| Message ID | 20211125135317.186576-2-hreitz@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | block-backend: Retain permissions after migration | expand |
On 11/25/21 14:53, Hanna Reitz wrote: > After migration, the permissions the guest device wants to impose on its > BlockBackend are stored in blk->perm and blk->shared_perm. In > blk_root_activate(), we take our permissions, but keep all shared > permissions open by calling `blk_set_perm(blk->perm, BLK_PERM_ALL)`. > > Only afterwards (immediately or later, depending on the runstate) do we > restrict the shared permissions by calling > `blk_set_perm(blk->perm, blk->shared_perm)`. Unfortunately, our first > call with shared_perm=BLK_PERM_ALL has overwritten blk->shared_perm to > be BLK_PERM_ALL, so this is a no-op and the set of shared permissions is > not restricted. > > Fix this bug by saving the set of shared permissions before invoking > blk_set_perm() with BLK_PERM_ALL and restoring it afterwards. > > Fixes: 5f7772c4d0cf32f4e779fcd5a69ae4dae24aeebf > ("block-backend: Defer shared_perm tightening migration > completion") > Reported-by: Peng Liang <liangpeng10@huawei.com> > Signed-off-by: Hanna Reitz <hreitz@redhat.com> > --- > block/block-backend.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
On 11/25/2021 9:53 PM, Hanna Reitz wrote: > After migration, the permissions the guest device wants to impose on its > BlockBackend are stored in blk->perm and blk->shared_perm. In > blk_root_activate(), we take our permissions, but keep all shared > permissions open by calling `blk_set_perm(blk->perm, BLK_PERM_ALL)`. > > Only afterwards (immediately or later, depending on the runstate) do we > restrict the shared permissions by calling > `blk_set_perm(blk->perm, blk->shared_perm)`. Unfortunately, our first > call with shared_perm=BLK_PERM_ALL has overwritten blk->shared_perm to > be BLK_PERM_ALL, so this is a no-op and the set of shared permissions is > not restricted. > > Fix this bug by saving the set of shared permissions before invoking > blk_set_perm() with BLK_PERM_ALL and restoring it afterwards. > > Fixes: 5f7772c4d0cf32f4e779fcd5a69ae4dae24aeebf > ("block-backend: Defer shared_perm tightening migration > completion") > Reported-by: Peng Liang <liangpeng10@huawei.com> > Signed-off-by: Hanna Reitz <hreitz@redhat.com> > --- > block/block-backend.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > Thanks for your patch! Tested-by: Peng Liang <liangpeng10@huawei.com>
diff --git a/block/block-backend.c b/block/block-backend.c index 12ef80ea17..41e388fe1f 100644 --- a/block/block-backend.c +++ b/block/block-backend.c @@ -190,6 +190,7 @@ static void blk_root_activate(BdrvChild *child, Error **errp) { BlockBackend *blk = child->opaque; Error *local_err = NULL; + uint64_t saved_shared_perm; if (!blk->disable_perm) { return; @@ -197,12 +198,22 @@ static void blk_root_activate(BdrvChild *child, Error **errp) blk->disable_perm = false; + /* + * blk->shared_perm contains the permissions we want to share once + * migration is really completely done. For now, we need to share + * all; but we also need to retain blk->shared_perm, which is + * overwritten by a successful blk_set_perm() call. Save it and + * restore it below. + */ + saved_shared_perm = blk->shared_perm; + blk_set_perm(blk, blk->perm, BLK_PERM_ALL, &local_err); if (local_err) { error_propagate(errp, local_err); blk->disable_perm = true; return; } + blk->shared_perm = saved_shared_perm; if (runstate_check(RUN_STATE_INMIGRATE)) { /* Activation can happen when migration process is still active, for
After migration, the permissions the guest device wants to impose on its BlockBackend are stored in blk->perm and blk->shared_perm. In blk_root_activate(), we take our permissions, but keep all shared permissions open by calling `blk_set_perm(blk->perm, BLK_PERM_ALL)`. Only afterwards (immediately or later, depending on the runstate) do we restrict the shared permissions by calling `blk_set_perm(blk->perm, blk->shared_perm)`. Unfortunately, our first call with shared_perm=BLK_PERM_ALL has overwritten blk->shared_perm to be BLK_PERM_ALL, so this is a no-op and the set of shared permissions is not restricted. Fix this bug by saving the set of shared permissions before invoking blk_set_perm() with BLK_PERM_ALL and restoring it afterwards. Fixes: 5f7772c4d0cf32f4e779fcd5a69ae4dae24aeebf ("block-backend: Defer shared_perm tightening migration completion") Reported-by: Peng Liang <liangpeng10@huawei.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com> --- block/block-backend.c | 11 +++++++++++ 1 file changed, 11 insertions(+)