From b87d11b7f13dd4725fe801b014d425fa7753b1d0 Mon Sep 17 00:00:00 2001

From: Kevin Wolf <kwolf@redhat.com>

Date: Mon, 4 Dec 2017 12:10:05 +0100

Subject: [PATCH 34/36] block: Fix permissions after bdrv_reopen()

RH-Author: Kevin Wolf <kwolf@redhat.com>

Message-id: <20171204121007.12964-7-kwolf@redhat.com>

Patchwork-id: 78112

O-Subject: [RHV-7.5 qemu-kvm-rhev PATCH v2 6/8] block: Fix permissions after bdrv_reopen()

Bugzilla: 1492178

RH-Acked-by: Fam Zheng <famz@redhat.com>

RH-Acked-by: Max Reitz <mreitz@redhat.com>

RH-Acked-by: Jeffrey Cody <jcody@redhat.com>

If we switch between read-only and read-write, the permissions that

image format drivers need on bs->file change, too. Make sure to update

the permissions during bdrv_reopen().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>

Reviewed-by: Eric Blake <eblake@redhat.com>

(cherry picked from commit 3045025991ebeec77ce89c8ec56e83858950bbb3)

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>

---

 block.c               | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++

 include/block/block.h |  1 +

 2 files changed, 65 insertions(+)

diff --git a/block.c b/block.c

index 0a7e2c6..bc8b80b 100644

--- a/block.c

+++ b/block.c

@@ -2780,6 +2780,10 @@ static BlockReopenQueue *bdrv_reopen_queue_child(BlockReopenQueue *bs_queue,

     bs_entry->state.explicit_options = explicit_options;

     bs_entry->state.flags = flags;

+    /* This needs to be overwritten in bdrv_reopen_prepare() */

+    bs_entry->state.perm = UINT64_MAX;

+    bs_entry->state.shared_perm = 0;

+

     QLIST_FOREACH(child, &bs->children, next) {

         QDict *new_child_options;

         char *child_key_dot;

@@ -2886,6 +2890,52 @@ int bdrv_reopen(BlockDriverState *bs, int bdrv_flags, Error **errp)

     return ret;

 }

+static BlockReopenQueueEntry *find_parent_in_reopen_queue(BlockReopenQueue *q,

+                                                          BdrvChild *c)

+{

+    BlockReopenQueueEntry *entry;

+

+    QSIMPLEQ_FOREACH(entry, q, entry) {

+        BlockDriverState *bs = entry->state.bs;

+        BdrvChild *child;

+

+        QLIST_FOREACH(child, &bs->children, next) {

+            if (child == c) {

+                return entry;

+            }

+        }

+    }

+

+    return NULL;

+}

+

+static void bdrv_reopen_perm(BlockReopenQueue *q, BlockDriverState *bs,

+                             uint64_t *perm, uint64_t *shared)

+{

+    BdrvChild *c;

+    BlockReopenQueueEntry *parent;

+    uint64_t cumulative_perms = 0;

+    uint64_t cumulative_shared_perms = BLK_PERM_ALL;

+

+    QLIST_FOREACH(c, &bs->parents, next_parent) {

+        parent = find_parent_in_reopen_queue(q, c);

+        if (!parent) {

+            cumulative_perms |= c->perm;

+            cumulative_shared_perms &= c->shared_perm;

+        } else {

+            uint64_t nperm, nshared;

+

+            bdrv_child_perm(parent->state.bs, bs, c, c->role, q,

+                            parent->state.perm, parent->state.shared_perm,

+                            &nperm, &nshared);

+

+            cumulative_perms |= nperm;

+            cumulative_shared_perms &= nshared;

+        }

+    }

+    *perm = cumulative_perms;

+    *shared = cumulative_shared_perms;

+}

 /*

  * Prepares a BlockDriverState for reopen. All changes are staged in the

@@ -2951,6 +3001,9 @@ int bdrv_reopen_prepare(BDRVReopenState *reopen_state, BlockReopenQueue *queue,

         goto error;

     }

+    /* Calculate required permissions after reopening */

+    bdrv_reopen_perm(queue, reopen_state->bs,

+                     &reopen_state->perm, &reopen_state->shared_perm);

     ret = bdrv_flush(reopen_state->bs);

     if (ret) {

@@ -3006,6 +3059,12 @@ int bdrv_reopen_prepare(BDRVReopenState *reopen_state, BlockReopenQueue *queue,

         } while ((entry = qdict_next(reopen_state->options, entry)));

     }

+    ret = bdrv_check_perm(reopen_state->bs, queue, reopen_state->perm,

+                          reopen_state->shared_perm, NULL, errp);

+    if (ret < 0) {

+        goto error;

+    }

+

     ret = 0;

 error:

@@ -3046,6 +3105,9 @@ void bdrv_reopen_commit(BDRVReopenState *reopen_state)

     bdrv_refresh_limits(bs, NULL);

+    bdrv_set_perm(reopen_state->bs, reopen_state->perm,

+                  reopen_state->shared_perm);

+

     new_can_write =

         !bdrv_is_read_only(bs) && !(bdrv_get_flags(bs) & BDRV_O_INACTIVE);

     if (!old_can_write && new_can_write && drv->bdrv_reopen_bitmaps_rw) {

@@ -3079,6 +3141,8 @@ void bdrv_reopen_abort(BDRVReopenState *reopen_state)

     }

     QDECREF(reopen_state->explicit_options);

+

+    bdrv_abort_perm_update(reopen_state->bs);

 }

diff --git a/include/block/block.h b/include/block/block.h

index 4d0d2da..59a3077 100644

--- a/include/block/block.h

+++ b/include/block/block.h

@@ -166,6 +166,7 @@ typedef QSIMPLEQ_HEAD(BlockReopenQueue, BlockReopenQueueEntry) BlockReopenQueue;

 typedef struct BDRVReopenState {

     BlockDriverState *bs;

     int flags;

+    uint64_t perm, shared_perm;

     QDict *options;

     QDict *explicit_options;

     void *opaque;

-- 

1.8.3.1