LXR qemu/block/qcow2-snapshot.c

   1/*
   2 * Block driver for the QCOW version 2 format
   3 *
   4 * Copyright (c) 2004-2006 Fabrice Bellard
   5 *
   6 * Permission is hereby granted, free of charge, to any person obtaining a copy
   7 * of this software and associated documentation files (the "Software"), to deal
   8 * in the Software without restriction, including without limitation the rights
   9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  10 * copies of the Software, and to permit persons to whom the Software is
  11 * furnished to do so, subject to the following conditions:
  12 *
  13 * The above copyright notice and this permission notice shall be included in
  14 * all copies or substantial portions of the Software.
  15 *
  16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
  19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  22 * THE SOFTWARE.
  23 */
  24
  25#include "qemu/osdep.h"
  26#include "qapi/error.h"
  27#include "qcow2.h"
  28#include "qemu/bswap.h"
  29#include "qemu/error-report.h"
  30#include "qemu/cutils.h"
  31
  32static void qcow2_free_single_snapshot(BlockDriverState *bs, int i)
  33{
  34    BDRVQcow2State *s = bs->opaque;
  35
  36    assert(i >= 0 && i < s->nb_snapshots);
  37    g_free(s->snapshots[i].name);
  38    g_free(s->snapshots[i].id_str);
  39    g_free(s->snapshots[i].unknown_extra_data);
  40    memset(&s->snapshots[i], 0, sizeof(s->snapshots[i]));
  41}
  42
  43void qcow2_free_snapshots(BlockDriverState *bs)
  44{
  45    BDRVQcow2State *s = bs->opaque;
  46    int i;
  47
  48    for(i = 0; i < s->nb_snapshots; i++) {
  49        qcow2_free_single_snapshot(bs, i);
  50    }
  51    g_free(s->snapshots);
  52    s->snapshots = NULL;
  53    s->nb_snapshots = 0;
  54}
  55
  56/*
  57 * If @repair is true, try to repair a broken snapshot table instead
  58 * of just returning an error:
  59 *
  60 * - If the snapshot table was too long, set *nb_clusters_reduced to
  61 *   the number of snapshots removed off the end.
  62 *   The caller will update the on-disk nb_snapshots accordingly;
  63 *   this leaks clusters, but is safe.
  64 *   (The on-disk information must be updated before
  65 *   qcow2_check_refcounts(), because that function relies on
  66 *   s->nb_snapshots to reflect the on-disk value.)
  67 *
  68 * - If there were snapshots with too much extra metadata, increment
  69 *   *extra_data_dropped for each.
  70 *   This requires the caller to eventually rewrite the whole snapshot
  71 *   table, which requires cluster allocation.  Therefore, this should
  72 *   be done only after qcow2_check_refcounts() made sure the refcount
  73 *   structures are valid.
  74 *   (In the meantime, the image is still valid because
  75 *   qcow2_check_refcounts() does not do anything with snapshots'
  76 *   extra data.)
  77 */
  78static int qcow2_do_read_snapshots(BlockDriverState *bs, bool repair,
  79                                   int *nb_clusters_reduced,
  80                                   int *extra_data_dropped,
  81                                   Error **errp)
  82{
  83    BDRVQcow2State *s = bs->opaque;
  84    QCowSnapshotHeader h;
  85    QCowSnapshotExtraData extra;
  86    QCowSnapshot *sn;
  87    int i, id_str_size, name_size;
  88    int64_t offset, pre_sn_offset;
  89    uint64_t table_length = 0;
  90    int ret;
  91
  92    if (!s->nb_snapshots) {
  93        s->snapshots = NULL;
  94        s->snapshots_size = 0;
  95        return 0;
  96    }
  97
  98    offset = s->snapshots_offset;
  99    s->snapshots = g_new0(QCowSnapshot, s->nb_snapshots);
 100
 101    for(i = 0; i < s->nb_snapshots; i++) {
 102        bool truncate_unknown_extra_data = false;
 103
 104        pre_sn_offset = offset;
 105        table_length = ROUND_UP(table_length, 8);
 106
 107        /* Read statically sized part of the snapshot header */
 108        offset = ROUND_UP(offset, 8);
 109        ret = bdrv_pread(bs->file, offset, &h, sizeof(h));
 110        if (ret < 0) {
 111            error_setg_errno(errp, -ret, "Failed to read snapshot table");
 112            goto fail;
 113        }
 114
 115        offset += sizeof(h);
 116        sn = s->snapshots + i;
 117        sn->l1_table_offset = be64_to_cpu(h.l1_table_offset);
 118        sn->l1_size = be32_to_cpu(h.l1_size);
 119        sn->vm_state_size = be32_to_cpu(h.vm_state_size);
 120        sn->date_sec = be32_to_cpu(h.date_sec);
 121        sn->date_nsec = be32_to_cpu(h.date_nsec);
 122        sn->vm_clock_nsec = be64_to_cpu(h.vm_clock_nsec);
 123        sn->extra_data_size = be32_to_cpu(h.extra_data_size);
 124
 125        id_str_size = be16_to_cpu(h.id_str_size);
 126        name_size = be16_to_cpu(h.name_size);
 127
 128        if (sn->extra_data_size > QCOW_MAX_SNAPSHOT_EXTRA_DATA) {
 129            if (!repair) {
 130                ret = -EFBIG;
 131                error_setg(errp, "Too much extra metadata in snapshot table "
 132                           "entry %i", i);
 133                error_append_hint(errp, "You can force-remove this extra "
 134                                  "metadata with qemu-img check -r all\n");
 135                goto fail;
 136            }
 137
 138            fprintf(stderr, "Discarding too much extra metadata in snapshot "
 139                    "table entry %i (%" PRIu32 " > %u)\n",
 140                    i, sn->extra_data_size, QCOW_MAX_SNAPSHOT_EXTRA_DATA);
 141
 142            (*extra_data_dropped)++;
 143            truncate_unknown_extra_data = true;
 144        }
 145
 146        /* Read known extra data */
 147        ret = bdrv_pread(bs->file, offset, &extra,
 148                         MIN(sizeof(extra), sn->extra_data_size));
 149        if (ret < 0) {
 150            error_setg_errno(errp, -ret, "Failed to read snapshot table");
 151            goto fail;
 152        }
 153        offset += MIN(sizeof(extra), sn->extra_data_size);
 154
 155        if (sn->extra_data_size >= endof(QCowSnapshotExtraData,
 156                                         vm_state_size_large)) {
 157            sn->vm_state_size = be64_to_cpu(extra.vm_state_size_large);
 158        }
 159
 160        if (sn->extra_data_size >= endof(QCowSnapshotExtraData, disk_size)) {
 161            sn->disk_size = be64_to_cpu(extra.disk_size);
 162        } else {
 163            sn->disk_size = bs->total_sectors * BDRV_SECTOR_SIZE;
 164        }
 165
 166        if (sn->extra_data_size > sizeof(extra)) {
 167            uint64_t extra_data_end;
 168            size_t unknown_extra_data_size;
 169
 170            extra_data_end = offset + sn->extra_data_size - sizeof(extra);
 171
 172            if (truncate_unknown_extra_data) {
 173                sn->extra_data_size = QCOW_MAX_SNAPSHOT_EXTRA_DATA;
 174            }
 175
 176            /* Store unknown extra data */
 177            unknown_extra_data_size = sn->extra_data_size - sizeof(extra);
 178            sn->unknown_extra_data = g_malloc(unknown_extra_data_size);
 179            ret = bdrv_pread(bs->file, offset, sn->unknown_extra_data,
 180                             unknown_extra_data_size);
 181            if (ret < 0) {
 182                error_setg_errno(errp, -ret,
 183                                 "Failed to read snapshot table");
 184                goto fail;
 185            }
 186            offset = extra_data_end;
 187        }
 188
 189        /* Read snapshot ID */
 190        sn->id_str = g_malloc(id_str_size + 1);
 191        ret = bdrv_pread(bs->file, offset, sn->id_str, id_str_size);
 192        if (ret < 0) {
 193            error_setg_errno(errp, -ret, "Failed to read snapshot table");
 194            goto fail;
 195        }
 196        offset += id_str_size;
 197        sn->id_str[id_str_size] = '\0';
 198
 199        /* Read snapshot name */
 200        sn->name = g_malloc(name_size + 1);
 201        ret = bdrv_pread(bs->file, offset, sn->name, name_size);
 202        if (ret < 0) {
 203            error_setg_errno(errp, -ret, "Failed to read snapshot table");
 204            goto fail;
 205        }
 206        offset += name_size;
 207        sn->name[name_size] = '\0';
 208
 209        /* Note that the extra data may have been truncated */
 210        table_length += sizeof(h) + sn->extra_data_size + id_str_size +
 211                        name_size;
 212        if (!repair) {
 213            assert(table_length == offset - s->snapshots_offset);
 214        }
 215
 216        if (table_length > QCOW_MAX_SNAPSHOTS_SIZE ||
 217            offset - s->snapshots_offset > INT_MAX)
 218        {
 219            if (!repair) {
 220                ret = -EFBIG;
 221                error_setg(errp, "Snapshot table is too big");
 222                error_append_hint(errp, "You can force-remove all %u "
 223                                  "overhanging snapshots with qemu-img check "
 224                                  "-r all\n", s->nb_snapshots - i);
 225                goto fail;
 226            }
 227
 228            fprintf(stderr, "Discarding %u overhanging snapshots (snapshot "
 229                    "table is too big)\n", s->nb_snapshots - i);
 230
 231            *nb_clusters_reduced += (s->nb_snapshots - i);
 232
 233            /* Discard current snapshot also */
 234            qcow2_free_single_snapshot(bs, i);
 235
 236            /*
 237             * This leaks all the rest of the snapshot table and the
 238             * snapshots' clusters, but we run in check -r all mode,
 239             * so qcow2_check_refcounts() will take care of it.
 240             */
 241            s->nb_snapshots = i;
 242            offset = pre_sn_offset;
 243            break;
 244        }
 245    }
 246
 247    assert(offset - s->snapshots_offset <= INT_MAX);
 248    s->snapshots_size = offset - s->snapshots_offset;
 249    return 0;
 250
 251fail:
 252    qcow2_free_snapshots(bs);
 253    return ret;
 254}
 255
 256int qcow2_read_snapshots(BlockDriverState *bs, Error **errp)
 257{
 258    return qcow2_do_read_snapshots(bs, false, NULL, NULL, errp);
 259}
 260
 261/* add at the end of the file a new list of snapshots */
 262int qcow2_write_snapshots(BlockDriverState *bs)
 263{
 264    BDRVQcow2State *s = bs->opaque;
 265    QCowSnapshot *sn;
 266    QCowSnapshotHeader h;
 267    QCowSnapshotExtraData extra;
 268    int i, name_size, id_str_size, snapshots_size;
 269    struct {
 270        uint32_t nb_snapshots;
 271        uint64_t snapshots_offset;
 272    } QEMU_PACKED header_data;
 273    int64_t offset, snapshots_offset = 0;
 274    int ret;
 275
 276    /* compute the size of the snapshots */
 277    offset = 0;
 278    for(i = 0; i < s->nb_snapshots; i++) {
 279        sn = s->snapshots + i;
 280        offset = ROUND_UP(offset, 8);
 281        offset += sizeof(h);
 282        offset += MAX(sizeof(extra), sn->extra_data_size);
 283        offset += strlen(sn->id_str);
 284        offset += strlen(sn->name);
 285
 286        if (offset > QCOW_MAX_SNAPSHOTS_SIZE) {
 287            ret = -EFBIG;
 288            goto fail;
 289        }
 290    }
 291
 292    assert(offset <= INT_MAX);
 293    snapshots_size = offset;
 294
 295    /* Allocate space for the new snapshot list */
 296    snapshots_offset = qcow2_alloc_clusters(bs, snapshots_size);
 297    offset = snapshots_offset;
 298    if (offset < 0) {
 299        ret = offset;
 300        goto fail;
 301    }
 302    ret = bdrv_flush(bs);
 303    if (ret < 0) {
 304        goto fail;
 305    }
 306
 307    /* The snapshot list position has not yet been updated, so these clusters
 308     * must indeed be completely free */
 309    ret = qcow2_pre_write_overlap_check(bs, 0, offset, snapshots_size, false);
 310    if (ret < 0) {
 311        goto fail;
 312    }
 313
 314
 315    /* Write all snapshots to the new list */
 316    for(i = 0; i < s->nb_snapshots; i++) {
 317        sn = s->snapshots + i;
 318        memset(&h, 0, sizeof(h));
 319        h.l1_table_offset = cpu_to_be64(sn->l1_table_offset);
 320        h.l1_size = cpu_to_be32(sn->l1_size);
 321        /* If it doesn't fit in 32 bit, older implementations should treat it
 322         * as a disk-only snapshot rather than truncate the VM state */
 323        if (sn->vm_state_size <= 0xffffffff) {
 324            h.vm_state_size = cpu_to_be32(sn->vm_state_size);
 325        }
 326        h.date_sec = cpu_to_be32(sn->date_sec);
 327        h.date_nsec = cpu_to_be32(sn->date_nsec);
 328        h.vm_clock_nsec = cpu_to_be64(sn->vm_clock_nsec);
 329        h.extra_data_size = cpu_to_be32(MAX(sizeof(extra),
 330                                            sn->extra_data_size));
 331
 332        memset(&extra, 0, sizeof(extra));
 333        extra.vm_state_size_large = cpu_to_be64(sn->vm_state_size);
 334        extra.disk_size = cpu_to_be64(sn->disk_size);
 335
 336        id_str_size = strlen(sn->id_str);
 337        name_size = strlen(sn->name);
 338        assert(id_str_size <= UINT16_MAX && name_size <= UINT16_MAX);
 339        h.id_str_size = cpu_to_be16(id_str_size);
 340        h.name_size = cpu_to_be16(name_size);
 341        offset = ROUND_UP(offset, 8);
 342
 343        ret = bdrv_pwrite(bs->file, offset, &h, sizeof(h));
 344        if (ret < 0) {
 345            goto fail;
 346        }
 347        offset += sizeof(h);
 348
 349        ret = bdrv_pwrite(bs->file, offset, &extra, sizeof(extra));
 350        if (ret < 0) {
 351            goto fail;
 352        }
 353        offset += sizeof(extra);
 354
 355        if (sn->extra_data_size > sizeof(extra)) {
 356            size_t unknown_extra_data_size =
 357                sn->extra_data_size - sizeof(extra);
 358
 359            /* qcow2_read_snapshots() ensures no unbounded allocation */
 360            assert(unknown_extra_data_size <= BDRV_REQUEST_MAX_BYTES);
 361            assert(sn->unknown_extra_data);
 362
 363            ret = bdrv_pwrite(bs->file, offset, sn->unknown_extra_data,
 364                              unknown_extra_data_size);
 365            if (ret < 0) {
 366                goto fail;
 367            }
 368            offset += unknown_extra_data_size;
 369        }
 370
 371        ret = bdrv_pwrite(bs->file, offset, sn->id_str, id_str_size);
 372        if (ret < 0) {
 373            goto fail;
 374        }
 375        offset += id_str_size;
 376
 377        ret = bdrv_pwrite(bs->file, offset, sn->name, name_size);
 378        if (ret < 0) {
 379            goto fail;
 380        }
 381        offset += name_size;
 382    }
 383
 384    /*
 385     * Update the header to point to the new snapshot table. This requires the
 386     * new table and its refcounts to be stable on disk.
 387     */
 388    ret = bdrv_flush(bs);
 389    if (ret < 0) {
 390        goto fail;
 391    }
 392
 393    QEMU_BUILD_BUG_ON(offsetof(QCowHeader, snapshots_offset) !=
 394                      endof(QCowHeader, nb_snapshots));
 395
 396    header_data.nb_snapshots        = cpu_to_be32(s->nb_snapshots);
 397    header_data.snapshots_offset    = cpu_to_be64(snapshots_offset);
 398
 399    ret = bdrv_pwrite_sync(bs->file, offsetof(QCowHeader, nb_snapshots),
 400                           &header_data, sizeof(header_data));
 401    if (ret < 0) {
 402        goto fail;
 403    }
 404
 405    /* free the old snapshot table */
 406    qcow2_free_clusters(bs, s->snapshots_offset, s->snapshots_size,
 407                        QCOW2_DISCARD_SNAPSHOT);
 408    s->snapshots_offset = snapshots_offset;
 409    s->snapshots_size = snapshots_size;
 410    return 0;
 411
 412fail:
 413    if (snapshots_offset > 0) {
 414        qcow2_free_clusters(bs, snapshots_offset, snapshots_size,
 415                            QCOW2_DISCARD_ALWAYS);
 416    }
 417    return ret;
 418}
 419
 420int coroutine_fn qcow2_check_read_snapshot_table(BlockDriverState *bs,
 421                                                 BdrvCheckResult *result,
 422                                                 BdrvCheckMode fix)
 423{
 424    BDRVQcow2State *s = bs->opaque;
 425    Error *local_err = NULL;
 426    int nb_clusters_reduced = 0;
 427    int extra_data_dropped = 0;
 428    int ret;
 429    struct {
 430        uint32_t nb_snapshots;
 431        uint64_t snapshots_offset;
 432    } QEMU_PACKED snapshot_table_pointer;
 433
 434    /* qcow2_do_open() discards this information in check mode */
 435    ret = bdrv_pread(bs->file, offsetof(QCowHeader, nb_snapshots),
 436                     &snapshot_table_pointer, sizeof(snapshot_table_pointer));
 437    if (ret < 0) {
 438        result->check_errors++;
 439        fprintf(stderr, "ERROR failed to read the snapshot table pointer from "
 440                "the image header: %s\n", strerror(-ret));
 441        return ret;
 442    }
 443
 444    s->snapshots_offset = be64_to_cpu(snapshot_table_pointer.snapshots_offset);
 445    s->nb_snapshots = be32_to_cpu(snapshot_table_pointer.nb_snapshots);
 446
 447    if (s->nb_snapshots > QCOW_MAX_SNAPSHOTS && (fix & BDRV_FIX_ERRORS)) {
 448        fprintf(stderr, "Discarding %u overhanging snapshots\n",
 449                s->nb_snapshots - QCOW_MAX_SNAPSHOTS);
 450
 451        nb_clusters_reduced += s->nb_snapshots - QCOW_MAX_SNAPSHOTS;
 452        s->nb_snapshots = QCOW_MAX_SNAPSHOTS;
 453    }
 454
 455    ret = qcow2_validate_table(bs, s->snapshots_offset, s->nb_snapshots,
 456                               sizeof(QCowSnapshotHeader),
 457                               sizeof(QCowSnapshotHeader) * QCOW_MAX_SNAPSHOTS,
 458                               "snapshot table", &local_err);
 459    if (ret < 0) {
 460        result->check_errors++;
 461        error_reportf_err(local_err, "ERROR ");
 462
 463        if (s->nb_snapshots > QCOW_MAX_SNAPSHOTS) {
 464            fprintf(stderr, "You can force-remove all %u overhanging snapshots "
 465                    "with qemu-img check -r all\n",
 466                    s->nb_snapshots - QCOW_MAX_SNAPSHOTS);
 467        }
 468
 469        /* We did not read the snapshot table, so invalidate this information */
 470        s->snapshots_offset = 0;
 471        s->nb_snapshots = 0;
 472
 473        return ret;
 474    }
 475
 476    qemu_co_mutex_unlock(&s->lock);
 477    ret = qcow2_do_read_snapshots(bs, fix & BDRV_FIX_ERRORS,
 478                                  &nb_clusters_reduced, &extra_data_dropped,
 479                                  &local_err);
 480    qemu_co_mutex_lock(&s->lock);
 481    if (ret < 0) {
 482        result->check_errors++;
 483        error_reportf_err(local_err,
 484                          "ERROR failed to read the snapshot table: ");
 485
 486        /* We did not read the snapshot table, so invalidate this information */
 487        s->snapshots_offset = 0;
 488        s->nb_snapshots = 0;
 489
 490        return ret;
 491    }
 492    result->corruptions += nb_clusters_reduced + extra_data_dropped;
 493
 494    if (nb_clusters_reduced) {
 495        /*
 496         * Update image header now, because:
 497         * (1) qcow2_check_refcounts() relies on s->nb_snapshots to be
 498         *     the same as what the image header says,
 499         * (2) this leaks clusters, but qcow2_check_refcounts() will
 500         *     fix that.
 501         */
 502        assert(fix & BDRV_FIX_ERRORS);
 503
 504        snapshot_table_pointer.nb_snapshots = cpu_to_be32(s->nb_snapshots);
 505        ret = bdrv_pwrite_sync(bs->file, offsetof(QCowHeader, nb_snapshots),
 506                               &snapshot_table_pointer.nb_snapshots,
 507                               sizeof(snapshot_table_pointer.nb_snapshots));
 508        if (ret < 0) {
 509            result->check_errors++;
 510            fprintf(stderr, "ERROR failed to update the snapshot count in the "
 511                    "image header: %s\n", strerror(-ret));
 512            return ret;
 513        }
 514
 515        result->corruptions_fixed += nb_clusters_reduced;
 516        result->corruptions -= nb_clusters_reduced;
 517    }
 518
 519    /*
 520     * All of v3 images' snapshot table entries need to have at least
 521     * 16 bytes of extra data.
 522     */
 523    if (s->qcow_version >= 3) {
 524        int i;
 525        for (i = 0; i < s->nb_snapshots; i++) {
 526            if (s->snapshots[i].extra_data_size <
 527                sizeof_field(QCowSnapshotExtraData, vm_state_size_large) +
 528                sizeof_field(QCowSnapshotExtraData, disk_size))
 529            {
 530                result->corruptions++;
 531                fprintf(stderr, "%s snapshot table entry %i is incomplete\n",
 532                        fix & BDRV_FIX_ERRORS ? "Repairing" : "ERROR", i);
 533            }
 534        }
 535    }
 536
 537    return 0;
 538}
 539
 540int coroutine_fn qcow2_check_fix_snapshot_table(BlockDriverState *bs,
 541                                                BdrvCheckResult *result,
 542                                                BdrvCheckMode fix)
 543{
 544    BDRVQcow2State *s = bs->opaque;
 545    int ret;
 546
 547    if (result->corruptions && (fix & BDRV_FIX_ERRORS)) {
 548        qemu_co_mutex_unlock(&s->lock);
 549        ret = qcow2_write_snapshots(bs);
 550        qemu_co_mutex_lock(&s->lock);
 551        if (ret < 0) {
 552            result->check_errors++;
 553            fprintf(stderr, "ERROR failed to update snapshot table: %s\n",
 554                    strerror(-ret));
 555            return ret;
 556        }
 557
 558        result->corruptions_fixed += result->corruptions;
 559        result->corruptions = 0;
 560    }
 561
 562    return 0;
 563}
 564
 565static void find_new_snapshot_id(BlockDriverState *bs,
 566                                 char *id_str, int id_str_size)
 567{
 568    BDRVQcow2State *s = bs->opaque;
 569    QCowSnapshot *sn;
 570    int i;
 571    unsigned long id, id_max = 0;
 572
 573    for(i = 0; i < s->nb_snapshots; i++) {
 574        sn = s->snapshots + i;
 575        id = strtoul(sn->id_str, NULL, 10);
 576        if (id > id_max)
 577            id_max = id;
 578    }
 579    snprintf(id_str, id_str_size, "%lu", id_max + 1);
 580}
 581
 582static int find_snapshot_by_id_and_name(BlockDriverState *bs,
 583                                        const char *id,
 584                                        const char *name)
 585{
 586    BDRVQcow2State *s = bs->opaque;
 587    int i;
 588
 589    if (id && name) {
 590        for (i = 0; i < s->nb_snapshots; i++) {
 591            if (!strcmp(s->snapshots[i].id_str, id) &&
 592                !strcmp(s->snapshots[i].name, name)) {
 593                return i;
 594            }
 595        }
 596    } else if (id) {
 597        for (i = 0; i < s->nb_snapshots; i++) {
 598            if (!strcmp(s->snapshots[i].id_str, id)) {
 599                return i;
 600            }
 601        }
 602    } else if (name) {
 603        for (i = 0; i < s->nb_snapshots; i++) {
 604            if (!strcmp(s->snapshots[i].name, name)) {
 605                return i;
 606            }
 607        }
 608    }
 609
 610    return -1;
 611}
 612
 613static int find_snapshot_by_id_or_name(BlockDriverState *bs,
 614                                       const char *id_or_name)
 615{
 616    int ret;
 617
 618    ret = find_snapshot_by_id_and_name(bs, id_or_name, NULL);
 619    if (ret >= 0) {
 620        return ret;
 621    }
 622    return find_snapshot_by_id_and_name(bs, NULL, id_or_name);
 623}
 624
 625/* if no id is provided, a new one is constructed */
 626int qcow2_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info)
 627{
 628    BDRVQcow2State *s = bs->opaque;
 629    QCowSnapshot *new_snapshot_list = NULL;
 630    QCowSnapshot *old_snapshot_list = NULL;
 631    QCowSnapshot sn1, *sn = &sn1;
 632    int i, ret;
 633    uint64_t *l1_table = NULL;
 634    int64_t l1_table_offset;
 635
 636    if (s->nb_snapshots >= QCOW_MAX_SNAPSHOTS) {
 637        return -EFBIG;
 638    }
 639
 640    if (has_data_file(bs)) {
 641        return -ENOTSUP;
 642    }
 643
 644    memset(sn, 0, sizeof(*sn));
 645
 646    /* Generate an ID */
 647    find_new_snapshot_id(bs, sn_info->id_str, sizeof(sn_info->id_str));
 648
 649    /* Populate sn with passed data */
 650    sn->id_str = g_strdup(sn_info->id_str);
 651    sn->name = g_strdup(sn_info->name);
 652
 653    sn->disk_size = bs->total_sectors * BDRV_SECTOR_SIZE;
 654    sn->vm_state_size = sn_info->vm_state_size;
 655    sn->date_sec = sn_info->date_sec;
 656    sn->date_nsec = sn_info->date_nsec;
 657    sn->vm_clock_nsec = sn_info->vm_clock_nsec;
 658    sn->extra_data_size = sizeof(QCowSnapshotExtraData);
 659
 660    /* Allocate the L1 table of the snapshot and copy the current one there. */
 661    l1_table_offset = qcow2_alloc_clusters(bs, s->l1_size * sizeof(uint64_t));
 662    if (l1_table_offset < 0) {
 663        ret = l1_table_offset;
 664        goto fail;
 665    }
 666
 667    sn->l1_table_offset = l1_table_offset;
 668    sn->l1_size = s->l1_size;
 669
 670    l1_table = g_try_new(uint64_t, s->l1_size);
 671    if (s->l1_size && l1_table == NULL) {
 672        ret = -ENOMEM;
 673        goto fail;
 674    }
 675
 676    for(i = 0; i < s->l1_size; i++) {
 677        l1_table[i] = cpu_to_be64(s->l1_table[i]);
 678    }
 679
 680    ret = qcow2_pre_write_overlap_check(bs, 0, sn->l1_table_offset,
 681                                        s->l1_size * sizeof(uint64_t), false);
 682    if (ret < 0) {
 683        goto fail;
 684    }
 685
 686    ret = bdrv_pwrite(bs->file, sn->l1_table_offset, l1_table,
 687                      s->l1_size * sizeof(uint64_t));
 688    if (ret < 0) {
 689        goto fail;
 690    }
 691
 692    g_free(l1_table);
 693    l1_table = NULL;
 694
 695    /*
 696     * Increase the refcounts of all clusters and make sure everything is
 697     * stable on disk before updating the snapshot table to contain a pointer
 698     * to the new L1 table.
 699     */
 700    ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 1);
 701    if (ret < 0) {
 702        goto fail;
 703    }
 704
 705    /* Append the new snapshot to the snapshot list */
 706    new_snapshot_list = g_new(QCowSnapshot, s->nb_snapshots + 1);
 707    if (s->snapshots) {
 708        memcpy(new_snapshot_list, s->snapshots,
 709               s->nb_snapshots * sizeof(QCowSnapshot));
 710        old_snapshot_list = s->snapshots;
 711    }
 712    s->snapshots = new_snapshot_list;
 713    s->snapshots[s->nb_snapshots++] = *sn;
 714
 715    ret = qcow2_write_snapshots(bs);
 716    if (ret < 0) {
 717        g_free(s->snapshots);
 718        s->snapshots = old_snapshot_list;
 719        s->nb_snapshots--;
 720        goto fail;
 721    }
 722
 723    g_free(old_snapshot_list);
 724
 725    /* The VM state isn't needed any more in the active L1 table; in fact, it
 726     * hurts by causing expensive COW for the next snapshot. */
 727    qcow2_cluster_discard(bs, qcow2_vm_state_offset(s),
 728                          ROUND_UP(sn->vm_state_size, s->cluster_size),
 729                          QCOW2_DISCARD_NEVER, false);
 730
 731#ifdef DEBUG_ALLOC
 732    {
 733      BdrvCheckResult result = {0};
 734      qcow2_check_refcounts(bs, &result, 0);
 735    }
 736#endif
 737    return 0;
 738
 739fail:
 740    g_free(sn->id_str);
 741    g_free(sn->name);
 742    g_free(l1_table);
 743
 744    return ret;
 745}
 746
 747/* copy the snapshot 'snapshot_name' into the current disk image */
 748int qcow2_snapshot_goto(BlockDriverState *bs, const char *snapshot_id)
 749{
 750    BDRVQcow2State *s = bs->opaque;
 751    QCowSnapshot *sn;
 752    Error *local_err = NULL;
 753    int i, snapshot_index;
 754    int cur_l1_bytes, sn_l1_bytes;
 755    int ret;
 756    uint64_t *sn_l1_table = NULL;
 757
 758    if (has_data_file(bs)) {
 759        return -ENOTSUP;
 760    }
 761
 762    /* Search the snapshot */
 763    snapshot_index = find_snapshot_by_id_or_name(bs, snapshot_id);
 764    if (snapshot_index < 0) {
 765        return -ENOENT;
 766    }
 767    sn = &s->snapshots[snapshot_index];
 768
 769    ret = qcow2_validate_table(bs, sn->l1_table_offset, sn->l1_size,
 770                               sizeof(uint64_t), QCOW_MAX_L1_SIZE,
 771                               "Snapshot L1 table", &local_err);
 772    if (ret < 0) {
 773        error_report_err(local_err);
 774        goto fail;
 775    }
 776
 777    if (sn->disk_size != bs->total_sectors * BDRV_SECTOR_SIZE) {
 778        error_report("qcow2: Loading snapshots with different disk "
 779            "size is not implemented");
 780        ret = -ENOTSUP;
 781        goto fail;
 782    }
 783
 784    /*
 785     * Make sure that the current L1 table is big enough to contain the whole
 786     * L1 table of the snapshot. If the snapshot L1 table is smaller, the
 787     * current one must be padded with zeros.
 788     */
 789    ret = qcow2_grow_l1_table(bs, sn->l1_size, true);
 790    if (ret < 0) {
 791        goto fail;
 792    }
 793
 794    cur_l1_bytes = s->l1_size * sizeof(uint64_t);
 795    sn_l1_bytes = sn->l1_size * sizeof(uint64_t);
 796
 797    /*
 798     * Copy the snapshot L1 table to the current L1 table.
 799     *
 800     * Before overwriting the old current L1 table on disk, make sure to
 801     * increase all refcounts for the clusters referenced by the new one.
 802     * Decrease the refcount referenced by the old one only when the L1
 803     * table is overwritten.
 804     */
 805    sn_l1_table = g_try_malloc0(cur_l1_bytes);
 806    if (cur_l1_bytes && sn_l1_table == NULL) {
 807        ret = -ENOMEM;
 808        goto fail;
 809    }
 810
 811    ret = bdrv_pread(bs->file, sn->l1_table_offset,
 812                     sn_l1_table, sn_l1_bytes);
 813    if (ret < 0) {
 814        goto fail;
 815    }
 816
 817    ret = qcow2_update_snapshot_refcount(bs, sn->l1_table_offset,
 818                                         sn->l1_size, 1);
 819    if (ret < 0) {
 820        goto fail;
 821    }
 822
 823    ret = qcow2_pre_write_overlap_check(bs, QCOW2_OL_ACTIVE_L1,
 824                                        s->l1_table_offset, cur_l1_bytes,
 825                                        false);
 826    if (ret < 0) {
 827        goto fail;
 828    }
 829
 830    ret = bdrv_pwrite_sync(bs->file, s->l1_table_offset, sn_l1_table,
 831                           cur_l1_bytes);
 832    if (ret < 0) {
 833        goto fail;
 834    }
 835
 836    /*
 837     * Decrease refcount of clusters of current L1 table.
 838     *
 839     * At this point, the in-memory s->l1_table points to the old L1 table,
 840     * whereas on disk we already have the new one.
 841     *
 842     * qcow2_update_snapshot_refcount special cases the current L1 table to use
 843     * the in-memory data instead of really using the offset to load a new one,
 844     * which is why this works.
 845     */
 846    ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset,
 847                                         s->l1_size, -1);
 848
 849    /*
 850     * Now update the in-memory L1 table to be in sync with the on-disk one. We
 851     * need to do this even if updating refcounts failed.
 852     */
 853    for(i = 0;i < s->l1_size; i++) {
 854        s->l1_table[i] = be64_to_cpu(sn_l1_table[i]);
 855    }
 856
 857    if (ret < 0) {
 858        goto fail;
 859    }
 860
 861    g_free(sn_l1_table);
 862    sn_l1_table = NULL;
 863
 864    /*
 865     * Update QCOW_OFLAG_COPIED in the active L1 table (it may have changed
 866     * when we decreased the refcount of the old snapshot.
 867     */
 868    ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 0);
 869    if (ret < 0) {
 870        goto fail;
 871    }
 872
 873#ifdef DEBUG_ALLOC
 874    {
 875        BdrvCheckResult result = {0};
 876        qcow2_check_refcounts(bs, &result, 0);
 877    }
 878#endif
 879    return 0;
 880
 881fail:
 882    g_free(sn_l1_table);
 883    return ret;
 884}
 885
 886int qcow2_snapshot_delete(BlockDriverState *bs,
 887                          const char *snapshot_id,
 888                          const char *name,
 889                          Error **errp)
 890{
 891    BDRVQcow2State *s = bs->opaque;
 892    QCowSnapshot sn;
 893    int snapshot_index, ret;
 894
 895    if (has_data_file(bs)) {
 896        return -ENOTSUP;
 897    }
 898
 899    /* Search the snapshot */
 900    snapshot_index = find_snapshot_by_id_and_name(bs, snapshot_id, name);
 901    if (snapshot_index < 0) {
 902        error_setg(errp, "Can't find the snapshot");
 903        return -ENOENT;
 904    }
 905    sn = s->snapshots[snapshot_index];
 906
 907    ret = qcow2_validate_table(bs, sn.l1_table_offset, sn.l1_size,
 908                               sizeof(uint64_t), QCOW_MAX_L1_SIZE,
 909                               "Snapshot L1 table", errp);
 910    if (ret < 0) {
 911        return ret;
 912    }
 913
 914    /* Remove it from the snapshot list */
 915    memmove(s->snapshots + snapshot_index,
 916            s->snapshots + snapshot_index + 1,
 917            (s->nb_snapshots - snapshot_index - 1) * sizeof(sn));
 918    s->nb_snapshots--;
 919    ret = qcow2_write_snapshots(bs);
 920    if (ret < 0) {
 921        error_setg_errno(errp, -ret,
 922                         "Failed to remove snapshot from snapshot list");
 923        return ret;
 924    }
 925
 926    /*
 927     * The snapshot is now unused, clean up. If we fail after this point, we
 928     * won't recover but just leak clusters.
 929     */
 930    g_free(sn.unknown_extra_data);
 931    g_free(sn.id_str);
 932    g_free(sn.name);
 933
 934    /*
 935     * Now decrease the refcounts of clusters referenced by the snapshot and
 936     * free the L1 table.
 937     */
 938    ret = qcow2_update_snapshot_refcount(bs, sn.l1_table_offset,
 939                                         sn.l1_size, -1);
 940    if (ret < 0) {
 941        error_setg_errno(errp, -ret, "Failed to free the cluster and L1 table");
 942        return ret;
 943    }
 944    qcow2_free_clusters(bs, sn.l1_table_offset, sn.l1_size * sizeof(uint64_t),
 945                        QCOW2_DISCARD_SNAPSHOT);
 946
 947    /* must update the copied flag on the current cluster offsets */
 948    ret = qcow2_update_snapshot_refcount(bs, s->l1_table_offset, s->l1_size, 0);
 949    if (ret < 0) {
 950        error_setg_errno(errp, -ret,
 951                         "Failed to update snapshot status in disk");
 952        return ret;
 953    }
 954
 955#ifdef DEBUG_ALLOC
 956    {
 957        BdrvCheckResult result = {0};
 958        qcow2_check_refcounts(bs, &result, 0);
 959    }
 960#endif
 961    return 0;
 962}
 963
 964int qcow2_snapshot_list(BlockDriverState *bs, QEMUSnapshotInfo **psn_tab)
 965{
 966    BDRVQcow2State *s = bs->opaque;
 967    QEMUSnapshotInfo *sn_tab, *sn_info;
 968    QCowSnapshot *sn;
 969    int i;
 970
 971    if (has_data_file(bs)) {
 972        return -ENOTSUP;
 973    }
 974    if (!s->nb_snapshots) {
 975        *psn_tab = NULL;
 976        return s->nb_snapshots;
 977    }
 978
 979    sn_tab = g_new0(QEMUSnapshotInfo, s->nb_snapshots);
 980    for(i = 0; i < s->nb_snapshots; i++) {
 981        sn_info = sn_tab + i;
 982        sn = s->snapshots + i;
 983        pstrcpy(sn_info->id_str, sizeof(sn_info->id_str),
 984                sn->id_str);
 985        pstrcpy(sn_info->name, sizeof(sn_info->name),
 986                sn->name);
 987        sn_info->vm_state_size = sn->vm_state_size;
 988        sn_info->date_sec = sn->date_sec;
 989        sn_info->date_nsec = sn->date_nsec;
 990        sn_info->vm_clock_nsec = sn->vm_clock_nsec;
 991    }
 992    *psn_tab = sn_tab;
 993    return s->nb_snapshots;
 994}
 995
 996int qcow2_snapshot_load_tmp(BlockDriverState *bs,
 997                            const char *snapshot_id,
 998                            const char *name,
 999                            Error **errp)
1000{

1001    int i, snapshot_index;
1002    BDRVQcow2State *s = bs->opaque;
1003    QCowSnapshot *sn;
1004    uint64_t *new_l1_table;
1005    int new_l1_bytes;
1006    int ret;
1007
1008    assert(bs->read_only);
1009
1010    /* Search the snapshot */
1011    snapshot_index = find_snapshot_by_id_and_name(bs, snapshot_id, name);
1012    if (snapshot_index < 0) {
1013        error_setg(errp,
1014                   "Can't find snapshot");
1015        return -ENOENT;
1016    }
1017    sn = &s->snapshots[snapshot_index];
1018
1019    /* Allocate and read in the snapshot's L1 table */
1020    ret = qcow2_validate_table(bs, sn->l1_table_offset, sn->l1_size,
1021                               sizeof(uint64_t), QCOW_MAX_L1_SIZE,
1022                               "Snapshot L1 table", errp);
1023    if (ret < 0) {
1024        return ret;
1025    }
1026    new_l1_bytes = sn->l1_size * sizeof(uint64_t);
1027    new_l1_table = qemu_try_blockalign(bs->file->bs,
1028                                       ROUND_UP(new_l1_bytes, 512));
1029    if (new_l1_table == NULL) {
1030        return -ENOMEM;
1031    }
1032
1033    ret = bdrv_pread(bs->file, sn->l1_table_offset,
1034                     new_l1_table, new_l1_bytes);
1035    if (ret < 0) {
1036        error_setg(errp, "Failed to read l1 table for snapshot");
1037        qemu_vfree(new_l1_table);
1038        return ret;
1039    }
1040
1041    /* Switch the L1 table */
1042    qemu_vfree(s->l1_table);
1043
1044    s->l1_size = sn->l1_size;
1045    s->l1_table_offset = sn->l1_table_offset;
1046    s->l1_table = new_l1_table;
1047
1048    for(i = 0;i < s->l1_size; i++) {
1049        be64_to_cpus(&s->l1_table[i]);
1050    }
1051
1052    return 0;
1053}
1054