528 lines
14 KiB
C
528 lines
14 KiB
C
|
/*
|
||
|
* Threaded data processing for Qcow2: compression, encryption
|
||
|
*
|
||
|
* Copyright (c) 2004-2006 Fabrice Bellard
|
||
|
* Copyright (c) 2018 Virtuozzo International GmbH. All rights reserved.
|
||
|
*
|
||
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||
|
* of this software and associated documentation files (the "Software"), to deal
|
||
|
* in the Software without restriction, including without limitation the rights
|
||
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||
|
* copies of the Software, and to permit persons to whom the Software is
|
||
|
* furnished to do so, subject to the following conditions:
|
||
|
*
|
||
|
* The above copyright notice and this permission notice shall be included in
|
||
|
* all copies or substantial portions of the Software.
|
||
|
*
|
||
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
||
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||
|
* THE SOFTWARE.
|
||
|
*/
|
||
|
|
||
|
#include "qemu/osdep.h"
|
||
|
|
||
|
#define ZLIB_CONST
|
||
|
#include <zlib.h>
|
||
|
|
||
|
#ifdef CONFIG_ZSTD
|
||
|
#include <zstd.h>
|
||
|
#include <zstd_errors.h>
|
||
|
#endif
|
||
|
|
||
|
#include "qcow2.h"
|
||
|
#include "block/thread-pool.h"
|
||
|
#include "crypto.h"
|
||
|
|
||
|
static int coroutine_fn
|
||
|
qcow2_co_process(BlockDriverState *bs, ThreadPoolFunc *func, void *arg)
|
||
|
{
|
||
|
int ret;
|
||
|
BDRVQcow2State *s = bs->opaque;
|
||
|
ThreadPool *pool = aio_get_thread_pool(bdrv_get_aio_context(bs));
|
||
|
|
||
|
qemu_co_mutex_lock(&s->lock);
|
||
|
while (s->nb_threads >= QCOW2_MAX_THREADS) {
|
||
|
qemu_co_queue_wait(&s->thread_task_queue, &s->lock);
|
||
|
}
|
||
|
s->nb_threads++;
|
||
|
qemu_co_mutex_unlock(&s->lock);
|
||
|
|
||
|
ret = thread_pool_submit_co(pool, func, arg);
|
||
|
|
||
|
qemu_co_mutex_lock(&s->lock);
|
||
|
s->nb_threads--;
|
||
|
qemu_co_queue_next(&s->thread_task_queue);
|
||
|
qemu_co_mutex_unlock(&s->lock);
|
||
|
|
||
|
return ret;
|
||
|
}
|
||
|
|
||
|
|
||
|
/*
|
||
|
* Compression
|
||
|
*/
|
||
|
|
||
|
typedef ssize_t (*Qcow2CompressFunc)(void *dest, size_t dest_size,
|
||
|
const void *src, size_t src_size);
|
||
|
typedef struct Qcow2CompressData {
|
||
|
void *dest;
|
||
|
size_t dest_size;
|
||
|
const void *src;
|
||
|
size_t src_size;
|
||
|
ssize_t ret;
|
||
|
|
||
|
Qcow2CompressFunc func;
|
||
|
} Qcow2CompressData;
|
||
|
|
||
|
/*
|
||
|
* qcow2_zlib_compress()
|
||
|
*
|
||
|
* Compress @src_size bytes of data using zlib compression method
|
||
|
*
|
||
|
* @dest - destination buffer, @dest_size bytes
|
||
|
* @src - source buffer, @src_size bytes
|
||
|
*
|
||
|
* Returns: compressed size on success
|
||
|
* -ENOMEM destination buffer is not enough to store compressed data
|
||
|
* -EIO on any other error
|
||
|
*/
|
||
|
static ssize_t qcow2_zlib_compress(void *dest, size_t dest_size,
|
||
|
const void *src, size_t src_size)
|
||
|
{
|
||
|
ssize_t ret;
|
||
|
z_stream strm;
|
||
|
|
||
|
/* best compression, small window, no zlib header */
|
||
|
memset(&strm, 0, sizeof(strm));
|
||
|
ret = deflateInit2(&strm, Z_DEFAULT_COMPRESSION, Z_DEFLATED,
|
||
|
-12, 9, Z_DEFAULT_STRATEGY);
|
||
|
if (ret != Z_OK) {
|
||
|
return -EIO;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* strm.next_in is not const in old zlib versions, such as those used on
|
||
|
* OpenBSD/NetBSD, so cast the const away
|
||
|
*/
|
||
|
strm.avail_in = src_size;
|
||
|
strm.next_in = (void *) src;
|
||
|
strm.avail_out = dest_size;
|
||
|
strm.next_out = dest;
|
||
|
|
||
|
ret = deflate(&strm, Z_FINISH);
|
||
|
if (ret == Z_STREAM_END) {
|
||
|
ret = dest_size - strm.avail_out;
|
||
|
} else {
|
||
|
ret = (ret == Z_OK ? -ENOMEM : -EIO);
|
||
|
}
|
||
|
|
||
|
deflateEnd(&strm);
|
||
|
|
||
|
return ret;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* qcow2_zlib_decompress()
|
||
|
*
|
||
|
* Decompress some data (not more than @src_size bytes) to produce exactly
|
||
|
* @dest_size bytes using zlib compression method
|
||
|
*
|
||
|
* @dest - destination buffer, @dest_size bytes
|
||
|
* @src - source buffer, @src_size bytes
|
||
|
*
|
||
|
* Returns: 0 on success
|
||
|
* -EIO on fail
|
||
|
*/
|
||
|
static ssize_t qcow2_zlib_decompress(void *dest, size_t dest_size,
|
||
|
const void *src, size_t src_size)
|
||
|
{
|
||
|
int ret;
|
||
|
z_stream strm;
|
||
|
|
||
|
memset(&strm, 0, sizeof(strm));
|
||
|
strm.avail_in = src_size;
|
||
|
strm.next_in = (void *) src;
|
||
|
strm.avail_out = dest_size;
|
||
|
strm.next_out = dest;
|
||
|
|
||
|
ret = inflateInit2(&strm, -12);
|
||
|
if (ret != Z_OK) {
|
||
|
return -EIO;
|
||
|
}
|
||
|
|
||
|
ret = inflate(&strm, Z_FINISH);
|
||
|
if ((ret == Z_STREAM_END || ret == Z_BUF_ERROR) && strm.avail_out == 0) {
|
||
|
/*
|
||
|
* We approve Z_BUF_ERROR because we need @dest buffer to be filled, but
|
||
|
* @src buffer may be processed partly (because in qcow2 we know size of
|
||
|
* compressed data with precision of one sector)
|
||
|
*/
|
||
|
ret = 0;
|
||
|
} else {
|
||
|
ret = -EIO;
|
||
|
}
|
||
|
|
||
|
inflateEnd(&strm);
|
||
|
|
||
|
return ret;
|
||
|
}
|
||
|
|
||
|
#ifdef CONFIG_ZSTD
|
||
|
|
||
|
/*
|
||
|
* qcow2_zstd_compress()
|
||
|
*
|
||
|
* Compress @src_size bytes of data using zstd compression method
|
||
|
*
|
||
|
* @dest - destination buffer, @dest_size bytes
|
||
|
* @src - source buffer, @src_size bytes
|
||
|
*
|
||
|
* Returns: compressed size on success
|
||
|
* -ENOMEM destination buffer is not enough to store compressed data
|
||
|
* -EIO on any other error
|
||
|
*/
|
||
|
static ssize_t qcow2_zstd_compress(void *dest, size_t dest_size,
|
||
|
const void *src, size_t src_size)
|
||
|
{
|
||
|
ssize_t ret;
|
||
|
size_t zstd_ret;
|
||
|
ZSTD_outBuffer output = {
|
||
|
.dst = dest,
|
||
|
.size = dest_size,
|
||
|
.pos = 0
|
||
|
};
|
||
|
ZSTD_inBuffer input = {
|
||
|
.src = src,
|
||
|
.size = src_size,
|
||
|
.pos = 0
|
||
|
};
|
||
|
ZSTD_CCtx *cctx = ZSTD_createCCtx();
|
||
|
|
||
|
if (!cctx) {
|
||
|
return -EIO;
|
||
|
}
|
||
|
/*
|
||
|
* Use the zstd streamed interface for symmetry with decompression,
|
||
|
* where streaming is essential since we don't record the exact
|
||
|
* compressed size.
|
||
|
*
|
||
|
* ZSTD_compressStream2() tries to compress everything it could
|
||
|
* with a single call. Although, ZSTD docs says that:
|
||
|
* "You must continue calling ZSTD_compressStream2() with ZSTD_e_end
|
||
|
* until it returns 0, at which point you are free to start a new frame",
|
||
|
* in out tests we saw the only case when it returned with >0 -
|
||
|
* when the output buffer was too small. In that case,
|
||
|
* ZSTD_compressStream2() expects a bigger buffer on the next call.
|
||
|
* We can't provide a bigger buffer because we are limited with dest_size
|
||
|
* which we pass to the ZSTD_compressStream2() at once.
|
||
|
* So, we don't need any loops and just abort the compression when we
|
||
|
* don't get 0 result on the first call.
|
||
|
*/
|
||
|
zstd_ret = ZSTD_compressStream2(cctx, &output, &input, ZSTD_e_end);
|
||
|
|
||
|
if (zstd_ret) {
|
||
|
if (zstd_ret > output.size - output.pos) {
|
||
|
ret = -ENOMEM;
|
||
|
} else {
|
||
|
ret = -EIO;
|
||
|
}
|
||
|
goto out;
|
||
|
}
|
||
|
|
||
|
/* make sure that zstd didn't overflow the dest buffer */
|
||
|
assert(output.pos <= dest_size);
|
||
|
ret = output.pos;
|
||
|
out:
|
||
|
ZSTD_freeCCtx(cctx);
|
||
|
return ret;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* qcow2_zstd_decompress()
|
||
|
*
|
||
|
* Decompress some data (not more than @src_size bytes) to produce exactly
|
||
|
* @dest_size bytes using zstd compression method
|
||
|
*
|
||
|
* @dest - destination buffer, @dest_size bytes
|
||
|
* @src - source buffer, @src_size bytes
|
||
|
*
|
||
|
* Returns: 0 on success
|
||
|
* -EIO on any error
|
||
|
*/
|
||
|
static ssize_t qcow2_zstd_decompress(void *dest, size_t dest_size,
|
||
|
const void *src, size_t src_size)
|
||
|
{
|
||
|
size_t zstd_ret = 0;
|
||
|
ssize_t ret = 0;
|
||
|
ZSTD_outBuffer output = {
|
||
|
.dst = dest,
|
||
|
.size = dest_size,
|
||
|
.pos = 0
|
||
|
};
|
||
|
ZSTD_inBuffer input = {
|
||
|
.src = src,
|
||
|
.size = src_size,
|
||
|
.pos = 0
|
||
|
};
|
||
|
ZSTD_DCtx *dctx = ZSTD_createDCtx();
|
||
|
|
||
|
if (!dctx) {
|
||
|
return -EIO;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* The compressed stream from the input buffer may consist of more
|
||
|
* than one zstd frame. So we iterate until we get a fully
|
||
|
* uncompressed cluster.
|
||
|
* From zstd docs related to ZSTD_decompressStream:
|
||
|
* "return : 0 when a frame is completely decoded and fully flushed"
|
||
|
* We suppose that this means: each time ZSTD_decompressStream reads
|
||
|
* only ONE full frame and returns 0 if and only if that frame
|
||
|
* is completely decoded and flushed. Only after returning 0,
|
||
|
* ZSTD_decompressStream reads another ONE full frame.
|
||
|
*/
|
||
|
while (output.pos < output.size) {
|
||
|
size_t last_in_pos = input.pos;
|
||
|
size_t last_out_pos = output.pos;
|
||
|
zstd_ret = ZSTD_decompressStream(dctx, &output, &input);
|
||
|
|
||
|
if (ZSTD_isError(zstd_ret)) {
|
||
|
ret = -EIO;
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* The ZSTD manual is vague about what to do if it reads
|
||
|
* the buffer partially, and we don't want to get stuck
|
||
|
* in an infinite loop where ZSTD_decompressStream
|
||
|
* returns > 0 waiting for another input chunk. So, we add
|
||
|
* a check which ensures that the loop makes some progress
|
||
|
* on each step.
|
||
|
*/
|
||
|
if (last_in_pos >= input.pos &&
|
||
|
last_out_pos >= output.pos) {
|
||
|
ret = -EIO;
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
/*
|
||
|
* Make sure that we have the frame fully flushed here
|
||
|
* if not, we somehow managed to get uncompressed cluster
|
||
|
* greater then the cluster size, possibly because of its
|
||
|
* damage.
|
||
|
*/
|
||
|
if (zstd_ret > 0) {
|
||
|
ret = -EIO;
|
||
|
}
|
||
|
|
||
|
ZSTD_freeDCtx(dctx);
|
||
|
assert(ret == 0 || ret == -EIO);
|
||
|
return ret;
|
||
|
}
|
||
|
#endif
|
||
|
|
||
|
static int qcow2_compress_pool_func(void *opaque)
|
||
|
{
|
||
|
Qcow2CompressData *data = opaque;
|
||
|
|
||
|
data->ret = data->func(data->dest, data->dest_size,
|
||
|
data->src, data->src_size);
|
||
|
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
static ssize_t coroutine_fn
|
||
|
qcow2_co_do_compress(BlockDriverState *bs, void *dest, size_t dest_size,
|
||
|
const void *src, size_t src_size, Qcow2CompressFunc func)
|
||
|
{
|
||
|
Qcow2CompressData arg = {
|
||
|
.dest = dest,
|
||
|
.dest_size = dest_size,
|
||
|
.src = src,
|
||
|
.src_size = src_size,
|
||
|
.func = func,
|
||
|
};
|
||
|
|
||
|
qcow2_co_process(bs, qcow2_compress_pool_func, &arg);
|
||
|
|
||
|
return arg.ret;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* qcow2_co_compress()
|
||
|
*
|
||
|
* Compress @src_size bytes of data using the compression
|
||
|
* method defined by the image compression type
|
||
|
*
|
||
|
* @dest - destination buffer, @dest_size bytes
|
||
|
* @src - source buffer, @src_size bytes
|
||
|
*
|
||
|
* Returns: compressed size on success
|
||
|
* a negative error code on failure
|
||
|
*/
|
||
|
ssize_t coroutine_fn
|
||
|
qcow2_co_compress(BlockDriverState *bs, void *dest, size_t dest_size,
|
||
|
const void *src, size_t src_size)
|
||
|
{
|
||
|
BDRVQcow2State *s = bs->opaque;
|
||
|
Qcow2CompressFunc fn;
|
||
|
|
||
|
switch (s->compression_type) {
|
||
|
case QCOW2_COMPRESSION_TYPE_ZLIB:
|
||
|
fn = qcow2_zlib_compress;
|
||
|
break;
|
||
|
|
||
|
#ifdef CONFIG_ZSTD
|
||
|
case QCOW2_COMPRESSION_TYPE_ZSTD:
|
||
|
fn = qcow2_zstd_compress;
|
||
|
break;
|
||
|
#endif
|
||
|
default:
|
||
|
abort();
|
||
|
}
|
||
|
|
||
|
return qcow2_co_do_compress(bs, dest, dest_size, src, src_size, fn);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* qcow2_co_decompress()
|
||
|
*
|
||
|
* Decompress some data (not more than @src_size bytes) to produce exactly
|
||
|
* @dest_size bytes using the compression method defined by the image
|
||
|
* compression type
|
||
|
*
|
||
|
* @dest - destination buffer, @dest_size bytes
|
||
|
* @src - source buffer, @src_size bytes
|
||
|
*
|
||
|
* Returns: 0 on success
|
||
|
* a negative error code on failure
|
||
|
*/
|
||
|
ssize_t coroutine_fn
|
||
|
qcow2_co_decompress(BlockDriverState *bs, void *dest, size_t dest_size,
|
||
|
const void *src, size_t src_size)
|
||
|
{
|
||
|
BDRVQcow2State *s = bs->opaque;
|
||
|
Qcow2CompressFunc fn;
|
||
|
|
||
|
switch (s->compression_type) {
|
||
|
case QCOW2_COMPRESSION_TYPE_ZLIB:
|
||
|
fn = qcow2_zlib_decompress;
|
||
|
break;
|
||
|
|
||
|
#ifdef CONFIG_ZSTD
|
||
|
case QCOW2_COMPRESSION_TYPE_ZSTD:
|
||
|
fn = qcow2_zstd_decompress;
|
||
|
break;
|
||
|
#endif
|
||
|
default:
|
||
|
abort();
|
||
|
}
|
||
|
|
||
|
return qcow2_co_do_compress(bs, dest, dest_size, src, src_size, fn);
|
||
|
}
|
||
|
|
||
|
|
||
|
/*
|
||
|
* Cryptography
|
||
|
*/
|
||
|
|
||
|
/*
|
||
|
* Qcow2EncDecFunc: common prototype of qcrypto_block_encrypt() and
|
||
|
* qcrypto_block_decrypt() functions.
|
||
|
*/
|
||
|
typedef int (*Qcow2EncDecFunc)(QCryptoBlock *block, uint64_t offset,
|
||
|
uint8_t *buf, size_t len, Error **errp);
|
||
|
|
||
|
typedef struct Qcow2EncDecData {
|
||
|
QCryptoBlock *block;
|
||
|
uint64_t offset;
|
||
|
uint8_t *buf;
|
||
|
size_t len;
|
||
|
|
||
|
Qcow2EncDecFunc func;
|
||
|
} Qcow2EncDecData;
|
||
|
|
||
|
static int qcow2_encdec_pool_func(void *opaque)
|
||
|
{
|
||
|
Qcow2EncDecData *data = opaque;
|
||
|
|
||
|
return data->func(data->block, data->offset, data->buf, data->len, NULL);
|
||
|
}
|
||
|
|
||
|
static int coroutine_fn
|
||
|
qcow2_co_encdec(BlockDriverState *bs, uint64_t host_offset,
|
||
|
uint64_t guest_offset, void *buf, size_t len,
|
||
|
Qcow2EncDecFunc func)
|
||
|
{
|
||
|
BDRVQcow2State *s = bs->opaque;
|
||
|
Qcow2EncDecData arg = {
|
||
|
.block = s->crypto,
|
||
|
.offset = s->crypt_physical_offset ? host_offset : guest_offset,
|
||
|
.buf = buf,
|
||
|
.len = len,
|
||
|
.func = func,
|
||
|
};
|
||
|
uint64_t sector_size;
|
||
|
|
||
|
assert(s->crypto);
|
||
|
|
||
|
sector_size = qcrypto_block_get_sector_size(s->crypto);
|
||
|
assert(QEMU_IS_ALIGNED(guest_offset, sector_size));
|
||
|
assert(QEMU_IS_ALIGNED(host_offset, sector_size));
|
||
|
assert(QEMU_IS_ALIGNED(len, sector_size));
|
||
|
|
||
|
return len == 0 ? 0 : qcow2_co_process(bs, qcow2_encdec_pool_func, &arg);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* qcow2_co_encrypt()
|
||
|
*
|
||
|
* Encrypts one or more contiguous aligned sectors
|
||
|
*
|
||
|
* @host_offset - underlying storage offset of the first sector of the
|
||
|
* data to be encrypted
|
||
|
*
|
||
|
* @guest_offset - guest (virtual) offset of the first sector of the
|
||
|
* data to be encrypted
|
||
|
*
|
||
|
* @buf - buffer with the data to encrypt, that after encryption
|
||
|
* will be written to the underlying storage device at
|
||
|
* @host_offset
|
||
|
*
|
||
|
* @len - length of the buffer (must be a multiple of the encryption
|
||
|
* sector size)
|
||
|
*
|
||
|
* Depending on the encryption method, @host_offset and/or @guest_offset
|
||
|
* may be used for generating the initialization vector for
|
||
|
* encryption.
|
||
|
*
|
||
|
* Note that while the whole range must be aligned on sectors, it
|
||
|
* does not have to be aligned on clusters and can also cross cluster
|
||
|
* boundaries
|
||
|
*/
|
||
|
int coroutine_fn
|
||
|
qcow2_co_encrypt(BlockDriverState *bs, uint64_t host_offset,
|
||
|
uint64_t guest_offset, void *buf, size_t len)
|
||
|
{
|
||
|
return qcow2_co_encdec(bs, host_offset, guest_offset, buf, len,
|
||
|
qcrypto_block_encrypt);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* qcow2_co_decrypt()
|
||
|
*
|
||
|
* Decrypts one or more contiguous aligned sectors
|
||
|
* Similar to qcow2_co_encrypt
|
||
|
*/
|
||
|
int coroutine_fn
|
||
|
qcow2_co_decrypt(BlockDriverState *bs, uint64_t host_offset,
|
||
|
uint64_t guest_offset, void *buf, size_t len)
|
||
|
{
|
||
|
return qcow2_co_encdec(bs, host_offset, guest_offset, buf, len,
|
||
|
qcrypto_block_decrypt);
|
||
|
}
|