Re: [PATCH 1/2] block-backend: Retain permissions after migration
On 11/25/2021 9:53 PM, Hanna Reitz wrote: > After migration, the permissions the guest device wants to impose on its > BlockBackend are stored in blk->perm and blk->shared_perm. In > blk_root_activate(), we take our permissions, but keep all shared > permissions open by calling `blk_set_perm(blk->perm, BLK_PERM_ALL)`. > > Only afterwards (immediately or later, depending on the runstate) do we > restrict the shared permissions by calling > `blk_set_perm(blk->perm, blk->shared_perm)`. Unfortunately, our first > call with shared_perm=BLK_PERM_ALL has overwritten blk->shared_perm to > be BLK_PERM_ALL, so this is a no-op and the set of shared permissions is > not restricted. > > Fix this bug by saving the set of shared permissions before invoking > blk_set_perm() with BLK_PERM_ALL and restoring it afterwards. > > Fixes: 5f7772c4d0cf32f4e779fcd5a69ae4dae24aeebf >("block-backend: Defer shared_perm tightening migration >completion") > Reported-by: Peng Liang > Signed-off-by: Hanna Reitz > --- > block/block-backend.c | 11 +++ > 1 file changed, 11 insertions(+) > Thanks for your patch! Tested-by: Peng Liang
Re: [PATCH 1/2] block-backend: Retain permissions after migration
On 11/25/21 14:53, Hanna Reitz wrote: > After migration, the permissions the guest device wants to impose on its > BlockBackend are stored in blk->perm and blk->shared_perm. In > blk_root_activate(), we take our permissions, but keep all shared > permissions open by calling `blk_set_perm(blk->perm, BLK_PERM_ALL)`. > > Only afterwards (immediately or later, depending on the runstate) do we > restrict the shared permissions by calling > `blk_set_perm(blk->perm, blk->shared_perm)`. Unfortunately, our first > call with shared_perm=BLK_PERM_ALL has overwritten blk->shared_perm to > be BLK_PERM_ALL, so this is a no-op and the set of shared permissions is > not restricted. > > Fix this bug by saving the set of shared permissions before invoking > blk_set_perm() with BLK_PERM_ALL and restoring it afterwards. > > Fixes: 5f7772c4d0cf32f4e779fcd5a69ae4dae24aeebf >("block-backend: Defer shared_perm tightening migration >completion") > Reported-by: Peng Liang > Signed-off-by: Hanna Reitz > --- > block/block-backend.c | 11 +++ > 1 file changed, 11 insertions(+) Reviewed-by: Philippe Mathieu-Daudé
[PATCH 1/2] block-backend: Retain permissions after migration
After migration, the permissions the guest device wants to impose on its BlockBackend are stored in blk->perm and blk->shared_perm. In blk_root_activate(), we take our permissions, but keep all shared permissions open by calling `blk_set_perm(blk->perm, BLK_PERM_ALL)`. Only afterwards (immediately or later, depending on the runstate) do we restrict the shared permissions by calling `blk_set_perm(blk->perm, blk->shared_perm)`. Unfortunately, our first call with shared_perm=BLK_PERM_ALL has overwritten blk->shared_perm to be BLK_PERM_ALL, so this is a no-op and the set of shared permissions is not restricted. Fix this bug by saving the set of shared permissions before invoking blk_set_perm() with BLK_PERM_ALL and restoring it afterwards. Fixes: 5f7772c4d0cf32f4e779fcd5a69ae4dae24aeebf ("block-backend: Defer shared_perm tightening migration completion") Reported-by: Peng Liang Signed-off-by: Hanna Reitz --- block/block-backend.c | 11 +++ 1 file changed, 11 insertions(+) diff --git a/block/block-backend.c b/block/block-backend.c index 12ef80ea17..41e388fe1f 100644 --- a/block/block-backend.c +++ b/block/block-backend.c @@ -190,6 +190,7 @@ static void blk_root_activate(BdrvChild *child, Error **errp) { BlockBackend *blk = child->opaque; Error *local_err = NULL; +uint64_t saved_shared_perm; if (!blk->disable_perm) { return; @@ -197,12 +198,22 @@ static void blk_root_activate(BdrvChild *child, Error **errp) blk->disable_perm = false; +/* + * blk->shared_perm contains the permissions we want to share once + * migration is really completely done. For now, we need to share + * all; but we also need to retain blk->shared_perm, which is + * overwritten by a successful blk_set_perm() call. Save it and + * restore it below. + */ +saved_shared_perm = blk->shared_perm; + blk_set_perm(blk, blk->perm, BLK_PERM_ALL, &local_err); if (local_err) { error_propagate(errp, local_err); blk->disable_perm = true; return; } +blk->shared_perm = saved_shared_perm; if (runstate_check(RUN_STATE_INMIGRATE)) { /* Activation can happen when migration process is still active, for -- 2.33.1