summaryrefslogtreecommitdiffstats
path: root/blockdev.c
Commit message (Collapse)AuthorAgeFilesLines
* Do not delete BlockDriverState when deleting the driveRyan Harper2011-04-071-17/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When removing a drive from the host-side via drive_del we currently have the following path: drive_del qemu_aio_flush() bdrv_close() // zaps bs->drv, which makes any subsequent I/O get // dropped. Works as designed drive_uninit() bdrv_delete() // frees the bs. Since the device is still connected to // bs, any subsequent I/O is a use-after-free. The value of bs->drv becomes unpredictable on free. As long as it remains null, I/O still gets dropped, however it could become non-null at any point after the free resulting SEGVs or other QEMU state corruption. To resolve this issue as simply as possible, we can chose to not actually delete the BlockDriverState pointer. Since bdrv_close() handles setting the drv pointer to NULL, we just need to remove the BlockDriverState from the QLIST that is used to enumerate the block devices. This is currently handled within bdrv_delete, so move this into its own function, bdrv_make_anon(). The result is that we can now invoke drive_del, this closes the file descriptors and sets BlockDriverState->drv to NULL which prevents futher IO to the device, and since we do not free BlockDriverState, we don't have to worry about the copy retained in the block devices. We also don't attempt to remove the qdev property since we are no longer deleting the BlockDriverState on drives with associated drives. This also allows for removing Drives with no devices associated either. Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Ryan Harper <ryanh@us.ibm.com> Acked-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* virtio: use generic name when possibleAlexander Graf2011-04-041-1/+1
| | | | | | | | | | | | We have two different virtio buses: pci and s390. The abstraction path taken in qemu is to have generic aliases for each device type in the architecture specific qdev devices. So let's make use of these aliases whenever we can and define them whenever we can. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
* Improve error handling in do_snapshot_blkdev()Jes Sorensen2011-03-151-6/+17
| | | | | | | | | | | | | | In case we cannot open the newly created snapshot image, try to fall back to the original image file and continue running on that, which should prevent the guest from aborting. This is a corner case which can happen if the admin by mistake specifies the snapshot file on a virtual file system which does not support O_DIRECT. bdrv_create() does not use O_DIRECT, but the following open in bdrv_open() does and will then fail. Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: Plug memory leak in drive_init() error pathsMarkus Armbruster2011-02-101-2/+9
| | | | | | | Should have spotted this when doing commit 319ae529. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: Plug memory leak in drive_uninit()Markus Armbruster2011-02-101-0/+1
| | | | | | | Started leaking in commit 1dae12e6. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* block: enable in_use flagMarcelo Tosatti2011-02-071-0/+4
| | | | | | | | Set block device in use during block migration, disallow drive_del and bdrv_truncate for in use devices. Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: add refcount to DriveInfoMarcelo Tosatti2011-02-071-2/+16
| | | | | | | | | | | | The host part of a block device can be deleted with in progress block migration. To fix this, add a reference count to DriveInfo, freeing resources on last reference. Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> CC: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: Fix drive_add for drives without mediaMarkus Armbruster2011-01-311-6/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Watch this: (qemu) drive_add 0 if=none (qemu) info block none0: type=hd removable=0 [not inserted] (qemu) drive_del none0 Segmentation fault (core dumped) add_init_drive() is confused about drive_init()'s failure modes, and cleans up when it shouldn't. This leaves the DriveInfo with member opts dangling. drive_del attempts to free it, and dies. drive_init() behaves as follows: * If it created a drive with media, it returns its DriveInfo. * If it created a drive without media, it clears *fatal_error and returns NULL. * If it couldn't create a drive, it sets *fatal_error and returns NULL. Of its three callers: * drive_init_func() is correct. * usb_msd_init() assumes drive_init() failed when it returns NULL. This is correct only because it always passes option "file", and "drive without media" can't happen then. * add_init_drive() assumes drive_init() failed when it returns NULL. This is incorrect. Clean up drive_init() to return NULL on failure and only on failure. Drop its parameter fatal_error. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: Replace drive_add()'s fmt, ... by optstr parameterMarkus Armbruster2011-01-311-7/+1
| | | | | | | | Let the callers build the optstr. Only one wants to. All the others become simpler, because they don't have to worry about escaping '%'. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: Reject multiple definitions for the same driveMarkus Armbruster2011-01-311-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | We silently ignore multiple definitions for the same drive: $ qemu-system-x86_64 -nodefaults -vnc :1 -S -monitor stdio -drive if=ide,index=1,file=tmp.qcow2 -drive if=ide,index=1,file=nonexistant QEMU 0.13.50 monitor - type 'help' for more information (qemu) info block ide0-hd1: type=hd removable=0 file=tmp.qcow2 backing_file=tmp.img ro=0 drv=qcow2 encrypted=0 With if=none, this can become quite confusing: $ qemu-system-x86_64 -nodefaults -vnc :1 -S -monitor stdio -drive if=none,index=1,file=tmp.qcow2,id=eins -drive if=none,index=1,file=nonexistant,id=zwei -device ide-drive,drive=eins -device ide-drive,drive=zwei qemu-system-x86_64: -device ide-drive,drive=zwei: Property 'ide-drive.drive' can't find value 'zwei' The second -device fails, because it refers to drive zwei, which got silently ignored. Make multiple drive definitions fail cleanly. Unfortunately, there's code that relies on multiple drive definitions being silently ignored: main() merrily adds default drives even when the user already defined these drives. Fix that up. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: New drive_get_by_index()Markus Armbruster2011-01-311-0/+7
| | | | | Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: Factor drive_index_to_{bus,unit}_id out of drive_init()Markus Armbruster2011-01-311-8/+14
| | | | | Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: Make drive_add() take explicit type, index parametersMarkus Armbruster2011-01-311-3/+17
| | | | | | | | | | | | Before, type & index were hidden in printf-like fmt, ... parameters, which get expanded into an option string. Rather inconvenient for uses later in this series. New IF_DEFAULT to ask for the machine's default interface. Before, that was done by having no option "if" in the option string. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: Fix regression in -drive if=scsi,index=NMarkus Armbruster2011-01-311-2/+16
| | | | | | | | | | | | | | | | | | | | | | Before commit 622b520f, index=12 meant bus=1,unit=5. Since the commit, it means bus=0,unit=12. The drive is created, but not the guest device. That's because the controllers we use with if=scsi drives (lsi53c895a and esp) support only 7 units, and scsi_bus_legacy_handle_cmdline() ignores drives with unit numbers exceeding that limit. Changing the mapping of index to bus, unit is a regression. Breaking -drive invocations that used to work just makes it worse. Revert the part of commit 622b520f that causes this, and clean up some. Note that the fix only affects if=scsi. You can still put more than 7 units on a SCSI bus with -device & friends. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: Put BlockInterfaceType names and max_devs in tablesMarkus Armbruster2011-01-311-30/+21
| | | | | | | | Turns drive_init()'s lengthy conditional into a concise loop, and makes the data available elsewhere. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: New drive_get_next(), replacing qdev_init_bdrv()Markus Armbruster2011-01-311-0/+10
| | | | | | | | | | qdev_init_bdrv() doesn't belong into qdev.c; it's about drives, not qdevs. Rename to drive_get_next, move to blockdev.c, drop the bogus DeviceState argument, and return DriveInfo instead of BlockDriverState. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* block: add block_resize monitor commandChristoph Hellwig2011-01-311-0/+30
| | | | | | | | | | | | | | | | | | | | | | Add a monitor command that allows resizing of block devices while qemu is running. It uses the existing bdrv_truncate method already used by qemu-img to do it's work. Compared to qemu-img the size parsing is very simplicistic, but I think having a properly numering object is more useful for non-humand monitor users than having the units and relative resize parsing. For SCSI devices the new size can be updated in Linux guests by doing the following shell command: echo > /sys/class/scsi_device/0:0:0:0/device/rescan For ATA devices I don't know of a way to update the block device size in Linux system, and for virtio-blk the next two patches will provide an automatic update of the size when this command is issued on the host. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: Fix drive_del not to crash when drive is not in useMarkus Armbruster2011-01-241-7/+9
| | | | | | | | | | | | | | | | | | Watch this: (qemu) drive_add 0 if=none,file=tmp.img OK (qemu) info block none0: type=hd removable=0 file=tmp.img ro=0 drv=raw encrypted=0 (qemu) drive_del none0 Segmentation fault (core dumped) do_drive_del()'s code to clean up the pointer from a qdev using the drive back to the drive needs to check whether such a device exists. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: Make drive_init() use error_report()Markus Armbruster2011-01-241-31/+28
| | | | | | | | | | | This makes the errors point to the error location, and fixes drive_add to report errors in the monitor instead of stderr. While there, tweak a few error messages for consistency. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: Fix error message for invalid -drive CHSMarkus Armbruster2011-01-241-3/+3
| | | | | | | | | | When cyls, heads or secs are out of range, the error message prints buf, which points to the value of option "if". Bogus, may even be null. Drop that. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* do_snapshot_blkdev() error on missing snapshot_file argumentJes Sorensen2011-01-241-0/+6
| | | | | | | | Current code does not support snapshot internally to the running image. Error in case no snapshot_file is specified. Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* Introduce do_snapshot_blkdev() and monitor command to handle it.Jes Sorensen2010-12-171-0/+62
| | | | | | | | | | | The monitor command is: snapshot_blkdev <device> [snapshot-file] [format] Default format is qcow2. For now snapshots without a snapshot-file, eg internal snapshots, are not supported. Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: check dinfo ptr before usingRyan Harper2010-12-171-2/+4
| | | | | | | | | | | | | | | | | | | If a user decides to punish a guest by revoking its block device via drive_del, and subsequently also attempts to remove the pci device backing it, and the device is using blockdev_auto_del() then we get a segfault when we attempt to access dinfo->auto_del.[1] The fix is to check if drive_get_by_blockdev() actually returns a valid dinfo pointer or not. 1. (qemu) pci_add auto storage file=images/test01.raw,if=virtio,id=block1,snapshot=on (qemu) drive_del block1 (qemu) pci_del 5 *segfault* Signed-off-by: Ryan Harper <ryanh@us.ibm.com> Tested-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* Implement drive_del to decouple block removal from device removalRyan Harper2010-11-241-0/+39
| | | | | | | | | | | | | | | | | | | | | Currently device hotplug removal code is tied to device removal via ACPI. All pci devices that are removable via device_del() require the guest to respond to the request. In some cases the guest may not respond leaving the device still accessible to the guest. The management layer doesn't currently have a reliable way to revoke access to host resource in the presence of an uncooperative guest. This patch implements a new monitor command, drive_del, which provides an explicit command to revoke access to a host block device. drive_del first quiesces the block device (qemu_aio_flush; bdrv_flush() and bdrv_close()). This prevents further IO from being submitted against the host device. Finally, drive_del cleans up pointers between the drive object (host resource) and the device object (guest resource). Signed-off-by: Ryan Harper <ryanh@us.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* scsi-disk: Implement rerror optionKevin Wolf2010-11-041-3/+3
| | | | | | | | | | | This implements the rerror option for SCSI disks. It also includes minor changes to the write path where the same code is used that was criticized in the review for the changes to the read path required for rerror support. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
* QemuOpts: make most qemu_*_opts staticGerd Hoffmann2010-08-221-2/+2
| | | | | | | | Switch tree to lookup-by-name using qemu_find_opts(). Also hook up virtfs options so qemu_find_opts works for them too. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
* Fix -snapshot deleting images on disk changeBlue Swirl2010-07-261-0/+1
| | | | | | | | | | | Block device change command did not copy BDRV_O_SNAPSHOT flag. Thus the new image did not have this flag and the file got deleted during opening. Fix by copying BDRV_O_SNAPSHOT flag. Signed-off-by: Blue Swirl <blauwirbel@gmail.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: Clean up how readonly persists across virtual media changeMarkus Armbruster2010-07-061-1/+1
| | | | | | | | | | | | | | Since commit cb4e5f8e, monitor command change makes the new media readonly iff the type hint is BDRV_TYPE_CDROM, i.e. the drive was created with media=cdrom. The intention is to avoid changing a block device's read-only-ness. However, BDRV_TYPE_CDROM is only a hint. It is currently sufficent for read-only. But it's not necessary, and it may not remain sufficient. Use bdrv_is_read_only() instead. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* Merge remote branch 'kwolf/for-anthony' into stagingAnthony Liguori2010-07-061-17/+28
|\
| * blockdev: drive_get_by_id() is no longer used, removeMarkus Armbruster2010-07-021-12/+0
| | | | | | | | | | Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
| * blockdev: Clean up automatic drive deletionMarkus Armbruster2010-07-021-0/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We automatically delete blockdev host parts on unplug of the guest device. Too much magic, but we can't change that now. The delete happens early in the guest device teardown, before the connection to the host part is severed. Thus, the guest part's pointer to the host part dangles for a brief time. No actual harm comes from this, but we'll catch such dangling pointers a few commits down the road. Clean up the dangling pointers by delaying the automatic deletion until the guest part's pointer is gone. Device usb-storage deliberately makes two qdev properties refer to the same drive, because it automatically creates a second device. Again, too much magic we can't change now. Multiple references worked okay before, but now free_drive() dies for the second one. Zap the extra reference. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
| * blockdev: New drive_get_by_blockdev()Markus Armbruster2010-07-021-0/+12
| | | | | | | | | | Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
| * blockdev: Remove drive_get_serial()Markus Armbruster2010-07-021-12/+0
| | | | | | | | | | | | | | Unused since commit 6ced55a5. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* | Monitor: handle optional '-' arg as a boolLuiz Capitulino2010-07-011-1/+1
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Historically, user monitor arguments beginning with '-' (eg. '-f') were passed as integers down to handlers. I've maintained this behavior in the new monitor because we didn't have a boolean type at the very beginning of QMP. Today we have it and this behavior is causing trouble to QMP's argument checker. This commit fixes the problem by doing the following changes: 1. User Monitor Before: the optional arg was represented as a QInt, we'd pass 1 down to handlers if the user specified the argument or 0 otherwise This commit: the optional arg is represented as a QBool, we pass true down to handlers if the user specified the argument, otherwise _nothing_ is passed 2. QMP Before: the client was required to pass the arg as QBool, but we'd convert it to QInt internally. If the argument wasn't passed, we'd pass 0 down This commit: still require a QBool, but doesn't do any conversion and doesn't pass any default value 3. Convert existing handlers (do_eject()/do_migrate()) to the new way Before: Both handlers would expect a QInt value, either 0 or 1 This commit: Change the handlers to accept a QBool, they handle the following cases: A) true is passed: the option is enabled B) false is passed: the option is disabled C) nothing is passed: option not specified, use default behavior Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
* monitor: allow device to be ejected if no disk is insertedEduardo Habkost2010-06-221-12/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This changes the monitor eject_device() function to not check for bdrv_is_inserted(). Example run where the bug manifests itself: (output of 'info block' is stripped to include only the CD-ROM device) (qemu) info block ide1-cd0: type=cdrom removable=1 locked=0 [not inserted] (qemu) change ide1-cd0 /dev/cdrom host_cdrom (qemu) info block ide1-cd0: type=cdrom removable=1 locked=0 file=/dev/cdrom ro=1 drv=host_cdrom encrypted=0 (qemu) eject ide1-cd0 (qemu) info block ide1-cd0: type=cdrom removable=1 locked=0 file=/dev/cdrom ro=1 drv=host_cdrom encrypted=0 # at this point, a disk was inserted on the host CD-ROM drive (qemu) info block ide1-cd0: type=cdrom removable=1 locked=0 file=/dev/cdrom ro=1 drv=host_cdrom encrypted=0 (qemu) eject ide1-cd0 (qemu) info block ide1-cd0: type=cdrom removable=1 locked=0 [not inserted] (qemu) The first eject command didn't work because the is_inserted() check failed. I have no clue why the code had the is_inserted() check, as it doesn't matter if there is a disk present at the host drive, when the user wants the virtual device to be disconnected from the host device. The is_inserted() check has another side effect: a memory leak if the "change" command is used multiple times, as do_change() calls eject_device() before re-opening the block device, but bdrv_close() is never called. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: Give drives internal linkageMarkus Armbruster2010-06-151-1/+1
| | | | | | | | This is the list of drives defined with drive_init(). Hide it, so it doesn't get abused. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* monitor: Make "commit FOO" complain when FOO doesn't existMarkus Armbruster2010-06-151-2/+4
| | | | | Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* block: Decouple block device "commit all" from DriveInfoMarkus Armbruster2010-06-151-8/+8
| | | | | | | | | | | | | do_commit() and mux_proc_byte() iterate over the list of drives defined with drive_init(). This misses host block devices defined by other means. Such means don't exist now, but will be introduced later in this series. Change them to use new bdrv_commit_all(), which iterates over all host block devices. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* block: Move error actions from DriveInfo to BlockDriverStateMarkus Armbruster2010-06-151-15/+2
| | | | | | | | That's where they belong semantically (block device host part), even though the actions are actually executed by guest device code. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* Fix regression for "-drive file="Markus Armbruster2010-06-151-1/+1
| | | | | | | | | Empty file used to create an empty drive (no media). Since commit 9dfd7c7a, it's an error: "qemu: could not open disk image : No such file or directory". Older versions of libvirt can choke on this. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* block: Fix serial number assignmentLuiz Capitulino2010-06-041-1/+1
| | | | | | | | | | | We should use 'dinfo->serial' length, 'serial' is a pointer, so the serial number length is currently limited to the pointer size. This fixes https://bugs.launchpad.net/qemu/+bug/584143 and is also valid for stable. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* blockdev: Collect block device code in new blockdev.cMarkus Armbruster2010-06-041-0/+600
Anything that moves hundreds of lines out of vl.c can't be all bad. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
OpenPOWER on IntegriCloud