Patchwork [v2,resend,3/4] Block: readonly changes

login
register
mail settings
Submitter Naphtali Sprei
Date Feb. 4, 2010, 10:04 p.m.
Message ID <1265321069-4105-4-git-send-email-nsprei@redhat.com>
Download mbox | patch
Permalink /patch/44557/
State New
Headers show

Comments

Naphtali Sprei - Feb. 4, 2010, 10:04 p.m.
Open backing file for read-only
During commit upgrade to read-write and back at end to read-only

Signed-off-by: Naphtali Sprei <nsprei@redhat.com>
---
 block.c     |   68 ++++++++++++++++++++++++++++++++++++++++++++++++++++-------
 block_int.h |    1 +
 2 files changed, 61 insertions(+), 8 deletions(-)
Kevin Wolf - Feb. 5, 2010, 8:20 a.m.
Am 04.02.2010 23:04, schrieb Naphtali Sprei:
> Open backing file for read-only
> During commit upgrade to read-write and back at end to read-only
> 
> Signed-off-by: Naphtali Sprei <nsprei@redhat.com>
> ---
>  block.c     |   68 ++++++++++++++++++++++++++++++++++++++++++++++++++++-------
>  block_int.h |    1 +
>  2 files changed, 61 insertions(+), 8 deletions(-)
> 
> diff --git a/block.c b/block.c
> index 66564de..4a9df91 100644
> --- a/block.c
> +++ b/block.c
> @@ -451,7 +451,6 @@ int bdrv_open2(BlockDriverState *bs, const char *filename, int flags,
>      if (flags & (BDRV_O_CACHE_WB|BDRV_O_NOCACHE))
>          bs->enable_write_cache = 1;
>  
> -    bs->read_only = (flags & BDRV_O_RDWR) == 0;
>      if (!(flags & BDRV_O_FILE)) {
>          open_flags = (flags & (BDRV_O_RDWR | BDRV_O_CACHE_MASK|BDRV_O_NATIVE_AIO));
>          if (bs->is_temporary) { /* snapshot should be writeable */
> @@ -466,6 +465,7 @@ int bdrv_open2(BlockDriverState *bs, const char *filename, int flags,
>          goto free_and_fail;
>      }
>  
> +    bs->keep_read_only = bs->read_only = !(open_flags & BDRV_O_RDWR);
>      if (drv->bdrv_getlength) {
>          bs->total_sectors = bdrv_getlength(bs) >> BDRV_SECTOR_BITS;
>      }
> @@ -482,13 +482,28 @@ int bdrv_open2(BlockDriverState *bs, const char *filename, int flags,
>                       filename, bs->backing_file);
>          if (bs->backing_format[0] != '\0')
>              back_drv = bdrv_find_format(bs->backing_format);
> +
> +        open_flags &= ~BDRV_O_RDWR; /* clear RW, then restore from orig */
> +        if (bs->is_temporary) {
> +            open_flags |= (flags & BDRV_O_RDWR);
> +        }
> +        
>          ret = bdrv_open2(bs->backing_hd, backing_filename, open_flags,
>                           back_drv);
> -        bs->backing_hd->read_only =  (open_flags & BDRV_O_RDWR) == 0;
> +        if (ret < 0) {
> +            open_flags &= ~BDRV_O_RDWR;  /* Fall-back to read-only for the backing file */
> +            ret = bdrv_open2(bs->backing_hd, backing_filename, open_flags,
> +                             back_drv);
> +        }

Why is this needed? The only case in which a backing file is opened
read-write is during commit, right? For commit there is certainly no use
in opening it read-only instead.

This whole code looks like there are cases where a backing file is still
opened read-write by default, though the commit message says that no
such backing files exist. Am I missing something?

>          if (ret < 0) {
>              bdrv_close(bs);
>              return ret;
>          }
> +        if (!bs->is_temporary) {
> +            bs->backing_hd->keep_read_only = bs->keep_read_only; /* base image inherits from "parent" and open read-only */

This looks like more than 80 characters on a line.

What would helps here and also would improve consistency in style is to
move the comments to the line before instead of sticking them at the end
of a code line. This is true even more if the comment actually applies
to a whole block and not only to the line in which it is written (you're
doing this in other places).

> +        } else {
> +            bs->backing_hd->keep_read_only = !(flags & BDRV_O_RDWR);
> +        }
>      }
>  
>      if (!bdrv_key_required(bs)) {
> @@ -564,19 +579,38 @@ int bdrv_commit(BlockDriverState *bs)
>  {
>      BlockDriver *drv = bs->drv;
>      int64_t i, total_sectors;
> -    int n, j;
> +    int n, j, ro, open_flags;
>      int ret = 0;
>      unsigned char sector[512];
> +    char filename[1024];
> +    BlockDriverState *bs_rw, *bs_ro;
>  
>      if (!drv)
>          return -ENOMEDIUM;
> +    
> +    if (!bs->backing_hd) {
> +	return -ENOTSUP;
> +    }
>  
> -    if (bs->read_only) {
> +    if (bs->backing_hd->keep_read_only) {
>  	return -EACCES;
>      }
> +    
> +    ro = bs->backing_hd->read_only;
> +    strncpy(filename, bs->backing_hd->filename, sizeof(filename));
> +    open_flags =  bs->backing_hd->open_flags;
>  
> -    if (!bs->backing_hd) {
> -	return -ENOTSUP;
> +    if (ro) { /* re-open as RW */
> +        bdrv_close(bs->backing_hd);
> +        qemu_free(bs->backing_hd);

bdrv_delete is doing what you mean here. But actually, you don't need to
delete it, you can just reuse the old bs for re-opening the image.

> +
> +        bs_rw = bdrv_new("");
> +        ret = bdrv_open2(bs_rw, filename, open_flags | BDRV_O_RDWR, NULL);
> +        if (ret < 0) {
> +            bdrv_delete(bs_rw);
> +            return -EACCES;

Why don't you pass the right return value up? Apart from that, you
should re-open the backing file (read-only) or the VM will get into
trouble...

> +        }
> +        bs->backing_hd = bs_rw;

Eek... ;-) Well, it should work, as far as I know the block drivers.

>      }
>  
>      total_sectors = bdrv_getlength(bs) >> BDRV_SECTOR_BITS;
> @@ -584,11 +618,13 @@ int bdrv_commit(BlockDriverState *bs)
>          if (drv->bdrv_is_allocated(bs, i, 65536, &n)) {
>              for(j = 0; j < n; j++) {
>                  if (bdrv_read(bs, i, sector, 1) != 0) {
> -                    return -EIO;
> +                    ret = -EIO;
> +                    goto ro_cleanup;
>                  }
>  
>                  if (bdrv_write(bs->backing_hd, i, sector, 1) != 0) {
> -                    return -EIO;
> +                    ret = -EIO;
> +                    goto ro_cleanup;
>                  }
>                  i++;
>  	    }
> @@ -608,6 +644,22 @@ int bdrv_commit(BlockDriverState *bs)
>       */
>      if (bs->backing_hd)
>          bdrv_flush(bs->backing_hd);
> +
> +ro_cleanup:
> +
> +    if (ro) { /* re-open as RO */
> +        bdrv_close(bs->backing_hd);
> +        qemu_free(bs->backing_hd);

Again, I think bdrv_delete is needed.

> +        bs_ro = bdrv_new("");
> +        ret = bdrv_open2(bs_ro, filename, open_flags & ~BDRV_O_RDWR, NULL);
> +        if (ret < 0) {
> +            bdrv_delete(bs_ro);
> +            return -EACCES;

Again, wrong return value.

> +        }
> +        bs->backing_hd = bs_ro;
> +        bs->backing_hd->keep_read_only = 0;
> +    }
> +
>      return ret;
>  }
>  
> diff --git a/block_int.h b/block_int.h
> index 9144d37..02fae5b 100644
> --- a/block_int.h
> +++ b/block_int.h
> @@ -130,6 +130,7 @@ struct BlockDriverState {
>      int64_t total_sectors; /* if we are reading a disk image, give its
>                                size in sectors */
>      int read_only; /* if true, the media is read only */
> +    int keep_read_only; /* if true, the media was requested to stay read only */
>      int open_flags; /* flags used to open the file */
>      int removable; /* if true, the media can be removed */
>      int locked;    /* if true, the media cannot temporarily be ejected */

Kevin

Patch

diff --git a/block.c b/block.c
index 66564de..4a9df91 100644
--- a/block.c
+++ b/block.c
@@ -451,7 +451,6 @@  int bdrv_open2(BlockDriverState *bs, const char *filename, int flags,
     if (flags & (BDRV_O_CACHE_WB|BDRV_O_NOCACHE))
         bs->enable_write_cache = 1;
 
-    bs->read_only = (flags & BDRV_O_RDWR) == 0;
     if (!(flags & BDRV_O_FILE)) {
         open_flags = (flags & (BDRV_O_RDWR | BDRV_O_CACHE_MASK|BDRV_O_NATIVE_AIO));
         if (bs->is_temporary) { /* snapshot should be writeable */
@@ -466,6 +465,7 @@  int bdrv_open2(BlockDriverState *bs, const char *filename, int flags,
         goto free_and_fail;
     }
 
+    bs->keep_read_only = bs->read_only = !(open_flags & BDRV_O_RDWR);
     if (drv->bdrv_getlength) {
         bs->total_sectors = bdrv_getlength(bs) >> BDRV_SECTOR_BITS;
     }
@@ -482,13 +482,28 @@  int bdrv_open2(BlockDriverState *bs, const char *filename, int flags,
                      filename, bs->backing_file);
         if (bs->backing_format[0] != '\0')
             back_drv = bdrv_find_format(bs->backing_format);
+
+        open_flags &= ~BDRV_O_RDWR; /* clear RW, then restore from orig */
+        if (bs->is_temporary) {
+            open_flags |= (flags & BDRV_O_RDWR);
+        }
+        
         ret = bdrv_open2(bs->backing_hd, backing_filename, open_flags,
                          back_drv);
-        bs->backing_hd->read_only =  (open_flags & BDRV_O_RDWR) == 0;
+        if (ret < 0) {
+            open_flags &= ~BDRV_O_RDWR;  /* Fall-back to read-only for the backing file */
+            ret = bdrv_open2(bs->backing_hd, backing_filename, open_flags,
+                             back_drv);
+        }
         if (ret < 0) {
             bdrv_close(bs);
             return ret;
         }
+        if (!bs->is_temporary) {
+            bs->backing_hd->keep_read_only = bs->keep_read_only; /* base image inherits from "parent" and open read-only */
+        } else {
+            bs->backing_hd->keep_read_only = !(flags & BDRV_O_RDWR);
+        }
     }
 
     if (!bdrv_key_required(bs)) {
@@ -564,19 +579,38 @@  int bdrv_commit(BlockDriverState *bs)
 {
     BlockDriver *drv = bs->drv;
     int64_t i, total_sectors;
-    int n, j;
+    int n, j, ro, open_flags;
     int ret = 0;
     unsigned char sector[512];
+    char filename[1024];
+    BlockDriverState *bs_rw, *bs_ro;
 
     if (!drv)
         return -ENOMEDIUM;
+    
+    if (!bs->backing_hd) {
+	return -ENOTSUP;
+    }
 
-    if (bs->read_only) {
+    if (bs->backing_hd->keep_read_only) {
 	return -EACCES;
     }
+    
+    ro = bs->backing_hd->read_only;
+    strncpy(filename, bs->backing_hd->filename, sizeof(filename));
+    open_flags =  bs->backing_hd->open_flags;
 
-    if (!bs->backing_hd) {
-	return -ENOTSUP;
+    if (ro) { /* re-open as RW */
+        bdrv_close(bs->backing_hd);
+        qemu_free(bs->backing_hd);
+
+        bs_rw = bdrv_new("");
+        ret = bdrv_open2(bs_rw, filename, open_flags | BDRV_O_RDWR, NULL);
+        if (ret < 0) {
+            bdrv_delete(bs_rw);
+            return -EACCES;
+        }
+        bs->backing_hd = bs_rw;
     }
 
     total_sectors = bdrv_getlength(bs) >> BDRV_SECTOR_BITS;
@@ -584,11 +618,13 @@  int bdrv_commit(BlockDriverState *bs)
         if (drv->bdrv_is_allocated(bs, i, 65536, &n)) {
             for(j = 0; j < n; j++) {
                 if (bdrv_read(bs, i, sector, 1) != 0) {
-                    return -EIO;
+                    ret = -EIO;
+                    goto ro_cleanup;
                 }
 
                 if (bdrv_write(bs->backing_hd, i, sector, 1) != 0) {
-                    return -EIO;
+                    ret = -EIO;
+                    goto ro_cleanup;
                 }
                 i++;
 	    }
@@ -608,6 +644,22 @@  int bdrv_commit(BlockDriverState *bs)
      */
     if (bs->backing_hd)
         bdrv_flush(bs->backing_hd);
+
+ro_cleanup:
+
+    if (ro) { /* re-open as RO */
+        bdrv_close(bs->backing_hd);
+        qemu_free(bs->backing_hd);
+        bs_ro = bdrv_new("");
+        ret = bdrv_open2(bs_ro, filename, open_flags & ~BDRV_O_RDWR, NULL);
+        if (ret < 0) {
+            bdrv_delete(bs_ro);
+            return -EACCES;
+        }
+        bs->backing_hd = bs_ro;
+        bs->backing_hd->keep_read_only = 0;
+    }
+
     return ret;
 }
 
diff --git a/block_int.h b/block_int.h
index 9144d37..02fae5b 100644
--- a/block_int.h
+++ b/block_int.h
@@ -130,6 +130,7 @@  struct BlockDriverState {
     int64_t total_sectors; /* if we are reading a disk image, give its
                               size in sectors */
     int read_only; /* if true, the media is read only */
+    int keep_read_only; /* if true, the media was requested to stay read only */
     int open_flags; /* flags used to open the file */
     int removable; /* if true, the media can be removed */
     int locked;    /* if true, the media cannot temporarily be ejected */