From nobody Wed Nov 19 19:21:59 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1618320392; cv=none; d=zohomail.com; s=zohoarc; b=QKyNNeM5K3BaGXdhuc0LtAaMbRTL5+ihFbWYmMYFmDJoJKtcbOW75R+vFckPch0Shdc7OtA/0ROVNYjAg68Z2WZsojRnQVxsqAkunPX94HXu9NLHZfmYCxk20xr2p2EIrkcbi4jshjdaaRN+CRiyRCsJ92TYTVjP2Mnk3RqP6Mc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618320392; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=mLWBQ96qXOOz9SJDoWfuY/XMd5In1AvGraqJ8cVedNs=; b=cZDol2XlURntngFq/BG654RivPdBJit5rHPLuBPmsR3YYqMtZerLcRPWUjyw2957fGo6Xb6mdwBZPJg1FPRnNulwJ50FMn/Q14BLHyrPtM8ZPSufSJB/I4pvbstk9c9Q3MgwCfCvM83JqvZnpc7y9yiM3Sr52imDGhSXyxrrqM8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618320392421974.3686731709269; Tue, 13 Apr 2021 06:26:32 -0700 (PDT) Received: from localhost ([::1]:41428 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lWJ3m-0000rd-Vt for importer@patchew.org; Tue, 13 Apr 2021 09:26:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44922) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lWJ1A-0007fb-SU for qemu-devel@nongnu.org; Tue, 13 Apr 2021 09:23:48 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:23287) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lWJ13-0005I6-In for qemu-devel@nongnu.org; Tue, 13 Apr 2021 09:23:48 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-163-Ct6fVHYXNGu1zW7HE8VFcQ-1; Tue, 13 Apr 2021 09:23:38 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E0B9B802B7F; Tue, 13 Apr 2021 13:23:32 +0000 (UTC) Received: from merkur.fritz.box (ovpn-112-130.phx2.redhat.com [10.3.112.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id D46BC614FB; Tue, 13 Apr 2021 13:23:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1618320220; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mLWBQ96qXOOz9SJDoWfuY/XMd5In1AvGraqJ8cVedNs=; b=PxX0JtAZ3C9mZSROwMcLMCibmsQCnVPfX/jNdqAzEa9w07KK8G/Yrb/bh5CFYeRvozLW56 iG2AkVfO/DDnyBOg8cdknI2BZ1kdUxPn8i8VYZIZy5UXDYiDCxXg9AY61d+WsJMLkEQRKj CrlQ1lXMLymkD/qGYdUCsY5pDxDzy/8= X-MC-Unique: Ct6fVHYXNGu1zW7HE8VFcQ-1 From: Kevin Wolf To: qemu-block@nongnu.org Subject: [PATCH 1/2] block: Add BDRV_O_NO_SHARE for blk_new_open() Date: Tue, 13 Apr 2021 15:23:23 +0200 Message-Id: <20210413132324.24043-2-kwolf@redhat.com> In-Reply-To: <20210413132324.24043-1-kwolf@redhat.com> References: <20210413132324.24043-1-kwolf@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kwolf@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=kwolf@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kwolf@redhat.com, xuwei@redhat.com, qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Normally, blk_new_open() just shares all permissions. This was fine originally when permissions only protected against uses in the same process because no other part of the code would actually get to access the block nodes opened with blk_new_open(). However, since we use it for file locking now, unsharing permissions becomes desirable. Add a new BDRV_O_NO_SHARE flag that is used in blk_new_open() to unshare any permissions that can be unshared. Signed-off-by: Kevin Wolf Reviewed-by: Eric Blake --- include/block/block.h | 1 + block/block-backend.c | 19 +++++++++++++------ 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/include/block/block.h b/include/block/block.h index b3f6e509d4..735db05a39 100644 --- a/include/block/block.h +++ b/include/block/block.h @@ -101,6 +101,7 @@ typedef struct HDGeometry { uint32_t cylinders; } HDGeometry; =20 +#define BDRV_O_NO_SHARE 0x0001 /* don't share permissons */ #define BDRV_O_RDWR 0x0002 #define BDRV_O_RESIZE 0x0004 /* request permission for resizing the n= ode */ #define BDRV_O_SNAPSHOT 0x0008 /* open the file read only and save writ= es in a snapshot */ diff --git a/block/block-backend.c b/block/block-backend.c index 413af51f3b..b4746541ac 100644 --- a/block/block-backend.c +++ b/block/block-backend.c @@ -398,15 +398,19 @@ BlockBackend *blk_new_open(const char *filename, cons= t char *reference, BlockBackend *blk; BlockDriverState *bs; uint64_t perm =3D 0; + uint64_t shared =3D BLK_PERM_ALL; =20 - /* blk_new_open() is mainly used in .bdrv_create implementations and t= he - * tools where sharing isn't a concern because the BDS stays private, = so we - * just request permission according to the flags. + /* + * blk_new_open() is mainly used in .bdrv_create implementations and t= he + * tools where sharing isn't a major concern because the BDS stays pri= vate + * and the file is generally not supposed to be used by a second proce= ss, + * so we just request permission according to the flags. * * The exceptions are xen_disk and blockdev_init(); in these cases, the * caller of blk_new_open() doesn't make use of the permissions, but t= hey * shouldn't hurt either. We can still share everything here because t= he - * guest devices will add their own blockers if they can't share. */ + * guest devices will add their own blockers if they can't share. + */ if ((flags & BDRV_O_NO_IO) =3D=3D 0) { perm |=3D BLK_PERM_CONSISTENT_READ; if (flags & BDRV_O_RDWR) { @@ -416,8 +420,11 @@ BlockBackend *blk_new_open(const char *filename, const= char *reference, if (flags & BDRV_O_RESIZE) { perm |=3D BLK_PERM_RESIZE; } + if (flags & BDRV_O_NO_SHARE) { + shared =3D BLK_PERM_WRITE_UNCHANGED; + } =20 - blk =3D blk_new(qemu_get_aio_context(), perm, BLK_PERM_ALL); + blk =3D blk_new(qemu_get_aio_context(), perm, shared); bs =3D bdrv_open(filename, reference, options, flags, errp); if (!bs) { blk_unref(blk); @@ -426,7 +433,7 @@ BlockBackend *blk_new_open(const char *filename, const = char *reference, =20 blk->root =3D bdrv_root_attach_child(bs, "root", &child_root, BDRV_CHILD_FILTERED | BDRV_CHILD_PR= IMARY, - blk->ctx, perm, BLK_PERM_ALL, blk, = errp); + blk->ctx, perm, shared, blk, errp); if (!blk->root) { blk_unref(blk); return NULL; --=20 2.30.2 From nobody Wed Nov 19 19:21:59 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1618320556; cv=none; d=zohomail.com; s=zohoarc; b=jAKcqxHIMURNcjhuD0cb1YJ4HSjHPw23xW1YQdSkDshFvm5qMm/3dyMTQBunfPaD0Yr8lmDAfkXZK1txC1d8KJEbNu5PXkw/CusPpwskW7UNBSfw8Dw9TFEw+9xLnCZUrslnkVUU5dCSdSV4pShIqF25+bv4ep4DPmJuwOAJd+s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1618320556; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=uJi3njPjBzXWyT8wQ0qEIDADpPciwKn7G6LxVcptVQA=; b=H6qWzXj9whLZdVlZoxFq1vnUh8CK8143Hd8v29jFhZfBG2JZsJAccN2ZwAZ7PBVx8mLM+ZAZmcL1YmcZw/ZN5pz+H2EzY/qicyXTdwLSoSxqoJishIQWLMmfjJ64LXG1mEFg00Vpf/9Yq0kH0BKii1FWAV7ZFPXmxxzJ2sCofko= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1618320556923326.64856124645803; Tue, 13 Apr 2021 06:29:16 -0700 (PDT) Received: from localhost ([::1]:47016 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lWJ6R-0003Cc-Hc for importer@patchew.org; Tue, 13 Apr 2021 09:29:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44928) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lWJ1C-0007hl-9i for qemu-devel@nongnu.org; Tue, 13 Apr 2021 09:23:50 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:37411) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lWJ15-0005IQ-0b for qemu-devel@nongnu.org; Tue, 13 Apr 2021 09:23:49 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-431-wLJBZuGgNfCJooX-Id01ZA-1; Tue, 13 Apr 2021 09:23:38 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 46D8280A1AC; Tue, 13 Apr 2021 13:23:34 +0000 (UTC) Received: from merkur.fritz.box (ovpn-112-130.phx2.redhat.com [10.3.112.130]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3CA0560936; Tue, 13 Apr 2021 13:23:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1618320222; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uJi3njPjBzXWyT8wQ0qEIDADpPciwKn7G6LxVcptVQA=; b=GxqvXWHds6xnxLw4s2zVnw6rWHS2aZqj0Z4wNlkxLNupFXvLaqG3QxFXwfScNuiZx9ULrG rnEzY9uNPOM2PgRepfGx+hKqKhBBbLvBWkV+dNreQis0P7EVPyNs1P9wBcdwOXlcrlhwtS kv7yDewGMLBFp0HpChqa8/sVyXjKH30= X-MC-Unique: wLJBZuGgNfCJooX-Id01ZA-1 From: Kevin Wolf To: qemu-block@nongnu.org Subject: [PATCH 2/2] qemu-img convert: Unshare write permission for source Date: Tue, 13 Apr 2021 15:23:24 +0200 Message-Id: <20210413132324.24043-3-kwolf@redhat.com> In-Reply-To: <20210413132324.24043-1-kwolf@redhat.com> References: <20210413132324.24043-1-kwolf@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kwolf@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=kwolf@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kwolf@redhat.com, xuwei@redhat.com, qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" For a successful conversion of an image, we must make sure that its content doesn't change during the conversion. A special case of this is using the same image file both as the source and as the destination. If both input and output format are raw, the operation would just be useless work, with other formats it is a sure way to destroy the image. This will now fail because the image file can't be opened a second time for the output when opening it for the input has already acquired file locks to unshare BLK_PERM_WRITE. Nevertheless, if there is some reason in a special case why it is actually okay to allow writes to the image while it is being converted, -U can still be used to force sharing all permissions. Note that for most image formats, BLK_PERM_WRITE would already be unshared by the format driver, so this only really makes a difference for raw source images (but any output format). Reported-by: Xueqiang Wei Signed-off-by: Kevin Wolf Reviewed-by: Eric Blake --- qemu-img.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qemu-img.c b/qemu-img.c index babb5573ab..a5993682aa 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -2146,7 +2146,7 @@ static void set_rate_limit(BlockBackend *blk, int64_t= rate_limit) =20 static int img_convert(int argc, char **argv) { - int c, bs_i, flags, src_flags =3D 0; + int c, bs_i, flags, src_flags =3D BDRV_O_NO_SHARE; const char *fmt =3D NULL, *out_fmt =3D NULL, *cache =3D "unsafe", *src_cache =3D BDRV_DEFAULT_CACHE, *out_baseimg =3D NULL, *out_filename, *out_baseimg_param, *snapshot_name =3D NULL; --=20 2.30.2