setg(errp, "setting detect-zeroes to unmap is not allowed "
841 "without setting discard operation to unmap");
842 }
843
844 return detect_zeroes;
845 }
846
847 /**
848 * Set open flags for a given discard mode
849 *
850 * Return 0 on success, -1 if the discard mode was invalid.
851 */
852 int bdrv_parse_discard_flags(const char *mode, int *flags)
853 {
854 *flags &= ~BDRV_O_UNMAP;
855
856 if (!strcmp(mode, "off") || !strcmp(mode, "ignore")) {
857 /* do nothing */
858 } else if (!strcmp(mode, "on") || !strcmp(mode, "unmap")) {
859 *flags |= BDRV_O_UNMAP;
860 } else {
861 return -1;
862 }
863
864 return 0;
865 }
866
867 /**
868 * Set open flags for a given cache mode
869 *
870 * Return 0 on success, -1 if the cache mode was invalid.
871 */
872 int bdrv_parse_cache_mode(const char *mode, int *flags, bool *writethrough)
873 {
874 *flags &= ~BDRV_O_CACHE_MASK;
875
876 if (!strcmp(mode, "off") || !strcmp(mode, "none")) {
877 *writethrough = false;
878 *flags |= BDRV_O_NOCACHE;
879 } else if (!strcmp(mode, "directsync")) {
880 *writethrough = true;
881 *flags |= BDRV_O_NOCACHE;
882 } else if (!strcmp(mode, "writeback")) {
883 *writethrough = false;
884 } else if (!strcmp(mode, "unsafe")) {
885 *writethrough = false;
886 *flags |= BDRV_O_NO_FLUSH;
887 } else if (!strcmp(mode, "writethrough")) {
888 *writethrough = true;
889 } else {
890 return -1;
891 }
892
893 return 0;
894 }
895
896 static char *bdrv_child_get_parent_desc(BdrvChild *c)
897 {
898 BlockDriverState *parent = c->opaque;
899 return g_strdup(bdrv_get_device_or_node_name(parent));
900 }
901
902 static void bdrv_child_cb_drained_begin(BdrvChild *child)
903 {
904 BlockDriverState *bs = child->opaque;
905 bdrv_do_drained_begin_quiesce(bs, NULL, false);
906 }
907
908 static bool bdrv_child_cb_drained_poll(BdrvChild *child)
909 {
910 BlockDriverState *bs = child->opaque;
911 return bdrv_drain_poll(bs, false, NULL, false);
912 }
913
914 static void bdrv_child_cb_drained_end(BdrvChild *child)
915 {
916 BlockDriverState *bs = child->opaque;
917 bdrv_drained_end(bs);
918 }
919
920 static void bdrv_child_cb_attach(BdrvChild *child)
921 {
922 BlockDriverState *bs = child->opaque;
923 bdrv_apply_subtree_drain(child, bs);
924 }
925
926 static void bdrv_child_cb_detach(BdrvChild *child)
927 {
928 BlockDriverState *bs = child->opaque;
929 bdrv_unapply_subtree_drain(child, bs);
930 }
931
932 static int bdrv_child_cb_inactivate(BdrvChild *child)
933 {
934 BlockDriverState *bs = child->opaque;
935 assert(bs->open_flags & BDRV_O_INACTIVE);
936 return 0;
937 }
938
939 /*
940 * Returns the options and flags that a temporary snapshot should get, based on
941 * the originally requested flags (the originally requested image will have
942 * flags like a backing file)
943 */
944 static void bdrv_temp_snapshot_options(int *child_flags, QDict *child_options,
945 int parent_flags, QDict *parent_options)
946 {
947 *child_flags = (parent_flags & ~BDRV_O_SNAPSHOT) | BDRV_O_TEMPORARY;
948
949 /* For temporary files, unconditional cache=unsafe is fine */
950 qdict_set_default_str(child_options, BDRV_OPT_CACHE_DIRECT, "off");
951 qdict_set_default_str(child_options, BDRV_OPT_CACHE_NO_FLUSH, "on");
952
953 /* Copy the read-only and discard options from the parent */
954 qdict_copy_default(child_options, parent_options, BDRV_OPT_READ_ONLY);
955 qdict_copy_default(child_options, parent_options, BDRV_OPT_DISCARD);
956
957 /* aio=native doesn't work for cache.direct=off, so disable it for the
958 * temporary snapshot */
959 *child_flags &= ~BDRV_O_NATIVE_AIO;
960 }
961
962 /*
963 * Returns the options and flags that bs->file should get if a protocol driver
964 * is expected, based on the given options and flags for the parent BDS
965 */
966 static void bdrv_inherited_options(int *child_flags, QDict *child_options,
967 int parent_flags, QDict *parent_options)
968 {
969 int flags = parent_flags;
970
971 /* Enable protocol handling, disable format probing for bs->file */
972 flags |= BDRV_O_PROTOCOL;
973
974 /* If the cache mode isn't explicitly set, inherit direct and no-flush from
975 * the parent. */
976 qdict_copy_default(child_options, parent_options, BDRV_OPT_CACHE_DIRECT);
977 qdict_copy_default(child_options, parent_options, BDRV_OPT_CACHE_NO_FLUSH);
978 qdict_copy_default(child_options, parent_options, BDRV_OPT_FORCE_SHARE);
979
980 /* Inherit the read-only option from the parent if it's not set */
981 qdict_copy_default(child_options, parent_options, BDRV_OPT_READ_ONLY);
982 qdict_copy_default(child_options, parent_options, BDRV_OPT_AUTO_READ_ONLY);
983
984 /* Our block drivers take care to send flushes and respect unmap policy,
985 * so we can default to enable both on lower layers regardless of the
986 * corresponding parent options. */
987 qdict_set_default_str(child_options, BDRV_OPT_DISCARD, "unmap");
988
989 /* Clear flags that only apply to the top layer */
990 flags &= ~(BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING | BDRV_O_COPY_ON_READ |
991 BDRV_O_NO_IO);
992
993 *child_flags = flags;
994 }
995
996 const BdrvChildRole child_file = {
997 .parent_is_bds = true,
998 .get_parent_desc = bdrv_child_get_parent_desc,
999 .inherit_options = bdrv_inherited_options,
1000 .drained_begin = bdrv_child_cb_drained_begin,
1001 .drained_poll = bdrv_child_cb_drained_poll,
1002 .drained_end = bdrv_child_cb_drained_end,
1003 .attach = bdrv_child_cb_attach,
1004 .detach = bdrv_child_cb_detach,
1005 .inactivate = bdrv_child_cb_inactivate,
1006 };
1007
1008 /*
1009 * Returns the options and flags that bs->file should get if the use of formats
1010 * (and not only protocols) is permitted for it, based on the given options and
1011 * flags for the parent BDS
1012 */
1013 static void bdrv_inherited_fmt_options(int *child_flags, QDict *child_options,
1014 int parent_flags, QDict *parent_options)
1015 {
1016 child_file.inherit_options(child_flags, child_options,
1017 parent_flags, parent_options);
1018
1019 *child_flags &= ~(BDRV_O_PROTOCOL | BDRV_O_NO_IO);
1020 }
1021
1022 const BdrvChildRole child_format = {
1023 .parent_is_bds = true,
1024 .get_parent_desc = bdrv_child_get_parent_desc,
1025 .inherit_options = bdrv_inherited_fmt_options,
1026 .drained_begin = bdrv_child_cb_drained_begin,
1027 .drained_poll = bdrv_child_cb_drained_poll,
1028 .drained_end = bdrv_child_cb_drained_end,
1029 .attach = bdrv_child_cb_attach,
1030 .detach = bdrv_child_cb_detach,
1031 .inactivate = bdrv_child_cb_inactivate,
1032 };
1033
1034 static void bdrv_backing_attach(BdrvChild *c)
1035 {
1036 BlockDriverState *parent = c->opaque;
1037 BlockDriverState *backing_hd = c->bs;
1038
1039 assert(!parent->backing_blocker);
1040 error_setg(&parent->backing_blocker,
1041 "node is used as backing hd of '%s'",
1042 bdrv_get_device_or_node_name(parent));
1043
1044 bdrv_refresh_filename(backing_hd);
1045
1046 parent->open_flags &= ~BDRV_O_NO_BACKING;
1047 pstrcpy(parent->backing_file, sizeof(parent->backing_file),
1048 backing_hd->filename);
1049 pstrcpy(parent->backing_format, sizeof(parent->backing_format),
1050 backing_hd->drv ? backing_hd->drv->format_name : "");
1051
1052 bdrv_op_block_all(backing_hd, parent->backing_blocker);
1053 /* Otherwise we won't be able to commit or stream */
1054 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_COMMIT_TARGET,
1055 parent->backing_blocker);
1056 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_STREAM,
1057 parent->backing_blocker);
1058 /*
1059 * We do backup in 3 ways:
1060 * 1. drive backup
1061 * The target bs is new opened, and the source is top BDS
1062 * 2. blockdev backup
1063 * Both the source and the target are top BDSes.
1064 * 3. internal backup(used for block replication)
1065 * Both the source and the target are backing file
1066 *
1067 * In case 1 and 2, neither the source nor the target is the backing file.
1068 * In case 3, we will block the top BDS, so there is only one block job
1069 * for the top BDS and its backing chain.
1070 */
1071 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_BACKUP_SOURCE,
1072 parent->backing_blocker);
1073 bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_BACKUP_TARGET,
1074 parent->backing_blocker);
1075
1076 bdrv_child_cb_attach(c);
1077 }
1078
1079 static void bdrv_backing_detach(BdrvChild *c)
1080 {
1081 BlockDriverState *parent = c->opaque;
1082
1083 assert(parent->backing_blocker);
1084 bdrv_op_unblock_all(c->bs, parent->backing_blocker);
1085 error_free(parent->backing_blocker);
1086 parent->backing_blocker = NULL;
1087
1088 bdrv_child_cb_detach(c);
1089 }
1090
1091 /*
1092 * Returns the options and flags that bs->backing should get, based on the
1093 * given options and flags for the parent BDS
1094 */
1095 static void bdrv_backing_options(int *child_flags, QDict *child_options,
1096 int parent_flags, QDict *parent_options)
1097 {
1098 int flags = parent_flags;
1099
1100 /* The cache mode is inherited unmodified for backing files; except WCE,
1101 * which is only applied on the top level (BlockBackend) */
1102 qdict_copy_default(child_options, parent_options, BDRV_OPT_CACHE_DIRECT);
1103 qdict_copy_default(child_options, parent_options, BDRV_OPT_CACHE_NO_FLUSH);
1104 qdict_copy_default(child_options, parent_options, BDRV_OPT_FORCE_SHARE);
1105
1106 /* backing files always opened read-only */
1107 qdict_set_default_str(child_options, BDRV_OPT_READ_ONLY, "on");
1108 qdict_set_default_str(child_options, BDRV_OPT_AUTO_READ_ONLY, "off");
1109 flags &= ~BDRV_O_COPY_ON_READ;
1110
1111 /* snapshot=on is handled on the top layer */
1112 flags &= ~(BDRV_O_SNAPSHOT | BDRV_O_TEMPORARY);
1113
1114 *child_flags = flags;
1115 }
1116
1117 static int bdrv_backing_update_filename(BdrvChild *c, BlockDriverState *base,
1118 const char *filename, Error **errp)
1119 {
1120 BlockDriverState *parent = c->opaque;
1121 bool read_only = bdrv_is_read_only(parent);
1122 int ret;
1123
1124 if (read_only) {
1125 ret = bdrv_reopen_set_read_only(parent, false, errp);
1126 if (ret < 0) {
1127 return ret;
1128 }
1129 }
1130
1131 ret = bdrv_change_backing_file(parent, filename,
1132 base->drv ? base->drv->format_name : "");
1133 if (ret < 0) {
1134 error_setg_errno(errp, -ret, "Could not update backing file link");
1135 }
1136
1137 if (read_only) {
1138 bdrv_reopen_set_read_only(parent, true, NULL);
1139 }
1140
1141 return ret;
1142 }
1143
1144 const BdrvChildRole child_backing = {
1145 .parent_is_bds = true,
1146 .get_parent_desc = bdrv_child_get_parent_desc,
1147 .attach = bdrv_backing_attach,
1148 .detach = bdrv_backing_detach,
1149 .inherit_options = bdrv_backing_options,
1150 .drained_begin = bdrv_child_cb_drained_begin,
1151 .drained_poll = bdrv_child_cb_drained_poll,
1152 .drained_end = bdrv_child_cb_drained_end,
1153 .inactivate = bdrv_child_cb_inactivate,
1154 .update_filename = bdrv_backing_update_filename,
1155 };
1156
1157 static int bdrv_open_flags(BlockDriverState *bs, int flags)
1158 {
1159 int open_flags = flags;
1160
1161 /*
1162 * Clear flags that are internal to the block layer before opening the
1163 * image.
1164 */
1165 open_flags &= ~(BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING | BDRV_O_PROTOCOL);
1166
1167 return open_flags;
1168 }
1169
1170 static void update_flags_from_options(int *flags, QemuOpts *opts)
1171 {
1172 *flags &= ~(BDRV_O_CACHE_MASK | BDRV_O_RDWR | BDRV_O_AUTO_RDONLY);
1173
1174 if (qemu_opt_get_bool_del(opts, BDRV_OPT_CACHE_NO_FLUSH, false)) {
1175 *flags |= BDRV_O_NO_FLUSH;
1176 }
1177
1178 if (qemu_opt_get_bool_del(opts, BDRV_OPT_CACHE_DIRECT, false)) {
1179 *flags |= BDRV_O_NOCACHE;
1180 }
1181
1182 if (!qemu_opt_get_bool_del(opts, BDRV_OPT_READ_ONLY, false)) {
1183 *flags |= BDRV_O_RDWR;
1184 }
1185
1186 if (qemu_opt_get_bool_del(opts, BDRV_OPT_AUTO_READ_ONLY, false)) {
1187 *flags |= BDRV_O_AUTO_RDONLY;
1188 }
1189 }
1190
1191 static void update_options_from_flags(QDict *options, int flags)
1192 {
1193 if (!qdict_haskey(options, BDRV_OPT_CACHE_DIRECT)) {
1194 qdict_put_bool(options, BDRV_OPT_CACHE_DIRECT, flags & BDRV_O_NOCACHE);
1195 }
1196 if (!qdict_haskey(options, BDRV_OPT_CACHE_NO_FLUSH)) {
1197 qdict_put_bool(options, BDRV_OPT_CACHE_NO_FLUSH,
1198 flags & BDRV_O_NO_FLUSH);
1199 }
1200 if (!qdict_haskey(options, BDRV_OPT_READ_ONLY)) {
1201 qdict_put_bool(options, BDRV_OPT_READ_ONLY, !(flags & BDRV_O_RDWR));
1202 }
1203 if (!qdict_haskey(options, BDRV_OPT_AUTO_READ_ONLY)) {
1204 qdict_put_bool(options, BDRV_OPT_AUTO_READ_ONLY,
1205 flags & BDRV_O_AUTO_RDONLY);
1206 }
1207 }
1208
1209 static void bdrv_assign_node_name(BlockDriverState *bs,
1210 const char *node_name,
1211 Error **errp)
1212 {
1213 char *gen_node_name = NULL;
1214
1215 if (!node_name) {
1216 node_name = gen_node_name = id_generate(ID_BLOCK);
1217 } else if (!id_wellformed(node_name)) {
1218 /*
1219 * Check for empty string or invalid characters, but not if it is
1220 * generated (generated names use characters not available to the user)
1221 */
1222 error_setg(errp, "Invalid node name");
1223 return;
1224 }
1225
1226 /* takes care of avoiding namespaces collisions */
1227 if (blk_by_name(node_name)) {
1228 error_setg(errp, "node-name=%s is conflicting with a device id",
1229 node_name);
1230 goto out;
1231 }
1232
1233 /* takes care of avoiding duplicates node names */
1234 if (bdrv_find_node(node_name)) {
1235 error_setg(errp, "Duplicate node name");
1236 goto out;
1237 }
1238
1239 /* Make sure that the node name isn't truncated */
1240 if (strlen(node_name) >= sizeof(bs->node_name)) {
1241 error_setg(errp, "Node name too long");
1242 goto out;
1243 }
1244
1245 /* copy node name into the bs and insert it into the graph list */
1246 pstrcpy(bs->node_name, sizeof(bs->node_name), node_name);
1247 QTAILQ_INSERT_TAIL(&graph_bdrv_states, bs, node_list);
1248 out:
1249 g_free(gen_node_name);
1250 }
1251
1252 static int bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv,
1253 const char *node_name, QDict *options,
1254 int open_flags, Error **errp)
1255 {
1256 Error *local_err = NULL;
1257 int i, ret;
1258
1259 bdrv_assign_node_name(bs, node_name, &local_err);
1260 if (local_err) {
1261 error_propagate(errp, local_err);
1262 return -EINVAL;
1263 }
1264
1265 bs->drv = drv;
1266 bs->read_only = !(bs->open_flags & BDRV_O_RDWR);
1267 bs->opaque = g_malloc0(drv->instance_size);
1268
1269 if (drv->bdrv_file_open) {
1270 assert(!drv->bdrv_needs_filename || bs->filename[0]);
1271 ret = drv->bdrv_file_open(bs, options, open_flags, &local_err);
1272 } else if (drv->bdrv_open) {
1273 ret = drv->bdrv_open(bs, options, open_flags, &local_err);
1274 } else {
1275 ret = 0;
1276 }
1277
1278 if (ret < 0) {
1279 if (local_err) {
1280 error_propagate(errp, local_err);
1281 } else if (bs->filename[0]) {
1282 error_setg_errno(errp, -ret, "Could not open '%s'", bs->filename);
1283 } else {
1284 error_setg_errno(errp, -ret, "Could not open image");
1285 }
1286 goto open_failed;
1287 }
1288
1289 ret = refresh_total_sectors(bs, bs->total_sectors);
1290 if (ret < 0) {
1291 error_setg_errno(errp, -ret, "Could not refresh total sector count");
1292 return ret;
1293 }
1294
1295 bdrv_refresh_limits(bs, &local_err);
1296 if (local_err) {
1297 error_propagate(errp, local_err);
1298 return -EINVAL;
1299 }
1300
1301 assert(bdrv_opt_mem_align(bs) != 0);
1302 assert(bdrv_min_mem_align(bs) != 0);
1303 assert(is_power_of_2(bs->bl.request_alignment));
1304
1305 for (i = 0; i < bs->quiesce_counter; i++) {
1306 if (drv->bdrv_co_drain_begin) {
1307 drv->bdrv_co_drain_begin(bs);
1308 }
1309 }
1310
1311 return 0;
1312 open_failed:
1313 bs->drv = NULL;
1314 if (bs->file != NULL) {
1315 bdrv_unref_child(bs, bs->file);
1316 bs->file = NULL;
1317 }
1318 g_free(bs->opaque);
1319 bs->opaque = NULL;
1320 return ret;
1321 }
1322
1323 BlockDriverState *bdrv_new_open_driver(BlockDriver *drv, const char *node_name,
1324 int flags, Error **errp)
1325 {
1326 BlockDriverState *bs;
1327 int ret;
1328
1329 bs = bdrv_new();
1330 bs->open_flags = flags;
1331 bs->explicit_options = qdict_new();
1332 bs->options = qdict_new();
1333 bs->opaque = NULL;
1334
1335 update_options_from_flags(bs->options, flags);
1336
1337 ret = bdrv_open_driver(bs, drv, node_name, bs->options, flags, errp);
1338 if (ret < 0) {
1339 qobject_unref(bs->explicit_options);
1340 bs->explicit_options = NULL;
1341 qobject_unref(bs->options);
1342 bs->options = NULL;
1343 bdrv_unref(bs);
1344 return NULL;
1345 }
1346
1347 return bs;
1348 }
1349
1350 QemuOptsList bdrv_runtime_opts = {
1351 .name = "bdrv_common",
1352 .head = QTAILQ_HEAD_INITIALIZER(bdrv_runtime_opts.head),
1353 .desc = {
1354 {
1355 .name = "node-name",
1356 .type = QEMU_OPT_STRING,
1357 .help = "Node name of the block device node",
1358 },
1359 {
1360 .name = "driver",
1361 .type = QEMU_OPT_STRING,
1362 .help = "Block driver to use for the node",
1363 },
1364 {
1365 .name = BDRV_OPT_CACHE_DIRECT,
1366 .type = QEMU_OPT_BOOL,
1367 .help = "Bypass software writeback cache on the host",
1368 },
1369 {
1370 .name = BDRV_OPT_CACHE_NO_FLUSH,
1371 .type = QEMU_OPT_BOOL,
1372 .help = "Ignore flush requests",
1373 },
1374 {
1375 .name = BDRV_OPT_READ_ONLY,
1376 .type = QEMU_OPT_BOOL,
1377 .help = "Node is opened in read-only mode",
1378 },
1379 {
1380 .name = BDRV_OPT_AUTO_READ_ONLY,
1381 .type = QEMU_OPT_BOOL,
1382 .help = "Node can become read-only if opening read-write fails",
1383 },
1384 {
1385 .name = "detect-zeroes",
1386 .type = QEMU_OPT_STRING,
1387 .help = "try to optimize zero writes (off, on, unmap)",
1388 },
1389 {
1390 .name = BDRV_OPT_DISCARD,
1391 .type = QEMU_OPT_STRING,
1392 .help = "discard operation (ignore/off, unmap/on)",
1393 },
1394 {
1395 .name = BDRV_OPT_FORCE_SHARE,
1396 .type = QEMU_OPT_BOOL,
1397 .help = "always accept other writers (default: off)",
1398 },
1399 { /* end of list */ }
1400 },
1401 };
1402
1403 /*
1404 * Common part for opening disk images and files
1405 *
1406 * Removes all processed options from *options.
1407 */
1408 static int bdrv_open_common(BlockDriverState *bs, BlockBackend *file,
1409 QDict *options, Error **errp)
1410 {
1411 int ret, open_flags;
1412 const char *filename;
1413 const char *driver_name = NULL;
1414 const char *node_name = NULL;
1415 const char *discard;
1416 QemuOpts *opts;
1417 BlockDriver *drv;
1418 Error *local_err = NULL;
1419
1420 assert(bs->file == NULL);
1421 assert(options != NULL && bs->options != options);
1422
1423 opts = qemu_opts_create(&bdrv_runtime_opts, NULL, 0, &error_abort);
1424 qemu_opts_absorb_qdict(opts, options, &local_err);
1425 if (local_err) {
1426 error_propagate(errp, local_err);
1427 ret = -EINVAL;
1428 goto fail_opts;
1429 }
1430
1431 update_flags_from_options(&bs->open_flags, opts);
1432
1433 driver_name = qemu_opt_get(opts, "driver");
1434 drv = bdrv_find_format(driver_name);
1435 assert(drv != NULL);
1436
1437 bs->force_share = qemu_opt_get_bool(opts, BDRV_OPT_FORCE_SHARE, false);
1438
1439 if (bs->force_share && (bs->open_flags & BDRV_O_RDWR)) {
1440 error_setg(errp,
1441 BDRV_OPT_FORCE_SHARE
1442 "=on can only be used with read-only images");
1443 ret = -EINVAL;
1444 goto fail_opts;
1445 }
1446
1447 if (file != NULL) {
1448 bdrv_refresh_filename(blk_bs(file));
1449 filename = blk_bs(file)->filename;
1450 } else {
1451 /*
1452 * Caution: while qdict_get_try_str() is fine, getting
1453 * non-string types would require more care. When @options
1454 * come from -blockdev or blockdev_add, its members are typed
1455 * according to the QAPI schema, but when they come from
1456 * -drive, they're all QString.
1457 */
1458 filename = qdict_get_try_str(options, "filename");
1459 }
1460
1461 if (drv->bdrv_needs_filename && (!filename || !filename[0])) {
1462 error_setg(errp, "The '%s' block driver requires a file name",
1463 drv->format_name);
1464 ret = -EINVAL;
1465 goto fail_opts;
1466 }
1467
1468 trace_bdrv_open_common(bs, filename ?: "", bs->open_flags,
1469 drv->format_name);
1470
1471 bs->read_only = !(bs->open_flags & BDRV_O_RDWR);
1472
1473 if (use_bdrv_whitelist && !bdrv_is_whitelisted(drv, bs->read_only)) {
1474 if (!bs->read_only && bdrv_is_whitelisted(drv, true)) {
1475 ret = bdrv_apply_auto_read_only(bs, NULL, NULL);
1476 } else {
1477 ret = -ENOTSUP;
1478 }
1479 if (ret < 0) {
1480 error_setg(errp,
1481 !bs->read_only && bdrv_is_whitelisted(drv, true)
1482 ? "Driver '%s' can only be used for read-only devices"
1483 : "Driver '%s' is not whitelisted",
1484 drv->format_name);
1485 goto fail_opts;
1486 }
1487 }
1488
1489 /* bdrv_new() and bdrv_close() make it so */
1490 assert(atomic_read(&bs->copy_on_read) == 0);
1491
1492 if (bs->open_flags & BDRV_O_COPY_ON_READ) {
1493 if (!bs->read_only) {
1494 bdrv_enable_copy_on_read(bs);
1495 } else {
1496 error_setg(errp, "Can't use copy-on-read on read-only device");
1497 ret = -EINVAL;
1498 goto fail_opts;
1499 }
1500 }
1501
1502 discard = qemu_opt_get(opts, BDRV_OPT_DISCARD);
1503 if (discard != NULL) {
1504 if (bdrv_parse_discard_flags(discard, &bs->open_flags) != 0) {
1505 error_setg(errp, "Invalid discard option");
1506 ret = -EINVAL;
1507 goto fail_opts;
1508 }
1509 }
1510
1511 bs->detect_zeroes =
1512 bdrv_parse_detect_zeroes(opts, bs->open_flags, &local_err);
1513 if (local_err) {
1514 error_propagate(errp, local_err);
1515 ret = -EINVAL;
1516 goto fail_opts;
1517 }
1518
1519 if (filename != NULL) {
1520 pstrcpy(bs->filename, sizeof(bs->filename), filename);
1521 } else {
1522 bs->filename[0] = '\0';
1523 }
1524 pstrcpy(bs->exact_filename, sizeof(bs->exact_filename), bs->filename);
1525
1526 /* Open the image, either directly or using a protocol */
1527 open_flags = bdrv_open_flags(bs, bs->open_flags);
1528 node_name = qemu_opt_get(opts, "node-name");
1529
1530 assert(!drv->bdrv_file_open || file == NULL);
1531 ret = bdrv_open_driver(bs, drv, node_name, options, open_flags, errp);
1532 if (ret < 0) {
1533 goto fail_opts;
1534 }
1535
1536 qemu_opts_del(opts);
1537 return 0;
1538
1539 fail_opts:
1540 qemu_opts_del(opts);
1541 return ret;
1542 }
1543
1544 static QDict *parse_json_filename(const char *filename, Error **errp)
1545 {
1546 QObject *options_obj;
1547 QDict *options;
1548 int ret;
1549
1550 ret = strstart(filename, "json:", &filename);
1551 assert(ret);
1552
1553 options_obj = qobject_from_json(filename, errp);
1554 if (!options_obj) {
1555 error_prepend(errp, "Could not parse the JSON options: ");
1556 return NULL;
1557 }
1558
1559 options = qobject_to(QDict, options_obj);
1560 if (!options) {
1561 qobject_unref(options_obj);
1562 error_setg(errp, "Invalid JSON object given");
1563 return NULL;
1564 }
1565
1566 qdict_flatten(options);
1567
1568 return options;
1569 }
1570
1571 static void parse_json_protocol(QDict *options, const char **pfilename,
1572 Error **errp)
1573 {
1574 QDict *json_options;
1575 Error *local_err = NULL;
1576
1577 /* Parse json: pseudo-protocol */
1578 if (!*pfilename || !g_str_has_prefix(*pfilename, "json:")) {
1579 return;
1580 }
1581
1582 json_options = parse_json_filename(*pfilename, &local_err);
1583 if (local_err) {
1584 error_propagate(errp, local_err);
1585 return;
1586 }
1587
1588 /* Options given in the filename have lower priority than options
1589 * specified directly */
1590 qdict_join(options, json_options, false);
1591 qobject_unref(json_options);
1592 *pfilename = NULL;
1593 }
1594
1595 /*
1596 * Fills in default options for opening images and converts the legacy
1597 * filename/flags pair to option QDict entries.
1598 * The BDRV_O_PROTOCOL flag in *flags will be set or cleared accordingly if a
1599 * block driver has been specified explicitly.
1600 */
1601 static int bdrv_fill_options(QDict **options, const char *filename,
1602 int *flags, Error **errp)
1603 {
1604 const char *drvname;
1605 bool protocol = *flags & BDRV_O_PROTOCOL;
1606 bool parse_filename = false;
1607 BlockDriver *drv = NULL;
1608 Error *local_err = NULL;
1609
1610 /*
1611 * Caution: while qdict_get_try_str() is fine, getting non-string
1612 * types would require more care. When @options come from
1613 * -blockdev or blockdev_add, its members are typed according to
1614 * the QAPI schema, but when they come from -drive, they're all
1615 * QString.
1616 */
1617 drvname = qdict_get_try_str(*options, "driver");
1618 if (drvname) {
1619 drv = bdrv_find_format(drvname);
1620 if (!drv) {
1621 error_setg(errp, "Unknown driver '%s'", drvname);
1622 return -ENOENT;
1623 }
1624 /* If the user has explicitly specified the driver, this choice should
1625 * override the BDRV_O_PROTOCOL flag */
1626 protocol = drv->bdrv_file_open;
1627 }
1628
1629 if (protocol) {
1630 *flags |= BDRV_O_PROTOCOL;
1631 } else {
1632 *flags &= ~BDRV_O_PROTOCOL;
1633 }
1634
1635 /* Translate cache options from flags into options */
1636 update_options_from_flags(*options, *flags);
1637
1638 /* Fetch the file name from the options QDict if necessary */
1639 if (protocol && filename) {
1640 if (!qdict_haskey(*options, "filename")) {
1641 qdict_put_str(*options, "filename", filename);
1642 parse_filename = true;
1643 } else {
1644 error_setg(errp, "Can't specify 'file' and 'filename' options at "
1645 "the same time");
1646 return -EINVAL;
1647 }
1648 }
1649
1650 /* Find the right block driver */
1651 /* See cautionary note on accessing @options above */
1652 filename = qdict_get_try_str(*options, "filename");
1653
1654 if (!drvname && protocol) {
1655 if (filename) {
1656 drv = bdrv_find_protocol(filename, parse_filename, errp);
1657 if (!drv) {
1658 return -EINVAL;
1659 }
1660
1661 drvname = drv->format_name;
1662 qdict_put_str(*options, "driver", drvname);
1663 } else {
1664 error_setg(errp, "Must specify either driver or file");
1665 return -EINVAL;
1666 }
1667 }
1668
1669 assert(drv || !protocol);
1670
1671 /* Driver-specific filename parsing */
1672 if (drv && drv->bdrv_parse_filename && parse_filename) {
1673 drv->bdrv_parse_filename(filename, *options, &local_err);
1674 if (local_err) {
1675 error_propagate(errp, local_err);
1676 return -EINVAL;
1677 }
1678
1679 if (!drv->bdrv_needs_filename) {
1680 qdict_del(*options, "filename");
1681 }
1682 }
1683
1684 return 0;
1685 }
1686
1687 static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q,
1688 uint64_t perm, uint64_t shared,
1689 GSList *ignore_children, Error **errp);
1690 static void bdrv_child_abort_perm_update(BdrvChild *c);
1691 static void bdrv_child_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared);
1692
1693 typedef struct BlockReopenQueueEntry {
1694 bool prepared;
1695 bool perms_checked;
1696 BDRVReopenState state;
1697 QSIMPLEQ_ENTRY(BlockReopenQueueEntry) entry;
1698 } BlockReopenQueueEntry;
1699
1700 /*
1701 * Return the flags that @bs will have after the reopens in @q have
1702 * successfully completed. If @q is NULL (or @bs is not contained in @q),
1703 * return the current flags.
1704 */
1705 static int bdrv_reopen_get_flags(BlockReopenQueue *q, BlockDriverState *bs)
1706 {
1707 BlockReopenQueueEntry *entry;
1708
1709 if (q != NULL) {
1710 QSIMPLEQ_FOREACH(entry, q, entry) {
1711 if (entry->state.bs == bs) {
1712 return entry->state.flags;
1713 }
1714 }
1715 }
1716
1717 return bs->open_flags;
1718 }
1719
1720 /* Returns whether the image file can be written to after the reopen queue @q
1721 * has been successfully applied, or right now if @q is NULL. */
1722 static bool bdrv_is_writable_after_reopen(BlockDriverState *bs,
1723 BlockReopenQueue *q)
1724 {
1725 int flags = bdrv_reopen_get_flags(q, bs);
1726
1727 return (flags & (BDRV_O_RDWR | BDRV_O_INACTIVE)) == BDRV_O_RDWR;
1728 }
1729
1730 /*
1731 * Return whether the BDS can be written to. This is not necessarily
1732 * the same as !bdrv_is_read_only(bs), as inactivated images may not
1733 * be written to but do not count as read-only images.
1734 */
1735 bool bdrv_is_writable(BlockDriverState *bs)
1736 {
1737 return bdrv_is_writable_after_reopen(bs, NULL);
1738 }
1739
1740 static void bdrv_child_perm(BlockDriverState *bs, BlockDriverState *child_bs,
1741 BdrvChild *c, const BdrvChildRole *role,
1742 BlockReopenQueue *reopen_queue,
1743 uint64_t parent_perm, uint64_t parent_shared,
1744 uint64_t *nperm, uint64_t *nshared)
1745 {
1746 if (bs->drv && bs->drv->bdrv_child_perm) {
1747 bs->drv->bdrv_child_perm(bs, c, role, reopen_queue,
1748 parent_perm, parent_shared,
1749 nperm, nshared);
1750 }
1751 /* TODO Take force_share from reopen_queue */
1752 if (child_bs && child_bs->force_share) {
1753 *nshared = BLK_PERM_ALL;
1754 }
1755 }
1756
1757 /*
1758 * Check whether permissions on this node can be changed in a way that
1759 * @cumulative_perms and @cumulative_shared_perms are the new cumulative
1760 * permissions of all its parents. This involves checking whether all necessary
1761 * permission changes to child nodes can be performed.
1762 *
1763 * A call to this function must always be followed by a call to bdrv_set_perm()
1764 * or bdrv_abort_perm_update().
1765 */
1766 static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
1767 uint64_t cumulative_perms,
1768 uint64_t cumulative_shared_perms,
1769 GSList *ignore_children, Error **errp)
1770 {
1771 BlockDriver *drv = bs->drv;
1772 BdrvChild *c;
1773 int ret;
1774
1775 /* Write permissions never work with read-only images */
1776 if ((cumulative_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) &&
1777 !bdrv_is_writable_after_reopen(bs, q))
1778 {
1779 error_setg(errp, "Block node is read-only");
1780 return -EPERM;
1781 }
1782
1783 /* Check this node */
1784 if (!drv) {
1785 return 0;
1786 }
1787
1788 if (drv->bdrv_check_perm) {
1789 return drv->bdrv_check_perm(bs, cumulative_perms,
1790 cumulative_shared_perms, errp);
1791 }
1792
1793 /* Drivers that never have children can omit .bdrv_child_perm() */
1794 if (!drv->bdrv_child_perm) {
1795 assert(QLIST_EMPTY(&bs->children));
1796 return 0;
1797 }
1798
1799 /* Check all children */
1800 QLIST_FOREACH(c, &bs->children, next) {
1801 uint64_t cur_perm, cur_shared;
1802 bdrv_child_perm(bs, c->bs, c, c->role, q,
1803 cumulative_perms, cumulative_shared_perms,
1804 &cur_perm, &cur_shared);
1805 ret = bdrv_child_check_perm(c, q, cur_perm, cur_shared,
1806 ignore_children, errp);
1807 if (ret < 0) {
1808 return ret;
1809 }
1810 }
1811
1812 return 0;
1813 }
1814
1815 /*
1816 * Notifies drivers that after a previous bdrv_check_perm() call, the
1817 * permission update is not performed and any preparations made for it (e.g.
1818 * taken file locks) need to be undone.
1819 *
1820 * This function recursively notifies all child nodes.
1821 */
1822 static void bdrv_abort_perm_update(BlockDriverState *bs)
1823 {
1824 BlockDriver *drv = bs->drv;
1825 BdrvChild *c;
1826
1827 if (!drv) {
1828 return;
1829 }
1830
1831 if (drv->bdrv_abort_perm_update) {
1832 drv->bdrv_abort_perm_update(bs);
1833 }
1834
1835 QLIST_FOREACH(c, &bs->children, next) {
1836 bdrv_child_abort_perm_update(c);
1837 }
1838 }
1839
1840 static void bdrv_set_perm(BlockDriverState *bs, uint64_t cumulative_perms,
1841 uint64_t cumulative_shared_perms)
1842 {
1843 BlockDriver *drv = bs->drv;
1844 BdrvChild *c;
1845
1846 if (!drv) {
1847 return;
1848 }
1849
1850 /* Update this node */
1851 if (drv->bdrv_set_perm) {
1852 drv->bdrv_set_perm(bs, cumulative_perms, cumulative_shared_perms);
1853 }
1854
1855 /* Drivers that never have children can omit .bdrv_child_perm() */
1856 if (!drv->bdrv_child_perm) {
1857 assert(QLIST_EMPTY(&bs->children));
1858 return;
1859 }
1860
1861 /* Update all children */
1862 QLIST_FOREACH(c, &bs->children, next) {
1863 uint64_t cur_perm, cur_shared;
1864 bdrv_child_perm(bs, c->bs, c, c->role, NULL,
1865 cumulative_perms, cumulative_shared_perms,
1866 &cur_perm, &cur_shared);
1867 bdrv_child_set_perm(c, cur_perm, cur_shared);
1868 }
1869 }
1870
1871 static void bdrv_get_cumulative_perm(BlockDriverState *bs, uint64_t *perm,
1872 uint64_t *shared_perm)
1873 {
1874 BdrvChild *c;
1875 uint64_t cumulative_perms = 0;
1876 uint64_t cumulative_shared_perms = BLK_PERM_ALL;
1877
1878 QLIST_FOREACH(c, &bs->parents, next_parent) {
1879 cumulative_perms |= c->perm;
1880 cumulative_shared_perms &= c->shared_perm;
1881 }
1882
1883 *perm = cumulative_perms;
1884 *shared_perm = cumulative_shared_perms;
1885 }
1886
1887 static char *bdrv_child_user_desc(BdrvChild *c)
1888 {
1889 if (c->role->get_parent_desc) {
1890 return c->role->get_parent_desc(c);
1891 }
1892
1893 return g_strdup("another user");
1894 }
1895
1896 char *bdrv_perm_names(uint64_t perm)
1897 {
1898 struct perm_name {
1899 uint64_t perm;
1900 const char *name;
1901 } permissions[] = {
1902 { BLK_PERM_CONSISTENT_READ, "consistent read" },
1903 { BLK_PERM_WRITE, "write" },
1904 { BLK_PERM_WRITE_UNCHANGED, "write unchanged" },
1905 { BLK_PERM_RESIZE, "resize" },
1906 { BLK_PERM_GRAPH_MOD, "change children" },
1907 { 0, NULL }
1908 };
1909
1910 char *result = g_strdup("");
1911 struct perm_name *p;
1912
1913 for (p = permissions; p->name; p++) {
1914 if (perm & p->perm) {
1915 char *old = result;
1916 result = g_strdup_printf("%s%s%s", old, *old ? ", " : "", p->name);
1917 g_free(old);
1918 }
1919 }
1920
1921 return result;
1922 }
1923
1924 /*
1925 * Checks whether a new reference to @bs can be added if the new user requires
1926 * @new_used_perm/@new_shared_perm as its permissions. If @ignore_children is
1927 * set, the BdrvChild objects in this list are ignored in the calculations;
1928 * this allows checking permission updates for an existing reference.
1929 *
1930 * Needs to be followed by a call to either bdrv_set_perm() or
1931 * bdrv_abort_perm_update(). */
1932 static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
1933 uint64_t new_used_perm,
1934 uint64_t new_shared_perm,
1935 GSList *ignore_children, Error **errp)
1936 {
1937 BdrvChild *c;
1938 uint64_t cumulative_perms = new_used_perm;
1939 uint64_t cumulative_shared_perms = new_shared_perm;
1940
1941 /* There is no reason why anyone couldn't tolerate write_unchanged */
1942 assert(new_shared_perm & BLK_PERM_WRITE_UNCHANGED);
1943
1944 QLIST_FOREACH(c, &bs->parents, next_parent) {
1945 if (g_slist_find(ignore_children, c)) {
1946 continue;
1947 }
1948
1949 if ((new_used_perm & c->shared_perm) != new_used_perm) {
1950 char *user = bdrv_child_user_desc(c);
1951 char *perm_names = bdrv_perm_names(new_used_perm & ~c->shared_perm);
1952 error_setg(errp, "Conflicts with use by %s as '%s', which does not "
1953 "allow '%s' on %s",
1954 user, c->name, perm_names, bdrv_get_node_name(c->bs));
1955 g_free(user);
1956 g_free(perm_names);
1957 return -EPERM;
1958 }
1959
1960 if ((c->perm & new_shared_perm) != c->perm) {
1961 char *user = bdrv_child_user_desc(c);
1962 char *perm_names = bdrv_perm_names(c->perm & ~new_shared_perm);
1963 error_setg(errp, "Conflicts with use by %s as '%s', which uses "
1964 "'%s' on %s",
1965 user, c->name, perm_names, bdrv_get_node_name(c->bs));
1966 g_free(user);
1967 g_free(perm_names);
1968 return -EPERM;
1969 }
1970
1971 cumulative_perms |= c->perm;
1972 cumulative_shared_perms &= c->shared_perm;
1973 }
1974
1975 return bdrv_check_perm(bs, q, cumulative_perms, cumulative_shared_perms,
1976 ignore_children, errp);
1977 }
1978
1979 /* Needs to be followed by a call to either bdrv_child_set_perm() or
1980 * bdrv_child_abort_perm_update(). */
1981 static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q,
1982 uint64_t perm, uint64_t shared,
1983 GSList *ignore_children, Error **errp)
1984 {
1985 int ret;
1986
1987 ignore_children = g_slist_prepend(g_slist_copy(ignore_children), c);
1988 ret = bdrv_check_update_perm(c->bs, q, perm, shared, ignore_children, errp);
1989 g_slist_free(ignore_children);
1990
1991 if (ret < 0) {
1992 return ret;
1993 }
1994
1995 if (!c->has_backup_perm) {
1996 c->has_backup_perm = true;
1997 c->backup_perm = c->perm;
1998 c->backup_shared_perm = c->shared_perm;
1999 }
2000 /*
2001 * Note: it's OK if c->has_backup_perm was already set, as we can find the
2002 * same child twice during check_perm procedure
2003 */
2004
2005 c->perm = perm;
2006 c->shared_perm = shared;
2007
2008 return 0;
2009 }
2010
2011 static void bdrv_child_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared)
2012 {
2013 uint64_t cumulative_perms, cumulative_shared_perms;
2014
2015 c->has_backup_perm = false;
2016
2017 c->perm = perm;
2018 c->shared_perm = shared;
2019
2020 bdrv_get_cumulative_perm(c->bs, &cumulative_perms,
2021 &cumulative_shared_perms);
2022 bdrv_set_perm(c->bs, cumulative_perms, cumulative_shared_perms);
2023 }
2024
2025 static void bdrv_child_abort_perm_update(BdrvChild *c)
2026 {
2027 if (c->has_backup_perm) {
2028 c->perm = c->backup_perm;
2029 c->shared_perm = c->backup_shared_perm;
2030 c->has_backup_perm = false;
2031 }
2032
2033 bdrv_abort_perm_update(c->bs);
2034 }
2035
2036 int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
2037 Error **errp)
2038 {
2039 int ret;
2040
2041 ret = bdrv_child_check_perm(c, NULL, perm, shared, NULL, errp);
2042 if (ret < 0) {
2043 bdrv_child_abort_perm_update(c);
2044 return ret;
2045 }
2046
2047 bdrv_child_set_perm(c, perm, shared);
2048
2049 return 0;
2050 }
2051
2052 void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
2053 const BdrvChildRole *role,
2054 BlockReopenQueue *reopen_queue,
2055 uint64_t perm, uint64_t shared,
2056 uint64_t *nperm, uint64_t *nshared)
2057 {
2058 if (c == NULL) {
2059 *nperm = perm & DEFAULT_PERM_PASSTHROUGH;
2060 *nshared = (shared & DEFAULT_PERM_PASSTHROUGH) | DEFAULT_PERM_UNCHANGED;
2061 return;
2062 }
2063
2064 *nperm = (perm & DEFAULT_PERM_PASSTHROUGH) |
2065 (c->perm & DEFAULT_PERM_UNCHANGED);
2066 *nshared = (shared & DEFAULT_PERM_PASSTHROUGH) |
2067 (c->shared_perm & DEFAULT_PERM_UNCHANGED);
2068 }
2069
2070 void bdrv_format_default_perms(BlockDriverState *bs, BdrvChild *c,
2071 const BdrvChildRole *role,
2072 BlockReopenQueue *reopen_queue,
2073 uint64_t perm, uint64_t shared,
2074 uint64_t *nperm, uint64_t *nshared)
2075 {
2076 bool backing = (role == &child_backing);
2077 assert(role == &child_backing || role == &child_file);
2078
2079 if (!backing) {
2080 int flags = bdrv_reopen_get_flags(reopen_queue, bs);
2081
2082 /* Apart from the modifications below, the same permissions are
2083 * forwarded and left alone as for filters */
2084 bdrv_filter_default_perms(bs, c, role, reopen_queue, perm, shared,
2085 &perm, &shared);
2086
2087 /* Format drivers may touch metadata even if the guest doesn't write */
2088 if (bdrv_is_writable_after_reopen(bs, reopen_queue)) {
2089 perm |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
2090 }
2091
2092 /* bs->file always needs to be consistent because of the metadata. We
2093 * can never allow other users to resize or write to it. */
2094 if (!(flags & BDRV_O_NO_IO)) {
2095 perm |= BLK_PERM_CONSISTENT_READ;
2096 }
2097 shared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
2098 } else {
2099 /* We want consistent read from backing files if the parent needs it.
2100 * No other operations are performed on backing files. */
2101 perm &= BLK_PERM_CONSISTENT_READ;
2102
2103 /* If the parent can deal with changing data, we're okay with a
2104 * writable and resizable backing file. */
2105 /* TODO Require !(perm & BLK_PERM_CONSISTENT_READ), too? */
2106 if (shared & BLK_PERM_WRITE) {
2107 shared = BLK_PERM_WRITE | BLK_PERM_RESIZE;
2108 } else {
2109 shared = 0;
2110 }
2111
2112 shared |= BLK_PERM_CONSISTENT_READ | BLK_PERM_GRAPH_MOD |
2113 BLK_PERM_WRITE_UNCHANGED;
2114 }
2115
2116 if (bs->open_flags & BDRV_O_INACTIVE) {
2117 shared |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
2118 }
2119
2120 *nperm = perm;
2121 *nshared = shared;
2122 }
2123
2124 static void bdrv_replace_child_noperm(BdrvChild *child,
2125 BlockDriverState *new_bs)
2126 {
2127 BlockDriverState *old_bs = child->bs;
2128 int i;
2129
2130 assert(!child->frozen);
2131
2132 if (old_bs && new_bs) {
2133 assert(bdrv_get_aio_context(old_bs) == bdrv_get_aio_context(new_bs));
2134 }
2135 if (old_bs) {
2136 /* Detach first so that the recursive drain sections coming from @child
2137 * are already gone and we only end the drain sections that came from
2138 * elsewhere. */
2139 if (child->role->detach) {
2140 child->role->detach(child);
2141 }
2142 if (old_bs->quiesce_counter && child->role->drained_end) {
2143 int num = old_bs->quiesce_counter;
2144 if (child->role->parent_is_bds) {
2145 num -= bdrv_drain_all_count;
2146 }
2147 assert(num >= 0);
2148 for (i = 0; i < num; i++) {
2149 child->role->drained_end(child);
2150 }
2151 }
2152 QLIST_REMOVE(child, next_parent);
2153 }
2154
2155 child->bs = new_bs;
2156
2157 if (new_bs) {
2158 QLIST_INSERT_HEAD(&new_bs->parents, child, next_parent);
2159 if (new_bs->quiesce_counter && child->role->drained_begin) {
2160 int num = new_bs->quiesce_counter;
2161 if (child->role->parent_is_bds) {
2162 num -= bdrv_drain_all_count;
2163 }
2164 assert(num >= 0);
2165 for (i = 0; i < num; i++) {
2166 bdrv_parent_drained_begin_single(child, true);
2167 }
2168 }
2169
2170 /* Attach only after starting new drained sections, so that recursive
2171 * drain sections coming from @child don't get an extra .drained_begin
2172 * callback. */
2173 if (child->role->attach) {
2174 child->role->attach(child);
2175 }
2176 }
2177 }
2178
2179 /*
2180 * Updates @child to change its reference to point to @new_bs, including
2181 * checking and applying the necessary permisson updates both to the old node
2182 * and to @new_bs.
2183 *
2184 * NULL is passed as @new_bs for removing the reference before freeing @child.
2185 *
2186 * If @new_bs is not NULL, bdrv_check_perm() must be called beforehand, as this
2187 * function uses bdrv_set_perm() to update the permissions according to the new
2188 * reference that @new_bs gets.
2189 */
2190 static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
2191 {
2192 BlockDriverState *old_bs = child->bs;
2193 uint64_t perm, shared_perm;
2194
2195 bdrv_replace_child_noperm(child, new_bs);
2196
2197 if (old_bs) {
2198 /* Update permissions for old node. This is guaranteed to succeed
2199 * because we're just taking a parent away, so we're loosening
2200 * restrictions. */
2201 bdrv_get_cumulative_perm(old_bs, &perm, &shared_perm);
2202 bdrv_check_perm(old_bs, NULL, perm, shared_perm, NULL, &error_abort);
2203 bdrv_set_perm(old_bs, perm, shared_perm);
2204 }
2205
2206 if (new_bs) {
2207 bdrv_get_cumulative_perm(new_bs, &perm, &shared_perm);
2208 bdrv_set_perm(new_bs, perm, shared_perm);
2209 }
2210 }
2211
2212 BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
2213 const char *child_name,
2214 const BdrvChildRole *child_role,
2215 uint64_t perm, uint64_t shared_perm,
2216 void *opaque, Error **errp)
2217 {
2218 BdrvChild *child;
2219 int ret;
2220
2221 ret = bdrv_check_update_perm(child_bs, NULL, perm, shared_perm, NULL, errp);
2222 if (ret < 0) {
2223 bdrv_abort_perm_update(child_bs);
2224 return NULL;
2225 }
2226
2227 child = g_new(BdrvChild, 1);
2228 *child = (BdrvChild) {
2229 .bs = NULL,
2230 .name = g_strdup(child_name),
2231 .role = child_role,
2232 .perm = perm,
2233 .shared_perm = shared_perm,
2234 .opaque = opaque,
2235 };
2236
2237 /* This performs the matching bdrv_set_perm() for the above check. */
2238 bdrv_replace_child(child, child_bs);
2239
2240 return child;
2241 }
2242
2243 BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs,
2244 BlockDriverState *child_bs,
2245 const char *child_name,
2246 const BdrvChildRole *child_role,
2247 Error **errp)
2248 {
2249 BdrvChild *child;
2250 uint64_t perm, shared_perm;
2251
2252 bdrv_get_cumulative_perm(parent_bs, &perm, &shared_perm);
2253
2254 assert(parent_bs->drv);
2255 assert(bdrv_get_aio_context(parent_bs) == bdrv_get_aio_context(child_bs));
2256 bdrv_child_perm(parent_bs, child_bs, NULL, child_role, NULL,
2257 perm, shared_perm, &perm, &shared_perm);
2258
2259 child = bdrv_root_attach_child(child_bs, child_name, child_role,
2260 perm, shared_perm, parent_bs, errp);
2261 if (child == NULL) {
2262 return NULL;
2263 }
2264
2265 QLIST_INSERT_HEAD(&parent_bs->children, child, next);
2266 return child;
2267 }
2268
2269 static void bdrv_detach_child(BdrvChild *child)
2270 {
2271 if (child->next.le_prev) {
2272 QLIST_REMOVE(child, next);
2273 child->next.le_prev = NULL;
2274 }
2275
2276 bdrv_replace_child(child, NULL);
2277
2278 g_free(child->name);
2279 g_free(child);
2280 }
2281
2282 void bdrv_root_unref_child(BdrvChild *child)
2283 {
2284 BlockDriverState *child_bs;
2285
2286 child_bs = child->bs;
2287 bdrv_detach_child(child);
2288 bdrv_unref(child_bs);
2289 }
2290
2291 void bdrv_unref_child(BlockDriverState *parent, BdrvChild *child)
2292 {
2293 if (child == NULL) {
2294 return;
2295 }
2296
2297 if (child->bs->inherits_from == parent) {
2298 BdrvChild *c;
2299
2300 /* Remove inherits_from only when the last reference between parent and
2301 * child->bs goes away. */
2302 QLIST_FOREACH(c, &parent->children, next) {
2303 if (c != child && c->bs == child->bs) {
2304 break;
2305 }
2306 }
2307 if (c == NULL) {
2308 child->bs->inherits_from = NULL;
2309 }
2310 }
2311
2312 bdrv_root_unref_child(child);
2313 }
2314
2315
2316 static void bdrv_parent_cb_change_media(BlockDriverState *bs, bool load)
2317 {
2318 BdrvChild *c;
2319 QLIST_FOREACH(c, &bs->parents, next_parent) {
2320 if (c->role->change_media) {
2321 c->role->change_media(c, load);
2322 }
2323 }
2324 }
2325
2326 /* Return true if you can reach parent going through child->inherits_from
2327 * recursively. If parent or child are NULL, return false */
2328 static bool bdrv_inherits_from_recursive(BlockDriverState *child,
2329 BlockDriverState *parent)
2330 {
2331 while (child && child != parent) {
2332 child = child->inherits_from;
2333 }
2334
2335 return child != NULL;
2336 }
2337
2338 /*
2339 * Sets the backing file link of a BDS. A new reference is created; callers
2340 * which don't need their own reference any more must call bdrv_unref().
2341 */
2342 void bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd,
2343 Error **errp)
2344 {
2345 bool update_inherits_from = bdrv_chain_contains(bs, backing_hd) &&
2346 bdrv_inherits_from_recursive(backing_hd, bs);
2347
2348 if (bdrv_is_backing_chain_frozen(bs, backing_bs(bs), errp)) {
2349 return;
2350 }
2351
2352 if (backing_hd) {
2353 bdrv_ref(backing_hd);
2354 }
2355
2356 if (bs->backing) {
2357 bdrv_unref_child(bs, bs->backing);
2358 }
2359
2360 if (!backing_hd) {
2361 bs->backing = NULL;
2362 goto out;
2363 }
2364
2365 bs->backing = bdrv_attach_child(bs, backing_hd, "backing", &child_backing,
2366 errp);
2367 /* If backing_hd was already part of bs's backing chain, and
2368 * inherits_from pointed recursively to bs then let's update it to
2369 * point directly to bs (else it will become NULL). */
2370 if (update_inherits_from) {
2371 backing_hd->inherits_from = bs;
2372 }
2373 if (!bs->backing) {
2374 bdrv_unref(backing_hd);
2375 }
2376
2377 out:
2378 bdrv_refresh_limits(bs, NULL);
2379 }
2380
2381 /*
2382 * Opens the backing file for a BlockDriverState if not yet open
2383 *
2384 * bdref_key specifies the key for the image's BlockdevRef in the options QDict.
2385 * That QDict has to be flattened; therefore, if the BlockdevRef is a QDict
2386 * itself, all options starting with "${bdref_key}." are considered part of the
2387 * BlockdevRef.
2388 *
2389 * TODO Can this be unified with bdrv_open_image()?
2390 */
2391 int bdrv_open_backing_file(BlockDriverState *bs, QDict *parent_options,
2392 const char *bdref_key, Error **errp)
2393 {
2394 char *backing_filename = NULL;
2395 char *bdref_key_dot;
2396 const char *reference = NULL;
2397 int ret = 0;
2398 bool implicit_backing = false;
2399 BlockDriverState *backing_hd;
2400 QDict *options;
2401 QDict *tmp_parent_options = NULL;
2402 Error *local_err = NULL;
2403
2404 if (bs->backing != NULL) {
2405 goto free_exit;
2406 }
2407
2408 /* NULL means an empty set of options */
2409 if (parent_options == NULL) {
2410 tmp_parent_options = qdict_new();
2411 parent_options = tmp_parent_options;
2412 }
2413
2414 bs->open_flags &= ~BDRV_O_NO_BACKING;
2415
2416 bdref_key_dot = g_strdup_printf("%s.", bdref_key);
2417 qdict_extract_subqdict(parent_options, &options, bdref_key_dot);
2418 g_free(bdref_key_dot);
2419
2420 /*
2421 * Caution: while qdict_get_try_str() is fine, getting non-string
2422 * types would require more care. When @parent_options come from
2423 * -blockdev or blockdev_add, its members are typed according to
2424 * the QAPI schema, but when they come from -drive, they're all
2425 * QString.
2426 */
2427 reference = qdict_get_try_str(parent_options, bdref_key);
2428 if (reference || qdict_haskey(options, "file.filename")) {
2429 /* keep backing_filename NULL */
2430 } else if (bs->backing_file[0] == '\0' && qdict_size(options) == 0) {
2431 qobject_unref(options);
2432 goto free_exit;
2433 } else {
2434 if (qdict_size(options) == 0) {
2435 /* If the user specifies options that do not modify the
2436 * backing file's behavior, we might still consider it the
2437 * implicit backing file. But it's easier this way, and
2438 * just specifying some of the backing BDS's options is
2439 * only possible with -drive anyway (otherwise the QAPI
2440 * schema forces the user to specify everything). */
2441 implicit_backing = !strcmp(bs->auto_backing_file, bs->backing_file);
2442 }
2443
2444 backing_filename = bdrv_get_full_backing_filename(bs, &local_err);
2445 if (local_err) {
2446 ret = -EINVAL;
2447 error_propagate(errp, local_err);
2448 qobject_unref(options);
2449 goto free_exit;
2450 }
2451 }
2452
2453 if (!bs->drv || !bs->drv->supports_backing) {
2454 ret = -EINVAL;
2455 error_setg(errp, "Driver doesn't support backing files");
2456 qobject_unref(options);
2457 goto free_exit;
2458 }
2459
2460 if (!reference &&
2461 bs->backing_format[0] != '\0' && !qdict_haskey(options, "driver")) {
2462 qdict_put_str(options, "driver", bs->backing_format);
2463 }
2464
2465 backing_hd = bdrv_open_inherit(backing_filename, reference, options, 0, bs,
2466 &child_backing, errp);
2467 if (!backing_hd) {
2468 bs->open_flags |= BDRV_O_NO_BACKING;
2469 error_prepend(errp, "Could not open backing file: ");
2470 ret = -EINVAL;
2471 goto free_exit;
2472 }
2473 bdrv_set_aio_context(backing_hd, bdrv_get_aio_context(bs));
2474
2475 if (implicit_backing) {
2476 bdrv_refresh_filename(backing_hd);
2477 pstrcpy(bs->auto_backing_file, sizeof(bs->auto_backing_file),
2478 backing_hd->filename);
2479 }
2480
2481 /* Hook up the backing file link; drop our reference, bs owns the
2482 * backing_hd reference now */
2483 bdrv_set_backing_hd(bs, backing_hd, &local_err);
2484 bdrv_unref(backing_hd);
2485 if (local_err) {
2486 error_propagate(errp, local_err);
2487 ret = -EINVAL;
2488 goto free_exit;
2489 }
2490
2491 qdict_del(parent_options, bdref_key);
2492
2493 free_exit:
2494 g_free(backing_filename);
2495 qobject_unref(tmp_parent_options);
2496 return ret;
2497 }
2498
2499 static BlockDriverState *
2500 bdrv_open_child_bs(const char *filename, QDict *options, const char *bdref_key,
2501 BlockDriverState *parent, const BdrvChildRole *child_role,
2502 bool allow_none, Error **errp)
2503 {
2504 BlockDriverState *bs = NULL;
2505 QDict *image_options;
2506 char *bdref_key_dot;
2507 const char *reference;
2508
2509 assert(child_role != NULL);
2510
2511 bdref_key_dot = g_strdup_printf("%s.", bdref_key);
2512 qdict_extract_subqdict(options, &image_options, bdref_key_dot);
2513 g_free(bdref_key_dot);
2514
2515 /*
2516 * Caution: while qdict_get_try_str() is fine, getting non-string
2517 * types would require more care. When @options come from
2518 * -blockdev or blockdev_add, its members are typed according to
2519 * the QAPI schema, but when they come from -drive, they're all
2520 * QString.
2521 */
2522 reference = qdict_get_try_str(options, bdref_key);
2523 if (!filename && !reference && !qdict_size(image_options)) {
2524 if (!allow_none) {
2525 error_setg(errp, "A block device must be specified for \"%s\"",
2526 bdref_key);
2527 }
2528 qobject_unref(image_options);
2529 goto done;
2530 }
2531
2532 bs = bdrv_open_inherit(filename, reference, image_options, 0,
2533 parent, child_role, errp);
2534 if (!bs) {
2535 goto done;
2536 }
2537
2538 done:
2539 qdict_del(options, bdref_key);
2540 return bs;
2541 }
2542
2543 /*
2544 * Opens a disk image whose options are given as BlockdevRef in another block
2545 * device's options.
2546 *
2547 * If allow_none is true, no image will be opened if filename is false and no
2548 * BlockdevRef is given. NULL will be returned, but errp remains unset.
2549 *
2550 * bdrev_key specifies the key for the image's BlockdevRef in the options QDict.
2551 * That QDict has to be flattened; therefore, if the BlockdevRef is a QDict
2552 * itself, all options starting with "${bdref_key}." are considered part of the
2553 * BlockdevRef.
2554 *
2555 * The BlockdevRef will be removed from the options QDict.
2556 */
2557 BdrvChild *bdrv_open_child(const char *filename,
2558 QDict *options, const char *bdref_key,
2559 BlockDriverState *parent,
2560 const BdrvChildRole *child_role,
2561 bool allow_none, Error **errp)
2562 {
2563 BdrvChild *c;
2564 BlockDriverState *bs;
2565
2566 bs = bdrv_open_child_bs(filename, options, bdref_key, parent, child_role,
2567 allow_none, errp);
2568 if (bs == NULL) {
2569 return NULL;
2570 }
2571
2572 c = bdrv_attach_child(parent, bs, bdref_key, child_role, errp);
2573 if (!c) {
2574 bdrv_unref(bs);
2575 return NULL;
2576 }
2577
2578 return c;
2579 }
2580
2581 /* TODO Future callers may need to specify parent/child_role in order for
2582 * option inheritance to work. Existing callers use it for the root node. */
2583 BlockDriverState *bdrv_open_blockdev_ref(BlockdevRef *ref, Error **errp)
2584 {
2585 BlockDriverState *bs = NULL;
2586 Error *local_err = NULL;
2587 QObject *obj = NULL;
2588 QDict *qdict = NULL;
2589 const char *reference = NULL;
2590 Visitor *v = NULL;
2591
2592 if (ref->type == QTYPE_QSTRING) {
2593 reference = ref->u.reference;
2594 } else {
2595 BlockdevOptions *options = &ref->u.definition;
2596 assert(ref->type == QTYPE_QDICT);
2597
2598 v = qobject_output_visitor_new(&obj);
2599 visit_type_BlockdevOptions(v, NULL, &options, &local_err);
2600 if (local_err) {
2601 error_propagate(errp, local_err);
2602 goto fail;
2603 }
2604 visit_complete(v, &obj);
2605
2606 qdict = qobject_to(QDict, obj);
2607 qdict_flatten(qdict);
2608
2609 /* bdrv_open_inherit() defaults to the values in bdrv_flags (for
2610 * compatibility with other callers) rather than what we want as the
2611 * real defaults. Apply the defaults here instead. */
2612 qdict_set_default_str(qdict, BDRV_OPT_CACHE_DIRECT, "off");
2613 qdict_set_default_str(qdict, BDRV_OPT_CACHE_NO_FLUSH, "off");
2614 qdict_set_default_str(qdict, BDRV_OPT_READ_ONLY, "off");
2615 qdict_set_default_str(qdict, BDRV_OPT_AUTO_READ_ONLY, "off");
2616
2617 }
2618
2619 bs = bdrv_open_inherit(NULL, reference, qdict, 0, NULL, NULL, errp);
2620 obj = NULL;
2621
2622 fail:
2623 qobject_unref(obj);
2624 visit_free(v);
2625 return bs;
2626 }
2627
2628 static BlockDriverState *bdrv_append_temp_snapshot(BlockDriverState *bs,
2629 int flags,
2630 QDict *snapshot_options,
2631 Error **errp)
2632 {
2633 /* TODO: extra byte is a hack to ensure MAX_PATH space on Windows. */
2634 char *tmp_filename = g_malloc0(PATH_MAX + 1);
2635 int64_t total_size;
2636 QemuOpts *opts = NULL;
2637 BlockDriverState *bs_snapshot = NULL;
2638 Error *local_err = NULL;
2639 int ret;
2640
2641 /* if snapshot, we create a temporary backing file and open it
2642 instead of opening 'filename' directly */
2643
2644 /* Get the required size from the image */
2645 total_size = bdrv_getlength(bs);
2646 if (total_size < 0) {
2647 error_setg_errno(errp, -total_size, "Could not get image size");
2648 goto out;
2649 }
2650
2651 /* Create the temporary image */
2652 ret = get_tmp_filename(tmp_filename, PATH_MAX + 1);
2653 if (ret < 0) {
2654 error_setg_errno(errp, -ret, "Could not get temporary filename");
2655 goto out;
2656 }
2657
2658 opts = qemu_opts_create(bdrv_qcow2.create_opts, NULL, 0,
2659 &error_abort);
2660 qemu_opt_set_number(opts, BLOCK_OPT_SIZE, total_size, &error_abort);
2661 ret = bdrv_create(&bdrv_qcow2, tmp_filename, opts, errp);
2662 qemu_opts_del(opts);
2663 if (ret < 0) {
2664 error_prepend(errp, "Could not create temporary overlay '%s': ",
2665 tmp_filename);
2666 goto out;
2667 }
2668
2669 /* Prepare options QDict for the temporary file */
2670 qdict_put_str(snapshot_options, "file.driver", "file");
2671 qdict_put_str(snapshot_options, "file.filename", tmp_filename);
2672 qdict_put_str(snapshot_options, "driver", "qcow2");
2673
2674 bs_snapshot = bdrv_open(NULL, NULL, snapshot_options, flags, errp);
2675 snapshot_options = NULL;
2676 if (!bs_snapshot) {
2677 goto out;
2678 }
2679
2680 /* bdrv_append() consumes a strong reference to bs_snapshot
2681 * (i.e. it will call bdrv_unref() on it) even on error, so in
2682 * order to be able to return one, we have to increase
2683 * bs_snapshot's refcount here */
2684 bdrv_ref(bs_snapshot);
2685 bdrv_append(bs_snapshot, bs, &local_err);
2686 if (local_err) {
2687 error_propagate(errp, local_err);
2688 bs_snapshot = NULL;
2689 goto out;
2690 }
2691
2692 out:
2693 qobject_unref(snapshot_options);
2694 g_free(tmp_filename);
2695 return bs_snapshot;
2696 }
2697
2698 /*
2699 * Opens a disk image (raw, qcow2, vmdk, ...)
2700 *
2701 * options is a QDict of options to pass to the block drivers, or NULL for an
2702 * empty set of options. The reference to the QDict belongs to the block layer
2703 * after the call (even on failure), so if the caller intends to reuse the
2704 * dictionary, it needs to use qobject_ref() before calling bdrv_open.
2705 *
2706 * If *pbs is NULL, a new BDS will be created with a pointer to it stored there.
2707 * If it is not NULL, the referenced BDS will be reused.
2708 *
2709 * The reference parameter may be used to specify an existing block device which
2710 * should be opened. If specified, neither options nor a filename may be given,
2711 * nor can an existing BDS be reused (that is, *pbs has to be NULL).
2712 */
2713 static BlockDriverState *bdrv_open_inherit(const char *filename,
2714 const char *reference,
2715 QDict *options, int flags,
2716 BlockDriverState *parent,
2717 const BdrvChildRole *child_role,
2718 Error **errp)
2719 {
2720 int ret;
2721 BlockBackend *file = NULL;
2722 BlockDriverState *bs;
2723 BlockDriver *drv = NULL;
2724 BdrvChild *child;
2725 const char *drvname;
2726 const char *backing;
2727 Error *local_err = NULL;
2728 QDict *snapshot_options = NULL;
2729 int snapshot_flags = 0;
2730
2731 assert(!child_role || !flags);
2732 assert(!child_role == !parent);
2733
2734 if (reference) {
2735 bool options_non_empty = options ? qdict_size(options) : false;
2736 qobject_unref(options);
2737
2738 if (filename || options_non_empty) {
2739 error_setg(errp, "Cannot reference an existing block device with "
2740 "additional options or a new filename");
2741 return NULL;
2742 }
2743
2744 bs = bdrv_lookup_bs(reference, reference, errp);
2745 if (!bs) {
2746 return NULL;
2747 }
2748
2749 bdrv_ref(bs);
2750 return bs;
2751 }
2752
2753 bs = bdrv_new();
2754
2755 /* NULL means an empty set of options */
2756 if (options == NULL) {
2757 options = qdict_new();
2758 }
2759
2760 /* json: syntax counts as explicit options, as if in the QDict */
2761 parse_json_protocol(options, &filename, &local_err);
2762 if (local_err) {
2763 goto fail;
2764 }
2765
2766 bs->explicit_options = qdict_clone_shallow(options);
2767
2768 if (child_role) {
2769 bs->inherits_from = parent;
2770 child_role->inherit_options(&flags, options,
2771 parent->open_flags, parent->options);
2772 }
2773
2774 ret = bdrv_fill_options(&options, filename, &flags, &local_err);
2775 if (local_err) {
2776 goto fail;
2777 }
2778
2779 /*
2780 * Set the BDRV_O_RDWR and BDRV_O_ALLOW_RDWR flags.
2781 * Caution: getting a boolean member of @options requires care.
2782 * When @options come from -blockdev or blockdev_add, members are
2783 * typed according to the QAPI schema, but when they come from
2784 * -drive, they're all QString.
2785 */
2786 if (g_strcmp0(qdict_get_try_str(options, BDRV_OPT_READ_ONLY), "on") &&
2787 !qdict_get_try_bool(options, BDRV_OPT_READ_ONLY, false)) {
2788 flags |= (BDRV_O_RDWR | BDRV_O_ALLOW_RDWR);
2789 } else {
2790 flags &= ~BDRV_O_RDWR;
2791 }
2792
2793 if (flags & BDRV_O_SNAPSHOT) {
2794 snapshot_options = qdict_new();
2795 bdrv_temp_snapshot_options(&snapshot_flags, snapshot_options,
2796 flags, options);
2797 /* Let bdrv_backing_options() override "read-only" */
2798 qdict_del(options, BDRV_OPT_READ_ONLY);
2799 bdrv_backing_options(&flags, options, flags, options);
2800 }
2801
2802 bs->open_flags = flags;
2803 bs->options = options;
2804 options = qdict_clone_shallow(options);
2805
2806 /* Find the right image format driver */
2807 /* See cautionary note on accessing @options above */
2808 drvname = qdict_get_try_str(options, "driver");
2809 if (drvname) {
2810 drv = bdrv_find_format(drvname);
2811 if (!drv) {
2812 error_setg(errp, "Unknown driver: '%s'", drvname);
2813 goto fail;
2814 }
2815 }
2816
2817 assert(drvname || !(flags & BDRV_O_PROTOCOL));
2818
2819 /* See cautionary note on accessing @options above */
2820 backing = qdict_get_try_str(options, "backing");
2821 if (qobject_to(QNull, qdict_get(options, "backing")) != NULL ||
2822 (backing && *backing == '\0'))
2823 {
2824 if (backing) {
2825 warn_report("Use of \"backing\": \"\" is deprecated; "
2826 "use \"backing\": null instead");
2827 }
2828 flags |= BDRV_O_NO_BACKING;
2829 qdict_del(options, "backing");
2830 }
2831
2832 /* Open image file without format layer. This BlockBackend is only used for
2833 * probing, the block drivers will do their own bdrv_open_child() for the
2834 * same BDS, which is why we put the node name back into options. */
2835 if ((flags & BDRV_O_PROTOCOL) == 0) {
2836 BlockDriverState *file_bs;
2837
2838 file_bs = bdrv_open_child_bs(filename, options, "file", bs,
2839 &child_file, true, &local_err);
2840 if (local_err) {
2841 goto fail;
2842 }
2843 if (file_bs != NULL) {
2844 /* Not requesting BLK_PERM_CONSISTENT_READ because we're only
2845 * looking at the header to guess the image format. This works even
2846 * in cases where a guest would not see a consistent state. */
2847 file = blk_new(0, BLK_PERM_ALL);
2848 blk_insert_bs(file, file_bs, &local_err);
2849 bdrv_unref(file_bs);
2850 if (local_err) {
2851 goto fail;
2852 }
2853
2854 qdict_put_str(options, "file", bdrv_get_node_name(file_bs));
2855 }
2856 }
2857
2858 /* Image format probing */
2859 bs->probed = !drv;
2860 if (!drv && file) {
2861 ret = find_image_format(file, filename, &drv, &local_err);
2862 if (ret < 0) {
2863 goto fail;
2864 }
2865 /*
2866 * This option update would logically belong in bdrv_fill_options(),
2867 * but we first need to open bs->file for the probing to work, while
2868 * opening bs->file already requires the (mostly) final set of options
2869 * so that cache mode etc. can be inherited.
2870 *
2871 * Adding the driver later is somewhat ugly, but it's not an option
2872 * that would ever be inherited, so it's correct. We just need to make
2873 * sure to update both bs->options (which has the full effective
2874 * options for bs) and options (which has file.* already removed).
2875 */
2876 qdict_put_str(bs->options, "driver", drv->format_name);
2877 qdict_put_str(options, "driver", drv->format_name);
2878 } else if (!drv) {
2879 error_setg(errp, "Must specify either driver or file");
2880 goto fail;
2881 }
2882
2883 /* BDRV_O_PROTOCOL must be set iff a protocol BDS is about to be created */
2884 assert(!!(flags & BDRV_O_PROTOCOL) == !!drv->bdrv_file_open);
2885 /* file must be NULL if a protocol BDS is about to be created
2886 * (the inverse results in an error message from bdrv_open_common()) */
2887 assert(!(flags & BDRV_O_PROTOCOL) || !file);
2888
2889 /* Open the image */
2890 ret = bdrv_open_common(bs, file, options, &local_err);
2891 if (ret < 0) {
2892 goto fail;
2893 }
2894
2895 if (file) {
2896 blk_unref(file);
2897 file = NULL;
2898 }
2899
2900 /* If there is a backing file, use it */
2901 if ((flags & BDRV_O_NO_BACKING) == 0) {
2902 ret = bdrv_open_backing_file(bs, options, "backing", &local_err);
2903 if (ret < 0) {
2904 goto close_and_fail;
2905 }
2906 }
2907
2908 /* Remove all children options and references
2909 * from bs->options and bs->explicit_options */
2910 QLIST_FOREACH(child, &bs->children, next) {
2911 char *child_key_dot;
2912 child_key_dot = g_strdup_printf("%s.", child->name);
2913 qdict_extract_subqdict(bs->explicit_options, NULL, child_key_dot);
2914 qdict_extract_subqdict(bs->options, NULL, child_key_dot);
2915 qdict_del(bs->explicit_options, child->name);
2916 qdict_del(bs->options, child->name);
2917 g_free(child_key_dot);
2918 }
2919
2920 /* Check if any unknown options were used */
2921 if (qdict_size(options) != 0) {
2922 const QDictEntry *entry = qdict_first(options);
2923 if (flags & BDRV_O_PROTOCOL) {
2924 error_setg(errp, "Block protocol '%s' doesn't support the option "
2925 "'%s'", drv->format_name, entry->key);
2926 } else {
2927 error_setg(errp,
2928 "Block format '%s' does not support the option '%s'",
2929 drv->format_name, entry->key);
2930 }
2931
2932 goto close_and_fail;
2933 }
2934
2935 bdrv_parent_cb_change_media(bs, true);
2936
2937 qobject_unref(options);
2938 options = NULL;
2939
2940 /* For snapshot=on, create a temporary qcow2 overlay. bs points to the
2941 * temporary snapshot afterwards. */
2942 if (snapshot_flags) {
2943 BlockDriverState *snapshot_bs;
2944 snapshot_bs = bdrv_append_temp_snapshot(bs, snapshot_flags,
2945 snapshot_options, &local_err);
2946 snapshot_options = NULL;
2947 if (local_err) {
2948 goto close_and_fail;
2949 }
2950 /* We are not going to return bs but the overlay on top of it
2951 * (snapshot_bs); thus, we have to drop the strong reference to bs
2952 * (which we obtained by calling bdrv_new()). bs will not be deleted,
2953 * though, because the overlay still has a reference to it. */
2954 bdrv_unref(bs);
2955 bs = snapshot_bs;
2956 }
2957
2958 return bs;
2959
2960 fail:
2961 blk_unref(file);
2962 qobject_unref(snapshot_options);
2963 qobject_unref(bs->explicit_options);
2964 qobject_unref(bs->options);
2965 qobject_unref(options);
2966 bs->options = NULL;
2967 bs->explicit_options = NULL;
2968 bdrv_unref(bs);
2969 error_propagate(errp, local_err);
2970 return NULL;
2971
2972 close_and_fail:
2973 bdrv_unref(bs);
2974 qobject_unref(snapshot_options);
2975 qobject_unref(options);
2976 error_propagate(errp, local_err);
2977 return NULL;
2978 }
2979
2980 BlockDriverState *bdrv_open(const char *filename, const char *reference,
2981 QDict *options, int flags, Error **errp)
2982 {
2983 return bdrv_open_inherit(filename, reference, options, flags, NULL,
2984 NULL, errp);
2985 }
2986
2987 /* Return true if the NULL-terminated @list contains @str */
2988 static bool is_str_in_list(const char *str, const char *const *list)
2989 {
2990 if (str && list) {
2991 int i;
2992 for (i = 0; list[i] != NULL; i++) {
2993 if (!strcmp(str, list[i])) {
2994 return true;
2995 }
2996 }
2997 }
2998 return false;
2999 }
3000
3001 /*
3002 * Check that every option set in @bs->options is also set in
3003 * @new_opts.
3004 *
3005 * Options listed in the common_options list and in
3006 * @bs->drv->mutable_opts are skipped.
3007 *
3008 * Return 0 on success, otherwise return -EINVAL and set @errp.
3009 */
3010 static int bdrv_reset_options_allowed(BlockDriverState *bs,
3011 const QDict *new_opts, Error **errp)
3012 {
3013 const QDictEntry *e;
3014 /* These options are common to all block drivers and are handled
3015 * in bdrv_reopen_prepare() so they can be left out of @new_opts */
3016 const char *const common_options[] = {
3017 "node-name", "discard", "cache.direct", "cache.no-flush",
3018 "read-only", "auto-read-only", "detect-zeroes", NULL
3019 };
3020
3021 for (e = qdict_first(bs->options); e; e = qdict_next(bs->options, e)) {
3022 if (!qdict_haskey(new_opts, e->key) &&
3023 !is_str_in_list(e->key, common_options) &&
3024 !is_str_in_list(e->key, bs->drv->mutable_opts)) {
3025 error_setg(errp, "Option '%s' cannot be reset "
3026 "to its default value", e->key);
3027 return -EINVAL;
3028 }
3029 }
3030
3031 return 0;
3032 }
3033
3034 /*
3035 * Returns true if @child can be reached recursively from @bs
3036 */
3037 static bool bdrv_recurse_has_child(BlockDriverState *bs,
3038 BlockDriverState *child)
3039 {
3040 BdrvChild *c;
3041
3042 if (bs == child) {
3043 return true;
3044 }
3045
3046 QLIST_FOREACH(c, &bs->children, next) {
3047 if (bdrv_recurse_has_child(c->bs, child)) {
3048 return true;
3049 }
3050 }
3051
3052 return false;
3053 }
3054
3055 /*
3056 * Adds a BlockDriverState to a simple queue for an atomic, transactional
3057 * reopen of multiple devices.
3058 *
3059 * bs_queue can either be an existing BlockReopenQueue that has had QSIMPLE_INIT
3060 * already performed, or alternatively may be NULL a new BlockReopenQueue will
3061 * be created and initialized. This newly created BlockReopenQueue should be
3062 * passed back in for subsequent calls that are intended to be of the same
3063 * atomic 'set'.
3064 *
3065 * bs is the BlockDriverState to add to the reopen queue.
3066 *
3067 * options contains the changed options for the associated bs
3068 * (the BlockReopenQueue takes ownership)
3069 *
3070 * flags contains the open flags for the associated bs
3071 *
3072 * returns a pointer to bs_queue, which is either the newly allocated
3073 * bs_queue, or the existing bs_queue being used.
3074 *
3075 * bs must be drained between bdrv_reopen_queue() and bdrv_reopen_multiple().
3076 */
3077 static BlockReopenQueue *bdrv_reopen_queue_child(BlockReopenQueue *bs_queue,
3078 BlockDriverState *bs,
3079 QDict *options,
3080 const BdrvChildRole *role,
3081 QDict *parent_options,
3082 int parent_flags,
3083 bool keep_old_opts)
3084 {
3085 assert(bs != NULL);
3086
3087 BlockReopenQueueEntry *bs_entry;
3088 BdrvChild *child;
3089 QDict *old_options, *explicit_options, *options_copy;
3090 int flags;
3091 QemuOpts *opts;
3092
3093 /* Make sure that the caller remembered to use a drained section. This is
3094 * important to avoid graph changes between the recursive queuing here and
3095 * bdrv_reopen_multiple(). */
3096 assert(bs->quiesce_counter > 0);
3097
3098 if (bs_queue == NULL) {
3099 bs_queue = g_new0(BlockReopenQueue, 1);
3100 QSIMPLEQ_INIT(bs_queue);
3101 }
3102
3103 if (!options) {
3104 options = qdict_new();
3105 }
3106
3107 /* Check if this BlockDriverState is already in the queue */
3108 QSIMPLEQ_FOREACH(bs_entry, bs_queue, entry) {
3109 if (bs == bs_entry->state.bs) {
3110 break;
3111 }
3112 }
3113
3114 /*
3115 * Precedence of options:
3116 * 1. Explicitly passed in options (highest)
3117 * 2. Retained from explicitly set options of bs
3118 * 3. Inherited from parent node
3119 * 4. Retained from effective options of bs
3120 */
3121
3122 /* Old explicitly set values (don't overwrite by inherited value) */
3123 if (bs_entry || keep_old_opts) {
3124 old_options = qdict_clone_shallow(bs_entry ?
3125 bs_entry->state.explicit_options :
3126 bs->explicit_options);
3127 bdrv_join_options(bs, options, old_options);
3128 qobject_unref(old_options);
3129 }
3130
3131 explicit_options = qdict_clone_shallow(options);
3132
3133 /* Inherit from parent node */
3134 if (parent_options) {
3135 flags = 0;
3136 role->inherit_options(&flags, options, parent_flags, parent_options);
3137 } else {
3138 flags = bdrv_get_flags(bs);
3139 }
3140
3141 if (keep_old_opts) {
3142 /* Old values are used for options that aren't set yet */
3143 old_options = qdict_clone_shallow(bs->options);
3144 bdrv_join_options(bs, options, old_options);
3145 qobject_unref(old_options);
3146 }
3147
3148 /* We have the final set of options so let's update the flags */
3149 options_copy = qdict_clone_shallow(options);
3150 opts = qemu_opts_create(&bdrv_runtime_opts, NULL, 0, &error_abort);
3151 qemu_opts_absorb_qdict(opts, options_copy, NULL);
3152 update_flags_from_options(&flags, opts);
3153 qemu_opts_del(opts);
3154 qobject_unref(options_copy);
3155
3156 /* bdrv_open_inherit() sets and clears some additional flags internally */
3157 flags &= ~BDRV_O_PROTOCOL;
3158 if (flags & BDRV_O_RDWR) {
3159 flags |= BDRV_O_ALLOW_RDWR;
3160 }
3161
3162 if (!bs_entry) {
3163 bs_entry = g_new0(BlockReopenQueueEntry, 1);
3164 QSIMPLEQ_INSERT_TAIL(bs_queue, bs_entry, entry);
3165 } else {
3166 qobject_unref(bs_entry->state.options);
3167 qobject_unref(bs_entry->state.explicit_options);
3168 }
3169
3170 bs_entry->state.bs = bs;
3171 bs_entry->state.options = options;
3172 bs_entry->state.explicit_options = explicit_options;
3173 bs_entry->state.flags = flags;
3174
3175 /* This needs to be overwritten in bdrv_reopen_prepare() */
3176 bs_entry->state.perm = UINT64_MAX;
3177 bs_entry->state.shared_perm = 0;
3178
3179 /*
3180 * If keep_old_opts is false then it means that unspecified
3181 * options must be reset to their original value. We don't allow
3182 * resetting 'backing' but we need to know if the option is
3183 * missing in order to decide if we have to return an error.
3184 */
3185 if (!keep_old_opts) {
3186 bs_entry->state.backing_missing =
3187 !qdict_haskey(options, "backing") &&
3188 !qdict_haskey(options, "backing.driver");
3189 }
3190
3191 QLIST_FOREACH(child, &bs->children, next) {
3192 QDict *new_child_options = NULL;
3193 bool child_keep_old = keep_old_opts;
3194
3195 /* reopen can only change the options of block devices that were
3196 * implicitly created and inherited options. For other (referenced)
3197 * block devices, a syntax like "backing.foo" results in an error. */
3198 if (child->bs->inherits_from != bs) {
3199 continue;
3200 }
3201
3202 /* Check if the options contain a child reference */
3203 if (qdict_haskey(options, child->name)) {
3204 const char *childref = qdict_get_try_str(options, child->name);
3205 /*
3206 * The current child must not be reopened if the child
3207 * reference is null or points to a different node.
3208 */
3209 if (g_strcmp0(childref, child->bs->node_name)) {
3210 continue;
3211 }
3212 /*
3213 * If the child reference points to the current child then
3214 * reopen it with its existing set of options (note that
3215 * it can still inherit new options from the parent).
3216 */
3217 child_keep_old = true;
3218 } else {
3219 /* Extract child options ("child-name.*") */
3220 char *child_key_dot = g_strdup_printf("%s.", child->name);
3221 qdict_extract_subqdict(explicit_options, NULL, child_key_dot);
3222 qdict_extract_subqdict(options, &new_child_options, child_key_dot);
3223 g_free(child_key_dot);
3224 }
3225
3226 bdrv_reopen_queue_child(bs_queue, child->bs, new_child_options,
3227 child->role, options, flags, child_keep_old);
3228 }
3229
3230 return bs_queue;
3231 }
3232
3233 BlockReopenQueue *bdrv_reopen_queue(BlockReopenQueue *bs_queue,
3234 BlockDriverState *bs,
3235 QDict *options, bool keep_old_opts)
3236 {
3237 return bdrv_reopen_queue_child(bs_queue, bs, options, NULL, NULL, 0,
3238 keep_old_opts);
3239 }
3240
3241 /*
3242 * Reopen multiple BlockDriverStates atomically & transactionally.
3243 *
3244 * The queue passed in (bs_queue) must have been built up previous
3245 * via bdrv_reopen_queue().
3246 *
3247 * Reopens all BDS specified in the queue, with the appropriate
3248 * flags. All devices are prepared for reopen, and failure of any
3249 * device will cause all device changes to be abandoned, and intermediate
3250 * data cleaned up.
3251 *
3252 * If all devices prepare successfully, then the changes are committed
3253 * to all devices.
3254 *
3255 * All affected nodes must be drained between bdrv_reopen_queue() and
3256 * bdrv_reopen_multiple().
3257 */
3258 int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
3259 {
3260 int ret = -1;
3261 BlockReopenQueueEntry *bs_entry, *next;
3262
3263 assert(bs_queue != NULL);
3264
3265 QSIMPLEQ_FOREACH(bs_entry, bs_queue, entry) {
3266 assert(bs_entry->state.bs->quiesce_counter > 0);
3267 if (bdrv_reopen_prepare(&bs_entry->state, bs_queue, errp)) {
3268 goto cleanup;
3269 }
3270 bs_entry->prepared = true;
3271 }
3272
3273 QSIMPLEQ_FOREACH(bs_entry, bs_queue, entry) {
3274 BDRVReopenState *state = &bs_entry->state;
3275 ret = bdrv_check_perm(state->bs, bs_queue, state->perm,
3276 state->shared_perm, NULL, errp);
3277 if (ret < 0) {
3278 goto cleanup_perm;
3279 }
3280 /* Check if new_backing_bs would accept the new permissions */
3281 if (state->replace_backing_bs && state->new_backing_bs) {
3282 uint64_t nperm, nshared;
3283 bdrv_child_perm(state->bs, state->new_backing_bs,
3284 NULL, &child_backing, bs_queue,
3285 state->perm, state->shared_perm,
3286 &nperm, &nshared);
3287 ret = bdrv_check_update_perm(state->new_backing_bs, NULL,
3288 nperm, nshared, NULL, errp);
3289 if (ret < 0) {
3290 goto cleanup_perm;
3291 }
3292 }
3293 bs_entry->perms_checked = true;
3294 }
3295
3296 /* If we reach this point, we have success and just need to apply the
3297 * changes
3298 */
3299 QSIMPLEQ_FOREACH(bs_entry, bs_queue, entry) {
3300 bdrv_reopen_commit(&bs_entry->state);
3301 }
3302
3303 ret = 0;
3304 cleanup_perm:
3305 QSIMPLEQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) {
3306 BDRVReopenState *state = &bs_entry->state;
3307
3308 if (!bs_entry->perms_checked) {
3309 continue;
3310 }
3311
3312 if (ret == 0) {
3313 bdrv_set_perm(state->bs, state->perm, state->shared_perm);
3314 } else {
3315 bdrv_abort_perm_update(state->bs);
3316 if (state->replace_backing_bs && state->new_backing_bs) {
3317 bdrv_abort_perm_update(state->new_backing_bs);
3318 }
3319 }
3320 }
3321 cleanup:
3322 QSIMPLEQ_FOREACH_SAFE(bs_entry, bs_queue, entry, next) {
3323 if (ret) {
3324 if (bs_entry->prepared) {
3325 bdrv_reopen_abort(&bs_entry->state);
3326 }
3327 qobject_unref(bs_entry->state.explicit_options);
3328 qobject_unref(bs_entry->state.options);
3329 }
3330 if (bs_entry->state.new_backing_bs) {
3331 bdrv_unref(bs_entry->state.new_backing_bs);
3332 }
3333 g_free(bs_entry);
3334 }
3335 g_free(bs_queue);
3336
3337 return ret;
3338 }
3339
3340 int bdrv_reopen_set_read_only(BlockDriverState *bs, bool read_only,
3341 Error **errp)
3342 {
3343 int ret;
3344 BlockReopenQueue *queue;
3345 QDict *opts = qdict_new();
3346
3347 qdict_put_bool(opts, BDRV_OPT_READ_ONLY, read_only);
3348
3349 bdrv_subtree_drained_begin(bs);
3350 queue = bdrv_reopen_queue(NULL, bs, opts, true);
3351 ret = bdrv_reopen_multiple(queue, errp);
3352 bdrv_subtree_drained_end(bs);
3353
3354 return ret;
3355 }
3356
3357 static BlockReopenQueueEntry *find_parent_in_reopen_queue(BlockReopenQueue *q,
3358 BdrvChild *c)
3359 {
3360 BlockReopenQueueEntry *entry;
3361
3362 QSIMPLEQ_FOREACH(entry, q, entry) {
3363 BlockDriverState *bs = entry->state.bs;
3364 BdrvChild *child;
3365
3366 QLIST_FOREACH(child, &bs->children, next) {
3367 if (child == c) {
3368 return entry;
3369 }
3370 }
3371 }
3372
3373 return NULL;
3374 }
3375
3376 static void bdrv_reopen_perm(BlockReopenQueue *q, BlockDriverState *bs,
3377 uint64_t *perm, uint64_t *shared)
3378 {
3379 BdrvChild *c;
3380 BlockReopenQueueEntry *parent;
3381 uint64_t cumulative_perms = 0;
3382 uint64_t cumulative_shared_perms = BLK_PERM_ALL;
3383
3384 QLIST_FOREACH(c, &bs->parents, next_parent) {
3385 parent = find_parent_in_reopen_queue(q, c);
3386 if (!parent) {
3387 cumulative_perms |= c->perm;
3388 cumulative_shared_perms &= c->shared_perm;
3389 } else {
3390 uint64_t nperm, nshared;
3391
3392 bdrv_child_perm(parent->state.bs, bs, c, c->role, q,
3393 parent->state.perm, parent->state.shared_perm,
3394 &nperm, &nshared);
3395
3396 cumulative_perms |= nperm;
3397 cumulative_shared_perms &= nshared;
3398 }
3399 }
3400 *perm = cumulative_perms;
3401 *shared = cumulative_shared_perms;
3402 }
3403
3404 /*
3405 * Take a BDRVReopenState and check if the value of 'backing' in the
3406 * reopen_state->options QDict is valid or not.
3407 *
3408 * If 'backing' is missing from the QDict then return 0.
3409 *
3410 * If 'backing' contains the node name of the backing file of
3411 * reopen_state->bs then return 0.
3412 *
3413 * If 'backing' contains a different node name (or is null) then check
3414 * whether the current backing file can be replaced with the new one.
3415 * If that's the case then reopen_state->replace_backing_bs is set to
3416 * true and reopen_state->new_backing_bs contains a pointer to the new
3417 * backing BlockDriverState (or NULL).
3418 *
3419 * Return 0 on success, otherwise return < 0 and set @errp.
3420 */
3421 static int bdrv_reopen_parse_backing(BDRVReopenState *reopen_state,
3422 Error **errp)
3423 {
3424 BlockDriverState *bs = reopen_state->bs;
3425 BlockDriverState *overlay_bs, *new_backing_bs;
3426 QObject *value;
3427 const char *str;
3428
3429 value = qdict_get(reopen_state->options, "backing");
3430 if (value == NULL) {
3431 return 0;
3432 }
3433
3434 switch (qobject_type(value)) {
3435 case QTYPE_QNULL:
3436 new_backing_bs = NULL;
3437 break;
3438 case QTYPE_QSTRING:
3439 str = qobject_get_try_str(value);
3440 new_backing_bs = bdrv_lookup_bs(NULL, str, errp);
3441 if (new_backing_bs == NULL) {
3442 return -EINVAL;
3443 } else if (bdrv_recurse_has_child(new_backing_bs, bs)) {
3444 error_setg(errp, "Making '%s' a backing file of '%s' "
3445 "would create a cycle", str, bs->node_name);
3446 return -EINVAL;
3447 }
3448 break;
3449 default:
3450 /* 'backing' does not allow any other data type */
3451 g_assert_not_reached();
3452 }
3453
3454 /*
3455 * TODO: before removing the x- prefix from x-blockdev-reopen we
3456 * should move the new backing file into the right AioContext
3457 * instead of returning an error.
3458 */
3459 if (new_backing_bs) {
3460 if (bdrv_get_aio_context(new_backing_bs) != bdrv_get_aio_context(bs)) {
3461 error_setg(errp, "Cannot use a new backing file "
3462 "with a different AioContext");
3463 return -EINVAL;
3464 }
3465 }
3466
3467 /*
3468 * Find the "actual" backing file by skipping all links that point
3469 * to an implicit node, if any (e.g. a commit filter node).
3470 */
3471 overlay_bs = bs;
3472 while (backing_bs(overlay_bs) && backing_bs(overlay_bs)->implicit) {
3473 overlay_bs = backing_bs(overlay_bs);
3474 }
3475
3476 /* If we want to replace the backing file we need some extra checks */
3477 if (new_backing_bs != backing_bs(overlay_bs)) {
3478 /* Check for implicit nodes between bs and its backing file */
3479 if (bs != overlay_bs) {
3480 error_setg(errp, "Cannot change backing link if '%s' has "
3481 "an implicit backing file", bs->node_name);
3482 return -EPERM;
3483 }
3484 /* Check if the backing link that we want to replace is frozen */
3485 if (bdrv_is_backing_chain_frozen(overlay_bs, backing_bs(overlay_bs),
3486 errp)) {
3487 return -EPERM;
3488 }
3489 reopen_state->replace_backing_bs = true;
3490 if (new_backing_bs) {
3491 bdrv_ref(new_backing_bs);
3492 reopen_state->new_backing_bs = new_backing_bs;
3493 }
3494 }
3495
3496 return 0;
3497 }
3498
3499 /*
3500 * Prepares a BlockDriverState for reopen. All changes are staged in the
3501 * 'opaque' field of the BDRVReopenState, which is used and allocated by
3502 * the block driver layer .bdrv_reopen_prepare()
3503 *
3504 * bs is the BlockDriverState to reopen
3505 * flags are the new open flags
3506 * queue is the reopen queue
3507 *
3508 * Returns 0 on success, non-zero on error. On error errp will be set
3509 * as well.
3510 *
3511 * On failure, bdrv_reopen_abort() will be called to clean up any data.
3512 * It is the responsibility of the caller to then call the abort() or
3513 * commit() for any other BDS that have been left in a prepare() state
3514 *
3515 */
3516 int bdrv_reopen_prepare(BDRVReopenState *reopen_state, BlockReopenQueue *queue,
3517 Error **errp)
3518 {
3519 int ret = -1;
3520 int old_flags;
3521 Error *local_err = NULL;
3522 BlockDriver *drv;
3523 QemuOpts *opts;
3524 QDict *orig_reopen_opts;
3525 char *discard = NULL;
3526 bool read_only;
3527 bool drv_prepared = false;
3528
3529 assert(reopen_state != NULL);
3530 assert(reopen_state->bs->drv != NULL);
3531 drv = reopen_state->bs->drv;
3532
3533 /* This function and each driver's bdrv_reopen_prepare() remove
3534 * entries from reopen_state->options as they are processed, so
3535 * we need to make a copy of the original QDict. */
3536 orig_reopen_opts = qdict_clone_shallow(reopen_state->options);
3537
3538 /* Process generic block layer options */
3539 opts = qemu_opts_create(&bdrv_runtime_opts, NULL, 0, &error_abort);
3540 qemu_opts_absorb_qdict(opts, reopen_state->options, &local_err);
3541 if (local_err) {
3542 error_propagate(errp, local_err);
3543 ret = -EINVAL;
3544 goto error;
3545 }
3546
3547 /* This was already called in bdrv_reopen_queue_child() so the flags
3548