From: Kevin Wolf <kwolf@redhat.com>
To: Max Reitz <mreitz@redhat.com>
Cc: qemu-block@nongnu.org, jcody@redhat.com, famz@redhat.com,
qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [RFC PATCH 19/41] hw/block: Request permissions
Date: Mon, 20 Feb 2017 14:02:43 +0100 [thread overview]
Message-ID: <20170220130243.GD4814@noname.redhat.com> (raw)
In-Reply-To: <c8592787-34e5-1ab3-7e33-596f97520cd3@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 3149 bytes --]
Am 20.02.2017 um 13:25 hat Max Reitz geschrieben:
> On 13.02.2017 18:22, Kevin Wolf wrote:
> > This makes all device emulations with a qdev drive property request
> > permissions on their BlockBackend. We don't block anything yet.
> >
> > Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> > ---
> > hw/block/block.c | 19 ++++++++++++++++++-
> > hw/block/fdc.c | 25 +++++++++++++++++++++++--
> > hw/block/m25p80.c | 8 ++++++++
> > hw/block/nand.c | 7 +++++++
> > hw/block/nvme.c | 8 +++++++-
> > hw/block/onenand.c | 7 +++++++
> > hw/block/pflash_cfi01.c | 18 ++++++++++++------
> > hw/block/pflash_cfi02.c | 19 +++++++++++++------
> > hw/block/virtio-blk.c | 8 +++++++-
> > hw/core/qdev-properties-system.c | 1 -
> > hw/ide/qdev.c | 7 +++++--
> > hw/nvram/spapr_nvram.c | 8 ++++++++
> > hw/scsi/scsi-disk.c | 8 ++++++--
>
> Since I have no idea how scsi-generic and all of that works, just an
> innocent question: Do we need to set permissions there, too?
I couldn't see any use for it. With an SG BDS, you can't really do
anything anyway except directly attach it to scsi-generic. And the only
thing that scsi-generic does is invoking ioctls, which the block layer
doesn't understand but just pass though.
So I didn't feel that op blockers could provide anything here.
> > hw/sd/sd.c | 6 ++++++
> > hw/usb/dev-storage.c | 6 +++++-
> > include/hw/block/block.h | 3 ++-
> > tests/qemu-iotests/051.pc.out | 6 +++---
> > 17 files changed, 137 insertions(+), 27 deletions(-)
>
> [...]
>
> > diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
> > index 2d6eb46..190573c 100644
> > --- a/hw/block/m25p80.c
> > +++ b/hw/block/m25p80.c
> > @@ -1215,6 +1215,7 @@ static void m25p80_realize(SSISlave *ss, Error **errp)
> > {
> > Flash *s = M25P80(ss);
> > M25P80Class *mc = M25P80_GET_CLASS(s);
> > + int ret;
> >
> > s->pi = mc->pi;
> >
> > @@ -1222,6 +1223,13 @@ static void m25p80_realize(SSISlave *ss, Error **errp)
> > s->dirty_page = -1;
> >
> > if (s->blk) {
> > + uint64_t perm = BLK_PERM_CONSISTENT_READ |
> > + (blk_is_read_only(s->blk) ? 0 : BLK_PERM_WRITE);
> > + ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp);
>
> Not sure whether it should be changed in this patch, but I don't know
> whether BLK_PERM_ALL is right here; and from a quick glance it doesn't
> look like any of the following patches change it.
>
> (Same for all of the block device emulation code that invokes
> blk_set_perm() directly.)
Yeah, I'm not completely sure about the real requirements here either.
What I do know is that currently nothing is blocked (so doing the same
in the future won't make things worse at least), and that I don't want
to break exotic devices that I can't really test. So for these devices I
tended to be more permissive in case of doubt.
Kevin
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
next prev parent reply other threads:[~2017-02-20 13:02 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-13 17:22 [Qemu-devel] [RFC PATCH 00/41] New op blocker system Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 01/41] block: Attach bs->file only during .bdrv_open() Kevin Wolf
2017-02-15 14:34 ` Max Reitz
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 02/41] block: Add op blocker permission constants Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 03/41] block: Add Error argument to bdrv_attach_child() Kevin Wolf
2017-02-15 14:48 ` Max Reitz
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 04/41] block: Let callers request permissions when attaching a child node Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 05/41] tests: Use opened block node for block job tests Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 06/41] block: Involve block drivers in permission granting Kevin Wolf
2017-02-14 5:51 ` Fam Zheng
2017-02-14 10:36 ` Kevin Wolf
2017-02-14 11:23 ` Fam Zheng
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 07/41] block: Default .bdrv_child_perm() for filter drivers Kevin Wolf
2017-02-15 17:00 ` Max Reitz
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 08/41] block: Request child permissions in " Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 09/41] block: Default .bdrv_child_perm() for format drivers Kevin Wolf
2017-02-14 6:01 ` Fam Zheng
2017-02-14 10:37 ` Kevin Wolf
2017-02-14 11:13 ` Fam Zheng
2017-02-15 17:11 ` Max Reitz
2017-02-15 17:29 ` Kevin Wolf
2017-02-15 17:33 ` Max Reitz
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 10/41] block: Request child permissions in " Kevin Wolf
2017-02-15 17:26 ` Max Reitz
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 11/41] vvfat: Implement .bdrv_child_perm() Kevin Wolf
2017-02-15 17:30 ` Max Reitz
2017-02-15 17:42 ` Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 12/41] block: Require .bdrv_child_perm() with child nodes Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 13/41] block: Request real permissions in bdrv_attach_child() Kevin Wolf
2017-02-15 19:23 ` Max Reitz
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 14/41] block: Add permissions to BlockBackend Kevin Wolf
2017-02-15 19:26 ` Max Reitz
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 15/41] block: Add permissions to blk_new() Kevin Wolf
2017-02-20 10:29 ` Max Reitz
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 16/41] block: Add error parameter to blk_insert_bs() Kevin Wolf
2017-02-14 6:58 ` Fam Zheng
2017-02-20 11:04 ` Max Reitz
2017-02-20 11:22 ` Kevin Wolf
2017-02-20 11:22 ` Max Reitz
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 17/41] block: Request real permissions in blk_new_open() Kevin Wolf
2017-02-20 11:16 ` Max Reitz
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 18/41] block: Allow error return in BlockDevOps.change_media_cb() Kevin Wolf
2017-02-20 11:31 ` Max Reitz
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 19/41] hw/block: Request permissions Kevin Wolf
2017-02-20 12:25 ` Max Reitz
2017-02-20 13:02 ` Kevin Wolf [this message]
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 20/41] hw/block: Introduce share-rw qdev property Kevin Wolf
2017-02-20 12:28 ` Max Reitz
2017-02-20 13:05 ` Kevin Wolf
2017-02-20 13:17 ` Max Reitz
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 21/41] blockjob: Add permissions to block_job_create() Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 22/41] block: Add BdrvChildRole.get_link_name() Kevin Wolf
2017-02-20 12:54 ` Max Reitz
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 23/41] block: Include details on permission errors in message Kevin Wolf
2017-02-20 13:16 ` Max Reitz
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 24/41] block: Add BdrvChildRole.stay_at_node Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 25/41] blockjob: Add permissions to block_job_add_bdrv() Kevin Wolf
2017-02-20 13:38 ` Max Reitz
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 26/41] block: Factor out bdrv_open_driver() Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 27/41] block: Add bdrv_new_open_driver() Kevin Wolf
2017-02-20 14:20 ` Max Reitz
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 28/41] commit: Use real permissions in commit block job Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 29/41] commit: Use real permissions for HMP 'commit' Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 30/41] backup: Use real permissions in backup block job Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 31/41] block: Fix pending requests check in bdrv_append() Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 32/41] block: BdrvChildRole.attach/detach() callbacks Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 33/41] block: Allow backing file links in change_parent_backing_link() Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 34/41] mirror: Use real permissions in mirror/active commit block job Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 35/41] stream: Use real permissions in streaming " Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 36/41] hmp: Request permissions in qemu-io Kevin Wolf
2017-02-13 17:22 ` [Qemu-devel] [RFC PATCH 37/41] migration/block: Use real permissions Kevin Wolf
2017-02-13 17:23 ` [Qemu-devel] [RFC PATCH 38/41] nbd/server: Use real permissions for NBD exports Kevin Wolf
2017-02-13 17:23 ` [Qemu-devel] [RFC PATCH 39/41] tests: Remove FIXME comments Kevin Wolf
2017-02-13 17:23 ` [Qemu-devel] [RFC PATCH 40/41] block: Pass BdrvChild to bdrv_aligned_preadv/pwritev Kevin Wolf
2017-02-13 17:23 ` [Qemu-devel] [RFC PATCH 41/41] block: Assertions for write permissions Kevin Wolf
2017-02-13 18:44 ` [Qemu-devel] [RFC PATCH 00/41] New op blocker system no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170220130243.GD4814@noname.redhat.com \
--to=kwolf@redhat.com \
--cc=famz@redhat.com \
--cc=jcody@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.