Patchwork [V13,5/6] add-cow file format core code.

login
register
mail settings
Submitter Robert Wang
Date Oct. 18, 2012, 9:51 a.m.
Message ID <1350553895-3388-6-git-send-email-wdongxu@linux.vnet.ibm.com>
Download mbox | patch
Permalink /patch/192255/
State New
Headers show

Comments

Robert Wang - Oct. 18, 2012, 9:51 a.m.
add-cow file format core code. It use block-cache.c as cache code.
It lacks of snapshot_blkdev support.

Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
---
 block/Makefile.objs |    1 +
 block/add-cow.c     |  693 +++++++++++++++++++++++++++++++++++++++++++++++++++
 block/add-cow.h     |   85 +++++++
 block/block-cache.c |    4 +
 block/block-cache.h |    1 +
 block_int.h         |    2 +
 6 files changed, 786 insertions(+), 0 deletions(-)
 create mode 100644 block/add-cow.c
 create mode 100644 block/add-cow.h
Stefan Hajnoczi - Oct. 22, 2012, 9:29 a.m.
On Thu, Oct 18, 2012 at 05:51:34PM +0800, Dong Xu Wang wrote:
> +static void add_cow_header_cpu_to_le(const AddCowHeader *cpu, AddCowHeader *le)
> +{
> +    le->magic                       = cpu_to_le64(cpu->magic);
> +    le->version                     = cpu_to_le32(cpu->version);
> +
> +    le->backing_filename_offset     = cpu_to_le32(cpu->backing_filename_offset);
> +    le->backing_filename_size       = cpu_to_le32(cpu->backing_filename_size);
> +
> +    le->image_filename_offset       = cpu_to_le32(cpu->image_filename_offset);
> +    le->image_filename_size         = cpu_to_le32(cpu->image_filename_size);
> +
> +    le->cluster_bits                = cpu_to_le32(cpu->cluster_bits);
> +    le->features                    = cpu_to_le64(cpu->features);
> +    le->optional_features           = cpu_to_le64(cpu->optional_features);
> +    le->header_pages_size           = cpu_to_le32(cpu->header_pages_size);
> +    memcpy(le->backing_fmt, cpu->backing_fmt, sizeof(cpu->backing_fmt));
> +    memcpy(le->image_fmt, cpu->image_fmt, sizeof(cpu->image_fmt));

Minor style issue: sizeof(le->backing_fmt) is safer than
sizeof(cpu->image_fmt) in case the types change or this code is
copy-pasted elsewhere.  Always use the size of the destination buffer.

> +}
> +
> +static int add_cow_probe(const uint8_t *buf, int buf_size, const char *filename)
> +{
> +    const AddCowHeader *header = (const AddCowHeader *)buf;
> +

In case .bdrv_probe() is exposed in a future stand-alone block libary
like libqblock.so where we cannot make assumptions about buf_size:

if (buf_size < sizeof(*header)) {
    return 0;
}

> +    ret = bdrv_file_open(&bs, filename, BDRV_O_RDWR);
> +    if (ret < 0) {
> +        return ret;
> +    }
> +    snprintf(header.backing_fmt, sizeof(header.backing_fmt),
> +             "%s", backing_fmt ? backing_fmt : "");
> +    snprintf(header.image_fmt, sizeof(header.image_fmt),
> +             "%s", image_format ? image_format : "raw");
> +    add_cow_header_cpu_to_le(&header, &le_header);
> +    ret = bdrv_pwrite(bs, 0, &le_header, sizeof(le_header));
> +    if (ret < 0) {
> +        bdrv_delete(bs);
> +        return ret;
> +    }

Once...

> +    if (ret < 0) {
> +        bdrv_delete(bs);
> +        return ret;
> +    }

...twice.  This can be dropped.

> +
> +    if (backing_filename) {
> +        ret = bdrv_pwrite(bs, header.backing_filename_offset,
> +                          backing_filename, header.backing_filename_size);
> +        if (ret < 0) {
> +            bdrv_delete(bs);
> +            return ret;
> +        }
> +    }
> +
> +    ret = bdrv_pwrite(bs, header.image_filename_offset,
> +                      image_filename, header.image_filename_size);
> +    if (ret < 0) {
> +        bdrv_delete(bs);
> +        return ret;
> +    }

I suggest writing the image filename before the backing filename so it's
easier to implement .bdrv_change_backing_file() in the future.

> +
> +    ret = bdrv_open(bs, filename, BDRV_O_RDWR | BDRV_O_NO_FLUSH, drv);

Forgot to bdrv_close(bs) before opening as add-cow.

> +    if ((s->header.features & ADD_COW_F_ALL_ALLOCATED) == 0) {
> +        ret = bdrv_read_string(bs->file, sizeof(s->header),
> +                               sizeof(bs->backing_format) - 1,
> +                               bs->backing_format,
> +                               sizeof(bs->backing_format));

This looks wrong:

1. The header contains the backing format field, we've already read it.
   Now we just need to put a NUL-terminated string into
   bs->backing_format.  No need for bdrv_read_string().

2. offset = sizeof(s->header) does not make sense because the
   backing_format field is part of the header.

3. n = sizeof(bs->backing_format) - 1 should be the size of the header
   backing_format field, not the destination buffer.

I'm wondering if I missed something or why add-cow files open
successfully in your testing, because I think this line of code would
cause it to use a junk bs->backing_format.

> +    s->image_hd = bdrv_new("");
> +    if (path_has_protocol(image_filename)) {

image_filename[] is uninitialized.  Did you mean tmp_name?

> +        pstrcpy(image_filename, sizeof(image_filename), tmp_name);
> +    } else {
> +        path_combine(image_filename, sizeof(image_filename),
> +                     bs->filename, tmp_name);
> +    }
> +
> +    ret = bdrv_open(s->image_hd, image_filename, flags, NULL);

What about header->image_format?

> +    if (ret < 0) {
> +        bdrv_delete(s->image_hd);
> +        goto fail;
> +    }
> +
> +    bs->total_sectors = bdrv_getlength(s->image_hd) >> 9;

/ BDRV_SECTOR_SIZE

> +    s->cluster_size = 1 << s->header.cluster_bits;
> +    sector_per_byte = SECTORS_PER_CLUSTER * 8;

SECTORS_PER_CLUSTER does not take s->cluster_size into account.

The add_cow_open() issues should have been visible during
development/testing (backing_format, unitialized image_filename[],
unused header->image_format, SECTORS_PER_CLUSTER).  It looks like not
much testing of image creation options has been done.  I'll review more
of this series in the next version, please test more.

Stefan

Patch

diff --git a/block/Makefile.objs b/block/Makefile.objs
index f128b78..ed9222d 100644
--- a/block/Makefile.objs
+++ b/block/Makefile.objs
@@ -1,5 +1,6 @@ 
 block-obj-y += raw.o cow.o qcow.o vdi.o vmdk.o cloop.o dmg.o bochs.o vpc.o vvfat.o
 block-obj-y += qcow2.o qcow2-refcount.o qcow2-cluster.o qcow2-snapshot.o
+block-obj-y += add-cow.o
 block-obj-y += block-cache.o
 block-obj-y += qed.o qed-gencb.o qed-l2-cache.o qed-table.o qed-cluster.o
 block-obj-y += qed-check.o
diff --git a/block/add-cow.c b/block/add-cow.c
new file mode 100644
index 0000000..15c86ab
--- /dev/null
+++ b/block/add-cow.c
@@ -0,0 +1,693 @@ 
+/*
+ * QEMU ADD-COW Disk Format
+ *
+ * Copyright IBM, Corp. 2012
+ *
+ * Authors:
+ *  Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+
+#include "qemu-common.h"
+#include "block_int.h"
+#include "module.h"
+#include "add-cow.h"
+
+static void add_cow_header_le_to_cpu(const AddCowHeader *le, AddCowHeader *cpu)
+{
+    cpu->magic                      = le64_to_cpu(le->magic);
+    cpu->version                    = le32_to_cpu(le->version);
+
+    cpu->backing_filename_offset    = le32_to_cpu(le->backing_filename_offset);
+    cpu->backing_filename_size      = le32_to_cpu(le->backing_filename_size);
+
+    cpu->image_filename_offset      = le32_to_cpu(le->image_filename_offset);
+    cpu->image_filename_size        = le32_to_cpu(le->image_filename_size);
+
+    cpu->cluster_bits               = le32_to_cpu(le->cluster_bits);
+    cpu->features                   = le64_to_cpu(le->features);
+    cpu->optional_features          = le64_to_cpu(le->optional_features);
+    cpu->header_pages_size          = le32_to_cpu(le->header_pages_size);
+
+    memcpy(cpu->backing_fmt, le->backing_fmt, sizeof(cpu->backing_fmt));
+    memcpy(cpu->image_fmt, le->image_fmt, sizeof(cpu->image_fmt));
+}
+
+static void add_cow_header_cpu_to_le(const AddCowHeader *cpu, AddCowHeader *le)
+{
+    le->magic                       = cpu_to_le64(cpu->magic);
+    le->version                     = cpu_to_le32(cpu->version);
+
+    le->backing_filename_offset     = cpu_to_le32(cpu->backing_filename_offset);
+    le->backing_filename_size       = cpu_to_le32(cpu->backing_filename_size);
+
+    le->image_filename_offset       = cpu_to_le32(cpu->image_filename_offset);
+    le->image_filename_size         = cpu_to_le32(cpu->image_filename_size);
+
+    le->cluster_bits                = cpu_to_le32(cpu->cluster_bits);
+    le->features                    = cpu_to_le64(cpu->features);
+    le->optional_features           = cpu_to_le64(cpu->optional_features);
+    le->header_pages_size           = cpu_to_le32(cpu->header_pages_size);
+    memcpy(le->backing_fmt, cpu->backing_fmt, sizeof(cpu->backing_fmt));
+    memcpy(le->image_fmt, cpu->image_fmt, sizeof(cpu->image_fmt));
+}
+
+static int add_cow_probe(const uint8_t *buf, int buf_size, const char *filename)
+{
+    const AddCowHeader *header = (const AddCowHeader *)buf;
+
+    if (le64_to_cpu(header->magic) == ADD_COW_MAGIC &&
+        le32_to_cpu(header->version) == ADD_COW_VERSION) {
+        return 100;
+    } else {
+        return 0;
+    }
+}
+
+static int add_cow_create(const char *filename, QemuOpts *opts)
+{
+    AddCowHeader header = {
+        .magic = ADD_COW_MAGIC,
+        .version = ADD_COW_VERSION,
+        .features = 0,
+        .optional_features = 0,
+        .header_pages_size = ADD_COW_DEFAULT_PAGE_SIZE,
+    };
+    AddCowHeader le_header;
+    int64_t image_len = 0;
+    const char *backing_filename = NULL;
+    const char *backing_fmt = NULL;
+    const char *image_filename = NULL;
+    const char *image_format = NULL;
+    BlockDriverState *bs, *image_bs = NULL, *backing_bs = NULL;
+    BlockDriver *drv = bdrv_find_format("add-cow");
+    BDRVAddCowState s;
+    size_t cluster_size;
+    int ret;
+
+    image_len = qemu_opt_get_number(opts, BLOCK_OPT_SIZE, 0);
+    backing_filename = qemu_opt_get(opts, BLOCK_OPT_BACKING_FILE);
+    backing_fmt = qemu_opt_get(opts, BLOCK_OPT_BACKING_FMT);
+    image_filename = qemu_opt_get(opts, BLOCK_OPT_IMAGE_FILE);
+    image_format = qemu_opt_get(opts, BLOCK_OPT_IMAGE_FMT);
+    cluster_size = qemu_opt_get_size(opts, BLOCK_OPT_CLUSTER_SIZE,
+                                     ADD_COW_CLUSTER_SIZE);
+
+    header.cluster_bits = ffs(cluster_size) - 1;
+    if (header.cluster_bits < MIN_CLUSTER_BITS ||
+        header.cluster_bits > MAX_CLUSTER_BITS ||
+        (1 << header.cluster_bits) != cluster_size) {
+        error_report(
+            "Cluster size must be a power of two between %d and %dk",
+            1 << MIN_CLUSTER_BITS, 1 << (MAX_CLUSTER_BITS - 10));
+        return -EINVAL;
+    }
+
+    if (backing_filename) {
+        header.backing_filename_offset = sizeof(header)
+            + sizeof(s.backing_file_format) + sizeof(s.image_file_format);
+        header.backing_filename_size = strlen(backing_filename);
+
+        if (!backing_fmt) {
+            backing_bs = bdrv_new("image");
+            ret = bdrv_open(backing_bs, backing_filename,
+                            BDRV_O_RDWR | BDRV_O_CACHE_WB, NULL);
+            if (ret < 0) {
+                return ret;
+            }
+            backing_fmt = bdrv_get_format_name(backing_bs);
+            bdrv_delete(backing_bs);
+        }
+    } else {
+        header.features |= ADD_COW_F_ALL_ALLOCATED;
+    }
+
+    if (image_filename) {
+        header.image_filename_offset =
+            sizeof(header) + sizeof(s.backing_file_format)
+                + sizeof(s.image_file_format) + header.backing_filename_size;
+        header.image_filename_size = strlen(image_filename);
+    } else {
+        error_report("Error: image_file should be given.");
+        return -EINVAL;
+    }
+
+    if (backing_filename && !strcmp(backing_filename, image_filename)) {
+        error_report("Error: Trying to create an image with the "
+                     "same backing file name as the image file name");
+        return -EINVAL;
+    }
+
+    if (!strcmp(filename, image_filename)) {
+        error_report("Error: Trying to create an image with the "
+                     "same filename as the image file name");
+        return -EINVAL;
+    }
+
+    if (header.image_filename_offset + header.image_filename_size
+            > ADD_COW_PAGE_SIZE * ADD_COW_DEFAULT_PAGE_SIZE) {
+        error_report("image_file name or backing_file name too long.");
+        return -ENOSPC;
+    }
+
+    ret = bdrv_file_open(&image_bs, image_filename, BDRV_O_RDWR);
+    if (ret < 0) {
+        return ret;
+    }
+    bdrv_delete(image_bs);
+
+    ret = bdrv_create_file(filename, NULL);
+    if (ret < 0) {
+        return ret;
+    }
+
+    ret = bdrv_file_open(&bs, filename, BDRV_O_RDWR);
+    if (ret < 0) {
+        return ret;
+    }
+    snprintf(header.backing_fmt, sizeof(header.backing_fmt),
+             "%s", backing_fmt ? backing_fmt : "");
+    snprintf(header.image_fmt, sizeof(header.image_fmt),
+             "%s", image_format ? image_format : "raw");
+    add_cow_header_cpu_to_le(&header, &le_header);
+    ret = bdrv_pwrite(bs, 0, &le_header, sizeof(le_header));
+    if (ret < 0) {
+        bdrv_delete(bs);
+        return ret;
+    }
+
+    if (ret < 0) {
+        bdrv_delete(bs);
+        return ret;
+    }
+
+    if (backing_filename) {
+        ret = bdrv_pwrite(bs, header.backing_filename_offset,
+                          backing_filename, header.backing_filename_size);
+        if (ret < 0) {
+            bdrv_delete(bs);
+            return ret;
+        }
+    }
+
+    ret = bdrv_pwrite(bs, header.image_filename_offset,
+                      image_filename, header.image_filename_size);
+    if (ret < 0) {
+        bdrv_delete(bs);
+        return ret;
+    }
+
+    ret = bdrv_open(bs, filename, BDRV_O_RDWR | BDRV_O_NO_FLUSH, drv);
+    if (ret < 0) {
+        bdrv_delete(bs);
+        return ret;
+    }
+
+    ret = bdrv_truncate(bs, image_len);
+    bdrv_delete(bs);
+    return ret;
+}
+
+static int add_cow_open(BlockDriverState *bs, int flags)
+{
+    char                image_filename[ADD_COW_FILE_LEN];
+    char                tmp_name[ADD_COW_FILE_LEN];
+    int                 ret;
+    int                 sector_per_byte;
+    BDRVAddCowState     *s = bs->opaque;
+    AddCowHeader        le_header;
+
+    ret = bdrv_pread(bs->file, 0, &le_header, sizeof(le_header));
+    if (ret < 0) {
+        goto fail;
+    }
+
+    add_cow_header_le_to_cpu(&le_header, &s->header);
+
+    if (s->header.magic != ADD_COW_MAGIC) {
+        ret = -EINVAL;
+        goto fail;
+    }
+
+    if (s->header.version != ADD_COW_VERSION) {
+        char version[64];
+        snprintf(version, sizeof(version), "ADD-COW version %d",
+                 s->header.version);
+        qerror_report(QERR_UNKNOWN_BLOCK_FORMAT_FEATURE,
+                      bs->device_name, "add-cow", version);
+        ret = -ENOTSUP;
+        goto fail;
+    }
+
+    if (s->header.features & ~ADD_COW_FEATURE_MASK) {
+        char buf[64];
+        snprintf(buf, sizeof(buf), "Feature Flags: %" PRIx64,
+                 s->header.features & ~ADD_COW_FEATURE_MASK);
+        qerror_report(QERR_UNKNOWN_BLOCK_FORMAT_FEATURE,
+                      bs->device_name, "add-cow", buf);
+        return -ENOTSUP;
+    }
+
+    if ((s->header.features & ADD_COW_F_ALL_ALLOCATED) == 0) {
+        ret = bdrv_read_string(bs->file, sizeof(s->header),
+                               sizeof(bs->backing_format) - 1,
+                               bs->backing_format,
+                               sizeof(bs->backing_format));
+        if (ret < 0) {
+            goto fail;
+        }
+    }
+
+    if (s->header.cluster_bits < MIN_CLUSTER_BITS ||
+        s->header.cluster_bits > MAX_CLUSTER_BITS) {
+        ret = -EINVAL;
+        goto fail;
+    }
+
+    if ((s->header.features & ADD_COW_F_ALL_ALLOCATED) == 0) {
+        ret = bdrv_read_string(bs->file, s->header.backing_filename_offset,
+                               s->header.backing_filename_size,
+                               bs->backing_file,
+                               sizeof(bs->backing_file));
+        if (ret < 0) {
+            goto fail;
+        }
+    }
+
+    ret = bdrv_read_string(bs->file, s->header.image_filename_offset,
+                           s->header.image_filename_size, tmp_name,
+                           sizeof(tmp_name));
+    if (ret < 0) {
+        goto fail;
+    }
+
+    s->image_hd = bdrv_new("");
+    if (path_has_protocol(image_filename)) {
+        pstrcpy(image_filename, sizeof(image_filename), tmp_name);
+    } else {
+        path_combine(image_filename, sizeof(image_filename),
+                     bs->filename, tmp_name);
+    }
+
+    ret = bdrv_open(s->image_hd, image_filename, flags, NULL);
+    if (ret < 0) {
+        bdrv_delete(s->image_hd);
+        goto fail;
+    }
+
+    bs->total_sectors = bdrv_getlength(s->image_hd) >> 9;
+    s->cluster_size = 1 << s->header.cluster_bits;
+    sector_per_byte = SECTORS_PER_CLUSTER * 8;
+    s->bitmap_size =
+        (bs->total_sectors + sector_per_byte - 1) / sector_per_byte;
+    s->bitmap_cache =
+        block_cache_create(bs, ADD_COW_CACHE_SIZE, ADD_COW_CACHE_ENTRY_SIZE,
+                           BLOCK_TABLE_BITMAP);
+
+    qemu_co_mutex_init(&s->lock);
+    return 0;
+fail:
+    if (s->bitmap_cache) {
+        block_cache_destroy(bs, s->bitmap_cache);
+    }
+    return ret;
+}
+
+static void add_cow_close(BlockDriverState *bs)
+{
+    BDRVAddCowState *s = bs->opaque;
+    block_cache_destroy(bs, s->bitmap_cache);
+    bdrv_delete(s->image_hd);
+}
+
+static bool is_allocated(BlockDriverState *bs, int64_t sector_num)
+{
+    BDRVAddCowState *s  = bs->opaque;
+    BlockCache *c = s->bitmap_cache;
+    int64_t cluster_num = sector_num / SECTORS_PER_CLUSTER;
+    uint8_t *table      = NULL;
+    bool val = false;
+    int ret;
+
+    uint64_t offset = ADD_COW_PAGE_SIZE * s->header.header_pages_size
+        + (offset_in_bitmap(sector_num) & (~(c->cluster_size - 1)));
+    ret = block_cache_get(bs, s->bitmap_cache, offset, (void **)&table);
+    if (ret < 0) {
+        return ret;
+    }
+
+    val = table[cluster_num / 8 % ADD_COW_CACHE_ENTRY_SIZE]
+        & (1 << (cluster_num % 8));
+    ret = block_cache_put(bs, s->bitmap_cache, (void **)&table);
+    if (ret < 0) {
+        return ret;
+    }
+    return val;
+}
+
+static coroutine_fn int add_cow_is_allocated(BlockDriverState *bs,
+        int64_t sector_num, int nb_sectors, int *num_same)
+{
+    BDRVAddCowState *s = bs->opaque;
+    int changed;
+
+    if (nb_sectors == 0) {
+        *num_same = 0;
+        return 0;
+    }
+
+    if (s->header.features & ADD_COW_F_ALL_ALLOCATED) {
+        *num_same = nb_sectors;
+        return 1;
+    }
+    changed = is_allocated(bs, sector_num);
+
+    for (*num_same = 1; *num_same < nb_sectors; (*num_same)++) {
+        if (is_allocated(bs, sector_num + *num_same) != changed) {
+            break;
+        }
+    }
+    return changed;
+}
+
+static int add_cow_backing_read(BlockDriverState *bs, QEMUIOVector *qiov,
+                                int64_t sector_num, int nb_sectors)
+{
+    int n1;
+    if ((sector_num + nb_sectors) <= bs->total_sectors) {
+        return nb_sectors;
+    }
+    if (sector_num >= bs->total_sectors) {
+        n1 = 0;
+    } else {
+        n1 = bs->total_sectors - sector_num;
+    }
+
+    qemu_iovec_memset(qiov, BDRV_SECTOR_SIZE * n1,
+                      0, BDRV_SECTOR_SIZE * (nb_sectors - n1));
+
+    return n1;
+}
+
+static coroutine_fn int add_cow_co_readv(BlockDriverState *bs,
+                                         int64_t sector_num,
+                                         int remaining_sectors,
+                                         QEMUIOVector *qiov)
+{
+    BDRVAddCowState *s  = bs->opaque;
+    int cur_nr_sectors;
+    uint64_t bytes_done = 0;
+    QEMUIOVector hd_qiov;
+    int n1, ret = 0;
+
+    qemu_iovec_init(&hd_qiov, qiov->niov);
+    qemu_co_mutex_lock(&s->lock);
+    while (remaining_sectors != 0) {
+        cur_nr_sectors = remaining_sectors;
+        if (add_cow_is_allocated(bs, sector_num, cur_nr_sectors,
+                                 &cur_nr_sectors)) {
+            qemu_iovec_reset(&hd_qiov);
+            qemu_iovec_concat(&hd_qiov, qiov, bytes_done,
+                              cur_nr_sectors * BDRV_SECTOR_SIZE);
+            qemu_co_mutex_unlock(&s->lock);
+            ret = bdrv_co_readv(s->image_hd, sector_num,
+                                cur_nr_sectors, &hd_qiov);
+            qemu_co_mutex_lock(&s->lock);
+            if (ret < 0) {
+                goto fail;
+            }
+        } else {
+            if (bs->backing_hd) {
+                qemu_iovec_reset(&hd_qiov);
+                qemu_iovec_concat(&hd_qiov, qiov, bytes_done,
+                                  cur_nr_sectors * BDRV_SECTOR_SIZE);
+                n1 = add_cow_backing_read(bs->backing_hd, &hd_qiov,
+                                          sector_num, cur_nr_sectors);
+                if (n1 > 0) {
+                    qemu_co_mutex_unlock(&s->lock);
+                    ret = bdrv_co_readv(bs->backing_hd, sector_num,
+                                        cur_nr_sectors, &hd_qiov);
+                    qemu_co_mutex_lock(&s->lock);
+                    if (ret < 0) {
+                        goto fail;
+                    }
+                }
+            } else {
+                qemu_iovec_memset(&hd_qiov, 0, 0,
+                                  BDRV_SECTOR_SIZE * cur_nr_sectors);
+            }
+        }
+        remaining_sectors -= cur_nr_sectors;
+        sector_num += cur_nr_sectors;
+        bytes_done += cur_nr_sectors * BDRV_SECTOR_SIZE;
+    }
+fail:
+    qemu_co_mutex_unlock(&s->lock);
+    qemu_iovec_destroy(&hd_qiov);
+    return ret;
+}
+
+static int coroutine_fn copy_sectors(BlockDriverState *bs,
+                                     int n_start, int n_end)
+{
+    BDRVAddCowState *s = bs->opaque;
+    QEMUIOVector qiov;
+    struct iovec iov;
+    int n, ret;
+
+    n = n_end - n_start;
+    if (n <= 0) {
+        return 0;
+    }
+
+    iov.iov_len = n * BDRV_SECTOR_SIZE;
+    iov.iov_base = qemu_blockalign(bs, iov.iov_len);
+
+    qemu_iovec_init_external(&qiov, &iov, 1);
+
+    ret = bdrv_co_readv(bs->backing_hd, n_start, n, &qiov);
+    if (ret < 0) {
+        goto out;
+    }
+    ret = bdrv_co_writev(s->image_hd, n_start, n, &qiov);
+    if (ret < 0) {
+        goto out;
+    }
+
+    ret = 0;
+out:
+    qemu_vfree(iov.iov_base);
+    return ret;
+}
+
+static coroutine_fn int add_cow_co_writev(BlockDriverState *bs,
+                                          int64_t sector_num,
+                                          int remaining_sectors,
+                                          QEMUIOVector *qiov)
+{
+    BDRVAddCowState *s = bs->opaque;
+    BlockCache *c = s->bitmap_cache;
+    int ret = 0, i;
+    QEMUIOVector hd_qiov;
+    uint8_t *table;
+    uint64_t offset;
+    int mask = SECTORS_PER_CLUSTER - 1;
+    int table_mask = c->cluster_size - 1;
+
+    qemu_co_mutex_lock(&s->lock);
+    qemu_iovec_init(&hd_qiov, qiov->niov);
+    ret = bdrv_co_writev(s->image_hd, sector_num,
+                         remaining_sectors, qiov);
+
+    if (ret < 0) {
+        goto fail;
+    }
+    if ((s->header.features & ADD_COW_F_ALL_ALLOCATED) == 0) {
+        /* Copy content of unmodified sectors */
+        if (!is_cluster_head(sector_num) && !is_allocated(bs, sector_num)) {
+            ret = copy_sectors(bs, sector_num & ~mask, sector_num);
+            if (ret < 0) {
+                goto fail;
+            }
+        }
+
+        if (!is_cluster_tail(sector_num + remaining_sectors - 1)
+            && !is_allocated(bs, sector_num + remaining_sectors - 1)) {
+            ret = copy_sectors(bs, sector_num + remaining_sectors,
+                               ((sector_num + remaining_sectors) | mask) + 1);
+            if (ret < 0) {
+                goto fail;
+            }
+        }
+
+        for (i = sector_num / SECTORS_PER_CLUSTER;
+            i <= (sector_num + remaining_sectors - 1) / SECTORS_PER_CLUSTER;
+            i++) {
+            offset = ADD_COW_PAGE_SIZE * s->header.header_pages_size
+                + (offset_in_bitmap(i * SECTORS_PER_CLUSTER) & (~table_mask));
+            ret = block_cache_get(bs, s->bitmap_cache, offset, (void **)&table);
+            if (ret < 0) {
+                goto fail;
+            }
+            if ((table[i / 8] & (1 << (i % 8))) == 0) {
+                table[i / 8] |= (1 << (i % 8));
+                block_cache_entry_mark_dirty(s->bitmap_cache, table);
+            }
+
+            ret = block_cache_put(bs, s->bitmap_cache, (void **) &table);
+            if (ret < 0) {
+                goto fail;
+            }
+        }
+    }
+    ret = 0;
+fail:
+    qemu_co_mutex_unlock(&s->lock);
+    qemu_iovec_destroy(&hd_qiov);
+    return ret;
+}
+
+static int bdrv_add_cow_truncate(BlockDriverState *bs, int64_t size)
+{
+    BDRVAddCowState *s = bs->opaque;
+    int sector_per_byte = SECTORS_PER_CLUSTER * 8;
+    int ret;
+    uint32_t bitmap_pos = s->header.header_pages_size * ADD_COW_PAGE_SIZE;
+    int64_t bitmap_size =
+        (size / BDRV_SECTOR_SIZE + sector_per_byte - 1) / sector_per_byte;
+    bitmap_size = (bitmap_size + ADD_COW_CACHE_ENTRY_SIZE - 1)
+        & (~(ADD_COW_CACHE_ENTRY_SIZE - 1));
+
+    ret = bdrv_truncate(bs->file, bitmap_pos + bitmap_size);
+    if (ret < 0) {
+        return ret;
+    }
+
+    ret = bdrv_truncate(s->image_hd, size);
+    if (ret < 0) {
+        return ret;
+    }
+    return 0;
+}
+
+static int add_cow_reopen_prepare(BDRVReopenState *state,
+                                  BlockReopenQueue *queue, Error **errp)
+{
+    BDRVAddCowState *s;
+    int ret = -1;
+
+    assert(state != NULL);
+    assert(state->bs != NULL);
+
+    if (queue == NULL) {
+        error_set(errp, ERROR_CLASS_GENERIC_ERROR,
+                  "No reopen queue for add-cow");
+        goto exit;
+    }
+
+    s = state->bs->opaque;
+
+    assert(s != NULL);
+
+
+    bdrv_reopen_queue(queue, s->image_hd, state->flags);
+    ret = 0;
+
+exit:
+    return ret;
+}
+
+
+static coroutine_fn int add_cow_co_flush(BlockDriverState *bs)
+{
+    BDRVAddCowState *s = bs->opaque;
+    int ret;
+
+    qemu_co_mutex_lock(&s->lock);
+    ret = block_cache_flush(bs, s->bitmap_cache);
+    if (ret < 0) {
+        return ret;
+    }
+    ret = bdrv_flush(s->image_hd);
+    qemu_co_mutex_unlock(&s->lock);
+    return ret;
+}
+
+static int add_cow_get_info(BlockDriverState *bs, BlockDriverInfo *bdi)
+{
+    BDRVAddCowState *s = bs->opaque;
+    bdi->cluster_size = s->cluster_size;
+    return 0;
+}
+
+static QemuOptsList add_cow_create_opts = {
+    .name = "add-cow-create-opts",
+    .head = QTAILQ_HEAD_INITIALIZER(add_cow_create_opts.head),
+    .desc = {
+        {
+            .name = BLOCK_OPT_SIZE,
+            .type = QEMU_OPT_NUMBER,
+            .help = "Virtual disk size"
+        },
+        {
+            .name = BLOCK_OPT_BACKING_FILE,
+            .type = QEMU_OPT_STRING,
+            .help = "File name of a base image"
+        },
+        {
+            .name = BLOCK_OPT_BACKING_FMT,
+            .type = QEMU_OPT_STRING,
+            .help = "Image format of the base image"
+        },
+        {
+            .name = BLOCK_OPT_IMAGE_FILE,
+            .type = QEMU_OPT_STRING,
+            .help = "File name of a image file"
+        },
+        {
+            .name = BLOCK_OPT_IMAGE_FMT,
+            .type = QEMU_OPT_STRING,
+            .help = "Image format of the image file"
+        },
+        {
+            .name = BLOCK_OPT_CLUSTER_SIZE,
+            .type = QEMU_OPT_SIZE,
+            .help = "add-cow cluster size",
+            .def_value = ADD_COW_CLUSTER_SIZE
+        },
+        { /* end of list */ }
+    }
+};
+
+static QemuOptsList *add_cow_create_options(void)
+{
+    return &add_cow_create_opts;
+}
+
+static BlockDriver bdrv_add_cow = {
+    .format_name                = "add-cow",
+    .instance_size              = sizeof(BDRVAddCowState),
+    .bdrv_probe                 = add_cow_probe,
+    .bdrv_open                  = add_cow_open,
+    .bdrv_close                 = add_cow_close,
+    .bdrv_create                = add_cow_create,
+    .bdrv_co_readv              = add_cow_co_readv,
+    .bdrv_co_writev             = add_cow_co_writev,
+    .bdrv_truncate              = bdrv_add_cow_truncate,
+    .bdrv_co_is_allocated       = add_cow_is_allocated,
+    .bdrv_reopen_prepare        = add_cow_reopen_prepare,
+    .bdrv_get_info              = add_cow_get_info,
+
+    .bdrv_create_options        = add_cow_create_options,
+    .bdrv_co_flush_to_os        = add_cow_co_flush,
+};
+
+static void bdrv_add_cow_init(void)
+{
+    bdrv_register(&bdrv_add_cow);
+}
+
+block_init(bdrv_add_cow_init);
diff --git a/block/add-cow.h b/block/add-cow.h
new file mode 100644
index 0000000..ba9a61e
--- /dev/null
+++ b/block/add-cow.h
@@ -0,0 +1,85 @@ 
+/*
+ * QEMU ADD-COW Disk Format
+ *
+ * Copyright IBM, Corp. 2012
+ *
+ * Authors:
+ *  Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU LGPL, version 2 or later.
+ * See the COPYING.LIB file in the top-level directory.
+ *
+ */
+
+#ifndef BLOCK_ADD_COW_H
+#define BLOCK_ADD_COW_H
+#include "block-cache.h"
+
+enum {
+    ADD_COW_F_ALL_ALLOCATED     = 0X01,
+    ADD_COW_FEATURE_MASK        = ADD_COW_F_ALL_ALLOCATED,
+
+    ADD_COW_MAGIC = (((uint64_t)'A' << 56) | ((uint64_t)'D' << 48) | \
+                    ((uint64_t)'D' << 40) | ((uint64_t)'_' << 32) | \
+                    ((uint64_t)'C' << 24) | ((uint64_t)'O' << 16) | \
+                    ((uint64_t)'W' << 8) | 0xFF),
+    ADD_COW_VERSION             = 1,
+    ADD_COW_FILE_LEN            = 1024,
+    ADD_COW_CACHE_SIZE          = 16,
+    ADD_COW_CACHE_ENTRY_SIZE    = 65536,
+    ADD_COW_CLUSTER_SIZE        = 65536,
+    SECTORS_PER_CLUSTER         = (ADD_COW_CLUSTER_SIZE / BDRV_SECTOR_SIZE),
+    ADD_COW_PAGE_SIZE           = 4096,
+    ADD_COW_DEFAULT_PAGE_SIZE   = 1,
+    MIN_CLUSTER_BITS            = 9,
+    MAX_CLUSTER_BITS            = 21,
+};
+
+typedef struct AddCowHeader {
+    uint64_t    magic;
+    uint32_t    version;
+
+    uint32_t    backing_filename_offset;
+    uint32_t    backing_filename_size;
+
+    uint32_t    image_filename_offset;
+    uint32_t    image_filename_size;
+
+    uint32_t    cluster_bits;
+
+    uint64_t    features;
+    uint64_t    optional_features;
+    uint32_t    header_pages_size;
+
+    char        backing_fmt[16];
+    char        image_fmt[16];
+} QEMU_PACKED AddCowHeader;
+
+typedef struct BDRVAddCowState {
+    BlockDriverState    *image_hd;
+    CoMutex             lock;
+    int                 cluster_size;
+    BlockCache         *bitmap_cache;
+    uint64_t            bitmap_size;
+    AddCowHeader        header;
+    char                backing_file_format[16];
+    char                image_file_format[16];
+} BDRVAddCowState;
+
+/* Convert sector_num to offset in bitmap */
+static inline int64_t offset_in_bitmap(int64_t sector_num)
+{
+    int64_t cluster_num = sector_num / SECTORS_PER_CLUSTER;
+    return cluster_num / 8;
+}
+
+static inline bool is_cluster_head(int64_t sector_num)
+{
+    return sector_num % SECTORS_PER_CLUSTER == 0;
+}
+
+static inline bool is_cluster_tail(int64_t sector_num)
+{
+    return (sector_num + 1) % SECTORS_PER_CLUSTER == 0;
+}
+#endif
diff --git a/block/block-cache.c b/block/block-cache.c
index bf5c57c..1a30462 100644
--- a/block/block-cache.c
+++ b/block/block-cache.c
@@ -112,6 +112,8 @@  static int block_cache_entry_flush(BlockDriverState *bs, BlockCache *c, int i)
         BLKDBG_EVENT(bs->file, BLKDBG_REFBLOCK_UPDATE_PART);
     } else if (c->table_type == BLOCK_TABLE_L2) {
         BLKDBG_EVENT(bs->file, BLKDBG_L2_UPDATE);
+    } else if (c->table_type == BLOCK_TABLE_BITMAP) {
+        BLKDBG_EVENT(bs->file, BLKDBG_COW_WRITE);
     }
 
     ret = bdrv_pwrite(bs->file, c->entries[i].offset,
@@ -245,6 +247,8 @@  static int block_cache_do_get(BlockDriverState *bs, BlockCache *c,
     if (read_from_disk) {
         if (c->table_type == BLOCK_TABLE_L2) {
             BLKDBG_EVENT(bs->file, BLKDBG_L2_LOAD);
+        } else if (c->table_type == BLOCK_TABLE_BITMAP) {
+            BLKDBG_EVENT(bs->file, BLKDBG_COW_READ);
         }
 
         ret = bdrv_pread(bs->file, offset, c->entries[i].table,
diff --git a/block/block-cache.h b/block/block-cache.h
index 4efa06e..a3c4a1c 100644
--- a/block/block-cache.h
+++ b/block/block-cache.h
@@ -37,6 +37,7 @@ 
 typedef enum {
     BLOCK_TABLE_REF,
     BLOCK_TABLE_L2,
+    BLOCK_TABLE_BITMAP,
 } BlockTableType;
 
 typedef struct BlockCachedTable {
diff --git a/block_int.h b/block_int.h
index a104e70..8a79045 100644
--- a/block_int.h
+++ b/block_int.h
@@ -55,6 +55,8 @@ 
 #define BLOCK_OPT_SUBFMT            "subformat"
 #define BLOCK_OPT_COMPAT_LEVEL      "compat"
 #define BLOCK_OPT_LAZY_REFCOUNTS    "lazy_refcounts"
+#define BLOCK_OPT_IMAGE_FILE        "image_file"
+#define BLOCK_OPT_IMAGE_FMT         "image_format"
 
 typedef struct BdrvTrackedRequest BdrvTrackedRequest;