[3/6] block: Drop permissions when migration completes

Message ID	1493916761-32319-4-git-send-email-kwolf@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 4300B7F3E1 From: Kevin Wolf <kwolf@redhat.com> To: qemu-block@nongnu.org Date: Thu, 4 May 2017 18:52:38 +0200 Message-Id: <1493916761-32319-4-git-send-email-kwolf@redhat.com> In-Reply-To: <1493916761-32319-1-git-send-email-kwolf@redhat.com> References: <1493916761-32319-1-git-send-email-kwolf@redhat.com> Subject: [Qemu-devel] [PATCH 3/6] block: Drop permissions when migration completes Precedence: list Cc: kwolf@redhat.com, famz@redhat.com, qemu-devel@nongnu.org, mreitz@redhat.com Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Message ID

1493916761-32319-4-git-send-email-kwolf@redhat.com

State

New

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 4300B7F3E1
From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Date: Thu,  4 May 2017 18:52:38 +0200
Message-Id: <1493916761-32319-4-git-send-email-kwolf@redhat.com>
In-Reply-To: <1493916761-32319-1-git-send-email-kwolf@redhat.com>
References: <1493916761-32319-1-git-send-email-kwolf@redhat.com>
Subject: [Qemu-devel] [PATCH 3/6] block: Drop permissions when migration
	completes
Precedence: list
Cc: kwolf@redhat.com, famz@redhat.com, qemu-devel@nongnu.org,
	mreitz@redhat.com
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Commit Message

Kevin Wolf May 4, 2017, 4:52 p.m. UTC

With image locking, permissions affect other qemu processes as well. We
want to be sure that the destination can run, so let's drop permissions
on the source when migration completes.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 block.c                   | 12 +++++++++++-
 block/block-backend.c     | 25 +++++++++++++++++++++++++
 include/block/block_int.h |  7 ++++---
 3 files changed, 40 insertions(+), 4 deletions(-)

Comments

Eric Blake May 4, 2017, 5:21 p.m. UTC | #1

On 05/04/2017 11:52 AM, Kevin Wolf wrote:
> With image locking, permissions affect other qemu processes as well. We
> want to be sure that the destination can run, so let's drop permissions
> on the source when migration completes.
> 
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
>  block.c                   | 12 +++++++++++-
>  block/block-backend.c     | 25 +++++++++++++++++++++++++
>  include/block/block_int.h |  7 ++++---
>  3 files changed, 40 insertions(+), 4 deletions(-)
> 

Reviewed-by: Eric Blake <eblake@redhat.com>

diff --git a/block.c b/block.c
index 3e7f124..c3e7ebd 100644
--- a/block.c
+++ b/block.c
@@ -4028,7 +4028,7 @@  void bdrv_invalidate_cache_all(Error **errp)
 static int bdrv_inactivate_recurse(BlockDriverState *bs,
                                    bool setting_flag)
 {
-    BdrvChild *child;
+    BdrvChild *child, *parent;
     int ret;
 
     if (!setting_flag && bs->drv->bdrv_inactivate) {
@@ -4047,6 +4047,16 @@  static int bdrv_inactivate_recurse(BlockDriverState *bs,
 
     if (setting_flag) {
         bs->open_flags |= BDRV_O_INACTIVE;
+
+        QLIST_FOREACH(parent, &bs->parents, next_parent) {
+            if (parent->role->inactivate) {
+                ret = parent->role->inactivate(parent);
+                if (ret < 0) {
+                    bs->open_flags &= ~BDRV_O_INACTIVE;
+                    return ret;
+                }
+            }
+        }
     }
     return 0;
 }
diff --git a/block/block-backend.c b/block/block-backend.c
index a7ce72b..f3a6008 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -156,6 +156,30 @@  static void blk_root_activate(BdrvChild *child, Error **errp)
     }
 }
 
+static int blk_root_inactivate(BdrvChild *child)
+{
+    BlockBackend *blk = child->opaque;
+
+    if (blk->disable_perm) {
+        return 0;
+    }
+
+    /* Only inactivate BlockBackends for guest devices (which are inactive at
+     * this point because the VM is stopped) and unattached monitor-owned
+     * BlockBackends. If there is still any other user like a block job, then
+     * we simply can't inactivate the image. */
+    if (!blk->dev && !blk->name[0]) {
+        return -EPERM;
+    }
+
+    blk->disable_perm = true;
+    if (blk->root) {
+        bdrv_child_try_set_perm(blk->root, 0, BLK_PERM_ALL, &error_abort);
+    }
+
+    return 0;
+}
+
 static const BdrvChildRole child_root = {
     .inherit_options    = blk_root_inherit_options,
 
@@ -168,6 +192,7 @@  static const BdrvChildRole child_root = {
     .drained_end        = blk_root_drained_end,
 
     .activate           = blk_root_activate,
+    .inactivate         = blk_root_inactivate,
 };
 
 /*
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 5637925..5750a44 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -473,10 +473,11 @@  struct BdrvChildRole {
     void (*drained_begin)(BdrvChild *child);
     void (*drained_end)(BdrvChild *child);
 
-    /* Notifies the parent that the child has been activated (e.g. when
-     * migration is completing) and it can start requesting permissions and
-     * doing I/O on it. */
+    /* Notifies the parent that the child has been activated/inactivated (e.g.
+     * when migration is completing) and it can start/stop requesting
+     * permissions and doing I/O on it. */
     void (*activate)(BdrvChild *child, Error **errp);
+    int (*inactivate)(BdrvChild *child);
 
     void (*attach)(BdrvChild *child);
     void (*detach)(BdrvChild *child);

[3/6] block: Drop permissions when migration completes

Commit Message

Comments

Patch