From nobody Sat May 4 13:50:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1558545190; cv=none; d=zoho.com; s=zohoarc; b=Q9kUDLPyw/BPiJKFysuAfYjRyW7YvY26YhBewSKNH3C2c6NoQslT8CZaBFRnCRbfJ46hTzmJ97yKukOUHAh/U9ZYAp9CQ5iqy/6HQCNld6HEhKj/3sP3guw7BXkT+NME1gMsUnk0HxWTmEywuVOpQNT3A1rf/OPdZ2dQ7gaQo5g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1558545190; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=Q1OqvnWKBODrG9GhQIPaqrS+ssTAqDM4pJaeKfDOWS0=; b=Sf8WxtRDQONvzalj7gBkbEUvGGulLgIK7v2h0uslzJfbbX6iWglQ9kpci7rc0hfpdRgAyF/C7tS/a1avnUg6Yqqq1dXgzAWaN/6mh4Q9hDLtcUmVkGD8mxz4WoS3koQjt2X+NuYfzzxt/wqOU2Y6gVB1AuyJIoBHshfC40+uEW4= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1558545190932393.15837635790615; Wed, 22 May 2019 10:13:10 -0700 (PDT) Received: from localhost ([127.0.0.1]:48058 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTUna-00019W-0C for importer@patchew.org; Wed, 22 May 2019 13:13:06 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41956) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTUjr-00076u-9t for qemu-devel@nongnu.org; Wed, 22 May 2019 13:09:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hTUjo-0003rQ-Sv for qemu-devel@nongnu.org; Wed, 22 May 2019 13:09:15 -0400 Received: from mx1.redhat.com ([209.132.183.28]:46434) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hTUer-0007Nh-EH; Wed, 22 May 2019 13:04:05 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 01275330260; Wed, 22 May 2019 17:04:01 +0000 (UTC) Received: from localhost (ovpn-204-123.brq.redhat.com [10.40.204.123]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8DDAF19C4F; Wed, 22 May 2019 17:03:58 +0000 (UTC) From: Max Reitz To: qemu-block@nongnu.org Date: Wed, 22 May 2019 19:03:45 +0200 Message-Id: <20190522170352.12020-2-mreitz@redhat.com> In-Reply-To: <20190522170352.12020-1-mreitz@redhat.com> References: <20190522170352.12020-1-mreitz@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Wed, 22 May 2019 17:04:01 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v3 1/8] file-posix: Update open_flags in raw_set_perm() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , qemu-devel@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" raw_check_perm() + raw_set_perm() can change the flags associated with the current FD. If so, we have to update BDRVRawState.open_flags accordingly. Otherwise, we may keep reopening the FD even though the current one already has the correct flags. Signed-off-by: Max Reitz Reviewed-by: Kevin Wolf --- block/file-posix.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/block/file-posix.c b/block/file-posix.c index d018429672..5a54968183 100644 --- a/block/file-posix.c +++ b/block/file-posix.c @@ -145,6 +145,7 @@ typedef struct BDRVRawState { uint64_t locked_shared_perm; =20 int perm_change_fd; + int perm_change_flags; BDRVReopenState *reopen_state; =20 #ifdef CONFIG_XFS @@ -2783,6 +2784,7 @@ static int raw_check_perm(BlockDriverState *bs, uint6= 4_t perm, uint64_t shared, assert(s->reopen_state->shared_perm =3D=3D shared); rs =3D s->reopen_state->opaque; s->perm_change_fd =3D rs->fd; + s->perm_change_flags =3D rs->open_flags; } else { /* We may need a new fd if auto-read-only switches the mode */ ret =3D raw_reconfigure_getfd(bs, bs->open_flags, &open_flags, per= m, @@ -2791,6 +2793,7 @@ static int raw_check_perm(BlockDriverState *bs, uint6= 4_t perm, uint64_t shared, return ret; } else if (ret !=3D s->fd) { s->perm_change_fd =3D ret; + s->perm_change_flags =3D open_flags; } } =20 @@ -2829,6 +2832,7 @@ static void raw_set_perm(BlockDriverState *bs, uint64= _t perm, uint64_t shared) if (s->perm_change_fd && s->fd !=3D s->perm_change_fd) { qemu_close(s->fd); s->fd =3D s->perm_change_fd; + s->open_flags =3D s->perm_change_flags; } s->perm_change_fd =3D 0; =20 --=20 2.21.0 From nobody Sat May 4 13:50:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1558544779; cv=none; d=zoho.com; s=zohoarc; b=cX3/tK/QMDerjYfnmILn5AaE4tZJneJBrx/sdIXx/RAwjo8Pv+vpYdSDOAnKbyySyaMJxo1b42ecMtKOYgTD9GW9Dt6GAmFrxiuYfP9Vvk/RMORNA5HP9ld4kQ1xcBU5qmFgbtGlRXxrLIysWtmm1n6yor7hYEIqE0v8WUVWMwM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1558544779; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=me7fijLHNnO0tMVF2mZxCfGXx1ySilVd+KYbLiuG1yI=; b=hWcQEjpGNVUERo7LQEd2MOb+AagmfLxERWDFTQk8afOgEOtoMkD1HK/V+U3S7F7roswmz2D7pmaYmvOQWeCU2ept9t4f73D/qd7WVpqWkq1ZVPjeXDBw1HseYtj1Y30P9f8Py71mfaQjvL/5V/i1PTQdOEkFpq9OVVOVLt4Xk9I= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (209.51.188.17 [209.51.188.17]) by mx.zohomail.com with SMTPS id 1558544779904294.61694718485865; Wed, 22 May 2019 10:06:19 -0700 (PDT) Received: from localhost ([127.0.0.1]:47973 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTUgs-0004XI-Vc for importer@patchew.org; Wed, 22 May 2019 13:06:11 -0400 Received: from eggs.gnu.org ([209.51.188.92]:40701) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTUfE-0003aC-Gn for qemu-devel@nongnu.org; Wed, 22 May 2019 13:04:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hTUfC-0007nF-DX for qemu-devel@nongnu.org; Wed, 22 May 2019 13:04:28 -0400 Received: from mx1.redhat.com ([209.132.183.28]:33118) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hTUf6-0007ay-Ed; Wed, 22 May 2019 13:04:22 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D9F8F820E9; Wed, 22 May 2019 17:04:04 +0000 (UTC) Received: from localhost (ovpn-204-123.brq.redhat.com [10.40.204.123]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1E1E5600C0; Wed, 22 May 2019 17:04:03 +0000 (UTC) From: Max Reitz To: qemu-block@nongnu.org Date: Wed, 22 May 2019 19:03:46 +0200 Message-Id: <20190522170352.12020-3-mreitz@redhat.com> In-Reply-To: <20190522170352.12020-1-mreitz@redhat.com> References: <20190522170352.12020-1-mreitz@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Wed, 22 May 2019 17:04:09 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v3 2/8] block: Add bdrv_child_refresh_perms() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , qemu-devel@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" If a block node uses bdrv_child_try_set_perm() to change the permission it takes on its child, the result may be very short-lived. If anything makes the block layer recalculate the permissions internally, it will invoke the node driver's .bdrv_child_perm() implementation. The permission/shared permissions masks that returns will then override the values previously passed to bdrv_child_try_set_perm(). If drivers want a child edge to have specific values for the permissions/shared permissions mask, it must return them in .bdrv_child_perm(). Consequentially, there is no need for them to pass the same values to bdrv_child_try_set_perm() then: It is better to have a function that invokes .bdrv_child_perm() and calls bdrv_child_try_set_perm() with the result. This patch adds such a function under the name of bdrv_child_refresh_perms(). Signed-off-by: Max Reitz Reviewed-by: Kevin Wolf --- include/block/block_int.h | 15 +++++++++++++++ block.c | 12 ++++++++++++ 2 files changed, 27 insertions(+) diff --git a/include/block/block_int.h b/include/block/block_int.h index 1eebc7c8f3..e1f6d50b01 100644 --- a/include/block/block_int.h +++ b/include/block/block_int.h @@ -1167,9 +1167,24 @@ BdrvChild *bdrv_root_attach_child(BlockDriverState *= child_bs, void *opaque, Error **errp); void bdrv_root_unref_child(BdrvChild *child); =20 +/** + * Sets a BdrvChild's permissions. Avoid if the parent is a BDS; use + * bdrv_child_refresh_perms() instead and make the parent's + * .bdrv_child_perm() implementation return the correct values. + */ int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared, Error **errp); =20 +/** + * Calls bs->drv->bdrv_child_perm() and updates the child's permission + * masks with the result. + * Drivers should invoke this function whenever an event occurs that + * makes their .bdrv_child_perm() implementation return different + * values than before, but which will not result in the block layer + * automatically refreshing the permissions. + */ +int bdrv_child_refresh_perms(BlockDriverState *bs, BdrvChild *c, Error **e= rrp); + /* Default implementation for BlockDriver.bdrv_child_perm() that can be us= ed by * block filters: Forward CONSISTENT_READ, WRITE, WRITE_UNCHANGED and RESI= ZE to * all children */ diff --git a/block.c b/block.c index 4c3902508d..02157e0652 100644 --- a/block.c +++ b/block.c @@ -2083,6 +2083,18 @@ int bdrv_child_try_set_perm(BdrvChild *c, uint64_t p= erm, uint64_t shared, return 0; } =20 +int bdrv_child_refresh_perms(BlockDriverState *bs, BdrvChild *c, Error **e= rrp) +{ + uint64_t parent_perms, parent_shared; + uint64_t perms, shared; + + bdrv_get_cumulative_perm(bs, &parent_perms, &parent_shared); + bdrv_child_perm(bs, c->bs, c, c->role, NULL, parent_perms, parent_shar= ed, + &perms, &shared); + + return bdrv_child_try_set_perm(c, perms, shared, errp); +} + void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c, const BdrvChildRole *role, BlockReopenQueue *reopen_queue, --=20 2.21.0 From nobody Sat May 4 13:50:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1558544898; cv=none; d=zoho.com; s=zohoarc; b=RH/RtM59TabIpn3NoUbglE+AOS95R6pt3wvNhvTM4C2k01I9KXczdHv89FwiOL2CfwXSzNlxFpKYdfLGkCMbr2EKcIm4tkUHKpBINw8C0Om+UOrULM0xRjuI6KcoNrOXJPnxV3G69DZU5pjsBZxLgFQpf5UC0vDpXv4PaYOlHa0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1558544898; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=9NEKvlineONpJVYL7RD7bV2Xpj6H6DSPeb38ly0FA2M=; b=QL1vKo5BGCC7you64c1F5wjLrRmHOjBuZJlKf5unZumDadOP07Ur7hKUjuZsTdiSnDNJyI8lpzRhhnZgmss+7PjjpFtnTNHzN8paSDPgvgET7E28sVPVxlg5Wtw1S6nyFFS3UIryXpF6lwAut1KLsNMfjosU14f/YClUwvcSNpU= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1558544898526716.4437648855218; Wed, 22 May 2019 10:08:18 -0700 (PDT) Received: from localhost ([127.0.0.1]:47987 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTUip-0006Cr-Fv for importer@patchew.org; Wed, 22 May 2019 13:08:11 -0400 Received: from eggs.gnu.org ([209.51.188.92]:40745) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTUfG-0003cN-I1 for qemu-devel@nongnu.org; Wed, 22 May 2019 13:04:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hTUfE-0007oy-Dn for qemu-devel@nongnu.org; Wed, 22 May 2019 13:04:30 -0400 Received: from mx1.redhat.com ([209.132.183.28]:57528) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hTUf4-0007Vb-J3; Wed, 22 May 2019 13:04:20 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3AA2481DF9; Wed, 22 May 2019 17:04:08 +0000 (UTC) Received: from localhost (ovpn-204-123.brq.redhat.com [10.40.204.123]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C8F43611A0; Wed, 22 May 2019 17:04:06 +0000 (UTC) From: Max Reitz To: qemu-block@nongnu.org Date: Wed, 22 May 2019 19:03:47 +0200 Message-Id: <20190522170352.12020-4-mreitz@redhat.com> In-Reply-To: <20190522170352.12020-1-mreitz@redhat.com> References: <20190522170352.12020-1-mreitz@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 22 May 2019 17:04:08 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v3 3/8] block/mirror: Fix child permissions X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , qemu-devel@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" We cannot use bdrv_child_try_set_perm() to give up all restrictions on the child edge, and still have bdrv_mirror_top_child_perm() request BLK_PERM_WRITE. Fix this by making bdrv_mirror_top_child_perm() return 0/BLK_PERM_ALL when we want to give up all permissions, and replacing bdrv_child_try_set_perm() by bdrv_child_refresh_perms(). The bdrv_child_try_set_perm() before removing the node with bdrv_replace_node() is then unnecessary. No permissions have changed since the previous invocation of bdrv_child_try_set_perm(). Signed-off-by: Max Reitz Reviewed-by: Kevin Wolf --- block/mirror.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/block/mirror.c b/block/mirror.c index ec4bd9f404..649ce55551 100644 --- a/block/mirror.c +++ b/block/mirror.c @@ -85,6 +85,7 @@ typedef struct MirrorBlockJob { =20 typedef struct MirrorBDSOpaque { MirrorBlockJob *job; + bool stop; } MirrorBDSOpaque; =20 struct MirrorOp { @@ -656,8 +657,9 @@ static int mirror_exit_common(Job *job) =20 /* We don't access the source any more. Dropping any WRITE/RESIZE is * required before it could become a backing file of target_bs. */ - bdrv_child_try_set_perm(mirror_top_bs->backing, 0, BLK_PERM_ALL, - &error_abort); + bs_opaque->stop =3D true; + bdrv_child_refresh_perms(mirror_top_bs, mirror_top_bs->backing, + &error_abort); if (!abort && s->backing_mode =3D=3D MIRROR_SOURCE_BACKING_CHAIN) { BlockDriverState *backing =3D s->is_none_mode ? src : s->base; if (backing_bs(target_bs) !=3D backing) { @@ -704,13 +706,12 @@ static int mirror_exit_common(Job *job) g_free(s->replaces); bdrv_unref(target_bs); =20 - /* Remove the mirror filter driver from the graph. Before this, get ri= d of + /* + * Remove the mirror filter driver from the graph. Before this, get ri= d of * the blockers on the intermediate nodes so that the resulting state = is - * valid. Also give up permissions on mirror_top_bs->backing, which mi= ght - * block the removal. */ + * valid. + */ block_job_remove_all_bdrv(bjob); - bdrv_child_try_set_perm(mirror_top_bs->backing, 0, BLK_PERM_ALL, - &error_abort); bdrv_replace_node(mirror_top_bs, backing_bs(mirror_top_bs), &error_abo= rt); =20 /* We just changed the BDS the job BB refers to (with either or both o= f the @@ -1459,6 +1460,18 @@ static void bdrv_mirror_top_child_perm(BlockDriverSt= ate *bs, BdrvChild *c, uint64_t perm, uint64_t shared, uint64_t *nperm, uint64_t *nshared) { + MirrorBDSOpaque *s =3D bs->opaque; + + if (s->stop) { + /* + * If the job is to be stopped, we do not need to forward + * anything to the real image. + */ + *nperm =3D 0; + *nshared =3D BLK_PERM_ALL; + return; + } + /* Must be able to forward guest writes to the real image */ *nperm =3D 0; if (perm & BLK_PERM_WRITE) { @@ -1679,8 +1692,9 @@ fail: job_early_fail(&s->common.job); } =20 - bdrv_child_try_set_perm(mirror_top_bs->backing, 0, BLK_PERM_ALL, - &error_abort); + bs_opaque->stop =3D true; + bdrv_child_refresh_perms(mirror_top_bs, mirror_top_bs->backing, + &error_abort); bdrv_replace_node(mirror_top_bs, backing_bs(mirror_top_bs), &error_abo= rt); =20 bdrv_unref(mirror_top_bs); --=20 2.21.0 From nobody Sat May 4 13:50:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1558544963; cv=none; d=zoho.com; s=zohoarc; b=RIkbKoKWhyZjxglGbNmeq05LdNP9pvyrKjm/7ViGj1Myg3XbtGLuS6TCLaoV7ps7twmDHduZbuOchMyVFQ1mAlUni/WSD60YHHLnz5ZGBX9E6Suzo537VE1FLMDGrBy7URQWukwI9BYWWQPBT3JILduBNyvY/liI9U5VTq7ECtw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1558544963; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=9+s9aqrjrzGD+c4MiEMmVA9Y0dAl3uVRpHUX2v9rBP0=; b=k3Id01L0iXF1TURZvCcpy5yXtLdhjq3ZAfs4LOlC00c2i0z2HqvszN/rmmRvpcB2TW9cuVW96dUjtqFkVbsohXxEi2Widt7OuVbO6phLRaas6ekbDMB3eJkXW4veQdcCxo++ZKjJW8UcO80hGHCQfIYpQcX0H0E/YRtVKaMVvyo= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1558544963675623.451990196126; Wed, 22 May 2019 10:09:23 -0700 (PDT) Received: from localhost ([127.0.0.1]:47995 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTUjs-0006rt-O0 for importer@patchew.org; Wed, 22 May 2019 13:09:16 -0400 Received: from eggs.gnu.org ([209.51.188.92]:40699) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTUfE-0003a8-Gd for qemu-devel@nongnu.org; Wed, 22 May 2019 13:04:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hTUfC-0007nK-DW for qemu-devel@nongnu.org; Wed, 22 May 2019 13:04:28 -0400 Received: from mx1.redhat.com ([209.132.183.28]:59272) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hTUf8-0007VG-CK; Wed, 22 May 2019 13:04:22 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 94EC53082137; Wed, 22 May 2019 17:04:12 +0000 (UTC) Received: from localhost (ovpn-204-123.brq.redhat.com [10.40.204.123]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2F2D65C29A; Wed, 22 May 2019 17:04:09 +0000 (UTC) From: Max Reitz To: qemu-block@nongnu.org Date: Wed, 22 May 2019 19:03:48 +0200 Message-Id: <20190522170352.12020-5-mreitz@redhat.com> In-Reply-To: <20190522170352.12020-1-mreitz@redhat.com> References: <20190522170352.12020-1-mreitz@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Wed, 22 May 2019 17:04:12 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v3 4/8] block/commit: Drop bdrv_child_try_set_perm() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , qemu-devel@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" commit_top_bs never requests or unshares any permissions. There is no reason to make this so explicit here. Signed-off-by: Max Reitz Reviewed-by: Kevin Wolf --- block/commit.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/block/commit.c b/block/commit.c index 14e5bb394c..44b3083b84 100644 --- a/block/commit.c +++ b/block/commit.c @@ -110,8 +110,6 @@ static void commit_abort(Job *job) * XXX Can (or should) we somehow keep 'consistent read' blocked even * after the failed/cancelled commit job is gone? If we already wrote * something to base, the intermediate images aren't valid any more. */ - bdrv_child_try_set_perm(s->commit_top_bs->backing, 0, BLK_PERM_ALL, - &error_abort); bdrv_replace_node(s->commit_top_bs, backing_bs(s->commit_top_bs), &error_abort); =20 --=20 2.21.0 From nobody Sat May 4 13:50:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1558545131; cv=none; d=zoho.com; s=zohoarc; b=T9oJQxkCGwb8lHBEo6FClMvhp9u0ftL6iRQ2bJ9aEMiuyQiB+vWiiQp5BIcH/03StCanJlk7PY8TNPW+SHtrGnXIuuHixos+5ukPIFEdt/YxVAisrcYn3ZU5/lPBXaYrkovJs0IE6UYijcOTDafPfW6+PvUgZYjBMxyYQs0oE3A= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1558545131; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=G1SYTalBFwcILztfD8buT/cSKtOQaPEVCZ4F5ukhueE=; b=ANCF/3lQIKQ9PYmmPm5P7sjsX5Ck6LbtL1uP0bRoc01e0NtWL51wYoeMmC+CDCSyLJOpBeUiF/7vpozCleYOdGqxzkNr04WzZE53o19d/evW80XKb/NwXc7weDr+MLYH1EuMeGx/5GyeKgWhMYSxqWNbXkseZmGjQCYa1WG3Uj8= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (209.51.188.17 [209.51.188.17]) by mx.zohomail.com with SMTPS id 1558545131907738.8192513100767; Wed, 22 May 2019 10:12:11 -0700 (PDT) Received: from localhost ([127.0.0.1]:48048 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTUmb-0000Tx-S3 for importer@patchew.org; Wed, 22 May 2019 13:12:05 -0400 Received: from eggs.gnu.org ([209.51.188.92]:40815) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTUfI-0003ey-Sb for qemu-devel@nongnu.org; Wed, 22 May 2019 13:04:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hTUfH-0007vK-Og for qemu-devel@nongnu.org; Wed, 22 May 2019 13:04:32 -0400 Received: from mx1.redhat.com ([209.132.183.28]:33164) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hTUfC-0007mQ-MN; Wed, 22 May 2019 13:04:28 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id ECD7A8667A; Wed, 22 May 2019 17:04:14 +0000 (UTC) Received: from localhost (ovpn-204-123.brq.redhat.com [10.40.204.123]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 83E84600C0; Wed, 22 May 2019 17:04:14 +0000 (UTC) From: Max Reitz To: qemu-block@nongnu.org Date: Wed, 22 May 2019 19:03:49 +0200 Message-Id: <20190522170352.12020-6-mreitz@redhat.com> In-Reply-To: <20190522170352.12020-1-mreitz@redhat.com> References: <20190522170352.12020-1-mreitz@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Wed, 22 May 2019 17:04:20 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v3 5/8] block: Fix order in bdrv_replace_child() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , qemu-devel@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" We have to start by applying the permission restrictions to new_bs before we can loosen them on old_bs. See the comment for the explanation. Signed-off-by: Max Reitz Reviewed-by: Kevin Wolf --- block.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/block.c b/block.c index 02157e0652..3029f5c302 100644 --- a/block.c +++ b/block.c @@ -2240,6 +2240,19 @@ static void bdrv_replace_child(BdrvChild *child, Blo= ckDriverState *new_bs) =20 bdrv_replace_child_noperm(child, new_bs); =20 + /* + * Start with the new node's permissions. If @new_bs is a (direct + * or indirect) child of @old_bs, we must complete the permission + * update on @new_bs before we loosen the restrictions on @old_bs. + * Otherwise, bdrv_check_perm() on @old_bs would re-initiate + * updating the permissions of @new_bs, and thus not purely loosen + * restrictions. + */ + if (new_bs) { + bdrv_get_cumulative_perm(new_bs, &perm, &shared_perm); + bdrv_set_perm(new_bs, perm, shared_perm); + } + if (old_bs) { /* Update permissions for old node. This is guaranteed to succeed * because we're just taking a parent away, so we're loosening @@ -2248,11 +2261,6 @@ static void bdrv_replace_child(BdrvChild *child, Blo= ckDriverState *new_bs) bdrv_check_perm(old_bs, NULL, perm, shared_perm, NULL, &error_abor= t); bdrv_set_perm(old_bs, perm, shared_perm); } - - if (new_bs) { - bdrv_get_cumulative_perm(new_bs, &perm, &shared_perm); - bdrv_set_perm(new_bs, perm, shared_perm); - } } =20 /* --=20 2.21.0 From nobody Sat May 4 13:50:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1558545019; cv=none; d=zoho.com; s=zohoarc; b=IYb7FeTfUyUdtvxqfKqKYA6GF9gT7clhBaPZzkZ3avesRkKFLgo/Eo9LAz5A89lvZEOwSRQ2O9iindFnsf0pgo+KeGvL/A7Wwp9HPNT6e6WZ/B5iJGYthvpbDzCXGlOe5oF5ZN8MnWVz4Iqn+IZMsfsyqV7YbAJFFE0rFEe7/uQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1558545019; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=Qz0UePe44rQHN3hxhLSlicx+umkr8eEXkV/svgbxEUc=; b=oaEpyLfSoBQeKANRARAIdxN7XM5it0fnpFAeVkjtrBDs6fg0JVCfkB1sjRL8emJj4VlbhO9iubJE1GUYslEZg5E73HaxyqlrqJfHr2y2gVvdhU6B6zv/5EDpIMJsbhmyX/c2Anf0F4gLvuJrfr7obZGoyOC+rGd1vkyVWlhVFqE= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1558545019268230.7836225245262; Wed, 22 May 2019 10:10:19 -0700 (PDT) Received: from localhost ([127.0.0.1]:48003 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTUkn-0007Sk-7x for importer@patchew.org; Wed, 22 May 2019 13:10:13 -0400 Received: from eggs.gnu.org ([209.51.188.92]:40811) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTUfI-0003en-N2 for qemu-devel@nongnu.org; Wed, 22 May 2019 13:04:34 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hTUfG-0007sh-LP for qemu-devel@nongnu.org; Wed, 22 May 2019 13:04:32 -0400 Received: from mx1.redhat.com ([209.132.183.28]:54712) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hTUfA-0007kr-FN; Wed, 22 May 2019 13:04:26 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7E9CD308FC4A; Wed, 22 May 2019 17:04:18 +0000 (UTC) Received: from localhost (ovpn-204-123.brq.redhat.com [10.40.204.123]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DCAD219C4F; Wed, 22 May 2019 17:04:16 +0000 (UTC) From: Max Reitz To: qemu-block@nongnu.org Date: Wed, 22 May 2019 19:03:50 +0200 Message-Id: <20190522170352.12020-7-mreitz@redhat.com> In-Reply-To: <20190522170352.12020-1-mreitz@redhat.com> References: <20190522170352.12020-1-mreitz@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Wed, 22 May 2019 17:04:18 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v3 6/8] block: Add *tighten_restrictions to *check*_perm() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , qemu-devel@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" This patch makes three functions report whether the necessary permission change tightens restrictions or not. These functions are: - bdrv_check_perm() - bdrv_check_update_perm() - bdrv_child_check_perm() Callers can use this result to decide whether a failure is fatal or not (see the next patch). Signed-off-by: Max Reitz --- block.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 70 insertions(+), 17 deletions(-) diff --git a/block.c b/block.c index 3029f5c302..f5d7f4d971 100644 --- a/block.c +++ b/block.c @@ -1706,7 +1706,8 @@ static int bdrv_fill_options(QDict **options, const c= har *filename, =20 static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q, uint64_t perm, uint64_t shared, - GSList *ignore_children, Error **errp); + GSList *ignore_children, + bool *tighten_restrictions, Error **errp); static void bdrv_child_abort_perm_update(BdrvChild *c); static void bdrv_child_set_perm(BdrvChild *c, uint64_t perm, uint64_t shar= ed); static void bdrv_get_cumulative_perm(BlockDriverState *bs, uint64_t *perm, @@ -1781,18 +1782,43 @@ static void bdrv_child_perm(BlockDriverState *bs, B= lockDriverState *child_bs, * permissions of all its parents. This involves checking whether all nece= ssary * permission changes to child nodes can be performed. * + * Will set *tighten_restrictions to true if and only if new permissions h= ave to + * be taken or currently shared permissions are to be unshared. Otherwise, + * errors are not fatal as long as the caller accepts that the restrictions + * remain tighter than they need to be. The caller still has to abort the + * transaction. + * @tighten_restrictions cannot be used together with @q: When reopening, = we may + * encounter fatal errors even though no restrictions are to be tightened.= For + * example, changing a node from RW to RO will fail if the WRITE permissio= n is + * to be kept. + * * A call to this function must always be followed by a call to bdrv_set_p= erm() * or bdrv_abort_perm_update(). */ static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q, uint64_t cumulative_perms, uint64_t cumulative_shared_perms, - GSList *ignore_children, Error **errp) + GSList *ignore_children, + bool *tighten_restrictions, Error **errp) { BlockDriver *drv =3D bs->drv; BdrvChild *c; int ret; =20 + assert(!q || !tighten_restrictions); + + if (tighten_restrictions) { + uint64_t current_perms, current_shared; + uint64_t added_perms, removed_shared_perms; + + bdrv_get_cumulative_perm(bs, ¤t_perms, ¤t_shared); + + added_perms =3D cumulative_perms & ~current_perms; + removed_shared_perms =3D current_shared & ~cumulative_shared_perms; + + *tighten_restrictions =3D added_perms || removed_shared_perms; + } + /* Write permissions never work with read-only images */ if ((cumulative_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) && !bdrv_is_writable_after_reopen(bs, q)) @@ -1833,11 +1859,18 @@ static int bdrv_check_perm(BlockDriverState *bs, Bl= ockReopenQueue *q, /* Check all children */ QLIST_FOREACH(c, &bs->children, next) { uint64_t cur_perm, cur_shared; + bool child_tighten_restr; + bdrv_child_perm(bs, c->bs, c, c->role, q, cumulative_perms, cumulative_shared_perms, &cur_perm, &cur_shared); - ret =3D bdrv_child_check_perm(c, q, cur_perm, cur_shared, - ignore_children, errp); + ret =3D bdrv_child_check_perm(c, q, cur_perm, cur_shared, ignore_c= hildren, + tighten_restrictions ? &child_tighten_= restr + : NULL, + errp); + if (tighten_restrictions) { + *tighten_restrictions |=3D child_tighten_restr; + } if (ret < 0) { return ret; } @@ -1961,17 +1994,23 @@ char *bdrv_perm_names(uint64_t perm) * set, the BdrvChild objects in this list are ignored in the calculations; * this allows checking permission updates for an existing reference. * + * See bdrv_check_perm() for the semantics of @tighten_restrictions. + * * Needs to be followed by a call to either bdrv_set_perm() or * bdrv_abort_perm_update(). */ static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *= q, uint64_t new_used_perm, uint64_t new_shared_perm, - GSList *ignore_children, Error **errp) + GSList *ignore_children, + bool *tighten_restrictions, + Error **errp) { BdrvChild *c; uint64_t cumulative_perms =3D new_used_perm; uint64_t cumulative_shared_perms =3D new_shared_perm; =20 + assert(!q || !tighten_restrictions); + /* There is no reason why anyone couldn't tolerate write_unchanged */ assert(new_shared_perm & BLK_PERM_WRITE_UNCHANGED); =20 @@ -1983,6 +2022,11 @@ static int bdrv_check_update_perm(BlockDriverState *= bs, BlockReopenQueue *q, if ((new_used_perm & c->shared_perm) !=3D new_used_perm) { char *user =3D bdrv_child_user_desc(c); char *perm_names =3D bdrv_perm_names(new_used_perm & ~c->share= d_perm); + + if (tighten_restrictions) { + *tighten_restrictions =3D true; + } + error_setg(errp, "Conflicts with use by %s as '%s', which does= not " "allow '%s' on %s", user, c->name, perm_names, bdrv_get_node_name(c->bs= )); @@ -1994,6 +2038,11 @@ static int bdrv_check_update_perm(BlockDriverState *= bs, BlockReopenQueue *q, if ((c->perm & new_shared_perm) !=3D c->perm) { char *user =3D bdrv_child_user_desc(c); char *perm_names =3D bdrv_perm_names(c->perm & ~new_shared_per= m); + + if (tighten_restrictions) { + *tighten_restrictions =3D true; + } + error_setg(errp, "Conflicts with use by %s as '%s', which uses= " "'%s' on %s", user, c->name, perm_names, bdrv_get_node_name(c->bs= )); @@ -2007,19 +2056,21 @@ static int bdrv_check_update_perm(BlockDriverState = *bs, BlockReopenQueue *q, } =20 return bdrv_check_perm(bs, q, cumulative_perms, cumulative_shared_perm= s, - ignore_children, errp); + ignore_children, tighten_restrictions, errp); } =20 /* Needs to be followed by a call to either bdrv_child_set_perm() or * bdrv_child_abort_perm_update(). */ static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q, uint64_t perm, uint64_t shared, - GSList *ignore_children, Error **errp) + GSList *ignore_children, + bool *tighten_restrictions, Error **errp) { int ret; =20 ignore_children =3D g_slist_prepend(g_slist_copy(ignore_children), c); - ret =3D bdrv_check_update_perm(c->bs, q, perm, shared, ignore_children= , errp); + ret =3D bdrv_check_update_perm(c->bs, q, perm, shared, ignore_children, + tighten_restrictions, errp); g_slist_free(ignore_children); =20 if (ret < 0) { @@ -2072,7 +2123,7 @@ int bdrv_child_try_set_perm(BdrvChild *c, uint64_t pe= rm, uint64_t shared, { int ret; =20 - ret =3D bdrv_child_check_perm(c, NULL, perm, shared, NULL, errp); + ret =3D bdrv_child_check_perm(c, NULL, perm, shared, NULL, NULL, errp); if (ret < 0) { bdrv_child_abort_perm_update(c); return ret; @@ -2258,7 +2309,8 @@ static void bdrv_replace_child(BdrvChild *child, Bloc= kDriverState *new_bs) * because we're just taking a parent away, so we're loosening * restrictions. */ bdrv_get_cumulative_perm(old_bs, &perm, &shared_perm); - bdrv_check_perm(old_bs, NULL, perm, shared_perm, NULL, &error_abor= t); + bdrv_check_perm(old_bs, NULL, perm, shared_perm, NULL, + NULL, &error_abort); bdrv_set_perm(old_bs, perm, shared_perm); } } @@ -2279,7 +2331,8 @@ BdrvChild *bdrv_root_attach_child(BlockDriverState *c= hild_bs, BdrvChild *child; int ret; =20 - ret =3D bdrv_check_update_perm(child_bs, NULL, perm, shared_perm, NULL= , errp); + ret =3D bdrv_check_update_perm(child_bs, NULL, perm, shared_perm, NULL= , NULL, + errp); if (ret < 0) { bdrv_abort_perm_update(child_bs); bdrv_unref(child_bs); @@ -3333,7 +3386,7 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, = Error **errp) QSIMPLEQ_FOREACH(bs_entry, bs_queue, entry) { BDRVReopenState *state =3D &bs_entry->state; ret =3D bdrv_check_perm(state->bs, bs_queue, state->perm, - state->shared_perm, NULL, errp); + state->shared_perm, NULL, NULL, errp); if (ret < 0) { goto cleanup_perm; } @@ -3345,7 +3398,7 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, = Error **errp) state->perm, state->shared_perm, &nperm, &nshared); ret =3D bdrv_check_update_perm(state->new_backing_bs, NULL, - nperm, nshared, NULL, errp); + nperm, nshared, NULL, NULL, errp); if (ret < 0) { goto cleanup_perm; } @@ -4062,7 +4115,7 @@ void bdrv_replace_node(BlockDriverState *from, BlockD= riverState *to, =20 /* Check whether the required permissions can be granted on @to, ignor= ing * all BdrvChild in @list so that they can't block themselves. */ - ret =3D bdrv_check_update_perm(to, NULL, perm, shared, list, errp); + ret =3D bdrv_check_update_perm(to, NULL, perm, shared, list, NULL, err= p); if (ret < 0) { bdrv_abort_perm_update(to); goto out; @@ -4410,7 +4463,7 @@ int bdrv_drop_intermediate(BlockDriverState *top, Blo= ckDriverState *base, /* Check whether we are allowed to switch c from top to base */ GSList *ignore_children =3D g_slist_prepend(NULL, c); ret =3D bdrv_check_update_perm(base, NULL, c->perm, c->shared_perm, - ignore_children, &local_err); + ignore_children, NULL, &local_err); g_slist_free(ignore_children); if (ret < 0) { error_report_err(local_err); @@ -5185,7 +5238,7 @@ static void coroutine_fn bdrv_co_invalidate_cache(Blo= ckDriverState *bs, */ bs->open_flags &=3D ~BDRV_O_INACTIVE; bdrv_get_cumulative_perm(bs, &perm, &shared_perm); - ret =3D bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, &local_err); + ret =3D bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, NULL, &loca= l_err); if (ret < 0) { bs->open_flags |=3D BDRV_O_INACTIVE; error_propagate(errp, local_err); @@ -5335,7 +5388,7 @@ static int bdrv_inactivate_recurse(BlockDriverState *= bs) =20 /* Update permissions, they may differ for inactive nodes */ bdrv_get_cumulative_perm(bs, &perm, &shared_perm); - bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, &error_abort); + bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, NULL, &error_abort); bdrv_set_perm(bs, perm, shared_perm); =20 =20 --=20 2.21.0 From nobody Sat May 4 13:50:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1558545100; cv=none; d=zoho.com; s=zohoarc; b=jbll2leSE6t2R7XsV+VSHh+VCsKetH+2PaozGtFFcsAT1FSDM1+O7pAQM7icKKQg29SaoJVIsmWiC689L2A+hzbc9j7PQOZ6fmeSyGzyJ3Zv/tFfJV9Ep1V2PnmuhzQg9h9AY634VPJfJo7yjFxyne4/kXNQzafy2XLdSxJwKw0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1558545100; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=kFF0MpRS8MZBZ4AZXsDdG49uAp+LKZ8tG3qGtT/IrFc=; b=KOQ5BToXw+uoVtZsrwEoxy9LCUdCdoTypxZ5WqvKG33CaRaAJ+F/6odU7LRGnKG+zhrlFEDPzBvSTQiYxKfgwQGFVZ2fLRTS7seRsT1jtIIu9Q49Rk2QzdVx4Z2NHR3ixzgVqndbaQTojjBubsQDdjws7WrWEg9SaDJnjcCLD8Q= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (209.51.188.17 [209.51.188.17]) by mx.zohomail.com with SMTPS id 1558545100824805.3692839984222; Wed, 22 May 2019 10:11:40 -0700 (PDT) Received: from localhost ([127.0.0.1]:48042 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTUlm-0008GF-Rg for importer@patchew.org; Wed, 22 May 2019 13:11:14 -0400 Received: from eggs.gnu.org ([209.51.188.92]:40697) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTUfE-0003a7-GO for qemu-devel@nongnu.org; Wed, 22 May 2019 13:04:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hTUfC-0007nO-EA for qemu-devel@nongnu.org; Wed, 22 May 2019 13:04:28 -0400 Received: from mx1.redhat.com ([209.132.183.28]:48842) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hTUf8-0007ei-Hk; Wed, 22 May 2019 13:04:22 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D184A9F758; Wed, 22 May 2019 17:04:20 +0000 (UTC) Received: from localhost (ovpn-204-123.brq.redhat.com [10.40.204.123]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6C90760BE5; Wed, 22 May 2019 17:04:20 +0000 (UTC) From: Max Reitz To: qemu-block@nongnu.org Date: Wed, 22 May 2019 19:03:51 +0200 Message-Id: <20190522170352.12020-8-mreitz@redhat.com> In-Reply-To: <20190522170352.12020-1-mreitz@redhat.com> References: <20190522170352.12020-1-mreitz@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 22 May 2019 17:04:20 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v3 7/8] block: Ignore loosening perm restrictions failures X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , qemu-devel@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" We generally assume that loosening permission restrictions can never fail. We have seen in the past that this assumption is wrong. This has led to crashes because we generally pass &error_abort when loosening permissions. However, a failure in such a case should actually be handled in quite the opposite way: It is very much not fatal, so qemu may report it, but still consider the operation successful. The only realistic problem is that qemu may then retain permissions and thus locks on images it actually does not require. But again, that is not fatal. To implement this behavior, we make all functions that change permissions and that pass &error_abort to the initiating function (bdrv_check_perm() or bdrv_child_check_perm()) evaluate the @loosen_restrictions value introduced in the previous patch. If it is true and an error did occur, we abort the permission update, discard the error, and instead report success to the caller. bdrv_child_try_set_perm() itself does not pass &error_abort, but it is the only public function to change permissions. As such, callers may pass &error_abort to it, expecting dropping permission restrictions to never fail. Signed-off-by: Max Reitz --- block.c | 44 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 38 insertions(+), 6 deletions(-) diff --git a/block.c b/block.c index f5d7f4d971..58e1e3ce14 100644 --- a/block.c +++ b/block.c @@ -2121,11 +2121,26 @@ static void bdrv_child_abort_perm_update(BdrvChild = *c) int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared, Error **errp) { + Error *local_err =3D NULL; int ret; + bool tighten_restrictions; =20 - ret =3D bdrv_child_check_perm(c, NULL, perm, shared, NULL, NULL, errp); + ret =3D bdrv_child_check_perm(c, NULL, perm, shared, NULL, + &tighten_restrictions, &local_err); if (ret < 0) { bdrv_child_abort_perm_update(c); + if (tighten_restrictions) { + error_propagate(errp, local_err); + } else { + /* + * Our caller may intend to only loosen restrictions and + * does not expect this function to fail. Errors are not + * fatal in such a case, so we can just hide them from our + * caller. + */ + error_free(local_err); + ret =3D 0; + } return ret; } =20 @@ -2308,10 +2323,19 @@ static void bdrv_replace_child(BdrvChild *child, Bl= ockDriverState *new_bs) /* Update permissions for old node. This is guaranteed to succeed * because we're just taking a parent away, so we're loosening * restrictions. */ + bool tighten_restrictions; + int ret; + bdrv_get_cumulative_perm(old_bs, &perm, &shared_perm); - bdrv_check_perm(old_bs, NULL, perm, shared_perm, NULL, - NULL, &error_abort); - bdrv_set_perm(old_bs, perm, shared_perm); + ret =3D bdrv_check_perm(old_bs, NULL, perm, shared_perm, NULL, + &tighten_restrictions, NULL); + assert(tighten_restrictions =3D=3D false); + if (ret < 0) { + /* We only tried to loosen restrictions, so errors are not fat= al */ + bdrv_abort_perm_update(old_bs); + } else { + bdrv_set_perm(old_bs, perm, shared_perm); + } } } =20 @@ -5352,6 +5376,7 @@ static bool bdrv_has_bds_parent(BlockDriverState *bs,= bool only_active) static int bdrv_inactivate_recurse(BlockDriverState *bs) { BdrvChild *child, *parent; + bool tighten_restrictions; uint64_t perm, shared_perm; int ret; =20 @@ -5388,8 +5413,15 @@ static int bdrv_inactivate_recurse(BlockDriverState = *bs) =20 /* Update permissions, they may differ for inactive nodes */ bdrv_get_cumulative_perm(bs, &perm, &shared_perm); - bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, NULL, &error_abort); - bdrv_set_perm(bs, perm, shared_perm); + ret =3D bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, + &tighten_restrictions, NULL); + assert(tighten_restrictions =3D=3D false); + if (ret < 0) { + /* We only tried to loosen restrictions, so errors are not fatal */ + bdrv_abort_perm_update(bs); + } else { + bdrv_set_perm(bs, perm, shared_perm); + } =20 =20 /* Recursively inactivate children */ --=20 2.21.0 From nobody Sat May 4 13:50:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1558545233; cv=none; d=zoho.com; s=zohoarc; b=gwCFw3P06QSEkci7sKusnmrqkRnK9wApTvLKXVm+iL8FNmZfoJuYncWatPOkfvArn6vuQtFrG+LI/6OwV7rh+DMytKDoA07bwRZmz4uJvN3XMjQJXkoa4wUuES7axfj2Pft1+B8XzTFJ2M7bg1wHdVub3xULP3nFSdX5+pBfYTo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1558545233; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=Sye4n4Tnq9Ra0CYJAfYVsSv8zqOyoFaKN6/OXuw8myA=; b=aizukdAKJPZLgj/oykItY5mVsKcFESD9G9U4mQNfhrZe1+RLWJ4MB/35y/VSfoeZqAPziec21iqBh4UDHUbV5UTTOe4eq6TTmJ397CyGeBzV3GnAIoJQsYvH4hy5RtCOr2Fy/w6j3u/v+wf+OmsFlswmlQqVA1EidziDrXMp3G8= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1558545233521176.7000362897934; Wed, 22 May 2019 10:13:53 -0700 (PDT) Received: from localhost ([127.0.0.1]:48060 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTUoF-0001eu-K7 for importer@patchew.org; Wed, 22 May 2019 13:13:47 -0400 Received: from eggs.gnu.org ([209.51.188.92]:40840) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hTUfN-0003jT-69 for qemu-devel@nongnu.org; Wed, 22 May 2019 13:04:38 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hTUfI-0007xg-NM for qemu-devel@nongnu.org; Wed, 22 May 2019 13:04:37 -0400 Received: from mx1.redhat.com ([209.132.183.28]:43520) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hTUfF-0007ov-M2; Wed, 22 May 2019 13:04:30 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3A70B3086258; Wed, 22 May 2019 17:04:23 +0000 (UTC) Received: from localhost (ovpn-204-123.brq.redhat.com [10.40.204.123]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C827419C4F; Wed, 22 May 2019 17:04:22 +0000 (UTC) From: Max Reitz To: qemu-block@nongnu.org Date: Wed, 22 May 2019 19:03:52 +0200 Message-Id: <20190522170352.12020-9-mreitz@redhat.com> In-Reply-To: <20190522170352.12020-1-mreitz@redhat.com> References: <20190522170352.12020-1-mreitz@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]); Wed, 22 May 2019 17:04:23 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v3 8/8] iotests: Test failure to loosen restrictions X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , qemu-devel@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" Signed-off-by: Max Reitz --- tests/qemu-iotests/182 | 21 +++++++++++++++++++++ tests/qemu-iotests/182.out | 6 ++++++ 2 files changed, 27 insertions(+) diff --git a/tests/qemu-iotests/182 b/tests/qemu-iotests/182 index 3a90ebfbfd..7f494eb9bb 100755 --- a/tests/qemu-iotests/182 +++ b/tests/qemu-iotests/182 @@ -152,6 +152,27 @@ success_or_failure=3Dy _send_qemu_cmd $QEMU_HANDLE \ =20 _cleanup_qemu =20 +echo +echo '=3D=3D=3D Testing failure to loosen restrictions =3D=3D=3D' +echo + +_launch_qemu -drive file=3D$TEST_IMG,if=3Dnone,file.locking=3Don + +_send_qemu_cmd $QEMU_HANDLE \ + "{'execute': 'qmp_capabilities'}" \ + 'return' + +_cleanup_test_img + +# When quitting qemu, it will try to drop its locks on the test image. +# Because that file no longer exists, it will be unable to do so. +# However, that is not fatal, so it should just move on. +_send_qemu_cmd $QEMU_HANDLE \ + "{'execute': 'quit'}" \ + 'return' + +wait=3D1 _cleanup_qemu + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/182.out b/tests/qemu-iotests/182.out index 33d41eea91..ffef23e32b 100644 --- a/tests/qemu-iotests/182.out +++ b/tests/qemu-iotests/182.out @@ -15,4 +15,10 @@ Formatting 'TEST_DIR/t.qcow2.overlay', fmt=3Dqcow2 size= =3D197120 backing_file=3DTEST_D {"return": {}} {"return": {}} {"return": {}} + +=3D=3D=3D Testing failure to loosen restrictions =3D=3D=3D + +{"return": {}} +{"return": {}} +{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event"= : "SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}} *** done --=20 2.21.0