block: convert quorum blockdrv to use crypto APIs
[qemu.git] / block / quorum.c
1 /*
2 * Quorum Block filter
3 *
4 * Copyright (C) 2012-2014 Nodalink, EURL.
5 *
6 * Author:
7 * BenoƮt Canet <benoit.canet@irqsave.net>
8 *
9 * Based on the design and code of blkverify.c (Copyright (C) 2010 IBM, Corp)
10 * and blkmirror.c (Copyright (C) 2011 Red Hat, Inc).
11 *
12 * This work is licensed under the terms of the GNU GPL, version 2 or later.
13 * See the COPYING file in the top-level directory.
14 */
15
16 #include "block/block_int.h"
17 #include "qapi/qmp/qbool.h"
18 #include "qapi/qmp/qdict.h"
19 #include "qapi/qmp/qerror.h"
20 #include "qapi/qmp/qint.h"
21 #include "qapi/qmp/qjson.h"
22 #include "qapi/qmp/qlist.h"
23 #include "qapi/qmp/qstring.h"
24 #include "qapi-event.h"
25 #include "crypto/hash.h"
26
27 #define HASH_LENGTH 32
28
29 #define QUORUM_OPT_VOTE_THRESHOLD "vote-threshold"
30 #define QUORUM_OPT_BLKVERIFY "blkverify"
31 #define QUORUM_OPT_REWRITE "rewrite-corrupted"
32 #define QUORUM_OPT_READ_PATTERN "read-pattern"
33
34 /* This union holds a vote hash value */
35 typedef union QuorumVoteValue {
36 uint8_t h[HASH_LENGTH]; /* SHA-256 hash */
37 int64_t l; /* simpler 64 bits hash */
38 } QuorumVoteValue;
39
40 /* A vote item */
41 typedef struct QuorumVoteItem {
42 int index;
43 QLIST_ENTRY(QuorumVoteItem) next;
44 } QuorumVoteItem;
45
46 /* this structure is a vote version. A version is the set of votes sharing the
47 * same vote value.
48 * The set of votes will be tracked with the items field and its cardinality is
49 * vote_count.
50 */
51 typedef struct QuorumVoteVersion {
52 QuorumVoteValue value;
53 int index;
54 int vote_count;
55 QLIST_HEAD(, QuorumVoteItem) items;
56 QLIST_ENTRY(QuorumVoteVersion) next;
57 } QuorumVoteVersion;
58
59 /* this structure holds a group of vote versions together */
60 typedef struct QuorumVotes {
61 QLIST_HEAD(, QuorumVoteVersion) vote_list;
62 bool (*compare)(QuorumVoteValue *a, QuorumVoteValue *b);
63 } QuorumVotes;
64
65 /* the following structure holds the state of one quorum instance */
66 typedef struct BDRVQuorumState {
67 BlockDriverState **bs; /* children BlockDriverStates */
68 int num_children; /* children count */
69 int threshold; /* if less than threshold children reads gave the
70 * same result a quorum error occurs.
71 */
72 bool is_blkverify; /* true if the driver is in blkverify mode
73 * Writes are mirrored on two children devices.
74 * On reads the two children devices' contents are
75 * compared and if a difference is spotted its
76 * location is printed and the code aborts.
77 * It is useful to debug other block drivers by
78 * comparing them with a reference one.
79 */
80 bool rewrite_corrupted;/* true if the driver must rewrite-on-read corrupted
81 * block if Quorum is reached.
82 */
83
84 QuorumReadPattern read_pattern;
85 } BDRVQuorumState;
86
87 typedef struct QuorumAIOCB QuorumAIOCB;
88
89 /* Quorum will create one instance of the following structure per operation it
90 * performs on its children.
91 * So for each read/write operation coming from the upper layer there will be
92 * $children_count QuorumChildRequest.
93 */
94 typedef struct QuorumChildRequest {
95 BlockAIOCB *aiocb;
96 QEMUIOVector qiov;
97 uint8_t *buf;
98 int ret;
99 QuorumAIOCB *parent;
100 } QuorumChildRequest;
101
102 /* Quorum will use the following structure to track progress of each read/write
103 * operation received by the upper layer.
104 * This structure hold pointers to the QuorumChildRequest structures instances
105 * used to do operations on each children and track overall progress.
106 */
107 struct QuorumAIOCB {
108 BlockAIOCB common;
109
110 /* Request metadata */
111 uint64_t sector_num;
112 int nb_sectors;
113
114 QEMUIOVector *qiov; /* calling IOV */
115
116 QuorumChildRequest *qcrs; /* individual child requests */
117 int count; /* number of completed AIOCB */
118 int success_count; /* number of successfully completed AIOCB */
119
120 int rewrite_count; /* number of replica to rewrite: count down to
121 * zero once writes are fired
122 */
123
124 QuorumVotes votes;
125
126 bool is_read;
127 int vote_ret;
128 int child_iter; /* which child to read in fifo pattern */
129 };
130
131 static bool quorum_vote(QuorumAIOCB *acb);
132
133 static void quorum_aio_cancel(BlockAIOCB *blockacb)
134 {
135 QuorumAIOCB *acb = container_of(blockacb, QuorumAIOCB, common);
136 BDRVQuorumState *s = acb->common.bs->opaque;
137 int i;
138
139 /* cancel all callbacks */
140 for (i = 0; i < s->num_children; i++) {
141 if (acb->qcrs[i].aiocb) {
142 bdrv_aio_cancel_async(acb->qcrs[i].aiocb);
143 }
144 }
145 }
146
147 static AIOCBInfo quorum_aiocb_info = {
148 .aiocb_size = sizeof(QuorumAIOCB),
149 .cancel_async = quorum_aio_cancel,
150 };
151
152 static void quorum_aio_finalize(QuorumAIOCB *acb)
153 {
154 int i, ret = 0;
155
156 if (acb->vote_ret) {
157 ret = acb->vote_ret;
158 }
159
160 acb->common.cb(acb->common.opaque, ret);
161
162 if (acb->is_read) {
163 /* on the quorum case acb->child_iter == s->num_children - 1 */
164 for (i = 0; i <= acb->child_iter; i++) {
165 qemu_vfree(acb->qcrs[i].buf);
166 qemu_iovec_destroy(&acb->qcrs[i].qiov);
167 }
168 }
169
170 g_free(acb->qcrs);
171 qemu_aio_unref(acb);
172 }
173
174 static bool quorum_sha256_compare(QuorumVoteValue *a, QuorumVoteValue *b)
175 {
176 return !memcmp(a->h, b->h, HASH_LENGTH);
177 }
178
179 static bool quorum_64bits_compare(QuorumVoteValue *a, QuorumVoteValue *b)
180 {
181 return a->l == b->l;
182 }
183
184 static QuorumAIOCB *quorum_aio_get(BDRVQuorumState *s,
185 BlockDriverState *bs,
186 QEMUIOVector *qiov,
187 uint64_t sector_num,
188 int nb_sectors,
189 BlockCompletionFunc *cb,
190 void *opaque)
191 {
192 QuorumAIOCB *acb = qemu_aio_get(&quorum_aiocb_info, bs, cb, opaque);
193 int i;
194
195 acb->common.bs->opaque = s;
196 acb->sector_num = sector_num;
197 acb->nb_sectors = nb_sectors;
198 acb->qiov = qiov;
199 acb->qcrs = g_new0(QuorumChildRequest, s->num_children);
200 acb->count = 0;
201 acb->success_count = 0;
202 acb->rewrite_count = 0;
203 acb->votes.compare = quorum_sha256_compare;
204 QLIST_INIT(&acb->votes.vote_list);
205 acb->is_read = false;
206 acb->vote_ret = 0;
207
208 for (i = 0; i < s->num_children; i++) {
209 acb->qcrs[i].buf = NULL;
210 acb->qcrs[i].ret = 0;
211 acb->qcrs[i].parent = acb;
212 }
213
214 return acb;
215 }
216
217 static void quorum_report_bad(QuorumAIOCB *acb, char *node_name, int ret)
218 {
219 const char *msg = NULL;
220 if (ret < 0) {
221 msg = strerror(-ret);
222 }
223 qapi_event_send_quorum_report_bad(!!msg, msg, node_name,
224 acb->sector_num, acb->nb_sectors, &error_abort);
225 }
226
227 static void quorum_report_failure(QuorumAIOCB *acb)
228 {
229 const char *reference = bdrv_get_device_or_node_name(acb->common.bs);
230 qapi_event_send_quorum_failure(reference, acb->sector_num,
231 acb->nb_sectors, &error_abort);
232 }
233
234 static int quorum_vote_error(QuorumAIOCB *acb);
235
236 static bool quorum_has_too_much_io_failed(QuorumAIOCB *acb)
237 {
238 BDRVQuorumState *s = acb->common.bs->opaque;
239
240 if (acb->success_count < s->threshold) {
241 acb->vote_ret = quorum_vote_error(acb);
242 quorum_report_failure(acb);
243 return true;
244 }
245
246 return false;
247 }
248
249 static void quorum_rewrite_aio_cb(void *opaque, int ret)
250 {
251 QuorumAIOCB *acb = opaque;
252
253 /* one less rewrite to do */
254 acb->rewrite_count--;
255
256 /* wait until all rewrite callbacks have completed */
257 if (acb->rewrite_count) {
258 return;
259 }
260
261 quorum_aio_finalize(acb);
262 }
263
264 static BlockAIOCB *read_fifo_child(QuorumAIOCB *acb);
265
266 static void quorum_copy_qiov(QEMUIOVector *dest, QEMUIOVector *source)
267 {
268 int i;
269 assert(dest->niov == source->niov);
270 assert(dest->size == source->size);
271 for (i = 0; i < source->niov; i++) {
272 assert(dest->iov[i].iov_len == source->iov[i].iov_len);
273 memcpy(dest->iov[i].iov_base,
274 source->iov[i].iov_base,
275 source->iov[i].iov_len);
276 }
277 }
278
279 static void quorum_aio_cb(void *opaque, int ret)
280 {
281 QuorumChildRequest *sacb = opaque;
282 QuorumAIOCB *acb = sacb->parent;
283 BDRVQuorumState *s = acb->common.bs->opaque;
284 bool rewrite = false;
285
286 if (acb->is_read && s->read_pattern == QUORUM_READ_PATTERN_FIFO) {
287 /* We try to read next child in FIFO order if we fail to read */
288 if (ret < 0 && ++acb->child_iter < s->num_children) {
289 read_fifo_child(acb);
290 return;
291 }
292
293 if (ret == 0) {
294 quorum_copy_qiov(acb->qiov, &acb->qcrs[acb->child_iter].qiov);
295 }
296 acb->vote_ret = ret;
297 quorum_aio_finalize(acb);
298 return;
299 }
300
301 sacb->ret = ret;
302 acb->count++;
303 if (ret == 0) {
304 acb->success_count++;
305 } else {
306 quorum_report_bad(acb, sacb->aiocb->bs->node_name, ret);
307 }
308 assert(acb->count <= s->num_children);
309 assert(acb->success_count <= s->num_children);
310 if (acb->count < s->num_children) {
311 return;
312 }
313
314 /* Do the vote on read */
315 if (acb->is_read) {
316 rewrite = quorum_vote(acb);
317 } else {
318 quorum_has_too_much_io_failed(acb);
319 }
320
321 /* if no rewrite is done the code will finish right away */
322 if (!rewrite) {
323 quorum_aio_finalize(acb);
324 }
325 }
326
327 static void quorum_report_bad_versions(BDRVQuorumState *s,
328 QuorumAIOCB *acb,
329 QuorumVoteValue *value)
330 {
331 QuorumVoteVersion *version;
332 QuorumVoteItem *item;
333
334 QLIST_FOREACH(version, &acb->votes.vote_list, next) {
335 if (acb->votes.compare(&version->value, value)) {
336 continue;
337 }
338 QLIST_FOREACH(item, &version->items, next) {
339 quorum_report_bad(acb, s->bs[item->index]->node_name, 0);
340 }
341 }
342 }
343
344 static bool quorum_rewrite_bad_versions(BDRVQuorumState *s, QuorumAIOCB *acb,
345 QuorumVoteValue *value)
346 {
347 QuorumVoteVersion *version;
348 QuorumVoteItem *item;
349 int count = 0;
350
351 /* first count the number of bad versions: done first to avoid concurrency
352 * issues.
353 */
354 QLIST_FOREACH(version, &acb->votes.vote_list, next) {
355 if (acb->votes.compare(&version->value, value)) {
356 continue;
357 }
358 QLIST_FOREACH(item, &version->items, next) {
359 count++;
360 }
361 }
362
363 /* quorum_rewrite_aio_cb will count down this to zero */
364 acb->rewrite_count = count;
365
366 /* now fire the correcting rewrites */
367 QLIST_FOREACH(version, &acb->votes.vote_list, next) {
368 if (acb->votes.compare(&version->value, value)) {
369 continue;
370 }
371 QLIST_FOREACH(item, &version->items, next) {
372 bdrv_aio_writev(s->bs[item->index], acb->sector_num, acb->qiov,
373 acb->nb_sectors, quorum_rewrite_aio_cb, acb);
374 }
375 }
376
377 /* return true if any rewrite is done else false */
378 return count;
379 }
380
381 static void quorum_count_vote(QuorumVotes *votes,
382 QuorumVoteValue *value,
383 int index)
384 {
385 QuorumVoteVersion *v = NULL, *version = NULL;
386 QuorumVoteItem *item;
387
388 /* look if we have something with this hash */
389 QLIST_FOREACH(v, &votes->vote_list, next) {
390 if (votes->compare(&v->value, value)) {
391 version = v;
392 break;
393 }
394 }
395
396 /* It's a version not yet in the list add it */
397 if (!version) {
398 version = g_new0(QuorumVoteVersion, 1);
399 QLIST_INIT(&version->items);
400 memcpy(&version->value, value, sizeof(version->value));
401 version->index = index;
402 version->vote_count = 0;
403 QLIST_INSERT_HEAD(&votes->vote_list, version, next);
404 }
405
406 version->vote_count++;
407
408 item = g_new0(QuorumVoteItem, 1);
409 item->index = index;
410 QLIST_INSERT_HEAD(&version->items, item, next);
411 }
412
413 static void quorum_free_vote_list(QuorumVotes *votes)
414 {
415 QuorumVoteVersion *version, *next_version;
416 QuorumVoteItem *item, *next_item;
417
418 QLIST_FOREACH_SAFE(version, &votes->vote_list, next, next_version) {
419 QLIST_REMOVE(version, next);
420 QLIST_FOREACH_SAFE(item, &version->items, next, next_item) {
421 QLIST_REMOVE(item, next);
422 g_free(item);
423 }
424 g_free(version);
425 }
426 }
427
428 static int quorum_compute_hash(QuorumAIOCB *acb, int i, QuorumVoteValue *hash)
429 {
430 QEMUIOVector *qiov = &acb->qcrs[i].qiov;
431 size_t len = sizeof(hash->h);
432 uint8_t *data = hash->h;
433
434 /* XXX - would be nice if we could pass in the Error **
435 * and propagate that back, but this quorum code is
436 * restricted to just errno values currently */
437 if (qcrypto_hash_bytesv(QCRYPTO_HASH_ALG_SHA256,
438 qiov->iov, qiov->niov,
439 &data, &len,
440 NULL) < 0) {
441 return -EINVAL;
442 }
443
444 return 0;
445 }
446
447 static QuorumVoteVersion *quorum_get_vote_winner(QuorumVotes *votes)
448 {
449 int max = 0;
450 QuorumVoteVersion *candidate, *winner = NULL;
451
452 QLIST_FOREACH(candidate, &votes->vote_list, next) {
453 if (candidate->vote_count > max) {
454 max = candidate->vote_count;
455 winner = candidate;
456 }
457 }
458
459 return winner;
460 }
461
462 /* qemu_iovec_compare is handy for blkverify mode because it returns the first
463 * differing byte location. Yet it is handcoded to compare vectors one byte
464 * after another so it does not benefit from the libc SIMD optimizations.
465 * quorum_iovec_compare is written for speed and should be used in the non
466 * blkverify mode of quorum.
467 */
468 static bool quorum_iovec_compare(QEMUIOVector *a, QEMUIOVector *b)
469 {
470 int i;
471 int result;
472
473 assert(a->niov == b->niov);
474 for (i = 0; i < a->niov; i++) {
475 assert(a->iov[i].iov_len == b->iov[i].iov_len);
476 result = memcmp(a->iov[i].iov_base,
477 b->iov[i].iov_base,
478 a->iov[i].iov_len);
479 if (result) {
480 return false;
481 }
482 }
483
484 return true;
485 }
486
487 static void GCC_FMT_ATTR(2, 3) quorum_err(QuorumAIOCB *acb,
488 const char *fmt, ...)
489 {
490 va_list ap;
491
492 va_start(ap, fmt);
493 fprintf(stderr, "quorum: sector_num=%" PRId64 " nb_sectors=%d ",
494 acb->sector_num, acb->nb_sectors);
495 vfprintf(stderr, fmt, ap);
496 fprintf(stderr, "\n");
497 va_end(ap);
498 exit(1);
499 }
500
501 static bool quorum_compare(QuorumAIOCB *acb,
502 QEMUIOVector *a,
503 QEMUIOVector *b)
504 {
505 BDRVQuorumState *s = acb->common.bs->opaque;
506 ssize_t offset;
507
508 /* This driver will replace blkverify in this particular case */
509 if (s->is_blkverify) {
510 offset = qemu_iovec_compare(a, b);
511 if (offset != -1) {
512 quorum_err(acb, "contents mismatch in sector %" PRId64,
513 acb->sector_num +
514 (uint64_t)(offset / BDRV_SECTOR_SIZE));
515 }
516 return true;
517 }
518
519 return quorum_iovec_compare(a, b);
520 }
521
522 /* Do a vote to get the error code */
523 static int quorum_vote_error(QuorumAIOCB *acb)
524 {
525 BDRVQuorumState *s = acb->common.bs->opaque;
526 QuorumVoteVersion *winner = NULL;
527 QuorumVotes error_votes;
528 QuorumVoteValue result_value;
529 int i, ret = 0;
530 bool error = false;
531
532 QLIST_INIT(&error_votes.vote_list);
533 error_votes.compare = quorum_64bits_compare;
534
535 for (i = 0; i < s->num_children; i++) {
536 ret = acb->qcrs[i].ret;
537 if (ret) {
538 error = true;
539 result_value.l = ret;
540 quorum_count_vote(&error_votes, &result_value, i);
541 }
542 }
543
544 if (error) {
545 winner = quorum_get_vote_winner(&error_votes);
546 ret = winner->value.l;
547 }
548
549 quorum_free_vote_list(&error_votes);
550
551 return ret;
552 }
553
554 static bool quorum_vote(QuorumAIOCB *acb)
555 {
556 bool quorum = true;
557 bool rewrite = false;
558 int i, j, ret;
559 QuorumVoteValue hash;
560 BDRVQuorumState *s = acb->common.bs->opaque;
561 QuorumVoteVersion *winner;
562
563 if (quorum_has_too_much_io_failed(acb)) {
564 return false;
565 }
566
567 /* get the index of the first successful read */
568 for (i = 0; i < s->num_children; i++) {
569 if (!acb->qcrs[i].ret) {
570 break;
571 }
572 }
573
574 assert(i < s->num_children);
575
576 /* compare this read with all other successful reads stopping at quorum
577 * failure
578 */
579 for (j = i + 1; j < s->num_children; j++) {
580 if (acb->qcrs[j].ret) {
581 continue;
582 }
583 quorum = quorum_compare(acb, &acb->qcrs[i].qiov, &acb->qcrs[j].qiov);
584 if (!quorum) {
585 break;
586 }
587 }
588
589 /* Every successful read agrees */
590 if (quorum) {
591 quorum_copy_qiov(acb->qiov, &acb->qcrs[i].qiov);
592 return false;
593 }
594
595 /* compute hashes for each successful read, also store indexes */
596 for (i = 0; i < s->num_children; i++) {
597 if (acb->qcrs[i].ret) {
598 continue;
599 }
600 ret = quorum_compute_hash(acb, i, &hash);
601 /* if ever the hash computation failed */
602 if (ret < 0) {
603 acb->vote_ret = ret;
604 goto free_exit;
605 }
606 quorum_count_vote(&acb->votes, &hash, i);
607 }
608
609 /* vote to select the most represented version */
610 winner = quorum_get_vote_winner(&acb->votes);
611
612 /* if the winner count is smaller than threshold the read fails */
613 if (winner->vote_count < s->threshold) {
614 quorum_report_failure(acb);
615 acb->vote_ret = -EIO;
616 goto free_exit;
617 }
618
619 /* we have a winner: copy it */
620 quorum_copy_qiov(acb->qiov, &acb->qcrs[winner->index].qiov);
621
622 /* some versions are bad print them */
623 quorum_report_bad_versions(s, acb, &winner->value);
624
625 /* corruption correction is enabled */
626 if (s->rewrite_corrupted) {
627 rewrite = quorum_rewrite_bad_versions(s, acb, &winner->value);
628 }
629
630 free_exit:
631 /* free lists */
632 quorum_free_vote_list(&acb->votes);
633 return rewrite;
634 }
635
636 static BlockAIOCB *read_quorum_children(QuorumAIOCB *acb)
637 {
638 BDRVQuorumState *s = acb->common.bs->opaque;
639 int i;
640
641 for (i = 0; i < s->num_children; i++) {
642 acb->qcrs[i].buf = qemu_blockalign(s->bs[i], acb->qiov->size);
643 qemu_iovec_init(&acb->qcrs[i].qiov, acb->qiov->niov);
644 qemu_iovec_clone(&acb->qcrs[i].qiov, acb->qiov, acb->qcrs[i].buf);
645 }
646
647 for (i = 0; i < s->num_children; i++) {
648 bdrv_aio_readv(s->bs[i], acb->sector_num, &acb->qcrs[i].qiov,
649 acb->nb_sectors, quorum_aio_cb, &acb->qcrs[i]);
650 }
651
652 return &acb->common;
653 }
654
655 static BlockAIOCB *read_fifo_child(QuorumAIOCB *acb)
656 {
657 BDRVQuorumState *s = acb->common.bs->opaque;
658
659 acb->qcrs[acb->child_iter].buf = qemu_blockalign(s->bs[acb->child_iter],
660 acb->qiov->size);
661 qemu_iovec_init(&acb->qcrs[acb->child_iter].qiov, acb->qiov->niov);
662 qemu_iovec_clone(&acb->qcrs[acb->child_iter].qiov, acb->qiov,
663 acb->qcrs[acb->child_iter].buf);
664 bdrv_aio_readv(s->bs[acb->child_iter], acb->sector_num,
665 &acb->qcrs[acb->child_iter].qiov, acb->nb_sectors,
666 quorum_aio_cb, &acb->qcrs[acb->child_iter]);
667
668 return &acb->common;
669 }
670
671 static BlockAIOCB *quorum_aio_readv(BlockDriverState *bs,
672 int64_t sector_num,
673 QEMUIOVector *qiov,
674 int nb_sectors,
675 BlockCompletionFunc *cb,
676 void *opaque)
677 {
678 BDRVQuorumState *s = bs->opaque;
679 QuorumAIOCB *acb = quorum_aio_get(s, bs, qiov, sector_num,
680 nb_sectors, cb, opaque);
681 acb->is_read = true;
682
683 if (s->read_pattern == QUORUM_READ_PATTERN_QUORUM) {
684 acb->child_iter = s->num_children - 1;
685 return read_quorum_children(acb);
686 }
687
688 acb->child_iter = 0;
689 return read_fifo_child(acb);
690 }
691
692 static BlockAIOCB *quorum_aio_writev(BlockDriverState *bs,
693 int64_t sector_num,
694 QEMUIOVector *qiov,
695 int nb_sectors,
696 BlockCompletionFunc *cb,
697 void *opaque)
698 {
699 BDRVQuorumState *s = bs->opaque;
700 QuorumAIOCB *acb = quorum_aio_get(s, bs, qiov, sector_num, nb_sectors,
701 cb, opaque);
702 int i;
703
704 for (i = 0; i < s->num_children; i++) {
705 acb->qcrs[i].aiocb = bdrv_aio_writev(s->bs[i], sector_num, qiov,
706 nb_sectors, &quorum_aio_cb,
707 &acb->qcrs[i]);
708 }
709
710 return &acb->common;
711 }
712
713 static int64_t quorum_getlength(BlockDriverState *bs)
714 {
715 BDRVQuorumState *s = bs->opaque;
716 int64_t result;
717 int i;
718
719 /* check that all file have the same length */
720 result = bdrv_getlength(s->bs[0]);
721 if (result < 0) {
722 return result;
723 }
724 for (i = 1; i < s->num_children; i++) {
725 int64_t value = bdrv_getlength(s->bs[i]);
726 if (value < 0) {
727 return value;
728 }
729 if (value != result) {
730 return -EIO;
731 }
732 }
733
734 return result;
735 }
736
737 static void quorum_invalidate_cache(BlockDriverState *bs, Error **errp)
738 {
739 BDRVQuorumState *s = bs->opaque;
740 Error *local_err = NULL;
741 int i;
742
743 for (i = 0; i < s->num_children; i++) {
744 bdrv_invalidate_cache(s->bs[i], &local_err);
745 if (local_err) {
746 error_propagate(errp, local_err);
747 return;
748 }
749 }
750 }
751
752 static coroutine_fn int quorum_co_flush(BlockDriverState *bs)
753 {
754 BDRVQuorumState *s = bs->opaque;
755 QuorumVoteVersion *winner = NULL;
756 QuorumVotes error_votes;
757 QuorumVoteValue result_value;
758 int i;
759 int result = 0;
760
761 QLIST_INIT(&error_votes.vote_list);
762 error_votes.compare = quorum_64bits_compare;
763
764 for (i = 0; i < s->num_children; i++) {
765 result = bdrv_co_flush(s->bs[i]);
766 result_value.l = result;
767 quorum_count_vote(&error_votes, &result_value, i);
768 }
769
770 winner = quorum_get_vote_winner(&error_votes);
771 result = winner->value.l;
772
773 quorum_free_vote_list(&error_votes);
774
775 return result;
776 }
777
778 static bool quorum_recurse_is_first_non_filter(BlockDriverState *bs,
779 BlockDriverState *candidate)
780 {
781 BDRVQuorumState *s = bs->opaque;
782 int i;
783
784 for (i = 0; i < s->num_children; i++) {
785 bool perm = bdrv_recurse_is_first_non_filter(s->bs[i],
786 candidate);
787 if (perm) {
788 return true;
789 }
790 }
791
792 return false;
793 }
794
795 static int quorum_valid_threshold(int threshold, int num_children, Error **errp)
796 {
797
798 if (threshold < 1) {
799 error_setg(errp, QERR_INVALID_PARAMETER_VALUE,
800 "vote-threshold", "value >= 1");
801 return -ERANGE;
802 }
803
804 if (threshold > num_children) {
805 error_setg(errp, "threshold may not exceed children count");
806 return -ERANGE;
807 }
808
809 return 0;
810 }
811
812 static QemuOptsList quorum_runtime_opts = {
813 .name = "quorum",
814 .head = QTAILQ_HEAD_INITIALIZER(quorum_runtime_opts.head),
815 .desc = {
816 {
817 .name = QUORUM_OPT_VOTE_THRESHOLD,
818 .type = QEMU_OPT_NUMBER,
819 .help = "The number of vote needed for reaching quorum",
820 },
821 {
822 .name = QUORUM_OPT_BLKVERIFY,
823 .type = QEMU_OPT_BOOL,
824 .help = "Trigger block verify mode if set",
825 },
826 {
827 .name = QUORUM_OPT_REWRITE,
828 .type = QEMU_OPT_BOOL,
829 .help = "Rewrite corrupted block on read quorum",
830 },
831 {
832 .name = QUORUM_OPT_READ_PATTERN,
833 .type = QEMU_OPT_STRING,
834 .help = "Allowed pattern: quorum, fifo. Quorum is default",
835 },
836 { /* end of list */ }
837 },
838 };
839
840 static int parse_read_pattern(const char *opt)
841 {
842 int i;
843
844 if (!opt) {
845 /* Set quorum as default */
846 return QUORUM_READ_PATTERN_QUORUM;
847 }
848
849 for (i = 0; i < QUORUM_READ_PATTERN_MAX; i++) {
850 if (!strcmp(opt, QuorumReadPattern_lookup[i])) {
851 return i;
852 }
853 }
854
855 return -EINVAL;
856 }
857
858 static int quorum_open(BlockDriverState *bs, QDict *options, int flags,
859 Error **errp)
860 {
861 BDRVQuorumState *s = bs->opaque;
862 Error *local_err = NULL;
863 QemuOpts *opts = NULL;
864 bool *opened;
865 int i;
866 int ret = 0;
867
868 if (!qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA256)) {
869 error_setg(errp,
870 "SHA256 hash support is required for quorum device");
871 return -EINVAL;
872 }
873
874 qdict_flatten(options);
875
876 /* count how many different children are present */
877 s->num_children = qdict_array_entries(options, "children.");
878 if (s->num_children < 0) {
879 error_setg(&local_err, "Option children is not a valid array");
880 ret = -EINVAL;
881 goto exit;
882 }
883 if (s->num_children < 2) {
884 error_setg(&local_err,
885 "Number of provided children must be greater than 1");
886 ret = -EINVAL;
887 goto exit;
888 }
889
890 opts = qemu_opts_create(&quorum_runtime_opts, NULL, 0, &error_abort);
891 qemu_opts_absorb_qdict(opts, options, &local_err);
892 if (local_err) {
893 ret = -EINVAL;
894 goto exit;
895 }
896
897 s->threshold = qemu_opt_get_number(opts, QUORUM_OPT_VOTE_THRESHOLD, 0);
898 ret = parse_read_pattern(qemu_opt_get(opts, QUORUM_OPT_READ_PATTERN));
899 if (ret < 0) {
900 error_setg(&local_err, "Please set read-pattern as fifo or quorum");
901 goto exit;
902 }
903 s->read_pattern = ret;
904
905 if (s->read_pattern == QUORUM_READ_PATTERN_QUORUM) {
906 /* and validate it against s->num_children */
907 ret = quorum_valid_threshold(s->threshold, s->num_children, &local_err);
908 if (ret < 0) {
909 goto exit;
910 }
911
912 /* is the driver in blkverify mode */
913 if (qemu_opt_get_bool(opts, QUORUM_OPT_BLKVERIFY, false) &&
914 s->num_children == 2 && s->threshold == 2) {
915 s->is_blkverify = true;
916 } else if (qemu_opt_get_bool(opts, QUORUM_OPT_BLKVERIFY, false)) {
917 fprintf(stderr, "blkverify mode is set by setting blkverify=on "
918 "and using two files with vote_threshold=2\n");
919 }
920
921 s->rewrite_corrupted = qemu_opt_get_bool(opts, QUORUM_OPT_REWRITE,
922 false);
923 if (s->rewrite_corrupted && s->is_blkverify) {
924 error_setg(&local_err,
925 "rewrite-corrupted=on cannot be used with blkverify=on");
926 ret = -EINVAL;
927 goto exit;
928 }
929 }
930
931 /* allocate the children BlockDriverState array */
932 s->bs = g_new0(BlockDriverState *, s->num_children);
933 opened = g_new0(bool, s->num_children);
934
935 for (i = 0; i < s->num_children; i++) {
936 char indexstr[32];
937 ret = snprintf(indexstr, 32, "children.%d", i);
938 assert(ret < 32);
939
940 ret = bdrv_open_image(&s->bs[i], NULL, options, indexstr, bs,
941 &child_format, false, &local_err);
942 if (ret < 0) {
943 goto close_exit;
944 }
945
946 opened[i] = true;
947 }
948
949 g_free(opened);
950 goto exit;
951
952 close_exit:
953 /* cleanup on error */
954 for (i = 0; i < s->num_children; i++) {
955 if (!opened[i]) {
956 continue;
957 }
958 bdrv_unref(s->bs[i]);
959 }
960 g_free(s->bs);
961 g_free(opened);
962 exit:
963 qemu_opts_del(opts);
964 /* propagate error */
965 if (local_err) {
966 error_propagate(errp, local_err);
967 }
968 return ret;
969 }
970
971 static void quorum_close(BlockDriverState *bs)
972 {
973 BDRVQuorumState *s = bs->opaque;
974 int i;
975
976 for (i = 0; i < s->num_children; i++) {
977 bdrv_unref(s->bs[i]);
978 }
979
980 g_free(s->bs);
981 }
982
983 static void quorum_detach_aio_context(BlockDriverState *bs)
984 {
985 BDRVQuorumState *s = bs->opaque;
986 int i;
987
988 for (i = 0; i < s->num_children; i++) {
989 bdrv_detach_aio_context(s->bs[i]);
990 }
991 }
992
993 static void quorum_attach_aio_context(BlockDriverState *bs,
994 AioContext *new_context)
995 {
996 BDRVQuorumState *s = bs->opaque;
997 int i;
998
999 for (i = 0; i < s->num_children; i++) {
1000 bdrv_attach_aio_context(s->bs[i], new_context);
1001 }
1002 }
1003
1004 static void quorum_refresh_filename(BlockDriverState *bs)
1005 {
1006 BDRVQuorumState *s = bs->opaque;
1007 QDict *opts;
1008 QList *children;
1009 int i;
1010
1011 for (i = 0; i < s->num_children; i++) {
1012 bdrv_refresh_filename(s->bs[i]);
1013 if (!s->bs[i]->full_open_options) {
1014 return;
1015 }
1016 }
1017
1018 children = qlist_new();
1019 for (i = 0; i < s->num_children; i++) {
1020 QINCREF(s->bs[i]->full_open_options);
1021 qlist_append_obj(children, QOBJECT(s->bs[i]->full_open_options));
1022 }
1023
1024 opts = qdict_new();
1025 qdict_put_obj(opts, "driver", QOBJECT(qstring_from_str("quorum")));
1026 qdict_put_obj(opts, QUORUM_OPT_VOTE_THRESHOLD,
1027 QOBJECT(qint_from_int(s->threshold)));
1028 qdict_put_obj(opts, QUORUM_OPT_BLKVERIFY,
1029 QOBJECT(qbool_from_bool(s->is_blkverify)));
1030 qdict_put_obj(opts, QUORUM_OPT_REWRITE,
1031 QOBJECT(qbool_from_bool(s->rewrite_corrupted)));
1032 qdict_put_obj(opts, "children", QOBJECT(children));
1033
1034 bs->full_open_options = opts;
1035 }
1036
1037 static BlockDriver bdrv_quorum = {
1038 .format_name = "quorum",
1039 .protocol_name = "quorum",
1040
1041 .instance_size = sizeof(BDRVQuorumState),
1042
1043 .bdrv_file_open = quorum_open,
1044 .bdrv_close = quorum_close,
1045 .bdrv_refresh_filename = quorum_refresh_filename,
1046
1047 .bdrv_co_flush_to_disk = quorum_co_flush,
1048
1049 .bdrv_getlength = quorum_getlength,
1050
1051 .bdrv_aio_readv = quorum_aio_readv,
1052 .bdrv_aio_writev = quorum_aio_writev,
1053 .bdrv_invalidate_cache = quorum_invalidate_cache,
1054
1055 .bdrv_detach_aio_context = quorum_detach_aio_context,
1056 .bdrv_attach_aio_context = quorum_attach_aio_context,
1057
1058 .is_filter = true,
1059 .bdrv_recurse_is_first_non_filter = quorum_recurse_is_first_non_filter,
1060 };
1061
1062 static void bdrv_quorum_init(void)
1063 {
1064 bdrv_register(&bdrv_quorum);
1065 }
1066
1067 block_init(bdrv_quorum_init);