From nobody Tue Feb 10 23:53:00 2026 Delivered-To: importer@patchew.org Received-SPF: temperror (zoho.com: Error in retrieving data from DNS) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=temperror (zoho.com: Error in retrieving data from DNS) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (208.118.235.17 [208.118.235.17]) by mx.zohomail.com with SMTPS id 1510933795936964.6346302868621; Fri, 17 Nov 2017 07:49:55 -0800 (PST) Received: from localhost ([::1]:46535 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eFitV-0003vb-Te for importer@patchew.org; Fri, 17 Nov 2017 10:49:29 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46608) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eFirz-0003Ex-US for qemu-devel@nongnu.org; Fri, 17 Nov 2017 10:47:56 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eFirz-00087p-0e for qemu-devel@nongnu.org; Fri, 17 Nov 2017 10:47:55 -0500 Received: from mx1.redhat.com ([209.132.183.28]:54332) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eFirw-00081a-JC; Fri, 17 Nov 2017 10:47:52 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9295C3D953; Fri, 17 Nov 2017 15:47:51 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-117-103.ams2.redhat.com [10.36.117.103]) by smtp.corp.redhat.com (Postfix) with ESMTP id D80CD83A9C; Fri, 17 Nov 2017 15:47:46 +0000 (UTC) From: Kevin Wolf To: qemu-block@nongnu.org Date: Fri, 17 Nov 2017 16:47:38 +0100 Message-Id: <20171117154739.32565-2-kwolf@redhat.com> In-Reply-To: <20171117154739.32565-1-kwolf@redhat.com> References: <20171117154739.32565-1-kwolf@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Fri, 17 Nov 2017 15:47:51 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH for-2.11 1/2] block: Fix permissions in image activation X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kwolf@redhat.com, vsementsov@virtuozzo.com, qemu-devel@nongnu.org, mreitz@redhat.com, den@openvz.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_6 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Inactive images generally request less permissions for their image files than they would if they were active (in particular, write permissions). Activating the image involves extending the permissions, therefore. drv->bdrv_invalidate_cache() can already require write access to the image file, so we have to update the permissions earlier than that. The current code does it only later, so we have to move up this part. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz --- block.c | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/block.c b/block.c index edc5bb9f9b..6fe5b91260 100644 --- a/block.c +++ b/block.c @@ -4178,7 +4178,29 @@ void bdrv_invalidate_cache(BlockDriverState *bs, Err= or **errp) } } =20 + /* + * Update permissions, they may differ for inactive nodes. + * + * Note that the required permissions of inactive images are always a + * subset of the permissions required after activating the image. This + * allows us to just get the permissions upfront without restricting + * drv->bdrv_invalidate_cache(). + * + * It also means that in error cases, we don't have to try and revert = to + * the old permissions (which is an operation that could fail, too). W= e can + * just keep the extended permissions for the next time that an activa= tion + * of the image is tried. + */ bs->open_flags &=3D ~BDRV_O_INACTIVE; + bdrv_get_cumulative_perm(bs, &perm, &shared_perm); + ret =3D bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, &local_err); + if (ret < 0) { + bs->open_flags |=3D BDRV_O_INACTIVE; + error_propagate(errp, local_err); + return; + } + bdrv_set_perm(bs, perm, shared_perm); + if (bs->drv->bdrv_invalidate_cache) { bs->drv->bdrv_invalidate_cache(bs, &local_err); if (local_err) { @@ -4195,16 +4217,6 @@ void bdrv_invalidate_cache(BlockDriverState *bs, Err= or **errp) return; } =20 - /* Update permissions, they may differ for inactive nodes */ - bdrv_get_cumulative_perm(bs, &perm, &shared_perm); - ret =3D bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, &local_err); - if (ret < 0) { - bs->open_flags |=3D BDRV_O_INACTIVE; - error_propagate(errp, local_err); - return; - } - bdrv_set_perm(bs, perm, shared_perm); - QLIST_FOREACH(parent, &bs->parents, next_parent) { if (parent->role->activate) { parent->role->activate(parent, &local_err); --=20 2.13.6