* [Qemu-devel] [PATCH 00/54] New op blocker system, part 1
@ 2017-02-21 14:57 Kevin Wolf
2017-02-21 14:57 ` [Qemu-devel] [PATCH 01/54] blockdev: Use BlockBackend to resize in qmp_block_resize() Kevin Wolf
` (55 more replies)
0 siblings, 56 replies; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:57 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
This series is the first part of implementing the new op blocker system
whose design was agreed on quite a while ago, but proved a bit tricky to
implement in places. There is more work to do to fully replace the old op
blocker system, but realistically we don't have that much time until the 2.9
freeze. So let's merge this series to complement the traditional op blockers
and plan with a second part for the 2.10 timeframe.
The basic idea is that every user of a block node (including things outside the
block layer that go through a BlockBackend, and also other block nodes that
hold references to it) has to declare which low-level operations/permissions it
needs and which operation it allows other users to perform on the same node.
Depending on these declarations, conflicts are avoided by returning an error
for attempts to attach a conflicting user to the same node.
After this series, all users request permissions, and hopefully all of the
permissions they need. For writes and resize, getting the permission first is
actually enforced with assertions. Asserting it for consistent reads is in
theory doable, but would mean introducing a request flag that tell us that
inconsistent reads are okay - and that in all block drivers to recursively
propagate this flag through the backing chain. It might not be worth it.
As stated above, the series doesn't remove the old op blockers yet, though in
theory the new op blockers should block everything that needs to be blocked.
In practice, the read/write/resize blockers should be okay, but
BLK_PERM_GRAPH_MOD isn't to be taken too seriously at the moment. It isn't
really applied consistently and doesn't do much useful yet. Making proper use
of it is left for the part 2 series.
Kevin Wolf (54):
blockdev: Use BlockBackend to resize in qmp_block_resize()
qcow2: Use BB for resizing in qcow2_amend_options()
mirror: Resize active commit base in mirror_run()
block: Pass BdrvChild to bdrv_truncate()
block: Attach bs->file only during .bdrv_open()
block: Factor out bdrv_open_child_bs()
block: Use BlockBackend for image probing
block: Factor out bdrv_open_driver()
block: Add bdrv_new_open_driver()
vvfat: Use opened node as backing file
tests: Use opened block node for block job tests
block: Add op blocker permission constants
block: Add Error argument to bdrv_attach_child()
block: Let callers request permissions when attaching a child node
block: Involve block drivers in permission granting
block: Default .bdrv_child_perm() for filter drivers
block: Request child permissions in filter drivers
block: Default .bdrv_child_perm() for format drivers
block: Request child permissions in format drivers
vvfat: Implement .bdrv_child_perm()
block: Require .bdrv_child_perm() with child nodes
block: Request real permissions in bdrv_attach_child()
block: Add permissions to BlockBackend
block: Add permissions to blk_new()
block: Add error parameter to blk_insert_bs()
block: Add BDRV_O_RESIZE for blk_new_open()
block: Request real permissions in blk_new_open()
block: Allow error return in BlockDevOps.change_media_cb()
hw/block: Request permissions
hw/block: Introduce share-rw qdev property
blockjob: Add permissions to block_job_create()
block: Add BdrvChildRole.get_parent_desc()
block: Include details on permission errors in message
block: Add BdrvChildRole.stay_at_node
blockjob: Add permissions to block_job_add_bdrv()
commit: Use real permissions in commit block job
commit: Use real permissions for HMP 'commit'
backup: Use real permissions in backup block job
block: Fix pending requests check in bdrv_append()
block: BdrvChildRole.attach/detach() callbacks
block: Allow backing file links in change_parent_backing_link()
mirror: Use real permissions in mirror/active commit block job
stream: Use real permissions in streaming block job
mirror: Add filter-node-name to blockdev-mirror
commit: Add filter-node-name to block-commit
hmp: Request permissions in qemu-io
migration/block: Use real permissions
nbd/server: Use real permissions for NBD exports
tests: Remove FIXME comments
block: Pass BdrvChild to bdrv_aligned_preadv/pwritev
block: Assertions for write permissions
block: Assertions for resize permission
block: Add Error parameter to bdrv_set_backing_hd()
block: Add Error parameter to bdrv_append()
block.c | 803 +++++++++++++++++++++++++++++++--------
block/backup.c | 22 +-
block/blkdebug.c | 4 +-
block/blkreplay.c | 1 +
block/blkverify.c | 1 +
block/block-backend.c | 118 +++++-
block/bochs.c | 7 +
block/cloop.c | 7 +
block/commit.c | 168 +++++++-
block/crypto.c | 9 +-
block/dmg.c | 7 +
block/io.c | 40 +-
block/mirror.c | 243 +++++++++---
block/parallels.c | 18 +-
block/qcow.c | 14 +-
block/qcow2-refcount.c | 2 +-
block/qcow2.c | 38 +-
block/qed.c | 22 +-
block/quorum.c | 11 +-
block/raw-format.c | 9 +-
block/replication.c | 9 +-
block/stream.c | 45 ++-
block/vdi.c | 10 +-
block/vhdx-log.c | 2 +-
block/vhdx.c | 12 +-
block/vmdk.c | 13 +-
block/vpc.c | 10 +-
block/vvfat.c | 34 +-
blockdev.c | 74 +++-
blockjob.c | 48 ++-
hmp.c | 33 +-
hw/block/block.c | 24 +-
hw/block/fdc.c | 28 +-
hw/block/m25p80.c | 8 +
hw/block/nand.c | 7 +
hw/block/nvme.c | 8 +-
hw/block/onenand.c | 7 +
hw/block/pflash_cfi01.c | 18 +-
hw/block/pflash_cfi02.c | 19 +-
hw/block/virtio-blk.c | 8 +-
hw/core/qdev-properties-system.c | 9 +-
hw/ide/core.c | 2 +-
hw/ide/qdev.c | 8 +-
hw/nvram/spapr_nvram.c | 8 +
hw/scsi/scsi-disk.c | 12 +-
hw/sd/sd.c | 8 +-
hw/usb/dev-storage.c | 6 +-
include/block/block.h | 49 ++-
include/block/block_int.h | 126 +++++-
include/block/blockjob.h | 5 +-
include/block/blockjob_int.h | 4 +-
include/hw/block/block.h | 7 +-
include/qemu-io.h | 1 +
include/sysemu/block-backend.h | 9 +-
migration/block.c | 20 +-
nbd/server.c | 16 +-
qapi/block-core.json | 16 +-
qemu-img.c | 12 +-
qemu-io-cmds.c | 28 ++
tests/qemu-iotests/051.out | 4 +-
tests/qemu-iotests/051.pc.out | 10 +-
tests/qemu-iotests/055 | 11 +-
tests/qemu-iotests/085.out | 2 +-
tests/qemu-iotests/141 | 2 +-
tests/qemu-iotests/141.out | 4 +-
tests/qemu-iotests/172.out | 53 +++
tests/test-blockjob-txn.c | 12 +-
tests/test-blockjob.c | 16 +-
tests/test-throttle.c | 7 +-
69 files changed, 2013 insertions(+), 415 deletions(-)
--
1.8.3.1
^ permalink raw reply [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 01/54] blockdev: Use BlockBackend to resize in qmp_block_resize()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
@ 2017-02-21 14:57 ` Kevin Wolf
2017-02-22 12:27 ` Max Reitz
2017-02-21 14:57 ` [Qemu-devel] [PATCH 02/54] qcow2: Use BB for resizing in qcow2_amend_options() Kevin Wolf
` (54 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:57 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
In order to be able to do permission checking and to keep working with
the BdrvChild based bdrv_truncate() that this involves, we need to
create a temporary BlockBackend to resize the image.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
blockdev.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/blockdev.c b/blockdev.c
index db82ac9..3596d87 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -2855,6 +2855,7 @@ void qmp_block_resize(bool has_device, const char *device,
int64_t size, Error **errp)
{
Error *local_err = NULL;
+ BlockBackend *blk = NULL;
BlockDriverState *bs;
AioContext *aio_context;
int ret;
@@ -2885,10 +2886,13 @@ void qmp_block_resize(bool has_device, const char *device,
goto out;
}
+ blk = blk_new();
+ blk_insert_bs(blk, bs);
+
/* complete all in-flight operations before resizing the device */
bdrv_drain_all();
- ret = bdrv_truncate(bs, size);
+ ret = blk_truncate(blk, size);
switch (ret) {
case 0:
break;
@@ -2910,6 +2914,7 @@ void qmp_block_resize(bool has_device, const char *device,
}
out:
+ blk_unref(blk);
aio_context_release(aio_context);
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 02/54] qcow2: Use BB for resizing in qcow2_amend_options()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
2017-02-21 14:57 ` [Qemu-devel] [PATCH 01/54] blockdev: Use BlockBackend to resize in qmp_block_resize() Kevin Wolf
@ 2017-02-21 14:57 ` Kevin Wolf
2017-02-22 12:28 ` Max Reitz
2017-02-22 15:53 ` Eric Blake
2017-02-21 14:57 ` [Qemu-devel] [PATCH 03/54] mirror: Resize active commit base in mirror_run() Kevin Wolf
` (53 subsequent siblings)
55 siblings, 2 replies; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:57 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
In order to able to conver bdrv_truncate() to take a BdrvChild and
later to correctly check the resize permission here, we need to use a
BlockBackend for resizing the image.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/qcow2.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/block/qcow2.c b/block/qcow2.c
index 3e274bd..254545a 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -3250,7 +3250,11 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts,
}
if (new_size) {
- ret = bdrv_truncate(bs, new_size);
+ BlockBackend *blk = blk_new();
+ blk_insert_bs(blk, bs);
+ ret = blk_truncate(blk, new_size);
+ blk_unref(blk);
+
if (ret < 0) {
return ret;
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 03/54] mirror: Resize active commit base in mirror_run()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
2017-02-21 14:57 ` [Qemu-devel] [PATCH 01/54] blockdev: Use BlockBackend to resize in qmp_block_resize() Kevin Wolf
2017-02-21 14:57 ` [Qemu-devel] [PATCH 02/54] qcow2: Use BB for resizing in qcow2_amend_options() Kevin Wolf
@ 2017-02-21 14:57 ` Kevin Wolf
2017-02-22 12:34 ` Max Reitz
2017-02-23 11:31 ` Fam Zheng
2017-02-21 14:58 ` [Qemu-devel] [PATCH 04/54] block: Pass BdrvChild to bdrv_truncate() Kevin Wolf
` (52 subsequent siblings)
55 siblings, 2 replies; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:57 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
This is more consistent with the commit block job, and it moves the code
to a place where we already have the necessary BlockBackends to resize
the base image when bdrv_truncate() is changed to require a BdrvChild.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/mirror.c | 50 ++++++++++++++++++++++----------------------------
1 file changed, 22 insertions(+), 28 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
index 698a54e..13f793e 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -657,7 +657,28 @@ static void coroutine_fn mirror_run(void *opaque)
if (s->bdev_length < 0) {
ret = s->bdev_length;
goto immediate_exit;
- } else if (s->bdev_length == 0) {
+ }
+
+ /* Active commit must resize the base image if its size differs from the
+ * active layer. */
+ if (s->base == blk_bs(s->target)) {
+ int64_t base_length;
+
+ base_length = blk_getlength(s->target);
+ if (base_length < 0) {
+ ret = base_length;
+ goto immediate_exit;
+ }
+
+ if (s->bdev_length > base_length) {
+ ret = blk_truncate(s->target, s->bdev_length);
+ if (ret < 0) {
+ goto immediate_exit;
+ }
+ }
+ }
+
+ if (s->bdev_length == 0) {
/* Report BLOCK_JOB_READY and wait for complete. */
block_job_event_ready(&s->common);
s->synced = true;
@@ -1058,9 +1079,7 @@ void commit_active_start(const char *job_id, BlockDriverState *bs,
BlockCompletionFunc *cb, void *opaque, Error **errp,
bool auto_complete)
{
- int64_t length, base_length;
int orig_base_flags;
- int ret;
Error *local_err = NULL;
orig_base_flags = bdrv_get_flags(base);
@@ -1069,31 +1088,6 @@ void commit_active_start(const char *job_id, BlockDriverState *bs,
return;
}
- length = bdrv_getlength(bs);
- if (length < 0) {
- error_setg_errno(errp, -length,
- "Unable to determine length of %s", bs->filename);
- goto error_restore_flags;
- }
-
- base_length = bdrv_getlength(base);
- if (base_length < 0) {
- error_setg_errno(errp, -base_length,
- "Unable to determine length of %s", base->filename);
- goto error_restore_flags;
- }
-
- if (length > base_length) {
- ret = bdrv_truncate(base, length);
- if (ret < 0) {
- error_setg_errno(errp, -ret,
- "Top image %s is larger than base image %s, and "
- "resize of base image failed",
- bs->filename, base->filename);
- goto error_restore_flags;
- }
- }
-
mirror_start_job(job_id, bs, creation_flags, base, NULL, speed, 0, 0,
MIRROR_LEAVE_BACKING_CHAIN,
on_error, on_error, true, cb, opaque, &local_err,
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 04/54] block: Pass BdrvChild to bdrv_truncate()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (2 preceding siblings ...)
2017-02-21 14:57 ` [Qemu-devel] [PATCH 03/54] mirror: Resize active commit base in mirror_run() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 12:37 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 05/54] block: Attach bs->file only during .bdrv_open() Kevin Wolf
` (51 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 3 ++-
block/blkdebug.c | 2 +-
block/block-backend.c | 2 +-
block/crypto.c | 2 +-
block/parallels.c | 8 ++++----
block/qcow.c | 4 ++--
block/qcow2-refcount.c | 2 +-
block/qcow2.c | 4 ++--
block/raw-format.c | 2 +-
block/vhdx-log.c | 2 +-
block/vhdx.c | 2 +-
include/block/block.h | 2 +-
12 files changed, 18 insertions(+), 17 deletions(-)
diff --git a/block.c b/block.c
index 743c349..d951b5d 100644
--- a/block.c
+++ b/block.c
@@ -2626,8 +2626,9 @@ exit:
/**
* Truncate file to 'offset' bytes (needed only for file protocols)
*/
-int bdrv_truncate(BlockDriverState *bs, int64_t offset)
+int bdrv_truncate(BdrvChild *child, int64_t offset)
{
+ BlockDriverState *bs = child->bs;
BlockDriver *drv = bs->drv;
int ret;
if (!drv)
diff --git a/block/blkdebug.c b/block/blkdebug.c
index d8eee1b..6117ce5 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -663,7 +663,7 @@ static int64_t blkdebug_getlength(BlockDriverState *bs)
static int blkdebug_truncate(BlockDriverState *bs, int64_t offset)
{
- return bdrv_truncate(bs->file->bs, offset);
+ return bdrv_truncate(bs->file, offset);
}
static void blkdebug_refresh_filename(BlockDriverState *bs, QDict *options)
diff --git a/block/block-backend.c b/block/block-backend.c
index 819f272..492e71e 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -1605,7 +1605,7 @@ int blk_truncate(BlockBackend *blk, int64_t offset)
return -ENOMEDIUM;
}
- return bdrv_truncate(blk_bs(blk), offset);
+ return bdrv_truncate(blk->root, offset);
}
static void blk_pdiscard_entry(void *opaque)
diff --git a/block/crypto.c b/block/crypto.c
index 7aa7eb5..e05e4dd 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -383,7 +383,7 @@ static int block_crypto_truncate(BlockDriverState *bs, int64_t offset)
offset += payload_offset;
- return bdrv_truncate(bs->file->bs, offset);
+ return bdrv_truncate(bs->file, offset);
}
static void block_crypto_close(BlockDriverState *bs)
diff --git a/block/parallels.c b/block/parallels.c
index 2ccefa7..ac94dfb 100644
--- a/block/parallels.c
+++ b/block/parallels.c
@@ -215,7 +215,7 @@ static int64_t allocate_clusters(BlockDriverState *bs, int64_t sector_num,
s->data_end << BDRV_SECTOR_BITS,
space << BDRV_SECTOR_BITS, 0);
} else {
- ret = bdrv_truncate(bs->file->bs,
+ ret = bdrv_truncate(bs->file,
(s->data_end + space) << BDRV_SECTOR_BITS);
}
if (ret < 0) {
@@ -449,7 +449,7 @@ static int parallels_check(BlockDriverState *bs, BdrvCheckResult *res,
size - res->image_end_offset);
res->leaks += count;
if (fix & BDRV_FIX_LEAKS) {
- ret = bdrv_truncate(bs->file->bs, res->image_end_offset);
+ ret = bdrv_truncate(bs->file, res->image_end_offset);
if (ret < 0) {
res->check_errors++;
return ret;
@@ -681,7 +681,7 @@ static int parallels_open(BlockDriverState *bs, QDict *options, int flags,
goto fail_options;
}
if (!bdrv_has_zero_init(bs->file->bs) ||
- bdrv_truncate(bs->file->bs, bdrv_getlength(bs->file->bs)) != 0) {
+ bdrv_truncate(bs->file, bdrv_getlength(bs->file->bs)) != 0) {
s->prealloc_mode = PRL_PREALLOC_MODE_FALLOCATE;
}
@@ -724,7 +724,7 @@ static void parallels_close(BlockDriverState *bs)
}
if (bs->open_flags & BDRV_O_RDWR) {
- bdrv_truncate(bs->file->bs, s->data_end << BDRV_SECTOR_BITS);
+ bdrv_truncate(bs->file, s->data_end << BDRV_SECTOR_BITS);
}
g_free(s->bat_dirty_bmap);
diff --git a/block/qcow.c b/block/qcow.c
index fb738fc..4534515 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -467,7 +467,7 @@ static uint64_t get_cluster_offset(BlockDriverState *bs,
/* round to cluster size */
cluster_offset = (cluster_offset + s->cluster_size - 1) &
~(s->cluster_size - 1);
- bdrv_truncate(bs->file->bs, cluster_offset + s->cluster_size);
+ bdrv_truncate(bs->file, cluster_offset + s->cluster_size);
/* if encrypted, we must initialize the cluster
content which won't be written */
if (bs->encrypted &&
@@ -909,7 +909,7 @@ static int qcow_make_empty(BlockDriverState *bs)
if (bdrv_pwrite_sync(bs->file, s->l1_table_offset, s->l1_table,
l1_length) < 0)
return -1;
- ret = bdrv_truncate(bs->file->bs, s->l1_table_offset + l1_length);
+ ret = bdrv_truncate(bs->file, s->l1_table_offset + l1_length);
if (ret < 0)
return ret;
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 3dbde18..9e96f64 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -1734,7 +1734,7 @@ static int check_refblocks(BlockDriverState *bs, BdrvCheckResult *res,
goto resize_fail;
}
- ret = bdrv_truncate(bs->file->bs, offset + s->cluster_size);
+ ret = bdrv_truncate(bs->file, offset + s->cluster_size);
if (ret < 0) {
goto resize_fail;
}
diff --git a/block/qcow2.c b/block/qcow2.c
index 254545a..3e1172b 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -2570,7 +2570,7 @@ qcow2_co_pwritev_compressed(BlockDriverState *bs, uint64_t offset,
/* align end of file to a sector boundary to ease reading with
sector based I/Os */
cluster_offset = bdrv_getlength(bs->file->bs);
- return bdrv_truncate(bs->file->bs, cluster_offset);
+ return bdrv_truncate(bs->file, cluster_offset);
}
buf = qemu_blockalign(bs, s->cluster_size);
@@ -2784,7 +2784,7 @@ static int make_completely_empty(BlockDriverState *bs)
goto fail;
}
- ret = bdrv_truncate(bs->file->bs, (3 + l1_clusters) * s->cluster_size);
+ ret = bdrv_truncate(bs->file, (3 + l1_clusters) * s->cluster_size);
if (ret < 0) {
goto fail;
}
diff --git a/block/raw-format.c b/block/raw-format.c
index 8404a82..0ddffbd 100644
--- a/block/raw-format.c
+++ b/block/raw-format.c
@@ -341,7 +341,7 @@ static int raw_truncate(BlockDriverState *bs, int64_t offset)
s->size = offset;
offset += s->offset;
- return bdrv_truncate(bs->file->bs, offset);
+ return bdrv_truncate(bs->file, offset);
}
static int raw_media_changed(BlockDriverState *bs)
diff --git a/block/vhdx-log.c b/block/vhdx-log.c
index 02eb104..67a91c0 100644
--- a/block/vhdx-log.c
+++ b/block/vhdx-log.c
@@ -548,7 +548,7 @@ static int vhdx_log_flush(BlockDriverState *bs, BDRVVHDXState *s,
if (new_file_size % (1024*1024)) {
/* round up to nearest 1MB boundary */
new_file_size = ((new_file_size >> 20) + 1) << 20;
- bdrv_truncate(bs->file->bs, new_file_size);
+ bdrv_truncate(bs->file, new_file_size);
}
}
qemu_vfree(desc_entries);
diff --git a/block/vhdx.c b/block/vhdx.c
index 68db9e0..c67772e 100644
--- a/block/vhdx.c
+++ b/block/vhdx.c
@@ -1165,7 +1165,7 @@ static int vhdx_allocate_block(BlockDriverState *bs, BDRVVHDXState *s,
/* per the spec, the address for a block is in units of 1MB */
*new_offset = ROUND_UP(*new_offset, 1024 * 1024);
- return bdrv_truncate(bs->file->bs, *new_offset + s->block_size);
+ return bdrv_truncate(bs->file, *new_offset + s->block_size);
}
/*
diff --git a/include/block/block.h b/include/block/block.h
index 4e81f20..a4cd06f 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -253,7 +253,7 @@ BlockDriverState *bdrv_find_backing_image(BlockDriverState *bs,
const char *backing_file);
int bdrv_get_backing_file_depth(BlockDriverState *bs);
void bdrv_refresh_filename(BlockDriverState *bs);
-int bdrv_truncate(BlockDriverState *bs, int64_t offset);
+int bdrv_truncate(BdrvChild *child, int64_t offset);
int64_t bdrv_nb_sectors(BlockDriverState *bs);
int64_t bdrv_getlength(BlockDriverState *bs);
int64_t bdrv_get_allocated_file_size(BlockDriverState *bs);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 05/54] block: Attach bs->file only during .bdrv_open()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (3 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 04/54] block: Pass BdrvChild to bdrv_truncate() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 12:41 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 06/54] block: Factor out bdrv_open_child_bs() Kevin Wolf
` (50 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
The way that attaching bs->file worked was a bit unusual in that it was
the only child that would be attached to a node which is not opened yet.
Because of this, the block layer couldn't know yet which permissions the
driver would eventually need.
This patch moves the point where bs->file is attached to the beginning
of the individual .bdrv_open() implementations, so drivers already know
what they are going to do with the child. This is also more consistent
with how driver-specific children work.
For a moment, bdrv_open() gets its own BdrvChild to perform image
probing, but instead of directly assigning this BdrvChild to the BDS, it
becomes a temporary one and the node name is passed as an option to the
drivers, so that they can simply use bdrv_open_child() to create another
reference for their own use.
This duplicated child for (the not opened yet) bs is not the final
state, a follow-up patch will change the image probing code to use a
BlockBackend, which is completely independent of bs.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 35 ++++++++++++++++++++++++-----------
block/bochs.c | 6 ++++++
block/cloop.c | 6 ++++++
block/crypto.c | 6 ++++++
block/dmg.c | 6 ++++++
block/parallels.c | 6 ++++++
block/qcow.c | 6 ++++++
block/qcow2.c | 18 +++++++++++++++---
block/qed.c | 18 +++++++++++++++---
block/raw-format.c | 6 ++++++
block/replication.c | 6 ++++++
block/vdi.c | 6 ++++++
block/vhdx.c | 6 ++++++
block/vmdk.c | 6 ++++++
block/vpc.c | 6 ++++++
tests/qemu-iotests/051.out | 4 ++--
tests/qemu-iotests/051.pc.out | 4 ++--
17 files changed, 130 insertions(+), 21 deletions(-)
diff --git a/block.c b/block.c
index d951b5d..40c4dee 100644
--- a/block.c
+++ b/block.c
@@ -1103,13 +1103,6 @@ static int bdrv_open_common(BlockDriverState *bs, BdrvChild *file,
assert(!drv->bdrv_needs_filename || filename != NULL);
ret = drv->bdrv_file_open(bs, options, open_flags, &local_err);
} else {
- if (file == NULL) {
- error_setg(errp, "Can't use '%s' as a block driver for the "
- "protocol level", drv->format_name);
- ret = -EINVAL;
- goto free_and_fail;
- }
- bs->file = file;
ret = drv->bdrv_open(bs, options, open_flags, &local_err);
}
@@ -1145,7 +1138,6 @@ static int bdrv_open_common(BlockDriverState *bs, BdrvChild *file,
return 0;
free_and_fail:
- bs->file = NULL;
g_free(bs->opaque);
bs->opaque = NULL;
bs->drv = NULL;
@@ -1368,7 +1360,18 @@ void bdrv_unref_child(BlockDriverState *parent, BdrvChild *child)
}
if (child->bs->inherits_from == parent) {
- child->bs->inherits_from = NULL;
+ BdrvChild *c;
+
+ /* Remove inherits_from only when the last reference between parent and
+ * child->bs goes away. */
+ QLIST_FOREACH(c, &parent->children, next) {
+ if (c != child && c->bs == child->bs) {
+ break;
+ }
+ }
+ if (c == NULL) {
+ child->bs->inherits_from = NULL;
+ }
}
bdrv_root_unref_child(child);
@@ -1789,13 +1792,20 @@ static BlockDriverState *bdrv_open_inherit(const char *filename,
qdict_del(options, "backing");
}
- /* Open image file without format layer */
+ /* Open image file without format layer. This BdrvChild is only used for
+ * probing, the block drivers will do their own bdrv_open_child() for the
+ * same BDS, which is why we put the node name back into options. */
if ((flags & BDRV_O_PROTOCOL) == 0) {
+ /* FIXME Shouldn't attach a child to a node that isn't opened yet. */
file = bdrv_open_child(filename, options, "file", bs,
&child_file, true, &local_err);
if (local_err) {
goto fail;
}
+ if (file != NULL) {
+ qdict_put(options, "file",
+ qstring_from_str(bdrv_get_node_name(file->bs)));
+ }
}
/* Image format probing */
@@ -1835,7 +1845,7 @@ static BlockDriverState *bdrv_open_inherit(const char *filename,
goto fail;
}
- if (file && (bs->file != file)) {
+ if (file) {
bdrv_unref_child(bs, file);
file = NULL;
}
@@ -1901,6 +1911,9 @@ fail:
if (file != NULL) {
bdrv_unref_child(bs, file);
}
+ if (bs->file != NULL) {
+ bdrv_unref_child(bs, bs->file);
+ }
QDECREF(snapshot_options);
QDECREF(bs->explicit_options);
QDECREF(bs->options);
diff --git a/block/bochs.c b/block/bochs.c
index 8c9652e..7dd2ac4 100644
--- a/block/bochs.c
+++ b/block/bochs.c
@@ -104,6 +104,12 @@ static int bochs_open(BlockDriverState *bs, QDict *options, int flags,
struct bochs_header bochs;
int ret;
+ bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
+ false, errp);
+ if (!bs->file) {
+ return -EINVAL;
+ }
+
bs->read_only = true; /* no write support yet */
ret = bdrv_pread(bs->file, 0, &bochs, sizeof(bochs));
diff --git a/block/cloop.c b/block/cloop.c
index 7b75f7e..877c9b0 100644
--- a/block/cloop.c
+++ b/block/cloop.c
@@ -66,6 +66,12 @@ static int cloop_open(BlockDriverState *bs, QDict *options, int flags,
uint32_t offsets_size, max_compressed_block_size = 1, i;
int ret;
+ bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
+ false, errp);
+ if (!bs->file) {
+ return -EINVAL;
+ }
+
bs->read_only = true;
/* read header */
diff --git a/block/crypto.c b/block/crypto.c
index e05e4dd..7cb2ff2 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -300,6 +300,12 @@ static int block_crypto_open_generic(QCryptoBlockFormat format,
QCryptoBlockOpenOptions *open_opts = NULL;
unsigned int cflags = 0;
+ bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
+ false, errp);
+ if (!bs->file) {
+ return -EINVAL;
+ }
+
opts = qemu_opts_create(opts_spec, NULL, 0, &error_abort);
qemu_opts_absorb_qdict(opts, options, &local_err);
if (local_err) {
diff --git a/block/dmg.c b/block/dmg.c
index 58a3ae8..8e387cd 100644
--- a/block/dmg.c
+++ b/block/dmg.c
@@ -413,6 +413,12 @@ static int dmg_open(BlockDriverState *bs, QDict *options, int flags,
int64_t offset;
int ret;
+ bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
+ false, errp);
+ if (!bs->file) {
+ return -EINVAL;
+ }
+
block_module_load_one("dmg-bz2");
bs->read_only = true;
diff --git a/block/parallels.c b/block/parallels.c
index ac94dfb..b2ec09f 100644
--- a/block/parallels.c
+++ b/block/parallels.c
@@ -581,6 +581,12 @@ static int parallels_open(BlockDriverState *bs, QDict *options, int flags,
Error *local_err = NULL;
char *buf;
+ bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
+ false, errp);
+ if (!bs->file) {
+ return -EINVAL;
+ }
+
ret = bdrv_pread(bs->file, 0, &ph, sizeof(ph));
if (ret < 0) {
goto fail;
diff --git a/block/qcow.c b/block/qcow.c
index 4534515..038b05a 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -106,6 +106,12 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
QCowHeader header;
Error *local_err = NULL;
+ bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
+ false, errp);
+ if (!bs->file) {
+ return -EINVAL;
+ }
+
ret = bdrv_pread(bs->file, 0, &header, sizeof(header));
if (ret < 0) {
goto fail;
diff --git a/block/qcow2.c b/block/qcow2.c
index 3e1172b..21e6142 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -814,8 +814,8 @@ static int qcow2_update_options(BlockDriverState *bs, QDict *options,
return ret;
}
-static int qcow2_open(BlockDriverState *bs, QDict *options, int flags,
- Error **errp)
+static int qcow2_do_open(BlockDriverState *bs, QDict *options, int flags,
+ Error **errp)
{
BDRVQcow2State *s = bs->opaque;
unsigned int len, i;
@@ -1205,6 +1205,18 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags,
return ret;
}
+static int qcow2_open(BlockDriverState *bs, QDict *options, int flags,
+ Error **errp)
+{
+ bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
+ false, errp);
+ if (!bs->file) {
+ return -EINVAL;
+ }
+
+ return qcow2_do_open(bs, options, flags, errp);
+}
+
static void qcow2_refresh_limits(BlockDriverState *bs, Error **errp)
{
BDRVQcow2State *s = bs->opaque;
@@ -1785,7 +1797,7 @@ static void qcow2_invalidate_cache(BlockDriverState *bs, Error **errp)
options = qdict_clone_shallow(bs->options);
flags &= ~BDRV_O_INACTIVE;
- ret = qcow2_open(bs, options, flags, &local_err);
+ ret = qcow2_do_open(bs, options, flags, &local_err);
QDECREF(options);
if (local_err) {
error_propagate(errp, local_err);
diff --git a/block/qed.c b/block/qed.c
index 0b62c77..62a0a09 100644
--- a/block/qed.c
+++ b/block/qed.c
@@ -415,8 +415,8 @@ static void bdrv_qed_drain(BlockDriverState *bs)
}
}
-static int bdrv_qed_open(BlockDriverState *bs, QDict *options, int flags,
- Error **errp)
+static int bdrv_qed_do_open(BlockDriverState *bs, QDict *options, int flags,
+ Error **errp)
{
BDRVQEDState *s = bs->opaque;
QEDHeader le_header;
@@ -550,6 +550,18 @@ out:
return ret;
}
+static int bdrv_qed_open(BlockDriverState *bs, QDict *options, int flags,
+ Error **errp)
+{
+ bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
+ false, errp);
+ if (!bs->file) {
+ return -EINVAL;
+ }
+
+ return bdrv_qed_do_open(bs, options, flags, errp);
+}
+
static void bdrv_qed_refresh_limits(BlockDriverState *bs, Error **errp)
{
BDRVQEDState *s = bs->opaque;
@@ -1629,7 +1641,7 @@ static void bdrv_qed_invalidate_cache(BlockDriverState *bs, Error **errp)
bdrv_qed_close(bs);
memset(s, 0, sizeof(BDRVQEDState));
- ret = bdrv_qed_open(bs, NULL, bs->open_flags, &local_err);
+ ret = bdrv_qed_do_open(bs, NULL, bs->open_flags, &local_err);
if (local_err) {
error_propagate(errp, local_err);
error_prepend(errp, "Could not reopen qed layer: ");
diff --git a/block/raw-format.c b/block/raw-format.c
index 0ddffbd..ce34d1b 100644
--- a/block/raw-format.c
+++ b/block/raw-format.c
@@ -384,6 +384,12 @@ static int raw_open(BlockDriverState *bs, QDict *options, int flags,
BDRVRawState *s = bs->opaque;
int ret;
+ bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
+ false, errp);
+ if (!bs->file) {
+ return -EINVAL;
+ }
+
bs->sg = bs->file->bs->sg;
bs->supported_write_flags = BDRV_REQ_FUA &
bs->file->bs->supported_write_flags;
diff --git a/block/replication.c b/block/replication.c
index 729dd12..eff85c7 100644
--- a/block/replication.c
+++ b/block/replication.c
@@ -86,6 +86,12 @@ static int replication_open(BlockDriverState *bs, QDict *options,
const char *mode;
const char *top_id;
+ bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
+ false, errp);
+ if (!bs->file) {
+ return -EINVAL;
+ }
+
ret = -EINVAL;
opts = qemu_opts_create(&replication_runtime_opts, NULL, 0, &error_abort);
qemu_opts_absorb_qdict(opts, options, &local_err);
diff --git a/block/vdi.c b/block/vdi.c
index 0aeb940..18b4773 100644
--- a/block/vdi.c
+++ b/block/vdi.c
@@ -363,6 +363,12 @@ static int vdi_open(BlockDriverState *bs, QDict *options, int flags,
int ret;
Error *local_err = NULL;
+ bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
+ false, errp);
+ if (!bs->file) {
+ return -EINVAL;
+ }
+
logout("\n");
ret = bdrv_read(bs->file, 0, (uint8_t *)&header, 1);
diff --git a/block/vhdx.c b/block/vhdx.c
index c67772e..9918ee9 100644
--- a/block/vhdx.c
+++ b/block/vhdx.c
@@ -898,6 +898,12 @@ static int vhdx_open(BlockDriverState *bs, QDict *options, int flags,
uint64_t signature;
Error *local_err = NULL;
+ bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
+ false, errp);
+ if (!bs->file) {
+ return -EINVAL;
+ }
+
s->bat = NULL;
s->first_visible_write = true;
diff --git a/block/vmdk.c b/block/vmdk.c
index 393c84d..9d68ec5 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -943,6 +943,12 @@ static int vmdk_open(BlockDriverState *bs, QDict *options, int flags,
uint32_t magic;
Error *local_err = NULL;
+ bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
+ false, errp);
+ if (!bs->file) {
+ return -EINVAL;
+ }
+
buf = vmdk_read_desc(bs->file, 0, errp);
if (!buf) {
return -EINVAL;
diff --git a/block/vpc.c b/block/vpc.c
index ed6353d..d0df2a1 100644
--- a/block/vpc.c
+++ b/block/vpc.c
@@ -220,6 +220,12 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags,
int disk_type = VHD_DYNAMIC;
int ret;
+ bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
+ false, errp);
+ if (!bs->file) {
+ return -EINVAL;
+ }
+
opts = qemu_opts_create(&vpc_runtime_opts, NULL, 0, &error_abort);
qemu_opts_absorb_qdict(opts, options, &local_err);
if (local_err) {
diff --git a/tests/qemu-iotests/051.out b/tests/qemu-iotests/051.out
index 42bf416..7524c62 100644
--- a/tests/qemu-iotests/051.out
+++ b/tests/qemu-iotests/051.out
@@ -225,7 +225,7 @@ Testing: -drive driver=nbd
QEMU_PROG: -drive driver=nbd: NBD server address missing
Testing: -drive driver=raw
-QEMU_PROG: -drive driver=raw: Can't use 'raw' as a block driver for the protocol level
+QEMU_PROG: -drive driver=raw: A block device must be specified for "file"
Testing: -drive file.driver=file
QEMU_PROG: -drive file.driver=file: The 'file' block driver requires a file name
@@ -234,7 +234,7 @@ Testing: -drive file.driver=nbd
QEMU_PROG: -drive file.driver=nbd: NBD server address missing
Testing: -drive file.driver=raw
-QEMU_PROG: -drive file.driver=raw: Can't use 'raw' as a block driver for the protocol level
+QEMU_PROG: -drive file.driver=raw: A block device must be specified for "file"
Testing: -drive foo=bar
QEMU_PROG: -drive foo=bar: Must specify either driver or file
diff --git a/tests/qemu-iotests/051.pc.out b/tests/qemu-iotests/051.pc.out
index 603bb76..f1669c1 100644
--- a/tests/qemu-iotests/051.pc.out
+++ b/tests/qemu-iotests/051.pc.out
@@ -319,7 +319,7 @@ Testing: -drive driver=nbd
QEMU_PROG: -drive driver=nbd: NBD server address missing
Testing: -drive driver=raw
-QEMU_PROG: -drive driver=raw: Can't use 'raw' as a block driver for the protocol level
+QEMU_PROG: -drive driver=raw: A block device must be specified for "file"
Testing: -drive file.driver=file
QEMU_PROG: -drive file.driver=file: The 'file' block driver requires a file name
@@ -328,7 +328,7 @@ Testing: -drive file.driver=nbd
QEMU_PROG: -drive file.driver=nbd: NBD server address missing
Testing: -drive file.driver=raw
-QEMU_PROG: -drive file.driver=raw: Can't use 'raw' as a block driver for the protocol level
+QEMU_PROG: -drive file.driver=raw: A block device must be specified for "file"
Testing: -drive foo=bar
QEMU_PROG: -drive foo=bar: Must specify either driver or file
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 06/54] block: Factor out bdrv_open_child_bs()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (4 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 05/54] block: Attach bs->file only during .bdrv_open() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 12:46 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 07/54] block: Use BlockBackend for image probing Kevin Wolf
` (49 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
This is the part of bdrv_open_child() that opens a BDS with option
inheritance, but doesn't attach it as a child to the parent yet.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 61 +++++++++++++++++++++++++++++++++++++------------------------
1 file changed, 37 insertions(+), 24 deletions(-)
diff --git a/block.c b/block.c
index 40c4dee..e9d90aa 100644
--- a/block.c
+++ b/block.c
@@ -1546,28 +1546,12 @@ free_exit:
return ret;
}
-/*
- * Opens a disk image whose options are given as BlockdevRef in another block
- * device's options.
- *
- * If allow_none is true, no image will be opened if filename is false and no
- * BlockdevRef is given. NULL will be returned, but errp remains unset.
- *
- * bdrev_key specifies the key for the image's BlockdevRef in the options QDict.
- * That QDict has to be flattened; therefore, if the BlockdevRef is a QDict
- * itself, all options starting with "${bdref_key}." are considered part of the
- * BlockdevRef.
- *
- * The BlockdevRef will be removed from the options QDict.
- */
-BdrvChild *bdrv_open_child(const char *filename,
- QDict *options, const char *bdref_key,
- BlockDriverState* parent,
- const BdrvChildRole *child_role,
- bool allow_none, Error **errp)
+static BlockDriverState *
+bdrv_open_child_bs(const char *filename, QDict *options, const char *bdref_key,
+ BlockDriverState* parent, const BdrvChildRole *child_role,
+ bool allow_none, Error **errp)
{
- BdrvChild *c = NULL;
- BlockDriverState *bs;
+ BlockDriverState *bs = NULL;
QDict *image_options;
char *bdref_key_dot;
const char *reference;
@@ -1594,11 +1578,40 @@ BdrvChild *bdrv_open_child(const char *filename,
goto done;
}
- c = bdrv_attach_child(parent, bs, bdref_key, child_role);
-
done:
qdict_del(options, bdref_key);
- return c;
+ return bs;
+}
+
+/*
+ * Opens a disk image whose options are given as BlockdevRef in another block
+ * device's options.
+ *
+ * If allow_none is true, no image will be opened if filename is false and no
+ * BlockdevRef is given. NULL will be returned, but errp remains unset.
+ *
+ * bdrev_key specifies the key for the image's BlockdevRef in the options QDict.
+ * That QDict has to be flattened; therefore, if the BlockdevRef is a QDict
+ * itself, all options starting with "${bdref_key}." are considered part of the
+ * BlockdevRef.
+ *
+ * The BlockdevRef will be removed from the options QDict.
+ */
+BdrvChild *bdrv_open_child(const char *filename,
+ QDict *options, const char *bdref_key,
+ BlockDriverState* parent,
+ const BdrvChildRole *child_role,
+ bool allow_none, Error **errp)
+{
+ BlockDriverState *bs;
+
+ bs = bdrv_open_child_bs(filename, options, bdref_key, parent, child_role,
+ allow_none, errp);
+ if (bs == NULL) {
+ return NULL;
+ }
+
+ return bdrv_attach_child(parent, bs, bdref_key, child_role);
}
static BlockDriverState *bdrv_append_temp_snapshot(BlockDriverState *bs,
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 07/54] block: Use BlockBackend for image probing
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (5 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 06/54] block: Factor out bdrv_open_child_bs() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 12:56 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 08/54] block: Factor out bdrv_open_driver() Kevin Wolf
` (48 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
This fixes the use of a parent-less BdrvChild in bdrv_open_inherit() by
converting it into a BlockBackend. Which is exactly what it should be,
image probing is an external, standalone user of a node. The requests
can't be considered to originate from the format driver node because
that one isn't even opened yet.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 34 +++++++++++++++++++---------------
1 file changed, 19 insertions(+), 15 deletions(-)
diff --git a/block.c b/block.c
index e9d90aa..0f17576 100644
--- a/block.c
+++ b/block.c
@@ -588,21 +588,20 @@ BlockDriver *bdrv_probe_all(const uint8_t *buf, int buf_size,
return drv;
}
-static int find_image_format(BdrvChild *file, const char *filename,
+static int find_image_format(BlockBackend *file, const char *filename,
BlockDriver **pdrv, Error **errp)
{
- BlockDriverState *bs = file->bs;
BlockDriver *drv;
uint8_t buf[BLOCK_PROBE_BUF_SIZE];
int ret = 0;
/* Return the raw BlockDriver * to scsi-generic devices or empty drives */
- if (bdrv_is_sg(bs) || !bdrv_is_inserted(bs) || bdrv_getlength(bs) == 0) {
+ if (blk_is_sg(file) || !blk_is_inserted(file) || blk_getlength(file) == 0) {
*pdrv = &bdrv_raw;
return ret;
}
- ret = bdrv_pread(file, 0, buf, sizeof(buf));
+ ret = blk_pread(file, 0, buf, sizeof(buf));
if (ret < 0) {
error_setg_errno(errp, -ret, "Could not read image for determining its "
"format");
@@ -974,7 +973,7 @@ QemuOptsList bdrv_runtime_opts = {
*
* Removes all processed options from *options.
*/
-static int bdrv_open_common(BlockDriverState *bs, BdrvChild *file,
+static int bdrv_open_common(BlockDriverState *bs, BlockBackend *file,
QDict *options, Error **errp)
{
int ret, open_flags;
@@ -1005,7 +1004,7 @@ static int bdrv_open_common(BlockDriverState *bs, BdrvChild *file,
assert(drv != NULL);
if (file != NULL) {
- filename = file->bs->filename;
+ filename = blk_bs(file)->filename;
} else {
filename = qdict_get_try_str(options, "filename");
}
@@ -1707,7 +1706,7 @@ static BlockDriverState *bdrv_open_inherit(const char *filename,
Error **errp)
{
int ret;
- BdrvChild *file = NULL;
+ BlockBackend *file = NULL;
BlockDriverState *bs;
BlockDriver *drv = NULL;
const char *drvname;
@@ -1805,19 +1804,24 @@ static BlockDriverState *bdrv_open_inherit(const char *filename,
qdict_del(options, "backing");
}
- /* Open image file without format layer. This BdrvChild is only used for
+ /* Open image file without format layer. This BlockBackend is only used for
* probing, the block drivers will do their own bdrv_open_child() for the
* same BDS, which is why we put the node name back into options. */
if ((flags & BDRV_O_PROTOCOL) == 0) {
- /* FIXME Shouldn't attach a child to a node that isn't opened yet. */
- file = bdrv_open_child(filename, options, "file", bs,
- &child_file, true, &local_err);
+ BlockDriverState *file_bs;
+
+ file_bs = bdrv_open_child_bs(filename, options, "file", bs,
+ &child_file, true, &local_err);
if (local_err) {
goto fail;
}
- if (file != NULL) {
+ if (file_bs != NULL) {
+ file = blk_new();
+ blk_insert_bs(file, file_bs);
+ bdrv_unref(file_bs);
+
qdict_put(options, "file",
- qstring_from_str(bdrv_get_node_name(file->bs)));
+ qstring_from_str(bdrv_get_node_name(file_bs)));
}
}
@@ -1859,7 +1863,7 @@ static BlockDriverState *bdrv_open_inherit(const char *filename,
}
if (file) {
- bdrv_unref_child(bs, file);
+ blk_unref(file);
file = NULL;
}
@@ -1922,7 +1926,7 @@ static BlockDriverState *bdrv_open_inherit(const char *filename,
fail:
if (file != NULL) {
- bdrv_unref_child(bs, file);
+ blk_unref(file);
}
if (bs->file != NULL) {
bdrv_unref_child(bs, bs->file);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 08/54] block: Factor out bdrv_open_driver()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (6 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 07/54] block: Use BlockBackend for image probing Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 12:59 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 09/54] block: Add bdrv_new_open_driver() Kevin Wolf
` (47 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
This is a function that doesn't do any option parsing, but just does
some basic BlockDriverState setup and calls the .bdrv_open() function of
the block driver.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 112 +++++++++++++++++++++++++++++++++++++---------------------------
1 file changed, 65 insertions(+), 47 deletions(-)
diff --git a/block.c b/block.c
index 0f17576..03fc115 100644
--- a/block.c
+++ b/block.c
@@ -925,6 +925,67 @@ out:
g_free(gen_node_name);
}
+static int bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv,
+ const char *node_name, QDict *options,
+ int open_flags, Error **errp)
+{
+ Error *local_err = NULL;
+ int ret;
+
+ bdrv_assign_node_name(bs, node_name, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return -EINVAL;
+ }
+
+ bs->drv = drv;
+ bs->opaque = g_malloc0(drv->instance_size);
+
+ if (drv->bdrv_file_open) {
+ assert(!drv->bdrv_needs_filename || bs->filename[0]);
+ ret = drv->bdrv_file_open(bs, options, open_flags, &local_err);
+ } else {
+ ret = drv->bdrv_open(bs, options, open_flags, &local_err);
+ }
+
+ if (ret < 0) {
+ if (local_err) {
+ error_propagate(errp, local_err);
+ } else if (bs->filename[0]) {
+ error_setg_errno(errp, -ret, "Could not open '%s'", bs->filename);
+ } else {
+ error_setg_errno(errp, -ret, "Could not open image");
+ }
+ goto free_and_fail;
+ }
+
+ ret = refresh_total_sectors(bs, bs->total_sectors);
+ if (ret < 0) {
+ error_setg_errno(errp, -ret, "Could not refresh total sector count");
+ goto free_and_fail;
+ }
+
+ bdrv_refresh_limits(bs, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ ret = -EINVAL;
+ goto free_and_fail;
+ }
+
+ assert(bdrv_opt_mem_align(bs) != 0);
+ assert(bdrv_min_mem_align(bs) != 0);
+ assert(is_power_of_2(bs->bl.request_alignment));
+
+ return 0;
+
+free_and_fail:
+ /* FIXME Close bs first if already opened*/
+ g_free(bs->opaque);
+ bs->opaque = NULL;
+ bs->drv = NULL;
+ return ret;
+}
+
QemuOptsList bdrv_runtime_opts = {
.name = "bdrv_common",
.head = QTAILQ_HEAD_INITIALIZER(bdrv_runtime_opts.head),
@@ -1019,14 +1080,6 @@ static int bdrv_open_common(BlockDriverState *bs, BlockBackend *file,
trace_bdrv_open_common(bs, filename ?: "", bs->open_flags,
drv->format_name);
- node_name = qemu_opt_get(opts, "node-name");
- bdrv_assign_node_name(bs, node_name, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- ret = -EINVAL;
- goto fail_opts;
- }
-
bs->read_only = !(bs->open_flags & BDRV_O_RDWR);
if (use_bdrv_whitelist && !bdrv_is_whitelisted(drv, bs->read_only)) {
@@ -1092,54 +1145,19 @@ static int bdrv_open_common(BlockDriverState *bs, BlockBackend *file,
}
pstrcpy(bs->exact_filename, sizeof(bs->exact_filename), bs->filename);
- bs->drv = drv;
- bs->opaque = g_malloc0(drv->instance_size);
-
/* Open the image, either directly or using a protocol */
open_flags = bdrv_open_flags(bs, bs->open_flags);
- if (drv->bdrv_file_open) {
- assert(file == NULL);
- assert(!drv->bdrv_needs_filename || filename != NULL);
- ret = drv->bdrv_file_open(bs, options, open_flags, &local_err);
- } else {
- ret = drv->bdrv_open(bs, options, open_flags, &local_err);
- }
-
- if (ret < 0) {
- if (local_err) {
- error_propagate(errp, local_err);
- } else if (bs->filename[0]) {
- error_setg_errno(errp, -ret, "Could not open '%s'", bs->filename);
- } else {
- error_setg_errno(errp, -ret, "Could not open image");
- }
- goto free_and_fail;
- }
+ node_name = qemu_opt_get(opts, "node-name");
- ret = refresh_total_sectors(bs, bs->total_sectors);
+ assert(!drv->bdrv_file_open || file == NULL);
+ ret = bdrv_open_driver(bs, drv, node_name, options, open_flags, errp);
if (ret < 0) {
- error_setg_errno(errp, -ret, "Could not refresh total sector count");
- goto free_and_fail;
- }
-
- bdrv_refresh_limits(bs, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- ret = -EINVAL;
- goto free_and_fail;
+ goto fail_opts;
}
- assert(bdrv_opt_mem_align(bs) != 0);
- assert(bdrv_min_mem_align(bs) != 0);
- assert(is_power_of_2(bs->bl.request_alignment));
-
qemu_opts_del(opts);
return 0;
-free_and_fail:
- g_free(bs->opaque);
- bs->opaque = NULL;
- bs->drv = NULL;
fail_opts:
qemu_opts_del(opts);
return ret;
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 09/54] block: Add bdrv_new_open_driver()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (7 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 08/54] block: Factor out bdrv_open_driver() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 13:15 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 10/54] vvfat: Use opened node as backing file Kevin Wolf
` (46 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
This function allows to create more or less normal BlockDriverStates
even for BlockDrivers that aren't globally registered (e.g. helper
filters for block jobs).
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 30 +++++++++++++++++++++++++++++-
include/block/block.h | 2 ++
2 files changed, 31 insertions(+), 1 deletion(-)
diff --git a/block.c b/block.c
index 03fc115..e166fe8 100644
--- a/block.c
+++ b/block.c
@@ -939,13 +939,16 @@ static int bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv,
}
bs->drv = drv;
+ bs->read_only = !(bs->open_flags & BDRV_O_RDWR);
bs->opaque = g_malloc0(drv->instance_size);
if (drv->bdrv_file_open) {
assert(!drv->bdrv_needs_filename || bs->filename[0]);
ret = drv->bdrv_file_open(bs, options, open_flags, &local_err);
- } else {
+ } else if (drv->bdrv_open) {
ret = drv->bdrv_open(bs, options, open_flags, &local_err);
+ } else {
+ ret = 0;
}
if (ret < 0) {
@@ -986,6 +989,31 @@ free_and_fail:
return ret;
}
+BlockDriverState *bdrv_new_open_driver(BlockDriver *drv, const char *node_name,
+ int flags, Error **errp)
+{
+ BlockDriverState *bs;
+ int ret;
+
+ bs = bdrv_new();
+ bs->open_flags = flags;
+ bs->explicit_options = qdict_new();
+ bs->options = qdict_new();
+ bs->opaque = NULL;
+
+ update_options_from_flags(bs->options, flags);
+
+ ret = bdrv_open_driver(bs, drv, node_name, bs->options, flags, errp);
+ if (ret < 0) {
+ QDECREF(bs->explicit_options);
+ QDECREF(bs->options);
+ bdrv_unref(bs);
+ return NULL;
+ }
+
+ return bs;
+}
+
QemuOptsList bdrv_runtime_opts = {
.name = "bdrv_common",
.head = QTAILQ_HEAD_INITIALIZER(bdrv_runtime_opts.head),
diff --git a/include/block/block.h b/include/block/block.h
index a4cd06f..bde5ebd 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -215,6 +215,8 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict *parent_options,
const char *bdref_key, Error **errp);
BlockDriverState *bdrv_open(const char *filename, const char *reference,
QDict *options, int flags, Error **errp);
+BlockDriverState *bdrv_new_open_driver(BlockDriver *drv, const char *node_name,
+ int flags, Error **errp);
BlockReopenQueue *bdrv_reopen_queue(BlockReopenQueue *bs_queue,
BlockDriverState *bs,
QDict *options, int flags);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 10/54] vvfat: Use opened node as backing file
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (8 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 09/54] block: Add bdrv_new_open_driver() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 13:26 ` Max Reitz
2017-02-23 11:49 ` Fam Zheng
2017-02-21 14:58 ` [Qemu-devel] [PATCH 11/54] tests: Use opened block node for block job tests Kevin Wolf
` (45 subsequent siblings)
55 siblings, 2 replies; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
We should not try to assign a not yet opened node as the backing file,
because as soon as the permission system is added it will fail. The
just added bdrv_new_open_driver() function is the right tool to open a
file with an internal driver, use it.
In case anyone wonders whether that magic fake backing file to trigger a
special action on 'commit' actually works today: No, not for me. One
reason is that we've been adding a raw format driver on top for several
years now and raw doesn't support commit. Other reasons include that the
backing file isn't writable and the driver doesn't support reopen, and
it's also size 0 and the driver doesn't support bdrv_truncate. All of
these are easily fixable, but then 'commit' ended up in an infinite loop
deep in the vvfat code for me, so I thought I'd best leave it alone. I'm
not really sure what it was supposed to do anyway.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/vvfat.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/block/vvfat.c b/block/vvfat.c
index c6bf67e..7f230be 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -2968,6 +2968,7 @@ static void write_target_close(BlockDriverState *bs) {
static BlockDriver vvfat_write_target = {
.format_name = "vvfat_write_target",
+ .instance_size = sizeof(void*),
.bdrv_co_pwritev = write_target_commit,
.bdrv_close = write_target_close,
};
@@ -3036,14 +3037,13 @@ static int enable_write_target(BlockDriverState *bs, Error **errp)
unlink(s->qcow_filename);
#endif
- backing = bdrv_new();
+ backing = bdrv_new_open_driver(&vvfat_write_target, NULL, BDRV_O_ALLOW_RDWR,
+ &error_abort);
+ *(void**) backing->opaque = s;
+
bdrv_set_backing_hd(s->bs, backing);
bdrv_unref(backing);
- s->bs->backing->bs->drv = &vvfat_write_target;
- s->bs->backing->bs->opaque = g_new(void *, 1);
- *(void**)s->bs->backing->bs->opaque = s;
-
return 0;
err:
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 11/54] tests: Use opened block node for block job tests
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (9 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 10/54] vvfat: Use opened node as backing file Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 13:41 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 12/54] block: Add op blocker permission constants Kevin Wolf
` (44 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
blk_insert_bs() and block job related functions will soon require an
opened block node (permission calculations will involve the block
driver), so let our tests be consistent with the real users in this
respect.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
tests/test-blockjob-txn.c | 6 +++++-
tests/test-blockjob.c | 6 +++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/tests/test-blockjob-txn.c b/tests/test-blockjob-txn.c
index b132e39..f6dfd08 100644
--- a/tests/test-blockjob-txn.c
+++ b/tests/test-blockjob-txn.c
@@ -96,7 +96,10 @@ static BlockJob *test_block_job_start(unsigned int iterations,
char job_id[24];
data = g_new0(TestBlockJobCBData, 1);
- bs = bdrv_new();
+
+ bs = bdrv_open("null-co://", NULL, NULL, 0, &error_abort);
+ g_assert_nonnull(bs);
+
snprintf(job_id, sizeof(job_id), "job%u", counter++);
s = block_job_create(job_id, &test_block_job_driver, bs, 0,
BLOCK_JOB_DEFAULT, test_block_job_cb,
@@ -242,6 +245,7 @@ static void test_pair_jobs_fail_cancel_race(void)
int main(int argc, char **argv)
{
qemu_init_main_loop(&error_abort);
+ bdrv_init();
g_test_init(&argc, &argv, NULL);
g_test_add_func("/single/success", test_single_job_success);
diff --git a/tests/test-blockjob.c b/tests/test-blockjob.c
index 60b78a3..068c9e4 100644
--- a/tests/test-blockjob.c
+++ b/tests/test-blockjob.c
@@ -54,7 +54,10 @@ static BlockJob *do_test_id(BlockBackend *blk, const char *id,
static BlockBackend *create_blk(const char *name)
{
BlockBackend *blk = blk_new();
- BlockDriverState *bs = bdrv_new();
+ BlockDriverState *bs;
+
+ bs = bdrv_open("null-co://", NULL, NULL, 0, &error_abort);
+ g_assert_nonnull(bs);
blk_insert_bs(blk, bs);
bdrv_unref(bs);
@@ -140,6 +143,7 @@ static void test_job_ids(void)
int main(int argc, char **argv)
{
qemu_init_main_loop(&error_abort);
+ bdrv_init();
g_test_init(&argc, &argv, NULL);
g_test_add_func("/blockjob/ids", test_job_ids);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 12/54] block: Add op blocker permission constants
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (10 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 11/54] tests: Use opened block node for block job tests Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 13:43 ` Max Reitz
2017-02-23 11:53 ` Fam Zheng
2017-02-21 14:58 ` [Qemu-devel] [PATCH 13/54] block: Add Error argument to bdrv_attach_child() Kevin Wolf
` (43 subsequent siblings)
55 siblings, 2 replies; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
This patch defines the permission categories that will be used by the
new op blocker system.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
include/block/block.h | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/include/block/block.h b/include/block/block.h
index bde5ebd..ac40c8d 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -187,6 +187,41 @@ typedef enum BlockOpType {
BLOCK_OP_TYPE_MAX,
} BlockOpType;
+/* Block node permission constants */
+enum {
+ /**
+ * A user that has the "permission" of consistent reads is guaranteed that
+ * their view of the contents of the block device is complete and
+ * self-consistent, repesenting the contents of a disk at a specific point.
+ *
+ * For most block devices (including their backing files) this is true, but
+ * the property cannot be maintained in a few situations like for
+ * intermediate nodes of a commit block job.
+ */
+ BLK_PERM_CONSISTENT_READ = 0x01,
+
+ /** This permission is required to change the visible disk contents. */
+ BLK_PERM_WRITE = 0x02,
+
+ /**
+ * This permission (which is weaker than BLK_PERM_WRITE) is both enough and
+ * required for writes to the block node when the caller promises that
+ * this visible disk contents doesn't change.
+ */
+ BLK_PERM_WRITE_UNCHANGED = 0x04,
+
+ /** This permission is required to change the size of a block node. */
+ BLK_PERM_RESIZE = 0x08,
+
+ /**
+ * This permission is required to change the node that this BdrvChild
+ * points to.
+ */
+ BLK_PERM_GRAPH_MOD = 0x10,
+
+ BLK_PERM_ALL = 0x1f,
+};
+
/* disk I/O throttling */
void bdrv_init(void);
void bdrv_init_with_whitelist(void);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 13/54] block: Add Error argument to bdrv_attach_child()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (11 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 12/54] block: Add op blocker permission constants Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 13:46 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 14/54] block: Let callers request permissions when attaching a child node Kevin Wolf
` (42 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
It will have to return an error soon, so prepare the callers for it.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 16 +++++++++++++---
block/quorum.c | 9 ++++++++-
include/block/block.h | 3 ++-
3 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/block.c b/block.c
index e166fe8..b2b6be0 100644
--- a/block.c
+++ b/block.c
@@ -1368,7 +1368,8 @@ BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs,
BlockDriverState *child_bs,
const char *child_name,
- const BdrvChildRole *child_role)
+ const BdrvChildRole *child_role,
+ Error **errp)
{
BdrvChild *child = bdrv_root_attach_child(child_bs, child_name, child_role,
parent_bs);
@@ -1469,7 +1470,9 @@ void bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd)
bs->backing = NULL;
goto out;
}
- bs->backing = bdrv_attach_child(bs, backing_hd, "backing", &child_backing);
+ /* FIXME Error handling */
+ bs->backing = bdrv_attach_child(bs, backing_hd, "backing", &child_backing,
+ &error_abort);
bs->open_flags &= ~BDRV_O_NO_BACKING;
pstrcpy(bs->backing_file, sizeof(bs->backing_file), backing_hd->filename);
pstrcpy(bs->backing_format, sizeof(bs->backing_format),
@@ -1648,6 +1651,7 @@ BdrvChild *bdrv_open_child(const char *filename,
const BdrvChildRole *child_role,
bool allow_none, Error **errp)
{
+ BdrvChild *c;
BlockDriverState *bs;
bs = bdrv_open_child_bs(filename, options, bdref_key, parent, child_role,
@@ -1656,7 +1660,13 @@ BdrvChild *bdrv_open_child(const char *filename,
return NULL;
}
- return bdrv_attach_child(parent, bs, bdref_key, child_role);
+ c = bdrv_attach_child(parent, bs, bdref_key, child_role, errp);
+ if (!c) {
+ bdrv_unref(bs);
+ return NULL;
+ }
+
+ return c;
}
static BlockDriverState *bdrv_append_temp_snapshot(BlockDriverState *bs,
diff --git a/block/quorum.c b/block/quorum.c
index 86e2072..bdbcec6 100644
--- a/block/quorum.c
+++ b/block/quorum.c
@@ -1032,10 +1032,17 @@ static void quorum_add_child(BlockDriverState *bs, BlockDriverState *child_bs,
/* We can safely add the child now */
bdrv_ref(child_bs);
- child = bdrv_attach_child(bs, child_bs, indexstr, &child_format);
+
+ child = bdrv_attach_child(bs, child_bs, indexstr, &child_format, errp);
+ if (child == NULL) {
+ s->next_child_index--;
+ bdrv_unref(child_bs);
+ goto out;
+ }
s->children = g_renew(BdrvChild *, s->children, s->num_children + 1);
s->children[s->num_children++] = child;
+out:
bdrv_drained_end(bs);
}
diff --git a/include/block/block.h b/include/block/block.h
index ac40c8d..2d6ed7d 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -519,7 +519,8 @@ void bdrv_unref_child(BlockDriverState *parent, BdrvChild *child);
BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs,
BlockDriverState *child_bs,
const char *child_name,
- const BdrvChildRole *child_role);
+ const BdrvChildRole *child_role,
+ Error **errp);
bool bdrv_op_is_blocked(BlockDriverState *bs, BlockOpType op, Error **errp);
void bdrv_op_block(BlockDriverState *bs, BlockOpType op, Error *reason);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 14/54] block: Let callers request permissions when attaching a child node
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (12 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 13/54] block: Add Error argument to bdrv_attach_child() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 13:47 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 15/54] block: Involve block drivers in permission granting Kevin Wolf
` (41 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
When attaching a node as a child to a new parent, the required and
shared permissions for this parent are checked against all other parents
of the node now, and an error is returned if there is a conflict.
This allows error returns to a function that previously always
succeeded, and the same is true for quite a few callers and their
callers. Converting all of them within the same patch would be too much,
so for now everyone tells that they don't need any permissions and allow
everyone else to do anything. This way we can use &error_abort initially
and convert caller by caller to pass actual permission requirements and
implement error handling.
All these places are marked with FIXME comments and it will be the job
of the next patches to clean them up again.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 66 +++++++++++++++++++++++++++++++++++++++++------
block/block-backend.c | 8 ++++--
include/block/block_int.h | 15 ++++++++++-
3 files changed, 78 insertions(+), 11 deletions(-)
diff --git a/block.c b/block.c
index b2b6be0..d9f2267 100644
--- a/block.c
+++ b/block.c
@@ -1326,6 +1326,38 @@ static int bdrv_fill_options(QDict **options, const char *filename,
return 0;
}
+static int bdrv_check_update_perm(BlockDriverState *bs, uint64_t new_used_perm,
+ uint64_t new_shared_perm,
+ BdrvChild *ignore_child, Error **errp)
+{
+ BdrvChild *c;
+
+ /* There is no reason why anyone couldn't tolerate write_unchanged */
+ assert(new_shared_perm & BLK_PERM_WRITE_UNCHANGED);
+
+ QLIST_FOREACH(c, &bs->parents, next_parent) {
+ if (c == ignore_child) {
+ continue;
+ }
+
+ if ((new_used_perm & c->shared_perm) != new_used_perm ||
+ (c->perm & new_shared_perm) != c->perm)
+ {
+ const char *user = NULL;
+ if (c->role->get_name) {
+ user = c->role->get_name(c);
+ if (user && !*user) {
+ user = NULL;
+ }
+ }
+ error_setg(errp, "Conflicts with %s", user ?: "another operation");
+ return -EPERM;
+ }
+ }
+
+ return 0;
+}
+
static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
{
BlockDriverState *old_bs = child->bs;
@@ -1350,14 +1382,25 @@ static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
const char *child_name,
const BdrvChildRole *child_role,
- void *opaque)
+ uint64_t perm, uint64_t shared_perm,
+ void *opaque, Error **errp)
{
- BdrvChild *child = g_new(BdrvChild, 1);
+ BdrvChild *child;
+ int ret;
+
+ ret = bdrv_check_update_perm(child_bs, perm, shared_perm, NULL, errp);
+ if (ret < 0) {
+ return NULL;
+ }
+
+ child = g_new(BdrvChild, 1);
*child = (BdrvChild) {
- .bs = NULL,
- .name = g_strdup(child_name),
- .role = child_role,
- .opaque = opaque,
+ .bs = NULL,
+ .name = g_strdup(child_name),
+ .role = child_role,
+ .perm = perm,
+ .shared_perm = shared_perm,
+ .opaque = opaque,
};
bdrv_replace_child(child, child_bs);
@@ -1371,8 +1414,15 @@ BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs,
const BdrvChildRole *child_role,
Error **errp)
{
- BdrvChild *child = bdrv_root_attach_child(child_bs, child_name, child_role,
- parent_bs);
+ BdrvChild *child;
+
+ /* FIXME Use real permissions */
+ child = bdrv_root_attach_child(child_bs, child_name, child_role,
+ 0, BLK_PERM_ALL, parent_bs, errp);
+ if (child == NULL) {
+ return NULL;
+ }
+
QLIST_INSERT_HEAD(&parent_bs->children, child, next);
return child;
}
diff --git a/block/block-backend.c b/block/block-backend.c
index 492e71e..9bb4528 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -163,7 +163,9 @@ BlockBackend *blk_new_open(const char *filename, const char *reference,
return NULL;
}
- blk->root = bdrv_root_attach_child(bs, "root", &child_root, blk);
+ /* FIXME Use real permissions */
+ blk->root = bdrv_root_attach_child(bs, "root", &child_root,
+ 0, BLK_PERM_ALL, blk, &error_abort);
return blk;
}
@@ -498,7 +500,9 @@ void blk_remove_bs(BlockBackend *blk)
void blk_insert_bs(BlockBackend *blk, BlockDriverState *bs)
{
bdrv_ref(bs);
- blk->root = bdrv_root_attach_child(bs, "root", &child_root, blk);
+ /* FIXME Use real permissions */
+ blk->root = bdrv_root_attach_child(bs, "root", &child_root,
+ 0, BLK_PERM_ALL, blk, &error_abort);
notifier_list_notify(&blk->insert_bs_notifiers, blk);
if (blk->public.throttle_state) {
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 1670941..ed63bad 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -419,6 +419,18 @@ struct BdrvChild {
char *name;
const BdrvChildRole *role;
void *opaque;
+
+ /**
+ * Granted permissions for operating on this BdrvChild (BLK_PERM_* bitmask)
+ */
+ uint64_t perm;
+
+ /**
+ * Permissions that can still be granted to other users of @bs while this
+ * BdrvChild is still attached to it. (BLK_PERM_* bitmask)
+ */
+ uint64_t shared_perm;
+
QLIST_ENTRY(BdrvChild) next;
QLIST_ENTRY(BdrvChild) next_parent;
};
@@ -796,7 +808,8 @@ void hmp_drive_add_node(Monitor *mon, const char *optstr);
BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
const char *child_name,
const BdrvChildRole *child_role,
- void *opaque);
+ uint64_t perm, uint64_t shared_perm,
+ void *opaque, Error **errp);
void bdrv_root_unref_child(BdrvChild *child);
const char *bdrv_get_parent_name(const BlockDriverState *bs);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 15/54] block: Involve block drivers in permission granting
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (13 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 14/54] block: Let callers request permissions when attaching a child node Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 14:04 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 16/54] block: Default .bdrv_child_perm() for filter drivers Kevin Wolf
` (40 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
In many cases, the required permissions of one node on its children
depends on what its parents require from it. For example, the raw format
or most filter drivers only need to request consistent reads if that's
something that one of their parents wants.
In order to achieve this, this patch introduces two new BlockDriver
callbacks. The first one lets drivers first check (recursively) whether
the requested permissions can be set; the second one actually sets the
new permission bitmask.
Also add helper functions that drivers can use in their implementation
of the callbacks to update their permissions on a specific child.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 176 ++++++++++++++++++++++++++++++++++++++++++++++
include/block/block_int.h | 61 ++++++++++++++++
2 files changed, 237 insertions(+)
diff --git a/block.c b/block.c
index d9f2267..2a86781 100644
--- a/block.c
+++ b/block.c
@@ -1326,11 +1326,145 @@ static int bdrv_fill_options(QDict **options, const char *filename,
return 0;
}
+/*
+ * Check whether permissions on this node can be changed in a way that
+ * @cumulative_perms and @cumulative_shared_perms are the new cumulative
+ * permissions of all its parents. This involves checking whether all necessary
+ * permission changes to child nodes can be performed.
+ *
+ * A call to this function must always be followed by a call to bdrv_set_perm()
+ * or bdrv_abort_perm_update().
+ */
+static int bdrv_check_perm(BlockDriverState *bs, uint64_t cumulative_perms,
+ uint64_t cumulative_shared_perms, Error **errp)
+{
+ BlockDriver *drv = bs->drv;
+ BdrvChild *c;
+ int ret;
+
+ if (!drv) {
+ error_setg(errp, "Block node is not opened");
+ return -EINVAL;
+ }
+
+ /* Write permissions never work with read-only images */
+ if ((cumulative_perms & (BLK_PERM_WRITE | BLK_PERM_WRITE_UNCHANGED)) &&
+ bdrv_is_read_only(bs))
+ {
+ error_setg(errp, "Block node is read-only");
+ return -EPERM;
+ }
+
+ /* Check this node */
+ if (drv->bdrv_check_perm) {
+ return drv->bdrv_check_perm(bs, cumulative_perms,
+ cumulative_shared_perms, errp);
+ }
+
+ /* Drivers may not have .bdrv_child_perm() */
+ if (!drv->bdrv_child_perm) {
+ return 0;
+ }
+
+ /* Check all children */
+ QLIST_FOREACH(c, &bs->children, next) {
+ uint64_t cur_perm, cur_shared;
+ drv->bdrv_child_perm(bs, c, c->role,
+ cumulative_perms, cumulative_shared_perms,
+ &cur_perm, &cur_shared);
+ ret = bdrv_child_check_perm(c, cur_perm, cur_shared, errp);
+ if (ret < 0) {
+ return ret;
+ }
+ }
+
+ return 0;
+}
+
+/*
+ * Notifies drivers that after a previous bdrv_check_perm() call, the
+ * permission update is not performed and any preparations made for it (e.g.
+ * taken file locks) need to be undone.
+ *
+ * This function recursively notifies all child nodes.
+ */
+static void bdrv_abort_perm_update(BlockDriverState *bs)
+{
+ BlockDriver *drv = bs->drv;
+ BdrvChild *c;
+
+ if (!drv) {
+ return;
+ }
+
+ if (drv->bdrv_abort_perm_update) {
+ drv->bdrv_abort_perm_update(bs);
+ }
+
+ QLIST_FOREACH(c, &bs->children, next) {
+ bdrv_abort_perm_update(c->bs);
+ }
+}
+
+static void bdrv_set_perm(BlockDriverState *bs, uint64_t cumulative_perms,
+ uint64_t cumulative_shared_perms)
+{
+ BlockDriver *drv = bs->drv;
+ BdrvChild *c;
+
+ if (!drv) {
+ return;
+ }
+
+ /* Update this node */
+ if (drv->bdrv_set_perm) {
+ drv->bdrv_set_perm(bs, cumulative_perms, cumulative_shared_perms);
+ }
+
+ /* Drivers may not have .bdrv_child_perm() */
+ if (!drv->bdrv_child_perm) {
+ return;
+ }
+
+ /* Update all children */
+ QLIST_FOREACH(c, &bs->children, next) {
+ uint64_t cur_perm, cur_shared;
+ drv->bdrv_child_perm(bs, c, c->role,
+ cumulative_perms, cumulative_shared_perms,
+ &cur_perm, &cur_shared);
+ bdrv_child_set_perm(c, cur_perm, cur_shared);
+ }
+}
+
+static void bdrv_update_perm(BlockDriverState *bs)
+{
+ BdrvChild *c;
+ uint64_t cumulative_perms = 0;
+ uint64_t cumulative_shared_perms = BLK_PERM_ALL;
+
+ QLIST_FOREACH(c, &bs->parents, next_parent) {
+ cumulative_perms |= c->perm;
+ cumulative_shared_perms &= c->shared_perm;
+ }
+
+ bdrv_set_perm(bs, cumulative_perms, cumulative_shared_perms);
+}
+
+/*
+ * Checks whether a new reference to @bs can be added if the new user requires
+ * @new_used_perm/@new_shared_perm as its permissions. If @ignore_child is set,
+ * this old reference is ignored in the calculations; this allows checking
+ * permission updates for an existing reference.
+ *
+ * Needs to be followed by a call to either bdrv_set_perm() or
+ * bdrv_abort_perm_update(). */
static int bdrv_check_update_perm(BlockDriverState *bs, uint64_t new_used_perm,
uint64_t new_shared_perm,
BdrvChild *ignore_child, Error **errp)
{
BdrvChild *c;
+ uint64_t cumulative_perms = new_used_perm;
+ uint64_t cumulative_shared_perms = new_shared_perm;
/* There is no reason why anyone couldn't tolerate write_unchanged */
assert(new_shared_perm & BLK_PERM_WRITE_UNCHANGED);
@@ -1353,8 +1487,47 @@ static int bdrv_check_update_perm(BlockDriverState *bs, uint64_t new_used_perm,
error_setg(errp, "Conflicts with %s", user ?: "another operation");
return -EPERM;
}
+
+ cumulative_perms |= c->perm;
+ cumulative_shared_perms &= c->shared_perm;
+ }
+
+ return bdrv_check_perm(bs, cumulative_perms, cumulative_shared_perms, errp);
+}
+
+/* Needs to be followed by a call to either bdrv_set_perm() or
+ * bdrv_abort_perm_update(). */
+int bdrv_child_check_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
+ Error **errp)
+{
+ return bdrv_check_update_perm(c->bs, perm, shared, c, errp);
+}
+
+void bdrv_child_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared)
+{
+ c->perm = perm;
+ c->shared_perm = shared;
+ bdrv_update_perm(c->bs);
+}
+
+void bdrv_child_abort_perm_update(BdrvChild *c)
+{
+ bdrv_abort_perm_update(c->bs);
+}
+
+int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
+ Error **errp)
+{
+ int ret;
+
+ ret = bdrv_child_check_perm(c, perm, shared, errp);
+ if (ret < 0) {
+ bdrv_child_abort_perm_update(c);
+ return ret;
}
+ bdrv_child_set_perm(c, perm, shared);
+
return 0;
}
@@ -1367,6 +1540,7 @@ static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
child->role->drained_end(child);
}
QLIST_REMOVE(child, next_parent);
+ bdrv_update_perm(old_bs);
}
child->bs = new_bs;
@@ -1376,6 +1550,7 @@ static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
if (new_bs->quiesce_counter && child->role->drained_begin) {
child->role->drained_begin(child);
}
+ bdrv_update_perm(new_bs);
}
}
@@ -1390,6 +1565,7 @@ BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
ret = bdrv_check_update_perm(child_bs, perm, shared_perm, NULL, errp);
if (ret < 0) {
+ bdrv_abort_perm_update(child_bs);
return NULL;
}
diff --git a/include/block/block_int.h b/include/block/block_int.h
index ed63bad..cef2b6e 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -320,6 +320,59 @@ struct BlockDriver {
void (*bdrv_del_child)(BlockDriverState *parent, BdrvChild *child,
Error **errp);
+ /**
+ * Informs the block driver that a permission change is intended. The
+ * driver checks whether the change is permissible and may take other
+ * preparations for the change (e.g. get file system locks). This operation
+ * is always followed either by a call to either .bdrv_set_perm or
+ * .bdrv_abort_perm_update.
+ *
+ * Checks whether the requested set of cumulative permissions in @perm
+ * can be granted for accessing @bs and whether no other users are using
+ * permissions other than those given in @shared (both arguments take
+ * BLK_PERM_* bitmasks).
+ *
+ * If both conditions are met, 0 is returned. Otherwise, -errno is returned
+ * and errp is set to an error describing the conflict.
+ */
+ int (*bdrv_check_perm)(BlockDriverState *bs, uint64_t perm,
+ uint64_t shared, Error **errp);
+
+ /**
+ * Called to inform the driver that the set of cumulative set of used
+ * permissions for @bs has changed to @perm, and the set of sharable
+ * permission to @shared. The driver can use this to propagate changes to
+ * its children (i.e. request permissions only if a parent actually needs
+ * them).
+ *
+ * This function is only invoked after bdrv_check_perm(), so block drivers
+ * may rely on preparations made in their .bdrv_check_perm implementation.
+ */
+ void (*bdrv_set_perm)(BlockDriverState *bs, uint64_t perm, uint64_t shared);
+
+ /*
+ * Called to inform the driver that after a previous bdrv_check_perm()
+ * call, the permission update is not performed and any preparations made
+ * for it (e.g. taken file locks) need to be undone.
+ *
+ * This function can be called even for nodes that never saw a
+ * bdrv_check_perm() call. It is a no-op then.
+ */
+ void (*bdrv_abort_perm_update)(BlockDriverState *bs);
+
+ /**
+ * Returns in @nperm and @nshared the permissions that the driver for @bs
+ * needs on its child @c, based on the cumulative permissions requested by
+ * the parents in @parent_perm and @parent_shared.
+ *
+ * If @c is NULL, return the permissions for attaching a new child for the
+ * given @role.
+ */
+ void (*bdrv_child_perm)(BlockDriverState *bs, BdrvChild *c,
+ const BdrvChildRole *role,
+ uint64_t parent_perm, uint64_t parent_shared,
+ uint64_t *nperm, uint64_t *nshared);
+
QLIST_ENTRY(BlockDriver) list;
};
@@ -812,6 +865,14 @@ BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
void *opaque, Error **errp);
void bdrv_root_unref_child(BdrvChild *child);
+int bdrv_child_check_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
+ Error **errp);
+void bdrv_child_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared);
+void bdrv_child_abort_perm_update(BdrvChild *c);
+int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
+ Error **errp);
+
+
const char *bdrv_get_parent_name(const BlockDriverState *bs);
void blk_dev_change_media_cb(BlockBackend *blk, bool load);
bool blk_dev_has_removable_media(BlockBackend *blk);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 16/54] block: Default .bdrv_child_perm() for filter drivers
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (14 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 15/54] block: Involve block drivers in permission granting Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 14:05 ` Max Reitz
` (2 more replies)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 17/54] block: Request child permissions in " Kevin Wolf
` (39 subsequent siblings)
55 siblings, 3 replies; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
Most filters need permissions related to read and write for their
children, but only if the node has a parent that wants to use the same
operation on the filter. The same is true for resize.
This adds a default implementation that simply forwards all necessary
permissions to all children of the node and leaves the other permissions
unchanged.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 24 ++++++++++++++++++++++++
include/block/block_int.h | 8 ++++++++
2 files changed, 32 insertions(+)
diff --git a/block.c b/block.c
index 2a86781..523cbd3 100644
--- a/block.c
+++ b/block.c
@@ -1531,6 +1531,30 @@ int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
return 0;
}
+#define DEFAULT_PERM_PASSTHROUGH (BLK_PERM_CONSISTENT_READ \
+ | BLK_PERM_WRITE \
+ | BLK_PERM_WRITE_UNCHANGED \
+ | BLK_PERM_RESIZE)
+#define DEFAULT_PERM_UNCHANGED (BLK_PERM_ALL & ~DEFAULT_PERM_PASSTHROUGH)
+
+void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
+ const BdrvChildRole *role,
+ uint64_t perm, uint64_t shared,
+ uint64_t *nperm, uint64_t *nshared)
+{
+ if (c == NULL) {
+ *nperm = 0;
+ *nshared = BLK_PERM_ALL;
+ return;
+ }
+
+ *nperm = (perm & DEFAULT_PERM_PASSTHROUGH) |
+ (c->perm & DEFAULT_PERM_UNCHANGED);
+ *nshared = (shared & DEFAULT_PERM_PASSTHROUGH) |
+ (c->shared_perm & DEFAULT_PERM_UNCHANGED);
+}
+
+
static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
{
BlockDriverState *old_bs = child->bs;
diff --git a/include/block/block_int.h b/include/block/block_int.h
index cef2b6e..17f4c2d 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -872,6 +872,14 @@ void bdrv_child_abort_perm_update(BdrvChild *c);
int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
Error **errp);
+/* Default implementation for BlockDriver.bdrv_child_perm() that can be used by
+ * block filters: Forward CONSISTENT_READ, WRITE, WRITE_UNCHANGED and RESIZE to
+ * all children */
+void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
+ const BdrvChildRole *role,
+ uint64_t perm, uint64_t shared,
+ uint64_t *nperm, uint64_t *nshared);
+
const char *bdrv_get_parent_name(const BlockDriverState *bs);
void blk_dev_change_media_cb(BlockBackend *blk, bool load);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 17/54] block: Request child permissions in filter drivers
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (15 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 16/54] block: Default .bdrv_child_perm() for filter drivers Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 14:07 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 18/54] block: Default .bdrv_child_perm() for format drivers Kevin Wolf
` (38 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
All callers will have to request permissions for all of their child
nodes. Block drivers that act as simply filters can use the default
implementation of .bdrv_child_perm().
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/blkdebug.c | 2 ++
block/blkreplay.c | 1 +
block/blkverify.c | 1 +
block/quorum.c | 2 ++
block/raw-format.c | 1 +
block/replication.c | 1 +
6 files changed, 8 insertions(+)
diff --git a/block/blkdebug.c b/block/blkdebug.c
index 6117ce5..67e8024 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -734,6 +734,8 @@ static BlockDriver bdrv_blkdebug = {
.bdrv_file_open = blkdebug_open,
.bdrv_close = blkdebug_close,
.bdrv_reopen_prepare = blkdebug_reopen_prepare,
+ .bdrv_child_perm = bdrv_filter_default_perms,
+
.bdrv_getlength = blkdebug_getlength,
.bdrv_truncate = blkdebug_truncate,
.bdrv_refresh_filename = blkdebug_refresh_filename,
diff --git a/block/blkreplay.c b/block/blkreplay.c
index cfc8c5b..e110211 100755
--- a/block/blkreplay.c
+++ b/block/blkreplay.c
@@ -137,6 +137,7 @@ static BlockDriver bdrv_blkreplay = {
.bdrv_file_open = blkreplay_open,
.bdrv_close = blkreplay_close,
+ .bdrv_child_perm = bdrv_filter_default_perms,
.bdrv_getlength = blkreplay_getlength,
.bdrv_co_preadv = blkreplay_co_preadv,
diff --git a/block/blkverify.c b/block/blkverify.c
index 43a940c..9a1e21c 100644
--- a/block/blkverify.c
+++ b/block/blkverify.c
@@ -320,6 +320,7 @@ static BlockDriver bdrv_blkverify = {
.bdrv_parse_filename = blkverify_parse_filename,
.bdrv_file_open = blkverify_open,
.bdrv_close = blkverify_close,
+ .bdrv_child_perm = bdrv_filter_default_perms,
.bdrv_getlength = blkverify_getlength,
.bdrv_refresh_filename = blkverify_refresh_filename,
diff --git a/block/quorum.c b/block/quorum.c
index bdbcec6..40205fb 100644
--- a/block/quorum.c
+++ b/block/quorum.c
@@ -1133,6 +1133,8 @@ static BlockDriver bdrv_quorum = {
.bdrv_add_child = quorum_add_child,
.bdrv_del_child = quorum_del_child,
+ .bdrv_child_perm = bdrv_filter_default_perms,
+
.is_filter = true,
.bdrv_recurse_is_first_non_filter = quorum_recurse_is_first_non_filter,
};
diff --git a/block/raw-format.c b/block/raw-format.c
index ce34d1b..86fbc65 100644
--- a/block/raw-format.c
+++ b/block/raw-format.c
@@ -467,6 +467,7 @@ BlockDriver bdrv_raw = {
.bdrv_reopen_abort = &raw_reopen_abort,
.bdrv_open = &raw_open,
.bdrv_close = &raw_close,
+ .bdrv_child_perm = bdrv_filter_default_perms,
.bdrv_create = &raw_create,
.bdrv_co_preadv = &raw_co_preadv,
.bdrv_co_pwritev = &raw_co_pwritev,
diff --git a/block/replication.c b/block/replication.c
index eff85c7..91465cb 100644
--- a/block/replication.c
+++ b/block/replication.c
@@ -660,6 +660,7 @@ BlockDriver bdrv_replication = {
.bdrv_open = replication_open,
.bdrv_close = replication_close,
+ .bdrv_child_perm = bdrv_filter_default_perms,
.bdrv_getlength = replication_getlength,
.bdrv_co_readv = replication_co_readv,
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 18/54] block: Default .bdrv_child_perm() for format drivers
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (16 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 17/54] block: Request child permissions in " Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 14:08 ` Max Reitz
2017-02-25 11:57 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 19/54] block: Request child permissions in " Kevin Wolf
` (37 subsequent siblings)
55 siblings, 2 replies; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
Almost all format drivers have the same characteristics as far as
permissions are concerned: They have one or more children for storing
their own data and, more importantly, metadata (can be written to and
grow even without external write requests, must be protected against
other writers and present consistent data) and optionally a backing file
(this is just data, so like for a filter, it only depends on what the
parent nodes need).
This provides a default implementation that can be shared by most of
our format drivers.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 42 ++++++++++++++++++++++++++++++++++++++++++
include/block/block_int.h | 8 ++++++++
2 files changed, 50 insertions(+)
diff --git a/block.c b/block.c
index 523cbd3..f2e7178 100644
--- a/block.c
+++ b/block.c
@@ -1554,6 +1554,48 @@ void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
(c->shared_perm & DEFAULT_PERM_UNCHANGED);
}
+void bdrv_format_default_perms(BlockDriverState *bs, BdrvChild *c,
+ const BdrvChildRole *role,
+ uint64_t perm, uint64_t shared,
+ uint64_t *nperm, uint64_t *nshared)
+{
+ bool backing = (role == &child_backing);
+ assert(role == &child_backing || role == &child_file);
+
+ if (!backing) {
+ /* Apart from the modifications below, the same permissions are
+ * forwarded and left alone as for filters */
+ bdrv_filter_default_perms(bs, c, role, perm, shared, &perm, &shared);
+
+ /* Format drivers may touch metadata even if the guest doesn't write */
+ if (!bdrv_is_read_only(bs)) {
+ perm |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
+ }
+
+ /* bs->file always needs to be consistent because of the metadata. We
+ * can never allow other users to resize or write to it. */
+ perm |= BLK_PERM_CONSISTENT_READ;
+ shared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
+ } else {
+ /* We want consistent read from backing files if the parent needs it.
+ * No other operations are performed on backing files. */
+ perm &= BLK_PERM_CONSISTENT_READ;
+
+ /* If the parent can deal with changing data, we're okay with a
+ * writable and resizable backing file. */
+ if (shared & BLK_PERM_WRITE) {
+ shared = BLK_PERM_WRITE | BLK_PERM_RESIZE;
+ } else {
+ shared = 0;
+ }
+
+ shared |= BLK_PERM_CONSISTENT_READ | BLK_PERM_GRAPH_MOD |
+ BLK_PERM_WRITE_UNCHANGED;
+ }
+
+ *nperm = perm;
+ *nshared = shared;
+}
static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
{
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 17f4c2d..eb0598e 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -880,6 +880,14 @@ void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
uint64_t perm, uint64_t shared,
uint64_t *nperm, uint64_t *nshared);
+/* Default implementation for BlockDriver.bdrv_child_perm() that can be used by
+ * (non-raw) image formats: Like above for bs->backing, but for bs->file it
+ * requires WRITE | RESIZE for read-write images, always requires
+ * CONSISTENT_READ and doesn't share WRITE. */
+void bdrv_format_default_perms(BlockDriverState *bs, BdrvChild *c,
+ const BdrvChildRole *role,
+ uint64_t perm, uint64_t shared,
+ uint64_t *nperm, uint64_t *nshared);
const char *bdrv_get_parent_name(const BlockDriverState *bs);
void blk_dev_change_media_cb(BlockBackend *blk, bool load);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 19/54] block: Request child permissions in format drivers
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (17 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 18/54] block: Default .bdrv_child_perm() for format drivers Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 14:09 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 20/54] vvfat: Implement .bdrv_child_perm() Kevin Wolf
` (36 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
This makes use of the .bdrv_child_perm() implementation for formats that
we just added. All format drivers expose the permissions they actually
need nows, so that they can be set accordingly and updated when parents
are attached or detached.
The only format not included here is raw, which was already converted
with the other filter drivers.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/bochs.c | 1 +
block/cloop.c | 1 +
block/crypto.c | 1 +
block/dmg.c | 1 +
block/parallels.c | 1 +
block/qcow.c | 1 +
block/qcow2.c | 1 +
block/qed.c | 1 +
block/vdi.c | 1 +
block/vhdx.c | 1 +
block/vmdk.c | 1 +
block/vpc.c | 1 +
12 files changed, 12 insertions(+)
diff --git a/block/bochs.c b/block/bochs.c
index 7dd2ac4..516da56 100644
--- a/block/bochs.c
+++ b/block/bochs.c
@@ -293,6 +293,7 @@ static BlockDriver bdrv_bochs = {
.instance_size = sizeof(BDRVBochsState),
.bdrv_probe = bochs_probe,
.bdrv_open = bochs_open,
+ .bdrv_child_perm = bdrv_format_default_perms,
.bdrv_refresh_limits = bochs_refresh_limits,
.bdrv_co_preadv = bochs_co_preadv,
.bdrv_close = bochs_close,
diff --git a/block/cloop.c b/block/cloop.c
index 877c9b0..a6c7b9d 100644
--- a/block/cloop.c
+++ b/block/cloop.c
@@ -290,6 +290,7 @@ static BlockDriver bdrv_cloop = {
.instance_size = sizeof(BDRVCloopState),
.bdrv_probe = cloop_probe,
.bdrv_open = cloop_open,
+ .bdrv_child_perm = bdrv_format_default_perms,
.bdrv_refresh_limits = cloop_refresh_limits,
.bdrv_co_preadv = cloop_co_preadv,
.bdrv_close = cloop_close,
diff --git a/block/crypto.c b/block/crypto.c
index 7cb2ff2..4a20388 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -628,6 +628,7 @@ BlockDriver bdrv_crypto_luks = {
.bdrv_probe = block_crypto_probe_luks,
.bdrv_open = block_crypto_open_luks,
.bdrv_close = block_crypto_close,
+ .bdrv_child_perm = bdrv_format_default_perms,
.bdrv_create = block_crypto_create_luks,
.bdrv_truncate = block_crypto_truncate,
.create_opts = &block_crypto_create_opts_luks,
diff --git a/block/dmg.c b/block/dmg.c
index 8e387cd..a7d25fc 100644
--- a/block/dmg.c
+++ b/block/dmg.c
@@ -697,6 +697,7 @@ static BlockDriver bdrv_dmg = {
.bdrv_probe = dmg_probe,
.bdrv_open = dmg_open,
.bdrv_refresh_limits = dmg_refresh_limits,
+ .bdrv_child_perm = bdrv_format_default_perms,
.bdrv_co_preadv = dmg_co_preadv,
.bdrv_close = dmg_close,
};
diff --git a/block/parallels.c b/block/parallels.c
index b2ec09f..6b0c0a9 100644
--- a/block/parallels.c
+++ b/block/parallels.c
@@ -762,6 +762,7 @@ static BlockDriver bdrv_parallels = {
.bdrv_probe = parallels_probe,
.bdrv_open = parallels_open,
.bdrv_close = parallels_close,
+ .bdrv_child_perm = bdrv_format_default_perms,
.bdrv_co_get_block_status = parallels_co_get_block_status,
.bdrv_has_zero_init = bdrv_has_zero_init_1,
.bdrv_co_flush_to_os = parallels_co_flush_to_os,
diff --git a/block/qcow.c b/block/qcow.c
index 038b05a..eb5d54c 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -1052,6 +1052,7 @@ static BlockDriver bdrv_qcow = {
.bdrv_probe = qcow_probe,
.bdrv_open = qcow_open,
.bdrv_close = qcow_close,
+ .bdrv_child_perm = bdrv_format_default_perms,
.bdrv_reopen_prepare = qcow_reopen_prepare,
.bdrv_create = qcow_create,
.bdrv_has_zero_init = bdrv_has_zero_init_1,
diff --git a/block/qcow2.c b/block/qcow2.c
index 21e6142..ef028f6 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -3403,6 +3403,7 @@ BlockDriver bdrv_qcow2 = {
.bdrv_reopen_commit = qcow2_reopen_commit,
.bdrv_reopen_abort = qcow2_reopen_abort,
.bdrv_join_options = qcow2_join_options,
+ .bdrv_child_perm = bdrv_format_default_perms,
.bdrv_create = qcow2_create,
.bdrv_has_zero_init = bdrv_has_zero_init_1,
.bdrv_co_get_block_status = qcow2_co_get_block_status,
diff --git a/block/qed.c b/block/qed.c
index 62a0a09..d8f947a 100644
--- a/block/qed.c
+++ b/block/qed.c
@@ -1704,6 +1704,7 @@ static BlockDriver bdrv_qed = {
.bdrv_open = bdrv_qed_open,
.bdrv_close = bdrv_qed_close,
.bdrv_reopen_prepare = bdrv_qed_reopen_prepare,
+ .bdrv_child_perm = bdrv_format_default_perms,
.bdrv_create = bdrv_qed_create,
.bdrv_has_zero_init = bdrv_has_zero_init_1,
.bdrv_co_get_block_status = bdrv_qed_co_get_block_status,
diff --git a/block/vdi.c b/block/vdi.c
index 18b4773..fd6e26d 100644
--- a/block/vdi.c
+++ b/block/vdi.c
@@ -891,6 +891,7 @@ static BlockDriver bdrv_vdi = {
.bdrv_open = vdi_open,
.bdrv_close = vdi_close,
.bdrv_reopen_prepare = vdi_reopen_prepare,
+ .bdrv_child_perm = bdrv_format_default_perms,
.bdrv_create = vdi_create,
.bdrv_has_zero_init = bdrv_has_zero_init_1,
.bdrv_co_get_block_status = vdi_co_get_block_status,
diff --git a/block/vhdx.c b/block/vhdx.c
index 9918ee9..ab747f6 100644
--- a/block/vhdx.c
+++ b/block/vhdx.c
@@ -1983,6 +1983,7 @@ static BlockDriver bdrv_vhdx = {
.bdrv_open = vhdx_open,
.bdrv_close = vhdx_close,
.bdrv_reopen_prepare = vhdx_reopen_prepare,
+ .bdrv_child_perm = bdrv_format_default_perms,
.bdrv_co_readv = vhdx_co_readv,
.bdrv_co_writev = vhdx_co_writev,
.bdrv_create = vhdx_create,
diff --git a/block/vmdk.c b/block/vmdk.c
index 9d68ec5..f5e2fb5 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -2359,6 +2359,7 @@ static BlockDriver bdrv_vmdk = {
.bdrv_open = vmdk_open,
.bdrv_check = vmdk_check,
.bdrv_reopen_prepare = vmdk_reopen_prepare,
+ .bdrv_child_perm = bdrv_format_default_perms,
.bdrv_co_preadv = vmdk_co_preadv,
.bdrv_co_pwritev = vmdk_co_pwritev,
.bdrv_co_pwritev_compressed = vmdk_co_pwritev_compressed,
diff --git a/block/vpc.c b/block/vpc.c
index d0df2a1..b9c9832 100644
--- a/block/vpc.c
+++ b/block/vpc.c
@@ -1067,6 +1067,7 @@ static BlockDriver bdrv_vpc = {
.bdrv_open = vpc_open,
.bdrv_close = vpc_close,
.bdrv_reopen_prepare = vpc_reopen_prepare,
+ .bdrv_child_perm = bdrv_format_default_perms,
.bdrv_create = vpc_create,
.bdrv_co_preadv = vpc_co_preadv,
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 20/54] vvfat: Implement .bdrv_child_perm()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (18 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 19/54] block: Request child permissions in " Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 14:12 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 21/54] block: Require .bdrv_child_perm() with child nodes Kevin Wolf
` (35 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
vvfat is the last remaining driver that can have children, but doesn't
implement .bdrv_child_perm() yet. The default handlers aren't suitable
here, so let's implement a very simple driver-specific one that protects
the internal child from being used by other users as good as our
permissions permit.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 2 +-
block/vvfat.c | 22 ++++++++++++++++++++++
include/block/block_int.h | 1 +
3 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/block.c b/block.c
index f2e7178..6d1362e 100644
--- a/block.c
+++ b/block.c
@@ -823,7 +823,7 @@ static void bdrv_backing_options(int *child_flags, QDict *child_options,
*child_flags = flags;
}
-static const BdrvChildRole child_backing = {
+const BdrvChildRole child_backing = {
.inherit_options = bdrv_backing_options,
.drained_begin = bdrv_child_cb_drained_begin,
.drained_end = bdrv_child_cb_drained_end,
diff --git a/block/vvfat.c b/block/vvfat.c
index 7f230be..72b482c 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -3052,6 +3052,27 @@ err:
return ret;
}
+static void vvfat_child_perm(BlockDriverState *bs, BdrvChild *c,
+ const BdrvChildRole *role,
+ uint64_t perm, uint64_t shared,
+ uint64_t *nperm, uint64_t *nshared)
+{
+ BDRVVVFATState *s = bs->opaque;
+
+ assert(c == s->qcow || role == &child_backing);
+
+ if (c == s->qcow) {
+ /* This is a private node, nobody should try to attach to it */
+ *nperm = BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE;
+ *nshared = BLK_PERM_WRITE_UNCHANGED;
+ } else {
+ /* The backing file is there so 'commit' can use it. vvfat doesn't
+ * access it in any way. */
+ *nperm = 0;
+ *nshared = BLK_PERM_ALL;
+ }
+}
+
static void vvfat_close(BlockDriverState *bs)
{
BDRVVVFATState *s = bs->opaque;
@@ -3077,6 +3098,7 @@ static BlockDriver bdrv_vvfat = {
.bdrv_file_open = vvfat_open,
.bdrv_refresh_limits = vvfat_refresh_limits,
.bdrv_close = vvfat_close,
+ .bdrv_child_perm = vvfat_child_perm,
.bdrv_co_preadv = vvfat_co_preadv,
.bdrv_co_pwritev = vvfat_co_pwritev,
diff --git a/include/block/block_int.h b/include/block/block_int.h
index eb0598e..63d5446 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -466,6 +466,7 @@ struct BdrvChildRole {
extern const BdrvChildRole child_file;
extern const BdrvChildRole child_format;
+extern const BdrvChildRole child_backing;
struct BdrvChild {
BlockDriverState *bs;
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 21/54] block: Require .bdrv_child_perm() with child nodes
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (19 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 20/54] vvfat: Implement .bdrv_child_perm() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 14:14 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 22/54] block: Request real permissions in bdrv_attach_child() Kevin Wolf
` (34 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
All block drivers that can have child nodes implement .bdrv_child_perm()
now. Make this officially a requirement by asserting that only drivers
without children can omit .bdrv_child_perm().
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/block.c b/block.c
index 6d1362e..1c5f211 100644
--- a/block.c
+++ b/block.c
@@ -1361,8 +1361,9 @@ static int bdrv_check_perm(BlockDriverState *bs, uint64_t cumulative_perms,
cumulative_shared_perms, errp);
}
- /* Drivers may not have .bdrv_child_perm() */
+ /* Drivers that never have children can omit .bdrv_child_perm() */
if (!drv->bdrv_child_perm) {
+ assert(QLIST_EMPTY(&bs->children));
return 0;
}
@@ -1421,8 +1422,9 @@ static void bdrv_set_perm(BlockDriverState *bs, uint64_t cumulative_perms,
drv->bdrv_set_perm(bs, cumulative_perms, cumulative_shared_perms);
}
- /* Drivers may not have .bdrv_child_perm() */
+ /* Drivers that never have children can omit .bdrv_child_perm() */
if (!drv->bdrv_child_perm) {
+ assert(QLIST_EMPTY(&bs->children));
return;
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 22/54] block: Request real permissions in bdrv_attach_child()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (20 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 21/54] block: Require .bdrv_child_perm() with child nodes Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 14:24 ` Max Reitz
2017-02-22 14:31 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 23/54] block: Add permissions to BlockBackend Kevin Wolf
` (33 subsequent siblings)
55 siblings, 2 replies; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
Now that all block drivers with children tell us what permissions they
need from each of their children, bdrv_attach_child() can use this
information and make the right requirements while trying to attach new
children.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/block.c b/block.c
index 1c5f211..054e6f0 100644
--- a/block.c
+++ b/block.c
@@ -1659,10 +1659,14 @@ BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs,
Error **errp)
{
BdrvChild *child;
+ uint64_t perm, shared_perm;
+
+ assert(parent_bs->drv);
+ parent_bs->drv->bdrv_child_perm(parent_bs, NULL, child_role,
+ 0, BLK_PERM_ALL, &perm, &shared_perm);
- /* FIXME Use real permissions */
child = bdrv_root_attach_child(child_bs, child_name, child_role,
- 0, BLK_PERM_ALL, parent_bs, errp);
+ perm, shared_perm, parent_bs, errp);
if (child == NULL) {
return NULL;
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 23/54] block: Add permissions to BlockBackend
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (21 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 22/54] block: Request real permissions in bdrv_attach_child() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 14:32 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 24/54] block: Add permissions to blk_new() Kevin Wolf
` (32 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
The BlockBackend can now store the permissions that its user requires.
This is necessary because nodes can be ejected from or inserted into a
BlockBackend and all of these operations must make sure that the user
still gets what it requested initially.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/block-backend.c | 27 +++++++++++++++++++++++++++
include/sysemu/block-backend.h | 2 ++
2 files changed, 29 insertions(+)
diff --git a/block/block-backend.c b/block/block-backend.c
index 9bb4528..1ed75c6 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -59,6 +59,9 @@ struct BlockBackend {
bool iostatus_enabled;
BlockDeviceIoStatus iostatus;
+ uint64_t perm;
+ uint64_t shared_perm;
+
bool allow_write_beyond_eof;
NotifierList remove_bs_notifiers, insert_bs_notifiers;
@@ -126,6 +129,8 @@ BlockBackend *blk_new(void)
blk = g_new0(BlockBackend, 1);
blk->refcnt = 1;
+ blk->perm = 0;
+ blk->shared_perm = BLK_PERM_ALL;
blk_set_enable_write_cache(blk, true);
qemu_co_queue_init(&blk->public.throttled_reqs[0]);
@@ -511,6 +516,27 @@ void blk_insert_bs(BlockBackend *blk, BlockDriverState *bs)
}
}
+/*
+ * Sets the permission bitmasks that the user of the BlockBackend needs.
+ */
+int blk_set_perm(BlockBackend *blk, uint64_t perm, uint64_t shared_perm,
+ Error **errp)
+{
+ int ret;
+
+ if (blk->root) {
+ ret = bdrv_child_try_set_perm(blk->root, perm, shared_perm, errp);
+ if (ret < 0) {
+ return ret;
+ }
+ }
+
+ blk->perm = perm;
+ blk->shared_perm = shared_perm;
+
+ return 0;
+}
+
static int blk_do_attach_dev(BlockBackend *blk, void *dev)
{
if (blk->dev) {
@@ -557,6 +583,7 @@ void blk_detach_dev(BlockBackend *blk, void *dev)
blk->dev_ops = NULL;
blk->dev_opaque = NULL;
blk->guest_block_size = 512;
+ blk_set_perm(blk, 0, BLK_PERM_ALL, &error_abort);
blk_unref(blk);
}
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index f365a51..4a18e86 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -105,6 +105,8 @@ void blk_remove_bs(BlockBackend *blk);
void blk_insert_bs(BlockBackend *blk, BlockDriverState *bs);
bool bdrv_has_blk(BlockDriverState *bs);
bool bdrv_is_root_node(BlockDriverState *bs);
+int blk_set_perm(BlockBackend *blk, uint64_t perm, uint64_t shared_perm,
+ Error **errp);
void blk_set_allow_write_beyond_eof(BlockBackend *blk, bool allow);
void blk_iostatus_enable(BlockBackend *blk);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 24/54] block: Add permissions to blk_new()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (22 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 23/54] block: Add permissions to BlockBackend Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 14:36 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 25/54] block: Add error parameter to blk_insert_bs() Kevin Wolf
` (31 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
We want every user to be specific about the permissions it needs, so
we'll pass the initial permissions as parameters to blk_new(). A user
only needs to call blk_set_perm() if it wants to change the permissions
after the fact.
The permissions are stored in the BlockBackend and applied whenever a
BlockDriverState should be attached in blk_insert_bs().
This does not include actually choosing the right set of permissions
everywhere yet. Instead, the usual FIXME comment is added to each place
and will be addressed in individual patches.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 2 +-
block/backup.c | 3 ++-
block/block-backend.c | 21 ++++++++++++++-------
block/commit.c | 12 ++++++++----
block/mirror.c | 3 ++-
block/qcow2.c | 2 +-
blockdev.c | 4 ++--
blockjob.c | 3 ++-
hmp.c | 3 ++-
hw/block/fdc.c | 3 ++-
hw/core/qdev-properties-system.c | 3 ++-
hw/ide/qdev.c | 3 ++-
hw/scsi/scsi-disk.c | 3 ++-
include/sysemu/block-backend.h | 2 +-
migration/block.c | 3 ++-
nbd/server.c | 3 ++-
tests/test-blockjob.c | 3 ++-
tests/test-throttle.c | 7 ++++---
18 files changed, 53 insertions(+), 30 deletions(-)
diff --git a/block.c b/block.c
index 054e6f0..ed37d17 100644
--- a/block.c
+++ b/block.c
@@ -2170,7 +2170,7 @@ static BlockDriverState *bdrv_open_inherit(const char *filename,
goto fail;
}
if (file_bs != NULL) {
- file = blk_new();
+ file = blk_new(BLK_PERM_CONSISTENT_READ, BLK_PERM_ALL);
blk_insert_bs(file, file_bs);
bdrv_unref(file_bs);
diff --git a/block/backup.c b/block/backup.c
index fe010e7..4b3c94c 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -624,7 +624,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
goto error;
}
- job->target = blk_new();
+ /* FIXME Use real permissions */
+ job->target = blk_new(0, BLK_PERM_ALL);
blk_insert_bs(job->target, target);
job->on_source_error = on_source_error;
diff --git a/block/block-backend.c b/block/block-backend.c
index 1ed75c6..0319220 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -120,17 +120,23 @@ static const BdrvChildRole child_root = {
/*
* Create a new BlockBackend with a reference count of one.
- * Store an error through @errp on failure, unless it's null.
+ *
+ * @perm is a bitmasks of BLK_PERM_* constants which describes the permissions
+ * to request for a block driver node that is attached to this BlockBackend.
+ * @shared_perm is a bitmask which describes which permissions may be granted
+ * to other users of the attached node.
+ * Both sets of permissions can be changed later using blk_set_perm().
+ *
* Return the new BlockBackend on success, null on failure.
*/
-BlockBackend *blk_new(void)
+BlockBackend *blk_new(uint64_t perm, uint64_t shared_perm)
{
BlockBackend *blk;
blk = g_new0(BlockBackend, 1);
blk->refcnt = 1;
- blk->perm = 0;
- blk->shared_perm = BLK_PERM_ALL;
+ blk->perm = perm;
+ blk->shared_perm = shared_perm;
blk_set_enable_write_cache(blk, true);
qemu_co_queue_init(&blk->public.throttled_reqs[0]);
@@ -161,7 +167,7 @@ BlockBackend *blk_new_open(const char *filename, const char *reference,
BlockBackend *blk;
BlockDriverState *bs;
- blk = blk_new();
+ blk = blk_new(0, BLK_PERM_ALL);
bs = bdrv_open(filename, reference, options, flags, errp);
if (!bs) {
blk_unref(blk);
@@ -505,9 +511,10 @@ void blk_remove_bs(BlockBackend *blk)
void blk_insert_bs(BlockBackend *blk, BlockDriverState *bs)
{
bdrv_ref(bs);
- /* FIXME Use real permissions */
+ /* FIXME Error handling */
blk->root = bdrv_root_attach_child(bs, "root", &child_root,
- 0, BLK_PERM_ALL, blk, &error_abort);
+ blk->perm, blk->shared_perm, blk,
+ &error_abort);
notifier_list_notify(&blk->insert_bs_notifiers, blk);
if (blk->public.throttle_state) {
diff --git a/block/commit.c b/block/commit.c
index c284e85..1897e98 100644
--- a/block/commit.c
+++ b/block/commit.c
@@ -275,10 +275,12 @@ void commit_start(const char *job_id, BlockDriverState *bs,
block_job_add_bdrv(&s->common, overlay_bs);
}
- s->base = blk_new();
+ /* FIXME Use real permissions */
+ s->base = blk_new(0, BLK_PERM_ALL);
blk_insert_bs(s->base, base);
- s->top = blk_new();
+ /* FIXME Use real permissions */
+ s->top = blk_new(0, BLK_PERM_ALL);
blk_insert_bs(s->top, top);
s->active = bs;
@@ -328,10 +330,12 @@ int bdrv_commit(BlockDriverState *bs)
}
}
- src = blk_new();
+ /* FIXME Use real permissions */
+ src = blk_new(0, BLK_PERM_ALL);
blk_insert_bs(src, bs);
- backing = blk_new();
+ /* FIXME Use real permissions */
+ backing = blk_new(0, BLK_PERM_ALL);
blk_insert_bs(backing, bs->backing->bs);
length = blk_getlength(src);
diff --git a/block/mirror.c b/block/mirror.c
index 13f793e..8f015b2 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -1012,7 +1012,8 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
return;
}
- s->target = blk_new();
+ /* FIXME Use real permissions */
+ s->target = blk_new(0, BLK_PERM_ALL);
blk_insert_bs(s->target, target);
s->replaces = g_strdup(replaces);
diff --git a/block/qcow2.c b/block/qcow2.c
index ef028f6..0356e69 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -3262,7 +3262,7 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts,
}
if (new_size) {
- BlockBackend *blk = blk_new();
+ BlockBackend *blk = blk_new(BLK_PERM_RESIZE, BLK_PERM_ALL);
blk_insert_bs(blk, bs);
ret = blk_truncate(blk, new_size);
blk_unref(blk);
diff --git a/blockdev.c b/blockdev.c
index 3596d87..10a12d1 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -554,7 +554,7 @@ static BlockBackend *blockdev_init(const char *file, QDict *bs_opts,
if ((!file || !*file) && !qdict_size(bs_opts)) {
BlockBackendRootState *blk_rs;
- blk = blk_new();
+ blk = blk_new(0, BLK_PERM_ALL);
blk_rs = blk_get_root_state(blk);
blk_rs->open_flags = bdrv_flags;
blk_rs->read_only = read_only;
@@ -2886,7 +2886,7 @@ void qmp_block_resize(bool has_device, const char *device,
goto out;
}
- blk = blk_new();
+ blk = blk_new(BLK_PERM_RESIZE, BLK_PERM_ALL);
blk_insert_bs(blk, bs);
/* complete all in-flight operations before resizing the device */
diff --git a/blockjob.c b/blockjob.c
index abee11b..508e0e5 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -159,7 +159,8 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver,
}
}
- blk = blk_new();
+ /* FIXME Use real permissions */
+ blk = blk_new(0, BLK_PERM_ALL);
blk_insert_bs(blk, bs);
job = g_malloc0(driver->instance_size);
diff --git a/hmp.c b/hmp.c
index 2bc4f06..15fd3f7 100644
--- a/hmp.c
+++ b/hmp.c
@@ -2044,7 +2044,8 @@ void hmp_qemu_io(Monitor *mon, const QDict *qdict)
if (!blk) {
BlockDriverState *bs = bdrv_lookup_bs(NULL, device, &err);
if (bs) {
- blk = local_blk = blk_new();
+ /* FIXME Use real permissions */
+ blk = local_blk = blk_new(0, BLK_PERM_ALL);
blk_insert_bs(blk, bs);
} else {
goto fail;
diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index 17d29e7..74f3634 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -533,7 +533,8 @@ static int floppy_drive_init(DeviceState *qdev)
if (!dev->conf.blk) {
/* Anonymous BlockBackend for an empty drive */
- dev->conf.blk = blk_new();
+ /* FIXME Use real permissions */
+ dev->conf.blk = blk_new(0, BLK_PERM_ALL);
ret = blk_attach_dev(dev->conf.blk, qdev);
assert(ret == 0);
}
diff --git a/hw/core/qdev-properties-system.c b/hw/core/qdev-properties-system.c
index 94f4d8b..cca4775 100644
--- a/hw/core/qdev-properties-system.c
+++ b/hw/core/qdev-properties-system.c
@@ -78,7 +78,8 @@ static void parse_drive(DeviceState *dev, const char *str, void **ptr,
if (!blk) {
BlockDriverState *bs = bdrv_lookup_bs(NULL, str, NULL);
if (bs) {
- blk = blk_new();
+ /* FIXME Use real permissions */
+ blk = blk_new(0, BLK_PERM_ALL);
blk_insert_bs(blk, bs);
blk_created = true;
}
diff --git a/hw/ide/qdev.c b/hw/ide/qdev.c
index dbaa75c..bb3c377 100644
--- a/hw/ide/qdev.c
+++ b/hw/ide/qdev.c
@@ -170,7 +170,8 @@ static int ide_dev_initfn(IDEDevice *dev, IDEDriveKind kind)
return -1;
} else {
/* Anonymous BlockBackend for an empty drive */
- dev->conf.blk = blk_new();
+ /* FIXME Use real permissions */
+ dev->conf.blk = blk_new(0, BLK_PERM_ALL);
}
}
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index bbfb5dc..546acc7 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -2380,7 +2380,8 @@ static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
if (!dev->conf.blk) {
- dev->conf.blk = blk_new();
+ /* FIXME Use real permissions */
+ dev->conf.blk = blk_new(0, BLK_PERM_ALL);
}
s->qdev.blocksize = 2048;
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index 4a18e86..6651f43 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -84,7 +84,7 @@ typedef struct BlockBackendPublic {
QLIST_ENTRY(BlockBackendPublic) round_robin;
} BlockBackendPublic;
-BlockBackend *blk_new(void);
+BlockBackend *blk_new(uint64_t perm, uint64_t shared_perm);
BlockBackend *blk_new_open(const char *filename, const char *reference,
QDict *options, int flags, Error **errp);
int blk_get_refcnt(BlockBackend *blk);
diff --git a/migration/block.c b/migration/block.c
index ebc10e6..6b7ffd4 100644
--- a/migration/block.c
+++ b/migration/block.c
@@ -415,7 +415,8 @@ static void init_blk_migration(QEMUFile *f)
}
bmds = g_new0(BlkMigDevState, 1);
- bmds->blk = blk_new();
+ /* FIXME Use real permissions */
+ bmds->blk = blk_new(0, BLK_PERM_ALL);
bmds->blk_name = g_strdup(bdrv_get_device_name(bs));
bmds->bulk_completed = 0;
bmds->total_sectors = sectors;
diff --git a/nbd/server.c b/nbd/server.c
index ac92fa0..936d5aa 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -892,7 +892,8 @@ NBDExport *nbd_export_new(BlockDriverState *bs, off_t dev_offset, off_t size,
BlockBackend *blk;
NBDExport *exp = g_malloc0(sizeof(NBDExport));
- blk = blk_new();
+ /* FIXME Use real permissions */
+ blk = blk_new(0, BLK_PERM_ALL);
blk_insert_bs(blk, bs);
blk_set_enable_write_cache(blk, !writethrough);
diff --git a/tests/test-blockjob.c b/tests/test-blockjob.c
index 068c9e4..1dd1cfa 100644
--- a/tests/test-blockjob.c
+++ b/tests/test-blockjob.c
@@ -53,7 +53,8 @@ static BlockJob *do_test_id(BlockBackend *blk, const char *id,
* BlockDriverState inserted. */
static BlockBackend *create_blk(const char *name)
{
- BlockBackend *blk = blk_new();
+ /* FIXME Use real permissions */
+ BlockBackend *blk = blk_new(0, BLK_PERM_ALL);
BlockDriverState *bs;
bs = bdrv_open("null-co://", NULL, NULL, 0, &error_abort);
diff --git a/tests/test-throttle.c b/tests/test-throttle.c
index 363b59a..5846433 100644
--- a/tests/test-throttle.c
+++ b/tests/test-throttle.c
@@ -593,9 +593,10 @@ static void test_groups(void)
BlockBackend *blk1, *blk2, *blk3;
BlockBackendPublic *blkp1, *blkp2, *blkp3;
- blk1 = blk_new();
- blk2 = blk_new();
- blk3 = blk_new();
+ /* FIXME Use real permissions */
+ blk1 = blk_new(0, BLK_PERM_ALL);
+ blk2 = blk_new(0, BLK_PERM_ALL);
+ blk3 = blk_new(0, BLK_PERM_ALL);
blkp1 = blk_get_public(blk1);
blkp2 = blk_get_public(blk2);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 25/54] block: Add error parameter to blk_insert_bs()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (23 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 24/54] block: Add permissions to blk_new() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 14:42 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 26/54] block: Add BDRV_O_RESIZE for blk_new_open() Kevin Wolf
` (30 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
Now that blk_insert_bs() requests the BlockBackend permissions for the
node it attaches to, it can fail. Instead of aborting, pass the errors
to the callers.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 5 ++++-
block/backup.c | 5 ++++-
block/block-backend.c | 13 ++++++++-----
block/commit.c | 38 ++++++++++++++++++++++++++++++--------
block/mirror.c | 15 ++++++++++++---
block/qcow2.c | 10 ++++++++--
blockdev.c | 11 +++++++++--
blockjob.c | 7 ++++++-
hmp.c | 6 +++++-
hw/core/qdev-properties-system.c | 7 ++++++-
include/sysemu/block-backend.h | 2 +-
migration/block.c | 2 +-
nbd/server.c | 6 +++++-
tests/test-blockjob.c | 2 +-
14 files changed, 100 insertions(+), 29 deletions(-)
diff --git a/block.c b/block.c
index ed37d17..9f46698 100644
--- a/block.c
+++ b/block.c
@@ -2171,8 +2171,11 @@ static BlockDriverState *bdrv_open_inherit(const char *filename,
}
if (file_bs != NULL) {
file = blk_new(BLK_PERM_CONSISTENT_READ, BLK_PERM_ALL);
- blk_insert_bs(file, file_bs);
+ blk_insert_bs(file, file_bs, &local_err);
bdrv_unref(file_bs);
+ if (local_err) {
+ goto fail;
+ }
qdict_put(options, "file",
qstring_from_str(bdrv_get_node_name(file_bs)));
diff --git a/block/backup.c b/block/backup.c
index 4b3c94c..f38d1d0 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -626,7 +626,10 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
/* FIXME Use real permissions */
job->target = blk_new(0, BLK_PERM_ALL);
- blk_insert_bs(job->target, target);
+ ret = blk_insert_bs(job->target, target, errp);
+ if (ret < 0) {
+ goto error;
+ }
job->on_source_error = on_source_error;
job->on_target_error = on_target_error;
diff --git a/block/block-backend.c b/block/block-backend.c
index 0319220..299948f 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -508,19 +508,22 @@ void blk_remove_bs(BlockBackend *blk)
/*
* Associates a new BlockDriverState with @blk.
*/
-void blk_insert_bs(BlockBackend *blk, BlockDriverState *bs)
+int blk_insert_bs(BlockBackend *blk, BlockDriverState *bs, Error **errp)
{
- bdrv_ref(bs);
- /* FIXME Error handling */
blk->root = bdrv_root_attach_child(bs, "root", &child_root,
- blk->perm, blk->shared_perm, blk,
- &error_abort);
+ blk->perm, blk->shared_perm, blk, errp);
+ if (blk->root == NULL) {
+ return -EPERM;
+ }
+ bdrv_ref(bs);
notifier_list_notify(&blk->insert_bs_notifiers, blk);
if (blk->public.throttle_state) {
throttle_timers_attach_aio_context(
&blk->public.throttle_timers, bdrv_get_aio_context(bs));
}
+
+ return 0;
}
/*
diff --git a/block/commit.c b/block/commit.c
index 1897e98..2ad8138 100644
--- a/block/commit.c
+++ b/block/commit.c
@@ -220,6 +220,7 @@ void commit_start(const char *job_id, BlockDriverState *bs,
BlockDriverState *iter;
BlockDriverState *overlay_bs;
Error *local_err = NULL;
+ int ret;
assert(top != bs);
if (top == base) {
@@ -256,8 +257,7 @@ void commit_start(const char *job_id, BlockDriverState *bs,
bdrv_reopen_multiple(bdrv_get_aio_context(bs), reopen_queue, &local_err);
if (local_err != NULL) {
error_propagate(errp, local_err);
- block_job_unref(&s->common);
- return;
+ goto fail;
}
}
@@ -277,11 +277,17 @@ void commit_start(const char *job_id, BlockDriverState *bs,
/* FIXME Use real permissions */
s->base = blk_new(0, BLK_PERM_ALL);
- blk_insert_bs(s->base, base);
+ ret = blk_insert_bs(s->base, base, errp);
+ if (ret < 0) {
+ goto fail;
+ }
/* FIXME Use real permissions */
s->top = blk_new(0, BLK_PERM_ALL);
- blk_insert_bs(s->top, top);
+ ret = blk_insert_bs(s->top, top, errp);
+ if (ret < 0) {
+ goto fail;
+ }
s->active = bs;
@@ -294,6 +300,16 @@ void commit_start(const char *job_id, BlockDriverState *bs,
trace_commit_start(bs, base, top, s);
block_job_start(&s->common);
+ return;
+
+fail:
+ if (s->base) {
+ blk_unref(s->base);
+ }
+ if (s->top) {
+ blk_unref(s->top);
+ }
+ block_job_unref(&s->common);
}
@@ -332,11 +348,17 @@ int bdrv_commit(BlockDriverState *bs)
/* FIXME Use real permissions */
src = blk_new(0, BLK_PERM_ALL);
- blk_insert_bs(src, bs);
-
- /* FIXME Use real permissions */
backing = blk_new(0, BLK_PERM_ALL);
- blk_insert_bs(backing, bs->backing->bs);
+
+ ret = blk_insert_bs(src, bs, NULL);
+ if (ret < 0) {
+ goto ro_cleanup;
+ }
+
+ ret = blk_insert_bs(backing, bs->backing->bs, NULL);
+ if (ret < 0) {
+ goto ro_cleanup;
+ }
length = blk_getlength(src);
if (length < 0) {
diff --git a/block/mirror.c b/block/mirror.c
index 8f015b2..c551bfc 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -523,9 +523,12 @@ static void mirror_exit(BlockJob *job, void *opaque)
bdrv_replace_in_backing_chain(to_replace, target_bs);
bdrv_drained_end(target_bs);
- /* We just changed the BDS the job BB refers to */
+ /* We just changed the BDS the job BB refers to, so switch the BB back
+ * so the cleanup does the right thing. We don't need any permissions
+ * any more now. */
blk_remove_bs(job->blk);
- blk_insert_bs(job->blk, src);
+ blk_set_perm(job->blk, 0, BLK_PERM_ALL, &error_abort);
+ blk_insert_bs(job->blk, src, &error_abort);
}
if (s->to_replace) {
bdrv_op_unblock_all(s->to_replace, s->replace_blocker);
@@ -990,6 +993,7 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
bool auto_complete)
{
MirrorBlockJob *s;
+ int ret;
if (granularity == 0) {
granularity = bdrv_get_default_bitmap_granularity(target);
@@ -1014,7 +1018,12 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
/* FIXME Use real permissions */
s->target = blk_new(0, BLK_PERM_ALL);
- blk_insert_bs(s->target, target);
+ ret = blk_insert_bs(s->target, target, errp);
+ if (ret < 0) {
+ blk_unref(s->target);
+ block_job_unref(&s->common);
+ return;
+ }
s->replaces = g_strdup(replaces);
s->on_source_error = on_source_error;
diff --git a/block/qcow2.c b/block/qcow2.c
index 0356e69..6f79df8 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -3113,6 +3113,7 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts,
uint64_t cluster_size = s->cluster_size;
bool encrypt;
int refcount_bits = s->refcount_bits;
+ Error *local_err = NULL;
int ret;
QemuOptDesc *desc = opts->list->desc;
Qcow2AmendHelperCBInfo helper_cb_info;
@@ -3263,10 +3264,15 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts,
if (new_size) {
BlockBackend *blk = blk_new(BLK_PERM_RESIZE, BLK_PERM_ALL);
- blk_insert_bs(blk, bs);
+ ret = blk_insert_bs(blk, bs, &local_err);
+ if (ret < 0) {
+ error_report_err(local_err);
+ blk_unref(blk);
+ return ret;
+ }
+
ret = blk_truncate(blk, new_size);
blk_unref(blk);
-
if (ret < 0) {
return ret;
}
diff --git a/blockdev.c b/blockdev.c
index 10a12d1..d01e313 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -2432,6 +2432,7 @@ static void qmp_blockdev_insert_anon_medium(BlockBackend *blk,
BlockDriverState *bs, Error **errp)
{
bool has_device;
+ int ret;
/* For BBs without a device, we can exchange the BDS tree at will */
has_device = blk_get_attached_dev(blk);
@@ -2451,7 +2452,10 @@ static void qmp_blockdev_insert_anon_medium(BlockBackend *blk,
return;
}
- blk_insert_bs(blk, bs);
+ ret = blk_insert_bs(blk, bs, errp);
+ if (ret < 0) {
+ return;
+ }
if (!blk_dev_has_tray(blk)) {
/* For tray-less devices, blockdev-close-tray is a no-op (or may not be
@@ -2887,7 +2891,10 @@ void qmp_block_resize(bool has_device, const char *device,
}
blk = blk_new(BLK_PERM_RESIZE, BLK_PERM_ALL);
- blk_insert_bs(blk, bs);
+ ret = blk_insert_bs(blk, bs, errp);
+ if (ret < 0) {
+ goto out;
+ }
/* complete all in-flight operations before resizing the device */
bdrv_drain_all();
diff --git a/blockjob.c b/blockjob.c
index 508e0e5..72b7d4c 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -128,6 +128,7 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver,
{
BlockBackend *blk;
BlockJob *job;
+ int ret;
if (bs->job) {
error_setg(errp, QERR_DEVICE_IN_USE, bdrv_get_device_name(bs));
@@ -161,7 +162,11 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver,
/* FIXME Use real permissions */
blk = blk_new(0, BLK_PERM_ALL);
- blk_insert_bs(blk, bs);
+ ret = blk_insert_bs(blk, bs, errp);
+ if (ret < 0) {
+ blk_unref(blk);
+ return NULL;
+ }
job = g_malloc0(driver->instance_size);
error_setg(&job->blocker, "block device is in use by block job: %s",
diff --git a/hmp.c b/hmp.c
index 15fd3f7..801fddb 100644
--- a/hmp.c
+++ b/hmp.c
@@ -2039,6 +2039,7 @@ void hmp_qemu_io(Monitor *mon, const QDict *qdict)
const char* device = qdict_get_str(qdict, "device");
const char* command = qdict_get_str(qdict, "command");
Error *err = NULL;
+ int ret;
blk = blk_by_name(device);
if (!blk) {
@@ -2046,7 +2047,10 @@ void hmp_qemu_io(Monitor *mon, const QDict *qdict)
if (bs) {
/* FIXME Use real permissions */
blk = local_blk = blk_new(0, BLK_PERM_ALL);
- blk_insert_bs(blk, bs);
+ ret = blk_insert_bs(blk, bs, &err);
+ if (ret < 0) {
+ goto fail;
+ }
} else {
goto fail;
}
diff --git a/hw/core/qdev-properties-system.c b/hw/core/qdev-properties-system.c
index cca4775..66ba367 100644
--- a/hw/core/qdev-properties-system.c
+++ b/hw/core/qdev-properties-system.c
@@ -73,6 +73,7 @@ static void parse_drive(DeviceState *dev, const char *str, void **ptr,
{
BlockBackend *blk;
bool blk_created = false;
+ int ret;
blk = blk_by_name(str);
if (!blk) {
@@ -80,8 +81,12 @@ static void parse_drive(DeviceState *dev, const char *str, void **ptr,
if (bs) {
/* FIXME Use real permissions */
blk = blk_new(0, BLK_PERM_ALL);
- blk_insert_bs(blk, bs);
blk_created = true;
+
+ ret = blk_insert_bs(blk, bs, errp);
+ if (ret < 0) {
+ goto fail;
+ }
}
}
if (!blk) {
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index 6651f43..0861113 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -102,7 +102,7 @@ BlockBackend *blk_by_public(BlockBackendPublic *public);
BlockDriverState *blk_bs(BlockBackend *blk);
void blk_remove_bs(BlockBackend *blk);
-void blk_insert_bs(BlockBackend *blk, BlockDriverState *bs);
+int blk_insert_bs(BlockBackend *blk, BlockDriverState *bs, Error **errp);
bool bdrv_has_blk(BlockDriverState *bs);
bool bdrv_is_root_node(BlockDriverState *bs);
int blk_set_perm(BlockBackend *blk, uint64_t perm, uint64_t shared_perm,
diff --git a/migration/block.c b/migration/block.c
index 6b7ffd4..d259936 100644
--- a/migration/block.c
+++ b/migration/block.c
@@ -446,7 +446,7 @@ static void init_blk_migration(QEMUFile *f)
BlockDriverState *bs = bmds_bs[i].bs;
if (bmds) {
- blk_insert_bs(bmds->blk, bs);
+ blk_insert_bs(bmds->blk, bs, &error_abort);
alloc_aio_bitmap(bmds);
error_setg(&bmds->blocker, "block device is in use by migration");
diff --git a/nbd/server.c b/nbd/server.c
index 936d5aa..89362ba 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -891,10 +891,14 @@ NBDExport *nbd_export_new(BlockDriverState *bs, off_t dev_offset, off_t size,
{
BlockBackend *blk;
NBDExport *exp = g_malloc0(sizeof(NBDExport));
+ int ret;
/* FIXME Use real permissions */
blk = blk_new(0, BLK_PERM_ALL);
- blk_insert_bs(blk, bs);
+ ret = blk_insert_bs(blk, bs, errp);
+ if (ret < 0) {
+ goto fail;
+ }
blk_set_enable_write_cache(blk, !writethrough);
exp->refcount = 1;
diff --git a/tests/test-blockjob.c b/tests/test-blockjob.c
index 1dd1cfa..143ce96 100644
--- a/tests/test-blockjob.c
+++ b/tests/test-blockjob.c
@@ -60,7 +60,7 @@ static BlockBackend *create_blk(const char *name)
bs = bdrv_open("null-co://", NULL, NULL, 0, &error_abort);
g_assert_nonnull(bs);
- blk_insert_bs(blk, bs);
+ blk_insert_bs(blk, bs, &error_abort);
bdrv_unref(bs);
if (name) {
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 26/54] block: Add BDRV_O_RESIZE for blk_new_open()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (24 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 25/54] block: Add error parameter to blk_insert_bs() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 14:51 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 27/54] block: Request real permissions in blk_new_open() Kevin Wolf
` (29 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
blk_new_open() is a convenience function that processes flags rather
than QDict options as a simple way to just open an image file.
In order to keep it convenient in the future, it must automatically
request the necessary permissions. This can easily be inferred from the
flags for read and write, but we need another flag that tells us whether
to get the resize permission.
We can't just always request it because that means that no block jobs
can run on the resulting BlockBackend (which is something that e.g.
qemu-img commit wants to do), but we also can't request it never because
most of the .bdrv_create() implementations call blk_truncate().
The solution is to introduce another flag that is passed by all users
that want to resize the image.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/parallels.c | 3 ++-
block/qcow.c | 3 ++-
block/qcow2.c | 3 ++-
block/qed.c | 3 ++-
block/vdi.c | 3 ++-
block/vhdx.c | 3 ++-
block/vmdk.c | 6 ++++--
block/vpc.c | 3 ++-
include/block/block.h | 1 +
qemu-img.c | 2 +-
10 files changed, 20 insertions(+), 10 deletions(-)
diff --git a/block/parallels.c b/block/parallels.c
index 6b0c0a9..19935e2 100644
--- a/block/parallels.c
+++ b/block/parallels.c
@@ -488,7 +488,8 @@ static int parallels_create(const char *filename, QemuOpts *opts, Error **errp)
}
file = blk_new_open(filename, NULL, NULL,
- BDRV_O_RDWR | BDRV_O_PROTOCOL, &local_err);
+ BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL,
+ &local_err);
if (file == NULL) {
error_propagate(errp, local_err);
return -EIO;
diff --git a/block/qcow.c b/block/qcow.c
index eb5d54c..9d6ac83 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -823,7 +823,8 @@ static int qcow_create(const char *filename, QemuOpts *opts, Error **errp)
}
qcow_blk = blk_new_open(filename, NULL, NULL,
- BDRV_O_RDWR | BDRV_O_PROTOCOL, &local_err);
+ BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL,
+ &local_err);
if (qcow_blk == NULL) {
error_propagate(errp, local_err);
ret = -EIO;
diff --git a/block/qcow2.c b/block/qcow2.c
index 6f79df8..4ca9f24 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -2266,7 +2266,8 @@ static int qcow2_create2(const char *filename, int64_t total_size,
options = qdict_new();
qdict_put(options, "driver", qstring_from_str("qcow2"));
blk = blk_new_open(filename, NULL, options,
- BDRV_O_RDWR | BDRV_O_NO_FLUSH, &local_err);
+ BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_NO_FLUSH,
+ &local_err);
if (blk == NULL) {
error_propagate(errp, local_err);
ret = -EIO;
diff --git a/block/qed.c b/block/qed.c
index d8f947a..5ec7fd8 100644
--- a/block/qed.c
+++ b/block/qed.c
@@ -625,7 +625,8 @@ static int qed_create(const char *filename, uint32_t cluster_size,
}
blk = blk_new_open(filename, NULL, NULL,
- BDRV_O_RDWR | BDRV_O_PROTOCOL, &local_err);
+ BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL,
+ &local_err);
if (blk == NULL) {
error_propagate(errp, local_err);
return -EIO;
diff --git a/block/vdi.c b/block/vdi.c
index fd6e26d..9b4f70e 100644
--- a/block/vdi.c
+++ b/block/vdi.c
@@ -763,7 +763,8 @@ static int vdi_create(const char *filename, QemuOpts *opts, Error **errp)
}
blk = blk_new_open(filename, NULL, NULL,
- BDRV_O_RDWR | BDRV_O_PROTOCOL, &local_err);
+ BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL,
+ &local_err);
if (blk == NULL) {
error_propagate(errp, local_err);
ret = -EIO;
diff --git a/block/vhdx.c b/block/vhdx.c
index ab747f6..052a753 100644
--- a/block/vhdx.c
+++ b/block/vhdx.c
@@ -1859,7 +1859,8 @@ static int vhdx_create(const char *filename, QemuOpts *opts, Error **errp)
}
blk = blk_new_open(filename, NULL, NULL,
- BDRV_O_RDWR | BDRV_O_PROTOCOL, &local_err);
+ BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL,
+ &local_err);
if (blk == NULL) {
error_propagate(errp, local_err);
ret = -EIO;
diff --git a/block/vmdk.c b/block/vmdk.c
index f5e2fb5..a9bd22b 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -1703,7 +1703,8 @@ static int vmdk_create_extent(const char *filename, int64_t filesize,
}
blk = blk_new_open(filename, NULL, NULL,
- BDRV_O_RDWR | BDRV_O_PROTOCOL, &local_err);
+ BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL,
+ &local_err);
if (blk == NULL) {
error_propagate(errp, local_err);
ret = -EIO;
@@ -2071,7 +2072,8 @@ static int vmdk_create(const char *filename, QemuOpts *opts, Error **errp)
}
new_blk = blk_new_open(filename, NULL, NULL,
- BDRV_O_RDWR | BDRV_O_PROTOCOL, &local_err);
+ BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL,
+ &local_err);
if (new_blk == NULL) {
error_propagate(errp, local_err);
ret = -EIO;
diff --git a/block/vpc.c b/block/vpc.c
index b9c9832..f591d4b 100644
--- a/block/vpc.c
+++ b/block/vpc.c
@@ -915,7 +915,8 @@ static int vpc_create(const char *filename, QemuOpts *opts, Error **errp)
}
blk = blk_new_open(filename, NULL, NULL,
- BDRV_O_RDWR | BDRV_O_PROTOCOL, &local_err);
+ BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL,
+ &local_err);
if (blk == NULL) {
error_propagate(errp, local_err);
ret = -EIO;
diff --git a/include/block/block.h b/include/block/block.h
index 2d6ed7d..701d22b 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -82,6 +82,7 @@ typedef struct HDGeometry {
} HDGeometry;
#define BDRV_O_RDWR 0x0002
+#define BDRV_O_RESIZE 0x0004 /* requests permission for resizing the node */
#define BDRV_O_SNAPSHOT 0x0008 /* open the file read only and save writes in a snapshot */
#define BDRV_O_TEMPORARY 0x0010 /* delete the file after use */
#define BDRV_O_NOCACHE 0x0020 /* do not use the host page cache */
diff --git a/qemu-img.c b/qemu-img.c
index cff22e3..8d9195e 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -3275,7 +3275,7 @@ static int img_resize(int argc, char **argv)
qemu_opts_del(param);
blk = img_open(image_opts, filename, fmt,
- BDRV_O_RDWR, false, quiet);
+ BDRV_O_RDWR | BDRV_O_RESIZE, false, quiet);
if (!blk) {
ret = -1;
goto out;
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 27/54] block: Request real permissions in blk_new_open()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (25 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 26/54] block: Add BDRV_O_RESIZE for blk_new_open() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-22 14:52 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 28/54] block: Allow error return in BlockDevOps.change_media_cb() Kevin Wolf
` (28 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
We can figure out the necessary permissions from the flags that the
caller passed.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/block-backend.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/block/block-backend.c b/block/block-backend.c
index 299948f..03d5495 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -166,17 +166,33 @@ BlockBackend *blk_new_open(const char *filename, const char *reference,
{
BlockBackend *blk;
BlockDriverState *bs;
+ uint64_t perm;
+
+ /* blk_new_open() is mainly used in .bdrv_create implementations and the
+ * tools where sharing isn't a concern because the BDS stays private, so we
+ * just request permission according to the flags.
+ *
+ * The exceptions are xen_disk and blockdev_init(); in these cases, the
+ * caller of blk_new_open() doesn't make use of the permissions, but they
+ * shouldn't hurt either. We can still share everything here because the
+ * guest devices will add their own blockers if they can't share. */
+ perm = BLK_PERM_CONSISTENT_READ;
+ if (flags & BDRV_O_RDWR) {
+ perm |= BLK_PERM_WRITE;
+ }
+ if (flags & BDRV_O_RESIZE) {
+ perm |= BLK_PERM_RESIZE;
+ }
- blk = blk_new(0, BLK_PERM_ALL);
+ blk = blk_new(perm, BLK_PERM_ALL);
bs = bdrv_open(filename, reference, options, flags, errp);
if (!bs) {
blk_unref(blk);
return NULL;
}
- /* FIXME Use real permissions */
blk->root = bdrv_root_attach_child(bs, "root", &child_root,
- 0, BLK_PERM_ALL, blk, &error_abort);
+ perm, BLK_PERM_ALL, blk, &error_abort);
return blk;
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 28/54] block: Allow error return in BlockDevOps.change_media_cb()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (26 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 27/54] block: Request real permissions in blk_new_open() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-24 13:29 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 29/54] hw/block: Request permissions Kevin Wolf
` (27 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
Some devices allow a media change between read-only and read-write
media. They need to adapt the permissions in their .change_media_cb()
implementation, which can fail. So add an Error parameter to the
function.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/block-backend.c | 20 +++++++++++++++-----
blockdev.c | 19 +++++++++++++++----
hw/block/fdc.c | 2 +-
hw/ide/core.c | 2 +-
hw/scsi/scsi-disk.c | 2 +-
hw/sd/sd.c | 2 +-
include/block/block_int.h | 2 +-
include/sysemu/block-backend.h | 2 +-
8 files changed, 36 insertions(+), 15 deletions(-)
diff --git a/block/block-backend.c b/block/block-backend.c
index 03d5495..fcc42b5 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -677,19 +677,29 @@ void blk_set_dev_ops(BlockBackend *blk, const BlockDevOps *ops,
/*
* Notify @blk's attached device model of media change.
- * If @load is true, notify of media load.
- * Else, notify of media eject.
+ *
+ * If @load is true, notify of media load. This action can fail, meaning that
+ * the medium cannot be loaded. @errp is set then.
+ *
+ * If @load is false, notify of media eject. This can never fail.
+ *
* Also send DEVICE_TRAY_MOVED events as appropriate.
*/
-void blk_dev_change_media_cb(BlockBackend *blk, bool load)
+void blk_dev_change_media_cb(BlockBackend *blk, bool load, Error **errp)
{
if (blk->dev_ops && blk->dev_ops->change_media_cb) {
bool tray_was_open, tray_is_open;
+ Error *local_err = NULL;
assert(!blk->legacy_dev);
tray_was_open = blk_dev_is_tray_open(blk);
- blk->dev_ops->change_media_cb(blk->dev_opaque, load);
+ blk->dev_ops->change_media_cb(blk->dev_opaque, load, &local_err);
+ if (local_err) {
+ assert(load == true);
+ error_propagate(errp, local_err);
+ return;
+ }
tray_is_open = blk_dev_is_tray_open(blk);
if (tray_was_open != tray_is_open) {
@@ -703,7 +713,7 @@ void blk_dev_change_media_cb(BlockBackend *blk, bool load)
static void blk_root_change_media(BdrvChild *child, bool load)
{
- blk_dev_change_media_cb(child->opaque, load);
+ blk_dev_change_media_cb(child->opaque, load, NULL);
}
/*
diff --git a/blockdev.c b/blockdev.c
index d01e313..bcee23e 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -2307,7 +2307,7 @@ static int do_open_tray(const char *blk_name, const char *qdev_id,
}
if (!locked || force) {
- blk_dev_change_media_cb(blk, false);
+ blk_dev_change_media_cb(blk, false, &error_abort);
}
if (locked && !force) {
@@ -2345,6 +2345,7 @@ void qmp_blockdev_close_tray(bool has_device, const char *device,
Error **errp)
{
BlockBackend *blk;
+ Error *local_err = NULL;
device = has_device ? device : NULL;
id = has_id ? id : NULL;
@@ -2368,7 +2369,11 @@ void qmp_blockdev_close_tray(bool has_device, const char *device,
return;
}
- blk_dev_change_media_cb(blk, true);
+ blk_dev_change_media_cb(blk, true, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
}
void qmp_x_blockdev_remove_medium(bool has_device, const char *device,
@@ -2421,7 +2426,7 @@ void qmp_x_blockdev_remove_medium(bool has_device, const char *device,
* called at all); therefore, the medium needs to be ejected here.
* Do it after blk_remove_bs() so blk_is_inserted(blk) returns the @load
* value passed here (i.e. false). */
- blk_dev_change_media_cb(blk, false);
+ blk_dev_change_media_cb(blk, false, &error_abort);
}
out:
@@ -2431,6 +2436,7 @@ out:
static void qmp_blockdev_insert_anon_medium(BlockBackend *blk,
BlockDriverState *bs, Error **errp)
{
+ Error *local_err = NULL;
bool has_device;
int ret;
@@ -2463,7 +2469,12 @@ static void qmp_blockdev_insert_anon_medium(BlockBackend *blk,
* slot here.
* Do it after blk_insert_bs() so blk_is_inserted(blk) returns the @load
* value passed here (i.e. true). */
- blk_dev_change_media_cb(blk, true);
+ blk_dev_change_media_cb(blk, true, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ blk_remove_bs(blk);
+ return;
+ }
}
}
diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index 74f3634..5f6c496 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -469,7 +469,7 @@ static void fd_revalidate(FDrive *drv)
}
}
-static void fd_change_cb(void *opaque, bool load)
+static void fd_change_cb(void *opaque, bool load, Error **errp)
{
FDrive *drive = opaque;
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 43709e5..f88b1e5 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -1120,7 +1120,7 @@ static void ide_cfata_metadata_write(IDEState *s)
}
/* called when the inserted state of the media has changed */
-static void ide_cd_change_cb(void *opaque, bool load)
+static void ide_cd_change_cb(void *opaque, bool load, Error **errp)
{
IDEState *s = opaque;
uint64_t nb_sectors;
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index 546acc7..c1ccfad 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -2240,7 +2240,7 @@ static void scsi_disk_resize_cb(void *opaque)
}
}
-static void scsi_cd_change_media_cb(void *opaque, bool load)
+static void scsi_cd_change_media_cb(void *opaque, bool load, Error **errp)
{
SCSIDiskState *s = opaque;
diff --git a/hw/sd/sd.c b/hw/sd/sd.c
index 8e88e83..8e31491 100644
--- a/hw/sd/sd.c
+++ b/hw/sd/sd.c
@@ -458,7 +458,7 @@ static bool sd_get_readonly(SDState *sd)
return sd->wp_switch;
}
-static void sd_cardchange(void *opaque, bool load)
+static void sd_cardchange(void *opaque, bool load, Error **errp)
{
SDState *sd = opaque;
DeviceState *dev = DEVICE(sd);
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 63d5446..e00d0f4 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -891,7 +891,7 @@ void bdrv_format_default_perms(BlockDriverState *bs, BdrvChild *c,
uint64_t *nperm, uint64_t *nshared);
const char *bdrv_get_parent_name(const BlockDriverState *bs);
-void blk_dev_change_media_cb(BlockBackend *blk, bool load);
+void blk_dev_change_media_cb(BlockBackend *blk, bool load, Error **errp);
bool blk_dev_has_removable_media(BlockBackend *blk);
bool blk_dev_has_tray(BlockBackend *blk);
void blk_dev_eject_request(BlockBackend *blk, bool force);
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index 0861113..b23f683 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -34,7 +34,7 @@ typedef struct BlockDevOps {
* changes. Sure would be useful if it did.
* Device models with removable media must implement this callback.
*/
- void (*change_media_cb)(void *opaque, bool load);
+ void (*change_media_cb)(void *opaque, bool load, Error **errp);
/*
* Runs when an eject request is issued from the monitor, the tray
* is closed, and the medium is locked.
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 29/54] hw/block: Request permissions
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (27 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 28/54] block: Allow error return in BlockDevOps.change_media_cb() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-24 13:46 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 30/54] hw/block: Introduce share-rw qdev property Kevin Wolf
` (26 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
This makes all device emulations with a qdev drive property request
permissions on their BlockBackend. The only thing we block at this point
is resizing images for some devices that can't support it.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
hw/block/block.c | 22 +++++++++++++++++++++-
hw/block/fdc.c | 25 +++++++++++++++++++++++--
hw/block/m25p80.c | 8 ++++++++
hw/block/nand.c | 7 +++++++
hw/block/nvme.c | 8 +++++++-
hw/block/onenand.c | 7 +++++++
hw/block/pflash_cfi01.c | 18 ++++++++++++------
hw/block/pflash_cfi02.c | 19 +++++++++++++------
hw/block/virtio-blk.c | 8 +++++++-
hw/core/qdev-properties-system.c | 1 -
hw/ide/qdev.c | 7 +++++--
hw/nvram/spapr_nvram.c | 8 ++++++++
hw/scsi/scsi-disk.c | 9 +++++++--
hw/sd/sd.c | 6 ++++++
hw/usb/dev-storage.c | 6 +++++-
include/hw/block/block.h | 3 ++-
tests/qemu-iotests/051.pc.out | 6 +++---
17 files changed, 141 insertions(+), 27 deletions(-)
diff --git a/hw/block/block.c b/hw/block/block.c
index 8dc9d84..7059ba1 100644
--- a/hw/block/block.c
+++ b/hw/block/block.c
@@ -51,11 +51,31 @@ void blkconf_blocksizes(BlockConf *conf)
}
}
-void blkconf_apply_backend_options(BlockConf *conf)
+void blkconf_apply_backend_options(BlockConf *conf, bool readonly,
+ bool resizable, Error **errp)
{
BlockBackend *blk = conf->blk;
BlockdevOnError rerror, werror;
+ uint64_t perm, shared_perm;
bool wce;
+ int ret;
+
+ perm = BLK_PERM_CONSISTENT_READ;
+ if (!readonly) {
+ perm |= BLK_PERM_WRITE;
+ }
+
+ /* TODO Remove BLK_PERM_WRITE unless explicitly configured so */
+ shared_perm = BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE_UNCHANGED |
+ BLK_PERM_GRAPH_MOD | BLK_PERM_WRITE;
+ if (resizable) {
+ shared_perm |= BLK_PERM_RESIZE;
+ }
+
+ ret = blk_set_perm(blk, perm, shared_perm, errp);
+ if (ret < 0) {
+ return;
+ }
switch (conf->wce) {
case ON_OFF_AUTO_ON: wce = true; break;
diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index 5f6c496..a328693 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -186,6 +186,7 @@ typedef enum FDiskFlags {
struct FDrive {
FDCtrl *fdctrl;
BlockBackend *blk;
+ BlockConf *conf;
/* Drive status */
FloppyDriveType drive; /* CMOS drive type */
uint8_t perpendicular; /* 2.88 MB access mode */
@@ -472,6 +473,19 @@ static void fd_revalidate(FDrive *drv)
static void fd_change_cb(void *opaque, bool load, Error **errp)
{
FDrive *drive = opaque;
+ Error *local_err = NULL;
+
+ if (!load) {
+ blk_set_perm(drive->blk, 0, BLK_PERM_ALL, &error_abort);
+ } else {
+ blkconf_apply_backend_options(drive->conf,
+ blk_is_read_only(drive->blk), false,
+ &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+ }
drive->media_changed = 1;
drive->media_validated = false;
@@ -508,6 +522,7 @@ static int floppy_drive_init(DeviceState *qdev)
FloppyDrive *dev = FLOPPY_DRIVE(qdev);
FloppyBus *bus = FLOPPY_BUS(qdev->parent_bus);
FDrive *drive;
+ Error *local_err = NULL;
int ret;
if (dev->unit == -1) {
@@ -533,7 +548,6 @@ static int floppy_drive_init(DeviceState *qdev)
if (!dev->conf.blk) {
/* Anonymous BlockBackend for an empty drive */
- /* FIXME Use real permissions */
dev->conf.blk = blk_new(0, BLK_PERM_ALL);
ret = blk_attach_dev(dev->conf.blk, qdev);
assert(ret == 0);
@@ -552,7 +566,13 @@ static int floppy_drive_init(DeviceState *qdev)
* blkconf_apply_backend_options(). */
dev->conf.rerror = BLOCKDEV_ON_ERROR_AUTO;
dev->conf.werror = BLOCKDEV_ON_ERROR_AUTO;
- blkconf_apply_backend_options(&dev->conf);
+
+ blkconf_apply_backend_options(&dev->conf, blk_is_read_only(dev->conf.blk),
+ false, &local_err);
+ if (local_err) {
+ error_report_err(local_err);
+ return -1;
+ }
/* 'enospc' is the default for -drive, 'report' is what blk_new() gives us
* for empty drives. */
@@ -566,6 +586,7 @@ static int floppy_drive_init(DeviceState *qdev)
return -1;
}
+ drive->conf = &dev->conf;
drive->blk = dev->conf.blk;
drive->fdctrl = bus->fdc;
diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index 2d6eb46..190573c 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -1215,6 +1215,7 @@ static void m25p80_realize(SSISlave *ss, Error **errp)
{
Flash *s = M25P80(ss);
M25P80Class *mc = M25P80_GET_CLASS(s);
+ int ret;
s->pi = mc->pi;
@@ -1222,6 +1223,13 @@ static void m25p80_realize(SSISlave *ss, Error **errp)
s->dirty_page = -1;
if (s->blk) {
+ uint64_t perm = BLK_PERM_CONSISTENT_READ |
+ (blk_is_read_only(s->blk) ? 0 : BLK_PERM_WRITE);
+ ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp);
+ if (ret < 0) {
+ return;
+ }
+
DB_PRINT_L(0, "Binding to IF_MTD drive\n");
s->storage = blk_blockalign(s->blk, s->size);
diff --git a/hw/block/nand.c b/hw/block/nand.c
index c69e675..0d33ac2 100644
--- a/hw/block/nand.c
+++ b/hw/block/nand.c
@@ -373,6 +373,8 @@ static void nand_realize(DeviceState *dev, Error **errp)
{
int pagesize;
NANDFlashState *s = NAND(dev);
+ int ret;
+
s->buswidth = nand_flash_ids[s->chip_id].width >> 3;
s->size = nand_flash_ids[s->chip_id].size << 20;
@@ -407,6 +409,11 @@ static void nand_realize(DeviceState *dev, Error **errp)
error_setg(errp, "Can't use a read-only drive");
return;
}
+ ret = blk_set_perm(s->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
+ BLK_PERM_ALL, errp);
+ if (ret < 0) {
+ return;
+ }
if (blk_getlength(s->blk) >=
(s->pages << s->page_shift) + (s->pages << s->oob_shift)) {
pagesize = 0;
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index ae91a18..ae303d4 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -835,6 +835,7 @@ static int nvme_init(PCIDevice *pci_dev)
int i;
int64_t bs_size;
uint8_t *pci_conf;
+ Error *local_err = NULL;
if (!n->conf.blk) {
return -1;
@@ -850,7 +851,12 @@ static int nvme_init(PCIDevice *pci_dev)
return -1;
}
blkconf_blocksizes(&n->conf);
- blkconf_apply_backend_options(&n->conf);
+ blkconf_apply_backend_options(&n->conf, blk_is_read_only(n->conf.blk),
+ false, &local_err);
+ if (local_err) {
+ error_report_err(local_err);
+ return -1;
+ }
pci_conf = pci_dev->config;
pci_conf[PCI_INTERRUPT_PIN] = 1;
diff --git a/hw/block/onenand.c b/hw/block/onenand.c
index 8d84227..ddf5492 100644
--- a/hw/block/onenand.c
+++ b/hw/block/onenand.c
@@ -778,6 +778,7 @@ static int onenand_initfn(SysBusDevice *sbd)
OneNANDState *s = ONE_NAND(dev);
uint32_t size = 1 << (24 + ((s->id.dev >> 4) & 7));
void *ram;
+ Error *local_err = NULL;
s->base = (hwaddr)-1;
s->rdy = NULL;
@@ -796,6 +797,12 @@ static int onenand_initfn(SysBusDevice *sbd)
error_report("Can't use a read-only drive");
return -1;
}
+ blk_set_perm(s->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
+ BLK_PERM_ALL, &local_err);
+ if (local_err) {
+ error_report_err(local_err);
+ return -1;
+ }
s->blk_cur = s->blk;
}
s->otp = memset(g_malloc((64 + 2) << PAGE_SHIFT),
diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index 71b98a3..594d4cf 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -758,6 +758,18 @@ static void pflash_cfi01_realize(DeviceState *dev, Error **errp)
sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
if (pfl->blk) {
+ uint64_t perm;
+ pfl->ro = blk_is_read_only(pfl->blk);
+ perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE);
+ ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp);
+ if (ret < 0) {
+ return;
+ }
+ } else {
+ pfl->ro = 0;
+ }
+
+ if (pfl->blk) {
/* read the initial flash content */
ret = blk_pread(pfl->blk, 0, pfl->storage, total_len);
@@ -768,12 +780,6 @@ static void pflash_cfi01_realize(DeviceState *dev, Error **errp)
}
}
- if (pfl->blk) {
- pfl->ro = blk_is_read_only(pfl->blk);
- } else {
- pfl->ro = 0;
- }
-
/* Default to devices being used at their maximum device width. This was
* assumed before the device_width support was added.
*/
diff --git a/hw/block/pflash_cfi02.c b/hw/block/pflash_cfi02.c
index ef71322..e6c5c6c 100644
--- a/hw/block/pflash_cfi02.c
+++ b/hw/block/pflash_cfi02.c
@@ -632,6 +632,19 @@ static void pflash_cfi02_realize(DeviceState *dev, Error **errp)
vmstate_register_ram(&pfl->orig_mem, DEVICE(pfl));
pfl->storage = memory_region_get_ram_ptr(&pfl->orig_mem);
pfl->chip_len = chip_len;
+
+ if (pfl->blk) {
+ uint64_t perm;
+ pfl->ro = blk_is_read_only(pfl->blk);
+ perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE);
+ ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp);
+ if (ret < 0) {
+ return;
+ }
+ } else {
+ pfl->ro = 0;
+ }
+
if (pfl->blk) {
/* read the initial flash content */
ret = blk_pread(pfl->blk, 0, pfl->storage, chip_len);
@@ -646,12 +659,6 @@ static void pflash_cfi02_realize(DeviceState *dev, Error **errp)
pfl->rom_mode = 1;
sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
- if (pfl->blk) {
- pfl->ro = blk_is_read_only(pfl->blk);
- } else {
- pfl->ro = 0;
- }
-
pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl);
pfl->wcycle = 0;
pfl->cmd = 0;
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index 843bd2f..98c16a7 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -928,7 +928,13 @@ static void virtio_blk_device_realize(DeviceState *dev, Error **errp)
}
blkconf_serial(&conf->conf, &conf->serial);
- blkconf_apply_backend_options(&conf->conf);
+ blkconf_apply_backend_options(&conf->conf,
+ blk_is_read_only(conf->conf.blk), true,
+ &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
s->original_wce = blk_enable_write_cache(conf->conf.blk);
blkconf_geometry(&conf->conf, NULL, 65535, 255, 255, &err);
if (err) {
diff --git a/hw/core/qdev-properties-system.c b/hw/core/qdev-properties-system.c
index 66ba367..c34be1c 100644
--- a/hw/core/qdev-properties-system.c
+++ b/hw/core/qdev-properties-system.c
@@ -79,7 +79,6 @@ static void parse_drive(DeviceState *dev, const char *str, void **ptr,
if (!blk) {
BlockDriverState *bs = bdrv_lookup_bs(NULL, str, NULL);
if (bs) {
- /* FIXME Use real permissions */
blk = blk_new(0, BLK_PERM_ALL);
blk_created = true;
diff --git a/hw/ide/qdev.c b/hw/ide/qdev.c
index bb3c377..b588d62 100644
--- a/hw/ide/qdev.c
+++ b/hw/ide/qdev.c
@@ -170,7 +170,6 @@ static int ide_dev_initfn(IDEDevice *dev, IDEDriveKind kind)
return -1;
} else {
/* Anonymous BlockBackend for an empty drive */
- /* FIXME Use real permissions */
dev->conf.blk = blk_new(0, BLK_PERM_ALL);
}
}
@@ -197,7 +196,11 @@ static int ide_dev_initfn(IDEDevice *dev, IDEDriveKind kind)
return -1;
}
}
- blkconf_apply_backend_options(&dev->conf);
+ blkconf_apply_backend_options(&dev->conf, kind == IDE_CD, true, &err);
+ if (err) {
+ error_report_err(err);
+ return -1;
+ }
if (ide_init_drive(s, dev->conf.blk, kind,
dev->version, dev->serial, dev->model, dev->wwn,
diff --git a/hw/nvram/spapr_nvram.c b/hw/nvram/spapr_nvram.c
index 65ba188..aa5d2c1 100644
--- a/hw/nvram/spapr_nvram.c
+++ b/hw/nvram/spapr_nvram.c
@@ -141,9 +141,17 @@ static void rtas_nvram_store(PowerPCCPU *cpu, sPAPRMachineState *spapr,
static void spapr_nvram_realize(VIOsPAPRDevice *dev, Error **errp)
{
sPAPRNVRAM *nvram = VIO_SPAPR_NVRAM(dev);
+ int ret;
if (nvram->blk) {
nvram->size = blk_getlength(nvram->blk);
+
+ ret = blk_set_perm(nvram->blk,
+ BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
+ BLK_PERM_ALL, errp);
+ if (ret < 0) {
+ return;
+ }
} else {
nvram->size = DEFAULT_NVRAM_SIZE;
}
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index c1ccfad..2c3aaa0 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -2328,7 +2328,13 @@ static void scsi_realize(SCSIDevice *dev, Error **errp)
return;
}
}
- blkconf_apply_backend_options(&dev->conf);
+ blkconf_apply_backend_options(&dev->conf,
+ blk_is_read_only(s->qdev.conf.blk), true,
+ &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
if (s->qdev.conf.discard_granularity == -1) {
s->qdev.conf.discard_granularity =
@@ -2380,7 +2386,6 @@ static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
if (!dev->conf.blk) {
- /* FIXME Use real permissions */
dev->conf.blk = blk_new(0, BLK_PERM_ALL);
}
diff --git a/hw/sd/sd.c b/hw/sd/sd.c
index 8e31491..ba47bff 100644
--- a/hw/sd/sd.c
+++ b/hw/sd/sd.c
@@ -1887,6 +1887,7 @@ static void sd_instance_finalize(Object *obj)
static void sd_realize(DeviceState *dev, Error **errp)
{
SDState *sd = SD_CARD(dev);
+ int ret;
if (sd->blk && blk_is_read_only(sd->blk)) {
error_setg(errp, "Cannot use read-only drive as SD card");
@@ -1894,6 +1895,11 @@ static void sd_realize(DeviceState *dev, Error **errp)
}
if (sd->blk) {
+ ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
+ BLK_PERM_ALL, errp);
+ if (ret < 0) {
+ return;
+ }
blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
}
}
diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index c607f76..a71b354 100644
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -603,7 +603,11 @@ static void usb_msd_realize_storage(USBDevice *dev, Error **errp)
blkconf_serial(&s->conf, &dev->serial);
blkconf_blocksizes(&s->conf);
- blkconf_apply_backend_options(&s->conf);
+ blkconf_apply_backend_options(&s->conf, blk_is_read_only(blk), true, &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
/*
* Hack alert: this pretends to be a block device, but it's really
diff --git a/include/hw/block/block.h b/include/hw/block/block.h
index df9d207..5d462eb 100644
--- a/include/hw/block/block.h
+++ b/include/hw/block/block.h
@@ -73,7 +73,8 @@ void blkconf_geometry(BlockConf *conf, int *trans,
unsigned cyls_max, unsigned heads_max, unsigned secs_max,
Error **errp);
void blkconf_blocksizes(BlockConf *conf);
-void blkconf_apply_backend_options(BlockConf *conf);
+void blkconf_apply_backend_options(BlockConf *conf, bool readonly,
+ bool resizable, Error **errp);
/* Hard disk geometry */
diff --git a/tests/qemu-iotests/051.pc.out b/tests/qemu-iotests/051.pc.out
index f1669c1..eb4b3b5 100644
--- a/tests/qemu-iotests/051.pc.out
+++ b/tests/qemu-iotests/051.pc.out
@@ -176,7 +176,7 @@ QEMU X.Y.Z monitor - type 'help' for more information
Testing: -drive file=TEST_DIR/t.qcow2,if=ide,readonly=on
QEMU X.Y.Z monitor - type 'help' for more information
-(qemu) QEMU_PROG: Can't use a read-only drive
+(qemu) QEMU_PROG: Block node is read-only
QEMU_PROG: Initialization of device ide-hd failed: Device initialization failed.
Testing: -drive file=TEST_DIR/t.qcow2,if=scsi,readonly=on
@@ -197,12 +197,12 @@ QEMU X.Y.Z monitor - type 'help' for more information
Testing: -drive file=TEST_DIR/t.qcow2,if=none,id=disk,readonly=on -device ide-drive,drive=disk
QEMU X.Y.Z monitor - type 'help' for more information
-(qemu) QEMU_PROG: -device ide-drive,drive=disk: Can't use a read-only drive
+(qemu) QEMU_PROG: -device ide-drive,drive=disk: Block node is read-only
QEMU_PROG: -device ide-drive,drive=disk: Device initialization failed.
Testing: -drive file=TEST_DIR/t.qcow2,if=none,id=disk,readonly=on -device ide-hd,drive=disk
QEMU X.Y.Z monitor - type 'help' for more information
-(qemu) QEMU_PROG: -device ide-hd,drive=disk: Can't use a read-only drive
+(qemu) QEMU_PROG: -device ide-hd,drive=disk: Block node is read-only
QEMU_PROG: -device ide-hd,drive=disk: Device initialization failed.
Testing: -drive file=TEST_DIR/t.qcow2,if=none,id=disk,readonly=on -device lsi53c895a -device scsi-disk,drive=disk
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 30/54] hw/block: Introduce share-rw qdev property
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (28 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 29/54] hw/block: Request permissions Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-24 13:49 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 31/54] blockjob: Add permissions to block_job_create() Kevin Wolf
` (25 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
By default, don't allow another writer for block devices that are
attached to a guest device. For the cases where this setup is intended
(e.g. using a cluster filesystem on the disk), the new option can be
used to allow it.
This change affects only devices using DEFINE_BLOCK_PROPERTIES().
Devices directly using DEFINE_PROP_DRIVE() still accept writers
unconditionally.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
hw/block/block.c | 6 ++++--
include/hw/block/block.h | 4 +++-
tests/qemu-iotests/172.out | 53 ++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 60 insertions(+), 3 deletions(-)
diff --git a/hw/block/block.c b/hw/block/block.c
index 7059ba1..27878d0 100644
--- a/hw/block/block.c
+++ b/hw/block/block.c
@@ -65,12 +65,14 @@ void blkconf_apply_backend_options(BlockConf *conf, bool readonly,
perm |= BLK_PERM_WRITE;
}
- /* TODO Remove BLK_PERM_WRITE unless explicitly configured so */
shared_perm = BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE_UNCHANGED |
- BLK_PERM_GRAPH_MOD | BLK_PERM_WRITE;
+ BLK_PERM_GRAPH_MOD;
if (resizable) {
shared_perm |= BLK_PERM_RESIZE;
}
+ if (conf->share_rw) {
+ shared_perm |= BLK_PERM_WRITE;
+ }
ret = blk_set_perm(blk, perm, shared_perm, errp);
if (ret < 0) {
diff --git a/include/hw/block/block.h b/include/hw/block/block.h
index 5d462eb..721064b 100644
--- a/include/hw/block/block.h
+++ b/include/hw/block/block.h
@@ -26,6 +26,7 @@ typedef struct BlockConf {
/* geometry, not all devices use this */
uint32_t cyls, heads, secs;
OnOffAuto wce;
+ bool share_rw;
BlockdevOnError rerror;
BlockdevOnError werror;
} BlockConf;
@@ -53,7 +54,8 @@ static inline unsigned int get_physical_block_exp(BlockConf *conf)
DEFINE_PROP_UINT32("opt_io_size", _state, _conf.opt_io_size, 0), \
DEFINE_PROP_UINT32("discard_granularity", _state, \
_conf.discard_granularity, -1), \
- DEFINE_PROP_ON_OFF_AUTO("write-cache", _state, _conf.wce, ON_OFF_AUTO_AUTO)
+ DEFINE_PROP_ON_OFF_AUTO("write-cache", _state, _conf.wce, ON_OFF_AUTO_AUTO), \
+ DEFINE_PROP_BOOL("share-rw", _state, _conf.share_rw, false)
#define DEFINE_BLOCK_CHS_PROPERTIES(_state, _conf) \
DEFINE_PROP_UINT32("cyls", _state, _conf.cyls, 0), \
diff --git a/tests/qemu-iotests/172.out b/tests/qemu-iotests/172.out
index 6b7edaf..54b5329 100644
--- a/tests/qemu-iotests/172.out
+++ b/tests/qemu-iotests/172.out
@@ -28,6 +28,7 @@ Testing:
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "288"
@@ -57,6 +58,7 @@ Testing: -fda TEST_DIR/t.qcow2
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -fdb TEST_DIR/t.qcow2
@@ -83,6 +85,7 @@ Testing: -fdb TEST_DIR/t.qcow2
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 0 (0x0)
@@ -93,6 +96,7 @@ Testing: -fdb TEST_DIR/t.qcow2
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "288"
Testing: -fda TEST_DIR/t.qcow2 -fdb TEST_DIR/t.qcow2
@@ -119,6 +123,7 @@ Testing: -fda TEST_DIR/t.qcow2 -fdb TEST_DIR/t.qcow2
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 0 (0x0)
@@ -129,6 +134,7 @@ Testing: -fda TEST_DIR/t.qcow2 -fdb TEST_DIR/t.qcow2
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
@@ -158,6 +164,7 @@ Testing: -drive if=floppy,file=TEST_DIR/t.qcow2
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -drive if=floppy,file=TEST_DIR/t.qcow2,index=1
@@ -184,6 +191,7 @@ Testing: -drive if=floppy,file=TEST_DIR/t.qcow2,index=1
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 0 (0x0)
@@ -194,6 +202,7 @@ Testing: -drive if=floppy,file=TEST_DIR/t.qcow2,index=1
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "288"
Testing: -drive if=floppy,file=TEST_DIR/t.qcow2 -drive if=floppy,file=TEST_DIR/t.qcow2,index=1
@@ -220,6 +229,7 @@ Testing: -drive if=floppy,file=TEST_DIR/t.qcow2 -drive if=floppy,file=TEST_DIR/t
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 0 (0x0)
@@ -230,6 +240,7 @@ Testing: -drive if=floppy,file=TEST_DIR/t.qcow2 -drive if=floppy,file=TEST_DIR/t
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
@@ -259,6 +270,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -global isa-fdc.driveA=none0
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -drive if=none,file=TEST_DIR/t.qcow2 -global isa-fdc.driveB=none0
@@ -285,6 +297,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -global isa-fdc.driveB=none0
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -global isa-fdc.driveA=none0 -global isa-fdc.driveB=none1
@@ -311,6 +324,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qco
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 0 (0x0)
@@ -321,6 +335,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qco
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
@@ -350,6 +365,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -device floppy,drive=none0
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -drive if=none,file=TEST_DIR/t.qcow2 -device floppy,drive=none0,unit=1
@@ -376,6 +392,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -device floppy,drive=none0,unit=1
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -device floppy,drive=none0 -device floppy,drive=none1,unit=1
@@ -402,6 +419,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qco
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 0 (0x0)
@@ -412,6 +430,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qco
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
@@ -441,6 +460,7 @@ Testing: -fda TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -global isa-
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 0 (0x0)
@@ -451,6 +471,7 @@ Testing: -fda TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -global isa-
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -fdb TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -global isa-fdc.driveA=none0
@@ -477,6 +498,7 @@ Testing: -fdb TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -global isa-
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 0 (0x0)
@@ -487,6 +509,7 @@ Testing: -fdb TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -global isa-
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -fda TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -global isa-fdc.driveA=none0
@@ -513,6 +536,7 @@ Testing: -fda TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -global isa-
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -fdb TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -global isa-fdc.driveB=none0
@@ -539,6 +563,7 @@ Testing: -fdb TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -global isa-
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
@@ -568,6 +593,7 @@ Testing: -fda TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -device flop
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 0 (0x0)
@@ -578,6 +604,7 @@ Testing: -fda TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -device flop
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -fda TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -device floppy,drive=none0,unit=1
@@ -604,6 +631,7 @@ Testing: -fda TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -device flop
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 0 (0x0)
@@ -614,6 +642,7 @@ Testing: -fda TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -device flop
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -fdb TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -device floppy,drive=none0
@@ -640,6 +669,7 @@ Testing: -fdb TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -device flop
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 1 (0x1)
@@ -650,6 +680,7 @@ Testing: -fdb TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -device flop
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -fdb TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -device floppy,drive=none0,unit=0
@@ -676,6 +707,7 @@ Testing: -fdb TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -device flop
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 1 (0x1)
@@ -686,6 +718,7 @@ Testing: -fdb TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -device flop
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -fda TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -device floppy,drive=none0,unit=0
@@ -723,6 +756,7 @@ Testing: -drive if=floppy,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.q
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 0 (0x0)
@@ -733,6 +767,7 @@ Testing: -drive if=floppy,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.q
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -drive if=floppy,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -device floppy,drive=none0,unit=1
@@ -759,6 +794,7 @@ Testing: -drive if=floppy,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.q
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 0 (0x0)
@@ -769,6 +805,7 @@ Testing: -drive if=floppy,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.q
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -drive if=floppy,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -device floppy,drive=none0,unit=0
@@ -802,6 +839,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qco
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 0 (0x0)
@@ -812,6 +850,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qco
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -global isa-fdc.driveA=none0 -device floppy,drive=none1,unit=1
@@ -838,6 +877,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qco
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 0 (0x0)
@@ -848,6 +888,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qco
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -global isa-fdc.driveB=none0 -device floppy,drive=none1
@@ -874,6 +915,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qco
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 1 (0x1)
@@ -884,6 +926,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qco
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -global isa-fdc.driveB=none0 -device floppy,drive=none1,unit=0
@@ -910,6 +953,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qco
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
dev: floppy, id ""
unit = 1 (0x1)
@@ -920,6 +964,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qco
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -drive if=none,file=TEST_DIR/t.qcow2 -drive if=none,file=TEST_DIR/t.qcow2 -global isa-fdc.driveA=none0 -device floppy,drive=none1,unit=0
@@ -964,6 +1009,7 @@ Testing: -device floppy
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "288"
Testing: -device floppy,drive-type=120
@@ -990,6 +1036,7 @@ Testing: -device floppy,drive-type=120
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "120"
Testing: -device floppy,drive-type=144
@@ -1016,6 +1063,7 @@ Testing: -device floppy,drive-type=144
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -device floppy,drive-type=288
@@ -1042,6 +1090,7 @@ Testing: -device floppy,drive-type=288
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "288"
@@ -1071,6 +1120,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -device floppy,drive=none0,drive-t
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "120"
Testing: -drive if=none,file=TEST_DIR/t.qcow2 -device floppy,drive=none0,drive-type=288
@@ -1097,6 +1147,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -device floppy,drive=none0,drive-t
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "288"
@@ -1126,6 +1177,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -device floppy,drive=none0,logical
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -drive if=none,file=TEST_DIR/t.qcow2 -device floppy,drive=none0,physical_block_size=512
@@ -1152,6 +1204,7 @@ Testing: -drive if=none,file=TEST_DIR/t.qcow2 -device floppy,drive=none0,physica
opt_io_size = 0 (0x0)
discard_granularity = 4294967295 (0xffffffff)
write-cache = "auto"
+ share-rw = false
drive-type = "144"
Testing: -drive if=none,file=TEST_DIR/t.qcow2 -device floppy,drive=none0,logical_block_size=4096
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 31/54] blockjob: Add permissions to block_job_create()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (29 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 30/54] hw/block: Introduce share-rw qdev property Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-24 13:50 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 32/54] block: Add BdrvChildRole.get_parent_desc() Kevin Wolf
` (24 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
This functions creates a BlockBackend internally, so the block jobs need
to tell it what they want to do with the BB.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/backup.c | 5 +++--
block/commit.c | 5 +++--
block/mirror.c | 5 +++--
block/stream.c | 5 +++--
blockjob.c | 6 +++---
include/block/blockjob_int.h | 4 +++-
tests/test-blockjob-txn.c | 6 +++---
tests/test-blockjob.c | 5 +++--
8 files changed, 24 insertions(+), 17 deletions(-)
diff --git a/block/backup.c b/block/backup.c
index f38d1d0..c759684 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -618,8 +618,9 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
goto error;
}
- job = block_job_create(job_id, &backup_job_driver, bs, speed,
- creation_flags, cb, opaque, errp);
+ /* FIXME Use real permissions */
+ job = block_job_create(job_id, &backup_job_driver, bs, 0, BLK_PERM_ALL,
+ speed, creation_flags, cb, opaque, errp);
if (!job) {
goto error;
}
diff --git a/block/commit.c b/block/commit.c
index 2ad8138..60d29a9 100644
--- a/block/commit.c
+++ b/block/commit.c
@@ -235,8 +235,9 @@ void commit_start(const char *job_id, BlockDriverState *bs,
return;
}
- s = block_job_create(job_id, &commit_job_driver, bs, speed,
- BLOCK_JOB_DEFAULT, NULL, NULL, errp);
+ /* FIXME Use real permissions */
+ s = block_job_create(job_id, &commit_job_driver, bs, 0, BLK_PERM_ALL,
+ speed, BLOCK_JOB_DEFAULT, NULL, NULL, errp);
if (!s) {
return;
}
diff --git a/block/mirror.c b/block/mirror.c
index c551bfc..9a61c1e 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -1010,8 +1010,9 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
buf_size = DEFAULT_MIRROR_BUF_SIZE;
}
- s = block_job_create(job_id, driver, bs, speed, creation_flags,
- cb, opaque, errp);
+ /* FIXME Use real permissions */
+ s = block_job_create(job_id, driver, bs, 0, BLK_PERM_ALL, speed,
+ creation_flags, cb, opaque, errp);
if (!s) {
return;
}
diff --git a/block/stream.c b/block/stream.c
index 1523ba7..7f49279 100644
--- a/block/stream.c
+++ b/block/stream.c
@@ -229,8 +229,9 @@ void stream_start(const char *job_id, BlockDriverState *bs,
BlockDriverState *iter;
int orig_bs_flags;
- s = block_job_create(job_id, &stream_job_driver, bs, speed,
- BLOCK_JOB_DEFAULT, NULL, NULL, errp);
+ /* FIXME Use real permissions */
+ s = block_job_create(job_id, &stream_job_driver, bs, 0, BLK_PERM_ALL,
+ speed, BLOCK_JOB_DEFAULT, NULL, NULL, errp);
if (!s) {
return;
}
diff --git a/blockjob.c b/blockjob.c
index 72b7d4c..27833c7 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -123,7 +123,8 @@ void block_job_add_bdrv(BlockJob *job, BlockDriverState *bs)
}
void *block_job_create(const char *job_id, const BlockJobDriver *driver,
- BlockDriverState *bs, int64_t speed, int flags,
+ BlockDriverState *bs, uint64_t perm,
+ uint64_t shared_perm, int64_t speed, int flags,
BlockCompletionFunc *cb, void *opaque, Error **errp)
{
BlockBackend *blk;
@@ -160,8 +161,7 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver,
}
}
- /* FIXME Use real permissions */
- blk = blk_new(0, BLK_PERM_ALL);
+ blk = blk_new(perm, shared_perm);
ret = blk_insert_bs(blk, bs, errp);
if (ret < 0) {
blk_unref(blk);
diff --git a/include/block/blockjob_int.h b/include/block/blockjob_int.h
index 8223822..3f86cc5 100644
--- a/include/block/blockjob_int.h
+++ b/include/block/blockjob_int.h
@@ -119,6 +119,7 @@ struct BlockJobDriver {
* generated automatically.
* @job_type: The class object for the newly-created job.
* @bs: The block
+ * @perm, @shared_perm: Permissions to request for @bs
* @speed: The maximum speed, in bytes per second, or 0 for unlimited.
* @cb: Completion function for the job.
* @opaque: Opaque pointer value passed to @cb.
@@ -134,7 +135,8 @@ struct BlockJobDriver {
* called from a wrapper that is specific to the job type.
*/
void *block_job_create(const char *job_id, const BlockJobDriver *driver,
- BlockDriverState *bs, int64_t speed, int flags,
+ BlockDriverState *bs, uint64_t perm,
+ uint64_t shared_perm, int64_t speed, int flags,
BlockCompletionFunc *cb, void *opaque, Error **errp);
/**
diff --git a/tests/test-blockjob-txn.c b/tests/test-blockjob-txn.c
index f6dfd08..4ccbda1 100644
--- a/tests/test-blockjob-txn.c
+++ b/tests/test-blockjob-txn.c
@@ -101,9 +101,9 @@ static BlockJob *test_block_job_start(unsigned int iterations,
g_assert_nonnull(bs);
snprintf(job_id, sizeof(job_id), "job%u", counter++);
- s = block_job_create(job_id, &test_block_job_driver, bs, 0,
- BLOCK_JOB_DEFAULT, test_block_job_cb,
- data, &error_abort);
+ s = block_job_create(job_id, &test_block_job_driver, bs,
+ 0, BLK_PERM_ALL, 0, BLOCK_JOB_DEFAULT,
+ test_block_job_cb, data, &error_abort);
s->iterations = iterations;
s->use_timer = use_timer;
s->rc = rc;
diff --git a/tests/test-blockjob.c b/tests/test-blockjob.c
index 143ce96..1afe17b 100644
--- a/tests/test-blockjob.c
+++ b/tests/test-blockjob.c
@@ -30,8 +30,9 @@ static BlockJob *do_test_id(BlockBackend *blk, const char *id,
BlockJob *job;
Error *errp = NULL;
- job = block_job_create(id, &test_block_job_driver, blk_bs(blk), 0,
- BLOCK_JOB_DEFAULT, block_job_cb, NULL, &errp);
+ job = block_job_create(id, &test_block_job_driver, blk_bs(blk),
+ 0, BLK_PERM_ALL, 0, BLOCK_JOB_DEFAULT, block_job_cb,
+ NULL, &errp);
if (should_succeed) {
g_assert_null(errp);
g_assert_nonnull(job);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 32/54] block: Add BdrvChildRole.get_parent_desc()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (30 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 31/54] blockjob: Add permissions to block_job_create() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-24 13:56 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 33/54] block: Include details on permission errors in message Kevin Wolf
` (23 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
For meaningful error messages in the permission system, we need to get
some human-readable description of the parent of a BdrvChild.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 9 +++++++++
block/block-backend.c | 21 +++++++++++++++++++++
include/block/block_int.h | 6 ++++++
3 files changed, 36 insertions(+)
diff --git a/block.c b/block.c
index 9f46698..19cf3b0 100644
--- a/block.c
+++ b/block.c
@@ -707,6 +707,12 @@ int bdrv_parse_cache_mode(const char *mode, int *flags, bool *writethrough)
return 0;
}
+static char *bdrv_child_get_parent_desc(BdrvChild *c)
+{
+ BlockDriverState *parent = c->opaque;
+ return g_strdup(bdrv_get_device_or_node_name(parent));
+}
+
static void bdrv_child_cb_drained_begin(BdrvChild *child)
{
BlockDriverState *bs = child->opaque;
@@ -774,6 +780,7 @@ static void bdrv_inherited_options(int *child_flags, QDict *child_options,
}
const BdrvChildRole child_file = {
+ .get_parent_desc = bdrv_child_get_parent_desc,
.inherit_options = bdrv_inherited_options,
.drained_begin = bdrv_child_cb_drained_begin,
.drained_end = bdrv_child_cb_drained_end,
@@ -794,6 +801,7 @@ static void bdrv_inherited_fmt_options(int *child_flags, QDict *child_options,
}
const BdrvChildRole child_format = {
+ .get_parent_desc = bdrv_child_get_parent_desc,
.inherit_options = bdrv_inherited_fmt_options,
.drained_begin = bdrv_child_cb_drained_begin,
.drained_end = bdrv_child_cb_drained_end,
@@ -824,6 +832,7 @@ static void bdrv_backing_options(int *child_flags, QDict *child_options,
}
const BdrvChildRole child_backing = {
+ .get_parent_desc = bdrv_child_get_parent_desc,
.inherit_options = bdrv_backing_options,
.drained_begin = bdrv_child_cb_drained_begin,
.drained_end = bdrv_child_cb_drained_end,
diff --git a/block/block-backend.c b/block/block-backend.c
index fcc42b5..38a3858 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -80,6 +80,7 @@ static const AIOCBInfo block_backend_aiocb_info = {
static void drive_info_del(DriveInfo *dinfo);
static BlockBackend *bdrv_first_blk(BlockDriverState *bs);
+static char *blk_get_attached_dev_id(BlockBackend *blk);
/* All BlockBackends */
static QTAILQ_HEAD(, BlockBackend) block_backends =
@@ -102,6 +103,25 @@ static void blk_root_drained_end(BdrvChild *child);
static void blk_root_change_media(BdrvChild *child, bool load);
static void blk_root_resize(BdrvChild *child);
+static char *blk_root_get_parent_desc(BdrvChild *child)
+{
+ BlockBackend *blk = child->opaque;
+ char *dev_id;
+
+ if (blk->name) {
+ return g_strdup(blk->name);
+ }
+
+ dev_id = blk_get_attached_dev_id(blk);
+ if (*dev_id) {
+ return dev_id;
+ } else {
+ /* TODO Callback into the BB owner for something more detailed */
+ g_free(dev_id);
+ return g_strdup("a block device");
+ }
+}
+
static const char *blk_root_get_name(BdrvChild *child)
{
return blk_name(child->opaque);
@@ -113,6 +133,7 @@ static const BdrvChildRole child_root = {
.change_media = blk_root_change_media,
.resize = blk_root_resize,
.get_name = blk_root_get_name,
+ .get_parent_desc = blk_root_get_parent_desc,
.drained_begin = blk_root_drained_begin,
.drained_end = blk_root_drained_end,
diff --git a/include/block/block_int.h b/include/block/block_int.h
index e00d0f4..3177b9f 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -452,6 +452,12 @@ struct BdrvChildRole {
* name), or NULL if the parent can't provide a better name. */
const char* (*get_name)(BdrvChild *child);
+ /* Returns a malloced string that describes the parent of the child for a
+ * human reader. This could be a node-name, BlockBackend name, qdev ID or
+ * QOM path of the device owning the BlockBackend, job type and ID etc. The
+ * caller is responsible for freeing the memory. */
+ char* (*get_parent_desc)(BdrvChild *child);
+
/*
* If this pair of functions is implemented, the parent doesn't issue new
* requests after returning from .drained_begin() until .drained_end() is
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 33/54] block: Include details on permission errors in message
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (31 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 32/54] block: Add BdrvChildRole.get_parent_desc() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-24 8:41 ` Fam Zheng
2017-02-24 13:58 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 34/54] block: Add BdrvChildRole.stay_at_node Kevin Wolf
` (22 subsequent siblings)
55 siblings, 2 replies; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
Instead of just telling that there was some conflict, we can be specific
and tell which permissions were in conflict and which way the conflict
is.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-----------
1 file changed, 56 insertions(+), 11 deletions(-)
diff --git a/block.c b/block.c
index 19cf3b0..a8a2fa7 100644
--- a/block.c
+++ b/block.c
@@ -1461,6 +1461,43 @@ static void bdrv_update_perm(BlockDriverState *bs)
bdrv_set_perm(bs, cumulative_perms, cumulative_shared_perms);
}
+static char *bdrv_child_user(BdrvChild *c)
+{
+ if (c->role->get_parent_desc) {
+ return c->role->get_parent_desc(c);
+ }
+
+ return g_strdup("another user");
+}
+
+static char *bdrv_perm_names(uint64_t perm)
+{
+ struct perm_name {
+ uint64_t perm;
+ const char *name;
+ } permissions[] = {
+ { BLK_PERM_CONSISTENT_READ, "consistent read" },
+ { BLK_PERM_WRITE, "write" },
+ { BLK_PERM_WRITE_UNCHANGED, "write unchanged" },
+ { BLK_PERM_RESIZE, "resize" },
+ { BLK_PERM_GRAPH_MOD, "change children" },
+ { 0, NULL }
+ };
+
+ char *result = g_strdup("");
+ struct perm_name *p;
+
+ for (p = permissions; p->name; p++) {
+ if (perm & p->perm) {
+ char *old = result;
+ result = g_strdup_printf("%s%s%s", old, *old ? ", " : "", p->name);
+ g_free(old);
+ }
+ }
+
+ return result;
+}
+
/*
* Checks whether a new reference to @bs can be added if the new user requires
* @new_used_perm/@new_shared_perm as its permissions. If @ignore_child is set,
@@ -1485,17 +1522,25 @@ static int bdrv_check_update_perm(BlockDriverState *bs, uint64_t new_used_perm,
continue;
}
- if ((new_used_perm & c->shared_perm) != new_used_perm ||
- (c->perm & new_shared_perm) != c->perm)
- {
- const char *user = NULL;
- if (c->role->get_name) {
- user = c->role->get_name(c);
- if (user && !*user) {
- user = NULL;
- }
- }
- error_setg(errp, "Conflicts with %s", user ?: "another operation");
+ if ((new_used_perm & c->shared_perm) != new_used_perm) {
+ char *user = bdrv_child_user(c);
+ char *perm_names = bdrv_perm_names(new_used_perm & ~c->shared_perm);
+ error_setg(errp, "Conflicts with use by %s as '%s', which does not "
+ "allow '%s' on %s",
+ user, c->name, perm_names, bdrv_get_node_name(c->bs));
+ g_free(user);
+ g_free(perm_names);
+ return -EPERM;
+ }
+
+ if ((c->perm & new_shared_perm) != c->perm) {
+ char *user = bdrv_child_user(c);
+ char *perm_names = bdrv_perm_names(c->perm & ~new_shared_perm);
+ error_setg(errp, "Conflicts with use by %s as '%s', which uses "
+ "'%s' on %s",
+ user, c->name, perm_names, bdrv_get_node_name(c->bs));
+ g_free(user);
+ g_free(perm_names);
return -EPERM;
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 34/54] block: Add BdrvChildRole.stay_at_node
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (32 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 33/54] block: Include details on permission errors in message Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-24 14:00 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 35/54] blockjob: Add permissions to block_job_add_bdrv() Kevin Wolf
` (21 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
When the parents' child links are updated in bdrv_append() or
bdrv_replace_in_backing_chain(), this should affect all child links of
BlockBackends or other nodes, but not on child links held for other
purposes (like for setting permissions). This patch allows to control
the behaviour per BdrvChildRole.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 3 +++
include/block/block_int.h | 4 ++++
2 files changed, 7 insertions(+)
diff --git a/block.c b/block.c
index a8a2fa7..c7c0a8b 100644
--- a/block.c
+++ b/block.c
@@ -2832,6 +2832,9 @@ static void change_parent_backing_link(BlockDriverState *from,
BdrvChild *c, *next, *to_c;
QLIST_FOREACH_SAFE(c, &from->parents, next_parent, next) {
+ if (c->role->stay_at_node) {
+ continue;
+ }
if (c->role == &child_backing) {
/* @from is generally not allowed to be a backing file, except for
* when @to is the overlay. In that case, @from may not be replaced
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 3177b9f..a0d9328 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -441,6 +441,10 @@ typedef struct BdrvAioNotifier {
} BdrvAioNotifier;
struct BdrvChildRole {
+ /* If true, bdrv_replace_in_backing_chain() doesn't change the node this
+ * BdrvChild points to. */
+ bool stay_at_node;
+
void (*inherit_options)(int *child_flags, QDict *child_options,
int parent_flags, QDict *parent_options);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 35/54] blockjob: Add permissions to block_job_add_bdrv()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (33 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 34/54] block: Add BdrvChildRole.stay_at_node Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-24 14:10 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 36/54] commit: Use real permissions in commit block job Kevin Wolf
` (20 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
Block jobs don't actually do I/O through the the reference they create
with block_job_add_bdrv(), but they might want to use the permisssion
system to express what the block job does to intermediate nodes. This
adds permissions to block_job_add_bdrv() to provide the means to request
permissions.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/backup.c | 4 +++-
block/commit.c | 8 ++++++--
block/mirror.c | 9 +++++++--
block/stream.c | 4 +++-
blockjob.c | 36 ++++++++++++++++++++++++++++++------
include/block/blockjob.h | 5 ++++-
6 files changed, 53 insertions(+), 13 deletions(-)
diff --git a/block/backup.c b/block/backup.c
index c759684..405f271 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -657,7 +657,9 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
job->cluster_size = MAX(BACKUP_CLUSTER_SIZE_DEFAULT, bdi.cluster_size);
}
- block_job_add_bdrv(&job->common, target);
+ /* FIXME Use real permissions */
+ block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL,
+ &error_abort);
job->common.len = len;
block_job_txn_add_job(txn, &job->common);
diff --git a/block/commit.c b/block/commit.c
index 60d29a9..b69586f 100644
--- a/block/commit.c
+++ b/block/commit.c
@@ -267,13 +267,17 @@ void commit_start(const char *job_id, BlockDriverState *bs,
* disappear from the chain after this operation. */
assert(bdrv_chain_contains(top, base));
for (iter = top; iter != backing_bs(base); iter = backing_bs(iter)) {
- block_job_add_bdrv(&s->common, iter);
+ /* FIXME Use real permissions */
+ block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
+ BLK_PERM_ALL, &error_abort);
}
/* overlay_bs must be blocked because it needs to be modified to
* update the backing image string, but if it's the root node then
* don't block it again */
if (bs != overlay_bs) {
- block_job_add_bdrv(&s->common, overlay_bs);
+ /* FIXME Use real permissions */
+ block_job_add_bdrv(&s->common, "overlay of top", overlay_bs, 0,
+ BLK_PERM_ALL, &error_abort);
}
/* FIXME Use real permissions */
diff --git a/block/mirror.c b/block/mirror.c
index 9a61c1e..767b7e7 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -1047,13 +1047,18 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
return;
}
- block_job_add_bdrv(&s->common, target);
+ /* FIXME Use real permissions */
+ block_job_add_bdrv(&s->common, "target", target, 0, BLK_PERM_ALL,
+ &error_abort);
+
/* In commit_active_start() all intermediate nodes disappear, so
* any jobs in them must be blocked */
if (bdrv_chain_contains(bs, target)) {
BlockDriverState *iter;
for (iter = backing_bs(bs); iter != target; iter = backing_bs(iter)) {
- block_job_add_bdrv(&s->common, iter);
+ /* FIXME Use real permissions */
+ block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
+ BLK_PERM_ALL, &error_abort);
}
}
diff --git a/block/stream.c b/block/stream.c
index 7f49279..ba8650f 100644
--- a/block/stream.c
+++ b/block/stream.c
@@ -248,7 +248,9 @@ void stream_start(const char *job_id, BlockDriverState *bs,
/* Block all intermediate nodes between bs and base, because they
* will disappear from the chain after this operation */
for (iter = backing_bs(bs); iter && iter != base; iter = backing_bs(iter)) {
- block_job_add_bdrv(&s->common, iter);
+ /* FIXME Use real permissions */
+ block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
+ BLK_PERM_ALL, &error_abort);
}
s->base = base;
diff --git a/blockjob.c b/blockjob.c
index 27833c7..4216cde 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -55,6 +55,19 @@ struct BlockJobTxn {
static QLIST_HEAD(, BlockJob) block_jobs = QLIST_HEAD_INITIALIZER(block_jobs);
+static char *child_job_get_parent_desc(BdrvChild *c)
+{
+ BlockJob *job = c->opaque;
+ return g_strdup_printf("%s job '%s'",
+ BlockJobType_lookup[job->driver->job_type],
+ job->id);
+}
+
+static const BdrvChildRole child_job = {
+ .get_parent_desc = child_job_get_parent_desc,
+ .stay_at_node = true,
+};
+
BlockJob *block_job_next(BlockJob *job)
{
if (!job) {
@@ -115,11 +128,22 @@ static void block_job_detach_aio_context(void *opaque)
block_job_unref(job);
}
-void block_job_add_bdrv(BlockJob *job, BlockDriverState *bs)
+int block_job_add_bdrv(BlockJob *job, const char *name, BlockDriverState *bs,
+ uint64_t perm, uint64_t shared_perm, Error **errp)
{
- job->nodes = g_slist_prepend(job->nodes, bs);
+ BdrvChild *c;
+
+ c = bdrv_root_attach_child(bs, name, &child_job, perm, shared_perm,
+ job, errp);
+ if (c == NULL) {
+ return -EPERM;
+ }
+
+ job->nodes = g_slist_prepend(job->nodes, c);
bdrv_ref(bs);
bdrv_op_block_all(bs, job->blocker);
+
+ return 0;
}
void *block_job_create(const char *job_id, const BlockJobDriver *driver,
@@ -171,7 +195,7 @@ void *block_job_create(const char *job_id, const BlockJobDriver *driver,
job = g_malloc0(driver->instance_size);
error_setg(&job->blocker, "block device is in use by block job: %s",
BlockJobType_lookup[driver->job_type]);
- block_job_add_bdrv(job, bs);
+ block_job_add_bdrv(job, "main node", bs, 0, BLK_PERM_ALL, &error_abort);
bdrv_op_unblock(bs, BLOCK_OP_TYPE_DATAPLANE, job->blocker);
job->driver = driver;
@@ -238,9 +262,9 @@ void block_job_unref(BlockJob *job)
BlockDriverState *bs = blk_bs(job->blk);
bs->job = NULL;
for (l = job->nodes; l; l = l->next) {
- bs = l->data;
- bdrv_op_unblock_all(bs, job->blocker);
- bdrv_unref(bs);
+ BdrvChild *c = l->data;
+ bdrv_op_unblock_all(c->bs, job->blocker);
+ bdrv_root_unref_child(c);
}
g_slist_free(job->nodes);
blk_remove_aio_context_notifier(job->blk,
diff --git a/include/block/blockjob.h b/include/block/blockjob.h
index 1acb256..9d65ef8 100644
--- a/include/block/blockjob.h
+++ b/include/block/blockjob.h
@@ -169,13 +169,16 @@ BlockJob *block_job_get(const char *id);
/**
* block_job_add_bdrv:
* @job: A block job
+ * @name: The name to assign to the new BdrvChild
* @bs: A BlockDriverState that is involved in @job
+ * @perm, @shared_perm: Permissions to request on the node
*
* Add @bs to the list of BlockDriverState that are involved in
* @job. This means that all operations will be blocked on @bs while
* @job exists.
*/
-void block_job_add_bdrv(BlockJob *job, BlockDriverState *bs);
+int block_job_add_bdrv(BlockJob *job, const char *name, BlockDriverState *bs,
+ uint64_t perm, uint64_t shared_perm, Error **errp);
/**
* block_job_set_speed:
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 36/54] commit: Use real permissions in commit block job
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (34 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 35/54] blockjob: Add permissions to block_job_add_bdrv() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-24 17:29 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 37/54] commit: Use real permissions for HMP 'commit' Kevin Wolf
` (19 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
This is probably one of the most interesting conversions to the new
op blocker system because a commit block job intentionally leaves some
intermediate block nodes in the backing chain that aren't valid on their
own any more; only the whole chain together results in a valid view.
In order to provide the 'consistent read' permission to the parents of
the 'top' node of the commit job, a new filter block driver is inserted
above 'top' which doesn't require 'consistent read' on its backing
chain. Subsequently, the commit job can block 'consistent read' on all
intermediate nodes without causing a conflict.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/commit.c | 108 ++++++++++++++++++++++++++++++++++++++++++++++++---------
1 file changed, 91 insertions(+), 17 deletions(-)
diff --git a/block/commit.c b/block/commit.c
index b69586f..9336237 100644
--- a/block/commit.c
+++ b/block/commit.c
@@ -36,6 +36,7 @@ typedef struct CommitBlockJob {
BlockJob common;
RateLimit limit;
BlockDriverState *active;
+ BlockDriverState *commit_top_bs;
BlockBackend *top;
BlockBackend *base;
BlockdevOnError on_error;
@@ -83,12 +84,19 @@ static void commit_complete(BlockJob *job, void *opaque)
BlockDriverState *active = s->active;
BlockDriverState *top = blk_bs(s->top);
BlockDriverState *base = blk_bs(s->base);
- BlockDriverState *overlay_bs = bdrv_find_overlay(active, top);
+ BlockDriverState *overlay_bs = bdrv_find_overlay(active, s->commit_top_bs);
int ret = data->ret;
+ bool remove_commit_top_bs = false;
if (!block_job_is_cancelled(&s->common) && ret == 0) {
/* success */
- ret = bdrv_drop_intermediate(active, top, base, s->backing_file_str);
+ ret = bdrv_drop_intermediate(active, s->commit_top_bs, base,
+ s->backing_file_str);
+ } else if (overlay_bs) {
+ /* XXX Can (or should) we somehow keep 'consistent read' blocked even
+ * after the failed/cancelled commit job is gone? If we already wrote
+ * something to base, the intermediate images aren't valid any more. */
+ remove_commit_top_bs = true;
}
/* restore base open flags here if appropriate (e.g., change the base back
@@ -105,6 +113,13 @@ static void commit_complete(BlockJob *job, void *opaque)
blk_unref(s->base);
block_job_completed(&s->common, ret);
g_free(data);
+
+ /* If bdrv_drop_intermediate() didn't already do that, remove the commit
+ * filter driver from the backing chain. Do this as the final step so that
+ * the 'consistent read' permission can be granted. */
+ if (remove_commit_top_bs) {
+ bdrv_set_backing_hd(overlay_bs, top);
+ }
}
static void coroutine_fn commit_run(void *opaque)
@@ -208,6 +223,34 @@ static const BlockJobDriver commit_job_driver = {
.start = commit_run,
};
+static int coroutine_fn bdrv_commit_top_preadv(BlockDriverState *bs,
+ uint64_t offset, uint64_t bytes, QEMUIOVector *qiov, int flags)
+{
+ return bdrv_co_preadv(bs->backing, offset, bytes, qiov, flags);
+}
+
+static void bdrv_commit_top_close(BlockDriverState *bs)
+{
+}
+
+static void bdrv_commit_top_child_perm(BlockDriverState *bs, BdrvChild *c,
+ const BdrvChildRole *role,
+ uint64_t perm, uint64_t shared,
+ uint64_t *nperm, uint64_t *nshared)
+{
+ *nperm = 0;
+ *nshared = BLK_PERM_ALL;
+}
+
+/* Dummy node that provides consistent read to its users without requiring it
+ * from its backing file and that allows writes on the backing file chain. */
+static BlockDriver bdrv_commit_top = {
+ .format_name = "commit_top",
+ .bdrv_co_preadv = bdrv_commit_top_preadv,
+ .bdrv_close = bdrv_commit_top_close,
+ .bdrv_child_perm = bdrv_commit_top_child_perm,
+};
+
void commit_start(const char *job_id, BlockDriverState *bs,
BlockDriverState *base, BlockDriverState *top, int64_t speed,
BlockdevOnError on_error, const char *backing_file_str,
@@ -219,6 +262,7 @@ void commit_start(const char *job_id, BlockDriverState *bs,
int orig_base_flags;
BlockDriverState *iter;
BlockDriverState *overlay_bs;
+ BlockDriverState *commit_top_bs = NULL;
Error *local_err = NULL;
int ret;
@@ -235,7 +279,6 @@ void commit_start(const char *job_id, BlockDriverState *bs,
return;
}
- /* FIXME Use real permissions */
s = block_job_create(job_id, &commit_job_driver, bs, 0, BLK_PERM_ALL,
speed, BLOCK_JOB_DEFAULT, NULL, NULL, errp);
if (!s) {
@@ -262,34 +305,62 @@ void commit_start(const char *job_id, BlockDriverState *bs,
}
}
+ /* Insert commit_top block node above top, so we can block consistent read
+ * on the backing chain below it */
+ commit_top_bs = bdrv_new_open_driver(&bdrv_commit_top, NULL, BDRV_O_RDWR,
+ errp);
+ if (commit_top_bs == NULL) {
+ goto fail;
+ }
+
+ bdrv_set_backing_hd(commit_top_bs, top);
+ bdrv_set_backing_hd(overlay_bs, commit_top_bs);
+
+ s->commit_top_bs = commit_top_bs;
+ bdrv_unref(commit_top_bs);
/* Block all nodes between top and base, because they will
* disappear from the chain after this operation. */
assert(bdrv_chain_contains(top, base));
- for (iter = top; iter != backing_bs(base); iter = backing_bs(iter)) {
- /* FIXME Use real permissions */
- block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
- BLK_PERM_ALL, &error_abort);
+ for (iter = top; iter != base; iter = backing_bs(iter)) {
+ /* XXX BLK_PERM_WRITE needs to be allowed so we don't block ourselves
+ * at s->base. The other options would be a second filter driver above
+ * s->base. */
+ ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
+ BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE,
+ errp);
+ if (ret < 0) {
+ goto fail;
+ }
}
+
+ ret = block_job_add_bdrv(&s->common, "base", base, 0, BLK_PERM_ALL, errp);
+ if (ret < 0) {
+ goto fail;
+ }
+
/* overlay_bs must be blocked because it needs to be modified to
- * update the backing image string, but if it's the root node then
- * don't block it again */
- if (bs != overlay_bs) {
- /* FIXME Use real permissions */
- block_job_add_bdrv(&s->common, "overlay of top", overlay_bs, 0,
- BLK_PERM_ALL, &error_abort);
+ * update the backing image string. */
+ ret = block_job_add_bdrv(&s->common, "overlay of top", overlay_bs,
+ BLK_PERM_GRAPH_MOD, BLK_PERM_ALL, errp);
+ if (ret < 0) {
+ goto fail;
}
- /* FIXME Use real permissions */
- s->base = blk_new(0, BLK_PERM_ALL);
+ s->base = blk_new(BLK_PERM_CONSISTENT_READ
+ | BLK_PERM_WRITE
+ | BLK_PERM_RESIZE,
+ BLK_PERM_CONSISTENT_READ
+ | BLK_PERM_GRAPH_MOD
+ | BLK_PERM_WRITE_UNCHANGED);
ret = blk_insert_bs(s->base, base, errp);
if (ret < 0) {
goto fail;
}
- /* FIXME Use real permissions */
+ /* Required permissions are already taken with block_job_add_bdrv() */
s->top = blk_new(0, BLK_PERM_ALL);
- ret = blk_insert_bs(s->top, top, errp);
+ blk_insert_bs(s->top, top, errp);
if (ret < 0) {
goto fail;
}
@@ -314,6 +385,9 @@ fail:
if (s->top) {
blk_unref(s->top);
}
+ if (commit_top_bs) {
+ bdrv_set_backing_hd(overlay_bs, top);
+ }
block_job_unref(&s->common);
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 37/54] commit: Use real permissions for HMP 'commit'
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (35 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 36/54] commit: Use real permissions in commit block job Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 11:58 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 38/54] backup: Use real permissions in backup block job Kevin Wolf
` (18 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
This is a little simpler than the commit block job because it's
synchronous and only commits into the immediate backing file, but
otherwise doing more or less the same.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/commit.c | 31 ++++++++++++++++++++++++++-----
1 file changed, 26 insertions(+), 5 deletions(-)
diff --git a/block/commit.c b/block/commit.c
index 9336237..92f7bd3 100644
--- a/block/commit.c
+++ b/block/commit.c
@@ -398,11 +398,14 @@ fail:
int bdrv_commit(BlockDriverState *bs)
{
BlockBackend *src, *backing;
+ BlockDriverState *backing_file_bs = NULL;
+ BlockDriverState *commit_top_bs = NULL;
BlockDriver *drv = bs->drv;
int64_t sector, total_sectors, length, backing_length;
int n, ro, open_flags;
int ret = 0;
uint8_t *buf = NULL;
+ Error *local_err = NULL;
if (!drv)
return -ENOMEDIUM;
@@ -425,17 +428,31 @@ int bdrv_commit(BlockDriverState *bs)
}
}
- /* FIXME Use real permissions */
- src = blk_new(0, BLK_PERM_ALL);
- backing = blk_new(0, BLK_PERM_ALL);
+ src = blk_new(BLK_PERM_CONSISTENT_READ, BLK_PERM_ALL);
+ backing = blk_new(BLK_PERM_WRITE | BLK_PERM_RESIZE, BLK_PERM_ALL);
- ret = blk_insert_bs(src, bs, NULL);
+ ret = blk_insert_bs(src, bs, &local_err);
if (ret < 0) {
+ error_report_err(local_err);
goto ro_cleanup;
}
- ret = blk_insert_bs(backing, bs->backing->bs, NULL);
+ /* Insert commit_top block node above backing, so we can write to it */
+ backing_file_bs = backing_bs(bs);
+
+ commit_top_bs = bdrv_new_open_driver(&bdrv_commit_top, NULL, BDRV_O_RDWR,
+ &local_err);
+ if (commit_top_bs == NULL) {
+ error_report_err(local_err);
+ goto ro_cleanup;
+ }
+
+ bdrv_set_backing_hd(commit_top_bs, backing_file_bs);
+ bdrv_set_backing_hd(bs, commit_top_bs);
+
+ ret = blk_insert_bs(backing, backing_file_bs, &local_err);
if (ret < 0) {
+ error_report_err(local_err);
goto ro_cleanup;
}
@@ -509,6 +526,10 @@ int bdrv_commit(BlockDriverState *bs)
ro_cleanup:
qemu_vfree(buf);
+ if (backing_file_bs) {
+ bdrv_set_backing_hd(bs, backing_file_bs);
+ }
+ bdrv_unref(commit_top_bs);
blk_unref(src);
blk_unref(backing);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 38/54] backup: Use real permissions in backup block job
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (36 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 37/54] commit: Use real permissions for HMP 'commit' Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 12:06 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 39/54] block: Fix pending requests check in bdrv_append() Kevin Wolf
` (17 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
The backup block job doesn't have very complicated requirements: It
needs to read from the source and write to the target, but it's fine
with either side being changed. The only restriction is that we can't
resize the image because the job uses a cached value.
qemu-iotests 055 needs to be changed because it used a target which was
already attached to a virtio-blk device. The permission system correctly
forbids this (virtio-blk can't accept another writer with its default
share-rw=off).
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/backup.c | 15 ++++++++++-----
tests/qemu-iotests/055 | 11 +++++++----
2 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/block/backup.c b/block/backup.c
index 405f271..d1ab617 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -618,15 +618,20 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
goto error;
}
- /* FIXME Use real permissions */
- job = block_job_create(job_id, &backup_job_driver, bs, 0, BLK_PERM_ALL,
+ /* job->common.len is fixed, so we can't allow resize */
+ job = block_job_create(job_id, &backup_job_driver, bs,
+ BLK_PERM_CONSISTENT_READ,
+ BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE |
+ BLK_PERM_WRITE_UNCHANGED | BLK_PERM_GRAPH_MOD,
speed, creation_flags, cb, opaque, errp);
if (!job) {
goto error;
}
- /* FIXME Use real permissions */
- job->target = blk_new(0, BLK_PERM_ALL);
+ /* The target must match the source in size, so no resize here either */
+ job->target = blk_new(BLK_PERM_WRITE,
+ BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE |
+ BLK_PERM_WRITE_UNCHANGED | BLK_PERM_GRAPH_MOD);
ret = blk_insert_bs(job->target, target, errp);
if (ret < 0) {
goto error;
@@ -657,7 +662,7 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
job->cluster_size = MAX(BACKUP_CLUSTER_SIZE_DEFAULT, bdi.cluster_size);
}
- /* FIXME Use real permissions */
+ /* Required permissions are already taken with target's blk_new() */
block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL,
&error_abort);
job->common.len = len;
diff --git a/tests/qemu-iotests/055 b/tests/qemu-iotests/055
index 1d3fd04..aafcd24 100755
--- a/tests/qemu-iotests/055
+++ b/tests/qemu-iotests/055
@@ -48,7 +48,8 @@ class TestSingleDrive(iotests.QMPTestCase):
def setUp(self):
qemu_img('create', '-f', iotests.imgfmt, blockdev_target_img, str(image_len))
- self.vm = iotests.VM().add_drive(test_img).add_drive(blockdev_target_img)
+ self.vm = iotests.VM().add_drive(test_img)
+ self.vm.add_drive(blockdev_target_img, interface="none")
if iotests.qemu_default_machine == 'pc':
self.vm.add_drive(None, 'media=cdrom', 'ide')
self.vm.launch()
@@ -164,7 +165,8 @@ class TestSetSpeed(iotests.QMPTestCase):
def setUp(self):
qemu_img('create', '-f', iotests.imgfmt, blockdev_target_img, str(image_len))
- self.vm = iotests.VM().add_drive(test_img).add_drive(blockdev_target_img)
+ self.vm = iotests.VM().add_drive(test_img)
+ self.vm.add_drive(blockdev_target_img, interface="none")
self.vm.launch()
def tearDown(self):
@@ -247,7 +249,8 @@ class TestSingleTransaction(iotests.QMPTestCase):
def setUp(self):
qemu_img('create', '-f', iotests.imgfmt, blockdev_target_img, str(image_len))
- self.vm = iotests.VM().add_drive(test_img).add_drive(blockdev_target_img)
+ self.vm = iotests.VM().add_drive(test_img)
+ self.vm.add_drive(blockdev_target_img, interface="none")
if iotests.qemu_default_machine == 'pc':
self.vm.add_drive(None, 'media=cdrom', 'ide')
self.vm.launch()
@@ -460,7 +463,7 @@ class TestDriveCompression(iotests.QMPTestCase):
qemu_img('create', '-f', fmt, blockdev_target_img,
str(TestDriveCompression.image_len), *args)
- self.vm.add_drive(blockdev_target_img, format=fmt)
+ self.vm.add_drive(blockdev_target_img, format=fmt, interface="none")
self.vm.launch()
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 39/54] block: Fix pending requests check in bdrv_append()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (37 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 38/54] backup: Use real permissions in backup block job Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 12:15 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 40/54] block: BdrvChildRole.attach/detach() callbacks Kevin Wolf
` (16 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
bdrv_append() cares about isolation of the node that it modifies, but
not about activity in some subtree below it. Instead of using the
recursive bdrv_requests_pending(), directly check bs->in_flight, which
considers only the node in question.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/block.c b/block.c
index c7c0a8b..a800e81 100644
--- a/block.c
+++ b/block.c
@@ -2874,8 +2874,8 @@ static void change_parent_backing_link(BlockDriverState *from,
*/
void bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top)
{
- assert(!bdrv_requests_pending(bs_top));
- assert(!bdrv_requests_pending(bs_new));
+ assert(!atomic_read(&bs_top->in_flight));
+ assert(!atomic_read(&bs_new->in_flight));
bdrv_ref(bs_top);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 40/54] block: BdrvChildRole.attach/detach() callbacks
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (38 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 39/54] block: Fix pending requests check in bdrv_append() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 12:29 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 41/54] block: Allow backing file links in change_parent_backing_link() Kevin Wolf
` (15 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
Backing files are somewhat special compared to other kinds of children
because they are attached and detached using bdrv_set_backing_hd()
rather than the normal set of functions, which does a few more things
like setting backing blockers, toggling the BDRV_O_NO_BACKING flag,
setting parent_bs->backing_file, etc.
These special features are a reason why change_parent_backing_link()
can't handle backing files yet. With abstracting the additional features
into .attach/.detach callbacks, we get a step closer to a function that
can actually deal with this.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 94 +++++++++++++++++++++++++++++------------------
include/block/block_int.h | 3 ++
2 files changed, 62 insertions(+), 35 deletions(-)
diff --git a/block.c b/block.c
index a800e81..97694fa 100644
--- a/block.c
+++ b/block.c
@@ -807,6 +807,57 @@ const BdrvChildRole child_format = {
.drained_end = bdrv_child_cb_drained_end,
};
+static void bdrv_backing_attach(BdrvChild *c)
+{
+ BlockDriverState *parent = c->opaque;
+ BlockDriverState *backing_hd = c->bs;
+
+ assert(!parent->backing_blocker);
+ error_setg(&parent->backing_blocker,
+ "node is used as backing hd of '%s'",
+ bdrv_get_device_or_node_name(parent));
+
+ parent->open_flags &= ~BDRV_O_NO_BACKING;
+ pstrcpy(parent->backing_file, sizeof(parent->backing_file),
+ backing_hd->filename);
+ pstrcpy(parent->backing_format, sizeof(parent->backing_format),
+ backing_hd->drv ? backing_hd->drv->format_name : "");
+
+ bdrv_op_block_all(backing_hd, parent->backing_blocker);
+ /* Otherwise we won't be able to commit or stream */
+ bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_COMMIT_TARGET,
+ parent->backing_blocker);
+ bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_STREAM,
+ parent->backing_blocker);
+ /*
+ * We do backup in 3 ways:
+ * 1. drive backup
+ * The target bs is new opened, and the source is top BDS
+ * 2. blockdev backup
+ * Both the source and the target are top BDSes.
+ * 3. internal backup(used for block replication)
+ * Both the source and the target are backing file
+ *
+ * In case 1 and 2, neither the source nor the target is the backing file.
+ * In case 3, we will block the top BDS, so there is only one block job
+ * for the top BDS and its backing chain.
+ */
+ bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_BACKUP_SOURCE,
+ parent->backing_blocker);
+ bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_BACKUP_TARGET,
+ parent->backing_blocker);
+}
+
+static void bdrv_backing_detach(BdrvChild *c)
+{
+ BlockDriverState *parent = c->opaque;
+
+ assert(parent->backing_blocker);
+ bdrv_op_unblock_all(c->bs, parent->backing_blocker);
+ error_free(parent->backing_blocker);
+ parent->backing_blocker = NULL;
+}
+
/*
* Returns the options and flags that bs->backing should get, based on the
* given options and flags for the parent BDS
@@ -833,6 +884,8 @@ static void bdrv_backing_options(int *child_flags, QDict *child_options,
const BdrvChildRole child_backing = {
.get_parent_desc = bdrv_child_get_parent_desc,
+ .attach = bdrv_backing_attach,
+ .detach = bdrv_backing_detach,
.inherit_options = bdrv_backing_options,
.drained_begin = bdrv_child_cb_drained_begin,
.drained_end = bdrv_child_cb_drained_end,
@@ -1661,6 +1714,9 @@ static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
if (old_bs->quiesce_counter && child->role->drained_end) {
child->role->drained_end(child);
}
+ if (child->role->detach) {
+ child->role->detach(child);
+ }
QLIST_REMOVE(child, next_parent);
bdrv_update_perm(old_bs);
}
@@ -1673,6 +1729,9 @@ static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
child->role->drained_begin(child);
}
bdrv_update_perm(new_bs);
+ if (child->role->attach) {
+ child->role->attach(child);
+ }
}
}
@@ -1807,52 +1866,17 @@ void bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd)
}
if (bs->backing) {
- assert(bs->backing_blocker);
- bdrv_op_unblock_all(bs->backing->bs, bs->backing_blocker);
bdrv_unref_child(bs, bs->backing);
- } else if (backing_hd) {
- error_setg(&bs->backing_blocker,
- "node is used as backing hd of '%s'",
- bdrv_get_device_or_node_name(bs));
}
if (!backing_hd) {
- error_free(bs->backing_blocker);
- bs->backing_blocker = NULL;
bs->backing = NULL;
goto out;
}
/* FIXME Error handling */
bs->backing = bdrv_attach_child(bs, backing_hd, "backing", &child_backing,
&error_abort);
- bs->open_flags &= ~BDRV_O_NO_BACKING;
- pstrcpy(bs->backing_file, sizeof(bs->backing_file), backing_hd->filename);
- pstrcpy(bs->backing_format, sizeof(bs->backing_format),
- backing_hd->drv ? backing_hd->drv->format_name : "");
- bdrv_op_block_all(backing_hd, bs->backing_blocker);
- /* Otherwise we won't be able to commit or stream */
- bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_COMMIT_TARGET,
- bs->backing_blocker);
- bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_STREAM,
- bs->backing_blocker);
- /*
- * We do backup in 3 ways:
- * 1. drive backup
- * The target bs is new opened, and the source is top BDS
- * 2. blockdev backup
- * Both the source and the target are top BDSes.
- * 3. internal backup(used for block replication)
- * Both the source and the target are backing file
- *
- * In case 1 and 2, neither the source nor the target is the backing file.
- * In case 3, we will block the top BDS, so there is only one block job
- * for the top BDS and its backing chain.
- */
- bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_BACKUP_SOURCE,
- bs->backing_blocker);
- bdrv_op_unblock(backing_hd, BLOCK_OP_TYPE_BACKUP_TARGET,
- bs->backing_blocker);
out:
bdrv_refresh_limits(bs, NULL);
}
diff --git a/include/block/block_int.h b/include/block/block_int.h
index a0d9328..a5c704b 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -472,6 +472,9 @@ struct BdrvChildRole {
*/
void (*drained_begin)(BdrvChild *child);
void (*drained_end)(BdrvChild *child);
+
+ void (*attach)(BdrvChild *child);
+ void (*detach)(BdrvChild *child);
};
extern const BdrvChildRole child_file;
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 41/54] block: Allow backing file links in change_parent_backing_link()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (39 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 40/54] block: BdrvChildRole.attach/detach() callbacks Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 12:33 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 42/54] mirror: Use real permissions in mirror/active commit block job Kevin Wolf
` (14 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
Now that the backing file child role implements .attach/.detach
callbacks, nothing prevents us from modifying the graph even if that
involves changing backing file links.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/block.c b/block.c
index 97694fa..560e84a 100644
--- a/block.c
+++ b/block.c
@@ -2860,9 +2860,9 @@ static void change_parent_backing_link(BlockDriverState *from,
continue;
}
if (c->role == &child_backing) {
- /* @from is generally not allowed to be a backing file, except for
- * when @to is the overlay. In that case, @from may not be replaced
- * by @to as @to's backing node. */
+ /* If @from is a backing file of @to, ignore the child to avoid
+ * creating a loop. We only want to change the pointer of other
+ * parents. */
QLIST_FOREACH(to_c, &to->children, next) {
if (to_c == c) {
break;
@@ -2873,7 +2873,6 @@ static void change_parent_backing_link(BlockDriverState *from,
}
}
- assert(c->role != &child_backing);
bdrv_ref(to);
bdrv_replace_child(c, to);
bdrv_unref(from);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 42/54] mirror: Use real permissions in mirror/active commit block job
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (40 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 41/54] block: Allow backing file links in change_parent_backing_link() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 13:49 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 43/54] stream: Use real permissions in streaming " Kevin Wolf
` (13 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
The mirror block job is mainly used for two different scenarios:
Mirroring to an otherwise unused, independent target node, or for active
commit where the target node is part of the backing chain of the source.
Similarly to the commit block job patch, we need to insert a new filter
node to keep the permissions correct during active commit.
Note that one change this implies is that job->blk points to
mirror_top_bs as its root now, and mirror_top_bs (rather than the actual
source node) contains the bs->job pointer. This requires qemu-img commit
to get the job by name now rather than just taking bs->job.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/mirror.c | 161 +++++++++++++++++++++++++++++++++++++--------
qemu-img.c | 6 +-
tests/qemu-iotests/141 | 2 +-
tests/qemu-iotests/141.out | 4 +-
4 files changed, 143 insertions(+), 30 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
index 767b7e7..252107d 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -38,7 +38,10 @@ typedef struct MirrorBlockJob {
BlockJob common;
RateLimit limit;
BlockBackend *target;
+ BlockDriverState *mirror_top_bs;
+ BlockDriverState *source;
BlockDriverState *base;
+
/* The name of the graph node to replace */
char *replaces;
/* The BDS to replace */
@@ -325,7 +328,7 @@ static void mirror_do_zero_or_discard(MirrorBlockJob *s,
static uint64_t coroutine_fn mirror_iteration(MirrorBlockJob *s)
{
- BlockDriverState *source = blk_bs(s->common.blk);
+ BlockDriverState *source = s->source;
int64_t sector_num, first_chunk;
uint64_t delay_ns = 0;
/* At least the first dirty chunk is mirrored in one iteration. */
@@ -495,12 +498,14 @@ static void mirror_exit(BlockJob *job, void *opaque)
MirrorBlockJob *s = container_of(job, MirrorBlockJob, common);
MirrorExitData *data = opaque;
AioContext *replace_aio_context = NULL;
- BlockDriverState *src = blk_bs(s->common.blk);
+ BlockDriverState *src = s->source;
BlockDriverState *target_bs = blk_bs(s->target);
+ BlockDriverState *mirror_top_bs = s->mirror_top_bs;
/* Make sure that the source BDS doesn't go away before we called
* block_job_completed(). */
bdrv_ref(src);
+ bdrv_ref(mirror_top_bs);
if (s->to_replace) {
replace_aio_context = bdrv_get_aio_context(s->to_replace);
@@ -522,13 +527,6 @@ static void mirror_exit(BlockJob *job, void *opaque)
bdrv_drained_begin(target_bs);
bdrv_replace_in_backing_chain(to_replace, target_bs);
bdrv_drained_end(target_bs);
-
- /* We just changed the BDS the job BB refers to, so switch the BB back
- * so the cleanup does the right thing. We don't need any permissions
- * any more now. */
- blk_remove_bs(job->blk);
- blk_set_perm(job->blk, 0, BLK_PERM_ALL, &error_abort);
- blk_insert_bs(job->blk, src, &error_abort);
}
if (s->to_replace) {
bdrv_op_unblock_all(s->to_replace, s->replace_blocker);
@@ -541,9 +539,23 @@ static void mirror_exit(BlockJob *job, void *opaque)
g_free(s->replaces);
blk_unref(s->target);
s->target = NULL;
+
+ /* Remove the mirror filter driver from the graph */
+ bdrv_replace_in_backing_chain(mirror_top_bs, backing_bs(mirror_top_bs));
+
+ /* We just changed the BDS the job BB refers to (with either or both of the
+ * bdrv_replace_in_backing_chain() calls), so switch the BB back so the
+ * cleanup does the right thing. We don't need any permissions any more
+ * now. */
+ blk_remove_bs(job->blk);
+ blk_set_perm(job->blk, 0, BLK_PERM_ALL, &error_abort);
+ blk_insert_bs(job->blk, mirror_top_bs, &error_abort);
+
block_job_completed(&s->common, data->ret);
+
g_free(data);
bdrv_drained_end(src);
+ bdrv_unref(mirror_top_bs);
bdrv_unref(src);
}
@@ -563,7 +575,7 @@ static int coroutine_fn mirror_dirty_init(MirrorBlockJob *s)
{
int64_t sector_num, end;
BlockDriverState *base = s->base;
- BlockDriverState *bs = blk_bs(s->common.blk);
+ BlockDriverState *bs = s->source;
BlockDriverState *target_bs = blk_bs(s->target);
int ret, n;
@@ -642,7 +654,7 @@ static void coroutine_fn mirror_run(void *opaque)
{
MirrorBlockJob *s = opaque;
MirrorExitData *data;
- BlockDriverState *bs = blk_bs(s->common.blk);
+ BlockDriverState *bs = s->source;
BlockDriverState *target_bs = blk_bs(s->target);
bool need_drain = true;
int64_t length;
@@ -876,7 +888,7 @@ static void mirror_complete(BlockJob *job, Error **errp)
MirrorBlockJob *s = container_of(job, MirrorBlockJob, common);
BlockDriverState *src, *target;
- src = blk_bs(job->blk);
+ src = s->source;
target = blk_bs(s->target);
if (!s->synced) {
@@ -908,6 +920,10 @@ static void mirror_complete(BlockJob *job, Error **errp)
replace_aio_context = bdrv_get_aio_context(s->to_replace);
aio_context_acquire(replace_aio_context);
+ /* TODO Translate this into permission system. Current definition of
+ * GRAPH_MOD would require to request it for the parents; they might
+ * not even be BlockDriverStates, however, so a BdrvChild can't address
+ * them. May need redefinition of GRAPH_MOD. */
error_setg(&s->replace_blocker,
"block device is in use by block-job-complete");
bdrv_op_block_all(s->to_replace, s->replace_blocker);
@@ -978,6 +994,46 @@ static const BlockJobDriver commit_active_job_driver = {
.drain = mirror_drain,
};
+static int coroutine_fn bdrv_mirror_top_preadv(BlockDriverState *bs,
+ uint64_t offset, uint64_t bytes, QEMUIOVector *qiov, int flags)
+{
+ return bdrv_co_preadv(bs->backing, offset, bytes, qiov, flags);
+}
+
+static int coroutine_fn bdrv_mirror_top_pwritev(BlockDriverState *bs,
+ uint64_t offset, uint64_t bytes, QEMUIOVector *qiov, int flags)
+{
+ return bdrv_co_pwritev(bs->backing, offset, bytes, qiov, flags);
+}
+
+static void bdrv_mirror_top_close(BlockDriverState *bs)
+{
+}
+
+static void bdrv_mirror_top_child_perm(BlockDriverState *bs, BdrvChild *c,
+ const BdrvChildRole *role,
+ uint64_t perm, uint64_t shared,
+ uint64_t *nperm, uint64_t *nshared)
+{
+ /* Must be able to forward guest writes to the real image */
+ *nperm = 0;
+ if (perm & BLK_PERM_WRITE) {
+ *nperm |= BLK_PERM_WRITE;
+ }
+
+ *nshared = BLK_PERM_ALL;
+}
+
+/* Dummy node that provides consistent read to its users without requiring it
+ * from its backing file and that allows writes on the backing file chain. */
+static BlockDriver bdrv_mirror_top = {
+ .format_name = "mirror_top",
+ .bdrv_co_preadv = bdrv_mirror_top_preadv,
+ .bdrv_co_pwritev = bdrv_mirror_top_pwritev,
+ .bdrv_close = bdrv_mirror_top_close,
+ .bdrv_child_perm = bdrv_mirror_top_child_perm,
+};
+
static void mirror_start_job(const char *job_id, BlockDriverState *bs,
int creation_flags, BlockDriverState *target,
const char *replaces, int64_t speed,
@@ -993,6 +1049,9 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
bool auto_complete)
{
MirrorBlockJob *s;
+ BlockDriverState *mirror_top_bs;
+ bool target_graph_mod;
+ bool target_is_backing;
int ret;
if (granularity == 0) {
@@ -1010,20 +1069,54 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
buf_size = DEFAULT_MIRROR_BUF_SIZE;
}
- /* FIXME Use real permissions */
- s = block_job_create(job_id, driver, bs, 0, BLK_PERM_ALL, speed,
+ /* In the case of active commit, add dummy driver to provide consistent
+ * reads on the top, while disabling it in the intermediate nodes */
+ mirror_top_bs = bdrv_new_open_driver(&bdrv_mirror_top, NULL, BDRV_O_RDWR,
+ errp);
+ if (mirror_top_bs == NULL) {
+ return;
+ }
+ mirror_top_bs->total_sectors = bs->total_sectors;
+
+ /* bdrv_append takes ownership of the mirror_top_bs reference, need to keep
+ * it alive until block_job_create() even if bs has no parent. */
+ bdrv_ref(mirror_top_bs);
+ bdrv_drained_begin(bs);
+ bdrv_append(mirror_top_bs, bs);
+ bdrv_drained_end(bs);
+
+ /* Make sure that the source is not resized while the job is running */
+ s = block_job_create(job_id, driver, mirror_top_bs,
+ BLK_PERM_CONSISTENT_READ,
+ BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE_UNCHANGED |
+ BLK_PERM_WRITE | BLK_PERM_GRAPH_MOD, speed,
creation_flags, cb, opaque, errp);
+ bdrv_unref(mirror_top_bs);
if (!s) {
- return;
+ goto fail;
}
-
- /* FIXME Use real permissions */
- s->target = blk_new(0, BLK_PERM_ALL);
+ s->source = bs;
+ s->mirror_top_bs = mirror_top_bs;
+
+ /* No resize for the target either; while the mirror is still running, a
+ * consistent read isn't necessarily possible. We could possibly allow
+ * writes and graph modifications, though it would likely defeat the
+ * purpose of a mirror, so leave them blocked for now.
+ *
+ * In the case of active commit, things look a bit different, though,
+ * because the target is an already populated backing file in active use.
+ * We can allow anything ecept resize there.*/
+ target_is_backing = bdrv_chain_contains(bs, target);
+ target_graph_mod = (backing_mode != MIRROR_LEAVE_BACKING_CHAIN);
+ s->target = blk_new(BLK_PERM_WRITE | BLK_PERM_RESIZE |
+ (target_graph_mod ? BLK_PERM_GRAPH_MOD : 0),
+ BLK_PERM_WRITE_UNCHANGED |
+ (target_is_backing ? BLK_PERM_CONSISTENT_READ |
+ BLK_PERM_WRITE |
+ BLK_PERM_GRAPH_MOD : 0));
ret = blk_insert_bs(s->target, target, errp);
if (ret < 0) {
- blk_unref(s->target);
- block_job_unref(&s->common);
- return;
+ goto fail;
}
s->replaces = g_strdup(replaces);
@@ -1047,23 +1140,39 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
return;
}
- /* FIXME Use real permissions */
+ /* Required permissions are already taken with blk_new() */
block_job_add_bdrv(&s->common, "target", target, 0, BLK_PERM_ALL,
&error_abort);
/* In commit_active_start() all intermediate nodes disappear, so
* any jobs in them must be blocked */
- if (bdrv_chain_contains(bs, target)) {
+ if (target_is_backing) {
BlockDriverState *iter;
for (iter = backing_bs(bs); iter != target; iter = backing_bs(iter)) {
- /* FIXME Use real permissions */
- block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
- BLK_PERM_ALL, &error_abort);
+ /* XXX BLK_PERM_WRITE needs to be allowed so we don't block ourselves
+ * at s->base. The other options would be a second filter driver above
+ * s->base. */
+ ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
+ BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE,
+ errp);
+ if (ret < 0) {
+ goto fail;
+ }
}
}
trace_mirror_start(bs, s, opaque);
block_job_start(&s->common);
+ return;
+
+fail:
+ if (s) {
+ g_free(s->replaces);
+ blk_unref(s->target);
+ block_job_unref(&s->common);
+ }
+
+ bdrv_replace_in_backing_chain(mirror_top_bs, backing_bs(mirror_top_bs));
}
void mirror_start(const char *job_id, BlockDriverState *bs,
diff --git a/qemu-img.c b/qemu-img.c
index 8d9195e..e20830f 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -795,6 +795,8 @@ static void run_block_job(BlockJob *job, Error **errp)
{
AioContext *aio_context = blk_get_aio_context(job->blk);
+ /* FIXME In error cases, the job simply goes away and we access a dangling
+ * pointer below. */
aio_context_acquire(aio_context);
do {
aio_poll(aio_context, true);
@@ -816,6 +818,7 @@ static int img_commit(int argc, char **argv)
const char *filename, *fmt, *cache, *base;
BlockBackend *blk;
BlockDriverState *bs, *base_bs;
+ BlockJob *job;
bool progress = false, quiet = false, drop = false;
bool writethrough;
Error *local_err = NULL;
@@ -951,7 +954,8 @@ static int img_commit(int argc, char **argv)
bdrv_ref(bs);
}
- run_block_job(bs->job, &local_err);
+ job = block_job_get("commit");
+ run_block_job(job, &local_err);
if (local_err) {
goto unref_backing;
}
diff --git a/tests/qemu-iotests/141 b/tests/qemu-iotests/141
index 3ba79f0..6d8f0a1 100755
--- a/tests/qemu-iotests/141
+++ b/tests/qemu-iotests/141
@@ -67,7 +67,7 @@ test_blockjob()
_send_qemu_cmd $QEMU_HANDLE \
"{'execute': 'x-blockdev-del',
'arguments': {'node-name': 'drv0'}}" \
- 'error'
+ 'error' | _filter_generated_node_ids
_send_qemu_cmd $QEMU_HANDLE \
"{'execute': 'block-job-cancel',
diff --git a/tests/qemu-iotests/141.out b/tests/qemu-iotests/141.out
index 195ca1a..82e763b 100644
--- a/tests/qemu-iotests/141.out
+++ b/tests/qemu-iotests/141.out
@@ -20,7 +20,7 @@ Formatting 'TEST_DIR/o.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/t.
Formatting 'TEST_DIR/o.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/t.IMGFMT backing_fmt=IMGFMT
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_READY", "data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "mirror"}}
{"return": {}}
-{"error": {"class": "GenericError", "desc": "Node drv0 is in use"}}
+{"error": {"class": "GenericError", "desc": "Node 'drv0' is busy: node is used as backing hd of 'NODE_NAME'"}}
{"return": {}}
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_COMPLETED", "data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "mirror"}}
{"return": {}}
@@ -30,7 +30,7 @@ Formatting 'TEST_DIR/o.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/t.
{"return": {}}
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_READY", "data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "commit"}}
{"return": {}}
-{"error": {"class": "GenericError", "desc": "Node drv0 is in use"}}
+{"error": {"class": "GenericError", "desc": "Node 'drv0' is busy: node is used as backing hd of 'NODE_NAME'"}}
{"return": {}}
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_COMPLETED", "data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "commit"}}
{"return": {}}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 43/54] stream: Use real permissions in streaming block job
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (41 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 42/54] mirror: Use real permissions in mirror/active commit block job Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 13:58 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 44/54] mirror: Add filter-node-name to blockdev-mirror Kevin Wolf
` (12 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
The correct permissions are relatively obvious here (and explained in
code comments). For intermediate streaming, we need to reopen the top
node read-write before creating the job now because the permissions
system catches attempts to get the BLK_PERM_WRITE_UNCHANGED permission
on a read-only node.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/stream.c | 37 +++++++++++++++++++++++++------------
1 file changed, 25 insertions(+), 12 deletions(-)
diff --git a/block/stream.c b/block/stream.c
index ba8650f..0c30d41 100644
--- a/block/stream.c
+++ b/block/stream.c
@@ -229,28 +229,35 @@ void stream_start(const char *job_id, BlockDriverState *bs,
BlockDriverState *iter;
int orig_bs_flags;
- /* FIXME Use real permissions */
- s = block_job_create(job_id, &stream_job_driver, bs, 0, BLK_PERM_ALL,
- speed, BLOCK_JOB_DEFAULT, NULL, NULL, errp);
- if (!s) {
- return;
- }
-
/* Make sure that the image is opened in read-write mode */
orig_bs_flags = bdrv_get_flags(bs);
if (!(orig_bs_flags & BDRV_O_RDWR)) {
if (bdrv_reopen(bs, orig_bs_flags | BDRV_O_RDWR, errp) != 0) {
- block_job_unref(&s->common);
return;
}
}
- /* Block all intermediate nodes between bs and base, because they
- * will disappear from the chain after this operation */
+ /* Prevent concurrent jobs trying to modify the graph structure here, we
+ * already have our own plans. Also don't allow resize as the image size is
+ * queried only at the job start and then cached. */
+ s = block_job_create(job_id, &stream_job_driver, bs,
+ BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE_UNCHANGED |
+ BLK_PERM_GRAPH_MOD,
+ BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE_UNCHANGED |
+ BLK_PERM_WRITE,
+ speed, BLOCK_JOB_DEFAULT, NULL, NULL, errp);
+ if (!s) {
+ goto fail;
+ }
+
+ /* Block all intermediate nodes between bs and base, because they will
+ * disappear from the chain after this operation. The streaming job reads
+ * every block only once, assuming that it doesn't change, so block writes
+ * and resizes. */
for (iter = backing_bs(bs); iter && iter != base; iter = backing_bs(iter)) {
- /* FIXME Use real permissions */
block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
- BLK_PERM_ALL, &error_abort);
+ BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE_UNCHANGED,
+ &error_abort);
}
s->base = base;
@@ -260,4 +267,10 @@ void stream_start(const char *job_id, BlockDriverState *bs,
s->on_error = on_error;
trace_stream_start(bs, base, s);
block_job_start(&s->common);
+ return;
+
+fail:
+ if (orig_bs_flags != bdrv_get_flags(bs)) {
+ bdrv_reopen(bs, s->bs_flags, NULL);
+ }
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 44/54] mirror: Add filter-node-name to blockdev-mirror
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (42 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 43/54] stream: Use real permissions in streaming " Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 14:19 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 45/54] commit: Add filter-node-name to block-commit Kevin Wolf
` (11 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
Management tools need to be able to know about every node in the graph
and need a way to address them. This new option to blockdev-mirror
allows the client to set a node-name for the automatically inserted
filter driver, and at the same time serves as a witness that this
version of qemu does automatically insert a filter driver.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/mirror.c | 14 ++++++++------
blockdev.c | 12 +++++++++++-
include/block/block_int.h | 5 ++++-
qapi/block-core.json | 8 +++++++-
4 files changed, 30 insertions(+), 9 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
index 252107d..2e1cd16 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -1046,7 +1046,7 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
void *opaque, Error **errp,
const BlockJobDriver *driver,
bool is_none_mode, BlockDriverState *base,
- bool auto_complete)
+ bool auto_complete, const char *filter_node_name)
{
MirrorBlockJob *s;
BlockDriverState *mirror_top_bs;
@@ -1071,8 +1071,8 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
/* In the case of active commit, add dummy driver to provide consistent
* reads on the top, while disabling it in the intermediate nodes */
- mirror_top_bs = bdrv_new_open_driver(&bdrv_mirror_top, NULL, BDRV_O_RDWR,
- errp);
+ mirror_top_bs = bdrv_new_open_driver(&bdrv_mirror_top, filter_node_name,
+ BDRV_O_RDWR, errp);
if (mirror_top_bs == NULL) {
return;
}
@@ -1181,7 +1181,7 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
MirrorSyncMode mode, BlockMirrorBackingMode backing_mode,
BlockdevOnError on_source_error,
BlockdevOnError on_target_error,
- bool unmap, Error **errp)
+ bool unmap, const char *filter_node_name, Error **errp)
{
bool is_none_mode;
BlockDriverState *base;
@@ -1195,7 +1195,8 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
mirror_start_job(job_id, bs, BLOCK_JOB_DEFAULT, target, replaces,
speed, granularity, buf_size, backing_mode,
on_source_error, on_target_error, unmap, NULL, NULL, errp,
- &mirror_job_driver, is_none_mode, base, false);
+ &mirror_job_driver, is_none_mode, base, false,
+ filter_node_name);
}
void commit_active_start(const char *job_id, BlockDriverState *bs,
@@ -1216,7 +1217,8 @@ void commit_active_start(const char *job_id, BlockDriverState *bs,
mirror_start_job(job_id, bs, creation_flags, base, NULL, speed, 0, 0,
MIRROR_LEAVE_BACKING_CHAIN,
on_error, on_error, true, cb, opaque, &local_err,
- &commit_active_job_driver, false, base, auto_complete);
+ &commit_active_job_driver, false, base, auto_complete,
+ NULL);
if (local_err) {
error_propagate(errp, local_err);
goto error_restore_flags;
diff --git a/blockdev.c b/blockdev.c
index bcee23e..4314584 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -3362,6 +3362,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
bool has_on_target_error,
BlockdevOnError on_target_error,
bool has_unmap, bool unmap,
+ bool has_filter_node_name,
+ const char *filter_node_name,
Error **errp)
{
@@ -3383,6 +3385,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
if (!has_unmap) {
unmap = true;
}
+ if (!has_filter_node_name) {
+ filter_node_name = NULL;
+ }
if (granularity != 0 && (granularity < 512 || granularity > 1048576 * 64)) {
error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "granularity",
@@ -3412,7 +3417,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
mirror_start(job_id, bs, target,
has_replaces ? replaces : NULL,
speed, granularity, buf_size, sync, backing_mode,
- on_source_error, on_target_error, unmap, errp);
+ on_source_error, on_target_error, unmap, filter_node_name,
+ errp);
}
void qmp_drive_mirror(DriveMirror *arg, Error **errp)
@@ -3550,6 +3556,7 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
arg->has_on_source_error, arg->on_source_error,
arg->has_on_target_error, arg->on_target_error,
arg->has_unmap, arg->unmap,
+ false, NULL,
&local_err);
bdrv_unref(target_bs);
error_propagate(errp, local_err);
@@ -3568,6 +3575,8 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
BlockdevOnError on_source_error,
bool has_on_target_error,
BlockdevOnError on_target_error,
+ bool has_filter_node_name,
+ const char *filter_node_name,
Error **errp)
{
BlockDriverState *bs;
@@ -3599,6 +3608,7 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
has_on_source_error, on_source_error,
has_on_target_error, on_target_error,
true, true,
+ has_filter_node_name, filter_node_name,
&local_err);
error_propagate(errp, local_err);
diff --git a/include/block/block_int.h b/include/block/block_int.h
index a5c704b..563b30c 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -824,6 +824,9 @@ void commit_active_start(const char *job_id, BlockDriverState *bs,
* @on_source_error: The action to take upon error reading from the source.
* @on_target_error: The action to take upon error writing to the target.
* @unmap: Whether to unmap target where source sectors only contain zeroes.
+ * @filter_node_name: The node name that should be assigned to the filter
+ * driver that the mirror job inserts into the graph above @bs. NULL means that
+ * a node name should be autogenerated.
* @errp: Error object.
*
* Start a mirroring operation on @bs. Clusters that are allocated
@@ -837,7 +840,7 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
MirrorSyncMode mode, BlockMirrorBackingMode backing_mode,
BlockdevOnError on_source_error,
BlockdevOnError on_target_error,
- bool unmap, Error **errp);
+ bool unmap, const char *filter_node_name, Error **errp);
/*
* backup_job_create:
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 932f5bb..893fa34 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -1671,6 +1671,11 @@
# default 'report' (no limitations, since this applies to
# a different block device than @device).
#
+# @filter-node-name: #optional the node name that should be assigned to the
+# filter driver that the mirror job inserts into the graph
+# above @device. If this option is not given, a node name is
+# autogenerated. (Since: 2.9)
+#
# Returns: nothing on success.
#
# Since: 2.6
@@ -1690,7 +1695,8 @@
'sync': 'MirrorSyncMode',
'*speed': 'int', '*granularity': 'uint32',
'*buf-size': 'int', '*on-source-error': 'BlockdevOnError',
- '*on-target-error': 'BlockdevOnError' } }
+ '*on-target-error': 'BlockdevOnError',
+ '*filter-node-name': 'str' } }
##
# @block_set_io_throttle:
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 45/54] commit: Add filter-node-name to block-commit
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (43 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 44/54] mirror: Add filter-node-name to blockdev-mirror Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 14:37 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 46/54] hmp: Request permissions in qemu-io Kevin Wolf
` (10 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
Management tools need to be able to know about every node in the graph
and need a way to address them. This new option to block-commit allows
the client to set a node-name for the automatically inserted filter
driver, and at the same time serves as a witness that this version of
qemu does automatically insert a filter driver.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/commit.c | 6 +++---
block/mirror.c | 3 ++-
block/replication.c | 2 +-
blockdev.c | 10 +++++++---
include/block/block_int.h | 13 ++++++++++---
qapi/block-core.json | 8 +++++++-
qemu-img.c | 4 ++--
7 files changed, 32 insertions(+), 14 deletions(-)
diff --git a/block/commit.c b/block/commit.c
index 92f7bd3..b9ec363 100644
--- a/block/commit.c
+++ b/block/commit.c
@@ -254,7 +254,7 @@ static BlockDriver bdrv_commit_top = {
void commit_start(const char *job_id, BlockDriverState *bs,
BlockDriverState *base, BlockDriverState *top, int64_t speed,
BlockdevOnError on_error, const char *backing_file_str,
- Error **errp)
+ const char *filter_node_name, Error **errp)
{
CommitBlockJob *s;
BlockReopenQueue *reopen_queue = NULL;
@@ -307,8 +307,8 @@ void commit_start(const char *job_id, BlockDriverState *bs,
/* Insert commit_top block node above top, so we can block consistent read
* on the backing chain below it */
- commit_top_bs = bdrv_new_open_driver(&bdrv_commit_top, NULL, BDRV_O_RDWR,
- errp);
+ commit_top_bs = bdrv_new_open_driver(&bdrv_commit_top, filter_node_name,
+ BDRV_O_RDWR, errp);
if (commit_top_bs == NULL) {
goto fail;
}
diff --git a/block/mirror.c b/block/mirror.c
index 2e1cd16..fa0c0e5 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -1202,6 +1202,7 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
void commit_active_start(const char *job_id, BlockDriverState *bs,
BlockDriverState *base, int creation_flags,
int64_t speed, BlockdevOnError on_error,
+ const char *filter_node_name,
BlockCompletionFunc *cb, void *opaque, Error **errp,
bool auto_complete)
{
@@ -1218,7 +1219,7 @@ void commit_active_start(const char *job_id, BlockDriverState *bs,
MIRROR_LEAVE_BACKING_CHAIN,
on_error, on_error, true, cb, opaque, &local_err,
&commit_active_job_driver, false, base, auto_complete,
- NULL);
+ filter_node_name);
if (local_err) {
error_propagate(errp, local_err);
goto error_restore_flags;
diff --git a/block/replication.c b/block/replication.c
index 91465cb..22f170f 100644
--- a/block/replication.c
+++ b/block/replication.c
@@ -644,7 +644,7 @@ static void replication_stop(ReplicationState *rs, bool failover, Error **errp)
s->replication_state = BLOCK_REPLICATION_FAILOVER;
commit_active_start(NULL, s->active_disk->bs, s->secondary_disk->bs,
BLOCK_JOB_INTERNAL, 0, BLOCKDEV_ON_ERROR_REPORT,
- replication_done, bs, errp, true);
+ NULL, replication_done, bs, errp, true);
break;
default:
aio_context_release(aio_context);
diff --git a/blockdev.c b/blockdev.c
index 4314584..63b1ac4 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -3028,6 +3028,7 @@ void qmp_block_commit(bool has_job_id, const char *job_id, const char *device,
bool has_top, const char *top,
bool has_backing_file, const char *backing_file,
bool has_speed, int64_t speed,
+ bool has_filter_node_name, const char *filter_node_name,
Error **errp)
{
BlockDriverState *bs;
@@ -3043,6 +3044,9 @@ void qmp_block_commit(bool has_job_id, const char *job_id, const char *device,
if (!has_speed) {
speed = 0;
}
+ if (!has_filter_node_name) {
+ filter_node_name = NULL;
+ }
/* Important Note:
* libvirt relies on the DeviceNotFound error class in order to probe for
@@ -3117,8 +3121,8 @@ void qmp_block_commit(bool has_job_id, const char *job_id, const char *device,
goto out;
}
commit_active_start(has_job_id ? job_id : NULL, bs, base_bs,
- BLOCK_JOB_DEFAULT, speed, on_error, NULL, NULL,
- &local_err, false);
+ BLOCK_JOB_DEFAULT, speed, on_error,
+ filter_node_name, NULL, NULL, &local_err, false);
} else {
BlockDriverState *overlay_bs = bdrv_find_overlay(bs, top_bs);
if (bdrv_op_is_blocked(overlay_bs, BLOCK_OP_TYPE_COMMIT_TARGET, errp)) {
@@ -3126,7 +3130,7 @@ void qmp_block_commit(bool has_job_id, const char *job_id, const char *device,
}
commit_start(has_job_id ? job_id : NULL, bs, base_bs, top_bs, speed,
on_error, has_backing_file ? backing_file : NULL,
- &local_err);
+ filter_node_name, &local_err);
}
if (local_err != NULL) {
error_propagate(errp, local_err);
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 563b30c..a57c0bf 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -780,13 +780,16 @@ void stream_start(const char *job_id, BlockDriverState *bs,
* @speed: The maximum speed, in bytes per second, or 0 for unlimited.
* @on_error: The action to take upon error.
* @backing_file_str: String to use as the backing file in @top's overlay
+ * @filter_node_name: The node name that should be assigned to the filter
+ * driver that the commit job inserts into the graph above @top. NULL means
+ * that a node name should be autogenerated.
* @errp: Error object.
*
*/
void commit_start(const char *job_id, BlockDriverState *bs,
BlockDriverState *base, BlockDriverState *top, int64_t speed,
BlockdevOnError on_error, const char *backing_file_str,
- Error **errp);
+ const char *filter_node_name, Error **errp);
/**
* commit_active_start:
* @job_id: The id of the newly-created job, or %NULL to use the
@@ -797,6 +800,9 @@ void commit_start(const char *job_id, BlockDriverState *bs,
* See @BlockJobCreateFlags
* @speed: The maximum speed, in bytes per second, or 0 for unlimited.
* @on_error: The action to take upon error.
+ * @filter_node_name: The node name that should be assigned to the filter
+ * driver that the commit job inserts into the graph above @bs. NULL means that
+ * a node name should be autogenerated.
* @cb: Completion function for the job.
* @opaque: Opaque pointer value passed to @cb.
* @errp: Error object.
@@ -806,8 +812,9 @@ void commit_start(const char *job_id, BlockDriverState *bs,
void commit_active_start(const char *job_id, BlockDriverState *bs,
BlockDriverState *base, int creation_flags,
int64_t speed, BlockdevOnError on_error,
- BlockCompletionFunc *cb,
- void *opaque, Error **errp, bool auto_complete);
+ const char *filter_node_name,
+ BlockCompletionFunc *cb, void *opaque, Error **errp,
+ bool auto_complete);
/*
* mirror_start:
* @job_id: The id of the newly-created job, or %NULL to use the
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 893fa34..36d38b9 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -1304,6 +1304,11 @@
#
# @speed: #optional the maximum speed, in bytes per second
#
+# @filter-node-name: #optional the node name that should be assigned to the
+# filter driver that the commit job inserts into the graph
+# above @device. If this option is not given, a node name is
+# autogenerated. (Since: 2.9)
+#
# Returns: Nothing on success
# If commit or stream is already active on this device, DeviceInUse
# If @device does not exist, DeviceNotFound
@@ -1323,7 +1328,8 @@
##
{ 'command': 'block-commit',
'data': { '*job-id': 'str', 'device': 'str', '*base': 'str', '*top': 'str',
- '*backing-file': 'str', '*speed': 'int' } }
+ '*backing-file': 'str', '*speed': 'int',
+ '*filter-node-name': 'str' } }
##
# @drive-backup:
diff --git a/qemu-img.c b/qemu-img.c
index e20830f..fc72d21 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -939,8 +939,8 @@ static int img_commit(int argc, char **argv)
aio_context = bdrv_get_aio_context(bs);
aio_context_acquire(aio_context);
commit_active_start("commit", bs, base_bs, BLOCK_JOB_DEFAULT, 0,
- BLOCKDEV_ON_ERROR_REPORT, common_block_job_cb, &cbi,
- &local_err, false);
+ BLOCKDEV_ON_ERROR_REPORT, NULL, common_block_job_cb,
+ &cbi, &local_err, false);
aio_context_release(aio_context);
if (local_err) {
goto done;
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 46/54] hmp: Request permissions in qemu-io
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (44 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 45/54] commit: Add filter-node-name to block-commit Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 14:46 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 47/54] migration/block: Use real permissions Kevin Wolf
` (9 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
The HMP command 'qemu-io' is a bit tricky because it wants to work on
the original BlockBackend, but additional permissions could be required.
The details are explained in a comment in the code, but in summary, just
request whatever permissions the current qemu-io command needs.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/block-backend.c | 6 ++++++
hmp.c | 26 +++++++++++++++++++++++++-
include/qemu-io.h | 1 +
include/sysemu/block-backend.h | 1 +
qemu-io-cmds.c | 28 ++++++++++++++++++++++++++++
5 files changed, 61 insertions(+), 1 deletion(-)
diff --git a/block/block-backend.c b/block/block-backend.c
index 38a3858..daa7908 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -584,6 +584,12 @@ int blk_set_perm(BlockBackend *blk, uint64_t perm, uint64_t shared_perm,
return 0;
}
+void blk_get_perm(BlockBackend *blk, uint64_t *perm, uint64_t *shared_perm)
+{
+ *perm = blk->perm;
+ *shared_perm = blk->shared_perm;
+}
+
static int blk_do_attach_dev(BlockBackend *blk, void *dev)
{
if (blk->dev) {
diff --git a/hmp.c b/hmp.c
index 801fddb..fde5016 100644
--- a/hmp.c
+++ b/hmp.c
@@ -2045,7 +2045,6 @@ void hmp_qemu_io(Monitor *mon, const QDict *qdict)
if (!blk) {
BlockDriverState *bs = bdrv_lookup_bs(NULL, device, &err);
if (bs) {
- /* FIXME Use real permissions */
blk = local_blk = blk_new(0, BLK_PERM_ALL);
ret = blk_insert_bs(blk, bs, &err);
if (ret < 0) {
@@ -2059,6 +2058,31 @@ void hmp_qemu_io(Monitor *mon, const QDict *qdict)
aio_context = blk_get_aio_context(blk);
aio_context_acquire(aio_context);
+ /*
+ * Notably absent: Proper permission management. This is sad, but it seems
+ * almost impossible to achieve without changing the semantics and thereby
+ * limiting the use cases of the qemu-io HMP command.
+ *
+ * In an ideal world we would unconditionally create a new BlockBackend for
+ * qemuio_command(), but we have commands like 'reopen' and want them to
+ * take effect on the exact BlockBackend whose name the user passed instead
+ * of just on a temporary copy of it.
+ *
+ * Another problem is that deleting the temporary BlockBackend involves
+ * draining all requests on it first, but some qemu-iotests cases want to
+ * issue multiple aio_read/write requests and expect them to complete in
+ * the background while the monitor has already returned.
+ *
+ * This is also what prevents us from saving the original permissions and
+ * restoring them later: We can't revoke permissions until all requests
+ * have completed, and we don't know when that is nor can we really let
+ * anything else run before we have revoken them to avoid race conditions.
+ *
+ * What happens now is that command() in qemu-io-cmds.c can extend the
+ * permissions if necessary for the qemu-io command. And they simply stay
+ * extended, possibly resulting in a read-only guest device keeping write
+ * permissions. Ugly, but it appears to be the lesser evil.
+ */
qemuio_command(blk, command);
aio_context_release(aio_context);
diff --git a/include/qemu-io.h b/include/qemu-io.h
index 4d402b9..196fde0 100644
--- a/include/qemu-io.h
+++ b/include/qemu-io.h
@@ -36,6 +36,7 @@ typedef struct cmdinfo {
const char *args;
const char *oneline;
helpfunc_t help;
+ uint64_t perm;
} cmdinfo_t;
extern bool qemuio_misalign;
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index b23f683..096c17f 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -107,6 +107,7 @@ bool bdrv_has_blk(BlockDriverState *bs);
bool bdrv_is_root_node(BlockDriverState *bs);
int blk_set_perm(BlockBackend *blk, uint64_t perm, uint64_t shared_perm,
Error **errp);
+void blk_get_perm(BlockBackend *blk, uint64_t *perm, uint64_t *shared_perm);
void blk_set_allow_write_beyond_eof(BlockBackend *blk, bool allow);
void blk_iostatus_enable(BlockBackend *blk);
diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
index e415b03..035cb96 100644
--- a/qemu-io-cmds.c
+++ b/qemu-io-cmds.c
@@ -83,6 +83,29 @@ static int command(BlockBackend *blk, const cmdinfo_t *ct, int argc,
}
return 0;
}
+
+ /* Request additional permissions if necessary for this command. The caller
+ * is responsible for restoring the original permissions afterwards if this
+ * is what it wants. */
+ if (ct->perm && blk_is_available(blk)) {
+ uint64_t orig_perm, orig_shared_perm;
+ blk_get_perm(blk, &orig_perm, &orig_shared_perm);
+
+ if (ct->perm & ~orig_perm) {
+ uint64_t new_perm;
+ Error *local_err = NULL;
+ int ret;
+
+ new_perm = orig_perm | ct->perm;
+
+ ret = blk_set_perm(blk, new_perm, orig_shared_perm, &local_err);
+ if (ret < 0) {
+ error_report_err(local_err);
+ return 0;
+ }
+ }
+ }
+
optind = 0;
return ct->cfunc(blk, argc, argv);
}
@@ -916,6 +939,7 @@ static const cmdinfo_t write_cmd = {
.name = "write",
.altname = "w",
.cfunc = write_f,
+ .perm = BLK_PERM_WRITE,
.argmin = 2,
.argmax = -1,
.args = "[-bcCfquz] [-P pattern] off len",
@@ -1091,6 +1115,7 @@ static int writev_f(BlockBackend *blk, int argc, char **argv);
static const cmdinfo_t writev_cmd = {
.name = "writev",
.cfunc = writev_f,
+ .perm = BLK_PERM_WRITE,
.argmin = 2,
.argmax = -1,
.args = "[-Cfq] [-P pattern] off len [len..]",
@@ -1390,6 +1415,7 @@ static int aio_write_f(BlockBackend *blk, int argc, char **argv);
static const cmdinfo_t aio_write_cmd = {
.name = "aio_write",
.cfunc = aio_write_f,
+ .perm = BLK_PERM_WRITE,
.argmin = 2,
.argmax = -1,
.args = "[-Cfiquz] [-P pattern] off len [len..]",
@@ -1554,6 +1580,7 @@ static const cmdinfo_t truncate_cmd = {
.name = "truncate",
.altname = "t",
.cfunc = truncate_f,
+ .perm = BLK_PERM_WRITE | BLK_PERM_RESIZE,
.argmin = 1,
.argmax = 1,
.args = "off",
@@ -1651,6 +1678,7 @@ static const cmdinfo_t discard_cmd = {
.name = "discard",
.altname = "d",
.cfunc = discard_f,
+ .perm = BLK_PERM_WRITE,
.argmin = 2,
.argmax = -1,
.args = "[-Cq] off len",
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 47/54] migration/block: Use real permissions
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (45 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 46/54] hmp: Request permissions in qemu-io Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 14:54 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 48/54] nbd/server: Use real permissions for NBD exports Kevin Wolf
` (8 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
Request BLK_PERM_CONSISTENT_READ for the source of block migration, and
handle potential permission errors as good as we can in this place
(which is not very good, but it matches the other failure cases).
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
migration/block.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/migration/block.c b/migration/block.c
index d259936..958d0fc 100644
--- a/migration/block.c
+++ b/migration/block.c
@@ -379,7 +379,7 @@ static void unset_dirty_tracking(void)
}
}
-static void init_blk_migration(QEMUFile *f)
+static int init_blk_migration(QEMUFile *f)
{
BlockDriverState *bs;
BlkMigDevState *bmds;
@@ -390,6 +390,8 @@ static void init_blk_migration(QEMUFile *f)
BlkMigDevState *bmds;
BlockDriverState *bs;
} *bmds_bs;
+ Error *local_err = NULL;
+ int ret;
block_mig_state.submitted = 0;
block_mig_state.read_done = 0;
@@ -411,12 +413,12 @@ static void init_blk_migration(QEMUFile *f)
sectors = bdrv_nb_sectors(bs);
if (sectors <= 0) {
+ ret = sectors;
goto out;
}
bmds = g_new0(BlkMigDevState, 1);
- /* FIXME Use real permissions */
- bmds->blk = blk_new(0, BLK_PERM_ALL);
+ bmds->blk = blk_new(BLK_PERM_CONSISTENT_READ, BLK_PERM_ALL);
bmds->blk_name = g_strdup(bdrv_get_device_name(bs));
bmds->bulk_completed = 0;
bmds->total_sectors = sectors;
@@ -446,7 +448,11 @@ static void init_blk_migration(QEMUFile *f)
BlockDriverState *bs = bmds_bs[i].bs;
if (bmds) {
- blk_insert_bs(bmds->blk, bs, &error_abort);
+ ret = blk_insert_bs(bmds->blk, bs, &local_err);
+ if (ret < 0) {
+ error_report_err(local_err);
+ goto out;
+ }
alloc_aio_bitmap(bmds);
error_setg(&bmds->blocker, "block device is in use by migration");
@@ -454,8 +460,10 @@ static void init_blk_migration(QEMUFile *f)
}
}
+ ret = 0;
out:
g_free(bmds_bs);
+ return ret;
}
/* Called with no lock taken. */
@@ -706,7 +714,10 @@ static int block_save_setup(QEMUFile *f, void *opaque)
block_mig_state.submitted, block_mig_state.transferred);
qemu_mutex_lock_iothread();
- init_blk_migration(f);
+ ret = init_blk_migration(f);
+ if (ret < 0) {
+ return ret;
+ }
/* start track dirty blocks */
ret = set_dirty_tracking();
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 48/54] nbd/server: Use real permissions for NBD exports
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (46 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 47/54] migration/block: Use real permissions Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 15:05 ` Max Reitz
2017-02-27 20:09 ` Eric Blake
2017-02-21 14:58 ` [Qemu-devel] [PATCH 49/54] tests: Remove FIXME comments Kevin Wolf
` (7 subsequent siblings)
55 siblings, 2 replies; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
NBD can't cope with device size changes, so resize must be forbidden,
but otherwise we can tolerate anything. Depending on whether the export
is writable or not, we only require consistent reads and writes.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
nbd/server.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/nbd/server.c b/nbd/server.c
index 89362ba..924a1fe 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -891,10 +891,17 @@ NBDExport *nbd_export_new(BlockDriverState *bs, off_t dev_offset, off_t size,
{
BlockBackend *blk;
NBDExport *exp = g_malloc0(sizeof(NBDExport));
+ uint64_t perm;
int ret;
- /* FIXME Use real permissions */
- blk = blk_new(0, BLK_PERM_ALL);
+ /* Don't allow resize while the NBD server is running, otherwise we don't
+ * care what happens with the node. */
+ perm = BLK_PERM_CONSISTENT_READ;
+ if ((nbdflags & NBD_FLAG_READ_ONLY) == 0) {
+ perm |= BLK_PERM_WRITE;
+ }
+ blk = blk_new(perm, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE_UNCHANGED |
+ BLK_PERM_WRITE | BLK_PERM_GRAPH_MOD);
ret = blk_insert_bs(blk, bs, errp);
if (ret < 0) {
goto fail;
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 49/54] tests: Remove FIXME comments
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (47 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 48/54] nbd/server: Use real permissions for NBD exports Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 15:06 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 50/54] block: Pass BdrvChild to bdrv_aligned_preadv/pwritev Kevin Wolf
` (6 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
Not requesting any permissions is actually correct for these test cases
because no actual I/O or other operation covered by the permission
system is performed.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
tests/test-blockjob.c | 2 +-
tests/test-throttle.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/test-blockjob.c b/tests/test-blockjob.c
index 1afe17b..740e740 100644
--- a/tests/test-blockjob.c
+++ b/tests/test-blockjob.c
@@ -54,7 +54,7 @@ static BlockJob *do_test_id(BlockBackend *blk, const char *id,
* BlockDriverState inserted. */
static BlockBackend *create_blk(const char *name)
{
- /* FIXME Use real permissions */
+ /* No I/O is performed on this device */
BlockBackend *blk = blk_new(0, BLK_PERM_ALL);
BlockDriverState *bs;
diff --git a/tests/test-throttle.c b/tests/test-throttle.c
index 5846433..bd7c501 100644
--- a/tests/test-throttle.c
+++ b/tests/test-throttle.c
@@ -593,7 +593,7 @@ static void test_groups(void)
BlockBackend *blk1, *blk2, *blk3;
BlockBackendPublic *blkp1, *blkp2, *blkp3;
- /* FIXME Use real permissions */
+ /* No actual I/O is performed on these devices */
blk1 = blk_new(0, BLK_PERM_ALL);
blk2 = blk_new(0, BLK_PERM_ALL);
blk3 = blk_new(0, BLK_PERM_ALL);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 50/54] block: Pass BdrvChild to bdrv_aligned_preadv/pwritev
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (48 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 49/54] tests: Remove FIXME comments Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 15:12 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 51/54] block: Assertions for write permissions Kevin Wolf
` (5 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
This is where we want to check the permissions, so we need to have the
BdrvChild around where they are stored.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/io.c | 31 +++++++++++++++++--------------
1 file changed, 17 insertions(+), 14 deletions(-)
diff --git a/block/io.c b/block/io.c
index d5c4544..63e4400 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1001,10 +1001,11 @@ err:
* handles copy on read, zeroing after EOF, and fragmentation of large
* reads; any other features must be implemented by the caller.
*/
-static int coroutine_fn bdrv_aligned_preadv(BlockDriverState *bs,
+static int coroutine_fn bdrv_aligned_preadv(BdrvChild *child,
BdrvTrackedRequest *req, int64_t offset, unsigned int bytes,
int64_t align, QEMUIOVector *qiov, int flags)
{
+ BlockDriverState *bs = child->bs;
int64_t total_bytes, max_bytes;
int ret = 0;
uint64_t bytes_remaining = bytes;
@@ -1158,7 +1159,7 @@ int coroutine_fn bdrv_co_preadv(BdrvChild *child,
}
tracked_request_begin(&req, bs, offset, bytes, BDRV_TRACKED_READ);
- ret = bdrv_aligned_preadv(bs, &req, offset, bytes, align,
+ ret = bdrv_aligned_preadv(child, &req, offset, bytes, align,
use_local_qiov ? &local_qiov : qiov,
flags);
tracked_request_end(&req);
@@ -1306,10 +1307,11 @@ fail:
* Forwards an already correctly aligned write request to the BlockDriver,
* after possibly fragmenting it.
*/
-static int coroutine_fn bdrv_aligned_pwritev(BlockDriverState *bs,
+static int coroutine_fn bdrv_aligned_pwritev(BdrvChild *child,
BdrvTrackedRequest *req, int64_t offset, unsigned int bytes,
int64_t align, QEMUIOVector *qiov, int flags)
{
+ BlockDriverState *bs = child->bs;
BlockDriver *drv = bs->drv;
bool waited;
int ret;
@@ -1397,12 +1399,13 @@ static int coroutine_fn bdrv_aligned_pwritev(BlockDriverState *bs,
return ret;
}
-static int coroutine_fn bdrv_co_do_zero_pwritev(BlockDriverState *bs,
+static int coroutine_fn bdrv_co_do_zero_pwritev(BdrvChild *child,
int64_t offset,
unsigned int bytes,
BdrvRequestFlags flags,
BdrvTrackedRequest *req)
{
+ BlockDriverState *bs = child->bs;
uint8_t *buf = NULL;
QEMUIOVector local_qiov;
struct iovec iov;
@@ -1430,7 +1433,7 @@ static int coroutine_fn bdrv_co_do_zero_pwritev(BlockDriverState *bs,
mark_request_serialising(req, align);
wait_serialising_requests(req);
bdrv_debug_event(bs, BLKDBG_PWRITEV_RMW_HEAD);
- ret = bdrv_aligned_preadv(bs, req, offset & ~(align - 1), align,
+ ret = bdrv_aligned_preadv(child, req, offset & ~(align - 1), align,
align, &local_qiov, 0);
if (ret < 0) {
goto fail;
@@ -1438,7 +1441,7 @@ static int coroutine_fn bdrv_co_do_zero_pwritev(BlockDriverState *bs,
bdrv_debug_event(bs, BLKDBG_PWRITEV_RMW_AFTER_HEAD);
memset(buf + head_padding_bytes, 0, zero_bytes);
- ret = bdrv_aligned_pwritev(bs, req, offset & ~(align - 1), align,
+ ret = bdrv_aligned_pwritev(child, req, offset & ~(align - 1), align,
align, &local_qiov,
flags & ~BDRV_REQ_ZERO_WRITE);
if (ret < 0) {
@@ -1452,7 +1455,7 @@ static int coroutine_fn bdrv_co_do_zero_pwritev(BlockDriverState *bs,
if (bytes >= align) {
/* Write the aligned part in the middle. */
uint64_t aligned_bytes = bytes & ~(align - 1);
- ret = bdrv_aligned_pwritev(bs, req, offset, aligned_bytes, align,
+ ret = bdrv_aligned_pwritev(child, req, offset, aligned_bytes, align,
NULL, flags);
if (ret < 0) {
goto fail;
@@ -1468,7 +1471,7 @@ static int coroutine_fn bdrv_co_do_zero_pwritev(BlockDriverState *bs,
mark_request_serialising(req, align);
wait_serialising_requests(req);
bdrv_debug_event(bs, BLKDBG_PWRITEV_RMW_TAIL);
- ret = bdrv_aligned_preadv(bs, req, offset, align,
+ ret = bdrv_aligned_preadv(child, req, offset, align,
align, &local_qiov, 0);
if (ret < 0) {
goto fail;
@@ -1476,7 +1479,7 @@ static int coroutine_fn bdrv_co_do_zero_pwritev(BlockDriverState *bs,
bdrv_debug_event(bs, BLKDBG_PWRITEV_RMW_AFTER_TAIL);
memset(buf, 0, bytes);
- ret = bdrv_aligned_pwritev(bs, req, offset, align, align,
+ ret = bdrv_aligned_pwritev(child, req, offset, align, align,
&local_qiov, flags & ~BDRV_REQ_ZERO_WRITE);
}
fail:
@@ -1523,7 +1526,7 @@ int coroutine_fn bdrv_co_pwritev(BdrvChild *child,
tracked_request_begin(&req, bs, offset, bytes, BDRV_TRACKED_WRITE);
if (!qiov) {
- ret = bdrv_co_do_zero_pwritev(bs, offset, bytes, flags, &req);
+ ret = bdrv_co_do_zero_pwritev(child, offset, bytes, flags, &req);
goto out;
}
@@ -1542,7 +1545,7 @@ int coroutine_fn bdrv_co_pwritev(BdrvChild *child,
qemu_iovec_init_external(&head_qiov, &head_iov, 1);
bdrv_debug_event(bs, BLKDBG_PWRITEV_RMW_HEAD);
- ret = bdrv_aligned_preadv(bs, &req, offset & ~(align - 1), align,
+ ret = bdrv_aligned_preadv(child, &req, offset & ~(align - 1), align,
align, &head_qiov, 0);
if (ret < 0) {
goto fail;
@@ -1584,8 +1587,8 @@ int coroutine_fn bdrv_co_pwritev(BdrvChild *child,
qemu_iovec_init_external(&tail_qiov, &tail_iov, 1);
bdrv_debug_event(bs, BLKDBG_PWRITEV_RMW_TAIL);
- ret = bdrv_aligned_preadv(bs, &req, (offset + bytes) & ~(align - 1), align,
- align, &tail_qiov, 0);
+ ret = bdrv_aligned_preadv(child, &req, (offset + bytes) & ~(align - 1),
+ align, align, &tail_qiov, 0);
if (ret < 0) {
goto fail;
}
@@ -1603,7 +1606,7 @@ int coroutine_fn bdrv_co_pwritev(BdrvChild *child,
bytes = ROUND_UP(bytes, align);
}
- ret = bdrv_aligned_pwritev(bs, &req, offset, bytes, align,
+ ret = bdrv_aligned_pwritev(child, &req, offset, bytes, align,
use_local_qiov ? &local_qiov : qiov,
flags);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 51/54] block: Assertions for write permissions
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (49 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 50/54] block: Pass BdrvChild to bdrv_aligned_preadv/pwritev Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 15:13 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 52/54] block: Assertions for resize permission Kevin Wolf
` (4 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
This adds assertions that ensure that the necessary write permissions
have been granted before someone attempts to write to a node.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/io.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/block/io.c b/block/io.c
index 63e4400..4c79745 100644
--- a/block/io.c
+++ b/block/io.c
@@ -925,9 +925,11 @@ bdrv_driver_pwritev_compressed(BlockDriverState *bs, uint64_t offset,
return drv->bdrv_co_pwritev_compressed(bs, offset, bytes, qiov);
}
-static int coroutine_fn bdrv_co_do_copy_on_readv(BlockDriverState *bs,
+static int coroutine_fn bdrv_co_do_copy_on_readv(BdrvChild *child,
int64_t offset, unsigned int bytes, QEMUIOVector *qiov)
{
+ BlockDriverState *bs = child->bs;
+
/* Perform I/O through a temporary buffer so that users who scribble over
* their read buffer while the operation is in progress do not end up
* modifying the image file. This is critical for zero-copy guest I/O
@@ -943,6 +945,8 @@ static int coroutine_fn bdrv_co_do_copy_on_readv(BlockDriverState *bs,
size_t skip_bytes;
int ret;
+ assert(child->perm & (BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE));
+
/* Cover entire cluster so no additional backing file I/O is required when
* allocating cluster in the image file.
*/
@@ -1051,7 +1055,7 @@ static int coroutine_fn bdrv_aligned_preadv(BdrvChild *child,
}
if (!ret || pnum != nb_sectors) {
- ret = bdrv_co_do_copy_on_readv(bs, offset, bytes, qiov);
+ ret = bdrv_co_do_copy_on_readv(child, offset, bytes, qiov);
goto out;
}
}
@@ -1334,6 +1338,7 @@ static int coroutine_fn bdrv_aligned_pwritev(BdrvChild *child,
assert(!waited || !req->serialising);
assert(req->overlap_offset <= offset);
assert(offset + bytes <= req->overlap_offset + req->overlap_bytes);
+ assert(child->perm & BLK_PERM_WRITE);
ret = notifier_with_return_list_notify(&bs->before_write_notifiers, req);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 52/54] block: Assertions for resize permission
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (50 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 51/54] block: Assertions for write permissions Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 15:14 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 53/54] block: Add Error parameter to bdrv_set_backing_hd() Kevin Wolf
` (3 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
This adds an assertion that ensures that the necessary resize permission
has been granted before bdrv_truncate() is called.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/block.c b/block.c
index 560e84a..33e6415 100644
--- a/block.c
+++ b/block.c
@@ -3098,6 +3098,9 @@ int bdrv_truncate(BdrvChild *child, int64_t offset)
BlockDriverState *bs = child->bs;
BlockDriver *drv = bs->drv;
int ret;
+
+ assert(child->perm & BLK_PERM_RESIZE);
+
if (!drv)
return -ENOMEDIUM;
if (!drv->bdrv_truncate)
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 53/54] block: Add Error parameter to bdrv_set_backing_hd()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (51 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 52/54] block: Assertions for resize permission Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 15:36 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 54/54] block: Add Error parameter to bdrv_append() Kevin Wolf
` (2 subsequent siblings)
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
Not all callers of bdrv_set_backing_hd() know for sure that attaching
the backing file will be allowed by the permission system. Return the
error from the function rather than aborting.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 27 ++++++++++++++++++++-------
block/commit.c | 14 +++++++-------
block/mirror.c | 16 +++++++++++++++-
block/stream.c | 9 ++++++++-
block/vvfat.c | 2 +-
include/block/block.h | 3 ++-
6 files changed, 53 insertions(+), 18 deletions(-)
diff --git a/block.c b/block.c
index 33e6415..b3f03a4 100644
--- a/block.c
+++ b/block.c
@@ -1859,7 +1859,8 @@ static void bdrv_parent_cb_resize(BlockDriverState *bs)
* Sets the backing file link of a BDS. A new reference is created; callers
* which don't need their own reference any more must call bdrv_unref().
*/
-void bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd)
+void bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd,
+ Error **errp)
{
if (backing_hd) {
bdrv_ref(backing_hd);
@@ -1873,9 +1874,9 @@ void bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd)
bs->backing = NULL;
goto out;
}
- /* FIXME Error handling */
+
bs->backing = bdrv_attach_child(bs, backing_hd, "backing", &child_backing,
- &error_abort);
+ errp);
out:
bdrv_refresh_limits(bs, NULL);
@@ -1959,8 +1960,12 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict *parent_options,
/* Hook up the backing file link; drop our reference, bs owns the
* backing_hd reference now */
- bdrv_set_backing_hd(bs, backing_hd);
+ bdrv_set_backing_hd(bs, backing_hd, &local_err);
bdrv_unref(backing_hd);
+ if (local_err) {
+ ret = -EINVAL;
+ goto free_exit;
+ }
qdict_del(parent_options, bdref_key);
@@ -2796,7 +2801,7 @@ static void bdrv_close(BlockDriverState *bs)
bs->drv->bdrv_close(bs);
bs->drv = NULL;
- bdrv_set_backing_hd(bs, NULL);
+ bdrv_set_backing_hd(bs, NULL, &error_abort);
if (bs->file != NULL) {
bdrv_unref_child(bs, bs->file);
@@ -2903,7 +2908,8 @@ void bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top)
bdrv_ref(bs_top);
change_parent_backing_link(bs_top, bs_new);
- bdrv_set_backing_hd(bs_new, bs_top);
+ /* FIXME Error handling */
+ bdrv_set_backing_hd(bs_new, bs_top, &error_abort);
bdrv_unref(bs_top);
/* bs_new is now referenced by its new parents, we don't need the
@@ -3051,6 +3057,7 @@ int bdrv_drop_intermediate(BlockDriverState *active, BlockDriverState *top,
BlockDriverState *base, const char *backing_file_str)
{
BlockDriverState *new_top_bs = NULL;
+ Error *local_err = NULL;
int ret = -EIO;
if (!top->drv || !base->drv) {
@@ -3083,7 +3090,13 @@ int bdrv_drop_intermediate(BlockDriverState *active, BlockDriverState *top,
if (ret) {
goto exit;
}
- bdrv_set_backing_hd(new_top_bs, base);
+
+ bdrv_set_backing_hd(new_top_bs, base, &local_err);
+ if (local_err) {
+ ret = -EPERM;
+ error_report_err(local_err);
+ goto exit;
+ }
ret = 0;
exit:
diff --git a/block/commit.c b/block/commit.c
index b9ec363..9838e77 100644
--- a/block/commit.c
+++ b/block/commit.c
@@ -118,7 +118,7 @@ static void commit_complete(BlockJob *job, void *opaque)
* filter driver from the backing chain. Do this as the final step so that
* the 'consistent read' permission can be granted. */
if (remove_commit_top_bs) {
- bdrv_set_backing_hd(overlay_bs, top);
+ bdrv_set_backing_hd(overlay_bs, top, &error_abort);
}
}
@@ -313,8 +313,8 @@ void commit_start(const char *job_id, BlockDriverState *bs,
goto fail;
}
- bdrv_set_backing_hd(commit_top_bs, top);
- bdrv_set_backing_hd(overlay_bs, commit_top_bs);
+ bdrv_set_backing_hd(commit_top_bs, top, &error_abort);
+ bdrv_set_backing_hd(overlay_bs, commit_top_bs, &error_abort);
s->commit_top_bs = commit_top_bs;
bdrv_unref(commit_top_bs);
@@ -386,7 +386,7 @@ fail:
blk_unref(s->top);
}
if (commit_top_bs) {
- bdrv_set_backing_hd(overlay_bs, top);
+ bdrv_set_backing_hd(overlay_bs, top, &error_abort);
}
block_job_unref(&s->common);
}
@@ -447,8 +447,8 @@ int bdrv_commit(BlockDriverState *bs)
goto ro_cleanup;
}
- bdrv_set_backing_hd(commit_top_bs, backing_file_bs);
- bdrv_set_backing_hd(bs, commit_top_bs);
+ bdrv_set_backing_hd(commit_top_bs, backing_file_bs, &error_abort);
+ bdrv_set_backing_hd(bs, commit_top_bs, &error_abort);
ret = blk_insert_bs(backing, backing_file_bs, &local_err);
if (ret < 0) {
@@ -527,7 +527,7 @@ ro_cleanup:
qemu_vfree(buf);
if (backing_file_bs) {
- bdrv_set_backing_hd(bs, backing_file_bs);
+ bdrv_set_backing_hd(bs, backing_file_bs, &error_abort);
}
bdrv_unref(commit_top_bs);
blk_unref(src);
diff --git a/block/mirror.c b/block/mirror.c
index fa0c0e5..abbd847 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -887,6 +887,7 @@ static void mirror_complete(BlockJob *job, Error **errp)
{
MirrorBlockJob *s = container_of(job, MirrorBlockJob, common);
BlockDriverState *src, *target;
+ Error *local_err = NULL;
src = s->source;
target = blk_bs(s->target);
@@ -935,12 +936,25 @@ static void mirror_complete(BlockJob *job, Error **errp)
if (s->backing_mode == MIRROR_SOURCE_BACKING_CHAIN) {
BlockDriverState *backing = s->is_none_mode ? src : s->base;
if (backing_bs(target) != backing) {
- bdrv_set_backing_hd(target, backing);
+ bdrv_set_backing_hd(target, backing, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ goto fail;
+ }
}
}
s->should_complete = true;
block_job_enter(&s->common);
+ return;
+
+fail:
+ if (s->replaces) {
+ bdrv_unref(s->to_replace);
+ bdrv_op_unblock_all(s->to_replace, s->replace_blocker);
+ error_free(s->replace_blocker);
+ s->replace_blocker = NULL;
+ }
}
static void mirror_pause(BlockJob *job)
diff --git a/block/stream.c b/block/stream.c
index 0c30d41..bd3d2ce 100644
--- a/block/stream.c
+++ b/block/stream.c
@@ -68,6 +68,7 @@ static void stream_complete(BlockJob *job, void *opaque)
StreamCompleteData *data = opaque;
BlockDriverState *bs = blk_bs(job->blk);
BlockDriverState *base = s->base;
+ Error *local_err = NULL;
if (!block_job_is_cancelled(&s->common) && data->reached_end &&
data->ret == 0) {
@@ -79,9 +80,15 @@ static void stream_complete(BlockJob *job, void *opaque)
}
}
data->ret = bdrv_change_backing_file(bs, base_id, base_fmt);
- bdrv_set_backing_hd(bs, base);
+ bdrv_set_backing_hd(bs, base, &local_err);
+ if (local_err) {
+ error_report_err(local_err);
+ data->ret = -EPERM;
+ goto out;
+ }
}
+out:
/* Reopen the image back in read-only mode if necessary */
if (s->bs_flags != bdrv_get_flags(bs)) {
bdrv_reopen(bs, s->bs_flags, NULL);
diff --git a/block/vvfat.c b/block/vvfat.c
index 72b482c..aa61c32 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -3041,7 +3041,7 @@ static int enable_write_target(BlockDriverState *bs, Error **errp)
&error_abort);
*(void**) backing->opaque = s;
- bdrv_set_backing_hd(s->bs, backing);
+ bdrv_set_backing_hd(s->bs, backing, &error_abort);
bdrv_unref(backing);
return 0;
diff --git a/include/block/block.h b/include/block/block.h
index 701d22b..6a6408e 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -246,7 +246,8 @@ BdrvChild *bdrv_open_child(const char *filename,
BlockDriverState* parent,
const BdrvChildRole *child_role,
bool allow_none, Error **errp);
-void bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd);
+void bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd,
+ Error **errp);
int bdrv_open_backing_file(BlockDriverState *bs, QDict *parent_options,
const char *bdref_key, Error **errp);
BlockDriverState *bdrv_open(const char *filename, const char *reference,
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* [Qemu-devel] [PATCH 54/54] block: Add Error parameter to bdrv_append()
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (52 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 53/54] block: Add Error parameter to bdrv_set_backing_hd() Kevin Wolf
@ 2017-02-21 14:58 ` Kevin Wolf
2017-02-25 15:49 ` Max Reitz
2017-02-21 16:38 ` [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 no-reply
2017-02-24 14:25 ` Kevin Wolf
55 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-21 14:58 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, mreitz, jcody, famz, qemu-devel
Aborting on error in bdrv_append() isn't correct. This patch fixes it
and lets the callers handle failures.
Test case 085 needs a reference output update. This is caused by the
reversed order of bdrv_set_backing_hd() and change_parent_backing_link()
in bdrv_append(): When the backing file of the new node is set, the
parent nodes are still pointing to the old top, so the backing blocker
is now initialised with the node name rather than the BlockBackend name.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 23 +++++++++++++++++------
block/mirror.c | 9 ++++++++-
blockdev.c | 15 +++++++++++++--
include/block/block.h | 3 ++-
tests/qemu-iotests/085.out | 2 +-
5 files changed, 41 insertions(+), 11 deletions(-)
diff --git a/block.c b/block.c
index b3f03a4..33edbda 100644
--- a/block.c
+++ b/block.c
@@ -2060,6 +2060,7 @@ static BlockDriverState *bdrv_append_temp_snapshot(BlockDriverState *bs,
int64_t total_size;
QemuOpts *opts = NULL;
BlockDriverState *bs_snapshot;
+ Error *local_err = NULL;
int ret;
/* if snapshot, we create a temporary backing file and open it
@@ -2109,7 +2110,12 @@ static BlockDriverState *bdrv_append_temp_snapshot(BlockDriverState *bs,
* call bdrv_unref() on it), so in order to be able to return one, we have
* to increase bs_snapshot's refcount here */
bdrv_ref(bs_snapshot);
- bdrv_append(bs_snapshot, bs);
+ bdrv_append(bs_snapshot, bs, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ ret = -EINVAL;
+ goto out;
+ }
g_free(tmp_filename);
return bs_snapshot;
@@ -2900,20 +2906,25 @@ static void change_parent_backing_link(BlockDriverState *from,
* parents of bs_top after bdrv_append() returns. If the caller needs to keep a
* reference of its own, it must call bdrv_ref().
*/
-void bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top)
+void bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top,
+ Error **errp)
{
+ Error *local_err = NULL;
+
assert(!atomic_read(&bs_top->in_flight));
assert(!atomic_read(&bs_new->in_flight));
- bdrv_ref(bs_top);
+ bdrv_set_backing_hd(bs_new, bs_top, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ goto out;
+ }
change_parent_backing_link(bs_top, bs_new);
- /* FIXME Error handling */
- bdrv_set_backing_hd(bs_new, bs_top, &error_abort);
- bdrv_unref(bs_top);
/* bs_new is now referenced by its new parents, we don't need the
* additional reference any more. */
+out:
bdrv_unref(bs_new);
}
diff --git a/block/mirror.c b/block/mirror.c
index abbd847..4e35d85 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -1066,6 +1066,7 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
BlockDriverState *mirror_top_bs;
bool target_graph_mod;
bool target_is_backing;
+ Error *local_err = NULL;
int ret;
if (granularity == 0) {
@@ -1096,9 +1097,15 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
* it alive until block_job_create() even if bs has no parent. */
bdrv_ref(mirror_top_bs);
bdrv_drained_begin(bs);
- bdrv_append(mirror_top_bs, bs);
+ bdrv_append(mirror_top_bs, bs, &local_err);
bdrv_drained_end(bs);
+ if (local_err) {
+ bdrv_unref(mirror_top_bs);
+ error_propagate(errp, local_err);
+ return;
+ }
+
/* Make sure that the source is not resized while the job is running */
s = block_job_create(job_id, driver, mirror_top_bs,
BLK_PERM_CONSISTENT_READ,
diff --git a/blockdev.c b/blockdev.c
index 63b1ac4..580fa66 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -1764,6 +1764,16 @@ static void external_snapshot_prepare(BlkActionState *common,
if (!state->new_bs->drv->supports_backing) {
error_setg(errp, "The snapshot does not support backing images");
+ return;
+ }
+
+ /* This removes our old bs and adds the new bs. This is an operation that
+ * can fail, so we need to do it in .prepare; undoing it for abort is
+ * always possible. */
+ bdrv_append(state->new_bs, state->old_bs, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
}
}
@@ -1774,8 +1784,6 @@ static void external_snapshot_commit(BlkActionState *common)
bdrv_set_aio_context(state->new_bs, state->aio_context);
- /* This removes our old bs and adds the new bs */
- bdrv_append(state->new_bs, state->old_bs);
/* We don't need (or want) to use the transactional
* bdrv_reopen_multiple() across all the entries at once, because we
* don't want to abort all of them if one of them fails the reopen */
@@ -1791,6 +1799,9 @@ static void external_snapshot_abort(BlkActionState *common)
DO_UPCAST(ExternalSnapshotState, common, common);
if (state->new_bs) {
bdrv_unref(state->new_bs);
+ if (state->new_bs->backing) {
+ bdrv_replace_in_backing_chain(state->new_bs, state->old_bs);
+ }
}
}
diff --git a/include/block/block.h b/include/block/block.h
index 6a6408e..6ce8b26 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -235,7 +235,8 @@ int bdrv_create(BlockDriver *drv, const char* filename,
QemuOpts *opts, Error **errp);
int bdrv_create_file(const char *filename, QemuOpts *opts, Error **errp);
BlockDriverState *bdrv_new(void);
-void bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top);
+void bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top,
+ Error **errp);
void bdrv_replace_in_backing_chain(BlockDriverState *old,
BlockDriverState *new);
diff --git a/tests/qemu-iotests/085.out b/tests/qemu-iotests/085.out
index 08e4bb7..182acb4 100644
--- a/tests/qemu-iotests/085.out
+++ b/tests/qemu-iotests/085.out
@@ -74,7 +74,7 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 backing_file=TEST_DIR/
=== Invalid command - snapshot node used as backing hd ===
-{"error": {"class": "GenericError", "desc": "Node 'snap_11' is busy: node is used as backing hd of 'virtio0'"}}
+{"error": {"class": "GenericError", "desc": "Node 'snap_11' is busy: node is used as backing hd of 'snap_12'"}}
=== Invalid command - snapshot node has a backing image ===
--
1.8.3.1
^ permalink raw reply related [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 00/54] New op blocker system, part 1
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (53 preceding siblings ...)
2017-02-21 14:58 ` [Qemu-devel] [PATCH 54/54] block: Add Error parameter to bdrv_append() Kevin Wolf
@ 2017-02-21 16:38 ` no-reply
2017-02-24 14:25 ` Kevin Wolf
55 siblings, 0 replies; 131+ messages in thread
From: no-reply @ 2017-02-21 16:38 UTC (permalink / raw)
To: kwolf; +Cc: famz, qemu-block, jcody
Hi,
This series seems to have some coding style problems. See output below for
more information:
Type: series
Subject: [Qemu-devel] [PATCH 00/54] New op blocker system, part 1
Message-id: 1487689130-30373-1-git-send-email-kwolf@redhat.com
=== TEST SCRIPT BEGIN ===
#!/bin/bash
BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0
# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True
commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done
exit $failed
=== TEST SCRIPT END ===
Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
- [tag update] patchew/1487363905-9480-1-git-send-email-armbru@redhat.com -> patchew/1487363905-9480-1-git-send-email-armbru@redhat.com
* [new tag] patchew/1487689130-30373-1-git-send-email-kwolf@redhat.com -> patchew/1487689130-30373-1-git-send-email-kwolf@redhat.com
- [tag update] patchew/20170221115512.21918-1-berrange@redhat.com -> patchew/20170221115512.21918-1-berrange@redhat.com
- [tag update] patchew/20170221141451.28305-1-marcandre.lureau@redhat.com -> patchew/20170221141451.28305-1-marcandre.lureau@redhat.com
Switched to a new branch 'test'
6250670 block: Add Error parameter to bdrv_append()
81ad909 block: Add Error parameter to bdrv_set_backing_hd()
7279c72 block: Assertions for resize permission
75eb5f4 block: Assertions for write permissions
eb72651 block: Pass BdrvChild to bdrv_aligned_preadv/pwritev
5ed6aa6 tests: Remove FIXME comments
decb6e0 nbd/server: Use real permissions for NBD exports
ca8c8f5 migration/block: Use real permissions
50e1e34 hmp: Request permissions in qemu-io
a839e2e commit: Add filter-node-name to block-commit
66a7bce mirror: Add filter-node-name to blockdev-mirror
202f494 stream: Use real permissions in streaming block job
25bd3cd mirror: Use real permissions in mirror/active commit block job
51ac8c3 block: Allow backing file links in change_parent_backing_link()
23f65d8 block: BdrvChildRole.attach/detach() callbacks
4e76bef block: Fix pending requests check in bdrv_append()
c7b4ae6 backup: Use real permissions in backup block job
4ba5d90 commit: Use real permissions for HMP 'commit'
c096907 commit: Use real permissions in commit block job
2fba186 blockjob: Add permissions to block_job_add_bdrv()
d07ff30 block: Add BdrvChildRole.stay_at_node
ce4d7a7 block: Include details on permission errors in message
12ffb27 block: Add BdrvChildRole.get_parent_desc()
c2ce609 blockjob: Add permissions to block_job_create()
62d3e5e hw/block: Introduce share-rw qdev property
ce2b431 hw/block: Request permissions
960aefe block: Allow error return in BlockDevOps.change_media_cb()
b8f2ec6 block: Request real permissions in blk_new_open()
1a14589 block: Add BDRV_O_RESIZE for blk_new_open()
099cca9 block: Add error parameter to blk_insert_bs()
6b7f8a8 block: Add permissions to blk_new()
3fab508 block: Add permissions to BlockBackend
9dc8540 block: Request real permissions in bdrv_attach_child()
36ab94b block: Require .bdrv_child_perm() with child nodes
f38b810 vvfat: Implement .bdrv_child_perm()
71e6c39 block: Request child permissions in format drivers
743f766 block: Default .bdrv_child_perm() for format drivers
2b0de16 block: Request child permissions in filter drivers
a360de8 block: Default .bdrv_child_perm() for filter drivers
cf4c576 block: Involve block drivers in permission granting
6105af3 block: Let callers request permissions when attaching a child node
edfea57 block: Add Error argument to bdrv_attach_child()
74330bd block: Add op blocker permission constants
daee2fb tests: Use opened block node for block job tests
a81f5d6 vvfat: Use opened node as backing file
64be2da block: Add bdrv_new_open_driver()
8e74a4f block: Factor out bdrv_open_driver()
7da4b8f block: Use BlockBackend for image probing
210ae8d block: Factor out bdrv_open_child_bs()
856867b block: Attach bs->file only during .bdrv_open()
d5f1724 block: Pass BdrvChild to bdrv_truncate()
8a0dd79 mirror: Resize active commit base in mirror_run()
a2f0a85 qcow2: Use BB for resizing in qcow2_amend_options()
0dcd9f3 blockdev: Use BlockBackend to resize in qmp_block_resize()
=== OUTPUT BEGIN ===
Checking PATCH 1/54: blockdev: Use BlockBackend to resize in qmp_block_resize()...
Checking PATCH 2/54: qcow2: Use BB for resizing in qcow2_amend_options()...
Checking PATCH 3/54: mirror: Resize active commit base in mirror_run()...
Checking PATCH 4/54: block: Pass BdrvChild to bdrv_truncate()...
Checking PATCH 5/54: block: Attach bs->file only during .bdrv_open()...
Checking PATCH 6/54: block: Factor out bdrv_open_child_bs()...
ERROR: "foo* bar" should be "foo *bar"
#41: FILE: block.c:1551:
+ BlockDriverState* parent, const BdrvChildRole *child_role,
ERROR: "foo* bar" should be "foo *bar"
#78: FILE: block.c:1602:
+ BlockDriverState* parent,
total: 2 errors, 0 warnings, 76 lines checked
Your patch has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 7/54: block: Use BlockBackend for image probing...
Checking PATCH 8/54: block: Factor out bdrv_open_driver()...
Checking PATCH 9/54: block: Add bdrv_new_open_driver()...
Checking PATCH 10/54: vvfat: Use opened node as backing file...
ERROR: "(foo*)" should be "(foo *)"
#32: FILE: block/vvfat.c:2971:
+ .instance_size = sizeof(void*),
ERROR: "(foo**)" should be "(foo **)"
#43: FILE: block/vvfat.c:3042:
+ *(void**) backing->opaque = s;
total: 2 errors, 0 warnings, 25 lines checked
Your patch has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 11/54: tests: Use opened block node for block job tests...
Checking PATCH 12/54: block: Add op blocker permission constants...
Checking PATCH 13/54: block: Add Error argument to bdrv_attach_child()...
Checking PATCH 14/54: block: Let callers request permissions when attaching a child node...
Checking PATCH 15/54: block: Involve block drivers in permission granting...
Checking PATCH 16/54: block: Default .bdrv_child_perm() for filter drivers...
Checking PATCH 17/54: block: Request child permissions in filter drivers...
Checking PATCH 18/54: block: Default .bdrv_child_perm() for format drivers...
Checking PATCH 19/54: block: Request child permissions in format drivers...
Checking PATCH 20/54: vvfat: Implement .bdrv_child_perm()...
Checking PATCH 21/54: block: Require .bdrv_child_perm() with child nodes...
Checking PATCH 22/54: block: Request real permissions in bdrv_attach_child()...
Checking PATCH 23/54: block: Add permissions to BlockBackend...
Checking PATCH 24/54: block: Add permissions to blk_new()...
Checking PATCH 25/54: block: Add error parameter to blk_insert_bs()...
Checking PATCH 26/54: block: Add BDRV_O_RESIZE for blk_new_open()...
WARNING: line over 80 characters
#155: FILE: include/block/block.h:85:
+#define BDRV_O_RESIZE 0x0004 /* requests permission for resizing the node */
total: 0 errors, 1 warnings, 96 lines checked
Your patch has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 27/54: block: Request real permissions in blk_new_open()...
Checking PATCH 28/54: block: Allow error return in BlockDevOps.change_media_cb()...
Checking PATCH 29/54: hw/block: Request permissions...
Checking PATCH 30/54: hw/block: Introduce share-rw qdev property...
WARNING: line over 80 characters
#56: FILE: include/hw/block/block.h:57:
+ DEFINE_PROP_ON_OFF_AUTO("write-cache", _state, _conf.wce, ON_OFF_AUTO_AUTO), \
total: 0 errors, 1 warnings, 403 lines checked
Your patch has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 31/54: blockjob: Add permissions to block_job_create()...
Checking PATCH 32/54: block: Add BdrvChildRole.get_parent_desc()...
Checking PATCH 33/54: block: Include details on permission errors in message...
Checking PATCH 34/54: block: Add BdrvChildRole.stay_at_node...
Checking PATCH 35/54: blockjob: Add permissions to block_job_add_bdrv()...
Checking PATCH 36/54: commit: Use real permissions in commit block job...
Checking PATCH 37/54: commit: Use real permissions for HMP 'commit'...
Checking PATCH 38/54: backup: Use real permissions in backup block job...
Checking PATCH 39/54: block: Fix pending requests check in bdrv_append()...
Checking PATCH 40/54: block: BdrvChildRole.attach/detach() callbacks...
Checking PATCH 41/54: block: Allow backing file links in change_parent_backing_link()...
Checking PATCH 42/54: mirror: Use real permissions in mirror/active commit block job...
WARNING: line over 80 characters
#277: FILE: block/mirror.c:1152:
+ /* XXX BLK_PERM_WRITE needs to be allowed so we don't block ourselves
WARNING: line over 80 characters
#278: FILE: block/mirror.c:1153:
+ * at s->base. The other options would be a second filter driver above
total: 0 errors, 2 warnings, 313 lines checked
Your patch has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 43/54: stream: Use real permissions in streaming block job...
Checking PATCH 44/54: mirror: Add filter-node-name to blockdev-mirror...
Checking PATCH 45/54: commit: Add filter-node-name to block-commit...
Checking PATCH 46/54: hmp: Request permissions in qemu-io...
Checking PATCH 47/54: migration/block: Use real permissions...
Checking PATCH 48/54: nbd/server: Use real permissions for NBD exports...
Checking PATCH 49/54: tests: Remove FIXME comments...
Checking PATCH 50/54: block: Pass BdrvChild to bdrv_aligned_preadv/pwritev...
Checking PATCH 51/54: block: Assertions for write permissions...
Checking PATCH 52/54: block: Assertions for resize permission...
Checking PATCH 53/54: block: Add Error parameter to bdrv_set_backing_hd()...
Checking PATCH 54/54: block: Add Error parameter to bdrv_append()...
=== OUTPUT END ===
Test command exited with code: 1
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@freelists.org
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 01/54] blockdev: Use BlockBackend to resize in qmp_block_resize()
2017-02-21 14:57 ` [Qemu-devel] [PATCH 01/54] blockdev: Use BlockBackend to resize in qmp_block_resize() Kevin Wolf
@ 2017-02-22 12:27 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 12:27 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 425 bytes --]
On 21.02.2017 15:57, Kevin Wolf wrote:
> In order to be able to do permission checking and to keep working with
> the BdrvChild based bdrv_truncate() that this involves, we need to
> create a temporary BlockBackend to resize the image.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> blockdev.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 02/54] qcow2: Use BB for resizing in qcow2_amend_options()
2017-02-21 14:57 ` [Qemu-devel] [PATCH 02/54] qcow2: Use BB for resizing in qcow2_amend_options() Kevin Wolf
@ 2017-02-22 12:28 ` Max Reitz
2017-02-22 15:53 ` Eric Blake
1 sibling, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 12:28 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 410 bytes --]
On 21.02.2017 15:57, Kevin Wolf wrote:
> In order to able to conver bdrv_truncate() to take a BdrvChild and
> later to correctly check the resize permission here, we need to use a
> BlockBackend for resizing the image.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/qcow2.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 03/54] mirror: Resize active commit base in mirror_run()
2017-02-21 14:57 ` [Qemu-devel] [PATCH 03/54] mirror: Resize active commit base in mirror_run() Kevin Wolf
@ 2017-02-22 12:34 ` Max Reitz
2017-02-23 11:31 ` Fam Zheng
1 sibling, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 12:34 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 500 bytes --]
On 21.02.2017 15:57, Kevin Wolf wrote:
> This is more consistent with the commit block job, and it moves the code
> to a place where we already have the necessary BlockBackends to resize
> the base image when bdrv_truncate() is changed to require a BdrvChild.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/mirror.c | 50 ++++++++++++++++++++++----------------------------
> 1 file changed, 22 insertions(+), 28 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 04/54] block: Pass BdrvChild to bdrv_truncate()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 04/54] block: Pass BdrvChild to bdrv_truncate() Kevin Wolf
@ 2017-02-22 12:37 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 12:37 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 618 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 3 ++-
> block/blkdebug.c | 2 +-
> block/block-backend.c | 2 +-
> block/crypto.c | 2 +-
> block/parallels.c | 8 ++++----
> block/qcow.c | 4 ++--
> block/qcow2-refcount.c | 2 +-
> block/qcow2.c | 4 ++--
> block/raw-format.c | 2 +-
> block/vhdx-log.c | 2 +-
> block/vhdx.c | 2 +-
> include/block/block.h | 2 +-
> 12 files changed, 18 insertions(+), 17 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 05/54] block: Attach bs->file only during .bdrv_open()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 05/54] block: Attach bs->file only during .bdrv_open() Kevin Wolf
@ 2017-02-22 12:41 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 12:41 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 2099 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> The way that attaching bs->file worked was a bit unusual in that it was
> the only child that would be attached to a node which is not opened yet.
> Because of this, the block layer couldn't know yet which permissions the
> driver would eventually need.
>
> This patch moves the point where bs->file is attached to the beginning
> of the individual .bdrv_open() implementations, so drivers already know
> what they are going to do with the child. This is also more consistent
> with how driver-specific children work.
>
> For a moment, bdrv_open() gets its own BdrvChild to perform image
> probing, but instead of directly assigning this BdrvChild to the BDS, it
> becomes a temporary one and the node name is passed as an option to the
> drivers, so that they can simply use bdrv_open_child() to create another
> reference for their own use.
>
> This duplicated child for (the not opened yet) bs is not the final
> state, a follow-up patch will change the image probing code to use a
> BlockBackend, which is completely independent of bs.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 35 ++++++++++++++++++++++++-----------
> block/bochs.c | 6 ++++++
> block/cloop.c | 6 ++++++
> block/crypto.c | 6 ++++++
> block/dmg.c | 6 ++++++
> block/parallels.c | 6 ++++++
> block/qcow.c | 6 ++++++
> block/qcow2.c | 18 +++++++++++++++---
> block/qed.c | 18 +++++++++++++++---
> block/raw-format.c | 6 ++++++
> block/replication.c | 6 ++++++
> block/vdi.c | 6 ++++++
> block/vhdx.c | 6 ++++++
> block/vmdk.c | 6 ++++++
> block/vpc.c | 6 ++++++
> tests/qemu-iotests/051.out | 4 ++--
> tests/qemu-iotests/051.pc.out | 4 ++--
> 17 files changed, 130 insertions(+), 21 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 06/54] block: Factor out bdrv_open_child_bs()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 06/54] block: Factor out bdrv_open_child_bs() Kevin Wolf
@ 2017-02-22 12:46 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 12:46 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 489 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> This is the part of bdrv_open_child() that opens a BDS with option
> inheritance, but doesn't attach it as a child to the parent yet.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 61 +++++++++++++++++++++++++++++++++++++------------------------
> 1 file changed, 37 insertions(+), 24 deletions(-)
Modulo the errors patchew noted (same applies to all of my R-bs):
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 07/54] block: Use BlockBackend for image probing
2017-02-21 14:58 ` [Qemu-devel] [PATCH 07/54] block: Use BlockBackend for image probing Kevin Wolf
@ 2017-02-22 12:56 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 12:56 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 1150 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> This fixes the use of a parent-less BdrvChild in bdrv_open_inherit() by
> converting it into a BlockBackend. Which is exactly what it should be,
> image probing is an external, standalone user of a node. The requests
> can't be considered to originate from the format driver node because
> that one isn't even opened yet.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 34 +++++++++++++++++++---------------
> 1 file changed, 19 insertions(+), 15 deletions(-)
>
> diff --git a/block.c b/block.c
> index e9d90aa..0f17576 100644
> --- a/block.c
> +++ b/block.c
[...]
> @@ -1922,7 +1926,7 @@ static BlockDriverState *bdrv_open_inherit(const char *filename,
>
> fail:
> if (file != NULL) {
> - bdrv_unref_child(bs, file);
> + blk_unref(file);
> }
You could drop the now superfluous condition around it, but anyway:
Reviewed-by: Max Reitz <mreitz@redhat.com>
(Also, you could revert the change to bdrv_unref_child() done in patch 5.)
Max
> if (bs->file != NULL) {
> bdrv_unref_child(bs, bs->file);
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 08/54] block: Factor out bdrv_open_driver()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 08/54] block: Factor out bdrv_open_driver() Kevin Wolf
@ 2017-02-22 12:59 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 12:59 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 453 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> This is a function that doesn't do any option parsing, but just does
> some basic BlockDriverState setup and calls the .bdrv_open() function of
> the block driver.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 112 +++++++++++++++++++++++++++++++++++++---------------------------
> 1 file changed, 65 insertions(+), 47 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 09/54] block: Add bdrv_new_open_driver()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 09/54] block: Add bdrv_new_open_driver() Kevin Wolf
@ 2017-02-22 13:15 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 13:15 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 466 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> This function allows to create more or less normal BlockDriverStates
> even for BlockDrivers that aren't globally registered (e.g. helper
> filters for block jobs).
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 30 +++++++++++++++++++++++++++++-
> include/block/block.h | 2 ++
> 2 files changed, 31 insertions(+), 1 deletion(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 10/54] vvfat: Use opened node as backing file
2017-02-21 14:58 ` [Qemu-devel] [PATCH 10/54] vvfat: Use opened node as backing file Kevin Wolf
@ 2017-02-22 13:26 ` Max Reitz
2017-02-23 11:49 ` Fam Zheng
1 sibling, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 13:26 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 1150 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> We should not try to assign a not yet opened node as the backing file,
> because as soon as the permission system is added it will fail. The
> just added bdrv_new_open_driver() function is the right tool to open a
> file with an internal driver, use it.
>
> In case anyone wonders whether that magic fake backing file to trigger a
> special action on 'commit' actually works today: No, not for me. One
> reason is that we've been adding a raw format driver on top for several
> years now and raw doesn't support commit. Other reasons include that the
> backing file isn't writable and the driver doesn't support reopen, and
> it's also size 0 and the driver doesn't support bdrv_truncate. All of
> these are easily fixable, but then 'commit' ended up in an infinite loop
> deep in the vvfat code for me, so I thought I'd best leave it alone. I'm
> not really sure what it was supposed to do anyway.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/vvfat.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 11/54] tests: Use opened block node for block job tests
2017-02-21 14:58 ` [Qemu-devel] [PATCH 11/54] tests: Use opened block node for block job tests Kevin Wolf
@ 2017-02-22 13:41 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 13:41 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 507 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> blk_insert_bs() and block job related functions will soon require an
> opened block node (permission calculations will involve the block
> driver), so let our tests be consistent with the real users in this
> respect.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> tests/test-blockjob-txn.c | 6 +++++-
> tests/test-blockjob.c | 6 +++++-
> 2 files changed, 10 insertions(+), 2 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 12/54] block: Add op blocker permission constants
2017-02-21 14:58 ` [Qemu-devel] [PATCH 12/54] block: Add op blocker permission constants Kevin Wolf
@ 2017-02-22 13:43 ` Max Reitz
2017-02-23 11:53 ` Fam Zheng
1 sibling, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 13:43 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 350 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> This patch defines the permission categories that will be used by the
> new op blocker system.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> include/block/block.h | 35 +++++++++++++++++++++++++++++++++++
> 1 file changed, 35 insertions(+)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 13/54] block: Add Error argument to bdrv_attach_child()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 13/54] block: Add Error argument to bdrv_attach_child() Kevin Wolf
@ 2017-02-22 13:46 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 13:46 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 397 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> It will have to return an error soon, so prepare the callers for it.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 16 +++++++++++++---
> block/quorum.c | 9 ++++++++-
> include/block/block.h | 3 ++-
> 3 files changed, 23 insertions(+), 5 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 14/54] block: Let callers request permissions when attaching a child node
2017-02-21 14:58 ` [Qemu-devel] [PATCH 14/54] block: Let callers request permissions when attaching a child node Kevin Wolf
@ 2017-02-22 13:47 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 13:47 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 1185 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> When attaching a node as a child to a new parent, the required and
> shared permissions for this parent are checked against all other parents
> of the node now, and an error is returned if there is a conflict.
>
> This allows error returns to a function that previously always
> succeeded, and the same is true for quite a few callers and their
> callers. Converting all of them within the same patch would be too much,
> so for now everyone tells that they don't need any permissions and allow
> everyone else to do anything. This way we can use &error_abort initially
> and convert caller by caller to pass actual permission requirements and
> implement error handling.
>
> All these places are marked with FIXME comments and it will be the job
> of the next patches to clean them up again.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 66 +++++++++++++++++++++++++++++++++++++++++------
> block/block-backend.c | 8 ++++--
> include/block/block_int.h | 15 ++++++++++-
> 3 files changed, 78 insertions(+), 11 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 15/54] block: Involve block drivers in permission granting
2017-02-21 14:58 ` [Qemu-devel] [PATCH 15/54] block: Involve block drivers in permission granting Kevin Wolf
@ 2017-02-22 14:04 ` Max Reitz
2017-02-27 12:28 ` Kevin Wolf
0 siblings, 1 reply; 131+ messages in thread
From: Max Reitz @ 2017-02-22 14:04 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 3239 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> In many cases, the required permissions of one node on its children
> depends on what its parents require from it. For example, the raw format
*depend
> or most filter drivers only need to request consistent reads if that's
> something that one of their parents wants.
>
> In order to achieve this, this patch introduces two new BlockDriver
> callbacks. The first one lets drivers first check (recursively) whether
> the requested permissions can be set; the second one actually sets the
> new permission bitmask.
>
> Also add helper functions that drivers can use in their implementation
> of the callbacks to update their permissions on a specific child.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 176 ++++++++++++++++++++++++++++++++++++++++++++++
> include/block/block_int.h | 61 ++++++++++++++++
> 2 files changed, 237 insertions(+)
>
> diff --git a/block.c b/block.c
> index d9f2267..2a86781 100644
> --- a/block.c
> +++ b/block.c
> @@ -1326,11 +1326,145 @@ static int bdrv_fill_options(QDict **options, const char *filename,
[...]
> +/*
> + * Notifies drivers that after a previous bdrv_check_perm() call, the
> + * permission update is not performed and any preparations made for it (e.g.
> + * taken file locks) need to be undone.
> + *
> + * This function recursively notifies all child nodes.
> + */
> +static void bdrv_abort_perm_update(BlockDriverState *bs)
> +{
> + BlockDriver *drv = bs->drv;
> + BdrvChild *c;
> +
> + if (!drv) {
> + return;
> + }
> +
> + if (drv->bdrv_abort_perm_update) {
> + drv->bdrv_abort_perm_update(bs);
> + }
> +
> + QLIST_FOREACH(c, &bs->children, next) {
> + bdrv_abort_perm_update(c->bs);
Could use bdrv_child_abort_perm_update(c) just for symmetry with
bdrv_check_perm() (which uses bdrv_child_check_perm() to recurse).
> + }
> +}
> +
[...]
> @@ -1353,8 +1487,47 @@ static int bdrv_check_update_perm(BlockDriverState *bs, uint64_t new_used_perm,
> error_setg(errp, "Conflicts with %s", user ?: "another operation");
> return -EPERM;
> }
> +
> + cumulative_perms |= c->perm;
> + cumulative_shared_perms &= c->shared_perm;
> + }
> +
> + return bdrv_check_perm(bs, cumulative_perms, cumulative_shared_perms, errp);
> +}
> +
> +/* Needs to be followed by a call to either bdrv_set_perm() or
> + * bdrv_abort_perm_update(). */
*"bdrv_child_set_perm() or bdrv_child_abort_perm_update()"?
(Doesn't really matter, but it makes for nicer symmetry.)
> +int bdrv_child_check_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
> + Error **errp)
> +{
> + return bdrv_check_update_perm(c->bs, perm, shared, c, errp);
> +}
[...]
> @@ -1390,6 +1565,7 @@ BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
>
> ret = bdrv_check_update_perm(child_bs, perm, shared_perm, NULL, errp);
> if (ret < 0) {
> + bdrv_abort_perm_update(child_bs);
> return NULL;
> }
>
This function doesn't call bdrv_set_perm(). Intentional?
Max
[...]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 16/54] block: Default .bdrv_child_perm() for filter drivers
2017-02-21 14:58 ` [Qemu-devel] [PATCH 16/54] block: Default .bdrv_child_perm() for filter drivers Kevin Wolf
@ 2017-02-22 14:05 ` Max Reitz
2017-02-22 14:28 ` Max Reitz
2017-02-23 12:36 ` Fam Zheng
2 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 14:05 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 656 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Most filters need permissions related to read and write for their
> children, but only if the node has a parent that wants to use the same
> operation on the filter. The same is true for resize.
>
> This adds a default implementation that simply forwards all necessary
> permissions to all children of the node and leaves the other permissions
> unchanged.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 24 ++++++++++++++++++++++++
> include/block/block_int.h | 8 ++++++++
> 2 files changed, 32 insertions(+)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 17/54] block: Request child permissions in filter drivers
2017-02-21 14:58 ` [Qemu-devel] [PATCH 17/54] block: Request child permissions in " Kevin Wolf
@ 2017-02-22 14:07 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 14:07 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 549 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> All callers will have to request permissions for all of their child
> nodes. Block drivers that act as simply filters can use the default
> implementation of .bdrv_child_perm().
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/blkdebug.c | 2 ++
> block/blkreplay.c | 1 +
> block/blkverify.c | 1 +
> block/quorum.c | 2 ++
> block/raw-format.c | 1 +
> block/replication.c | 1 +
> 6 files changed, 8 insertions(+)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 18/54] block: Default .bdrv_child_perm() for format drivers
2017-02-21 14:58 ` [Qemu-devel] [PATCH 18/54] block: Default .bdrv_child_perm() for format drivers Kevin Wolf
@ 2017-02-22 14:08 ` Max Reitz
2017-02-25 11:57 ` Max Reitz
1 sibling, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 14:08 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 865 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Almost all format drivers have the same characteristics as far as
> permissions are concerned: They have one or more children for storing
> their own data and, more importantly, metadata (can be written to and
> grow even without external write requests, must be protected against
> other writers and present consistent data) and optionally a backing file
> (this is just data, so like for a filter, it only depends on what the
> parent nodes need).
>
> This provides a default implementation that can be shared by most of
> our format drivers.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 42 ++++++++++++++++++++++++++++++++++++++++++
> include/block/block_int.h | 8 ++++++++
> 2 files changed, 50 insertions(+)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 19/54] block: Request child permissions in format drivers
2017-02-21 14:58 ` [Qemu-devel] [PATCH 19/54] block: Request child permissions in " Kevin Wolf
@ 2017-02-22 14:09 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 14:09 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 887 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> This makes use of the .bdrv_child_perm() implementation for formats that
> we just added. All format drivers expose the permissions they actually
> need nows, so that they can be set accordingly and updated when parents
> are attached or detached.
>
> The only format not included here is raw, which was already converted
> with the other filter drivers.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/bochs.c | 1 +
> block/cloop.c | 1 +
> block/crypto.c | 1 +
> block/dmg.c | 1 +
> block/parallels.c | 1 +
> block/qcow.c | 1 +
> block/qcow2.c | 1 +
> block/qed.c | 1 +
> block/vdi.c | 1 +
> block/vhdx.c | 1 +
> block/vmdk.c | 1 +
> block/vpc.c | 1 +
> 12 files changed, 12 insertions(+)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 20/54] vvfat: Implement .bdrv_child_perm()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 20/54] vvfat: Implement .bdrv_child_perm() Kevin Wolf
@ 2017-02-22 14:12 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 14:12 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 648 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> vvfat is the last remaining driver that can have children, but doesn't
> implement .bdrv_child_perm() yet. The default handlers aren't suitable
> here, so let's implement a very simple driver-specific one that protects
> the internal child from being used by other users as good as our
> permissions permit.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 2 +-
> block/vvfat.c | 22 ++++++++++++++++++++++
> include/block/block_int.h | 1 +
> 3 files changed, 24 insertions(+), 1 deletion(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 21/54] block: Require .bdrv_child_perm() with child nodes
2017-02-21 14:58 ` [Qemu-devel] [PATCH 21/54] block: Require .bdrv_child_perm() with child nodes Kevin Wolf
@ 2017-02-22 14:14 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 14:14 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 421 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> All block drivers that can have child nodes implement .bdrv_child_perm()
> now. Make this officially a requirement by asserting that only drivers
> without children can omit .bdrv_child_perm().
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 22/54] block: Request real permissions in bdrv_attach_child()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 22/54] block: Request real permissions in bdrv_attach_child() Kevin Wolf
@ 2017-02-22 14:24 ` Max Reitz
2017-02-22 14:31 ` Max Reitz
1 sibling, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 14:24 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 592 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Now that all block drivers with children tell us what permissions they
> need from each of their children, bdrv_attach_child() can use this
> information and make the right requirements while trying to attach new
> children.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
Not sure whether it was intended how the assertion in vvfat still passes
(@c == s->qcow because both are NULL...), but it works, so:
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 16/54] block: Default .bdrv_child_perm() for filter drivers
2017-02-21 14:58 ` [Qemu-devel] [PATCH 16/54] block: Default .bdrv_child_perm() for filter drivers Kevin Wolf
2017-02-22 14:05 ` Max Reitz
@ 2017-02-22 14:28 ` Max Reitz
2017-02-23 12:36 ` Fam Zheng
2 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 14:28 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 2108 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Most filters need permissions related to read and write for their
> children, but only if the node has a parent that wants to use the same
> operation on the filter. The same is true for resize.
>
> This adds a default implementation that simply forwards all necessary
> permissions to all children of the node and leaves the other permissions
> unchanged.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 24 ++++++++++++++++++++++++
> include/block/block_int.h | 8 ++++++++
> 2 files changed, 32 insertions(+)
>
> diff --git a/block.c b/block.c
> index 2a86781..523cbd3 100644
> --- a/block.c
> +++ b/block.c
> @@ -1531,6 +1531,30 @@ int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
> return 0;
> }
>
> +#define DEFAULT_PERM_PASSTHROUGH (BLK_PERM_CONSISTENT_READ \
> + | BLK_PERM_WRITE \
> + | BLK_PERM_WRITE_UNCHANGED \
> + | BLK_PERM_RESIZE)
> +#define DEFAULT_PERM_UNCHANGED (BLK_PERM_ALL & ~DEFAULT_PERM_PASSTHROUGH)
> +
> +void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
> + const BdrvChildRole *role,
> + uint64_t perm, uint64_t shared,
> + uint64_t *nperm, uint64_t *nshared)
> +{
> + if (c == NULL) {
> + *nperm = 0;
> + *nshared = BLK_PERM_ALL;
On second thought, I don't understand this. Why isn't this
*nperm = perm & DEFAULT_PERM_PASSTHROUGH;
*nshared = shared & DEFAULT_PERM_PASSTHROUGH;
?
Max
> + return;
> + }
> +
> + *nperm = (perm & DEFAULT_PERM_PASSTHROUGH) |
> + (c->perm & DEFAULT_PERM_UNCHANGED);
> + *nshared = (shared & DEFAULT_PERM_PASSTHROUGH) |
> + (c->shared_perm & DEFAULT_PERM_UNCHANGED);
> +}
> +
> +
> static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
> {
> BlockDriverState *old_bs = child->bs;
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 22/54] block: Request real permissions in bdrv_attach_child()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 22/54] block: Request real permissions in bdrv_attach_child() Kevin Wolf
2017-02-22 14:24 ` Max Reitz
@ 2017-02-22 14:31 ` Max Reitz
2017-02-27 14:10 ` Kevin Wolf
1 sibling, 1 reply; 131+ messages in thread
From: Max Reitz @ 2017-02-22 14:31 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 1434 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Now that all block drivers with children tell us what permissions they
> need from each of their children, bdrv_attach_child() can use this
> information and make the right requirements while trying to attach new
> children.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/block.c b/block.c
> index 1c5f211..054e6f0 100644
> --- a/block.c
> +++ b/block.c
> @@ -1659,10 +1659,14 @@ BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs,
> Error **errp)
> {
> BdrvChild *child;
> + uint64_t perm, shared_perm;
> +
> + assert(parent_bs->drv);
> + parent_bs->drv->bdrv_child_perm(parent_bs, NULL, child_role,
> + 0, BLK_PERM_ALL, &perm, &shared_perm);
Another Second Thought™: Why do we request no permissions for the new
child here? Seems weird to me. Shouldn't the caller specify the
necessary permissions and what can be shared?
Max
>
> - /* FIXME Use real permissions */
> child = bdrv_root_attach_child(child_bs, child_name, child_role,
> - 0, BLK_PERM_ALL, parent_bs, errp);
> + perm, shared_perm, parent_bs, errp);
> if (child == NULL) {
> return NULL;
> }
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 23/54] block: Add permissions to BlockBackend
2017-02-21 14:58 ` [Qemu-devel] [PATCH 23/54] block: Add permissions to BlockBackend Kevin Wolf
@ 2017-02-22 14:32 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 14:32 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 560 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> The BlockBackend can now store the permissions that its user requires.
> This is necessary because nodes can be ejected from or inserted into a
> BlockBackend and all of these operations must make sure that the user
> still gets what it requested initially.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/block-backend.c | 27 +++++++++++++++++++++++++++
> include/sysemu/block-backend.h | 2 ++
> 2 files changed, 29 insertions(+)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 24/54] block: Add permissions to blk_new()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 24/54] block: Add permissions to blk_new() Kevin Wolf
@ 2017-02-22 14:36 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 14:36 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 1634 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> We want every user to be specific about the permissions it needs, so
> we'll pass the initial permissions as parameters to blk_new(). A user
> only needs to call blk_set_perm() if it wants to change the permissions
> after the fact.
>
> The permissions are stored in the BlockBackend and applied whenever a
> BlockDriverState should be attached in blk_insert_bs().
>
> This does not include actually choosing the right set of permissions
> everywhere yet. Instead, the usual FIXME comment is added to each place
> and will be addressed in individual patches.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 2 +-
> block/backup.c | 3 ++-
> block/block-backend.c | 21 ++++++++++++++-------
> block/commit.c | 12 ++++++++----
> block/mirror.c | 3 ++-
> block/qcow2.c | 2 +-
> blockdev.c | 4 ++--
> blockjob.c | 3 ++-
> hmp.c | 3 ++-
> hw/block/fdc.c | 3 ++-
> hw/core/qdev-properties-system.c | 3 ++-
> hw/ide/qdev.c | 3 ++-
> hw/scsi/scsi-disk.c | 3 ++-
> include/sysemu/block-backend.h | 2 +-
> migration/block.c | 3 ++-
> nbd/server.c | 3 ++-
> tests/test-blockjob.c | 3 ++-
> tests/test-throttle.c | 7 ++++---
> 18 files changed, 53 insertions(+), 30 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 25/54] block: Add error parameter to blk_insert_bs()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 25/54] block: Add error parameter to blk_insert_bs() Kevin Wolf
@ 2017-02-22 14:42 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 14:42 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 1102 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Now that blk_insert_bs() requests the BlockBackend permissions for the
> node it attaches to, it can fail. Instead of aborting, pass the errors
> to the callers.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 5 ++++-
> block/backup.c | 5 ++++-
> block/block-backend.c | 13 ++++++++-----
> block/commit.c | 38 ++++++++++++++++++++++++++++++--------
> block/mirror.c | 15 ++++++++++++---
> block/qcow2.c | 10 ++++++++--
> blockdev.c | 11 +++++++++--
> blockjob.c | 7 ++++++-
> hmp.c | 6 +++++-
> hw/core/qdev-properties-system.c | 7 ++++++-
> include/sysemu/block-backend.h | 2 +-
> migration/block.c | 2 +-
> nbd/server.c | 6 +++++-
> tests/test-blockjob.c | 2 +-
> 14 files changed, 100 insertions(+), 29 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 26/54] block: Add BDRV_O_RESIZE for blk_new_open()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 26/54] block: Add BDRV_O_RESIZE for blk_new_open() Kevin Wolf
@ 2017-02-22 14:51 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 14:51 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 1485 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> blk_new_open() is a convenience function that processes flags rather
> than QDict options as a simple way to just open an image file.
>
> In order to keep it convenient in the future, it must automatically
> request the necessary permissions. This can easily be inferred from the
> flags for read and write, but we need another flag that tells us whether
> to get the resize permission.
>
> We can't just always request it because that means that no block jobs
> can run on the resulting BlockBackend (which is something that e.g.
> qemu-img commit wants to do), but we also can't request it never because
> most of the .bdrv_create() implementations call blk_truncate().
>
> The solution is to introduce another flag that is passed by all users
> that want to resize the image.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/parallels.c | 3 ++-
> block/qcow.c | 3 ++-
> block/qcow2.c | 3 ++-
> block/qed.c | 3 ++-
> block/vdi.c | 3 ++-
> block/vhdx.c | 3 ++-
> block/vmdk.c | 6 ++++--
> block/vpc.c | 3 ++-
> include/block/block.h | 1 +
> qemu-img.c | 2 +-
> 10 files changed, 20 insertions(+), 10 deletions(-)
Shouldn't writes beyond EOF with allow_write_beyond_eof count as a
resize, too? Then there would be one more place in qcow2.c and one in
sheepdog.c which require BDRV_O_RESIZE.
Max
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 27/54] block: Request real permissions in blk_new_open()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 27/54] block: Request real permissions in blk_new_open() Kevin Wolf
@ 2017-02-22 14:52 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-22 14:52 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 343 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> We can figure out the necessary permissions from the flags that the
> caller passed.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/block-backend.c | 22 +++++++++++++++++++---
> 1 file changed, 19 insertions(+), 3 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 02/54] qcow2: Use BB for resizing in qcow2_amend_options()
2017-02-21 14:57 ` [Qemu-devel] [PATCH 02/54] qcow2: Use BB for resizing in qcow2_amend_options() Kevin Wolf
2017-02-22 12:28 ` Max Reitz
@ 2017-02-22 15:53 ` Eric Blake
1 sibling, 0 replies; 131+ messages in thread
From: Eric Blake @ 2017-02-22 15:53 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel, mreitz
[-- Attachment #1: Type: text/plain, Size: 503 bytes --]
On 02/21/2017 08:57 AM, Kevin Wolf wrote:
> In order to able to conver bdrv_truncate() to take a BdrvChild and
s/conver/convert/
> later to correctly check the resize permission here, we need to use a
> BlockBackend for resizing the image.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/qcow2.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 03/54] mirror: Resize active commit base in mirror_run()
2017-02-21 14:57 ` [Qemu-devel] [PATCH 03/54] mirror: Resize active commit base in mirror_run() Kevin Wolf
2017-02-22 12:34 ` Max Reitz
@ 2017-02-23 11:31 ` Fam Zheng
1 sibling, 0 replies; 131+ messages in thread
From: Fam Zheng @ 2017-02-23 11:31 UTC (permalink / raw)
To: Kevin Wolf; +Cc: qemu-block, mreitz, jcody, qemu-devel
On Tue, 02/21 15:57, Kevin Wolf wrote:
> diff --git a/block/mirror.c b/block/mirror.c
> index 698a54e..13f793e 100644
> --- a/block/mirror.c
> +++ b/block/mirror.c
> @@ -657,7 +657,28 @@ static void coroutine_fn mirror_run(void *opaque)
> if (s->bdev_length < 0) {
> ret = s->bdev_length;
> goto immediate_exit;
> - } else if (s->bdev_length == 0) {
> + }
> +
> + /* Active commit must resize the base image if its size differs from the
> + * active layer. */
> + if (s->base == blk_bs(s->target)) {
> + int64_t base_length;
> +
> + base_length = blk_getlength(s->target);
> + if (base_length < 0) {
> + ret = base_length;
> + goto immediate_exit;
> + }
> +
> + if (s->bdev_length > base_length) {
> + ret = blk_truncate(s->target, s->bdev_length);
> + if (ret < 0) {
> + goto immediate_exit;
> + }
> + }
> + }
> +
> + if (s->bdev_length == 0) {
> /* Report BLOCK_JOB_READY and wait for complete. */
> block_job_event_ready(&s->common);
> s->synced = true;
This has a slight behavior change of commit job that previously upon resize
failure the job wouldn't start, but now it will, then immediately end with an
error. Not an problem, though.
Fam
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 10/54] vvfat: Use opened node as backing file
2017-02-21 14:58 ` [Qemu-devel] [PATCH 10/54] vvfat: Use opened node as backing file Kevin Wolf
2017-02-22 13:26 ` Max Reitz
@ 2017-02-23 11:49 ` Fam Zheng
2017-02-23 12:25 ` Kevin Wolf
1 sibling, 1 reply; 131+ messages in thread
From: Fam Zheng @ 2017-02-23 11:49 UTC (permalink / raw)
To: Kevin Wolf; +Cc: qemu-block, mreitz, jcody, qemu-devel
On Tue, 02/21 15:58, Kevin Wolf wrote:
> - backing = bdrv_new();
> + backing = bdrv_new_open_driver(&vvfat_write_target, NULL, BDRV_O_ALLOW_RDWR,
> + &error_abort);
> + *(void**) backing->opaque = s;
Could be simply "backing->opaque = s".
> +
> bdrv_set_backing_hd(s->bs, backing);
> bdrv_unref(backing);
>
> - s->bs->backing->bs->drv = &vvfat_write_target;
> - s->bs->backing->bs->opaque = g_new(void *, 1);
> - *(void**)s->bs->backing->bs->opaque = s;
> -
> return 0;
>
> err:
> --
> 1.8.3.1
>
Fam
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 12/54] block: Add op blocker permission constants
2017-02-21 14:58 ` [Qemu-devel] [PATCH 12/54] block: Add op blocker permission constants Kevin Wolf
2017-02-22 13:43 ` Max Reitz
@ 2017-02-23 11:53 ` Fam Zheng
1 sibling, 0 replies; 131+ messages in thread
From: Fam Zheng @ 2017-02-23 11:53 UTC (permalink / raw)
To: Kevin Wolf; +Cc: qemu-block, mreitz, jcody, qemu-devel
On Tue, 02/21 15:58, Kevin Wolf wrote:
> This patch defines the permission categories that will be used by the
> new op blocker system.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> include/block/block.h | 35 +++++++++++++++++++++++++++++++++++
> 1 file changed, 35 insertions(+)
>
> diff --git a/include/block/block.h b/include/block/block.h
> index bde5ebd..ac40c8d 100644
> --- a/include/block/block.h
> +++ b/include/block/block.h
> @@ -187,6 +187,41 @@ typedef enum BlockOpType {
> BLOCK_OP_TYPE_MAX,
> } BlockOpType;
>
> +/* Block node permission constants */
> +enum {
> + /**
> + * A user that has the "permission" of consistent reads is guaranteed that
> + * their view of the contents of the block device is complete and
> + * self-consistent, repesenting the contents of a disk at a specific point.
*representing
> + *
> + * For most block devices (including their backing files) this is true, but
> + * the property cannot be maintained in a few situations like for
> + * intermediate nodes of a commit block job.
> + */
> + BLK_PERM_CONSISTENT_READ = 0x01,
> +
> + /** This permission is required to change the visible disk contents. */
> + BLK_PERM_WRITE = 0x02,
> +
> + /**
> + * This permission (which is weaker than BLK_PERM_WRITE) is both enough and
> + * required for writes to the block node when the caller promises that
> + * this visible disk contents doesn't change.
"contents doesn't" sounds weird to me, but I'm not very sure.
> + */
> + BLK_PERM_WRITE_UNCHANGED = 0x04,
> +
> + /** This permission is required to change the size of a block node. */
> + BLK_PERM_RESIZE = 0x08,
> +
> + /**
> + * This permission is required to change the node that this BdrvChild
> + * points to.
> + */
> + BLK_PERM_GRAPH_MOD = 0x10,
> +
> + BLK_PERM_ALL = 0x1f,
> +};
> +
> /* disk I/O throttling */
> void bdrv_init(void);
> void bdrv_init_with_whitelist(void);
> --
> 1.8.3.1
>
Fam
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 10/54] vvfat: Use opened node as backing file
2017-02-23 11:49 ` Fam Zheng
@ 2017-02-23 12:25 ` Kevin Wolf
2017-02-23 12:45 ` Fam Zheng
0 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-23 12:25 UTC (permalink / raw)
To: Fam Zheng; +Cc: qemu-block, mreitz, jcody, qemu-devel
Am 23.02.2017 um 12:49 hat Fam Zheng geschrieben:
> On Tue, 02/21 15:58, Kevin Wolf wrote:
> > - backing = bdrv_new();
> > + backing = bdrv_new_open_driver(&vvfat_write_target, NULL, BDRV_O_ALLOW_RDWR,
> > + &error_abort);
> > + *(void**) backing->opaque = s;
>
> Could be simply "backing->opaque = s".
That's not semantically the same.
Or if you just mean that vvfat shouldn't be using an implicit
BdrvVVFATState with just one pointer element rather than just directly
assigning the pointer to bs->opaque, that might have been an option, but
vvfat isn't written that way and I don't intend to change it at least in
this specific patch. (If I were to change it, I would probably just use
an explicit BdrvVVFATState, though.)
Kevin
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 16/54] block: Default .bdrv_child_perm() for filter drivers
2017-02-21 14:58 ` [Qemu-devel] [PATCH 16/54] block: Default .bdrv_child_perm() for filter drivers Kevin Wolf
2017-02-22 14:05 ` Max Reitz
2017-02-22 14:28 ` Max Reitz
@ 2017-02-23 12:36 ` Fam Zheng
2 siblings, 0 replies; 131+ messages in thread
From: Fam Zheng @ 2017-02-23 12:36 UTC (permalink / raw)
To: Kevin Wolf; +Cc: qemu-block, mreitz, jcody, qemu-devel
On Tue, 02/21 15:58, Kevin Wolf wrote:
> Most filters need permissions related to read and write for their
> children, but only if the node has a parent that wants to use the same
> operation on the filter. The same is true for resize.
I cannot parse this paragraph, especially the 'but only if' part..
>
> This adds a default implementation that simply forwards all necessary
> permissions to all children of the node and leaves the other permissions
> unchanged.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 24 ++++++++++++++++++++++++
> include/block/block_int.h | 8 ++++++++
> 2 files changed, 32 insertions(+)
>
> diff --git a/block.c b/block.c
> index 2a86781..523cbd3 100644
> --- a/block.c
> +++ b/block.c
> @@ -1531,6 +1531,30 @@ int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
> return 0;
> }
>
> +#define DEFAULT_PERM_PASSTHROUGH (BLK_PERM_CONSISTENT_READ \
> + | BLK_PERM_WRITE \
> + | BLK_PERM_WRITE_UNCHANGED \
> + | BLK_PERM_RESIZE)
> +#define DEFAULT_PERM_UNCHANGED (BLK_PERM_ALL & ~DEFAULT_PERM_PASSTHROUGH)
> +
> +void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
> + const BdrvChildRole *role,
> + uint64_t perm, uint64_t shared,
> + uint64_t *nperm, uint64_t *nshared)
> +{
> + if (c == NULL) {
> + *nperm = 0;
> + *nshared = BLK_PERM_ALL;
> + return;
> + }
> +
> + *nperm = (perm & DEFAULT_PERM_PASSTHROUGH) |
> + (c->perm & DEFAULT_PERM_UNCHANGED);
> + *nshared = (shared & DEFAULT_PERM_PASSTHROUGH) |
> + (c->shared_perm & DEFAULT_PERM_UNCHANGED);
> +}
> +
> +
> static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
> {
> BlockDriverState *old_bs = child->bs;
> diff --git a/include/block/block_int.h b/include/block/block_int.h
> index cef2b6e..17f4c2d 100644
> --- a/include/block/block_int.h
> +++ b/include/block/block_int.h
> @@ -872,6 +872,14 @@ void bdrv_child_abort_perm_update(BdrvChild *c);
> int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
> Error **errp);
>
> +/* Default implementation for BlockDriver.bdrv_child_perm() that can be used by
> + * block filters: Forward CONSISTENT_READ, WRITE, WRITE_UNCHANGED and RESIZE to
> + * all children */
> +void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
> + const BdrvChildRole *role,
> + uint64_t perm, uint64_t shared,
> + uint64_t *nperm, uint64_t *nshared);
> +
>
> const char *bdrv_get_parent_name(const BlockDriverState *bs);
> void blk_dev_change_media_cb(BlockBackend *blk, bool load);
> --
> 1.8.3.1
>
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 10/54] vvfat: Use opened node as backing file
2017-02-23 12:25 ` Kevin Wolf
@ 2017-02-23 12:45 ` Fam Zheng
0 siblings, 0 replies; 131+ messages in thread
From: Fam Zheng @ 2017-02-23 12:45 UTC (permalink / raw)
To: Kevin Wolf; +Cc: qemu-block, mreitz, jcody, qemu-devel
On Thu, 02/23 13:25, Kevin Wolf wrote:
> Am 23.02.2017 um 12:49 hat Fam Zheng geschrieben:
> > On Tue, 02/21 15:58, Kevin Wolf wrote:
> > > - backing = bdrv_new();
> > > + backing = bdrv_new_open_driver(&vvfat_write_target, NULL, BDRV_O_ALLOW_RDWR,
> > > + &error_abort);
> > > + *(void**) backing->opaque = s;
> >
> > Could be simply "backing->opaque = s".
>
> That's not semantically the same.
>
> Or if you just mean that vvfat shouldn't be using an implicit
> BdrvVVFATState with just one pointer element rather than just directly
> assigning the pointer to bs->opaque, that might have been an option, but
> vvfat isn't written that way and I don't intend to change it at least in
> this specific patch. (If I were to change it, I would probably just use
> an explicit BdrvVVFATState, though.)
OK, I see it now. Thanks!
Fam
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 33/54] block: Include details on permission errors in message
2017-02-21 14:58 ` [Qemu-devel] [PATCH 33/54] block: Include details on permission errors in message Kevin Wolf
@ 2017-02-24 8:41 ` Fam Zheng
2017-02-24 13:58 ` Max Reitz
1 sibling, 0 replies; 131+ messages in thread
From: Fam Zheng @ 2017-02-24 8:41 UTC (permalink / raw)
To: Kevin Wolf; +Cc: qemu-block, mreitz, jcody, qemu-devel
On Tue, 02/21 15:58, Kevin Wolf wrote:
> Instead of just telling that there was some conflict, we can be specific
> and tell which permissions were in conflict and which way the conflict
> is.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-----------
> 1 file changed, 56 insertions(+), 11 deletions(-)
>
> diff --git a/block.c b/block.c
> index 19cf3b0..a8a2fa7 100644
> --- a/block.c
> +++ b/block.c
> @@ -1461,6 +1461,43 @@ static void bdrv_update_perm(BlockDriverState *bs)
> bdrv_set_perm(bs, cumulative_perms, cumulative_shared_perms);
> }
>
> +static char *bdrv_child_user(BdrvChild *c)
Poor function name IMHO, maybe bdrv_child_user_desc() or
bdrv_child_owner_desc()?
> +{
> + if (c->role->get_parent_desc) {
> + return c->role->get_parent_desc(c);
> + }
> +
> + return g_strdup("another user");
> +}
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 28/54] block: Allow error return in BlockDevOps.change_media_cb()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 28/54] block: Allow error return in BlockDevOps.change_media_cb() Kevin Wolf
@ 2017-02-24 13:29 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-24 13:29 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 805 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Some devices allow a media change between read-only and read-write
> media. They need to adapt the permissions in their .change_media_cb()
> implementation, which can fail. So add an Error parameter to the
> function.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/block-backend.c | 20 +++++++++++++++-----
> blockdev.c | 19 +++++++++++++++----
> hw/block/fdc.c | 2 +-
> hw/ide/core.c | 2 +-
> hw/scsi/scsi-disk.c | 2 +-
> hw/sd/sd.c | 2 +-
> include/block/block_int.h | 2 +-
> include/sysemu/block-backend.h | 2 +-
> 8 files changed, 36 insertions(+), 15 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 29/54] hw/block: Request permissions
2017-02-21 14:58 ` [Qemu-devel] [PATCH 29/54] hw/block: Request permissions Kevin Wolf
@ 2017-02-24 13:46 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-24 13:46 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 1721 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> This makes all device emulations with a qdev drive property request
> permissions on their BlockBackend. The only thing we block at this point
> is resizing images for some devices that can't support it.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> hw/block/block.c | 22 +++++++++++++++++++++-
> hw/block/fdc.c | 25 +++++++++++++++++++++++--
> hw/block/m25p80.c | 8 ++++++++
> hw/block/nand.c | 7 +++++++
> hw/block/nvme.c | 8 +++++++-
> hw/block/onenand.c | 7 +++++++
> hw/block/pflash_cfi01.c | 18 ++++++++++++------
> hw/block/pflash_cfi02.c | 19 +++++++++++++------
> hw/block/virtio-blk.c | 8 +++++++-
> hw/core/qdev-properties-system.c | 1 -
> hw/ide/qdev.c | 7 +++++--
> hw/nvram/spapr_nvram.c | 8 ++++++++
> hw/scsi/scsi-disk.c | 9 +++++++--
> hw/sd/sd.c | 6 ++++++
> hw/usb/dev-storage.c | 6 +++++-
> include/hw/block/block.h | 3 ++-
> tests/qemu-iotests/051.pc.out | 6 +++---
> 17 files changed, 141 insertions(+), 27 deletions(-)
For all the SCSI disks, shouldn't @resizable be true only if the qdev
type is TYPE_DISK? At least hw/scsi/scsi-disk.c:scsi_realize() looks as
if that is not necessarily the case.
OTOH, I'm not sure how useful the condition in scsi_disk_resize_cb() is
in the first place. In my understanding, the SCSI device should always
be of TYPE_DISK there.
And for IDE devices, @resizable should be true only if the device is not
a CD ROM drive.
Max
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 30/54] hw/block: Introduce share-rw qdev property
2017-02-21 14:58 ` [Qemu-devel] [PATCH 30/54] hw/block: Introduce share-rw qdev property Kevin Wolf
@ 2017-02-24 13:49 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-24 13:49 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 764 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> By default, don't allow another writer for block devices that are
> attached to a guest device. For the cases where this setup is intended
> (e.g. using a cluster filesystem on the disk), the new option can be
> used to allow it.
>
> This change affects only devices using DEFINE_BLOCK_PROPERTIES().
> Devices directly using DEFINE_PROP_DRIVE() still accept writers
> unconditionally.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> hw/block/block.c | 6 ++++--
> include/hw/block/block.h | 4 +++-
> tests/qemu-iotests/172.out | 53 ++++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 60 insertions(+), 3 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 31/54] blockjob: Add permissions to block_job_create()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 31/54] blockjob: Add permissions to block_job_create() Kevin Wolf
@ 2017-02-24 13:50 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-24 13:50 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 671 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> This functions creates a BlockBackend internally, so the block jobs need
> to tell it what they want to do with the BB.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/backup.c | 5 +++--
> block/commit.c | 5 +++--
> block/mirror.c | 5 +++--
> block/stream.c | 5 +++--
> blockjob.c | 6 +++---
> include/block/blockjob_int.h | 4 +++-
> tests/test-blockjob-txn.c | 6 +++---
> tests/test-blockjob.c | 5 +++--
> 8 files changed, 24 insertions(+), 17 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 32/54] block: Add BdrvChildRole.get_parent_desc()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 32/54] block: Add BdrvChildRole.get_parent_desc() Kevin Wolf
@ 2017-02-24 13:56 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-24 13:56 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 594 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> For meaningful error messages in the permission system, we need to get
> some human-readable description of the parent of a BdrvChild.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 9 +++++++++
> block/block-backend.c | 21 +++++++++++++++++++++
> include/block/block_int.h | 6 ++++++
> 3 files changed, 36 insertions(+)
Once more modulo patchew's nagging (I've complained about asterisk
placement already so much it's enough for a lifetime):
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 33/54] block: Include details on permission errors in message
2017-02-21 14:58 ` [Qemu-devel] [PATCH 33/54] block: Include details on permission errors in message Kevin Wolf
2017-02-24 8:41 ` Fam Zheng
@ 2017-02-24 13:58 ` Max Reitz
1 sibling, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-24 13:58 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 441 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Instead of just telling that there was some conflict, we can be specific
> and tell which permissions were in conflict and which way the conflict
> is.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-----------
> 1 file changed, 56 insertions(+), 11 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 34/54] block: Add BdrvChildRole.stay_at_node
2017-02-21 14:58 ` [Qemu-devel] [PATCH 34/54] block: Add BdrvChildRole.stay_at_node Kevin Wolf
@ 2017-02-24 14:00 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-24 14:00 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 580 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> When the parents' child links are updated in bdrv_append() or
> bdrv_replace_in_backing_chain(), this should affect all child links of
> BlockBackends or other nodes, but not on child links held for other
> purposes (like for setting permissions). This patch allows to control
> the behaviour per BdrvChildRole.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 3 +++
> include/block/block_int.h | 4 ++++
> 2 files changed, 7 insertions(+)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 35/54] blockjob: Add permissions to block_job_add_bdrv()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 35/54] blockjob: Add permissions to block_job_add_bdrv() Kevin Wolf
@ 2017-02-24 14:10 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-24 14:10 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 790 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Block jobs don't actually do I/O through the the reference they create
> with block_job_add_bdrv(), but they might want to use the permisssion
> system to express what the block job does to intermediate nodes. This
> adds permissions to block_job_add_bdrv() to provide the means to request
> permissions.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/backup.c | 4 +++-
> block/commit.c | 8 ++++++--
> block/mirror.c | 9 +++++++--
> block/stream.c | 4 +++-
> blockjob.c | 36 ++++++++++++++++++++++++++++++------
> include/block/blockjob.h | 5 ++++-
> 6 files changed, 53 insertions(+), 13 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 00/54] New op blocker system, part 1
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
` (54 preceding siblings ...)
2017-02-21 16:38 ` [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 no-reply
@ 2017-02-24 14:25 ` Kevin Wolf
55 siblings, 0 replies; 131+ messages in thread
From: Kevin Wolf @ 2017-02-24 14:25 UTC (permalink / raw)
To: qemu-block; +Cc: mreitz, jcody, famz, qemu-devel
Am 21.02.2017 um 15:57 hat Kevin Wolf geschrieben:
> This series is the first part of implementing the new op blocker system
> whose design was agreed on quite a while ago, but proved a bit tricky to
> implement in places. There is more work to do to fully replace the old op
> blocker system, but realistically we don't have that much time until the 2.9
> freeze. So let's merge this series to complement the traditional op blockers
> and plan with a second part for the 2.10 timeframe.
>
> The basic idea is that every user of a block node (including things outside the
> block layer that go through a BlockBackend, and also other block nodes that
> hold references to it) has to declare which low-level operations/permissions it
> needs and which operation it allows other users to perform on the same node.
> Depending on these declarations, conflicts are avoided by returning an error
> for attempts to attach a conflicting user to the same node.
>
> After this series, all users request permissions, and hopefully all of the
> permissions they need. For writes and resize, getting the permission first is
> actually enforced with assertions. Asserting it for consistent reads is in
> theory doable, but would mean introducing a request flag that tell us that
> inconsistent reads are okay - and that in all block drivers to recursively
> propagate this flag through the backing chain. It might not be worth it.
>
> As stated above, the series doesn't remove the old op blockers yet, though in
> theory the new op blockers should block everything that needs to be blocked.
> In practice, the read/write/resize blockers should be okay, but
> BLK_PERM_GRAPH_MOD isn't to be taken too seriously at the moment. It isn't
> really applied consistently and doesn't do much useful yet. Making proper use
> of it is left for the part 2 series.
In order to keep the pull request next week at least a bit smaller, I
applied the already reviewed patches 1-11 to the block branch (i.e.
the preparations before the actual op blocker patches start).
Kevin
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 36/54] commit: Use real permissions in commit block job
2017-02-21 14:58 ` [Qemu-devel] [PATCH 36/54] commit: Use real permissions in commit block job Kevin Wolf
@ 2017-02-24 17:29 ` Max Reitz
2017-02-27 18:43 ` Kevin Wolf
0 siblings, 1 reply; 131+ messages in thread
From: Max Reitz @ 2017-02-24 17:29 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 8823 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> This is probably one of the most interesting conversions to the new
> op blocker system because a commit block job intentionally leaves some
> intermediate block nodes in the backing chain that aren't valid on their
> own any more; only the whole chain together results in a valid view.
>
> In order to provide the 'consistent read' permission to the parents of
> the 'top' node of the commit job, a new filter block driver is inserted
> above 'top' which doesn't require 'consistent read' on its backing
> chain. Subsequently, the commit job can block 'consistent read' on all
> intermediate nodes without causing a conflict.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/commit.c | 108 ++++++++++++++++++++++++++++++++++++++++++++++++---------
> 1 file changed, 91 insertions(+), 17 deletions(-)
>
> diff --git a/block/commit.c b/block/commit.c
> index b69586f..9336237 100644
> --- a/block/commit.c
> +++ b/block/commit.c
> @@ -36,6 +36,7 @@ typedef struct CommitBlockJob {
> BlockJob common;
> RateLimit limit;
> BlockDriverState *active;
> + BlockDriverState *commit_top_bs;
> BlockBackend *top;
> BlockBackend *base;
> BlockdevOnError on_error;
> @@ -83,12 +84,19 @@ static void commit_complete(BlockJob *job, void *opaque)
> BlockDriverState *active = s->active;
> BlockDriverState *top = blk_bs(s->top);
> BlockDriverState *base = blk_bs(s->base);
> - BlockDriverState *overlay_bs = bdrv_find_overlay(active, top);
> + BlockDriverState *overlay_bs = bdrv_find_overlay(active, s->commit_top_bs);
> int ret = data->ret;
> + bool remove_commit_top_bs = false;
>
> if (!block_job_is_cancelled(&s->common) && ret == 0) {
> /* success */
> - ret = bdrv_drop_intermediate(active, top, base, s->backing_file_str);
> + ret = bdrv_drop_intermediate(active, s->commit_top_bs, base,
> + s->backing_file_str);
> + } else if (overlay_bs) {
> + /* XXX Can (or should) we somehow keep 'consistent read' blocked even
> + * after the failed/cancelled commit job is gone? If we already wrote
> + * something to base, the intermediate images aren't valid any more. */
> + remove_commit_top_bs = true;
> }
>
> /* restore base open flags here if appropriate (e.g., change the base back
> @@ -105,6 +113,13 @@ static void commit_complete(BlockJob *job, void *opaque)
> blk_unref(s->base);
> block_job_completed(&s->common, ret);
> g_free(data);
> +
> + /* If bdrv_drop_intermediate() didn't already do that, remove the commit
> + * filter driver from the backing chain. Do this as the final step so that
> + * the 'consistent read' permission can be granted. */
> + if (remove_commit_top_bs) {
> + bdrv_set_backing_hd(overlay_bs, top);
> + }
> }
>
> static void coroutine_fn commit_run(void *opaque)
> @@ -208,6 +223,34 @@ static const BlockJobDriver commit_job_driver = {
> .start = commit_run,
> };
>
> +static int coroutine_fn bdrv_commit_top_preadv(BlockDriverState *bs,
> + uint64_t offset, uint64_t bytes, QEMUIOVector *qiov, int flags)
> +{
> + return bdrv_co_preadv(bs->backing, offset, bytes, qiov, flags);
> +}
> +
> +static void bdrv_commit_top_close(BlockDriverState *bs)
> +{
> +}
> +
> +static void bdrv_commit_top_child_perm(BlockDriverState *bs, BdrvChild *c,
> + const BdrvChildRole *role,
> + uint64_t perm, uint64_t shared,
> + uint64_t *nperm, uint64_t *nshared)
> +{
> + *nperm = 0;
> + *nshared = BLK_PERM_ALL;
> +}
> +
> +/* Dummy node that provides consistent read to its users without requiring it
> + * from its backing file and that allows writes on the backing file chain. */
> +static BlockDriver bdrv_commit_top = {
> + .format_name = "commit_top",
> + .bdrv_co_preadv = bdrv_commit_top_preadv,
> + .bdrv_close = bdrv_commit_top_close,
> + .bdrv_child_perm = bdrv_commit_top_child_perm,
> +};
> +
> void commit_start(const char *job_id, BlockDriverState *bs,
> BlockDriverState *base, BlockDriverState *top, int64_t speed,
> BlockdevOnError on_error, const char *backing_file_str,
> @@ -219,6 +262,7 @@ void commit_start(const char *job_id, BlockDriverState *bs,
> int orig_base_flags;
> BlockDriverState *iter;
> BlockDriverState *overlay_bs;
> + BlockDriverState *commit_top_bs = NULL;
> Error *local_err = NULL;
> int ret;
>
> @@ -235,7 +279,6 @@ void commit_start(const char *job_id, BlockDriverState *bs,
> return;
> }
>
> - /* FIXME Use real permissions */
> s = block_job_create(job_id, &commit_job_driver, bs, 0, BLK_PERM_ALL,
> speed, BLOCK_JOB_DEFAULT, NULL, NULL, errp);
> if (!s) {
> @@ -262,34 +305,62 @@ void commit_start(const char *job_id, BlockDriverState *bs,
> }
> }
>
> + /* Insert commit_top block node above top, so we can block consistent read
> + * on the backing chain below it */
> + commit_top_bs = bdrv_new_open_driver(&bdrv_commit_top, NULL, BDRV_O_RDWR,
Why RDWR when the driver only allows reads anyway?
> + errp);
> + if (commit_top_bs == NULL) {
> + goto fail;
> + }
> +
> + bdrv_set_backing_hd(commit_top_bs, top);
> + bdrv_set_backing_hd(overlay_bs, commit_top_bs);
> +
> + s->commit_top_bs = commit_top_bs;
> + bdrv_unref(commit_top_bs);
>
> /* Block all nodes between top and base, because they will
> * disappear from the chain after this operation. */
> assert(bdrv_chain_contains(top, base));
> - for (iter = top; iter != backing_bs(base); iter = backing_bs(iter)) {
> - /* FIXME Use real permissions */
> - block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
> - BLK_PERM_ALL, &error_abort);
> + for (iter = top; iter != base; iter = backing_bs(iter)) {
> + /* XXX BLK_PERM_WRITE needs to be allowed so we don't block ourselves
> + * at s->base.
As far as I can see, the loop doesn't even touch base, though...?
> The other options would be a second filter driver above
> + * s->base. */
> + ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
Don't we need CONSISTENT_READ at least for top?
> + BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE,
> + errp);
> + if (ret < 0) {
> + goto fail;
> + }
> }
> +
> + ret = block_job_add_bdrv(&s->common, "base", base, 0, BLK_PERM_ALL, errp);
> + if (ret < 0) {
> + goto fail;
> + }
> +
> /* overlay_bs must be blocked because it needs to be modified to
> - * update the backing image string, but if it's the root node then
> - * don't block it again */
> - if (bs != overlay_bs) {
> - /* FIXME Use real permissions */
> - block_job_add_bdrv(&s->common, "overlay of top", overlay_bs, 0,
> - BLK_PERM_ALL, &error_abort);
> + * update the backing image string. */
> + ret = block_job_add_bdrv(&s->common, "overlay of top", overlay_bs,
> + BLK_PERM_GRAPH_MOD, BLK_PERM_ALL, errp);
> + if (ret < 0) {
> + goto fail;
> }
>
> - /* FIXME Use real permissions */
> - s->base = blk_new(0, BLK_PERM_ALL);
> + s->base = blk_new(BLK_PERM_CONSISTENT_READ
Do we actually need CONSISTENT_READ for the base?
Max
> + | BLK_PERM_WRITE
> + | BLK_PERM_RESIZE,
> + BLK_PERM_CONSISTENT_READ
> + | BLK_PERM_GRAPH_MOD
> + | BLK_PERM_WRITE_UNCHANGED);
> ret = blk_insert_bs(s->base, base, errp);
> if (ret < 0) {
> goto fail;
> }
>
> - /* FIXME Use real permissions */
> + /* Required permissions are already taken with block_job_add_bdrv() */
> s->top = blk_new(0, BLK_PERM_ALL);
> - ret = blk_insert_bs(s->top, top, errp);
> + blk_insert_bs(s->top, top, errp);
> if (ret < 0) {
> goto fail;
> }
> @@ -314,6 +385,9 @@ fail:
> if (s->top) {
> blk_unref(s->top);
> }
> + if (commit_top_bs) {
> + bdrv_set_backing_hd(overlay_bs, top);
> + }
> block_job_unref(&s->common);
> }
>
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 18/54] block: Default .bdrv_child_perm() for format drivers
2017-02-21 14:58 ` [Qemu-devel] [PATCH 18/54] block: Default .bdrv_child_perm() for format drivers Kevin Wolf
2017-02-22 14:08 ` Max Reitz
@ 2017-02-25 11:57 ` Max Reitz
2017-02-27 12:33 ` Kevin Wolf
1 sibling, 1 reply; 131+ messages in thread
From: Max Reitz @ 2017-02-25 11:57 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 4146 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Almost all format drivers have the same characteristics as far as
> permissions are concerned: They have one or more children for storing
> their own data and, more importantly, metadata (can be written to and
> grow even without external write requests, must be protected against
> other writers and present consistent data) and optionally a backing file
> (this is just data, so like for a filter, it only depends on what the
> parent nodes need).
>
> This provides a default implementation that can be shared by most of
> our format drivers.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 42 ++++++++++++++++++++++++++++++++++++++++++
> include/block/block_int.h | 8 ++++++++
> 2 files changed, 50 insertions(+)
>
> diff --git a/block.c b/block.c
> index 523cbd3..f2e7178 100644
> --- a/block.c
> +++ b/block.c
> @@ -1554,6 +1554,48 @@ void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
> (c->shared_perm & DEFAULT_PERM_UNCHANGED);
> }
>
> +void bdrv_format_default_perms(BlockDriverState *bs, BdrvChild *c,
> + const BdrvChildRole *role,
> + uint64_t perm, uint64_t shared,
> + uint64_t *nperm, uint64_t *nshared)
> +{
> + bool backing = (role == &child_backing);
> + assert(role == &child_backing || role == &child_file);
> +
> + if (!backing) {
> + /* Apart from the modifications below, the same permissions are
> + * forwarded and left alone as for filters */
> + bdrv_filter_default_perms(bs, c, role, perm, shared, &perm, &shared);
> +
> + /* Format drivers may touch metadata even if the guest doesn't write */
> + if (!bdrv_is_read_only(bs)) {
> + perm |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
> + }
> +
> + /* bs->file always needs to be consistent because of the metadata. We
> + * can never allow other users to resize or write to it. */
> + perm |= BLK_PERM_CONSISTENT_READ;
> + shared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
> + } else {
> + /* We want consistent read from backing files if the parent needs it.
> + * No other operations are performed on backing files. */
> + perm &= BLK_PERM_CONSISTENT_READ;
> +
> + /* If the parent can deal with changing data, we're okay with a
> + * writable and resizable backing file. */
> + if (shared & BLK_PERM_WRITE) {
> + shared = BLK_PERM_WRITE | BLK_PERM_RESIZE;
Wouldn't this break CONSISTENT_READ?
Max
> + } else {
> + shared = 0;
> + }
> +
> + shared |= BLK_PERM_CONSISTENT_READ | BLK_PERM_GRAPH_MOD |
> + BLK_PERM_WRITE_UNCHANGED;
> + }
> +
> + *nperm = perm;
> + *nshared = shared;
> +}
>
> static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs)
> {
> diff --git a/include/block/block_int.h b/include/block/block_int.h
> index 17f4c2d..eb0598e 100644
> --- a/include/block/block_int.h
> +++ b/include/block/block_int.h
> @@ -880,6 +880,14 @@ void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
> uint64_t perm, uint64_t shared,
> uint64_t *nperm, uint64_t *nshared);
>
> +/* Default implementation for BlockDriver.bdrv_child_perm() that can be used by
> + * (non-raw) image formats: Like above for bs->backing, but for bs->file it
> + * requires WRITE | RESIZE for read-write images, always requires
> + * CONSISTENT_READ and doesn't share WRITE. */
> +void bdrv_format_default_perms(BlockDriverState *bs, BdrvChild *c,
> + const BdrvChildRole *role,
> + uint64_t perm, uint64_t shared,
> + uint64_t *nperm, uint64_t *nshared);
>
> const char *bdrv_get_parent_name(const BlockDriverState *bs);
> void blk_dev_change_media_cb(BlockBackend *blk, bool load);
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 37/54] commit: Use real permissions for HMP 'commit'
2017-02-21 14:58 ` [Qemu-devel] [PATCH 37/54] commit: Use real permissions for HMP 'commit' Kevin Wolf
@ 2017-02-25 11:58 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 11:58 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 434 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> This is a little simpler than the commit block job because it's
> synchronous and only commits into the immediate backing file, but
> otherwise doing more or less the same.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/commit.c | 31 ++++++++++++++++++++++++++-----
> 1 file changed, 26 insertions(+), 5 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 38/54] backup: Use real permissions in backup block job
2017-02-21 14:58 ` [Qemu-devel] [PATCH 38/54] backup: Use real permissions in backup block job Kevin Wolf
@ 2017-02-25 12:06 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 12:06 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 951 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> The backup block job doesn't have very complicated requirements: It
> needs to read from the source and write to the target, but it's fine
> with either side being changed. The only restriction is that we can't
> resize the image because the job uses a cached value.
>
> qemu-iotests 055 needs to be changed because it used a target which was
> already attached to a virtio-blk device. The permission system correctly
> forbids this (virtio-blk can't accept another writer with its default
> share-rw=off).
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/backup.c | 15 ++++++++++-----
> tests/qemu-iotests/055 | 11 +++++++----
> 2 files changed, 17 insertions(+), 9 deletions(-)
Not sure how much sense it makes to allow other writers on the target
node, but it's not as if the backup block job itself would care:
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 39/54] block: Fix pending requests check in bdrv_append()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 39/54] block: Fix pending requests check in bdrv_append() Kevin Wolf
@ 2017-02-25 12:15 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 12:15 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 476 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> bdrv_append() cares about isolation of the node that it modifies, but
> not about activity in some subtree below it. Instead of using the
> recursive bdrv_requests_pending(), directly check bs->in_flight, which
> considers only the node in question.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 40/54] block: BdrvChildRole.attach/detach() callbacks
2017-02-21 14:58 ` [Qemu-devel] [PATCH 40/54] block: BdrvChildRole.attach/detach() callbacks Kevin Wolf
@ 2017-02-25 12:29 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 12:29 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 911 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Backing files are somewhat special compared to other kinds of children
> because they are attached and detached using bdrv_set_backing_hd()
> rather than the normal set of functions, which does a few more things
> like setting backing blockers, toggling the BDRV_O_NO_BACKING flag,
> setting parent_bs->backing_file, etc.
>
> These special features are a reason why change_parent_backing_link()
> can't handle backing files yet. With abstracting the additional features
> into .attach/.detach callbacks, we get a step closer to a function that
> can actually deal with this.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 94 +++++++++++++++++++++++++++++------------------
> include/block/block_int.h | 3 ++
> 2 files changed, 62 insertions(+), 35 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 41/54] block: Allow backing file links in change_parent_backing_link()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 41/54] block: Allow backing file links in change_parent_backing_link() Kevin Wolf
@ 2017-02-25 12:33 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 12:33 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 403 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Now that the backing file child role implements .attach/.detach
> callbacks, nothing prevents us from modifying the graph even if that
> involves changing backing file links.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 42/54] mirror: Use real permissions in mirror/active commit block job
2017-02-21 14:58 ` [Qemu-devel] [PATCH 42/54] mirror: Use real permissions in mirror/active commit block job Kevin Wolf
@ 2017-02-25 13:49 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 13:49 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 18287 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> The mirror block job is mainly used for two different scenarios:
> Mirroring to an otherwise unused, independent target node, or for active
> commit where the target node is part of the backing chain of the source.
>
> Similarly to the commit block job patch, we need to insert a new filter
> node to keep the permissions correct during active commit.
>
> Note that one change this implies is that job->blk points to
> mirror_top_bs as its root now, and mirror_top_bs (rather than the actual
> source node) contains the bs->job pointer. This requires qemu-img commit
> to get the job by name now rather than just taking bs->job.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/mirror.c | 161 +++++++++++++++++++++++++++++++++++++--------
> qemu-img.c | 6 +-
> tests/qemu-iotests/141 | 2 +-
> tests/qemu-iotests/141.out | 4 +-
> 4 files changed, 143 insertions(+), 30 deletions(-)
>
> diff --git a/block/mirror.c b/block/mirror.c
> index 767b7e7..252107d 100644
> --- a/block/mirror.c
> +++ b/block/mirror.c
> @@ -38,7 +38,10 @@ typedef struct MirrorBlockJob {
> BlockJob common;
> RateLimit limit;
> BlockBackend *target;
> + BlockDriverState *mirror_top_bs;
> + BlockDriverState *source;
> BlockDriverState *base;
> +
> /* The name of the graph node to replace */
> char *replaces;
> /* The BDS to replace */
> @@ -325,7 +328,7 @@ static void mirror_do_zero_or_discard(MirrorBlockJob *s,
>
> static uint64_t coroutine_fn mirror_iteration(MirrorBlockJob *s)
> {
> - BlockDriverState *source = blk_bs(s->common.blk);
> + BlockDriverState *source = s->source;
> int64_t sector_num, first_chunk;
> uint64_t delay_ns = 0;
> /* At least the first dirty chunk is mirrored in one iteration. */
> @@ -495,12 +498,14 @@ static void mirror_exit(BlockJob *job, void *opaque)
> MirrorBlockJob *s = container_of(job, MirrorBlockJob, common);
> MirrorExitData *data = opaque;
> AioContext *replace_aio_context = NULL;
> - BlockDriverState *src = blk_bs(s->common.blk);
> + BlockDriverState *src = s->source;
> BlockDriverState *target_bs = blk_bs(s->target);
> + BlockDriverState *mirror_top_bs = s->mirror_top_bs;
>
> /* Make sure that the source BDS doesn't go away before we called
> * block_job_completed(). */
> bdrv_ref(src);
> + bdrv_ref(mirror_top_bs);
>
> if (s->to_replace) {
> replace_aio_context = bdrv_get_aio_context(s->to_replace);
> @@ -522,13 +527,6 @@ static void mirror_exit(BlockJob *job, void *opaque)
> bdrv_drained_begin(target_bs);
> bdrv_replace_in_backing_chain(to_replace, target_bs);
> bdrv_drained_end(target_bs);
> -
> - /* We just changed the BDS the job BB refers to, so switch the BB back
> - * so the cleanup does the right thing. We don't need any permissions
> - * any more now. */
> - blk_remove_bs(job->blk);
> - blk_set_perm(job->blk, 0, BLK_PERM_ALL, &error_abort);
> - blk_insert_bs(job->blk, src, &error_abort);
> }
> if (s->to_replace) {
> bdrv_op_unblock_all(s->to_replace, s->replace_blocker);
> @@ -541,9 +539,23 @@ static void mirror_exit(BlockJob *job, void *opaque)
> g_free(s->replaces);
> blk_unref(s->target);
> s->target = NULL;
> +
> + /* Remove the mirror filter driver from the graph */
> + bdrv_replace_in_backing_chain(mirror_top_bs, backing_bs(mirror_top_bs));
> +
> + /* We just changed the BDS the job BB refers to (with either or both of the
> + * bdrv_replace_in_backing_chain() calls), so switch the BB back so the
> + * cleanup does the right thing. We don't need any permissions any more
> + * now. */
> + blk_remove_bs(job->blk);
> + blk_set_perm(job->blk, 0, BLK_PERM_ALL, &error_abort);
> + blk_insert_bs(job->blk, mirror_top_bs, &error_abort);
> +
> block_job_completed(&s->common, data->ret);
> +
> g_free(data);
> bdrv_drained_end(src);
> + bdrv_unref(mirror_top_bs);
> bdrv_unref(src);
> }
>
> @@ -563,7 +575,7 @@ static int coroutine_fn mirror_dirty_init(MirrorBlockJob *s)
> {
> int64_t sector_num, end;
> BlockDriverState *base = s->base;
> - BlockDriverState *bs = blk_bs(s->common.blk);
> + BlockDriverState *bs = s->source;
> BlockDriverState *target_bs = blk_bs(s->target);
> int ret, n;
>
> @@ -642,7 +654,7 @@ static void coroutine_fn mirror_run(void *opaque)
> {
> MirrorBlockJob *s = opaque;
> MirrorExitData *data;
> - BlockDriverState *bs = blk_bs(s->common.blk);
> + BlockDriverState *bs = s->source;
> BlockDriverState *target_bs = blk_bs(s->target);
> bool need_drain = true;
> int64_t length;
> @@ -876,7 +888,7 @@ static void mirror_complete(BlockJob *job, Error **errp)
> MirrorBlockJob *s = container_of(job, MirrorBlockJob, common);
> BlockDriverState *src, *target;
>
> - src = blk_bs(job->blk);
> + src = s->source;
> target = blk_bs(s->target);
>
> if (!s->synced) {
> @@ -908,6 +920,10 @@ static void mirror_complete(BlockJob *job, Error **errp)
> replace_aio_context = bdrv_get_aio_context(s->to_replace);
> aio_context_acquire(replace_aio_context);
>
> + /* TODO Translate this into permission system. Current definition of
> + * GRAPH_MOD would require to request it for the parents; they might
> + * not even be BlockDriverStates, however, so a BdrvChild can't address
> + * them. May need redefinition of GRAPH_MOD. */
> error_setg(&s->replace_blocker,
> "block device is in use by block-job-complete");
> bdrv_op_block_all(s->to_replace, s->replace_blocker);
> @@ -978,6 +994,46 @@ static const BlockJobDriver commit_active_job_driver = {
> .drain = mirror_drain,
> };
>
> +static int coroutine_fn bdrv_mirror_top_preadv(BlockDriverState *bs,
> + uint64_t offset, uint64_t bytes, QEMUIOVector *qiov, int flags)
> +{
> + return bdrv_co_preadv(bs->backing, offset, bytes, qiov, flags);
> +}
> +
> +static int coroutine_fn bdrv_mirror_top_pwritev(BlockDriverState *bs,
> + uint64_t offset, uint64_t bytes, QEMUIOVector *qiov, int flags)
> +{
> + return bdrv_co_pwritev(bs->backing, offset, bytes, qiov, flags);
> +}
> +
> +static void bdrv_mirror_top_close(BlockDriverState *bs)
> +{
> +}
> +
> +static void bdrv_mirror_top_child_perm(BlockDriverState *bs, BdrvChild *c,
> + const BdrvChildRole *role,
> + uint64_t perm, uint64_t shared,
> + uint64_t *nperm, uint64_t *nshared)
> +{
> + /* Must be able to forward guest writes to the real image */
> + *nperm = 0;
> + if (perm & BLK_PERM_WRITE) {
> + *nperm |= BLK_PERM_WRITE;
> + }
> +
> + *nshared = BLK_PERM_ALL;
> +}
> +
> +/* Dummy node that provides consistent read to its users without requiring it
> + * from its backing file and that allows writes on the backing file chain. */
> +static BlockDriver bdrv_mirror_top = {
> + .format_name = "mirror_top",
> + .bdrv_co_preadv = bdrv_mirror_top_preadv,
> + .bdrv_co_pwritev = bdrv_mirror_top_pwritev,
Some comments about these stub drivers (which also apply to the one for
commit):
First, what about flush, write_zeroes, discard, and get_block_status?
Second, not implementing bdrv_refresh_filename(), having no "file"
child, and not having the child node's options in the BDS's options
results in an empty filename when queried via query-block. Reasonable in
theory, but are you sure this won't break something?
Third, having a "backing" but not "file" child seems like a bad idea to
me. It makes sense in this context, but I thought that we somehow
arrived at the conclusion that implicit nodes should always have a
"file" node that tools can fall through to if they don't recognize some
node.
In any case, the gist of 2 and 3 is that this changes the query-block
output. I'm not sure how bad it is, but intuitively it doesn't seem to
be a change we should do lightheartedly.
> + .bdrv_close = bdrv_mirror_top_close,
> + .bdrv_child_perm = bdrv_mirror_top_child_perm,
> +};
> +
> static void mirror_start_job(const char *job_id, BlockDriverState *bs,
> int creation_flags, BlockDriverState *target,
> const char *replaces, int64_t speed,
> @@ -993,6 +1049,9 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
> bool auto_complete)
> {
> MirrorBlockJob *s;
> + BlockDriverState *mirror_top_bs;
> + bool target_graph_mod;
> + bool target_is_backing;
> int ret;
>
> if (granularity == 0) {
> @@ -1010,20 +1069,54 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
> buf_size = DEFAULT_MIRROR_BUF_SIZE;
> }
>
> - /* FIXME Use real permissions */
> - s = block_job_create(job_id, driver, bs, 0, BLK_PERM_ALL, speed,
> + /* In the case of active commit, add dummy driver to provide consistent
> + * reads on the top, while disabling it in the intermediate nodes */
Isn't it much more important that this node (just as the one for the
commit job) makes all of the backing chain writable?
It has taken me quite some time (longer than it should have) to figure
that out, actually.
> + mirror_top_bs = bdrv_new_open_driver(&bdrv_mirror_top, NULL, BDRV_O_RDWR,
> + errp);
> + if (mirror_top_bs == NULL) {
> + return;
> + }
> + mirror_top_bs->total_sectors = bs->total_sectors;
> +
> + /* bdrv_append takes ownership of the mirror_top_bs reference, need to keep
> + * it alive until block_job_create() even if bs has no parent. */
> + bdrv_ref(mirror_top_bs);
> + bdrv_drained_begin(bs);
> + bdrv_append(mirror_top_bs, bs);
> + bdrv_drained_end(bs);
> +
> + /* Make sure that the source is not resized while the job is running */
> + s = block_job_create(job_id, driver, mirror_top_bs,
> + BLK_PERM_CONSISTENT_READ,
> + BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE_UNCHANGED |
> + BLK_PERM_WRITE | BLK_PERM_GRAPH_MOD, speed,
> creation_flags, cb, opaque, errp);
> + bdrv_unref(mirror_top_bs);
> if (!s) {
> - return;
> + goto fail;
> }
> -
> - /* FIXME Use real permissions */
> - s->target = blk_new(0, BLK_PERM_ALL);
> + s->source = bs;
> + s->mirror_top_bs = mirror_top_bs;
> +
> + /* No resize for the target either; while the mirror is still running, a
> + * consistent read isn't necessarily possible. We could possibly allow
> + * writes and graph modifications, though it would likely defeat the
> + * purpose of a mirror, so leave them blocked for now.
> + *
> + * In the case of active commit, things look a bit different, though,
> + * because the target is an already populated backing file in active use.
> + * We can allow anything ecept resize there.*/
*except
Also, I think that a full mirror allows CONSISTENT_READ if active commit
does, too.
> + target_is_backing = bdrv_chain_contains(bs, target);
> + target_graph_mod = (backing_mode != MIRROR_LEAVE_BACKING_CHAIN);
> + s->target = blk_new(BLK_PERM_WRITE | BLK_PERM_RESIZE |
> + (target_graph_mod ? BLK_PERM_GRAPH_MOD : 0),
> + BLK_PERM_WRITE_UNCHANGED |
> + (target_is_backing ? BLK_PERM_CONSISTENT_READ |
> + BLK_PERM_WRITE |
> + BLK_PERM_GRAPH_MOD : 0));
> ret = blk_insert_bs(s->target, target, errp);
> if (ret < 0) {
> - blk_unref(s->target);
> - block_job_unref(&s->common);
> - return;
> + goto fail;
> }
>
> s->replaces = g_strdup(replaces);
> @@ -1047,23 +1140,39 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
> return;
> }
>
> - /* FIXME Use real permissions */
> + /* Required permissions are already taken with blk_new() */
> block_job_add_bdrv(&s->common, "target", target, 0, BLK_PERM_ALL,
> &error_abort);
>
> /* In commit_active_start() all intermediate nodes disappear, so
> * any jobs in them must be blocked */
> - if (bdrv_chain_contains(bs, target)) {
> + if (target_is_backing) {
> BlockDriverState *iter;
> for (iter = backing_bs(bs); iter != target; iter = backing_bs(iter)) {
> - /* FIXME Use real permissions */
> - block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
> - BLK_PERM_ALL, &error_abort);
> + /* XXX BLK_PERM_WRITE needs to be allowed so we don't block ourselves
> + * at s->base. The other options would be a second filter driver above
> + * s->base. */
I think it's rather about target than s->base here (probably equivalent
in the case of active commit, but well).
> + ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
> + BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE,
> + errp);
OK, now I got why you need to allow writes even though you don't even
touch target itself. Again, it has taken me quite some time to figure
out that
(a) bdrv_format_default_perms() will block writes on backing BDS if the
overlay does not allow shared writes,
(b) Therefore, the base cannot be written to if something in the chain
above it blocks shared writes, and
(c) You insert the new node above the backing chain to break that
recursion and allow writes on the chain from that point on.
A comment about (c) might have made this easier.
Max
> + if (ret < 0) {
> + goto fail;
> + }
> }
> }
>
> trace_mirror_start(bs, s, opaque);
> block_job_start(&s->common);
> + return;
> +
> +fail:
> + if (s) {
> + g_free(s->replaces);
> + blk_unref(s->target);
> + block_job_unref(&s->common);
> + }
> +
> + bdrv_replace_in_backing_chain(mirror_top_bs, backing_bs(mirror_top_bs));
> }
>
> void mirror_start(const char *job_id, BlockDriverState *bs,
> diff --git a/qemu-img.c b/qemu-img.c
> index 8d9195e..e20830f 100644
> --- a/qemu-img.c
> +++ b/qemu-img.c
> @@ -795,6 +795,8 @@ static void run_block_job(BlockJob *job, Error **errp)
> {
> AioContext *aio_context = blk_get_aio_context(job->blk);
>
> + /* FIXME In error cases, the job simply goes away and we access a dangling
> + * pointer below. */
> aio_context_acquire(aio_context);
> do {
> aio_poll(aio_context, true);
> @@ -816,6 +818,7 @@ static int img_commit(int argc, char **argv)
> const char *filename, *fmt, *cache, *base;
> BlockBackend *blk;
> BlockDriverState *bs, *base_bs;
> + BlockJob *job;
> bool progress = false, quiet = false, drop = false;
> bool writethrough;
> Error *local_err = NULL;
> @@ -951,7 +954,8 @@ static int img_commit(int argc, char **argv)
> bdrv_ref(bs);
> }
>
> - run_block_job(bs->job, &local_err);
> + job = block_job_get("commit");
> + run_block_job(job, &local_err);
> if (local_err) {
> goto unref_backing;
> }
> diff --git a/tests/qemu-iotests/141 b/tests/qemu-iotests/141
> index 3ba79f0..6d8f0a1 100755
> --- a/tests/qemu-iotests/141
> +++ b/tests/qemu-iotests/141
> @@ -67,7 +67,7 @@ test_blockjob()
> _send_qemu_cmd $QEMU_HANDLE \
> "{'execute': 'x-blockdev-del',
> 'arguments': {'node-name': 'drv0'}}" \
> - 'error'
> + 'error' | _filter_generated_node_ids
>
> _send_qemu_cmd $QEMU_HANDLE \
> "{'execute': 'block-job-cancel',
> diff --git a/tests/qemu-iotests/141.out b/tests/qemu-iotests/141.out
> index 195ca1a..82e763b 100644
> --- a/tests/qemu-iotests/141.out
> +++ b/tests/qemu-iotests/141.out
> @@ -20,7 +20,7 @@ Formatting 'TEST_DIR/o.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/t.
> Formatting 'TEST_DIR/o.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/t.IMGFMT backing_fmt=IMGFMT
> {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_READY", "data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "mirror"}}
> {"return": {}}
> -{"error": {"class": "GenericError", "desc": "Node drv0 is in use"}}
> +{"error": {"class": "GenericError", "desc": "Node 'drv0' is busy: node is used as backing hd of 'NODE_NAME'"}}
> {"return": {}}
> {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_COMPLETED", "data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "mirror"}}
> {"return": {}}
> @@ -30,7 +30,7 @@ Formatting 'TEST_DIR/o.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/t.
> {"return": {}}
> {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_READY", "data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "commit"}}
> {"return": {}}
> -{"error": {"class": "GenericError", "desc": "Node drv0 is in use"}}
> +{"error": {"class": "GenericError", "desc": "Node 'drv0' is busy: node is used as backing hd of 'NODE_NAME'"}}
> {"return": {}}
> {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_COMPLETED", "data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "commit"}}
> {"return": {}}
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 43/54] stream: Use real permissions in streaming block job
2017-02-21 14:58 ` [Qemu-devel] [PATCH 43/54] stream: Use real permissions in streaming " Kevin Wolf
@ 2017-02-25 13:58 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 13:58 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 578 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> The correct permissions are relatively obvious here (and explained in
> code comments). For intermediate streaming, we need to reopen the top
> node read-write before creating the job now because the permissions
> system catches attempts to get the BLK_PERM_WRITE_UNCHANGED permission
> on a read-only node.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/stream.c | 37 +++++++++++++++++++++++++------------
> 1 file changed, 25 insertions(+), 12 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 44/54] mirror: Add filter-node-name to blockdev-mirror
2017-02-21 14:58 ` [Qemu-devel] [PATCH 44/54] mirror: Add filter-node-name to blockdev-mirror Kevin Wolf
@ 2017-02-25 14:19 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 14:19 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 1107 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Management tools need to be able to know about every node in the graph
> and need a way to address them. This new option to blockdev-mirror
> allows the client to set a node-name for the automatically inserted
> filter driver, and at the same time serves as a witness that this
> version of qemu does automatically insert a filter driver.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/mirror.c | 14 ++++++++------
> blockdev.c | 12 +++++++++++-
> include/block/block_int.h | 5 ++++-
> qapi/block-core.json | 8 +++++++-
> 4 files changed, 30 insertions(+), 9 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
I'm not so happy about "...serves as a witness..." because that doesn't
make it less of an incompatible change.
However, since (as you know) I had plans to introduce such a filter node
myself anyway, I'll gladly let you take all the git-blame if something
breaks.
(And it should be easy for me to add the mirror target as another child
to the filter node.)
Max
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 45/54] commit: Add filter-node-name to block-commit
2017-02-21 14:58 ` [Qemu-devel] [PATCH 45/54] commit: Add filter-node-name to block-commit Kevin Wolf
@ 2017-02-25 14:37 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 14:37 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 5338 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Management tools need to be able to know about every node in the graph
> and need a way to address them. This new option to block-commit allows
> the client to set a node-name for the automatically inserted filter
> driver, and at the same time serves as a witness that this version of
> qemu does automatically insert a filter driver.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/commit.c | 6 +++---
> block/mirror.c | 3 ++-
> block/replication.c | 2 +-
> blockdev.c | 10 +++++++---
> include/block/block_int.h | 13 ++++++++++---
> qapi/block-core.json | 8 +++++++-
> qemu-img.c | 4 ++--
> 7 files changed, 32 insertions(+), 14 deletions(-)
[...]
> diff --git a/include/block/block_int.h b/include/block/block_int.h
> index 563b30c..a57c0bf 100644
> --- a/include/block/block_int.h
> +++ b/include/block/block_int.h
> @@ -780,13 +780,16 @@ void stream_start(const char *job_id, BlockDriverState *bs,
> * @speed: The maximum speed, in bytes per second, or 0 for unlimited.
> * @on_error: The action to take upon error.
> * @backing_file_str: String to use as the backing file in @top's overlay
> + * @filter_node_name: The node name that should be assigned to the filter
> + * driver that the commit job inserts into the graph above @top. NULL means
> + * that a node name should be autogenerated.
> * @errp: Error object.
> *
> */
> void commit_start(const char *job_id, BlockDriverState *bs,
> BlockDriverState *base, BlockDriverState *top, int64_t speed,
> BlockdevOnError on_error, const char *backing_file_str,
> - Error **errp);
> + const char *filter_node_name, Error **errp);
> /**
> * commit_active_start:
> * @job_id: The id of the newly-created job, or %NULL to use the
> @@ -797,6 +800,9 @@ void commit_start(const char *job_id, BlockDriverState *bs,
> * See @BlockJobCreateFlags
> * @speed: The maximum speed, in bytes per second, or 0 for unlimited.
> * @on_error: The action to take upon error.
> + * @filter_node_name: The node name that should be assigned to the filter
> + * driver that the commit job inserts into the graph above @bs. NULL means that
Maybe s/commit/mirror/, but just maybe.
> + * a node name should be autogenerated.
> * @cb: Completion function for the job.
> * @opaque: Opaque pointer value passed to @cb.
> * @errp: Error object.
> @@ -806,8 +812,9 @@ void commit_start(const char *job_id, BlockDriverState *bs,
> void commit_active_start(const char *job_id, BlockDriverState *bs,
> BlockDriverState *base, int creation_flags,
> int64_t speed, BlockdevOnError on_error,
> - BlockCompletionFunc *cb,
> - void *opaque, Error **errp, bool auto_complete);
> + const char *filter_node_name,
> + BlockCompletionFunc *cb, void *opaque, Error **errp,
> + bool auto_complete);
> /*
> * mirror_start:
> * @job_id: The id of the newly-created job, or %NULL to use the
> diff --git a/qapi/block-core.json b/qapi/block-core.json
> index 893fa34..36d38b9 100644
> --- a/qapi/block-core.json
> +++ b/qapi/block-core.json
> @@ -1304,6 +1304,11 @@
> #
> # @speed: #optional the maximum speed, in bytes per second
> #
> +# @filter-node-name: #optional the node name that should be assigned to the
> +# filter driver that the commit job inserts into the graph
> +# above @device. If this option is not given, a node name is
Above @top, actually.
> +# autogenerated. (Since: 2.9)
> +#
I'm much less enthusiastic about this than about the previous patch.
This is because this node appears to me just to be some kind of a hack
to silence op blockers and it doesn't seem obvious where to go with this.
For mirror, it's obvious. In the future, the mirror filter will get the
target as a second child and then it will actually perform all of the
mirror work and indeed be something useful.
For commit, no such immediate plans exist, as far as I'm aware. Well,
for active commit it's just the same, of course. Maybe we can model
non-active commit in the same way: Place it above @top, keep everything
writable and then add @base as a second child. Then it would actually
make sense and deserve a user-specifiable node name.
OK, now that I actually see a way to make use of the new node, this
patch suddenly looks better to me.
So with s/@device/@top/:
Reviewed-by: Max Reitz <mreitz@redhat.com>
> # Returns: Nothing on success
> # If commit or stream is already active on this device, DeviceInUse
> # If @device does not exist, DeviceNotFound
> @@ -1323,7 +1328,8 @@
> ##
> { 'command': 'block-commit',
> 'data': { '*job-id': 'str', 'device': 'str', '*base': 'str', '*top': 'str',
> - '*backing-file': 'str', '*speed': 'int' } }
> + '*backing-file': 'str', '*speed': 'int',
> + '*filter-node-name': 'str' } }
>
> ##
> # @drive-backup:
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 46/54] hmp: Request permissions in qemu-io
2017-02-21 14:58 ` [Qemu-devel] [PATCH 46/54] hmp: Request permissions in qemu-io Kevin Wolf
@ 2017-02-25 14:46 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 14:46 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 759 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> The HMP command 'qemu-io' is a bit tricky because it wants to work on
> the original BlockBackend, but additional permissions could be required.
> The details are explained in a comment in the code, but in summary, just
> request whatever permissions the current qemu-io command needs.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/block-backend.c | 6 ++++++
> hmp.c | 26 +++++++++++++++++++++++++-
> include/qemu-io.h | 1 +
> include/sysemu/block-backend.h | 1 +
> qemu-io-cmds.c | 28 ++++++++++++++++++++++++++++
> 5 files changed, 61 insertions(+), 1 deletion(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 47/54] migration/block: Use real permissions
2017-02-21 14:58 ` [Qemu-devel] [PATCH 47/54] migration/block: Use real permissions Kevin Wolf
@ 2017-02-25 14:54 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 14:54 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 2880 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Request BLK_PERM_CONSISTENT_READ for the source of block migration, and
> handle potential permission errors as good as we can in this place
> (which is not very good, but it matches the other failure cases).
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> migration/block.c | 21 ++++++++++++++++-----
> 1 file changed, 16 insertions(+), 5 deletions(-)
>
> diff --git a/migration/block.c b/migration/block.c
> index d259936..958d0fc 100644
> --- a/migration/block.c
> +++ b/migration/block.c
> @@ -379,7 +379,7 @@ static void unset_dirty_tracking(void)
> }
> }
>
> -static void init_blk_migration(QEMUFile *f)
> +static int init_blk_migration(QEMUFile *f)
> {
> BlockDriverState *bs;
> BlkMigDevState *bmds;
> @@ -390,6 +390,8 @@ static void init_blk_migration(QEMUFile *f)
> BlkMigDevState *bmds;
> BlockDriverState *bs;
> } *bmds_bs;
> + Error *local_err = NULL;
> + int ret;
>
> block_mig_state.submitted = 0;
> block_mig_state.read_done = 0;
> @@ -411,12 +413,12 @@ static void init_blk_migration(QEMUFile *f)
>
> sectors = bdrv_nb_sectors(bs);
> if (sectors <= 0) {
> + ret = sectors;
> goto out;
> }
>
> bmds = g_new0(BlkMigDevState, 1);
> - /* FIXME Use real permissions */
> - bmds->blk = blk_new(0, BLK_PERM_ALL);
> + bmds->blk = blk_new(BLK_PERM_CONSISTENT_READ, BLK_PERM_ALL);
> bmds->blk_name = g_strdup(bdrv_get_device_name(bs));
> bmds->bulk_completed = 0;
> bmds->total_sectors = sectors;
> @@ -446,7 +448,11 @@ static void init_blk_migration(QEMUFile *f)
> BlockDriverState *bs = bmds_bs[i].bs;
>
> if (bmds) {
> - blk_insert_bs(bmds->blk, bs, &error_abort);
> + ret = blk_insert_bs(bmds->blk, bs, &local_err);
> + if (ret < 0) {
> + error_report_err(local_err);
> + goto out;
> + }
>
> alloc_aio_bitmap(bmds);
> error_setg(&bmds->blocker, "block device is in use by migration");
> @@ -454,8 +460,10 @@ static void init_blk_migration(QEMUFile *f)
> }
> }
>
> + ret = 0;
> out:
> g_free(bmds_bs);
> + return ret;
> }
>
> /* Called with no lock taken. */
> @@ -706,7 +714,10 @@ static int block_save_setup(QEMUFile *f, void *opaque)
> block_mig_state.submitted, block_mig_state.transferred);
>
> qemu_mutex_lock_iothread();
> - init_blk_migration(f);
> + ret = init_blk_migration(f);
> + if (ret < 0) {
What about qemu_mutex_unlock_iothread()?
Max
> + return ret;
> + }
>
> /* start track dirty blocks */
> ret = set_dirty_tracking();
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 48/54] nbd/server: Use real permissions for NBD exports
2017-02-21 14:58 ` [Qemu-devel] [PATCH 48/54] nbd/server: Use real permissions for NBD exports Kevin Wolf
@ 2017-02-25 15:05 ` Max Reitz
2017-02-27 20:09 ` Eric Blake
1 sibling, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 15:05 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 449 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> NBD can't cope with device size changes, so resize must be forbidden,
> but otherwise we can tolerate anything. Depending on whether the export
> is writable or not, we only require consistent reads and writes.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> nbd/server.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 49/54] tests: Remove FIXME comments
2017-02-21 14:58 ` [Qemu-devel] [PATCH 49/54] tests: Remove FIXME comments Kevin Wolf
@ 2017-02-25 15:06 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 15:06 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 435 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Not requesting any permissions is actually correct for these test cases
> because no actual I/O or other operation covered by the permission
> system is performed.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> tests/test-blockjob.c | 2 +-
> tests/test-throttle.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 50/54] block: Pass BdrvChild to bdrv_aligned_preadv/pwritev
2017-02-21 14:58 ` [Qemu-devel] [PATCH 50/54] block: Pass BdrvChild to bdrv_aligned_preadv/pwritev Kevin Wolf
@ 2017-02-25 15:12 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 15:12 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 562 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> This is where we want to check the permissions, so we need to have the
> BdrvChild around where they are stored.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/io.c | 31 +++++++++++++++++--------------
> 1 file changed, 17 insertions(+), 14 deletions(-)
I was about to inquire about bdrv_co_do_pwrite_zeroes() which is called
by bdrv_co_do_copy_on_readv(), but then I saw that you make the latter
take a BdrvChild in the next patch. OK, but I think that change needs to
be here.
Max
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 51/54] block: Assertions for write permissions
2017-02-21 14:58 ` [Qemu-devel] [PATCH 51/54] block: Assertions for write permissions Kevin Wolf
@ 2017-02-25 15:13 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 15:13 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 2316 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> This adds assertions that ensure that the necessary write permissions
> have been granted before someone attempts to write to a node.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/io.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/block/io.c b/block/io.c
> index 63e4400..4c79745 100644
> --- a/block/io.c
> +++ b/block/io.c
> @@ -925,9 +925,11 @@ bdrv_driver_pwritev_compressed(BlockDriverState *bs, uint64_t offset,
> return drv->bdrv_co_pwritev_compressed(bs, offset, bytes, qiov);
> }
>
> -static int coroutine_fn bdrv_co_do_copy_on_readv(BlockDriverState *bs,
> +static int coroutine_fn bdrv_co_do_copy_on_readv(BdrvChild *child,
> int64_t offset, unsigned int bytes, QEMUIOVector *qiov)
> {
> + BlockDriverState *bs = child->bs;
> +
> /* Perform I/O through a temporary buffer so that users who scribble over
> * their read buffer while the operation is in progress do not end up
> * modifying the image file. This is critical for zero-copy guest I/O
As I said, I think this hunk needs to be in the previous patch.
Max
> @@ -943,6 +945,8 @@ static int coroutine_fn bdrv_co_do_copy_on_readv(BlockDriverState *bs,
> size_t skip_bytes;
> int ret;
>
> + assert(child->perm & (BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE));
> +
> /* Cover entire cluster so no additional backing file I/O is required when
> * allocating cluster in the image file.
> */
> @@ -1051,7 +1055,7 @@ static int coroutine_fn bdrv_aligned_preadv(BdrvChild *child,
> }
>
> if (!ret || pnum != nb_sectors) {
> - ret = bdrv_co_do_copy_on_readv(bs, offset, bytes, qiov);
> + ret = bdrv_co_do_copy_on_readv(child, offset, bytes, qiov);
> goto out;
> }
> }
> @@ -1334,6 +1338,7 @@ static int coroutine_fn bdrv_aligned_pwritev(BdrvChild *child,
> assert(!waited || !req->serialising);
> assert(req->overlap_offset <= offset);
> assert(offset + bytes <= req->overlap_offset + req->overlap_bytes);
> + assert(child->perm & BLK_PERM_WRITE);
>
> ret = notifier_with_return_list_notify(&bs->before_write_notifiers, req);
>
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 52/54] block: Assertions for resize permission
2017-02-21 14:58 ` [Qemu-devel] [PATCH 52/54] block: Assertions for resize permission Kevin Wolf
@ 2017-02-25 15:14 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 15:14 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 333 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> This adds an assertion that ensures that the necessary resize permission
> has been granted before bdrv_truncate() is called.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 3 +++
> 1 file changed, 3 insertions(+)
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 53/54] block: Add Error parameter to bdrv_set_backing_hd()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 53/54] block: Add Error parameter to bdrv_set_backing_hd() Kevin Wolf
@ 2017-02-25 15:36 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 15:36 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 819 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Not all callers of bdrv_set_backing_hd() know for sure that attaching
> the backing file will be allowed by the permission system. Return the
> error from the function rather than aborting.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 27 ++++++++++++++++++++-------
> block/commit.c | 14 +++++++-------
> block/mirror.c | 16 +++++++++++++++-
> block/stream.c | 9 ++++++++-
> block/vvfat.c | 2 +-
> include/block/block.h | 3 ++-
> 6 files changed, 53 insertions(+), 18 deletions(-)
It's a bit unfortunate that bdrv_set_backing_hd() is not atomic, that
is, that the node will no longer have a backing file if the command
fails. Oh well.
Reviewed-by: Max Reitz <mreitz@redhat.com>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 54/54] block: Add Error parameter to bdrv_append()
2017-02-21 14:58 ` [Qemu-devel] [PATCH 54/54] block: Add Error parameter to bdrv_append() Kevin Wolf
@ 2017-02-25 15:49 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-25 15:49 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 7643 bytes --]
On 21.02.2017 15:58, Kevin Wolf wrote:
> Aborting on error in bdrv_append() isn't correct. This patch fixes it
> and lets the callers handle failures.
>
> Test case 085 needs a reference output update. This is caused by the
> reversed order of bdrv_set_backing_hd() and change_parent_backing_link()
> in bdrv_append(): When the backing file of the new node is set, the
> parent nodes are still pointing to the old top, so the backing blocker
> is now initialised with the node name rather than the BlockBackend name.
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block.c | 23 +++++++++++++++++------
> block/mirror.c | 9 ++++++++-
> blockdev.c | 15 +++++++++++++--
> include/block/block.h | 3 ++-
> tests/qemu-iotests/085.out | 2 +-
> 5 files changed, 41 insertions(+), 11 deletions(-)
>
> diff --git a/block.c b/block.c
> index b3f03a4..33edbda 100644
> --- a/block.c
> +++ b/block.c
> @@ -2060,6 +2060,7 @@ static BlockDriverState *bdrv_append_temp_snapshot(BlockDriverState *bs,
> int64_t total_size;
> QemuOpts *opts = NULL;
> BlockDriverState *bs_snapshot;
> + Error *local_err = NULL;
> int ret;
>
> /* if snapshot, we create a temporary backing file and open it
> @@ -2109,7 +2110,12 @@ static BlockDriverState *bdrv_append_temp_snapshot(BlockDriverState *bs,
> * call bdrv_unref() on it), so in order to be able to return one, we have
> * to increase bs_snapshot's refcount here */
> bdrv_ref(bs_snapshot);
> - bdrv_append(bs_snapshot, bs);
> + bdrv_append(bs_snapshot, bs, &local_err);
> + if (local_err) {
> + error_propagate(errp, local_err);
> + ret = -EINVAL;
> + goto out;
> + }
>
> g_free(tmp_filename);
> return bs_snapshot;
> @@ -2900,20 +2906,25 @@ static void change_parent_backing_link(BlockDriverState *from,
> * parents of bs_top after bdrv_append() returns. If the caller needs to keep a
> * reference of its own, it must call bdrv_ref().
> */
> -void bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top)
> +void bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top,
> + Error **errp)
> {
> + Error *local_err = NULL;
> +
> assert(!atomic_read(&bs_top->in_flight));
> assert(!atomic_read(&bs_new->in_flight));
>
> - bdrv_ref(bs_top);
> + bdrv_set_backing_hd(bs_new, bs_top, &local_err);
> + if (local_err) {
> + error_propagate(errp, local_err);
> + goto out;
> + }
>
> change_parent_backing_link(bs_top, bs_new);
> - /* FIXME Error handling */
> - bdrv_set_backing_hd(bs_new, bs_top, &error_abort);
> - bdrv_unref(bs_top);
>
> /* bs_new is now referenced by its new parents, we don't need the
> * additional reference any more. */
> +out:
> bdrv_unref(bs_new);
> }
>
> diff --git a/block/mirror.c b/block/mirror.c
> index abbd847..4e35d85 100644
> --- a/block/mirror.c
> +++ b/block/mirror.c
> @@ -1066,6 +1066,7 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
> BlockDriverState *mirror_top_bs;
> bool target_graph_mod;
> bool target_is_backing;
> + Error *local_err = NULL;
> int ret;
>
> if (granularity == 0) {
> @@ -1096,9 +1097,15 @@ static void mirror_start_job(const char *job_id, BlockDriverState *bs,
> * it alive until block_job_create() even if bs has no parent. */
> bdrv_ref(mirror_top_bs);
> bdrv_drained_begin(bs);
> - bdrv_append(mirror_top_bs, bs);
> + bdrv_append(mirror_top_bs, bs, &local_err);
> bdrv_drained_end(bs);
>
> + if (local_err) {
> + bdrv_unref(mirror_top_bs);
> + error_propagate(errp, local_err);
> + return;
> + }
> +
> /* Make sure that the source is not resized while the job is running */
> s = block_job_create(job_id, driver, mirror_top_bs,
> BLK_PERM_CONSISTENT_READ,
> diff --git a/blockdev.c b/blockdev.c
> index 63b1ac4..580fa66 100644
> --- a/blockdev.c
> +++ b/blockdev.c
> @@ -1764,6 +1764,16 @@ static void external_snapshot_prepare(BlkActionState *common,
>
> if (!state->new_bs->drv->supports_backing) {
> error_setg(errp, "The snapshot does not support backing images");
> + return;
> + }
> +
> + /* This removes our old bs and adds the new bs. This is an operation that
> + * can fail, so we need to do it in .prepare; undoing it for abort is
> + * always possible. */
> + bdrv_append(state->new_bs, state->old_bs, &local_err);
> + if (local_err) {
> + error_propagate(errp, local_err);
> + return;
> }
After bdrv_append(), the state->new_bs reference is no longer valid,
necessarily; especially if the operation failed.
> }
>
> @@ -1774,8 +1784,6 @@ static void external_snapshot_commit(BlkActionState *common)
>
> bdrv_set_aio_context(state->new_bs, state->aio_context);
>
> - /* This removes our old bs and adds the new bs */
> - bdrv_append(state->new_bs, state->old_bs);
> /* We don't need (or want) to use the transactional
> * bdrv_reopen_multiple() across all the entries at once, because we
> * don't want to abort all of them if one of them fails the reopen */
> @@ -1791,6 +1799,9 @@ static void external_snapshot_abort(BlkActionState *common)
> DO_UPCAST(ExternalSnapshotState, common, common);
> if (state->new_bs) {
> bdrv_unref(state->new_bs);
So this is not necessarily a good idea. I guess the solution would be a
bdrv_ref() before bdrv_append().
(At which point we might just remove the bdrv_unref() from bdrv_append()
because all of its callers would invoke bdrv_ref() before, so it's
definitely no longer "what the callers commonly need.")
> + if (state->new_bs->backing) {
> + bdrv_replace_in_backing_chain(state->new_bs, state->old_bs);
> + }
And in any case, this should be before the bdrv_unref(), because that
may have dropped the last reference to state->new_bs.
Max
> }
> }
>
> diff --git a/include/block/block.h b/include/block/block.h
> index 6a6408e..6ce8b26 100644
> --- a/include/block/block.h
> +++ b/include/block/block.h
> @@ -235,7 +235,8 @@ int bdrv_create(BlockDriver *drv, const char* filename,
> QemuOpts *opts, Error **errp);
> int bdrv_create_file(const char *filename, QemuOpts *opts, Error **errp);
> BlockDriverState *bdrv_new(void);
> -void bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top);
> +void bdrv_append(BlockDriverState *bs_new, BlockDriverState *bs_top,
> + Error **errp);
> void bdrv_replace_in_backing_chain(BlockDriverState *old,
> BlockDriverState *new);
>
> diff --git a/tests/qemu-iotests/085.out b/tests/qemu-iotests/085.out
> index 08e4bb7..182acb4 100644
> --- a/tests/qemu-iotests/085.out
> +++ b/tests/qemu-iotests/085.out
> @@ -74,7 +74,7 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 backing_file=TEST_DIR/
>
> === Invalid command - snapshot node used as backing hd ===
>
> -{"error": {"class": "GenericError", "desc": "Node 'snap_11' is busy: node is used as backing hd of 'virtio0'"}}
> +{"error": {"class": "GenericError", "desc": "Node 'snap_11' is busy: node is used as backing hd of 'snap_12'"}}
>
> === Invalid command - snapshot node has a backing image ===
>
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 15/54] block: Involve block drivers in permission granting
2017-02-22 14:04 ` Max Reitz
@ 2017-02-27 12:28 ` Kevin Wolf
2017-02-27 12:32 ` Max Reitz
0 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-27 12:28 UTC (permalink / raw)
To: Max Reitz; +Cc: qemu-block, jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 511 bytes --]
Am 22.02.2017 um 15:04 hat Max Reitz geschrieben:
> > @@ -1390,6 +1565,7 @@ BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
> >
> > ret = bdrv_check_update_perm(child_bs, perm, shared_perm, NULL, errp);
> > if (ret < 0) {
> > + bdrv_abort_perm_update(child_bs);
> > return NULL;
> > }
> >
>
> This function doesn't call bdrv_set_perm(). Intentional?
Yes, intentional. It calls it indirectly via bdrv_replace_child(). I'll
add a comment.
Kevin
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 15/54] block: Involve block drivers in permission granting
2017-02-27 12:28 ` Kevin Wolf
@ 2017-02-27 12:32 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-27 12:32 UTC (permalink / raw)
To: Kevin Wolf; +Cc: qemu-block, jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 839 bytes --]
On 27.02.2017 13:28, Kevin Wolf wrote:
> Am 22.02.2017 um 15:04 hat Max Reitz geschrieben:
>>> @@ -1390,6 +1565,7 @@ BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs,
>>>
>>> ret = bdrv_check_update_perm(child_bs, perm, shared_perm, NULL, errp);
>>> if (ret < 0) {
>>> + bdrv_abort_perm_update(child_bs);
>>> return NULL;
>>> }
>>>
>>
>> This function doesn't call bdrv_set_perm(). Intentional?
>
> Yes, intentional. It calls it indirectly via bdrv_replace_child(). I'll
> add a comment.
Right, bdrv_replace_child() invokes bdrv_update_perm() which invokes
bdrv_set_perm(). However, that means that there shouldn't be any caller
of bdrv_replace_child() which doesn't call bdrv_check_perm() before;
some don't do that, though, e.g. change_parent_backing_link().
Max
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 18/54] block: Default .bdrv_child_perm() for format drivers
2017-02-25 11:57 ` Max Reitz
@ 2017-02-27 12:33 ` Kevin Wolf
2017-02-27 12:34 ` Max Reitz
0 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-27 12:33 UTC (permalink / raw)
To: Max Reitz; +Cc: qemu-block, jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 3272 bytes --]
Am 25.02.2017 um 12:57 hat Max Reitz geschrieben:
> On 21.02.2017 15:58, Kevin Wolf wrote:
> > Almost all format drivers have the same characteristics as far as
> > permissions are concerned: They have one or more children for storing
> > their own data and, more importantly, metadata (can be written to and
> > grow even without external write requests, must be protected against
> > other writers and present consistent data) and optionally a backing file
> > (this is just data, so like for a filter, it only depends on what the
> > parent nodes need).
> >
> > This provides a default implementation that can be shared by most of
> > our format drivers.
> >
> > Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> > ---
> > block.c | 42 ++++++++++++++++++++++++++++++++++++++++++
> > include/block/block_int.h | 8 ++++++++
> > 2 files changed, 50 insertions(+)
> >
> > diff --git a/block.c b/block.c
> > index 523cbd3..f2e7178 100644
> > --- a/block.c
> > +++ b/block.c
> > @@ -1554,6 +1554,48 @@ void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
> > (c->shared_perm & DEFAULT_PERM_UNCHANGED);
> > }
> >
> > +void bdrv_format_default_perms(BlockDriverState *bs, BdrvChild *c,
> > + const BdrvChildRole *role,
> > + uint64_t perm, uint64_t shared,
> > + uint64_t *nperm, uint64_t *nshared)
> > +{
> > + bool backing = (role == &child_backing);
> > + assert(role == &child_backing || role == &child_file);
> > +
> > + if (!backing) {
> > + /* Apart from the modifications below, the same permissions are
> > + * forwarded and left alone as for filters */
> > + bdrv_filter_default_perms(bs, c, role, perm, shared, &perm, &shared);
> > +
> > + /* Format drivers may touch metadata even if the guest doesn't write */
> > + if (!bdrv_is_read_only(bs)) {
> > + perm |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
> > + }
> > +
> > + /* bs->file always needs to be consistent because of the metadata. We
> > + * can never allow other users to resize or write to it. */
> > + perm |= BLK_PERM_CONSISTENT_READ;
> > + shared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
> > + } else {
> > + /* We want consistent read from backing files if the parent needs it.
> > + * No other operations are performed on backing files. */
> > + perm &= BLK_PERM_CONSISTENT_READ;
> > +
> > + /* If the parent can deal with changing data, we're okay with a
> > + * writable and resizable backing file. */
> > + if (shared & BLK_PERM_WRITE) {
> > + shared = BLK_PERM_WRITE | BLK_PERM_RESIZE;
>
> Wouldn't this break CONSISTENT_READ?
WRITE (even for multiple users) and CONSISTENT_READ aren't mutually
exclusive. I was afraid that I didn't define CONSISTENT_READ right, but
it appears that the definition is fine:
* A user that has the "permission" of consistent reads is guaranteed that
* their view of the contents of the block device is complete and
* self-consistent, representing the contents of a disk at a specific
* point.
Kevin
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 18/54] block: Default .bdrv_child_perm() for format drivers
2017-02-27 12:33 ` Kevin Wolf
@ 2017-02-27 12:34 ` Max Reitz
2017-02-27 14:05 ` Kevin Wolf
0 siblings, 1 reply; 131+ messages in thread
From: Max Reitz @ 2017-02-27 12:34 UTC (permalink / raw)
To: Kevin Wolf; +Cc: qemu-block, jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 3539 bytes --]
On 27.02.2017 13:33, Kevin Wolf wrote:
> Am 25.02.2017 um 12:57 hat Max Reitz geschrieben:
>> On 21.02.2017 15:58, Kevin Wolf wrote:
>>> Almost all format drivers have the same characteristics as far as
>>> permissions are concerned: They have one or more children for storing
>>> their own data and, more importantly, metadata (can be written to and
>>> grow even without external write requests, must be protected against
>>> other writers and present consistent data) and optionally a backing file
>>> (this is just data, so like for a filter, it only depends on what the
>>> parent nodes need).
>>>
>>> This provides a default implementation that can be shared by most of
>>> our format drivers.
>>>
>>> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
>>> ---
>>> block.c | 42 ++++++++++++++++++++++++++++++++++++++++++
>>> include/block/block_int.h | 8 ++++++++
>>> 2 files changed, 50 insertions(+)
>>>
>>> diff --git a/block.c b/block.c
>>> index 523cbd3..f2e7178 100644
>>> --- a/block.c
>>> +++ b/block.c
>>> @@ -1554,6 +1554,48 @@ void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
>>> (c->shared_perm & DEFAULT_PERM_UNCHANGED);
>>> }
>>>
>>> +void bdrv_format_default_perms(BlockDriverState *bs, BdrvChild *c,
>>> + const BdrvChildRole *role,
>>> + uint64_t perm, uint64_t shared,
>>> + uint64_t *nperm, uint64_t *nshared)
>>> +{
>>> + bool backing = (role == &child_backing);
>>> + assert(role == &child_backing || role == &child_file);
>>> +
>>> + if (!backing) {
>>> + /* Apart from the modifications below, the same permissions are
>>> + * forwarded and left alone as for filters */
>>> + bdrv_filter_default_perms(bs, c, role, perm, shared, &perm, &shared);
>>> +
>>> + /* Format drivers may touch metadata even if the guest doesn't write */
>>> + if (!bdrv_is_read_only(bs)) {
>>> + perm |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
>>> + }
>>> +
>>> + /* bs->file always needs to be consistent because of the metadata. We
>>> + * can never allow other users to resize or write to it. */
>>> + perm |= BLK_PERM_CONSISTENT_READ;
>>> + shared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
>>> + } else {
>>> + /* We want consistent read from backing files if the parent needs it.
>>> + * No other operations are performed on backing files. */
>>> + perm &= BLK_PERM_CONSISTENT_READ;
>>> +
>>> + /* If the parent can deal with changing data, we're okay with a
>>> + * writable and resizable backing file. */
>>> + if (shared & BLK_PERM_WRITE) {
>>> + shared = BLK_PERM_WRITE | BLK_PERM_RESIZE;
>>
>> Wouldn't this break CONSISTENT_READ?
>
> WRITE (even for multiple users) and CONSISTENT_READ aren't mutually
> exclusive. I was afraid that I didn't define CONSISTENT_READ right, but
> it appears that the definition is fine:
>
> * A user that has the "permission" of consistent reads is guaranteed that
> * their view of the contents of the block device is complete and
> * self-consistent, representing the contents of a disk at a specific
> * point.
Right, but writes to the backing file at least to me appear to be a
different matter. If those don't break CONSISTENT_READ, then I don't see
how commit breaks CONSISTENT_READ for the intermediate nodes.
Max
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 18/54] block: Default .bdrv_child_perm() for format drivers
2017-02-27 12:34 ` Max Reitz
@ 2017-02-27 14:05 ` Kevin Wolf
2017-02-27 14:15 ` Max Reitz
0 siblings, 1 reply; 131+ messages in thread
From: Kevin Wolf @ 2017-02-27 14:05 UTC (permalink / raw)
To: Max Reitz; +Cc: qemu-block, jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 4368 bytes --]
Am 27.02.2017 um 13:34 hat Max Reitz geschrieben:
> On 27.02.2017 13:33, Kevin Wolf wrote:
> > Am 25.02.2017 um 12:57 hat Max Reitz geschrieben:
> >> On 21.02.2017 15:58, Kevin Wolf wrote:
> >>> Almost all format drivers have the same characteristics as far as
> >>> permissions are concerned: They have one or more children for storing
> >>> their own data and, more importantly, metadata (can be written to and
> >>> grow even without external write requests, must be protected against
> >>> other writers and present consistent data) and optionally a backing file
> >>> (this is just data, so like for a filter, it only depends on what the
> >>> parent nodes need).
> >>>
> >>> This provides a default implementation that can be shared by most of
> >>> our format drivers.
> >>>
> >>> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> >>> ---
> >>> block.c | 42 ++++++++++++++++++++++++++++++++++++++++++
> >>> include/block/block_int.h | 8 ++++++++
> >>> 2 files changed, 50 insertions(+)
> >>>
> >>> diff --git a/block.c b/block.c
> >>> index 523cbd3..f2e7178 100644
> >>> --- a/block.c
> >>> +++ b/block.c
> >>> @@ -1554,6 +1554,48 @@ void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
> >>> (c->shared_perm & DEFAULT_PERM_UNCHANGED);
> >>> }
> >>>
> >>> +void bdrv_format_default_perms(BlockDriverState *bs, BdrvChild *c,
> >>> + const BdrvChildRole *role,
> >>> + uint64_t perm, uint64_t shared,
> >>> + uint64_t *nperm, uint64_t *nshared)
> >>> +{
> >>> + bool backing = (role == &child_backing);
> >>> + assert(role == &child_backing || role == &child_file);
> >>> +
> >>> + if (!backing) {
> >>> + /* Apart from the modifications below, the same permissions are
> >>> + * forwarded and left alone as for filters */
> >>> + bdrv_filter_default_perms(bs, c, role, perm, shared, &perm, &shared);
> >>> +
> >>> + /* Format drivers may touch metadata even if the guest doesn't write */
> >>> + if (!bdrv_is_read_only(bs)) {
> >>> + perm |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
> >>> + }
> >>> +
> >>> + /* bs->file always needs to be consistent because of the metadata. We
> >>> + * can never allow other users to resize or write to it. */
> >>> + perm |= BLK_PERM_CONSISTENT_READ;
> >>> + shared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
> >>> + } else {
> >>> + /* We want consistent read from backing files if the parent needs it.
> >>> + * No other operations are performed on backing files. */
> >>> + perm &= BLK_PERM_CONSISTENT_READ;
> >>> +
> >>> + /* If the parent can deal with changing data, we're okay with a
> >>> + * writable and resizable backing file. */
> >>> + if (shared & BLK_PERM_WRITE) {
> >>> + shared = BLK_PERM_WRITE | BLK_PERM_RESIZE;
> >>
> >> Wouldn't this break CONSISTENT_READ?
> >
> > WRITE (even for multiple users) and CONSISTENT_READ aren't mutually
> > exclusive. I was afraid that I didn't define CONSISTENT_READ right, but
> > it appears that the definition is fine:
> >
> > * A user that has the "permission" of consistent reads is guaranteed that
> > * their view of the contents of the block device is complete and
> > * self-consistent, representing the contents of a disk at a specific
> > * point.
>
> Right, but writes to the backing file at least to me appear to be a
> different matter. If those don't break CONSISTENT_READ, then I don't see
> how commit breaks CONSISTENT_READ for the intermediate nodes.
There's probably multiple ways to interpret such actions. You could
understand a commit job as writing the desired image to the base node
and at the same time it's a shared writer for the intermediate nodes
that happens to write garbage. The question is if this is a useful way
of seeing it when the job is to prevent accidental data corruption.
Note that we need writable backing files for commit, so taking away
BLK_PERM_WRITE from shared wouldn't work. We could probably make it
dependent on cleared CONSISTENT_READ (commit jobs don't require this
anyway), if you think that the current version is too permissive.
Kevin
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 22/54] block: Request real permissions in bdrv_attach_child()
2017-02-22 14:31 ` Max Reitz
@ 2017-02-27 14:10 ` Kevin Wolf
0 siblings, 0 replies; 131+ messages in thread
From: Kevin Wolf @ 2017-02-27 14:10 UTC (permalink / raw)
To: Max Reitz; +Cc: qemu-block, jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 1322 bytes --]
Am 22.02.2017 um 15:31 hat Max Reitz geschrieben:
> On 21.02.2017 15:58, Kevin Wolf wrote:
> > Now that all block drivers with children tell us what permissions they
> > need from each of their children, bdrv_attach_child() can use this
> > information and make the right requirements while trying to attach new
> > children.
> >
> > Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> > ---
> > block.c | 8 ++++++--
> > 1 file changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/block.c b/block.c
> > index 1c5f211..054e6f0 100644
> > --- a/block.c
> > +++ b/block.c
> > @@ -1659,10 +1659,14 @@ BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs,
> > Error **errp)
> > {
> > BdrvChild *child;
> > + uint64_t perm, shared_perm;
> > +
> > + assert(parent_bs->drv);
> > + parent_bs->drv->bdrv_child_perm(parent_bs, NULL, child_role,
> > + 0, BLK_PERM_ALL, &perm, &shared_perm);
>
> Another Second Thought™: Why do we request no permissions for the new
> child here? Seems weird to me. Shouldn't the caller specify the
> necessary permissions and what can be shared?
Actually not the caller, but we should calculate the cumulative
permissions of parent_bs, like in bdrv_update_perm().
Kevin
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 18/54] block: Default .bdrv_child_perm() for format drivers
2017-02-27 14:05 ` Kevin Wolf
@ 2017-02-27 14:15 ` Max Reitz
0 siblings, 0 replies; 131+ messages in thread
From: Max Reitz @ 2017-02-27 14:15 UTC (permalink / raw)
To: Kevin Wolf; +Cc: qemu-block, jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 4768 bytes --]
On 27.02.2017 15:05, Kevin Wolf wrote:
> Am 27.02.2017 um 13:34 hat Max Reitz geschrieben:
>> On 27.02.2017 13:33, Kevin Wolf wrote:
>>> Am 25.02.2017 um 12:57 hat Max Reitz geschrieben:
>>>> On 21.02.2017 15:58, Kevin Wolf wrote:
>>>>> Almost all format drivers have the same characteristics as far as
>>>>> permissions are concerned: They have one or more children for storing
>>>>> their own data and, more importantly, metadata (can be written to and
>>>>> grow even without external write requests, must be protected against
>>>>> other writers and present consistent data) and optionally a backing file
>>>>> (this is just data, so like for a filter, it only depends on what the
>>>>> parent nodes need).
>>>>>
>>>>> This provides a default implementation that can be shared by most of
>>>>> our format drivers.
>>>>>
>>>>> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
>>>>> ---
>>>>> block.c | 42 ++++++++++++++++++++++++++++++++++++++++++
>>>>> include/block/block_int.h | 8 ++++++++
>>>>> 2 files changed, 50 insertions(+)
>>>>>
>>>>> diff --git a/block.c b/block.c
>>>>> index 523cbd3..f2e7178 100644
>>>>> --- a/block.c
>>>>> +++ b/block.c
>>>>> @@ -1554,6 +1554,48 @@ void bdrv_filter_default_perms(BlockDriverState *bs, BdrvChild *c,
>>>>> (c->shared_perm & DEFAULT_PERM_UNCHANGED);
>>>>> }
>>>>>
>>>>> +void bdrv_format_default_perms(BlockDriverState *bs, BdrvChild *c,
>>>>> + const BdrvChildRole *role,
>>>>> + uint64_t perm, uint64_t shared,
>>>>> + uint64_t *nperm, uint64_t *nshared)
>>>>> +{
>>>>> + bool backing = (role == &child_backing);
>>>>> + assert(role == &child_backing || role == &child_file);
>>>>> +
>>>>> + if (!backing) {
>>>>> + /* Apart from the modifications below, the same permissions are
>>>>> + * forwarded and left alone as for filters */
>>>>> + bdrv_filter_default_perms(bs, c, role, perm, shared, &perm, &shared);
>>>>> +
>>>>> + /* Format drivers may touch metadata even if the guest doesn't write */
>>>>> + if (!bdrv_is_read_only(bs)) {
>>>>> + perm |= BLK_PERM_WRITE | BLK_PERM_RESIZE;
>>>>> + }
>>>>> +
>>>>> + /* bs->file always needs to be consistent because of the metadata. We
>>>>> + * can never allow other users to resize or write to it. */
>>>>> + perm |= BLK_PERM_CONSISTENT_READ;
>>>>> + shared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
>>>>> + } else {
>>>>> + /* We want consistent read from backing files if the parent needs it.
>>>>> + * No other operations are performed on backing files. */
>>>>> + perm &= BLK_PERM_CONSISTENT_READ;
>>>>> +
>>>>> + /* If the parent can deal with changing data, we're okay with a
>>>>> + * writable and resizable backing file. */
>>>>> + if (shared & BLK_PERM_WRITE) {
>>>>> + shared = BLK_PERM_WRITE | BLK_PERM_RESIZE;
>>>>
>>>> Wouldn't this break CONSISTENT_READ?
>>>
>>> WRITE (even for multiple users) and CONSISTENT_READ aren't mutually
>>> exclusive. I was afraid that I didn't define CONSISTENT_READ right, but
>>> it appears that the definition is fine:
>>>
>>> * A user that has the "permission" of consistent reads is guaranteed that
>>> * their view of the contents of the block device is complete and
>>> * self-consistent, representing the contents of a disk at a specific
>>> * point.
>>
>> Right, but writes to the backing file at least to me appear to be a
>> different matter. If those don't break CONSISTENT_READ, then I don't see
>> how commit breaks CONSISTENT_READ for the intermediate nodes.
>
> There's probably multiple ways to interpret such actions. You could
> understand a commit job as writing the desired image to the base node
> and at the same time it's a shared writer for the intermediate nodes
> that happens to write garbage.
Agreed.
> The question is if this is a useful way
> of seeing it when the job is to prevent accidental data corruption.
Agreed. But then I would infer that any write to a backing file breaks
CONSISTENT_READ on the overlay.
> Note that we need writable backing files for commit, so taking away
> BLK_PERM_WRITE from shared wouldn't work. We could probably make it
> dependent on cleared CONSISTENT_READ (commit jobs don't require this
> anyway), if you think that the current version is too permissive.
I agree that we need to be able to share WRITE for a backing file. But I
think this should only be set if the overlay's parents do not require
CONSISTENT_READ from the overlay.
Max
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 512 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 36/54] commit: Use real permissions in commit block job
2017-02-24 17:29 ` Max Reitz
@ 2017-02-27 18:43 ` Kevin Wolf
0 siblings, 0 replies; 131+ messages in thread
From: Kevin Wolf @ 2017-02-27 18:43 UTC (permalink / raw)
To: Max Reitz; +Cc: qemu-block, jcody, famz, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 4532 bytes --]
Am 24.02.2017 um 18:29 hat Max Reitz geschrieben:
> On 21.02.2017 15:58, Kevin Wolf wrote:
> > This is probably one of the most interesting conversions to the new
> > op blocker system because a commit block job intentionally leaves some
> > intermediate block nodes in the backing chain that aren't valid on their
> > own any more; only the whole chain together results in a valid view.
> >
> > In order to provide the 'consistent read' permission to the parents of
> > the 'top' node of the commit job, a new filter block driver is inserted
> > above 'top' which doesn't require 'consistent read' on its backing
> > chain. Subsequently, the commit job can block 'consistent read' on all
> > intermediate nodes without causing a conflict.
> >
> > Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> > @@ -262,34 +305,62 @@ void commit_start(const char *job_id, BlockDriverState *bs,
> > }
> > }
> >
> > + /* Insert commit_top block node above top, so we can block consistent read
> > + * on the backing chain below it */
> > + commit_top_bs = bdrv_new_open_driver(&bdrv_commit_top, NULL, BDRV_O_RDWR,
>
> Why RDWR when the driver only allows reads anyway?
Good question. I'll try to change it, maybe it doesn't break everything.
> > + errp);
> > + if (commit_top_bs == NULL) {
> > + goto fail;
> > + }
> > +
> > + bdrv_set_backing_hd(commit_top_bs, top);
> > + bdrv_set_backing_hd(overlay_bs, commit_top_bs);
> > +
> > + s->commit_top_bs = commit_top_bs;
> > + bdrv_unref(commit_top_bs);
> >
> > /* Block all nodes between top and base, because they will
> > * disappear from the chain after this operation. */
> > assert(bdrv_chain_contains(top, base));
> > - for (iter = top; iter != backing_bs(base); iter = backing_bs(iter)) {
> > - /* FIXME Use real permissions */
> > - block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
> > - BLK_PERM_ALL, &error_abort);
> > + for (iter = top; iter != base; iter = backing_bs(iter)) {
> > + /* XXX BLK_PERM_WRITE needs to be allowed so we don't block ourselves
> > + * at s->base.
>
> As far as I can see, the loop doesn't even touch base, though...?
If bs isn't writable, bs->backing generally isn't writable either, and
we are touching a parent of base.
> > The other options would be a second filter driver above
> > + * s->base. */
> > + ret = block_job_add_bdrv(&s->common, "intermediate node", iter, 0,
>
> Don't we need CONSISTENT_READ at least for top?
top can't provide CONSISTENT_READ because its backing files can't
provide it. It's the job (one of the jobs) of commit_top_bs to shield
the parents of top from the loss of CONSISTENT_READ.
> > + BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE,
> > + errp);
> > + if (ret < 0) {
> > + goto fail;
> > + }
> > }
> > +
> > + ret = block_job_add_bdrv(&s->common, "base", base, 0, BLK_PERM_ALL, errp);
> > + if (ret < 0) {
> > + goto fail;
> > + }
> > +
> > /* overlay_bs must be blocked because it needs to be modified to
> > - * update the backing image string, but if it's the root node then
> > - * don't block it again */
> > - if (bs != overlay_bs) {
> > - /* FIXME Use real permissions */
> > - block_job_add_bdrv(&s->common, "overlay of top", overlay_bs, 0,
> > - BLK_PERM_ALL, &error_abort);
> > + * update the backing image string. */
> > + ret = block_job_add_bdrv(&s->common, "overlay of top", overlay_bs,
> > + BLK_PERM_GRAPH_MOD, BLK_PERM_ALL, errp);
> > + if (ret < 0) {
> > + goto fail;
> > }
> >
> > - /* FIXME Use real permissions */
> > - s->base = blk_new(0, BLK_PERM_ALL);
> > + s->base = blk_new(BLK_PERM_CONSISTENT_READ
>
> Do we actually need CONSISTENT_READ for the base?
If base doesn't provide CONSISTENT_READ, commit_top_bs wouldn't be able
to provide it either.
If we ever find a case where this is too restrictive because the parents
of commit_top_bs don't need CONSISTENT_READ, we can probably be less
strict in this case, but just getting commit to work is already tricky
enough that I wouldn't like to do it in this patch (or even series).
Kevin
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
* Re: [Qemu-devel] [PATCH 48/54] nbd/server: Use real permissions for NBD exports
2017-02-21 14:58 ` [Qemu-devel] [PATCH 48/54] nbd/server: Use real permissions for NBD exports Kevin Wolf
2017-02-25 15:05 ` Max Reitz
@ 2017-02-27 20:09 ` Eric Blake
1 sibling, 0 replies; 131+ messages in thread
From: Eric Blake @ 2017-02-27 20:09 UTC (permalink / raw)
To: Kevin Wolf, qemu-block; +Cc: jcody, famz, qemu-devel, mreitz
[-- Attachment #1: Type: text/plain, Size: 653 bytes --]
On 02/21/2017 08:58 AM, Kevin Wolf wrote:
> NBD can't cope with device size changes, so resize must be forbidden,
> but otherwise we can tolerate anything. Depending on whether the export
> is writable or not, we only require consistent reads and writes.
Well, there is a proposal for NBD to grow an extension to support
resizes, but nothing that will land in time for qemu 2.9 :)
>
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> nbd/server.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 131+ messages in thread
end of thread, other threads:[~2017-02-27 20:09 UTC | newest]
Thread overview: 131+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-21 14:57 [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 Kevin Wolf
2017-02-21 14:57 ` [Qemu-devel] [PATCH 01/54] blockdev: Use BlockBackend to resize in qmp_block_resize() Kevin Wolf
2017-02-22 12:27 ` Max Reitz
2017-02-21 14:57 ` [Qemu-devel] [PATCH 02/54] qcow2: Use BB for resizing in qcow2_amend_options() Kevin Wolf
2017-02-22 12:28 ` Max Reitz
2017-02-22 15:53 ` Eric Blake
2017-02-21 14:57 ` [Qemu-devel] [PATCH 03/54] mirror: Resize active commit base in mirror_run() Kevin Wolf
2017-02-22 12:34 ` Max Reitz
2017-02-23 11:31 ` Fam Zheng
2017-02-21 14:58 ` [Qemu-devel] [PATCH 04/54] block: Pass BdrvChild to bdrv_truncate() Kevin Wolf
2017-02-22 12:37 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 05/54] block: Attach bs->file only during .bdrv_open() Kevin Wolf
2017-02-22 12:41 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 06/54] block: Factor out bdrv_open_child_bs() Kevin Wolf
2017-02-22 12:46 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 07/54] block: Use BlockBackend for image probing Kevin Wolf
2017-02-22 12:56 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 08/54] block: Factor out bdrv_open_driver() Kevin Wolf
2017-02-22 12:59 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 09/54] block: Add bdrv_new_open_driver() Kevin Wolf
2017-02-22 13:15 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 10/54] vvfat: Use opened node as backing file Kevin Wolf
2017-02-22 13:26 ` Max Reitz
2017-02-23 11:49 ` Fam Zheng
2017-02-23 12:25 ` Kevin Wolf
2017-02-23 12:45 ` Fam Zheng
2017-02-21 14:58 ` [Qemu-devel] [PATCH 11/54] tests: Use opened block node for block job tests Kevin Wolf
2017-02-22 13:41 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 12/54] block: Add op blocker permission constants Kevin Wolf
2017-02-22 13:43 ` Max Reitz
2017-02-23 11:53 ` Fam Zheng
2017-02-21 14:58 ` [Qemu-devel] [PATCH 13/54] block: Add Error argument to bdrv_attach_child() Kevin Wolf
2017-02-22 13:46 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 14/54] block: Let callers request permissions when attaching a child node Kevin Wolf
2017-02-22 13:47 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 15/54] block: Involve block drivers in permission granting Kevin Wolf
2017-02-22 14:04 ` Max Reitz
2017-02-27 12:28 ` Kevin Wolf
2017-02-27 12:32 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 16/54] block: Default .bdrv_child_perm() for filter drivers Kevin Wolf
2017-02-22 14:05 ` Max Reitz
2017-02-22 14:28 ` Max Reitz
2017-02-23 12:36 ` Fam Zheng
2017-02-21 14:58 ` [Qemu-devel] [PATCH 17/54] block: Request child permissions in " Kevin Wolf
2017-02-22 14:07 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 18/54] block: Default .bdrv_child_perm() for format drivers Kevin Wolf
2017-02-22 14:08 ` Max Reitz
2017-02-25 11:57 ` Max Reitz
2017-02-27 12:33 ` Kevin Wolf
2017-02-27 12:34 ` Max Reitz
2017-02-27 14:05 ` Kevin Wolf
2017-02-27 14:15 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 19/54] block: Request child permissions in " Kevin Wolf
2017-02-22 14:09 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 20/54] vvfat: Implement .bdrv_child_perm() Kevin Wolf
2017-02-22 14:12 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 21/54] block: Require .bdrv_child_perm() with child nodes Kevin Wolf
2017-02-22 14:14 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 22/54] block: Request real permissions in bdrv_attach_child() Kevin Wolf
2017-02-22 14:24 ` Max Reitz
2017-02-22 14:31 ` Max Reitz
2017-02-27 14:10 ` Kevin Wolf
2017-02-21 14:58 ` [Qemu-devel] [PATCH 23/54] block: Add permissions to BlockBackend Kevin Wolf
2017-02-22 14:32 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 24/54] block: Add permissions to blk_new() Kevin Wolf
2017-02-22 14:36 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 25/54] block: Add error parameter to blk_insert_bs() Kevin Wolf
2017-02-22 14:42 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 26/54] block: Add BDRV_O_RESIZE for blk_new_open() Kevin Wolf
2017-02-22 14:51 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 27/54] block: Request real permissions in blk_new_open() Kevin Wolf
2017-02-22 14:52 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 28/54] block: Allow error return in BlockDevOps.change_media_cb() Kevin Wolf
2017-02-24 13:29 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 29/54] hw/block: Request permissions Kevin Wolf
2017-02-24 13:46 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 30/54] hw/block: Introduce share-rw qdev property Kevin Wolf
2017-02-24 13:49 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 31/54] blockjob: Add permissions to block_job_create() Kevin Wolf
2017-02-24 13:50 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 32/54] block: Add BdrvChildRole.get_parent_desc() Kevin Wolf
2017-02-24 13:56 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 33/54] block: Include details on permission errors in message Kevin Wolf
2017-02-24 8:41 ` Fam Zheng
2017-02-24 13:58 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 34/54] block: Add BdrvChildRole.stay_at_node Kevin Wolf
2017-02-24 14:00 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 35/54] blockjob: Add permissions to block_job_add_bdrv() Kevin Wolf
2017-02-24 14:10 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 36/54] commit: Use real permissions in commit block job Kevin Wolf
2017-02-24 17:29 ` Max Reitz
2017-02-27 18:43 ` Kevin Wolf
2017-02-21 14:58 ` [Qemu-devel] [PATCH 37/54] commit: Use real permissions for HMP 'commit' Kevin Wolf
2017-02-25 11:58 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 38/54] backup: Use real permissions in backup block job Kevin Wolf
2017-02-25 12:06 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 39/54] block: Fix pending requests check in bdrv_append() Kevin Wolf
2017-02-25 12:15 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 40/54] block: BdrvChildRole.attach/detach() callbacks Kevin Wolf
2017-02-25 12:29 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 41/54] block: Allow backing file links in change_parent_backing_link() Kevin Wolf
2017-02-25 12:33 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 42/54] mirror: Use real permissions in mirror/active commit block job Kevin Wolf
2017-02-25 13:49 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 43/54] stream: Use real permissions in streaming " Kevin Wolf
2017-02-25 13:58 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 44/54] mirror: Add filter-node-name to blockdev-mirror Kevin Wolf
2017-02-25 14:19 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 45/54] commit: Add filter-node-name to block-commit Kevin Wolf
2017-02-25 14:37 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 46/54] hmp: Request permissions in qemu-io Kevin Wolf
2017-02-25 14:46 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 47/54] migration/block: Use real permissions Kevin Wolf
2017-02-25 14:54 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 48/54] nbd/server: Use real permissions for NBD exports Kevin Wolf
2017-02-25 15:05 ` Max Reitz
2017-02-27 20:09 ` Eric Blake
2017-02-21 14:58 ` [Qemu-devel] [PATCH 49/54] tests: Remove FIXME comments Kevin Wolf
2017-02-25 15:06 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 50/54] block: Pass BdrvChild to bdrv_aligned_preadv/pwritev Kevin Wolf
2017-02-25 15:12 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 51/54] block: Assertions for write permissions Kevin Wolf
2017-02-25 15:13 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 52/54] block: Assertions for resize permission Kevin Wolf
2017-02-25 15:14 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 53/54] block: Add Error parameter to bdrv_set_backing_hd() Kevin Wolf
2017-02-25 15:36 ` Max Reitz
2017-02-21 14:58 ` [Qemu-devel] [PATCH 54/54] block: Add Error parameter to bdrv_append() Kevin Wolf
2017-02-25 15:49 ` Max Reitz
2017-02-21 16:38 ` [Qemu-devel] [PATCH 00/54] New op blocker system, part 1 no-reply
2017-02-24 14:25 ` Kevin Wolf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.