2 * Block driver for the QCOW version 2 format
4 * Copyright (c) 2004-2006 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 #include "qemu-common.h"
25 #include "block_int.h"
30 Differences with QCOW:
32 - Support for multiple incremental snapshots.
33 - Memory management by reference counts.
34 - Clusters which have a reference count of one have the bit
35 QCOW_OFLAG_COPIED to optimize write performance.
36 - Size of compressed clusters is stored in sectors to reduce bit usage
37 in the cluster offsets.
38 - Support for storing additional data (such as the VM state) in the
40 - If a backing store is used, the cluster size is not constrained
41 (could be backported to QCOW).
42 - L2 tables have always a size of one cluster.
46 //#define DEBUG_ALLOC2
49 #define QCOW_MAGIC (('Q' << 24) | ('F' << 16) | ('I' << 8) | 0xfb)
50 #define QCOW_VERSION 2
52 #define QCOW_CRYPT_NONE 0
53 #define QCOW_CRYPT_AES 1
55 #define QCOW_MAX_CRYPT_CLUSTERS 32
57 /* indicate that the refcount of the referenced cluster is exactly one. */
58 #define QCOW_OFLAG_COPIED (1LL << 63)
59 /* indicate that the cluster is compressed (they never have the copied flag) */
60 #define QCOW_OFLAG_COMPRESSED (1LL << 62)
62 #define REFCOUNT_SHIFT 1 /* refcount size is 2 bytes */
64 typedef struct QCowHeader {
67 uint64_t backing_file_offset;
68 uint32_t backing_file_size;
69 uint32_t cluster_bits;
70 uint64_t size; /* in bytes */
71 uint32_t crypt_method;
72 uint32_t l1_size; /* XXX: save number of clusters instead ? */
73 uint64_t l1_table_offset;
74 uint64_t refcount_table_offset;
75 uint32_t refcount_table_clusters;
76 uint32_t nb_snapshots;
77 uint64_t snapshots_offset;
85 #define QCOW_EXT_MAGIC_END 0
86 #define QCOW_EXT_MAGIC_BACKING_FORMAT 0xE2792ACA
89 typedef struct __attribute__((packed)) QCowSnapshotHeader {
90 /* header is 8 byte aligned */
91 uint64_t l1_table_offset;
100 uint64_t vm_clock_nsec;
102 uint32_t vm_state_size;
103 uint32_t extra_data_size; /* for extension */
104 /* extra data follows */
107 } QCowSnapshotHeader;
109 #define L2_CACHE_SIZE 16
111 typedef struct QCowSnapshot {
112 uint64_t l1_table_offset;
116 uint32_t vm_state_size;
119 uint64_t vm_clock_nsec;
122 typedef struct BDRVQcowState {
123 BlockDriverState *hd;
130 int l1_vm_state_index;
133 uint64_t cluster_offset_mask;
134 uint64_t l1_table_offset;
137 uint64_t l2_cache_offsets[L2_CACHE_SIZE];
138 uint32_t l2_cache_counts[L2_CACHE_SIZE];
139 uint8_t *cluster_cache;
140 uint8_t *cluster_data;
141 uint64_t cluster_cache_offset;
143 uint64_t *refcount_table;
144 uint64_t refcount_table_offset;
145 uint32_t refcount_table_size;
146 uint64_t refcount_block_cache_offset;
147 uint16_t *refcount_block_cache;
148 int64_t free_cluster_index;
149 int64_t free_byte_offset;
151 uint32_t crypt_method; /* current crypt method, 0 if no key yet */
152 uint32_t crypt_method_header;
153 AES_KEY aes_encrypt_key;
154 AES_KEY aes_decrypt_key;
155 uint64_t snapshots_offset;
158 QCowSnapshot *snapshots;
161 static int decompress_cluster(BDRVQcowState *s, uint64_t cluster_offset);
162 static int qcow_read(BlockDriverState *bs, int64_t sector_num,
163 uint8_t *buf, int nb_sectors);
164 static int qcow_read_snapshots(BlockDriverState *bs);
165 static void qcow_free_snapshots(BlockDriverState *bs);
166 static int refcount_init(BlockDriverState *bs);
167 static void refcount_close(BlockDriverState *bs);
168 static int get_refcount(BlockDriverState *bs, int64_t cluster_index);
169 static int update_cluster_refcount(BlockDriverState *bs,
170 int64_t cluster_index,
172 static void update_refcount(BlockDriverState *bs,
173 int64_t offset, int64_t length,
175 static int64_t alloc_clusters(BlockDriverState *bs, int64_t size);
176 static int64_t alloc_bytes(BlockDriverState *bs, int size);
177 static void free_clusters(BlockDriverState *bs,
178 int64_t offset, int64_t size);
179 static int check_refcounts(BlockDriverState *bs);
181 static int qcow_probe(const uint8_t *buf, int buf_size, const char *filename)
183 const QCowHeader *cow_header = (const void *)buf;
185 if (buf_size >= sizeof(QCowHeader) &&
186 be32_to_cpu(cow_header->magic) == QCOW_MAGIC &&
187 be32_to_cpu(cow_header->version) == QCOW_VERSION)
195 * read qcow2 extension and fill bs
196 * start reading from start_offset
197 * finish reading upon magic of value 0 or when end_offset reached
198 * unknown magic is skipped (future extension this version knows nothing about)
199 * return 0 upon success, non-0 otherwise
201 static int qcow_read_extensions(BlockDriverState *bs, uint64_t start_offset,
204 BDRVQcowState *s = bs->opaque;
209 printf("qcow_read_extensions: start=%ld end=%ld\n", start_offset, end_offset);
211 offset = start_offset;
212 while (offset < end_offset) {
216 if (offset > s->cluster_size)
217 printf("qcow_handle_extension: suspicious offset %lu\n", offset);
219 printf("attemting to read extended header in offset %lu\n", offset);
222 if (bdrv_pread(s->hd, offset, &ext, sizeof(ext)) != sizeof(ext)) {
223 fprintf(stderr, "qcow_handle_extension: ERROR: pread fail from offset %llu\n",
224 (unsigned long long)offset);
227 be32_to_cpus(&ext.magic);
228 be32_to_cpus(&ext.len);
229 offset += sizeof(ext);
231 printf("ext.magic = 0x%x\n", ext.magic);
234 case QCOW_EXT_MAGIC_END:
237 case QCOW_EXT_MAGIC_BACKING_FORMAT:
238 if (ext.len >= sizeof(bs->backing_format)) {
239 fprintf(stderr, "ERROR: ext_backing_format: len=%u too large"
241 ext.len, sizeof(bs->backing_format));
244 if (bdrv_pread(s->hd, offset , bs->backing_format,
247 bs->backing_format[ext.len] = '\0';
249 printf("Qcow2: Got format extension %s\n", bs->backing_format);
251 offset += ((ext.len + 7) & ~7);
255 /* unknown magic -- just skip it */
256 offset += ((ext.len + 7) & ~7);
265 static int qcow_open(BlockDriverState *bs, const char *filename, int flags)
267 BDRVQcowState *s = bs->opaque;
268 int len, i, shift, ret;
272 /* Performance is terrible right now with cache=writethrough due mainly
273 * to reference count updates. If the user does not explicitly specify
274 * a caching type, force to writeback caching.
276 if ((flags & BDRV_O_CACHE_DEF)) {
277 flags |= BDRV_O_CACHE_WB;
278 flags &= ~BDRV_O_CACHE_DEF;
280 ret = bdrv_file_open(&s->hd, filename, flags);
283 if (bdrv_pread(s->hd, 0, &header, sizeof(header)) != sizeof(header))
285 be32_to_cpus(&header.magic);
286 be32_to_cpus(&header.version);
287 be64_to_cpus(&header.backing_file_offset);
288 be32_to_cpus(&header.backing_file_size);
289 be64_to_cpus(&header.size);
290 be32_to_cpus(&header.cluster_bits);
291 be32_to_cpus(&header.crypt_method);
292 be64_to_cpus(&header.l1_table_offset);
293 be32_to_cpus(&header.l1_size);
294 be64_to_cpus(&header.refcount_table_offset);
295 be32_to_cpus(&header.refcount_table_clusters);
296 be64_to_cpus(&header.snapshots_offset);
297 be32_to_cpus(&header.nb_snapshots);
299 if (header.magic != QCOW_MAGIC || header.version != QCOW_VERSION)
301 if (header.size <= 1 ||
302 header.cluster_bits < 9 ||
303 header.cluster_bits > 16)
305 if (header.crypt_method > QCOW_CRYPT_AES)
307 s->crypt_method_header = header.crypt_method;
308 if (s->crypt_method_header)
310 s->cluster_bits = header.cluster_bits;
311 s->cluster_size = 1 << s->cluster_bits;
312 s->cluster_sectors = 1 << (s->cluster_bits - 9);
313 s->l2_bits = s->cluster_bits - 3; /* L2 is always one cluster */
314 s->l2_size = 1 << s->l2_bits;
315 bs->total_sectors = header.size / 512;
316 s->csize_shift = (62 - (s->cluster_bits - 8));
317 s->csize_mask = (1 << (s->cluster_bits - 8)) - 1;
318 s->cluster_offset_mask = (1LL << s->csize_shift) - 1;
319 s->refcount_table_offset = header.refcount_table_offset;
320 s->refcount_table_size =
321 header.refcount_table_clusters << (s->cluster_bits - 3);
323 s->snapshots_offset = header.snapshots_offset;
324 s->nb_snapshots = header.nb_snapshots;
326 /* read the level 1 table */
327 s->l1_size = header.l1_size;
328 shift = s->cluster_bits + s->l2_bits;
329 s->l1_vm_state_index = (header.size + (1LL << shift) - 1) >> shift;
330 /* the L1 table must contain at least enough entries to put
332 if (s->l1_size < s->l1_vm_state_index)
334 s->l1_table_offset = header.l1_table_offset;
335 s->l1_table = qemu_malloc(s->l1_size * sizeof(uint64_t));
336 if (bdrv_pread(s->hd, s->l1_table_offset, s->l1_table, s->l1_size * sizeof(uint64_t)) !=
337 s->l1_size * sizeof(uint64_t))
339 for(i = 0;i < s->l1_size; i++) {
340 be64_to_cpus(&s->l1_table[i]);
343 s->l2_cache = qemu_malloc(s->l2_size * L2_CACHE_SIZE * sizeof(uint64_t));
344 s->cluster_cache = qemu_malloc(s->cluster_size);
345 /* one more sector for decompressed data alignment */
346 s->cluster_data = qemu_malloc(QCOW_MAX_CRYPT_CLUSTERS * s->cluster_size
348 s->cluster_cache_offset = -1;
350 if (refcount_init(bs) < 0)
353 /* read qcow2 extensions */
354 if (header.backing_file_offset)
355 ext_end = header.backing_file_offset;
357 ext_end = s->cluster_size;
358 if (qcow_read_extensions(bs, sizeof(header), ext_end))
361 /* read the backing file name */
362 if (header.backing_file_offset != 0) {
363 len = header.backing_file_size;
366 if (bdrv_pread(s->hd, header.backing_file_offset, bs->backing_file, len) != len)
368 bs->backing_file[len] = '\0';
370 if (qcow_read_snapshots(bs) < 0)
379 qcow_free_snapshots(bs);
381 qemu_free(s->l1_table);
382 qemu_free(s->l2_cache);
383 qemu_free(s->cluster_cache);
384 qemu_free(s->cluster_data);
389 static int qcow_set_key(BlockDriverState *bs, const char *key)
391 BDRVQcowState *s = bs->opaque;
395 memset(keybuf, 0, 16);
399 /* XXX: we could compress the chars to 7 bits to increase
401 for(i = 0;i < len;i++) {
404 s->crypt_method = s->crypt_method_header;
406 if (AES_set_encrypt_key(keybuf, 128, &s->aes_encrypt_key) != 0)
408 if (AES_set_decrypt_key(keybuf, 128, &s->aes_decrypt_key) != 0)
418 AES_encrypt(in, tmp, &s->aes_encrypt_key);
419 AES_decrypt(tmp, out, &s->aes_decrypt_key);
420 for(i = 0; i < 16; i++)
421 printf(" %02x", tmp[i]);
423 for(i = 0; i < 16; i++)
424 printf(" %02x", out[i]);
431 /* The crypt function is compatible with the linux cryptoloop
432 algorithm for < 4 GB images. NOTE: out_buf == in_buf is
434 static void encrypt_sectors(BDRVQcowState *s, int64_t sector_num,
435 uint8_t *out_buf, const uint8_t *in_buf,
436 int nb_sectors, int enc,
445 for(i = 0; i < nb_sectors; i++) {
446 ivec.ll[0] = cpu_to_le64(sector_num);
448 AES_cbc_encrypt(in_buf, out_buf, 512, key,
456 static int copy_sectors(BlockDriverState *bs, uint64_t start_sect,
457 uint64_t cluster_offset, int n_start, int n_end)
459 BDRVQcowState *s = bs->opaque;
465 ret = qcow_read(bs, start_sect + n_start, s->cluster_data, n);
468 if (s->crypt_method) {
469 encrypt_sectors(s, start_sect + n_start,
471 s->cluster_data, n, 1,
472 &s->aes_encrypt_key);
474 ret = bdrv_write(s->hd, (cluster_offset >> 9) + n_start,
481 static void l2_cache_reset(BlockDriverState *bs)
483 BDRVQcowState *s = bs->opaque;
485 memset(s->l2_cache, 0, s->l2_size * L2_CACHE_SIZE * sizeof(uint64_t));
486 memset(s->l2_cache_offsets, 0, L2_CACHE_SIZE * sizeof(uint64_t));
487 memset(s->l2_cache_counts, 0, L2_CACHE_SIZE * sizeof(uint32_t));
490 static inline int l2_cache_new_entry(BlockDriverState *bs)
492 BDRVQcowState *s = bs->opaque;
496 /* find a new entry in the least used one */
498 min_count = 0xffffffff;
499 for(i = 0; i < L2_CACHE_SIZE; i++) {
500 if (s->l2_cache_counts[i] < min_count) {
501 min_count = s->l2_cache_counts[i];
508 static int64_t align_offset(int64_t offset, int n)
510 offset = (offset + n - 1) & ~(n - 1);
514 static int grow_l1_table(BlockDriverState *bs, int min_size)
516 BDRVQcowState *s = bs->opaque;
517 int new_l1_size, new_l1_size2, ret, i;
518 uint64_t *new_l1_table;
519 uint64_t new_l1_table_offset;
522 new_l1_size = s->l1_size;
523 if (min_size <= new_l1_size)
525 while (min_size > new_l1_size) {
526 new_l1_size = (new_l1_size * 3 + 1) / 2;
529 printf("grow l1_table from %d to %d\n", s->l1_size, new_l1_size);
532 new_l1_size2 = sizeof(uint64_t) * new_l1_size;
533 new_l1_table = qemu_mallocz(new_l1_size2);
534 memcpy(new_l1_table, s->l1_table, s->l1_size * sizeof(uint64_t));
536 /* write new table (align to cluster) */
537 new_l1_table_offset = alloc_clusters(bs, new_l1_size2);
539 for(i = 0; i < s->l1_size; i++)
540 new_l1_table[i] = cpu_to_be64(new_l1_table[i]);
541 ret = bdrv_pwrite(s->hd, new_l1_table_offset, new_l1_table, new_l1_size2);
542 if (ret != new_l1_size2)
544 for(i = 0; i < s->l1_size; i++)
545 new_l1_table[i] = be64_to_cpu(new_l1_table[i]);
548 cpu_to_be32w((uint32_t*)data, new_l1_size);
549 cpu_to_be64w((uint64_t*)(data + 4), new_l1_table_offset);
550 if (bdrv_pwrite(s->hd, offsetof(QCowHeader, l1_size), data,
551 sizeof(data)) != sizeof(data))
553 qemu_free(s->l1_table);
554 free_clusters(bs, s->l1_table_offset, s->l1_size * sizeof(uint64_t));
555 s->l1_table_offset = new_l1_table_offset;
556 s->l1_table = new_l1_table;
557 s->l1_size = new_l1_size;
560 qemu_free(s->l1_table);
567 * seek l2_offset in the l2_cache table
568 * if not found, return NULL,
570 * increments the l2 cache hit count of the entry,
571 * if counter overflow, divide by two all counters
572 * return the pointer to the l2 cache entry
576 static uint64_t *seek_l2_table(BDRVQcowState *s, uint64_t l2_offset)
580 for(i = 0; i < L2_CACHE_SIZE; i++) {
581 if (l2_offset == s->l2_cache_offsets[i]) {
582 /* increment the hit count */
583 if (++s->l2_cache_counts[i] == 0xffffffff) {
584 for(j = 0; j < L2_CACHE_SIZE; j++) {
585 s->l2_cache_counts[j] >>= 1;
588 return s->l2_cache + (i << s->l2_bits);
597 * Loads a L2 table into memory. If the table is in the cache, the cache
598 * is used; otherwise the L2 table is loaded from the image file.
600 * Returns a pointer to the L2 table on success, or NULL if the read from
601 * the image file failed.
604 static uint64_t *l2_load(BlockDriverState *bs, uint64_t l2_offset)
606 BDRVQcowState *s = bs->opaque;
610 /* seek if the table for the given offset is in the cache */
612 l2_table = seek_l2_table(s, l2_offset);
613 if (l2_table != NULL)
616 /* not found: load a new entry in the least used one */
618 min_index = l2_cache_new_entry(bs);
619 l2_table = s->l2_cache + (min_index << s->l2_bits);
620 if (bdrv_pread(s->hd, l2_offset, l2_table, s->l2_size * sizeof(uint64_t)) !=
621 s->l2_size * sizeof(uint64_t))
623 s->l2_cache_offsets[min_index] = l2_offset;
624 s->l2_cache_counts[min_index] = 1;
632 * Allocate a new l2 entry in the file. If l1_index points to an already
633 * used entry in the L2 table (i.e. we are doing a copy on write for the L2
634 * table) copy the contents of the old L2 table into the newly allocated one.
635 * Otherwise the new table is initialized with zeros.
639 static uint64_t *l2_allocate(BlockDriverState *bs, int l1_index)
641 BDRVQcowState *s = bs->opaque;
643 uint64_t old_l2_offset, tmp;
644 uint64_t *l2_table, l2_offset;
646 old_l2_offset = s->l1_table[l1_index];
648 /* allocate a new l2 entry */
650 l2_offset = alloc_clusters(bs, s->l2_size * sizeof(uint64_t));
652 /* update the L1 entry */
654 s->l1_table[l1_index] = l2_offset | QCOW_OFLAG_COPIED;
656 tmp = cpu_to_be64(l2_offset | QCOW_OFLAG_COPIED);
657 if (bdrv_pwrite(s->hd, s->l1_table_offset + l1_index * sizeof(tmp),
658 &tmp, sizeof(tmp)) != sizeof(tmp))
661 /* allocate a new entry in the l2 cache */
663 min_index = l2_cache_new_entry(bs);
664 l2_table = s->l2_cache + (min_index << s->l2_bits);
666 if (old_l2_offset == 0) {
667 /* if there was no old l2 table, clear the new table */
668 memset(l2_table, 0, s->l2_size * sizeof(uint64_t));
670 /* if there was an old l2 table, read it from the disk */
671 if (bdrv_pread(s->hd, old_l2_offset,
672 l2_table, s->l2_size * sizeof(uint64_t)) !=
673 s->l2_size * sizeof(uint64_t))
676 /* write the l2 table to the file */
677 if (bdrv_pwrite(s->hd, l2_offset,
678 l2_table, s->l2_size * sizeof(uint64_t)) !=
679 s->l2_size * sizeof(uint64_t))
682 /* update the l2 cache entry */
684 s->l2_cache_offsets[min_index] = l2_offset;
685 s->l2_cache_counts[min_index] = 1;
690 static int size_to_clusters(BDRVQcowState *s, int64_t size)
692 return (size + (s->cluster_size - 1)) >> s->cluster_bits;
695 static int count_contiguous_clusters(uint64_t nb_clusters, int cluster_size,
696 uint64_t *l2_table, uint64_t start, uint64_t mask)
699 uint64_t offset = be64_to_cpu(l2_table[0]) & ~mask;
704 for (i = start; i < start + nb_clusters; i++)
705 if (offset + i * cluster_size != (be64_to_cpu(l2_table[i]) & ~mask))
711 static int count_contiguous_free_clusters(uint64_t nb_clusters, uint64_t *l2_table)
715 while(nb_clusters-- && l2_table[i] == 0)
724 * For a given offset of the disk image, return cluster offset in
727 * on entry, *num is the number of contiguous clusters we'd like to
728 * access following offset.
730 * on exit, *num is the number of contiguous clusters we can read.
732 * Return 1, if the offset is found
733 * Return 0, otherwise.
737 static uint64_t get_cluster_offset(BlockDriverState *bs,
738 uint64_t offset, int *num)
740 BDRVQcowState *s = bs->opaque;
741 int l1_index, l2_index;
742 uint64_t l2_offset, *l2_table, cluster_offset;
744 int index_in_cluster, nb_available, nb_needed, nb_clusters;
746 index_in_cluster = (offset >> 9) & (s->cluster_sectors - 1);
747 nb_needed = *num + index_in_cluster;
749 l1_bits = s->l2_bits + s->cluster_bits;
751 /* compute how many bytes there are between the offset and
752 * the end of the l1 entry
755 nb_available = (1 << l1_bits) - (offset & ((1 << l1_bits) - 1));
757 /* compute the number of available sectors */
759 nb_available = (nb_available >> 9) + index_in_cluster;
761 if (nb_needed > nb_available) {
762 nb_needed = nb_available;
767 /* seek the the l2 offset in the l1 table */
769 l1_index = offset >> l1_bits;
770 if (l1_index >= s->l1_size)
773 l2_offset = s->l1_table[l1_index];
775 /* seek the l2 table of the given l2 offset */
780 /* load the l2 table in memory */
782 l2_offset &= ~QCOW_OFLAG_COPIED;
783 l2_table = l2_load(bs, l2_offset);
784 if (l2_table == NULL)
787 /* find the cluster offset for the given disk offset */
789 l2_index = (offset >> s->cluster_bits) & (s->l2_size - 1);
790 cluster_offset = be64_to_cpu(l2_table[l2_index]);
791 nb_clusters = size_to_clusters(s, nb_needed << 9);
793 if (!cluster_offset) {
794 /* how many empty clusters ? */
795 c = count_contiguous_free_clusters(nb_clusters, &l2_table[l2_index]);
797 /* how many allocated clusters ? */
798 c = count_contiguous_clusters(nb_clusters, s->cluster_size,
799 &l2_table[l2_index], 0, QCOW_OFLAG_COPIED);
802 nb_available = (c * s->cluster_sectors);
804 if (nb_available > nb_needed)
805 nb_available = nb_needed;
807 *num = nb_available - index_in_cluster;
809 return cluster_offset & ~QCOW_OFLAG_COPIED;
815 * free clusters according to its type: compressed or not
819 static void free_any_clusters(BlockDriverState *bs,
820 uint64_t cluster_offset, int nb_clusters)
822 BDRVQcowState *s = bs->opaque;
824 /* free the cluster */
826 if (cluster_offset & QCOW_OFLAG_COMPRESSED) {
828 nb_csectors = ((cluster_offset >> s->csize_shift) &
830 free_clusters(bs, (cluster_offset & s->cluster_offset_mask) & ~511,
835 free_clusters(bs, cluster_offset, nb_clusters << s->cluster_bits);
843 * for a given disk offset, load (and allocate if needed)
846 * the l2 table offset in the qcow2 file and the cluster index
847 * in the l2 table are given to the caller.
851 static int get_cluster_table(BlockDriverState *bs, uint64_t offset,
852 uint64_t **new_l2_table,
853 uint64_t *new_l2_offset,
856 BDRVQcowState *s = bs->opaque;
857 int l1_index, l2_index, ret;
858 uint64_t l2_offset, *l2_table;
860 /* seek the the l2 offset in the l1 table */
862 l1_index = offset >> (s->l2_bits + s->cluster_bits);
863 if (l1_index >= s->l1_size) {
864 ret = grow_l1_table(bs, l1_index + 1);
868 l2_offset = s->l1_table[l1_index];
870 /* seek the l2 table of the given l2 offset */
872 if (l2_offset & QCOW_OFLAG_COPIED) {
873 /* load the l2 table in memory */
874 l2_offset &= ~QCOW_OFLAG_COPIED;
875 l2_table = l2_load(bs, l2_offset);
876 if (l2_table == NULL)
880 free_clusters(bs, l2_offset, s->l2_size * sizeof(uint64_t));
881 l2_table = l2_allocate(bs, l1_index);
882 if (l2_table == NULL)
884 l2_offset = s->l1_table[l1_index] & ~QCOW_OFLAG_COPIED;
887 /* find the cluster offset for the given disk offset */
889 l2_index = (offset >> s->cluster_bits) & (s->l2_size - 1);
891 *new_l2_table = l2_table;
892 *new_l2_offset = l2_offset;
893 *new_l2_index = l2_index;
899 * alloc_compressed_cluster_offset
901 * For a given offset of the disk image, return cluster offset in
904 * If the offset is not found, allocate a new compressed cluster.
906 * Return the cluster offset if successful,
907 * Return 0, otherwise.
911 static uint64_t alloc_compressed_cluster_offset(BlockDriverState *bs,
915 BDRVQcowState *s = bs->opaque;
917 uint64_t l2_offset, *l2_table, cluster_offset;
920 ret = get_cluster_table(bs, offset, &l2_table, &l2_offset, &l2_index);
924 cluster_offset = be64_to_cpu(l2_table[l2_index]);
925 if (cluster_offset & QCOW_OFLAG_COPIED)
926 return cluster_offset & ~QCOW_OFLAG_COPIED;
929 free_any_clusters(bs, cluster_offset, 1);
931 cluster_offset = alloc_bytes(bs, compressed_size);
932 nb_csectors = ((cluster_offset + compressed_size - 1) >> 9) -
933 (cluster_offset >> 9);
935 cluster_offset |= QCOW_OFLAG_COMPRESSED |
936 ((uint64_t)nb_csectors << s->csize_shift);
938 /* update L2 table */
940 /* compressed clusters never have the copied flag */
942 l2_table[l2_index] = cpu_to_be64(cluster_offset);
943 if (bdrv_pwrite(s->hd,
944 l2_offset + l2_index * sizeof(uint64_t),
946 sizeof(uint64_t)) != sizeof(uint64_t))
949 return cluster_offset;
952 typedef struct QCowL2Meta
960 static int alloc_cluster_link_l2(BlockDriverState *bs, uint64_t cluster_offset,
963 BDRVQcowState *s = bs->opaque;
964 int i, j = 0, l2_index, ret;
965 uint64_t *old_cluster, start_sect, l2_offset, *l2_table;
967 if (m->nb_clusters == 0)
970 old_cluster = qemu_malloc(m->nb_clusters * sizeof(uint64_t));
972 /* copy content of unmodified sectors */
973 start_sect = (m->offset & ~(s->cluster_size - 1)) >> 9;
975 ret = copy_sectors(bs, start_sect, cluster_offset, 0, m->n_start);
980 if (m->nb_available & (s->cluster_sectors - 1)) {
981 uint64_t end = m->nb_available & ~(uint64_t)(s->cluster_sectors - 1);
982 ret = copy_sectors(bs, start_sect + end, cluster_offset + (end << 9),
983 m->nb_available - end, s->cluster_sectors);
989 /* update L2 table */
990 if (!get_cluster_table(bs, m->offset, &l2_table, &l2_offset, &l2_index))
993 for (i = 0; i < m->nb_clusters; i++) {
994 /* if two concurrent writes happen to the same unallocated cluster
995 * each write allocates separate cluster and writes data concurrently.
996 * The first one to complete updates l2 table with pointer to its
997 * cluster the second one has to do RMW (which is done above by
998 * copy_sectors()), update l2 table with its cluster pointer and free
999 * old cluster. This is what this loop does */
1000 if(l2_table[l2_index + i] != 0)
1001 old_cluster[j++] = l2_table[l2_index + i];
1003 l2_table[l2_index + i] = cpu_to_be64((cluster_offset +
1004 (i << s->cluster_bits)) | QCOW_OFLAG_COPIED);
1007 if (bdrv_pwrite(s->hd, l2_offset + l2_index * sizeof(uint64_t),
1008 l2_table + l2_index, m->nb_clusters * sizeof(uint64_t)) !=
1009 m->nb_clusters * sizeof(uint64_t))
1012 for (i = 0; i < j; i++)
1013 free_any_clusters(bs, be64_to_cpu(old_cluster[i]) & ~QCOW_OFLAG_COPIED,
1018 qemu_free(old_cluster);
1023 * alloc_cluster_offset
1025 * For a given offset of the disk image, return cluster offset in
1028 * If the offset is not found, allocate a new cluster.
1030 * Return the cluster offset if successful,
1031 * Return 0, otherwise.
1035 static uint64_t alloc_cluster_offset(BlockDriverState *bs,
1037 int n_start, int n_end,
1038 int *num, QCowL2Meta *m)
1040 BDRVQcowState *s = bs->opaque;
1042 uint64_t l2_offset, *l2_table, cluster_offset;
1043 int nb_clusters, i = 0;
1045 ret = get_cluster_table(bs, offset, &l2_table, &l2_offset, &l2_index);
1049 nb_clusters = size_to_clusters(s, n_end << 9);
1051 nb_clusters = MIN(nb_clusters, s->l2_size - l2_index);
1053 cluster_offset = be64_to_cpu(l2_table[l2_index]);
1055 /* We keep all QCOW_OFLAG_COPIED clusters */
1057 if (cluster_offset & QCOW_OFLAG_COPIED) {
1058 nb_clusters = count_contiguous_clusters(nb_clusters, s->cluster_size,
1059 &l2_table[l2_index], 0, 0);
1061 cluster_offset &= ~QCOW_OFLAG_COPIED;
1067 /* for the moment, multiple compressed clusters are not managed */
1069 if (cluster_offset & QCOW_OFLAG_COMPRESSED)
1072 /* how many available clusters ? */
1074 while (i < nb_clusters) {
1075 i += count_contiguous_clusters(nb_clusters - i, s->cluster_size,
1076 &l2_table[l2_index], i, 0);
1078 if(be64_to_cpu(l2_table[l2_index + i]))
1081 i += count_contiguous_free_clusters(nb_clusters - i,
1082 &l2_table[l2_index + i]);
1084 cluster_offset = be64_to_cpu(l2_table[l2_index + i]);
1086 if ((cluster_offset & QCOW_OFLAG_COPIED) ||
1087 (cluster_offset & QCOW_OFLAG_COMPRESSED))
1092 /* allocate a new cluster */
1094 cluster_offset = alloc_clusters(bs, nb_clusters * s->cluster_size);
1096 /* save info needed for meta data update */
1098 m->n_start = n_start;
1099 m->nb_clusters = nb_clusters;
1102 m->nb_available = MIN(nb_clusters << (s->cluster_bits - 9), n_end);
1104 *num = m->nb_available - n_start;
1106 return cluster_offset;
1109 static int qcow_is_allocated(BlockDriverState *bs, int64_t sector_num,
1110 int nb_sectors, int *pnum)
1112 uint64_t cluster_offset;
1115 cluster_offset = get_cluster_offset(bs, sector_num << 9, pnum);
1117 return (cluster_offset != 0);
1120 static int decompress_buffer(uint8_t *out_buf, int out_buf_size,
1121 const uint8_t *buf, int buf_size)
1123 z_stream strm1, *strm = &strm1;
1126 memset(strm, 0, sizeof(*strm));
1128 strm->next_in = (uint8_t *)buf;
1129 strm->avail_in = buf_size;
1130 strm->next_out = out_buf;
1131 strm->avail_out = out_buf_size;
1133 ret = inflateInit2(strm, -12);
1136 ret = inflate(strm, Z_FINISH);
1137 out_len = strm->next_out - out_buf;
1138 if ((ret != Z_STREAM_END && ret != Z_BUF_ERROR) ||
1139 out_len != out_buf_size) {
1147 static int decompress_cluster(BDRVQcowState *s, uint64_t cluster_offset)
1149 int ret, csize, nb_csectors, sector_offset;
1152 coffset = cluster_offset & s->cluster_offset_mask;
1153 if (s->cluster_cache_offset != coffset) {
1154 nb_csectors = ((cluster_offset >> s->csize_shift) & s->csize_mask) + 1;
1155 sector_offset = coffset & 511;
1156 csize = nb_csectors * 512 - sector_offset;
1157 ret = bdrv_read(s->hd, coffset >> 9, s->cluster_data, nb_csectors);
1161 if (decompress_buffer(s->cluster_cache, s->cluster_size,
1162 s->cluster_data + sector_offset, csize) < 0) {
1165 s->cluster_cache_offset = coffset;
1170 /* handle reading after the end of the backing file */
1171 static int backing_read1(BlockDriverState *bs,
1172 int64_t sector_num, uint8_t *buf, int nb_sectors)
1175 if ((sector_num + nb_sectors) <= bs->total_sectors)
1177 if (sector_num >= bs->total_sectors)
1180 n1 = bs->total_sectors - sector_num;
1181 memset(buf + n1 * 512, 0, 512 * (nb_sectors - n1));
1185 static int qcow_read(BlockDriverState *bs, int64_t sector_num,
1186 uint8_t *buf, int nb_sectors)
1188 BDRVQcowState *s = bs->opaque;
1189 int ret, index_in_cluster, n, n1;
1190 uint64_t cluster_offset;
1192 while (nb_sectors > 0) {
1194 cluster_offset = get_cluster_offset(bs, sector_num << 9, &n);
1195 index_in_cluster = sector_num & (s->cluster_sectors - 1);
1196 if (!cluster_offset) {
1197 if (bs->backing_hd) {
1198 /* read from the base image */
1199 n1 = backing_read1(bs->backing_hd, sector_num, buf, n);
1201 ret = bdrv_read(bs->backing_hd, sector_num, buf, n1);
1206 memset(buf, 0, 512 * n);
1208 } else if (cluster_offset & QCOW_OFLAG_COMPRESSED) {
1209 if (decompress_cluster(s, cluster_offset) < 0)
1211 memcpy(buf, s->cluster_cache + index_in_cluster * 512, 512 * n);
1213 ret = bdrv_pread(s->hd, cluster_offset + index_in_cluster * 512, buf, n * 512);
1216 if (s->crypt_method) {
1217 encrypt_sectors(s, sector_num, buf, buf, n, 0,
1218 &s->aes_decrypt_key);
1228 static int qcow_write(BlockDriverState *bs, int64_t sector_num,
1229 const uint8_t *buf, int nb_sectors)
1231 BDRVQcowState *s = bs->opaque;
1232 int ret, index_in_cluster, n;
1233 uint64_t cluster_offset;
1237 while (nb_sectors > 0) {
1238 index_in_cluster = sector_num & (s->cluster_sectors - 1);
1239 n_end = index_in_cluster + nb_sectors;
1240 if (s->crypt_method &&
1241 n_end > QCOW_MAX_CRYPT_CLUSTERS * s->cluster_sectors)
1242 n_end = QCOW_MAX_CRYPT_CLUSTERS * s->cluster_sectors;
1243 cluster_offset = alloc_cluster_offset(bs, sector_num << 9,
1245 n_end, &n, &l2meta);
1246 if (!cluster_offset)
1248 if (s->crypt_method) {
1249 encrypt_sectors(s, sector_num, s->cluster_data, buf, n, 1,
1250 &s->aes_encrypt_key);
1251 ret = bdrv_pwrite(s->hd, cluster_offset + index_in_cluster * 512,
1252 s->cluster_data, n * 512);
1254 ret = bdrv_pwrite(s->hd, cluster_offset + index_in_cluster * 512, buf, n * 512);
1256 if (ret != n * 512 || alloc_cluster_link_l2(bs, cluster_offset, &l2meta) < 0) {
1257 free_any_clusters(bs, cluster_offset, l2meta.nb_clusters);
1264 s->cluster_cache_offset = -1; /* disable compressed cache */
1268 typedef struct QCowAIOCB {
1269 BlockDriverAIOCB common;
1276 uint64_t cluster_offset;
1277 uint8_t *cluster_data;
1278 BlockDriverAIOCB *hd_aiocb;
1279 struct iovec hd_iov;
1280 QEMUIOVector hd_qiov;
1285 static void qcow_aio_read_cb(void *opaque, int ret);
1286 static void qcow_aio_read_bh(void *opaque)
1288 QCowAIOCB *acb = opaque;
1289 qemu_bh_delete(acb->bh);
1291 qcow_aio_read_cb(opaque, 0);
1294 static int qcow_schedule_bh(QEMUBHFunc *cb, QCowAIOCB *acb)
1299 acb->bh = qemu_bh_new(cb, acb);
1303 qemu_bh_schedule(acb->bh);
1308 static void qcow_aio_read_cb(void *opaque, int ret)
1310 QCowAIOCB *acb = opaque;
1311 BlockDriverState *bs = acb->common.bs;
1312 BDRVQcowState *s = bs->opaque;
1313 int index_in_cluster, n1;
1315 acb->hd_aiocb = NULL;
1319 /* post process the read buffer */
1320 if (!acb->cluster_offset) {
1322 } else if (acb->cluster_offset & QCOW_OFLAG_COMPRESSED) {
1325 if (s->crypt_method) {
1326 encrypt_sectors(s, acb->sector_num, acb->buf, acb->buf,
1328 &s->aes_decrypt_key);
1332 acb->nb_sectors -= acb->n;
1333 acb->sector_num += acb->n;
1334 acb->buf += acb->n * 512;
1336 if (acb->nb_sectors == 0) {
1337 /* request completed */
1342 /* prepare next AIO request */
1343 acb->n = acb->nb_sectors;
1344 acb->cluster_offset = get_cluster_offset(bs, acb->sector_num << 9, &acb->n);
1345 index_in_cluster = acb->sector_num & (s->cluster_sectors - 1);
1347 if (!acb->cluster_offset) {
1348 if (bs->backing_hd) {
1349 /* read from the base image */
1350 n1 = backing_read1(bs->backing_hd, acb->sector_num,
1353 acb->hd_iov.iov_base = (void *)acb->buf;
1354 acb->hd_iov.iov_len = acb->n * 512;
1355 qemu_iovec_init_external(&acb->hd_qiov, &acb->hd_iov, 1);
1356 acb->hd_aiocb = bdrv_aio_readv(bs->backing_hd, acb->sector_num,
1357 &acb->hd_qiov, acb->n,
1358 qcow_aio_read_cb, acb);
1359 if (acb->hd_aiocb == NULL)
1362 ret = qcow_schedule_bh(qcow_aio_read_bh, acb);
1367 /* Note: in this case, no need to wait */
1368 memset(acb->buf, 0, 512 * acb->n);
1369 ret = qcow_schedule_bh(qcow_aio_read_bh, acb);
1373 } else if (acb->cluster_offset & QCOW_OFLAG_COMPRESSED) {
1374 /* add AIO support for compressed blocks ? */
1375 if (decompress_cluster(s, acb->cluster_offset) < 0)
1378 s->cluster_cache + index_in_cluster * 512, 512 * acb->n);
1379 ret = qcow_schedule_bh(qcow_aio_read_bh, acb);
1383 if ((acb->cluster_offset & 511) != 0) {
1388 acb->hd_iov.iov_base = (void *)acb->buf;
1389 acb->hd_iov.iov_len = acb->n * 512;
1390 qemu_iovec_init_external(&acb->hd_qiov, &acb->hd_iov, 1);
1391 acb->hd_aiocb = bdrv_aio_readv(s->hd,
1392 (acb->cluster_offset >> 9) + index_in_cluster,
1393 &acb->hd_qiov, acb->n, qcow_aio_read_cb, acb);
1394 if (acb->hd_aiocb == NULL)
1400 if (acb->qiov->niov > 1) {
1401 qemu_iovec_from_buffer(acb->qiov, acb->orig_buf, acb->qiov->size);
1402 qemu_vfree(acb->orig_buf);
1404 acb->common.cb(acb->common.opaque, ret);
1405 qemu_aio_release(acb);
1408 static QCowAIOCB *qcow_aio_setup(BlockDriverState *bs,
1409 int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
1410 BlockDriverCompletionFunc *cb, void *opaque, int is_write)
1414 acb = qemu_aio_get(bs, cb, opaque);
1417 acb->hd_aiocb = NULL;
1418 acb->sector_num = sector_num;
1420 if (qiov->niov > 1) {
1421 acb->buf = acb->orig_buf = qemu_blockalign(bs, qiov->size);
1423 qemu_iovec_to_buffer(qiov, acb->buf);
1425 acb->buf = (uint8_t *)qiov->iov->iov_base;
1427 acb->nb_sectors = nb_sectors;
1429 acb->cluster_offset = 0;
1430 acb->l2meta.nb_clusters = 0;
1434 static BlockDriverAIOCB *qcow_aio_readv(BlockDriverState *bs,
1435 int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
1436 BlockDriverCompletionFunc *cb, void *opaque)
1440 acb = qcow_aio_setup(bs, sector_num, qiov, nb_sectors, cb, opaque, 0);
1444 qcow_aio_read_cb(acb, 0);
1445 return &acb->common;
1448 static void qcow_aio_write_cb(void *opaque, int ret)
1450 QCowAIOCB *acb = opaque;
1451 BlockDriverState *bs = acb->common.bs;
1452 BDRVQcowState *s = bs->opaque;
1453 int index_in_cluster;
1454 const uint8_t *src_buf;
1457 acb->hd_aiocb = NULL;
1462 if (alloc_cluster_link_l2(bs, acb->cluster_offset, &acb->l2meta) < 0) {
1463 free_any_clusters(bs, acb->cluster_offset, acb->l2meta.nb_clusters);
1467 acb->nb_sectors -= acb->n;
1468 acb->sector_num += acb->n;
1469 acb->buf += acb->n * 512;
1471 if (acb->nb_sectors == 0) {
1472 /* request completed */
1477 index_in_cluster = acb->sector_num & (s->cluster_sectors - 1);
1478 n_end = index_in_cluster + acb->nb_sectors;
1479 if (s->crypt_method &&
1480 n_end > QCOW_MAX_CRYPT_CLUSTERS * s->cluster_sectors)
1481 n_end = QCOW_MAX_CRYPT_CLUSTERS * s->cluster_sectors;
1483 acb->cluster_offset = alloc_cluster_offset(bs, acb->sector_num << 9,
1485 n_end, &acb->n, &acb->l2meta);
1486 if (!acb->cluster_offset || (acb->cluster_offset & 511) != 0) {
1490 if (s->crypt_method) {
1491 if (!acb->cluster_data) {
1492 acb->cluster_data = qemu_mallocz(QCOW_MAX_CRYPT_CLUSTERS *
1495 encrypt_sectors(s, acb->sector_num, acb->cluster_data, acb->buf,
1496 acb->n, 1, &s->aes_encrypt_key);
1497 src_buf = acb->cluster_data;
1501 acb->hd_iov.iov_base = (void *)src_buf;
1502 acb->hd_iov.iov_len = acb->n * 512;
1503 qemu_iovec_init_external(&acb->hd_qiov, &acb->hd_iov, 1);
1504 acb->hd_aiocb = bdrv_aio_writev(s->hd,
1505 (acb->cluster_offset >> 9) + index_in_cluster,
1506 &acb->hd_qiov, acb->n,
1507 qcow_aio_write_cb, acb);
1508 if (acb->hd_aiocb == NULL)
1514 if (acb->qiov->niov > 1)
1515 qemu_vfree(acb->orig_buf);
1516 acb->common.cb(acb->common.opaque, ret);
1517 qemu_aio_release(acb);
1520 static BlockDriverAIOCB *qcow_aio_writev(BlockDriverState *bs,
1521 int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
1522 BlockDriverCompletionFunc *cb, void *opaque)
1524 BDRVQcowState *s = bs->opaque;
1527 s->cluster_cache_offset = -1; /* disable compressed cache */
1529 acb = qcow_aio_setup(bs, sector_num, qiov, nb_sectors, cb, opaque, 1);
1533 qcow_aio_write_cb(acb, 0);
1534 return &acb->common;
1537 static void qcow_aio_cancel(BlockDriverAIOCB *blockacb)
1539 QCowAIOCB *acb = (QCowAIOCB *)blockacb;
1541 bdrv_aio_cancel(acb->hd_aiocb);
1542 qemu_aio_release(acb);
1545 static void qcow_close(BlockDriverState *bs)
1547 BDRVQcowState *s = bs->opaque;
1548 qemu_free(s->l1_table);
1549 qemu_free(s->l2_cache);
1550 qemu_free(s->cluster_cache);
1551 qemu_free(s->cluster_data);
1556 /* XXX: use std qcow open function ? */
1557 typedef struct QCowCreateState {
1560 uint16_t *refcount_block;
1561 uint64_t *refcount_table;
1562 int64_t l1_table_offset;
1563 int64_t refcount_table_offset;
1564 int64_t refcount_block_offset;
1567 static void create_refcount_update(QCowCreateState *s,
1568 int64_t offset, int64_t size)
1571 int64_t start, last, cluster_offset;
1574 start = offset & ~(s->cluster_size - 1);
1575 last = (offset + size - 1) & ~(s->cluster_size - 1);
1576 for(cluster_offset = start; cluster_offset <= last;
1577 cluster_offset += s->cluster_size) {
1578 p = &s->refcount_block[cluster_offset >> s->cluster_bits];
1579 refcount = be16_to_cpu(*p);
1581 *p = cpu_to_be16(refcount);
1585 static int qcow_create2(const char *filename, int64_t total_size,
1586 const char *backing_file, const char *backing_format,
1590 int fd, header_size, backing_filename_len, l1_size, i, shift, l2_bits;
1591 int ref_clusters, backing_format_len = 0;
1593 uint64_t tmp, offset;
1594 QCowCreateState s1, *s = &s1;
1595 QCowExtension ext_bf = {0, 0};
1598 memset(s, 0, sizeof(*s));
1600 fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644);
1603 memset(&header, 0, sizeof(header));
1604 header.magic = cpu_to_be32(QCOW_MAGIC);
1605 header.version = cpu_to_be32(QCOW_VERSION);
1606 header.size = cpu_to_be64(total_size * 512);
1607 header_size = sizeof(header);
1608 backing_filename_len = 0;
1610 if (backing_format) {
1611 ext_bf.magic = QCOW_EXT_MAGIC_BACKING_FORMAT;
1612 backing_format_len = strlen(backing_format);
1613 ext_bf.len = (backing_format_len + 7) & ~7;
1614 header_size += ((sizeof(ext_bf) + ext_bf.len + 7) & ~7);
1616 header.backing_file_offset = cpu_to_be64(header_size);
1617 backing_filename_len = strlen(backing_file);
1618 header.backing_file_size = cpu_to_be32(backing_filename_len);
1619 header_size += backing_filename_len;
1621 s->cluster_bits = 12; /* 4 KB clusters */
1622 s->cluster_size = 1 << s->cluster_bits;
1623 header.cluster_bits = cpu_to_be32(s->cluster_bits);
1624 header_size = (header_size + 7) & ~7;
1625 if (flags & BLOCK_FLAG_ENCRYPT) {
1626 header.crypt_method = cpu_to_be32(QCOW_CRYPT_AES);
1628 header.crypt_method = cpu_to_be32(QCOW_CRYPT_NONE);
1630 l2_bits = s->cluster_bits - 3;
1631 shift = s->cluster_bits + l2_bits;
1632 l1_size = (((total_size * 512) + (1LL << shift) - 1) >> shift);
1633 offset = align_offset(header_size, s->cluster_size);
1634 s->l1_table_offset = offset;
1635 header.l1_table_offset = cpu_to_be64(s->l1_table_offset);
1636 header.l1_size = cpu_to_be32(l1_size);
1637 offset += align_offset(l1_size * sizeof(uint64_t), s->cluster_size);
1639 s->refcount_table = qemu_mallocz(s->cluster_size);
1641 s->refcount_table_offset = offset;
1642 header.refcount_table_offset = cpu_to_be64(offset);
1643 header.refcount_table_clusters = cpu_to_be32(1);
1644 offset += s->cluster_size;
1645 s->refcount_block_offset = offset;
1647 /* count how many refcount blocks needed */
1648 tmp = offset >> s->cluster_bits;
1649 ref_clusters = (tmp >> (s->cluster_bits - REFCOUNT_SHIFT)) + 1;
1650 for (i=0; i < ref_clusters; i++) {
1651 s->refcount_table[i] = cpu_to_be64(offset);
1652 offset += s->cluster_size;
1655 s->refcount_block = qemu_mallocz(ref_clusters * s->cluster_size);
1657 /* update refcounts */
1658 create_refcount_update(s, 0, header_size);
1659 create_refcount_update(s, s->l1_table_offset, l1_size * sizeof(uint64_t));
1660 create_refcount_update(s, s->refcount_table_offset, s->cluster_size);
1661 create_refcount_update(s, s->refcount_block_offset, ref_clusters * s->cluster_size);
1663 /* write all the data */
1664 write(fd, &header, sizeof(header));
1666 if (backing_format_len) {
1668 int d = ext_bf.len - backing_format_len;
1670 memset(zero, 0, sizeof(zero));
1671 cpu_to_be32s(&ext_bf.magic);
1672 cpu_to_be32s(&ext_bf.len);
1673 write(fd, &ext_bf, sizeof(ext_bf));
1674 write(fd, backing_format, backing_format_len);
1679 write(fd, backing_file, backing_filename_len);
1681 lseek(fd, s->l1_table_offset, SEEK_SET);
1683 for(i = 0;i < l1_size; i++) {
1684 write(fd, &tmp, sizeof(tmp));
1686 lseek(fd, s->refcount_table_offset, SEEK_SET);
1687 write(fd, s->refcount_table, s->cluster_size);
1689 lseek(fd, s->refcount_block_offset, SEEK_SET);
1690 write(fd, s->refcount_block, ref_clusters * s->cluster_size);
1692 qemu_free(s->refcount_table);
1693 qemu_free(s->refcount_block);
1698 static int qcow_create(const char *filename, int64_t total_size,
1699 const char *backing_file, int flags)
1701 return qcow_create2(filename, total_size, backing_file, NULL, flags);
1704 static int qcow_make_empty(BlockDriverState *bs)
1707 /* XXX: not correct */
1708 BDRVQcowState *s = bs->opaque;
1709 uint32_t l1_length = s->l1_size * sizeof(uint64_t);
1712 memset(s->l1_table, 0, l1_length);
1713 if (bdrv_pwrite(s->hd, s->l1_table_offset, s->l1_table, l1_length) < 0)
1715 ret = bdrv_truncate(s->hd, s->l1_table_offset + l1_length);
1724 /* XXX: put compressed sectors first, then all the cluster aligned
1725 tables to avoid losing bytes in alignment */
1726 static int qcow_write_compressed(BlockDriverState *bs, int64_t sector_num,
1727 const uint8_t *buf, int nb_sectors)
1729 BDRVQcowState *s = bs->opaque;
1733 uint64_t cluster_offset;
1735 if (nb_sectors == 0) {
1736 /* align end of file to a sector boundary to ease reading with
1737 sector based I/Os */
1738 cluster_offset = bdrv_getlength(s->hd);
1739 cluster_offset = (cluster_offset + 511) & ~511;
1740 bdrv_truncate(s->hd, cluster_offset);
1744 if (nb_sectors != s->cluster_sectors)
1747 out_buf = qemu_malloc(s->cluster_size + (s->cluster_size / 1000) + 128);
1749 /* best compression, small window, no zlib header */
1750 memset(&strm, 0, sizeof(strm));
1751 ret = deflateInit2(&strm, Z_DEFAULT_COMPRESSION,
1753 9, Z_DEFAULT_STRATEGY);
1759 strm.avail_in = s->cluster_size;
1760 strm.next_in = (uint8_t *)buf;
1761 strm.avail_out = s->cluster_size;
1762 strm.next_out = out_buf;
1764 ret = deflate(&strm, Z_FINISH);
1765 if (ret != Z_STREAM_END && ret != Z_OK) {
1770 out_len = strm.next_out - out_buf;
1774 if (ret != Z_STREAM_END || out_len >= s->cluster_size) {
1775 /* could not compress: write normal cluster */
1776 qcow_write(bs, sector_num, buf, s->cluster_sectors);
1778 cluster_offset = alloc_compressed_cluster_offset(bs, sector_num << 9,
1780 if (!cluster_offset)
1782 cluster_offset &= s->cluster_offset_mask;
1783 if (bdrv_pwrite(s->hd, cluster_offset, out_buf, out_len) != out_len) {
1793 static void qcow_flush(BlockDriverState *bs)
1795 BDRVQcowState *s = bs->opaque;
1799 static int qcow_get_info(BlockDriverState *bs, BlockDriverInfo *bdi)
1801 BDRVQcowState *s = bs->opaque;
1802 bdi->cluster_size = s->cluster_size;
1803 bdi->vm_state_offset = (int64_t)s->l1_vm_state_index <<
1804 (s->cluster_bits + s->l2_bits);
1808 /*********************************************************/
1809 /* snapshot support */
1811 /* update the refcounts of snapshots and the copied flag */
1812 static int update_snapshot_refcount(BlockDriverState *bs,
1813 int64_t l1_table_offset,
1817 BDRVQcowState *s = bs->opaque;
1818 uint64_t *l1_table, *l2_table, l2_offset, offset, l1_size2, l1_allocated;
1819 int64_t old_offset, old_l2_offset;
1820 int l2_size, i, j, l1_modified, l2_modified, nb_csectors, refcount;
1826 l1_size2 = l1_size * sizeof(uint64_t);
1828 if (l1_table_offset != s->l1_table_offset) {
1829 l1_table = qemu_malloc(l1_size2);
1831 if (bdrv_pread(s->hd, l1_table_offset,
1832 l1_table, l1_size2) != l1_size2)
1834 for(i = 0;i < l1_size; i++)
1835 be64_to_cpus(&l1_table[i]);
1837 assert(l1_size == s->l1_size);
1838 l1_table = s->l1_table;
1842 l2_size = s->l2_size * sizeof(uint64_t);
1843 l2_table = qemu_malloc(l2_size);
1845 for(i = 0; i < l1_size; i++) {
1846 l2_offset = l1_table[i];
1848 old_l2_offset = l2_offset;
1849 l2_offset &= ~QCOW_OFLAG_COPIED;
1851 if (bdrv_pread(s->hd, l2_offset, l2_table, l2_size) != l2_size)
1853 for(j = 0; j < s->l2_size; j++) {
1854 offset = be64_to_cpu(l2_table[j]);
1856 old_offset = offset;
1857 offset &= ~QCOW_OFLAG_COPIED;
1858 if (offset & QCOW_OFLAG_COMPRESSED) {
1859 nb_csectors = ((offset >> s->csize_shift) &
1862 update_refcount(bs, (offset & s->cluster_offset_mask) & ~511,
1863 nb_csectors * 512, addend);
1864 /* compressed clusters are never modified */
1868 refcount = update_cluster_refcount(bs, offset >> s->cluster_bits, addend);
1870 refcount = get_refcount(bs, offset >> s->cluster_bits);
1874 if (refcount == 1) {
1875 offset |= QCOW_OFLAG_COPIED;
1877 if (offset != old_offset) {
1878 l2_table[j] = cpu_to_be64(offset);
1884 if (bdrv_pwrite(s->hd,
1885 l2_offset, l2_table, l2_size) != l2_size)
1890 refcount = update_cluster_refcount(bs, l2_offset >> s->cluster_bits, addend);
1892 refcount = get_refcount(bs, l2_offset >> s->cluster_bits);
1894 if (refcount == 1) {
1895 l2_offset |= QCOW_OFLAG_COPIED;
1897 if (l2_offset != old_l2_offset) {
1898 l1_table[i] = l2_offset;
1904 for(i = 0; i < l1_size; i++)
1905 cpu_to_be64s(&l1_table[i]);
1906 if (bdrv_pwrite(s->hd, l1_table_offset, l1_table,
1907 l1_size2) != l1_size2)
1909 for(i = 0; i < l1_size; i++)
1910 be64_to_cpus(&l1_table[i]);
1913 qemu_free(l1_table);
1914 qemu_free(l2_table);
1918 qemu_free(l1_table);
1919 qemu_free(l2_table);
1923 static void qcow_free_snapshots(BlockDriverState *bs)
1925 BDRVQcowState *s = bs->opaque;
1928 for(i = 0; i < s->nb_snapshots; i++) {
1929 qemu_free(s->snapshots[i].name);
1930 qemu_free(s->snapshots[i].id_str);
1932 qemu_free(s->snapshots);
1933 s->snapshots = NULL;
1934 s->nb_snapshots = 0;
1937 static int qcow_read_snapshots(BlockDriverState *bs)
1939 BDRVQcowState *s = bs->opaque;
1940 QCowSnapshotHeader h;
1942 int i, id_str_size, name_size;
1944 uint32_t extra_data_size;
1946 if (!s->nb_snapshots) {
1947 s->snapshots = NULL;
1948 s->snapshots_size = 0;
1952 offset = s->snapshots_offset;
1953 s->snapshots = qemu_mallocz(s->nb_snapshots * sizeof(QCowSnapshot));
1954 for(i = 0; i < s->nb_snapshots; i++) {
1955 offset = align_offset(offset, 8);
1956 if (bdrv_pread(s->hd, offset, &h, sizeof(h)) != sizeof(h))
1958 offset += sizeof(h);
1959 sn = s->snapshots + i;
1960 sn->l1_table_offset = be64_to_cpu(h.l1_table_offset);
1961 sn->l1_size = be32_to_cpu(h.l1_size);
1962 sn->vm_state_size = be32_to_cpu(h.vm_state_size);
1963 sn->date_sec = be32_to_cpu(h.date_sec);
1964 sn->date_nsec = be32_to_cpu(h.date_nsec);
1965 sn->vm_clock_nsec = be64_to_cpu(h.vm_clock_nsec);
1966 extra_data_size = be32_to_cpu(h.extra_data_size);
1968 id_str_size = be16_to_cpu(h.id_str_size);
1969 name_size = be16_to_cpu(h.name_size);
1971 offset += extra_data_size;
1973 sn->id_str = qemu_malloc(id_str_size + 1);
1974 if (bdrv_pread(s->hd, offset, sn->id_str, id_str_size) != id_str_size)
1976 offset += id_str_size;
1977 sn->id_str[id_str_size] = '\0';
1979 sn->name = qemu_malloc(name_size + 1);
1980 if (bdrv_pread(s->hd, offset, sn->name, name_size) != name_size)
1982 offset += name_size;
1983 sn->name[name_size] = '\0';
1985 s->snapshots_size = offset - s->snapshots_offset;
1988 qcow_free_snapshots(bs);
1992 /* add at the end of the file a new list of snapshots */
1993 static int qcow_write_snapshots(BlockDriverState *bs)
1995 BDRVQcowState *s = bs->opaque;
1997 QCowSnapshotHeader h;
1998 int i, name_size, id_str_size, snapshots_size;
2001 int64_t offset, snapshots_offset;
2003 /* compute the size of the snapshots */
2005 for(i = 0; i < s->nb_snapshots; i++) {
2006 sn = s->snapshots + i;
2007 offset = align_offset(offset, 8);
2008 offset += sizeof(h);
2009 offset += strlen(sn->id_str);
2010 offset += strlen(sn->name);
2012 snapshots_size = offset;
2014 snapshots_offset = alloc_clusters(bs, snapshots_size);
2015 offset = snapshots_offset;
2017 for(i = 0; i < s->nb_snapshots; i++) {
2018 sn = s->snapshots + i;
2019 memset(&h, 0, sizeof(h));
2020 h.l1_table_offset = cpu_to_be64(sn->l1_table_offset);
2021 h.l1_size = cpu_to_be32(sn->l1_size);
2022 h.vm_state_size = cpu_to_be32(sn->vm_state_size);
2023 h.date_sec = cpu_to_be32(sn->date_sec);
2024 h.date_nsec = cpu_to_be32(sn->date_nsec);
2025 h.vm_clock_nsec = cpu_to_be64(sn->vm_clock_nsec);
2027 id_str_size = strlen(sn->id_str);
2028 name_size = strlen(sn->name);
2029 h.id_str_size = cpu_to_be16(id_str_size);
2030 h.name_size = cpu_to_be16(name_size);
2031 offset = align_offset(offset, 8);
2032 if (bdrv_pwrite(s->hd, offset, &h, sizeof(h)) != sizeof(h))
2034 offset += sizeof(h);
2035 if (bdrv_pwrite(s->hd, offset, sn->id_str, id_str_size) != id_str_size)
2037 offset += id_str_size;
2038 if (bdrv_pwrite(s->hd, offset, sn->name, name_size) != name_size)
2040 offset += name_size;
2043 /* update the various header fields */
2044 data64 = cpu_to_be64(snapshots_offset);
2045 if (bdrv_pwrite(s->hd, offsetof(QCowHeader, snapshots_offset),
2046 &data64, sizeof(data64)) != sizeof(data64))
2048 data32 = cpu_to_be32(s->nb_snapshots);
2049 if (bdrv_pwrite(s->hd, offsetof(QCowHeader, nb_snapshots),
2050 &data32, sizeof(data32)) != sizeof(data32))
2053 /* free the old snapshot table */
2054 free_clusters(bs, s->snapshots_offset, s->snapshots_size);
2055 s->snapshots_offset = snapshots_offset;
2056 s->snapshots_size = snapshots_size;
2062 static void find_new_snapshot_id(BlockDriverState *bs,
2063 char *id_str, int id_str_size)
2065 BDRVQcowState *s = bs->opaque;
2067 int i, id, id_max = 0;
2069 for(i = 0; i < s->nb_snapshots; i++) {
2070 sn = s->snapshots + i;
2071 id = strtoul(sn->id_str, NULL, 10);
2075 snprintf(id_str, id_str_size, "%d", id_max + 1);
2078 static int find_snapshot_by_id(BlockDriverState *bs, const char *id_str)
2080 BDRVQcowState *s = bs->opaque;
2083 for(i = 0; i < s->nb_snapshots; i++) {
2084 if (!strcmp(s->snapshots[i].id_str, id_str))
2090 static int find_snapshot_by_id_or_name(BlockDriverState *bs, const char *name)
2092 BDRVQcowState *s = bs->opaque;
2095 ret = find_snapshot_by_id(bs, name);
2098 for(i = 0; i < s->nb_snapshots; i++) {
2099 if (!strcmp(s->snapshots[i].name, name))
2105 /* if no id is provided, a new one is constructed */
2106 static int qcow_snapshot_create(BlockDriverState *bs,
2107 QEMUSnapshotInfo *sn_info)
2109 BDRVQcowState *s = bs->opaque;
2110 QCowSnapshot *snapshots1, sn1, *sn = &sn1;
2112 uint64_t *l1_table = NULL;
2114 memset(sn, 0, sizeof(*sn));
2116 if (sn_info->id_str[0] == '\0') {
2117 /* compute a new id */
2118 find_new_snapshot_id(bs, sn_info->id_str, sizeof(sn_info->id_str));
2121 /* check that the ID is unique */
2122 if (find_snapshot_by_id(bs, sn_info->id_str) >= 0)
2125 sn->id_str = qemu_strdup(sn_info->id_str);
2128 sn->name = qemu_strdup(sn_info->name);
2131 sn->vm_state_size = sn_info->vm_state_size;
2132 sn->date_sec = sn_info->date_sec;
2133 sn->date_nsec = sn_info->date_nsec;
2134 sn->vm_clock_nsec = sn_info->vm_clock_nsec;
2136 ret = update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 1);
2140 /* create the L1 table of the snapshot */
2141 sn->l1_table_offset = alloc_clusters(bs, s->l1_size * sizeof(uint64_t));
2142 sn->l1_size = s->l1_size;
2144 l1_table = qemu_malloc(s->l1_size * sizeof(uint64_t));
2145 for(i = 0; i < s->l1_size; i++) {
2146 l1_table[i] = cpu_to_be64(s->l1_table[i]);
2148 if (bdrv_pwrite(s->hd, sn->l1_table_offset,
2149 l1_table, s->l1_size * sizeof(uint64_t)) !=
2150 (s->l1_size * sizeof(uint64_t)))
2152 qemu_free(l1_table);
2155 snapshots1 = qemu_malloc((s->nb_snapshots + 1) * sizeof(QCowSnapshot));
2157 memcpy(snapshots1, s->snapshots, s->nb_snapshots * sizeof(QCowSnapshot));
2158 qemu_free(s->snapshots);
2160 s->snapshots = snapshots1;
2161 s->snapshots[s->nb_snapshots++] = *sn;
2163 if (qcow_write_snapshots(bs) < 0)
2166 check_refcounts(bs);
2170 qemu_free(sn->name);
2171 qemu_free(l1_table);
2175 /* copy the snapshot 'snapshot_name' into the current disk image */
2176 static int qcow_snapshot_goto(BlockDriverState *bs,
2177 const char *snapshot_id)
2179 BDRVQcowState *s = bs->opaque;
2181 int i, snapshot_index, l1_size2;
2183 snapshot_index = find_snapshot_by_id_or_name(bs, snapshot_id);
2184 if (snapshot_index < 0)
2186 sn = &s->snapshots[snapshot_index];
2188 if (update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, -1) < 0)
2191 if (grow_l1_table(bs, sn->l1_size) < 0)
2194 s->l1_size = sn->l1_size;
2195 l1_size2 = s->l1_size * sizeof(uint64_t);
2196 /* copy the snapshot l1 table to the current l1 table */
2197 if (bdrv_pread(s->hd, sn->l1_table_offset,
2198 s->l1_table, l1_size2) != l1_size2)
2200 if (bdrv_pwrite(s->hd, s->l1_table_offset,
2201 s->l1_table, l1_size2) != l1_size2)
2203 for(i = 0;i < s->l1_size; i++) {
2204 be64_to_cpus(&s->l1_table[i]);
2207 if (update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 1) < 0)
2211 check_refcounts(bs);
2218 static int qcow_snapshot_delete(BlockDriverState *bs, const char *snapshot_id)
2220 BDRVQcowState *s = bs->opaque;
2222 int snapshot_index, ret;
2224 snapshot_index = find_snapshot_by_id_or_name(bs, snapshot_id);
2225 if (snapshot_index < 0)
2227 sn = &s->snapshots[snapshot_index];
2229 ret = update_snapshot_refcount(bs, sn->l1_table_offset, sn->l1_size, -1);
2232 /* must update the copied flag on the current cluster offsets */
2233 ret = update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 0);
2236 free_clusters(bs, sn->l1_table_offset, sn->l1_size * sizeof(uint64_t));
2238 qemu_free(sn->id_str);
2239 qemu_free(sn->name);
2240 memmove(sn, sn + 1, (s->nb_snapshots - snapshot_index - 1) * sizeof(*sn));
2242 ret = qcow_write_snapshots(bs);
2244 /* XXX: restore snapshot if error ? */
2248 check_refcounts(bs);
2253 static int qcow_snapshot_list(BlockDriverState *bs,
2254 QEMUSnapshotInfo **psn_tab)
2256 BDRVQcowState *s = bs->opaque;
2257 QEMUSnapshotInfo *sn_tab, *sn_info;
2261 sn_tab = qemu_mallocz(s->nb_snapshots * sizeof(QEMUSnapshotInfo));
2262 for(i = 0; i < s->nb_snapshots; i++) {
2263 sn_info = sn_tab + i;
2264 sn = s->snapshots + i;
2265 pstrcpy(sn_info->id_str, sizeof(sn_info->id_str),
2267 pstrcpy(sn_info->name, sizeof(sn_info->name),
2269 sn_info->vm_state_size = sn->vm_state_size;
2270 sn_info->date_sec = sn->date_sec;
2271 sn_info->date_nsec = sn->date_nsec;
2272 sn_info->vm_clock_nsec = sn->vm_clock_nsec;
2275 return s->nb_snapshots;
2278 /*********************************************************/
2279 /* refcount handling */
2281 static int refcount_init(BlockDriverState *bs)
2283 BDRVQcowState *s = bs->opaque;
2284 int ret, refcount_table_size2, i;
2286 s->refcount_block_cache = qemu_malloc(s->cluster_size);
2287 refcount_table_size2 = s->refcount_table_size * sizeof(uint64_t);
2288 s->refcount_table = qemu_malloc(refcount_table_size2);
2289 if (s->refcount_table_size > 0) {
2290 ret = bdrv_pread(s->hd, s->refcount_table_offset,
2291 s->refcount_table, refcount_table_size2);
2292 if (ret != refcount_table_size2)
2294 for(i = 0; i < s->refcount_table_size; i++)
2295 be64_to_cpus(&s->refcount_table[i]);
2302 static void refcount_close(BlockDriverState *bs)
2304 BDRVQcowState *s = bs->opaque;
2305 qemu_free(s->refcount_block_cache);
2306 qemu_free(s->refcount_table);
2310 static int load_refcount_block(BlockDriverState *bs,
2311 int64_t refcount_block_offset)
2313 BDRVQcowState *s = bs->opaque;
2315 ret = bdrv_pread(s->hd, refcount_block_offset, s->refcount_block_cache,
2317 if (ret != s->cluster_size)
2319 s->refcount_block_cache_offset = refcount_block_offset;
2323 static int get_refcount(BlockDriverState *bs, int64_t cluster_index)
2325 BDRVQcowState *s = bs->opaque;
2326 int refcount_table_index, block_index;
2327 int64_t refcount_block_offset;
2329 refcount_table_index = cluster_index >> (s->cluster_bits - REFCOUNT_SHIFT);
2330 if (refcount_table_index >= s->refcount_table_size)
2332 refcount_block_offset = s->refcount_table[refcount_table_index];
2333 if (!refcount_block_offset)
2335 if (refcount_block_offset != s->refcount_block_cache_offset) {
2336 /* better than nothing: return allocated if read error */
2337 if (load_refcount_block(bs, refcount_block_offset) < 0)
2340 block_index = cluster_index &
2341 ((1 << (s->cluster_bits - REFCOUNT_SHIFT)) - 1);
2342 return be16_to_cpu(s->refcount_block_cache[block_index]);
2345 /* return < 0 if error */
2346 static int64_t alloc_clusters_noref(BlockDriverState *bs, int64_t size)
2348 BDRVQcowState *s = bs->opaque;
2351 nb_clusters = size_to_clusters(s, size);
2353 for(i = 0; i < nb_clusters; i++) {
2354 int64_t i = s->free_cluster_index++;
2355 if (get_refcount(bs, i) != 0)
2359 printf("alloc_clusters: size=%lld -> %lld\n",
2361 (s->free_cluster_index - nb_clusters) << s->cluster_bits);
2363 return (s->free_cluster_index - nb_clusters) << s->cluster_bits;
2366 static int64_t alloc_clusters(BlockDriverState *bs, int64_t size)
2370 offset = alloc_clusters_noref(bs, size);
2371 update_refcount(bs, offset, size, 1);
2375 /* only used to allocate compressed sectors. We try to allocate
2376 contiguous sectors. size must be <= cluster_size */
2377 static int64_t alloc_bytes(BlockDriverState *bs, int size)
2379 BDRVQcowState *s = bs->opaque;
2380 int64_t offset, cluster_offset;
2381 int free_in_cluster;
2383 assert(size > 0 && size <= s->cluster_size);
2384 if (s->free_byte_offset == 0) {
2385 s->free_byte_offset = alloc_clusters(bs, s->cluster_size);
2388 free_in_cluster = s->cluster_size -
2389 (s->free_byte_offset & (s->cluster_size - 1));
2390 if (size <= free_in_cluster) {
2391 /* enough space in current cluster */
2392 offset = s->free_byte_offset;
2393 s->free_byte_offset += size;
2394 free_in_cluster -= size;
2395 if (free_in_cluster == 0)
2396 s->free_byte_offset = 0;
2397 if ((offset & (s->cluster_size - 1)) != 0)
2398 update_cluster_refcount(bs, offset >> s->cluster_bits, 1);
2400 offset = alloc_clusters(bs, s->cluster_size);
2401 cluster_offset = s->free_byte_offset & ~(s->cluster_size - 1);
2402 if ((cluster_offset + s->cluster_size) == offset) {
2403 /* we are lucky: contiguous data */
2404 offset = s->free_byte_offset;
2405 update_cluster_refcount(bs, offset >> s->cluster_bits, 1);
2406 s->free_byte_offset += size;
2408 s->free_byte_offset = offset;
2415 static void free_clusters(BlockDriverState *bs,
2416 int64_t offset, int64_t size)
2418 update_refcount(bs, offset, size, -1);
2421 static int grow_refcount_table(BlockDriverState *bs, int min_size)
2423 BDRVQcowState *s = bs->opaque;
2424 int new_table_size, new_table_size2, refcount_table_clusters, i, ret;
2425 uint64_t *new_table;
2426 int64_t table_offset;
2429 int64_t old_table_offset;
2431 if (min_size <= s->refcount_table_size)
2433 /* compute new table size */
2434 refcount_table_clusters = s->refcount_table_size >> (s->cluster_bits - 3);
2436 if (refcount_table_clusters == 0) {
2437 refcount_table_clusters = 1;
2439 refcount_table_clusters = (refcount_table_clusters * 3 + 1) / 2;
2441 new_table_size = refcount_table_clusters << (s->cluster_bits - 3);
2442 if (min_size <= new_table_size)
2446 printf("grow_refcount_table from %d to %d\n",
2447 s->refcount_table_size,
2450 new_table_size2 = new_table_size * sizeof(uint64_t);
2451 new_table = qemu_mallocz(new_table_size2);
2452 memcpy(new_table, s->refcount_table,
2453 s->refcount_table_size * sizeof(uint64_t));
2454 for(i = 0; i < s->refcount_table_size; i++)
2455 cpu_to_be64s(&new_table[i]);
2456 /* Note: we cannot update the refcount now to avoid recursion */
2457 table_offset = alloc_clusters_noref(bs, new_table_size2);
2458 ret = bdrv_pwrite(s->hd, table_offset, new_table, new_table_size2);
2459 if (ret != new_table_size2)
2461 for(i = 0; i < s->refcount_table_size; i++)
2462 be64_to_cpus(&new_table[i]);
2464 cpu_to_be64w((uint64_t*)data, table_offset);
2465 cpu_to_be32w((uint32_t*)(data + 8), refcount_table_clusters);
2466 if (bdrv_pwrite(s->hd, offsetof(QCowHeader, refcount_table_offset),
2467 data, sizeof(data)) != sizeof(data))
2469 qemu_free(s->refcount_table);
2470 old_table_offset = s->refcount_table_offset;
2471 old_table_size = s->refcount_table_size;
2472 s->refcount_table = new_table;
2473 s->refcount_table_size = new_table_size;
2474 s->refcount_table_offset = table_offset;
2476 update_refcount(bs, table_offset, new_table_size2, 1);
2477 free_clusters(bs, old_table_offset, old_table_size * sizeof(uint64_t));
2480 free_clusters(bs, table_offset, new_table_size2);
2481 qemu_free(new_table);
2485 /* addend must be 1 or -1 */
2486 /* XXX: cache several refcount block clusters ? */
2487 static int update_cluster_refcount(BlockDriverState *bs,
2488 int64_t cluster_index,
2491 BDRVQcowState *s = bs->opaque;
2492 int64_t offset, refcount_block_offset;
2493 int ret, refcount_table_index, block_index, refcount;
2496 refcount_table_index = cluster_index >> (s->cluster_bits - REFCOUNT_SHIFT);
2497 if (refcount_table_index >= s->refcount_table_size) {
2500 ret = grow_refcount_table(bs, refcount_table_index + 1);
2504 refcount_block_offset = s->refcount_table[refcount_table_index];
2505 if (!refcount_block_offset) {
2508 /* create a new refcount block */
2509 /* Note: we cannot update the refcount now to avoid recursion */
2510 offset = alloc_clusters_noref(bs, s->cluster_size);
2511 memset(s->refcount_block_cache, 0, s->cluster_size);
2512 ret = bdrv_pwrite(s->hd, offset, s->refcount_block_cache, s->cluster_size);
2513 if (ret != s->cluster_size)
2515 s->refcount_table[refcount_table_index] = offset;
2516 data64 = cpu_to_be64(offset);
2517 ret = bdrv_pwrite(s->hd, s->refcount_table_offset +
2518 refcount_table_index * sizeof(uint64_t),
2519 &data64, sizeof(data64));
2520 if (ret != sizeof(data64))
2523 refcount_block_offset = offset;
2524 s->refcount_block_cache_offset = offset;
2525 update_refcount(bs, offset, s->cluster_size, 1);
2527 if (refcount_block_offset != s->refcount_block_cache_offset) {
2528 if (load_refcount_block(bs, refcount_block_offset) < 0)
2532 /* we can update the count and save it */
2533 block_index = cluster_index &
2534 ((1 << (s->cluster_bits - REFCOUNT_SHIFT)) - 1);
2535 refcount = be16_to_cpu(s->refcount_block_cache[block_index]);
2537 if (refcount < 0 || refcount > 0xffff)
2539 if (refcount == 0 && cluster_index < s->free_cluster_index) {
2540 s->free_cluster_index = cluster_index;
2542 s->refcount_block_cache[block_index] = cpu_to_be16(refcount);
2543 if (bdrv_pwrite(s->hd,
2544 refcount_block_offset + (block_index << REFCOUNT_SHIFT),
2545 &s->refcount_block_cache[block_index], 2) != 2)
2550 static void update_refcount(BlockDriverState *bs,
2551 int64_t offset, int64_t length,
2554 BDRVQcowState *s = bs->opaque;
2555 int64_t start, last, cluster_offset;
2558 printf("update_refcount: offset=%lld size=%lld addend=%d\n",
2559 offset, length, addend);
2563 start = offset & ~(s->cluster_size - 1);
2564 last = (offset + length - 1) & ~(s->cluster_size - 1);
2565 for(cluster_offset = start; cluster_offset <= last;
2566 cluster_offset += s->cluster_size) {
2567 update_cluster_refcount(bs, cluster_offset >> s->cluster_bits, addend);
2572 * Increases the refcount for a range of clusters in a given refcount table.
2573 * This is used to construct a temporary refcount table out of L1 and L2 tables
2574 * which can be compared the the refcount table saved in the image.
2576 * Returns the number of errors in the image that were found
2578 static int inc_refcounts(BlockDriverState *bs,
2579 uint16_t *refcount_table,
2580 int refcount_table_size,
2581 int64_t offset, int64_t size)
2583 BDRVQcowState *s = bs->opaque;
2584 int64_t start, last, cluster_offset;
2591 start = offset & ~(s->cluster_size - 1);
2592 last = (offset + size - 1) & ~(s->cluster_size - 1);
2593 for(cluster_offset = start; cluster_offset <= last;
2594 cluster_offset += s->cluster_size) {
2595 k = cluster_offset >> s->cluster_bits;
2596 if (k < 0 || k >= refcount_table_size) {
2597 fprintf(stderr, "ERROR: invalid cluster offset=0x%" PRIx64 "\n",
2601 if (++refcount_table[k] == 0) {
2602 fprintf(stderr, "ERROR: overflow cluster offset=0x%" PRIx64
2603 "\n", cluster_offset);
2613 * Increases the refcount in the given refcount table for the all clusters
2614 * referenced in the L2 table. While doing so, performs some checks on L2
2617 * Returns the number of errors found by the checks or -errno if an internal
2620 static int check_refcounts_l2(BlockDriverState *bs,
2621 uint16_t *refcount_table, int refcount_table_size, int64_t l2_offset,
2624 BDRVQcowState *s = bs->opaque;
2625 uint64_t *l2_table, offset;
2626 int i, l2_size, nb_csectors, refcount;
2629 /* Read L2 table from disk */
2630 l2_size = s->l2_size * sizeof(uint64_t);
2631 l2_table = qemu_malloc(l2_size);
2633 if (bdrv_pread(s->hd, l2_offset, l2_table, l2_size) != l2_size)
2636 /* Do the actual checks */
2637 for(i = 0; i < s->l2_size; i++) {
2638 offset = be64_to_cpu(l2_table[i]);
2640 if (offset & QCOW_OFLAG_COMPRESSED) {
2641 /* Compressed clusters don't have QCOW_OFLAG_COPIED */
2642 if (offset & QCOW_OFLAG_COPIED) {
2643 fprintf(stderr, "ERROR: cluster %" PRId64 ": "
2644 "copied flag must never be set for compressed "
2645 "clusters\n", offset >> s->cluster_bits);
2646 offset &= ~QCOW_OFLAG_COPIED;
2650 /* Mark cluster as used */
2651 nb_csectors = ((offset >> s->csize_shift) &
2653 offset &= s->cluster_offset_mask;
2654 errors += inc_refcounts(bs, refcount_table,
2655 refcount_table_size,
2656 offset & ~511, nb_csectors * 512);
2658 /* QCOW_OFLAG_COPIED must be set iff refcount == 1 */
2660 uint64_t entry = offset;
2661 offset &= ~QCOW_OFLAG_COPIED;
2662 refcount = get_refcount(bs, offset >> s->cluster_bits);
2663 if ((refcount == 1) != ((entry & QCOW_OFLAG_COPIED) != 0)) {
2664 fprintf(stderr, "ERROR OFLAG_COPIED: offset=%"
2665 PRIx64 " refcount=%d\n", entry, refcount);
2670 /* Mark cluster as used */
2671 offset &= ~QCOW_OFLAG_COPIED;
2672 errors += inc_refcounts(bs, refcount_table,
2673 refcount_table_size,
2674 offset, s->cluster_size);
2676 /* Correct offsets are cluster aligned */
2677 if (offset & (s->cluster_size - 1)) {
2678 fprintf(stderr, "ERROR offset=%" PRIx64 ": Cluster is not "
2679 "properly aligned; L2 entry corrupted.\n", offset);
2686 qemu_free(l2_table);
2690 fprintf(stderr, "ERROR: I/O error in check_refcounts_l1\n");
2691 qemu_free(l2_table);
2696 * Increases the refcount for the L1 table, its L2 tables and all referenced
2697 * clusters in the given refcount table. While doing so, performs some checks
2698 * on L1 and L2 entries.
2700 * Returns the number of errors found by the checks or -errno if an internal
2703 static int check_refcounts_l1(BlockDriverState *bs,
2704 uint16_t *refcount_table,
2705 int refcount_table_size,
2706 int64_t l1_table_offset, int l1_size,
2709 BDRVQcowState *s = bs->opaque;
2710 uint64_t *l1_table, l2_offset, l1_size2;
2711 int i, refcount, ret;
2714 l1_size2 = l1_size * sizeof(uint64_t);
2716 /* Mark L1 table as used */
2717 errors += inc_refcounts(bs, refcount_table, refcount_table_size,
2718 l1_table_offset, l1_size2);
2720 /* Read L1 table entries from disk */
2721 l1_table = qemu_malloc(l1_size2);
2722 if (bdrv_pread(s->hd, l1_table_offset,
2723 l1_table, l1_size2) != l1_size2)
2725 for(i = 0;i < l1_size; i++)
2726 be64_to_cpus(&l1_table[i]);
2728 /* Do the actual checks */
2729 for(i = 0; i < l1_size; i++) {
2730 l2_offset = l1_table[i];
2732 /* QCOW_OFLAG_COPIED must be set iff refcount == 1 */
2734 refcount = get_refcount(bs, (l2_offset & ~QCOW_OFLAG_COPIED)
2735 >> s->cluster_bits);
2736 if ((refcount == 1) != ((l2_offset & QCOW_OFLAG_COPIED) != 0)) {
2737 fprintf(stderr, "ERROR OFLAG_COPIED: l2_offset=%" PRIx64
2738 " refcount=%d\n", l2_offset, refcount);
2743 /* Mark L2 table as used */
2744 l2_offset &= ~QCOW_OFLAG_COPIED;
2745 errors += inc_refcounts(bs, refcount_table,
2746 refcount_table_size,
2750 /* L2 tables are cluster aligned */
2751 if (l2_offset & (s->cluster_size - 1)) {
2752 fprintf(stderr, "ERROR l2_offset=%" PRIx64 ": Table is not "
2753 "cluster aligned; L1 entry corrupted\n", l2_offset);
2757 /* Process and check L2 entries */
2758 ret = check_refcounts_l2(bs, refcount_table, refcount_table_size,
2759 l2_offset, check_copied);
2766 qemu_free(l1_table);
2770 fprintf(stderr, "ERROR: I/O error in check_refcounts_l1\n");
2771 qemu_free(l1_table);
2776 * Checks an image for refcount consistency.
2778 * Returns 0 if no errors are found, the number of errors in case the image is
2779 * detected as corrupted, and -errno when an internal error occured.
2781 static int check_refcounts(BlockDriverState *bs)
2783 BDRVQcowState *s = bs->opaque;
2785 int nb_clusters, refcount1, refcount2, i;
2787 uint16_t *refcount_table;
2788 int ret, errors = 0;
2790 size = bdrv_getlength(s->hd);
2791 nb_clusters = size_to_clusters(s, size);
2792 refcount_table = qemu_mallocz(nb_clusters * sizeof(uint16_t));
2795 errors += inc_refcounts(bs, refcount_table, nb_clusters,
2796 0, s->cluster_size);
2798 /* current L1 table */
2799 ret = check_refcounts_l1(bs, refcount_table, nb_clusters,
2800 s->l1_table_offset, s->l1_size, 1);
2807 for(i = 0; i < s->nb_snapshots; i++) {
2808 sn = s->snapshots + i;
2809 check_refcounts_l1(bs, refcount_table, nb_clusters,
2810 sn->l1_table_offset, sn->l1_size, 0);
2812 errors += inc_refcounts(bs, refcount_table, nb_clusters,
2813 s->snapshots_offset, s->snapshots_size);
2816 errors += inc_refcounts(bs, refcount_table, nb_clusters,
2817 s->refcount_table_offset,
2818 s->refcount_table_size * sizeof(uint64_t));
2819 for(i = 0; i < s->refcount_table_size; i++) {
2821 offset = s->refcount_table[i];
2823 errors += inc_refcounts(bs, refcount_table, nb_clusters,
2824 offset, s->cluster_size);
2828 /* compare ref counts */
2829 for(i = 0; i < nb_clusters; i++) {
2830 refcount1 = get_refcount(bs, i);
2831 refcount2 = refcount_table[i];
2832 if (refcount1 != refcount2) {
2833 fprintf(stderr, "ERROR cluster %d refcount=%d reference=%d\n",
2834 i, refcount1, refcount2);
2839 qemu_free(refcount_table);
2844 static int qcow_check(BlockDriverState *bs)
2846 return check_refcounts(bs);
2850 static void dump_refcounts(BlockDriverState *bs)
2852 BDRVQcowState *s = bs->opaque;
2853 int64_t nb_clusters, k, k1, size;
2856 size = bdrv_getlength(s->hd);
2857 nb_clusters = size_to_clusters(s, size);
2858 for(k = 0; k < nb_clusters;) {
2860 refcount = get_refcount(bs, k);
2862 while (k < nb_clusters && get_refcount(bs, k) == refcount)
2864 printf("%lld: refcount=%d nb=%lld\n", k, refcount, k - k1);
2869 static int qcow_put_buffer(BlockDriverState *bs, const uint8_t *buf,
2870 int64_t pos, int size)
2872 int growable = bs->growable;
2875 bdrv_pwrite(bs, pos, buf, size);
2876 bs->growable = growable;
2881 static int qcow_get_buffer(BlockDriverState *bs, uint8_t *buf,
2882 int64_t pos, int size)
2884 int growable = bs->growable;
2888 ret = bdrv_pread(bs, pos, buf, size);
2889 bs->growable = growable;
2894 BlockDriver bdrv_qcow2 = {
2895 .format_name = "qcow2",
2896 .instance_size = sizeof(BDRVQcowState),
2897 .bdrv_probe = qcow_probe,
2898 .bdrv_open = qcow_open,
2899 .bdrv_close = qcow_close,
2900 .bdrv_create = qcow_create,
2901 .bdrv_flush = qcow_flush,
2902 .bdrv_is_allocated = qcow_is_allocated,
2903 .bdrv_set_key = qcow_set_key,
2904 .bdrv_make_empty = qcow_make_empty,
2906 .bdrv_aio_readv = qcow_aio_readv,
2907 .bdrv_aio_writev = qcow_aio_writev,
2908 .bdrv_aio_cancel = qcow_aio_cancel,
2909 .aiocb_size = sizeof(QCowAIOCB),
2910 .bdrv_write_compressed = qcow_write_compressed,
2912 .bdrv_snapshot_create = qcow_snapshot_create,
2913 .bdrv_snapshot_goto = qcow_snapshot_goto,
2914 .bdrv_snapshot_delete = qcow_snapshot_delete,
2915 .bdrv_snapshot_list = qcow_snapshot_list,
2916 .bdrv_get_info = qcow_get_info,
2918 .bdrv_put_buffer = qcow_put_buffer,
2919 .bdrv_get_buffer = qcow_get_buffer,
2921 .bdrv_create2 = qcow_create2,
2922 .bdrv_check = qcow_check,
projects / qemu / blob