aboutsummaryrefslogtreecommitdiff
path: root/block.c
diff options
context:
space:
mode:
Diffstat (limited to 'block.c')
-rw-r--r--block.c185
1 files changed, 64 insertions, 121 deletions
diff --git a/block.c b/block.c
index 8f17750..64412ee 100644
--- a/block.c
+++ b/block.c
@@ -1900,10 +1900,9 @@ static int bdrv_fill_options(QDict **options, const char *filename,
static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q,
uint64_t perm, uint64_t shared,
- GSList *ignore_children,
- bool *tighten_restrictions, Error **errp);
+ GSList *ignore_children, Error **errp);
static void bdrv_child_abort_perm_update(BdrvChild *c);
-static void bdrv_child_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared);
+static void bdrv_child_set_perm(BdrvChild *c);
typedef struct BlockReopenQueueEntry {
bool prepared;
@@ -1974,43 +1973,18 @@ static void bdrv_child_perm(BlockDriverState *bs, BlockDriverState *child_bs,
* permissions of all its parents. This involves checking whether all necessary
* permission changes to child nodes can be performed.
*
- * Will set *tighten_restrictions to true if and only if new permissions have to
- * be taken or currently shared permissions are to be unshared. Otherwise,
- * errors are not fatal as long as the caller accepts that the restrictions
- * remain tighter than they need to be. The caller still has to abort the
- * transaction.
- * @tighten_restrictions cannot be used together with @q: When reopening, we may
- * encounter fatal errors even though no restrictions are to be tightened. For
- * example, changing a node from RW to RO will fail if the WRITE permission is
- * to be kept.
- *
* A call to this function must always be followed by a call to bdrv_set_perm()
* or bdrv_abort_perm_update().
*/
static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
uint64_t cumulative_perms,
uint64_t cumulative_shared_perms,
- GSList *ignore_children,
- bool *tighten_restrictions, Error **errp)
+ GSList *ignore_children, Error **errp)
{
BlockDriver *drv = bs->drv;
BdrvChild *c;
int ret;
- assert(!q || !tighten_restrictions);
-
- if (tighten_restrictions) {
- uint64_t current_perms, current_shared;
- uint64_t added_perms, removed_shared_perms;
-
- bdrv_get_cumulative_perm(bs, &current_perms, &current_shared);
-
- added_perms = cumulative_perms & ~current_perms;
- removed_shared_perms = current_shared & ~cumulative_shared_perms;
-
- *tighten_restrictions = added_perms || removed_shared_perms;
- }
-
/* Write permissions never work with read-only images */
if ((cumulative_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) &&
!bdrv_is_writable_after_reopen(bs, q))
@@ -2054,8 +2028,11 @@ static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
}
if (drv->bdrv_check_perm) {
- return drv->bdrv_check_perm(bs, cumulative_perms,
- cumulative_shared_perms, errp);
+ ret = drv->bdrv_check_perm(bs, cumulative_perms,
+ cumulative_shared_perms, errp);
+ if (ret < 0) {
+ return ret;
+ }
}
/* Drivers that never have children can omit .bdrv_child_perm() */
@@ -2067,18 +2044,12 @@ static int bdrv_check_perm(BlockDriverState *bs, BlockReopenQueue *q,
/* Check all children */
QLIST_FOREACH(c, &bs->children, next) {
uint64_t cur_perm, cur_shared;
- bool child_tighten_restr;
bdrv_child_perm(bs, c->bs, c, c->role, q,
cumulative_perms, cumulative_shared_perms,
&cur_perm, &cur_shared);
ret = bdrv_child_check_perm(c, q, cur_perm, cur_shared, ignore_children,
- tighten_restrictions ? &child_tighten_restr
- : NULL,
errp);
- if (tighten_restrictions) {
- *tighten_restrictions |= child_tighten_restr;
- }
if (ret < 0) {
return ret;
}
@@ -2112,9 +2083,9 @@ static void bdrv_abort_perm_update(BlockDriverState *bs)
}
}
-static void bdrv_set_perm(BlockDriverState *bs, uint64_t cumulative_perms,
- uint64_t cumulative_shared_perms)
+static void bdrv_set_perm(BlockDriverState *bs)
{
+ uint64_t cumulative_perms, cumulative_shared_perms;
BlockDriver *drv = bs->drv;
BdrvChild *c;
@@ -2122,6 +2093,8 @@ static void bdrv_set_perm(BlockDriverState *bs, uint64_t cumulative_perms,
return;
}
+ bdrv_get_cumulative_perm(bs, &cumulative_perms, &cumulative_shared_perms);
+
/* Update this node */
if (drv->bdrv_set_perm) {
drv->bdrv_set_perm(bs, cumulative_perms, cumulative_shared_perms);
@@ -2135,11 +2108,7 @@ static void bdrv_set_perm(BlockDriverState *bs, uint64_t cumulative_perms,
/* Update all children */
QLIST_FOREACH(c, &bs->children, next) {
- uint64_t cur_perm, cur_shared;
- bdrv_child_perm(bs, c->bs, c, c->role, NULL,
- cumulative_perms, cumulative_shared_perms,
- &cur_perm, &cur_shared);
- bdrv_child_set_perm(c, cur_perm, cur_shared);
+ bdrv_child_set_perm(c);
}
}
@@ -2203,22 +2172,18 @@ char *bdrv_perm_names(uint64_t perm)
* set, the BdrvChild objects in this list are ignored in the calculations;
* this allows checking permission updates for an existing reference.
*
- * See bdrv_check_perm() for the semantics of @tighten_restrictions.
- *
* Needs to be followed by a call to either bdrv_set_perm() or
* bdrv_abort_perm_update(). */
static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
uint64_t new_used_perm,
uint64_t new_shared_perm,
GSList *ignore_children,
- bool *tighten_restrictions,
Error **errp)
{
BdrvChild *c;
uint64_t cumulative_perms = new_used_perm;
uint64_t cumulative_shared_perms = new_shared_perm;
- assert(!q || !tighten_restrictions);
/* There is no reason why anyone couldn't tolerate write_unchanged */
assert(new_shared_perm & BLK_PERM_WRITE_UNCHANGED);
@@ -2232,10 +2197,6 @@ static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
char *user = bdrv_child_user_desc(c);
char *perm_names = bdrv_perm_names(new_used_perm & ~c->shared_perm);
- if (tighten_restrictions) {
- *tighten_restrictions = true;
- }
-
error_setg(errp, "Conflicts with use by %s as '%s', which does not "
"allow '%s' on %s",
user, c->name, perm_names, bdrv_get_node_name(c->bs));
@@ -2248,10 +2209,6 @@ static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
char *user = bdrv_child_user_desc(c);
char *perm_names = bdrv_perm_names(c->perm & ~new_shared_perm);
- if (tighten_restrictions) {
- *tighten_restrictions = true;
- }
-
error_setg(errp, "Conflicts with use by %s as '%s', which uses "
"'%s' on %s",
user, c->name, perm_names, bdrv_get_node_name(c->bs));
@@ -2265,21 +2222,19 @@ static int bdrv_check_update_perm(BlockDriverState *bs, BlockReopenQueue *q,
}
return bdrv_check_perm(bs, q, cumulative_perms, cumulative_shared_perms,
- ignore_children, tighten_restrictions, errp);
+ ignore_children, errp);
}
/* Needs to be followed by a call to either bdrv_child_set_perm() or
* bdrv_child_abort_perm_update(). */
static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q,
uint64_t perm, uint64_t shared,
- GSList *ignore_children,
- bool *tighten_restrictions, Error **errp)
+ GSList *ignore_children, Error **errp)
{
int ret;
ignore_children = g_slist_prepend(g_slist_copy(ignore_children), c);
- ret = bdrv_check_update_perm(c->bs, q, perm, shared, ignore_children,
- tighten_restrictions, errp);
+ ret = bdrv_check_update_perm(c->bs, q, perm, shared, ignore_children, errp);
g_slist_free(ignore_children);
if (ret < 0) {
@@ -2302,18 +2257,11 @@ static int bdrv_child_check_perm(BdrvChild *c, BlockReopenQueue *q,
return 0;
}
-static void bdrv_child_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared)
+static void bdrv_child_set_perm(BdrvChild *c)
{
- uint64_t cumulative_perms, cumulative_shared_perms;
-
c->has_backup_perm = false;
- c->perm = perm;
- c->shared_perm = shared;
-
- bdrv_get_cumulative_perm(c->bs, &cumulative_perms,
- &cumulative_shared_perms);
- bdrv_set_perm(c->bs, cumulative_perms, cumulative_shared_perms);
+ bdrv_set_perm(c->bs);
}
static void bdrv_child_abort_perm_update(BdrvChild *c)
@@ -2327,18 +2275,33 @@ static void bdrv_child_abort_perm_update(BdrvChild *c)
bdrv_abort_perm_update(c->bs);
}
+static int bdrv_refresh_perms(BlockDriverState *bs, Error **errp)
+{
+ int ret;
+ uint64_t perm, shared_perm;
+
+ bdrv_get_cumulative_perm(bs, &perm, &shared_perm);
+ ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, errp);
+ if (ret < 0) {
+ bdrv_abort_perm_update(bs);
+ return ret;
+ }
+ bdrv_set_perm(bs);
+
+ return 0;
+}
+
int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
Error **errp)
{
Error *local_err = NULL;
int ret;
- bool tighten_restrictions;
- ret = bdrv_child_check_perm(c, NULL, perm, shared, NULL,
- &tighten_restrictions, &local_err);
+ ret = bdrv_child_check_perm(c, NULL, perm, shared, NULL, &local_err);
if (ret < 0) {
bdrv_child_abort_perm_update(c);
- if (tighten_restrictions) {
+ if ((perm & ~c->perm) || (c->shared_perm & ~shared)) {
+ /* tighten permissions */
error_propagate(errp, local_err);
} else {
/*
@@ -2353,7 +2316,7 @@ int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
return ret;
}
- bdrv_child_set_perm(c, perm, shared);
+ bdrv_child_set_perm(c);
return 0;
}
@@ -2623,7 +2586,6 @@ static void bdrv_replace_child_noperm(BdrvChild *child,
static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
{
BlockDriverState *old_bs = child->bs;
- uint64_t perm, shared_perm;
/* Asserts that child->frozen == false */
bdrv_replace_child_noperm(child, new_bs);
@@ -2637,27 +2599,16 @@ static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
* restrictions.
*/
if (new_bs) {
- bdrv_get_cumulative_perm(new_bs, &perm, &shared_perm);
- bdrv_set_perm(new_bs, perm, shared_perm);
+ bdrv_set_perm(new_bs);
}
if (old_bs) {
- /* Update permissions for old node. This is guaranteed to succeed
- * because we're just taking a parent away, so we're loosening
- * restrictions. */
- bool tighten_restrictions;
- int ret;
-
- bdrv_get_cumulative_perm(old_bs, &perm, &shared_perm);
- ret = bdrv_check_perm(old_bs, NULL, perm, shared_perm, NULL,
- &tighten_restrictions, NULL);
- assert(tighten_restrictions == false);
- if (ret < 0) {
- /* We only tried to loosen restrictions, so errors are not fatal */
- bdrv_abort_perm_update(old_bs);
- } else {
- bdrv_set_perm(old_bs, perm, shared_perm);
- }
+ /*
+ * Update permissions for old node. We're just taking a parent away, so
+ * we're loosening restrictions. Errors of permission update are not
+ * fatal in this case, ignore them.
+ */
+ bdrv_refresh_perms(old_bs, NULL);
/* When the parent requiring a non-default AioContext is removed, the
* node moves back to the main AioContext */
@@ -2687,8 +2638,7 @@ BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
Error *local_err = NULL;
int ret;
- ret = bdrv_check_update_perm(child_bs, NULL, perm, shared_perm, NULL, NULL,
- errp);
+ ret = bdrv_check_update_perm(child_bs, NULL, perm, shared_perm, NULL, errp);
if (ret < 0) {
bdrv_abort_perm_update(child_bs);
bdrv_unref(child_bs);
@@ -3820,7 +3770,7 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
QTAILQ_FOREACH(bs_entry, bs_queue, entry) {
BDRVReopenState *state = &bs_entry->state;
ret = bdrv_check_perm(state->bs, bs_queue, state->perm,
- state->shared_perm, NULL, NULL, errp);
+ state->shared_perm, NULL, errp);
if (ret < 0) {
goto cleanup_perm;
}
@@ -3832,7 +3782,7 @@ int bdrv_reopen_multiple(BlockReopenQueue *bs_queue, Error **errp)
bs_queue, state->perm, state->shared_perm,
&nperm, &nshared);
ret = bdrv_check_update_perm(state->new_backing_bs, NULL,
- nperm, nshared, NULL, NULL, errp);
+ nperm, nshared, NULL, errp);
if (ret < 0) {
goto cleanup_perm;
}
@@ -3863,7 +3813,13 @@ cleanup_perm:
}
if (ret == 0) {
- bdrv_set_perm(state->bs, state->perm, state->shared_perm);
+ uint64_t perm, shared;
+
+ bdrv_get_cumulative_perm(state->bs, &perm, &shared);
+ assert(perm == state->perm);
+ assert(shared == state->shared_perm);
+
+ bdrv_set_perm(state->bs);
} else {
bdrv_abort_perm_update(state->bs);
if (state->replace_backing_bs && state->new_backing_bs) {
@@ -4616,7 +4572,7 @@ static void bdrv_replace_node_common(BlockDriverState *from,
/* Check whether the required permissions can be granted on @to, ignoring
* all BdrvChild in @list so that they can't block themselves. */
- ret = bdrv_check_update_perm(to, NULL, perm, shared, list, NULL, errp);
+ ret = bdrv_check_update_perm(to, NULL, perm, shared, list, errp);
if (ret < 0) {
bdrv_abort_perm_update(to);
goto out;
@@ -4633,8 +4589,7 @@ static void bdrv_replace_node_common(BlockDriverState *from,
bdrv_unref(from);
}
- bdrv_get_cumulative_perm(to, &perm, &shared);
- bdrv_set_perm(to, perm, shared);
+ bdrv_set_perm(to);
out:
g_slist_free(list);
@@ -5781,7 +5736,6 @@ void bdrv_init_with_whitelist(void)
int coroutine_fn bdrv_co_invalidate_cache(BlockDriverState *bs, Error **errp)
{
BdrvChild *child, *parent;
- uint64_t perm, shared_perm;
Error *local_err = NULL;
int ret;
BdrvDirtyBitmap *bm;
@@ -5813,14 +5767,11 @@ int coroutine_fn bdrv_co_invalidate_cache(BlockDriverState *bs, Error **errp)
*/
if (bs->open_flags & BDRV_O_INACTIVE) {
bs->open_flags &= ~BDRV_O_INACTIVE;
- bdrv_get_cumulative_perm(bs, &perm, &shared_perm);
- ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL, NULL, errp);
+ ret = bdrv_refresh_perms(bs, errp);
if (ret < 0) {
- bdrv_abort_perm_update(bs);
bs->open_flags |= BDRV_O_INACTIVE;
return ret;
}
- bdrv_set_perm(bs, perm, shared_perm);
if (bs->drv->bdrv_co_invalidate_cache) {
bs->drv->bdrv_co_invalidate_cache(bs, &local_err);
@@ -5895,8 +5846,6 @@ static bool bdrv_has_bds_parent(BlockDriverState *bs, bool only_active)
static int bdrv_inactivate_recurse(BlockDriverState *bs)
{
BdrvChild *child, *parent;
- bool tighten_restrictions;
- uint64_t perm, shared_perm;
int ret;
if (!bs->drv) {
@@ -5930,18 +5879,12 @@ static int bdrv_inactivate_recurse(BlockDriverState *bs)
bs->open_flags |= BDRV_O_INACTIVE;
- /* Update permissions, they may differ for inactive nodes */
- bdrv_get_cumulative_perm(bs, &perm, &shared_perm);
- ret = bdrv_check_perm(bs, NULL, perm, shared_perm, NULL,
- &tighten_restrictions, NULL);
- assert(tighten_restrictions == false);
- if (ret < 0) {
- /* We only tried to loosen restrictions, so errors are not fatal */
- bdrv_abort_perm_update(bs);
- } else {
- bdrv_set_perm(bs, perm, shared_perm);
- }
-
+ /*
+ * Update permissions, they may differ for inactive nodes.
+ * We only tried to loosen restrictions, so errors are not fatal, ignore
+ * them.
+ */
+ bdrv_refresh_perms(bs, NULL);
/* Recursively inactivate children */
QLIST_FOREACH(child, &bs->children, next) {