2
* Block driver for the QCOW version 2 format
4
* Copyright (c) 2004-2006 Fabrice Bellard
6
* Permission is hereby granted, free of charge, to any person obtaining a copy
7
* of this software and associated documentation files (the "Software"), to deal
8
* in the Software without restriction, including without limitation the rights
9
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10
* copies of the Software, and to permit persons to whom the Software is
11
* furnished to do so, subject to the following conditions:
13
* The above copyright notice and this permission notice shall be included in
14
* all copies or substantial portions of the Software.
16
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25
#include "qemu-common.h"
26
#include "block_int.h"
27
#include "block/qcow2.h"
29
static int64_t alloc_clusters_noref(BlockDriverState *bs, int64_t size);
30
static int QEMU_WARN_UNUSED_RESULT update_refcount(BlockDriverState *bs,
31
int64_t offset, int64_t length,
35
/*********************************************************/
36
/* refcount handling */
38
int qcow2_refcount_init(BlockDriverState *bs)
40
BDRVQcowState *s = bs->opaque;
41
int ret, refcount_table_size2, i;
43
refcount_table_size2 = s->refcount_table_size * sizeof(uint64_t);
44
s->refcount_table = qemu_malloc(refcount_table_size2);
45
if (s->refcount_table_size > 0) {
46
BLKDBG_EVENT(bs->file, BLKDBG_REFTABLE_LOAD);
47
ret = bdrv_pread(bs->file, s->refcount_table_offset,
48
s->refcount_table, refcount_table_size2);
49
if (ret != refcount_table_size2)
51
for(i = 0; i < s->refcount_table_size; i++)
52
be64_to_cpus(&s->refcount_table[i]);
59
void qcow2_refcount_close(BlockDriverState *bs)
61
BDRVQcowState *s = bs->opaque;
62
qemu_free(s->refcount_table);
66
static int load_refcount_block(BlockDriverState *bs,
67
int64_t refcount_block_offset,
68
void **refcount_block)
70
BDRVQcowState *s = bs->opaque;
73
BLKDBG_EVENT(bs->file, BLKDBG_REFBLOCK_LOAD);
74
ret = qcow2_cache_get(bs, s->refcount_block_cache, refcount_block_offset,
81
* Returns the refcount of the cluster given by its index. Any non-negative
82
* return value is the refcount of the cluster, negative values are -errno
83
* and indicate an error.
85
static int get_refcount(BlockDriverState *bs, int64_t cluster_index)
87
BDRVQcowState *s = bs->opaque;
88
int refcount_table_index, block_index;
89
int64_t refcount_block_offset;
91
uint16_t *refcount_block;
94
refcount_table_index = cluster_index >> (s->cluster_bits - REFCOUNT_SHIFT);
95
if (refcount_table_index >= s->refcount_table_size)
97
refcount_block_offset = s->refcount_table[refcount_table_index];
98
if (!refcount_block_offset)
101
ret = qcow2_cache_get(bs, s->refcount_block_cache, refcount_block_offset,
102
(void**) &refcount_block);
107
block_index = cluster_index &
108
((1 << (s->cluster_bits - REFCOUNT_SHIFT)) - 1);
109
refcount = be16_to_cpu(refcount_block[block_index]);
111
ret = qcow2_cache_put(bs, s->refcount_block_cache,
112
(void**) &refcount_block);
121
* Rounds the refcount table size up to avoid growing the table for each single
122
* refcount block that is allocated.
124
static unsigned int next_refcount_table_size(BDRVQcowState *s,
125
unsigned int min_size)
127
unsigned int min_clusters = (min_size >> (s->cluster_bits - 3)) + 1;
128
unsigned int refcount_table_clusters =
129
MAX(1, s->refcount_table_size >> (s->cluster_bits - 3));
131
while (min_clusters > refcount_table_clusters) {
132
refcount_table_clusters = (refcount_table_clusters * 3 + 1) / 2;
135
return refcount_table_clusters << (s->cluster_bits - 3);
139
/* Checks if two offsets are described by the same refcount block */
140
static int in_same_refcount_block(BDRVQcowState *s, uint64_t offset_a,
143
uint64_t block_a = offset_a >> (2 * s->cluster_bits - REFCOUNT_SHIFT);
144
uint64_t block_b = offset_b >> (2 * s->cluster_bits - REFCOUNT_SHIFT);
146
return (block_a == block_b);
150
* Loads a refcount block. If it doesn't exist yet, it is allocated first
151
* (including growing the refcount table if needed).
153
* Returns 0 on success or -errno in error case
155
static int alloc_refcount_block(BlockDriverState *bs,
156
int64_t cluster_index, uint16_t **refcount_block)
158
BDRVQcowState *s = bs->opaque;
159
unsigned int refcount_table_index;
162
BLKDBG_EVENT(bs->file, BLKDBG_REFBLOCK_ALLOC);
164
/* Find the refcount block for the given cluster */
165
refcount_table_index = cluster_index >> (s->cluster_bits - REFCOUNT_SHIFT);
167
if (refcount_table_index < s->refcount_table_size) {
169
uint64_t refcount_block_offset =
170
s->refcount_table[refcount_table_index];
172
/* If it's already there, we're done */
173
if (refcount_block_offset) {
174
return load_refcount_block(bs, refcount_block_offset,
175
(void**) refcount_block);
180
* If we came here, we need to allocate something. Something is at least
181
* a cluster for the new refcount block. It may also include a new refcount
182
* table if the old refcount table is too small.
184
* Note that allocating clusters here needs some special care:
186
* - We can't use the normal qcow2_alloc_clusters(), it would try to
187
* increase the refcount and very likely we would end up with an endless
188
* recursion. Instead we must place the refcount blocks in a way that
189
* they can describe them themselves.
191
* - We need to consider that at this point we are inside update_refcounts
192
* and doing the initial refcount increase. This means that some clusters
193
* have already been allocated by the caller, but their refcount isn't
194
* accurate yet. free_cluster_index tells us where this allocation ends
195
* as long as we don't overwrite it by freeing clusters.
197
* - alloc_clusters_noref and qcow2_free_clusters may load a different
198
* refcount block into the cache
201
*refcount_block = NULL;
203
/* We write to the refcount table, so we might depend on L2 tables */
204
qcow2_cache_flush(bs, s->l2_table_cache);
206
/* Allocate the refcount block itself and mark it as used */
207
int64_t new_block = alloc_clusters_noref(bs, s->cluster_size);
213
fprintf(stderr, "qcow2: Allocate refcount block %d for %" PRIx64
215
refcount_table_index, cluster_index << s->cluster_bits, new_block);
218
if (in_same_refcount_block(s, new_block, cluster_index << s->cluster_bits)) {
219
/* Zero the new refcount block before updating it */
220
ret = qcow2_cache_get_empty(bs, s->refcount_block_cache, new_block,
221
(void**) refcount_block);
226
memset(*refcount_block, 0, s->cluster_size);
228
/* The block describes itself, need to update the cache */
229
int block_index = (new_block >> s->cluster_bits) &
230
((1 << (s->cluster_bits - REFCOUNT_SHIFT)) - 1);
231
(*refcount_block)[block_index] = cpu_to_be16(1);
233
/* Described somewhere else. This can recurse at most twice before we
234
* arrive at a block that describes itself. */
235
ret = update_refcount(bs, new_block, s->cluster_size, 1);
240
bdrv_flush(bs->file);
242
/* Initialize the new refcount block only after updating its refcount,
243
* update_refcount uses the refcount cache itself */
244
ret = qcow2_cache_get_empty(bs, s->refcount_block_cache, new_block,
245
(void**) refcount_block);
250
memset(*refcount_block, 0, s->cluster_size);
253
/* Now the new refcount block needs to be written to disk */
254
BLKDBG_EVENT(bs->file, BLKDBG_REFBLOCK_ALLOC_WRITE);
255
qcow2_cache_entry_mark_dirty(s->refcount_block_cache, *refcount_block);
256
ret = qcow2_cache_flush(bs, s->refcount_block_cache);
261
/* If the refcount table is big enough, just hook the block up there */
262
if (refcount_table_index < s->refcount_table_size) {
263
uint64_t data64 = cpu_to_be64(new_block);
264
BLKDBG_EVENT(bs->file, BLKDBG_REFBLOCK_ALLOC_HOOKUP);
265
ret = bdrv_pwrite_sync(bs->file,
266
s->refcount_table_offset + refcount_table_index * sizeof(uint64_t),
267
&data64, sizeof(data64));
272
s->refcount_table[refcount_table_index] = new_block;
276
ret = qcow2_cache_put(bs, s->refcount_block_cache, (void**) refcount_block);
282
* If we come here, we need to grow the refcount table. Again, a new
283
* refcount table needs some space and we can't simply allocate to avoid
286
* Therefore let's grab new refcount blocks at the end of the image, which
287
* will describe themselves and the new refcount table. This way we can
288
* reference them only in the new table and do the switch to the new
289
* refcount table at once without producing an inconsistent state in
292
BLKDBG_EVENT(bs->file, BLKDBG_REFTABLE_GROW);
294
/* Calculate the number of refcount blocks needed so far */
295
uint64_t refcount_block_clusters = 1 << (s->cluster_bits - REFCOUNT_SHIFT);
296
uint64_t blocks_used = (s->free_cluster_index +
297
refcount_block_clusters - 1) / refcount_block_clusters;
299
/* And now we need at least one block more for the new metadata */
300
uint64_t table_size = next_refcount_table_size(s, blocks_used + 1);
301
uint64_t last_table_size;
302
uint64_t blocks_clusters;
304
uint64_t table_clusters = size_to_clusters(s, table_size);
305
blocks_clusters = 1 +
306
((table_clusters + refcount_block_clusters - 1)
307
/ refcount_block_clusters);
308
uint64_t meta_clusters = table_clusters + blocks_clusters;
310
last_table_size = table_size;
311
table_size = next_refcount_table_size(s, blocks_used +
312
((meta_clusters + refcount_block_clusters - 1)
313
/ refcount_block_clusters));
315
} while (last_table_size != table_size);
318
fprintf(stderr, "qcow2: Grow refcount table %" PRId32 " => %" PRId64 "\n",
319
s->refcount_table_size, table_size);
322
/* Create the new refcount table and blocks */
323
uint64_t meta_offset = (blocks_used * refcount_block_clusters) *
325
uint64_t table_offset = meta_offset + blocks_clusters * s->cluster_size;
326
uint16_t *new_blocks = qemu_mallocz(blocks_clusters * s->cluster_size);
327
uint64_t *new_table = qemu_mallocz(table_size * sizeof(uint64_t));
329
assert(meta_offset >= (s->free_cluster_index * s->cluster_size));
331
/* Fill the new refcount table */
332
memcpy(new_table, s->refcount_table,
333
s->refcount_table_size * sizeof(uint64_t));
334
new_table[refcount_table_index] = new_block;
337
for (i = 0; i < blocks_clusters; i++) {
338
new_table[blocks_used + i] = meta_offset + (i * s->cluster_size);
341
/* Fill the refcount blocks */
342
uint64_t table_clusters = size_to_clusters(s, table_size * sizeof(uint64_t));
344
for (i = 0; i < table_clusters + blocks_clusters; i++) {
345
new_blocks[block++] = cpu_to_be16(1);
348
/* Write refcount blocks to disk */
349
BLKDBG_EVENT(bs->file, BLKDBG_REFBLOCK_ALLOC_WRITE_BLOCKS);
350
ret = bdrv_pwrite_sync(bs->file, meta_offset, new_blocks,
351
blocks_clusters * s->cluster_size);
352
qemu_free(new_blocks);
357
/* Write refcount table to disk */
358
for(i = 0; i < table_size; i++) {
359
cpu_to_be64s(&new_table[i]);
362
BLKDBG_EVENT(bs->file, BLKDBG_REFBLOCK_ALLOC_WRITE_TABLE);
363
ret = bdrv_pwrite_sync(bs->file, table_offset, new_table,
364
table_size * sizeof(uint64_t));
369
for(i = 0; i < table_size; i++) {
370
cpu_to_be64s(&new_table[i]);
373
/* Hook up the new refcount table in the qcow2 header */
375
cpu_to_be64w((uint64_t*)data, table_offset);
376
cpu_to_be32w((uint32_t*)(data + 8), table_clusters);
377
BLKDBG_EVENT(bs->file, BLKDBG_REFBLOCK_ALLOC_SWITCH_TABLE);
378
ret = bdrv_pwrite_sync(bs->file, offsetof(QCowHeader, refcount_table_offset),
384
/* And switch it in memory */
385
uint64_t old_table_offset = s->refcount_table_offset;
386
uint64_t old_table_size = s->refcount_table_size;
388
qemu_free(s->refcount_table);
389
s->refcount_table = new_table;
390
s->refcount_table_size = table_size;
391
s->refcount_table_offset = table_offset;
393
/* Free old table. Remember, we must not change free_cluster_index */
394
uint64_t old_free_cluster_index = s->free_cluster_index;
395
qcow2_free_clusters(bs, old_table_offset, old_table_size * sizeof(uint64_t));
396
s->free_cluster_index = old_free_cluster_index;
398
ret = load_refcount_block(bs, new_block, (void**) refcount_block);
406
qemu_free(new_table);
408
if (*refcount_block != NULL) {
409
qcow2_cache_put(bs, s->refcount_block_cache, (void**) refcount_block);
414
/* XXX: cache several refcount block clusters ? */
415
static int QEMU_WARN_UNUSED_RESULT update_refcount(BlockDriverState *bs,
416
int64_t offset, int64_t length, int addend)
418
BDRVQcowState *s = bs->opaque;
419
int64_t start, last, cluster_offset;
420
uint16_t *refcount_block = NULL;
421
int64_t old_table_index = -1;
425
printf("update_refcount: offset=%" PRId64 " size=%" PRId64 " addend=%d\n",
426
offset, length, addend);
430
} else if (length == 0) {
435
qcow2_cache_set_dependency(bs, s->refcount_block_cache,
439
start = offset & ~(s->cluster_size - 1);
440
last = (offset + length - 1) & ~(s->cluster_size - 1);
441
for(cluster_offset = start; cluster_offset <= last;
442
cluster_offset += s->cluster_size)
444
int block_index, refcount;
445
int64_t cluster_index = cluster_offset >> s->cluster_bits;
446
int64_t table_index =
447
cluster_index >> (s->cluster_bits - REFCOUNT_SHIFT);
449
/* Load the refcount block and allocate it if needed */
450
if (table_index != old_table_index) {
451
if (refcount_block) {
452
ret = qcow2_cache_put(bs, s->refcount_block_cache,
453
(void**) &refcount_block);
459
ret = alloc_refcount_block(bs, cluster_index, &refcount_block);
464
old_table_index = table_index;
466
qcow2_cache_entry_mark_dirty(s->refcount_block_cache, refcount_block);
468
/* we can update the count and save it */
469
block_index = cluster_index &
470
((1 << (s->cluster_bits - REFCOUNT_SHIFT)) - 1);
472
refcount = be16_to_cpu(refcount_block[block_index]);
474
if (refcount < 0 || refcount > 0xffff) {
478
if (refcount == 0 && cluster_index < s->free_cluster_index) {
479
s->free_cluster_index = cluster_index;
481
refcount_block[block_index] = cpu_to_be16(refcount);
486
/* Write last changed block to disk */
487
if (refcount_block) {
489
wret = qcow2_cache_put(bs, s->refcount_block_cache,
490
(void**) &refcount_block);
492
return ret < 0 ? ret : wret;
497
* Try do undo any updates if an error is returned (This may succeed in
498
* some cases like ENOSPC for allocating a new refcount block)
502
dummy = update_refcount(bs, offset, cluster_offset - offset, -addend);
510
* Increases or decreases the refcount of a given cluster by one.
511
* addend must be 1 or -1.
513
* If the return value is non-negative, it is the new refcount of the cluster.
514
* If it is negative, it is -errno and indicates an error.
516
static int update_cluster_refcount(BlockDriverState *bs,
517
int64_t cluster_index,
520
BDRVQcowState *s = bs->opaque;
523
ret = update_refcount(bs, cluster_index << s->cluster_bits, 1, addend);
528
bdrv_flush(bs->file);
530
return get_refcount(bs, cluster_index);
535
/*********************************************************/
536
/* cluster allocation functions */
540
/* return < 0 if error */
541
static int64_t alloc_clusters_noref(BlockDriverState *bs, int64_t size)
543
BDRVQcowState *s = bs->opaque;
544
int i, nb_clusters, refcount;
546
nb_clusters = size_to_clusters(s, size);
548
for(i = 0; i < nb_clusters; i++) {
549
int64_t next_cluster_index = s->free_cluster_index++;
550
refcount = get_refcount(bs, next_cluster_index);
554
} else if (refcount != 0) {
559
printf("alloc_clusters: size=%" PRId64 " -> %" PRId64 "\n",
561
(s->free_cluster_index - nb_clusters) << s->cluster_bits);
563
return (s->free_cluster_index - nb_clusters) << s->cluster_bits;
566
int64_t qcow2_alloc_clusters(BlockDriverState *bs, int64_t size)
571
BLKDBG_EVENT(bs->file, BLKDBG_CLUSTER_ALLOC);
572
offset = alloc_clusters_noref(bs, size);
577
ret = update_refcount(bs, offset, size, 1);
585
/* only used to allocate compressed sectors. We try to allocate
586
contiguous sectors. size must be <= cluster_size */
587
int64_t qcow2_alloc_bytes(BlockDriverState *bs, int size)
589
BDRVQcowState *s = bs->opaque;
590
int64_t offset, cluster_offset;
593
BLKDBG_EVENT(bs->file, BLKDBG_CLUSTER_ALLOC_BYTES);
594
assert(size > 0 && size <= s->cluster_size);
595
if (s->free_byte_offset == 0) {
596
s->free_byte_offset = qcow2_alloc_clusters(bs, s->cluster_size);
597
if (s->free_byte_offset < 0) {
598
return s->free_byte_offset;
602
free_in_cluster = s->cluster_size -
603
(s->free_byte_offset & (s->cluster_size - 1));
604
if (size <= free_in_cluster) {
605
/* enough space in current cluster */
606
offset = s->free_byte_offset;
607
s->free_byte_offset += size;
608
free_in_cluster -= size;
609
if (free_in_cluster == 0)
610
s->free_byte_offset = 0;
611
if ((offset & (s->cluster_size - 1)) != 0)
612
update_cluster_refcount(bs, offset >> s->cluster_bits, 1);
614
offset = qcow2_alloc_clusters(bs, s->cluster_size);
618
cluster_offset = s->free_byte_offset & ~(s->cluster_size - 1);
619
if ((cluster_offset + s->cluster_size) == offset) {
620
/* we are lucky: contiguous data */
621
offset = s->free_byte_offset;
622
update_cluster_refcount(bs, offset >> s->cluster_bits, 1);
623
s->free_byte_offset += size;
625
s->free_byte_offset = offset;
630
bdrv_flush(bs->file);
634
void qcow2_free_clusters(BlockDriverState *bs,
635
int64_t offset, int64_t size)
639
BLKDBG_EVENT(bs->file, BLKDBG_CLUSTER_FREE);
640
ret = update_refcount(bs, offset, size, -1);
642
fprintf(stderr, "qcow2_free_clusters failed: %s\n", strerror(-ret));
643
/* TODO Remember the clusters to free them later and avoid leaking */
650
* free clusters according to its type: compressed or not
654
void qcow2_free_any_clusters(BlockDriverState *bs,
655
uint64_t cluster_offset, int nb_clusters)
657
BDRVQcowState *s = bs->opaque;
659
/* free the cluster */
661
if (cluster_offset & QCOW_OFLAG_COMPRESSED) {
663
nb_csectors = ((cluster_offset >> s->csize_shift) &
665
qcow2_free_clusters(bs,
666
(cluster_offset & s->cluster_offset_mask) & ~511,
671
qcow2_free_clusters(bs, cluster_offset, nb_clusters << s->cluster_bits);
678
/*********************************************************/
679
/* snapshots and image creation */
683
void qcow2_create_refcount_update(QCowCreateState *s, int64_t offset,
687
int64_t start, last, cluster_offset;
690
start = offset & ~(s->cluster_size - 1);
691
last = (offset + size - 1) & ~(s->cluster_size - 1);
692
for(cluster_offset = start; cluster_offset <= last;
693
cluster_offset += s->cluster_size) {
694
p = &s->refcount_block[cluster_offset >> s->cluster_bits];
695
refcount = be16_to_cpu(*p);
697
*p = cpu_to_be16(refcount);
701
/* update the refcounts of snapshots and the copied flag */
702
int qcow2_update_snapshot_refcount(BlockDriverState *bs,
703
int64_t l1_table_offset, int l1_size, int addend)
705
BDRVQcowState *s = bs->opaque;
706
uint64_t *l1_table, *l2_table, l2_offset, offset, l1_size2, l1_allocated;
707
int64_t old_offset, old_l2_offset;
708
int i, j, l1_modified = 0, nb_csectors, refcount;
710
bool old_l2_writethrough, old_refcount_writethrough;
712
/* Switch caches to writeback mode during update */
713
old_l2_writethrough =
714
qcow2_cache_set_writethrough(bs, s->l2_table_cache, false);
715
old_refcount_writethrough =
716
qcow2_cache_set_writethrough(bs, s->refcount_block_cache, false);
720
l1_size2 = l1_size * sizeof(uint64_t);
721
if (l1_table_offset != s->l1_table_offset) {
723
l1_table = qemu_mallocz(align_offset(l1_size2, 512));
728
if (bdrv_pread(bs->file, l1_table_offset,
729
l1_table, l1_size2) != l1_size2)
735
for(i = 0;i < l1_size; i++)
736
be64_to_cpus(&l1_table[i]);
738
assert(l1_size == s->l1_size);
739
l1_table = s->l1_table;
743
for(i = 0; i < l1_size; i++) {
744
l2_offset = l1_table[i];
746
old_l2_offset = l2_offset;
747
l2_offset &= ~QCOW_OFLAG_COPIED;
749
ret = qcow2_cache_get(bs, s->l2_table_cache, l2_offset,
755
for(j = 0; j < s->l2_size; j++) {
756
offset = be64_to_cpu(l2_table[j]);
759
offset &= ~QCOW_OFLAG_COPIED;
760
if (offset & QCOW_OFLAG_COMPRESSED) {
761
nb_csectors = ((offset >> s->csize_shift) &
765
ret = update_refcount(bs,
766
(offset & s->cluster_offset_mask) & ~511,
767
nb_csectors * 512, addend);
772
/* TODO Flushing once for the whole function should
774
bdrv_flush(bs->file);
776
/* compressed clusters are never modified */
780
refcount = update_cluster_refcount(bs, offset >> s->cluster_bits, addend);
782
refcount = get_refcount(bs, offset >> s->cluster_bits);
792
offset |= QCOW_OFLAG_COPIED;
794
if (offset != old_offset) {
796
qcow2_cache_set_dependency(bs, s->l2_table_cache,
797
s->refcount_block_cache);
799
l2_table[j] = cpu_to_be64(offset);
800
qcow2_cache_entry_mark_dirty(s->l2_table_cache, l2_table);
805
ret = qcow2_cache_put(bs, s->l2_table_cache, (void**) &l2_table);
812
refcount = update_cluster_refcount(bs, l2_offset >> s->cluster_bits, addend);
814
refcount = get_refcount(bs, l2_offset >> s->cluster_bits);
819
} else if (refcount == 1) {
820
l2_offset |= QCOW_OFLAG_COPIED;
822
if (l2_offset != old_l2_offset) {
823
l1_table[i] = l2_offset;
832
qcow2_cache_put(bs, s->l2_table_cache, (void**) &l2_table);
835
/* Enable writethrough cache mode again */
836
qcow2_cache_set_writethrough(bs, s->l2_table_cache, old_l2_writethrough);
837
qcow2_cache_set_writethrough(bs, s->refcount_block_cache,
838
old_refcount_writethrough);
841
for(i = 0; i < l1_size; i++)
842
cpu_to_be64s(&l1_table[i]);
843
if (bdrv_pwrite_sync(bs->file, l1_table_offset, l1_table,
846
for(i = 0; i < l1_size; i++)
847
be64_to_cpus(&l1_table[i]);
857
/*********************************************************/
858
/* refcount checking functions */
863
* Increases the refcount for a range of clusters in a given refcount table.
864
* This is used to construct a temporary refcount table out of L1 and L2 tables
865
* which can be compared the the refcount table saved in the image.
867
* Modifies the number of errors in res.
869
static void inc_refcounts(BlockDriverState *bs,
870
BdrvCheckResult *res,
871
uint16_t *refcount_table,
872
int refcount_table_size,
873
int64_t offset, int64_t size)
875
BDRVQcowState *s = bs->opaque;
876
int64_t start, last, cluster_offset;
882
start = offset & ~(s->cluster_size - 1);
883
last = (offset + size - 1) & ~(s->cluster_size - 1);
884
for(cluster_offset = start; cluster_offset <= last;
885
cluster_offset += s->cluster_size) {
886
k = cluster_offset >> s->cluster_bits;
888
fprintf(stderr, "ERROR: invalid cluster offset=0x%" PRIx64 "\n",
891
} else if (k >= refcount_table_size) {
892
fprintf(stderr, "Warning: cluster offset=0x%" PRIx64 " is after "
893
"the end of the image file, can't properly check refcounts.\n",
897
if (++refcount_table[k] == 0) {
898
fprintf(stderr, "ERROR: overflow cluster offset=0x%" PRIx64
899
"\n", cluster_offset);
907
* Increases the refcount in the given refcount table for the all clusters
908
* referenced in the L2 table. While doing so, performs some checks on L2
911
* Returns the number of errors found by the checks or -errno if an internal
914
static int check_refcounts_l2(BlockDriverState *bs, BdrvCheckResult *res,
915
uint16_t *refcount_table, int refcount_table_size, int64_t l2_offset,
918
BDRVQcowState *s = bs->opaque;
919
uint64_t *l2_table, offset;
920
int i, l2_size, nb_csectors, refcount;
922
/* Read L2 table from disk */
923
l2_size = s->l2_size * sizeof(uint64_t);
924
l2_table = qemu_malloc(l2_size);
926
if (bdrv_pread(bs->file, l2_offset, l2_table, l2_size) != l2_size)
929
/* Do the actual checks */
930
for(i = 0; i < s->l2_size; i++) {
931
offset = be64_to_cpu(l2_table[i]);
933
if (offset & QCOW_OFLAG_COMPRESSED) {
934
/* Compressed clusters don't have QCOW_OFLAG_COPIED */
935
if (offset & QCOW_OFLAG_COPIED) {
936
fprintf(stderr, "ERROR: cluster %" PRId64 ": "
937
"copied flag must never be set for compressed "
938
"clusters\n", offset >> s->cluster_bits);
939
offset &= ~QCOW_OFLAG_COPIED;
943
/* Mark cluster as used */
944
nb_csectors = ((offset >> s->csize_shift) &
946
offset &= s->cluster_offset_mask;
947
inc_refcounts(bs, res, refcount_table, refcount_table_size,
948
offset & ~511, nb_csectors * 512);
950
/* QCOW_OFLAG_COPIED must be set iff refcount == 1 */
952
uint64_t entry = offset;
953
offset &= ~QCOW_OFLAG_COPIED;
954
refcount = get_refcount(bs, offset >> s->cluster_bits);
956
fprintf(stderr, "Can't get refcount for offset %"
957
PRIx64 ": %s\n", entry, strerror(-refcount));
960
if ((refcount == 1) != ((entry & QCOW_OFLAG_COPIED) != 0)) {
961
fprintf(stderr, "ERROR OFLAG_COPIED: offset=%"
962
PRIx64 " refcount=%d\n", entry, refcount);
967
/* Mark cluster as used */
968
offset &= ~QCOW_OFLAG_COPIED;
969
inc_refcounts(bs, res, refcount_table,refcount_table_size,
970
offset, s->cluster_size);
972
/* Correct offsets are cluster aligned */
973
if (offset & (s->cluster_size - 1)) {
974
fprintf(stderr, "ERROR offset=%" PRIx64 ": Cluster is not "
975
"properly aligned; L2 entry corrupted.\n", offset);
986
fprintf(stderr, "ERROR: I/O error in check_refcounts_l2\n");
992
* Increases the refcount for the L1 table, its L2 tables and all referenced
993
* clusters in the given refcount table. While doing so, performs some checks
994
* on L1 and L2 entries.
996
* Returns the number of errors found by the checks or -errno if an internal
999
static int check_refcounts_l1(BlockDriverState *bs,
1000
BdrvCheckResult *res,
1001
uint16_t *refcount_table,
1002
int refcount_table_size,
1003
int64_t l1_table_offset, int l1_size,
1006
BDRVQcowState *s = bs->opaque;
1007
uint64_t *l1_table, l2_offset, l1_size2;
1008
int i, refcount, ret;
1010
l1_size2 = l1_size * sizeof(uint64_t);
1012
/* Mark L1 table as used */
1013
inc_refcounts(bs, res, refcount_table, refcount_table_size,
1014
l1_table_offset, l1_size2);
1016
/* Read L1 table entries from disk */
1017
if (l1_size2 == 0) {
1020
l1_table = qemu_malloc(l1_size2);
1021
if (bdrv_pread(bs->file, l1_table_offset,
1022
l1_table, l1_size2) != l1_size2)
1024
for(i = 0;i < l1_size; i++)
1025
be64_to_cpus(&l1_table[i]);
1028
/* Do the actual checks */
1029
for(i = 0; i < l1_size; i++) {
1030
l2_offset = l1_table[i];
1032
/* QCOW_OFLAG_COPIED must be set iff refcount == 1 */
1034
refcount = get_refcount(bs, (l2_offset & ~QCOW_OFLAG_COPIED)
1035
>> s->cluster_bits);
1037
fprintf(stderr, "Can't get refcount for l2_offset %"
1038
PRIx64 ": %s\n", l2_offset, strerror(-refcount));
1041
if ((refcount == 1) != ((l2_offset & QCOW_OFLAG_COPIED) != 0)) {
1042
fprintf(stderr, "ERROR OFLAG_COPIED: l2_offset=%" PRIx64
1043
" refcount=%d\n", l2_offset, refcount);
1048
/* Mark L2 table as used */
1049
l2_offset &= ~QCOW_OFLAG_COPIED;
1050
inc_refcounts(bs, res, refcount_table, refcount_table_size,
1051
l2_offset, s->cluster_size);
1053
/* L2 tables are cluster aligned */
1054
if (l2_offset & (s->cluster_size - 1)) {
1055
fprintf(stderr, "ERROR l2_offset=%" PRIx64 ": Table is not "
1056
"cluster aligned; L1 entry corrupted\n", l2_offset);
1060
/* Process and check L2 entries */
1061
ret = check_refcounts_l2(bs, res, refcount_table,
1062
refcount_table_size, l2_offset, check_copied);
1068
qemu_free(l1_table);
1072
fprintf(stderr, "ERROR: I/O error in check_refcounts_l1\n");
1073
res->check_errors++;
1074
qemu_free(l1_table);
1079
* Checks an image for refcount consistency.
1081
* Returns 0 if no errors are found, the number of errors in case the image is
1082
* detected as corrupted, and -errno when an internal error occurred.
1084
int qcow2_check_refcounts(BlockDriverState *bs, BdrvCheckResult *res)
1086
BDRVQcowState *s = bs->opaque;
1088
int nb_clusters, refcount1, refcount2, i;
1090
uint16_t *refcount_table;
1093
size = bdrv_getlength(bs->file);
1094
nb_clusters = size_to_clusters(s, size);
1095
refcount_table = qemu_mallocz(nb_clusters * sizeof(uint16_t));
1098
inc_refcounts(bs, res, refcount_table, nb_clusters,
1099
0, s->cluster_size);
1101
/* current L1 table */
1102
ret = check_refcounts_l1(bs, res, refcount_table, nb_clusters,
1103
s->l1_table_offset, s->l1_size, 1);
1109
for(i = 0; i < s->nb_snapshots; i++) {
1110
sn = s->snapshots + i;
1111
ret = check_refcounts_l1(bs, res, refcount_table, nb_clusters,
1112
sn->l1_table_offset, sn->l1_size, 0);
1117
inc_refcounts(bs, res, refcount_table, nb_clusters,
1118
s->snapshots_offset, s->snapshots_size);
1121
inc_refcounts(bs, res, refcount_table, nb_clusters,
1122
s->refcount_table_offset,
1123
s->refcount_table_size * sizeof(uint64_t));
1125
for(i = 0; i < s->refcount_table_size; i++) {
1126
uint64_t offset, cluster;
1127
offset = s->refcount_table[i];
1128
cluster = offset >> s->cluster_bits;
1130
/* Refcount blocks are cluster aligned */
1131
if (offset & (s->cluster_size - 1)) {
1132
fprintf(stderr, "ERROR refcount block %d is not "
1133
"cluster aligned; refcount table entry corrupted\n", i);
1138
if (cluster >= nb_clusters) {
1139
fprintf(stderr, "ERROR refcount block %d is outside image\n", i);
1145
inc_refcounts(bs, res, refcount_table, nb_clusters,
1146
offset, s->cluster_size);
1147
if (refcount_table[cluster] != 1) {
1148
fprintf(stderr, "ERROR refcount block %d refcount=%d\n",
1149
i, refcount_table[cluster]);
1155
/* compare ref counts */
1156
for(i = 0; i < nb_clusters; i++) {
1157
refcount1 = get_refcount(bs, i);
1158
if (refcount1 < 0) {
1159
fprintf(stderr, "Can't get refcount for cluster %d: %s\n",
1160
i, strerror(-refcount1));
1161
res->check_errors++;
1165
refcount2 = refcount_table[i];
1166
if (refcount1 != refcount2) {
1167
fprintf(stderr, "%s cluster %d refcount=%d reference=%d\n",
1168
refcount1 < refcount2 ? "ERROR" : "Leaked",
1169
i, refcount1, refcount2);
1170
if (refcount1 < refcount2) {
1181
qemu_free(refcount_table);
added
removed
block/qcow2-refcount.c
