From patchwork Tue Mar 12 16:48:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alberto Garcia X-Patchwork-Id: 1055562 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=igalia.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=igalia.com header.i=@igalia.com header.b="jk11Ag14"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44Jh7x3crQz9s6w for ; Wed, 13 Mar 2019 04:01:16 +1100 (AEDT) Received: from localhost ([127.0.0.1]:55936 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h3kmA-000840-2Z for incoming@patchwork.ozlabs.org; Tue, 12 Mar 2019 13:01:14 -0400 Received: from eggs.gnu.org ([209.51.188.92]:43451) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h3kaX-0006d3-4Z for qemu-devel@nongnu.org; Tue, 12 Mar 2019 12:49:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h3kaV-0006gl-Ad for qemu-devel@nongnu.org; Tue, 12 Mar 2019 12:49:13 -0400 Received: from fanzine.igalia.com ([91.117.99.155]:33712) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h3kaU-0006dF-LF; Tue, 12 Mar 2019 12:49:11 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=igalia.com; s=20170329; h=References:In-Reply-To:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From; bh=Vq6174PlIaAjGqXUyrs/FdmxDwlP11DlUdylBVBWRNk=; b=jk11Ag14y/VTGyiZpRjj0IgEiAlAeRriK0LAHv3wWH0p8qKQEb0dTdeZaF4tJz5HkVXr1nA8RoNAV+PsRHNnNXXxI3Luwu58dNWWTqZbkWS56t5jXXYANnK3obtMZBVpUEKntPazAQESbsin3R2hD+qCtuulHJFEPLrt2STIw6sspqyhSX27gWnAoxF/feSbvFAtD4/87vVwDxt5wFbFVPpzqwU8Mr5/oPlHsnAvFm5GTiqd0t4m6CP9koHjmp9vGhAXpDIIJll/W48z9la506Kv6YplwtfY7+ufLu3mbZEUGXftUfqtFP/Y7YhXkUtdGKvzVtJBa9p/pR+WQ7S0OA==; Received: from 87-100-202-60.bb.dnainternet.fi ([87.100.202.60] helo=perseus.local) by fanzine.igalia.com with esmtpsa (Cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim) id 1h3kaS-0006ol-3N; Tue, 12 Mar 2019 17:49:08 +0100 Received: from berto by perseus.local with local (Exim 4.89) (envelope-from ) id 1h3kaE-0007vb-Rq; Tue, 12 Mar 2019 18:48:54 +0200 From: Alberto Garcia To: qemu-devel@nongnu.org Date: Tue, 12 Mar 2019 18:48:40 +0200 Message-Id: <407de9e2b08e0f47b10c48039458fd4b6c143154.1552409054.git.berto@igalia.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: References: In-Reply-To: References: X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no timestamps) [generic] [fuzzy] X-Received-From: 91.117.99.155 Subject: [Qemu-devel] [PATCH v3 01/13] block: Allow freezing BdrvChild links X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Our permission system is useful to define what operations are allowed on a certain block node and includes things like BLK_PERM_WRITE or BLK_PERM_RESIZE among others. One of the permissions is BLK_PERM_GRAPH_MOD which allows "changing the node that this BdrvChild points to". The exact meaning of this has never been very clear, but it can be understood as "change any of the links connected to the node". This can be used to prevent changing a backing link, but it's too coarse. This patch adds a new 'frozen' attribute to BdrvChild, which forbids detaching the link from the node it points to, and new API to freeze and unfreeze a backing chain. After this change a few functions can fail, so they need additional checks. Signed-off-by: Alberto Garcia --- block.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++ include/block/block.h | 5 ++++ include/block/block_int.h | 6 ++++ 3 files changed, 87 insertions(+) diff --git a/block.c b/block.c index 33804cdcaa..a2bffce38d 100644 --- a/block.c +++ b/block.c @@ -2126,6 +2126,8 @@ static void bdrv_replace_child_noperm(BdrvChild *child, BlockDriverState *old_bs = child->bs; int i; + assert(!child->frozen); + if (old_bs && new_bs) { assert(bdrv_get_aio_context(old_bs) == bdrv_get_aio_context(new_bs)); } @@ -2342,6 +2344,10 @@ void bdrv_set_backing_hd(BlockDriverState *bs, BlockDriverState *backing_hd, bool update_inherits_from = bdrv_chain_contains(bs, backing_hd) && bdrv_inherits_from_recursive(backing_hd, bs); + if (bdrv_is_backing_chain_frozen(bs, backing_bs(bs), errp)) { + return; + } + if (backing_hd) { bdrv_ref(backing_hd); } @@ -3721,6 +3727,11 @@ void bdrv_replace_node(BlockDriverState *from, BlockDriverState *to, if (!should_update_child(c, to)) { continue; } + if (c->frozen) { + error_setg(errp, "Cannot change '%s' link to '%s'", + c->name, from->node_name); + goto out; + } list = g_slist_prepend(list, c); perm |= c->perm; shared &= c->shared_perm; @@ -3933,6 +3944,63 @@ BlockDriverState *bdrv_find_base(BlockDriverState *bs) } /* + * Return true if at least one of the backing links between @bs and + * @base is frozen. @errp is set if that's the case. + */ +bool bdrv_is_backing_chain_frozen(BlockDriverState *bs, BlockDriverState *base, + Error **errp) +{ + BlockDriverState *i; + + for (i = bs; i != base && i->backing; i = backing_bs(i)) { + if (i->backing->frozen) { + error_setg(errp, "Cannot change '%s' link from '%s' to '%s'", + i->backing->name, i->node_name, + backing_bs(i)->node_name); + return true; + } + } + + return false; +} + +/* + * Freeze all backing links between @bs and @base. + * If any of the links is already frozen the operation is aborted and + * none of the links are modified. + * Returns 0 on success. On failure returns < 0 and sets @errp. + */ +int bdrv_freeze_backing_chain(BlockDriverState *bs, BlockDriverState *base, + Error **errp) +{ + BlockDriverState *i; + + if (bdrv_is_backing_chain_frozen(bs, base, errp)) { + return -EPERM; + } + + for (i = bs; i != base && i->backing; i = backing_bs(i)) { + i->backing->frozen = true; + } + + return 0; +} + +/* + * Unfreeze all backing links between @bs and @base. The caller must + * ensure that all links are frozen before using this function. + */ +void bdrv_unfreeze_backing_chain(BlockDriverState *bs, BlockDriverState *base) +{ + BlockDriverState *i; + + for (i = bs; i != base && i->backing; i = backing_bs(i)) { + assert(i->backing->frozen); + i->backing->frozen = false; + } +} + +/* * Drops images above 'base' up to and including 'top', and sets the image * above 'top' to have base as its backing file. * @@ -3981,6 +4049,14 @@ int bdrv_drop_intermediate(BlockDriverState *top, BlockDriverState *base, goto exit; } + /* This function changes all links that point to top and makes + * them point to base. Check that none of them is frozen. */ + QLIST_FOREACH(c, &top->parents, next_parent) { + if (c->frozen) { + goto exit; + } + } + /* If 'base' recursively inherits from 'top' then we should set * base->inherits_from to top->inherits_from after 'top' and all * other intermediate nodes have been dropped. diff --git a/include/block/block.h b/include/block/block.h index 6a758a76f8..b0c04f16c8 100644 --- a/include/block/block.h +++ b/include/block/block.h @@ -353,6 +353,11 @@ int bdrv_drop_intermediate(BlockDriverState *top, BlockDriverState *base, BlockDriverState *bdrv_find_overlay(BlockDriverState *active, BlockDriverState *bs); BlockDriverState *bdrv_find_base(BlockDriverState *bs); +bool bdrv_is_backing_chain_frozen(BlockDriverState *bs, BlockDriverState *base, + Error **errp); +int bdrv_freeze_backing_chain(BlockDriverState *bs, BlockDriverState *base, + Error **errp); +void bdrv_unfreeze_backing_chain(BlockDriverState *bs, BlockDriverState *base); typedef struct BdrvCheckResult { diff --git a/include/block/block_int.h b/include/block/block_int.h index a23cabaddd..438feba4e5 100644 --- a/include/block/block_int.h +++ b/include/block/block_int.h @@ -711,6 +711,12 @@ struct BdrvChild { uint64_t backup_perm; uint64_t backup_shared_perm; + /* + * This link is frozen: the child can neither be replaced nor + * detached from the parent. + */ + bool frozen; + QLIST_ENTRY(BdrvChild) next; QLIST_ENTRY(BdrvChild) next_parent; };