diff options
Diffstat (limited to 'block.c')
-rw-r--r-- | block.c | 185 |
1 files changed, 64 insertions, 121 deletions
@@ -1900,10 +1900,9 @@ static int bdrv_fill_options(QDict **options, const char *filename, static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q, uint64_t perm, uint64_t shared, - GSList *ignore_children, - bool *tighten_restrictions, Error **errp); + GSList *ignore_children, Error **errp); static void bdrv_child_abort_perm_update(BdrvChild *c); -static void bdrv_child_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared); +static void bdrv_child_set_perm(BdrvChild *c); typedef struct BlockReopenQueueEntry { bool prepared; @@ -1974,43 +1973,18 @@ static void bdrv_child_perm(BlockDriverState *bs, BlockDriverState *child_bs, * permissions of all its parents. This involves checking whether all necessary * permission changes to child nodes can be performed. * - * Will set *tighten_restrictions to true if and only if new permissions have to - * be taken or currently shared permissions are to be unshared. Otherwise, - * errors are not fatal as long as the caller accepts that the restrictions - * remain tighter than they need to be. The caller still has to abort the - * transaction. - * @tighten_restrictions cannot be used together with @q: When reopening, we may - * encounter fatal errors even though no restrictions are to be tightened. For - * example, changing a node from RW to RO will fail if the WRITE permission is - * to be kept. - * * A call to this function must always be followed by a call to bdrv_set_perm() * or bdrv_abort_perm_update(). */ static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q, uint64_t cumulative_perms, uint64_t cumulative_shared_perms, - GSList *ignore_children, - bool *tighten_restrictions, Error **errp) + GSList *ignore_children, Error **errp) { BlockDriver *drv = bs->drv; BdrvChild *c; int ret; - assert(!q || !tighten_restrictions); - - if (tighten_restrictions) { - uint64_t current_perms, current_shared; - uint64_t added_perms, removed_shared_perms; - - bdrv_get_cumulative_perm(bs, ¤t_perms, ¤t_shared); - - added_perms = cumulative_perms & ~current_perms; - removed_shared_perms = current_shared & ~cumulative_shared_perms; - - *tighten_restrictions = added_perms || removed_shared_perms; - } - /* Write permissions never work with read-only images */ if ((cumulative_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) && !bdrv_is_writable_after_reopen(bs, q)) @@ -2054,8 +2028,11 @@ static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q, } if (drv->bdrv_check_perm) { - return drv->bdrv_check_perm(bs, cumulative_perms, - cumulative_shared_perms, errp); + ret = drv->bdrv_check_perm(bs, cumulative_perms, + cumulative_shared_perms, errp); + if (ret < 0) { + return ret; + } } /* Drivers that never have children can omit .bdrv_child_perm() */ @@ -2067,18 +2044,12 @@ static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q, /* Check all children */ QLIST_FOREACH(c, &bs->children, next) { uint64_t cur_perm, cur_shared; - bool child_tighten_restr; bdrv_child_perm(bs, c->bs, c, c->role, q, cumulative_perms, cumulative_shared_perms, &cur_perm, &cur_shared); ret = bdrv_child_check_perm(c, q, cur_perm, cur_shared, ignore_children, - tighten_restrictions ? &child_tighten_restr - : NULL, errp); - if (tighten_restrictions) { - *tighten_restrictions |= child_tighten_restr; - } if (ret < 0) { return ret; } @@ -2112,9 +2083,9 @@ static void bdrv_abort_perm_update(BlockDriverState *bs) } } -static void bdrv_set_perm(BlockDriverState *bs, uint64_t cumulative_perms, - uint64_t cumulative_shared_perms) +static void bdrv_set_perm(BlockDriverState *bs) { + uint64_t cumulative_perms, cumulative_shared_perms; BlockDriver *drv = bs->drv; BdrvChild *c; @@ -2122,6 +2093,8 @@ static void bdrv_set_perm(BlockDriverState *bs, uint64_t cumulative_perms, return; } + bdrv_get_cumulative_perm(bs, &cumulative_perms, &cumulative_shared_perms); + /* Update this node */ if (drv->bdrv_set_perm) { drv->bdrv_set_perm(bs, cumulative_perms, cumulative_shared_perms); @@ -2135,11 +2108,7 @@ static void bdrv_set_perm(BlockDriverState *bs, uint64_t cumulative_perms, /* Update all children */ QLIST_FOREACH(c, &bs->children, next) { - uint64_t cur_perm, cur_shared; - bdrv_child_perm(bs, c->bs, c, c->role, NULL, - cumulative_perms, cumulative_shared_perms, - &cur_perm, &cur_shared); - bdrv_child_set_perm(c, cur_perm, cur_shared); + bdrv_child_set_perm(c); } } @@ -2203,22 +2172,18 @@ char *bdrv_perm_names(uint64_t perm) * set, the BdrvChild objects in this list are ignored in the calculations; * this allows checking permission updates for an existing reference. * - * See bdrv_check_perm() for the semantics of @tighten_restrictions. - * * Needs to be followed by a call to either bdrv_set_perm() or * bdrv_abort_perm_update(). */ static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q, uint64_t new_used_perm, uint64_t new_shared_perm, GSList *ignore_children, - bool *tighten_restrictions, Error **errp) { BdrvChild *c; uint64_t cumulative_perms = new_used_perm; uint64_t cumulative_shared_perms = new_shared_perm; - assert(!q || !tighten_restrictions); /* There is no reason why anyone couldn't tolerate write_unchanged */ assert(new_shared_perm & BLK_PERM_WRITE_UNCHANGED); @@ -2232,10 +2197,6 @@ static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q, char *user = bdrv_child_user_desc(c); char *perm_names = bdrv_perm_names(new_used_perm & ~c->shared_perm); - if (tighten_restrictions) { - *tighten_restrictions = true; - } - error_setg(errp, "Conflicts with use by %s as '%s', which does not " "allow '%s' on %s", user, c->name, perm_names, bdrv_get_node_name(c->bs)); @@ -2248,10 +2209,6 @@ static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q, char *user = bdrv_child_user_desc(c); char *perm_names = bdrv_perm_names(c->perm & ~new_shared_perm); - if (tighten_restrictions) { - *tighten_restrictions = true; - } - error_setg(errp, "Conflicts with use by %s as '%s', which uses " "'%s' on %s", user, c->name, perm_names, bdrv_get_node_name(c->bs)); @@ -2265,21 +2222,19 @@ static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q, } return bdrv_check_perm(bs, q, cumulative_perms, cumulative_shared_perms, - ignore_children, tighten_restrictions, errp); + ignore_children, errp); } /* Needs to be followed by a call to either bdrv_child_set_perm() or * bdrv_child_abort_perm_update(). */ static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q, uint64_t perm, uint64_t shared, - GSList *ignore_children, - bool *tighten_restrictions, Error **errp) + GSList *ignore_children, Error **errp) { int ret; ignore_children = g_slist_prepend(g_slist_copy(ignore_children), c); - ret = bdrv_check_update_perm(c->bs, q, perm, shared, ignore_children, - tighten_restrictions, errp); + ret = bdrv_check_update_perm(c->bs, q, perm, shared, ignore_children, errp); g_slist_free(ignore_children); if (ret < 0) { @@ -2302,18 +2257,11 @@ static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q, return 0; } -static void bdrv_child_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared) +static void bdrv_child_set_perm(BdrvChild *c) { - uint64_t cumulative_perms, cumulative_shared_perms; - c->has_backup_perm = false; - c->perm = perm; - c->shared_perm = shared; - - bdrv_get_cumulative_perm(c->bs, &cumulative_perms, - &cumulative_shared_perms); - bdrv_set_perm(c->bs, cumulative_perms, cumulative_shared_perms); + bdrv_set_perm(c->bs); } static void bdrv_child_abort_perm_update(BdrvChild *c) @@ -2327,18 +2275,33 @@ static void bdrv_child_abort_perm_update(BdrvChild *c) bdrv_abort_perm_update(c->bs); } +static int bdrv_refresh_perms(BlockDriverState *bs, Error **errp) +{ + int ret; + uint64_t perm, shared_perm; + + bdrv_get_cumulative_perm(bs, &perm, &shared_perm); + ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, errp); + if (ret < 0) { + bdrv_abort_perm_update(bs); + return ret; + } + bdrv_set_perm(bs); + + return 0; +} + int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared, Error **errp) { Error *local_err = NULL; int ret; - bool tighten_restrictions; - ret = bdrv_child_check_perm(c, NULL, perm, shared, NULL, - &tighten_restrictions, &local_err); + ret = bdrv_child_check_perm(c, NULL, perm, shared, NULL, &local_err); if (ret < 0) { bdrv_child_abort_perm_update(c); - if (tighten_restrictions) { + if ((perm & ~c->perm) || (c->shared_perm & ~shared)) { + /* tighten permissions */ error_propagate(errp, local_err); } else { /* @@ -2353,7 +2316,7 @@ int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared, return ret; } - bdrv_child_set_perm(c, perm, shared); + bdrv_child_set_perm(c); return 0; } @@ -2623,7 +2586,6 @@ static void bdrv_replace_child_noperm(BdrvChild *child, static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs) { BlockDriverState *old_bs = child->bs; - uint64_t perm, shared_perm; /* Asserts that child->frozen == false */ bdrv_replace_child_noperm(child, new_bs); @@ -2637,27 +2599,16 @@ static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs) * restrictions. */ if (new_bs) { - bdrv_get_cumulative_perm(new_bs, &perm, &shared_perm); - bdrv_set_perm(new_bs, perm, shared_perm); + bdrv_set_perm(new_bs); } if (old_bs) { - /* Update permissions for old node. This is guaranteed to succeed - * because we're just taking a parent away, so we're loosening - * restrictions. */ - bool tighten_restrictions; - int ret; - - bdrv_get_cumulative_perm(old_bs, &perm, &shared_perm); - ret = bdrv_check_perm(old_bs, NULL, perm, shared_perm, NULL, - &tighten_restrictions, NULL); - assert(tighten_restrictions == false); - if (ret < 0) { - /* We only tried to loosen restrictions, so errors are not fatal */ - bdrv_abort_perm_update(old_bs); - } else { - bdrv_set_perm(old_bs, perm, shared_perm); - } + /* + * Update permissions for old node. We're just taking a parent away, so + * we're loosening restrictions. Errors of permission update are not + * fatal in this case, ignore them. + */ + bdrv_refresh_perms(old_bs, NULL); /* When the parent requiring a non-default AioContext is removed, the * node moves back to the main AioContext */ @@ -2687,8 +2638,7 @@ BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs, Error *local_err = NULL; int ret; - ret = bdrv_check_update_perm(child_bs, NULL, perm, shared_perm, NULL, NULL, - errp); + ret = bdrv_check_update_perm(child_bs, NULL, perm, shared_perm, NULL, errp); if (ret < 0) { bdrv_abort_perm_update(child_bs); bdrv_unref(child_bs); @@ -3820,7 +3770,7 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp) QTAILQ_FOREACH(bs_entry, bs_queue, entry) { BDRVReopenState *state = &bs_entry->state; ret = bdrv_check_perm(state->bs, bs_queue, state->perm, - state->shared_perm, NULL, NULL, errp); + state->shared_perm, NULL, errp); if (ret < 0) { goto cleanup_perm; } @@ -3832,7 +3782,7 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp) bs_queue, state->perm, state->shared_perm, &nperm, &nshared); ret = bdrv_check_update_perm(state->new_backing_bs, NULL, - nperm, nshared, NULL, NULL, errp); + nperm, nshared, NULL, errp); if (ret < 0) { goto cleanup_perm; } @@ -3863,7 +3813,13 @@ cleanup_perm: } if (ret == 0) { - bdrv_set_perm(state->bs, state->perm, state->shared_perm); + uint64_t perm, shared; + + bdrv_get_cumulative_perm(state->bs, &perm, &shared); + assert(perm == state->perm); + assert(shared == state->shared_perm); + + bdrv_set_perm(state->bs); } else { bdrv_abort_perm_update(state->bs); if (state->replace_backing_bs && state->new_backing_bs) { @@ -4616,7 +4572,7 @@ static void bdrv_replace_node_common(BlockDriverState *from, /* Check whether the required permissions can be granted on @to, ignoring * all BdrvChild in @list so that they can't block themselves. */ - ret = bdrv_check_update_perm(to, NULL, perm, shared, list, NULL, errp); + ret = bdrv_check_update_perm(to, NULL, perm, shared, list, errp); if (ret < 0) { bdrv_abort_perm_update(to); goto out; @@ -4633,8 +4589,7 @@ static void bdrv_replace_node_common(BlockDriverState *from, bdrv_unref(from); } - bdrv_get_cumulative_perm(to, &perm, &shared); - bdrv_set_perm(to, perm, shared); + bdrv_set_perm(to); out: g_slist_free(list); @@ -5781,7 +5736,6 @@ void bdrv_init_with_whitelist(void) int coroutine_fn bdrv_co_invalidate_cache(BlockDriverState *bs, Error **errp) { BdrvChild *child, *parent; - uint64_t perm, shared_perm; Error *local_err = NULL; int ret; BdrvDirtyBitmap *bm; @@ -5813,14 +5767,11 @@ int coroutine_fn bdrv_co_invalidate_cache(BlockDriverState *bs, Error **errp) */ if (bs->open_flags & BDRV_O_INACTIVE) { bs->open_flags &= ~BDRV_O_INACTIVE; - bdrv_get_cumulative_perm(bs, &perm, &shared_perm); - ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, NULL, errp); + ret = bdrv_refresh_perms(bs, errp); if (ret < 0) { - bdrv_abort_perm_update(bs); bs->open_flags |= BDRV_O_INACTIVE; return ret; } - bdrv_set_perm(bs, perm, shared_perm); if (bs->drv->bdrv_co_invalidate_cache) { bs->drv->bdrv_co_invalidate_cache(bs, &local_err); @@ -5895,8 +5846,6 @@ static bool bdrv_has_bds_parent(BlockDriverState *bs, bool only_active) static int bdrv_inactivate_recurse(BlockDriverState *bs) { BdrvChild *child, *parent; - bool tighten_restrictions; - uint64_t perm, shared_perm; int ret; if (!bs->drv) { @@ -5930,18 +5879,12 @@ static int bdrv_inactivate_recurse(BlockDriverState *bs) bs->open_flags |= BDRV_O_INACTIVE; - /* Update permissions, they may differ for inactive nodes */ - bdrv_get_cumulative_perm(bs, &perm, &shared_perm); - ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, - &tighten_restrictions, NULL); - assert(tighten_restrictions == false); - if (ret < 0) { - /* We only tried to loosen restrictions, so errors are not fatal */ - bdrv_abort_perm_update(bs); - } else { - bdrv_set_perm(bs, perm, shared_perm); - } - + /* + * Update permissions, they may differ for inactive nodes. + * We only tried to loosen restrictions, so errors are not fatal, ignore + * them. + */ + bdrv_refresh_perms(bs, NULL); /* Recursively inactivate children */ QLIST_FOREACH(child, &bs->children, next) { |