On 11/25/21 14:53, Hanna Reitz wrote:
> After migration, the permissions the guest device wants to impose on its
> BlockBackend are stored in blk->perm and blk->shared_perm. In
> blk_root_activate(), we take our permissions, but keep all shared
> permissions open by calling `blk_set_perm(blk->perm, BLK_PERM_ALL)`.
>
> Only afterwards (immediately or later, depending on the runstate) do we
> restrict the shared permissions by calling
> `blk_set_perm(blk->perm, blk->shared_perm)`. Unfortunately, our first
> call with shared_perm=BLK_PERM_ALL has overwritten blk->shared_perm to
> be BLK_PERM_ALL, so this is a no-op and the set of shared permissions is
> not restricted.
>
> Fix this bug by saving the set of shared permissions before invoking
> blk_set_perm() with BLK_PERM_ALL and restoring it afterwards.
>
> Fixes: 5f7772c4d0cf32f4e779fcd5a69ae4dae24aeebf
> ("block-backend: Defer shared_perm tightening migration
> completion")
> Reported-by: Peng Liang <[email protected]>
> Signed-off-by: Hanna Reitz <[email protected]>
> ---
> block/block-backend.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
