From nobody Sat Feb 7 07:30:54 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 155232324133390.29636589132247; Mon, 11 Mar 2019 09:54:01 -0700 (PDT) Received: from localhost ([127.0.0.1]:36734 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h3OBU-0004ZR-5A for importer@patchew.org; Mon, 11 Mar 2019 12:53:52 -0400 Received: from eggs.gnu.org ([209.51.188.92]:59233) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h3O9K-00037v-J3 for qemu-devel@nongnu.org; Mon, 11 Mar 2019 12:51:39 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h3O8P-0007lt-Pi for qemu-devel@nongnu.org; Mon, 11 Mar 2019 12:50:42 -0400 Received: from mx1.redhat.com ([209.132.183.28]:56800) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h3O8O-0007kf-DS; Mon, 11 Mar 2019 12:50:40 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A774D155AC; Mon, 11 Mar 2019 16:50:39 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-234.ams2.redhat.com [10.36.116.234]) by smtp.corp.redhat.com (Postfix) with ESMTP id 146D8600CD; Mon, 11 Mar 2019 16:50:37 +0000 (UTC) From: Kevin Wolf To: qemu-block@nongnu.org Date: Mon, 11 Mar 2019 17:50:16 +0100 Message-Id: <20190311165017.32247-10-kwolf@redhat.com> In-Reply-To: <20190311165017.32247-1-kwolf@redhat.com> References: <20190311165017.32247-1-kwolf@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Mon, 11 Mar 2019 16:50:39 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v2 09/10] file-posix: Prepare permission code for fd switching X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kwolf@redhat.com, pkrempa@redhat.com, berto@igalia.com, qemu-devel@nongnu.org, mreitz@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" In order to be able to dynamically reopen the file read-only or read-write, depending on the users that are attached, we need to be able to switch to a different file descriptor during the permission change. This interacts with reopen, which also creates a new file descriptor and performs permission changes internally. In this case, the permission change code must reuse the reopen file descriptor instead of creating a third one. In turn, reopen can drop its code to copy file locks to the new file descriptor because that is now done when applying the new permissions. Signed-off-by: Kevin Wolf --- block/file-posix.c | 96 ++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 85 insertions(+), 11 deletions(-) diff --git a/block/file-posix.c b/block/file-posix.c index 932cc8e58c..e41e0779c6 100644 --- a/block/file-posix.c +++ b/block/file-posix.c @@ -144,6 +144,7 @@ typedef struct BDRVRawState { uint64_t locked_perm; uint64_t locked_shared_perm; =20 + int perm_change_fd; BDRVReopenState *reopen_state; =20 #ifdef CONFIG_XFS @@ -845,7 +846,8 @@ static int raw_handle_perm_lock(BlockDriverState *bs, } =20 static int raw_reconfigure_getfd(BlockDriverState *bs, int flags, - int *open_flags, Error **errp) + int *open_flags, bool force_dup, + Error **errp) { BDRVRawState *s =3D bs->opaque; int fd =3D -1; @@ -871,6 +873,11 @@ static int raw_reconfigure_getfd(BlockDriverState *bs,= int flags, assert((s->open_flags & O_ASYNC) =3D=3D 0); #endif =20 + if (!force_dup && *open_flags =3D=3D s->open_flags) { + /* We're lucky, the existing fd is fine */ + return s->fd; + } + if ((*open_flags & ~fcntl_flags) =3D=3D (s->open_flags & ~fcntl_flags)= ) { /* dup the original fd */ fd =3D qemu_dup(s->fd); @@ -935,7 +942,7 @@ static int raw_reopen_prepare(BDRVReopenState *state, qemu_opts_to_qdict(opts, state->options); =20 rs->fd =3D raw_reconfigure_getfd(state->bs, state->flags, &rs->open_fl= ags, - &local_err); + true, &local_err); if (local_err) { error_propagate(errp, local_err); ret =3D -1; @@ -951,14 +958,6 @@ static int raw_reopen_prepare(BDRVReopenState *state, ret =3D -EINVAL; goto out_fd; } - - /* Copy locks to the new fd */ - ret =3D raw_apply_lock_bytes(NULL, rs->fd, s->locked_perm, - s->locked_shared_perm, false, errp); - if (ret < 0) { - ret =3D -EINVAL; - goto out_fd; - } } =20 s->reopen_state =3D state; @@ -2696,12 +2695,78 @@ static QemuOptsList raw_create_opts =3D { static int raw_check_perm(BlockDriverState *bs, uint64_t perm, uint64_t sh= ared, Error **errp) { - return raw_handle_perm_lock(bs, RAW_PL_PREPARE, perm, shared, errp); + BDRVRawState *s =3D bs->opaque; + BDRVRawReopenState *rs =3D NULL; + int open_flags; + int ret; + + if (s->perm_change_fd) { + /* + * In the context of reopen, this function may be called several t= imes + * (directly and recursively while change permissions of the paren= t). + * This is even true for children that don't inherit from the orig= inal + * reopen node, so s->reopen_state is not set. + * + * Ignore all but the first call. + */ + return 0; + } + + if (s->reopen_state) { + /* We already have a new file descriptor to set permissions for */ + assert(s->reopen_state->perm =3D=3D perm); + assert(s->reopen_state->shared_perm =3D=3D shared); + rs =3D s->reopen_state->opaque; + s->perm_change_fd =3D rs->fd; + } else { + /* We may need a new fd if auto-read-only switches the mode */ + ret =3D raw_reconfigure_getfd(bs, bs->open_flags, &open_flags, + false, errp); + if (ret < 0) { + return ret; + } else if (ret !=3D s->fd) { + s->perm_change_fd =3D ret; + } + } + + /* Prepare permissions on old fd to avoid conflicts between old and ne= w, + * but keep everything locked that new will need. */ + ret =3D raw_handle_perm_lock(bs, RAW_PL_PREPARE, perm, shared, errp); + if (ret < 0) { + goto fail; + } + + /* Copy locks to the new fd */ + if (s->perm_change_fd) { + ret =3D raw_apply_lock_bytes(NULL, s->perm_change_fd, perm, ~share= d, + false, errp); + if (ret < 0) { + raw_handle_perm_lock(bs, RAW_PL_ABORT, 0, 0, NULL); + goto fail; + } + } + return 0; + +fail: + if (s->perm_change_fd && !s->reopen_state) { + qemu_close(s->perm_change_fd); + } + s->perm_change_fd =3D 0; + return ret; } =20 static void raw_set_perm(BlockDriverState *bs, uint64_t perm, uint64_t sha= red) { BDRVRawState *s =3D bs->opaque; + + /* For reopen, we have already switched to the new fd (.bdrv_set_perm = is + * called after .bdrv_reopen_commit) */ + if (s->perm_change_fd && s->fd !=3D s->perm_change_fd) { + qemu_close(s->fd); + s->fd =3D s->perm_change_fd; + } + s->perm_change_fd =3D 0; + raw_handle_perm_lock(bs, RAW_PL_COMMIT, perm, shared, NULL); s->perm =3D perm; s->shared_perm =3D shared; @@ -2709,6 +2774,15 @@ static void raw_set_perm(BlockDriverState *bs, uint6= 4_t perm, uint64_t shared) =20 static void raw_abort_perm_update(BlockDriverState *bs) { + BDRVRawState *s =3D bs->opaque; + + /* For reopen, .bdrv_reopen_abort is called afterwards and will close + * the file descriptor. */ + if (s->perm_change_fd && !s->reopen_state) { + qemu_close(s->perm_change_fd); + } + s->perm_change_fd =3D 0; + raw_handle_perm_lock(bs, RAW_PL_ABORT, 0, 0, NULL); } =20 --=20 2.20.1