From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, mreitz@redhat.com, jcody@redhat.com,
famz@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH v2 35/43] hmp: Request permissions in qemu-io
Date: Mon, 27 Feb 2017 21:09:36 +0100 [thread overview]
Message-ID: <1488226184-9044-36-git-send-email-kwolf@redhat.com> (raw)
In-Reply-To: <1488226184-9044-1-git-send-email-kwolf@redhat.com>
The HMP command 'qemu-io' is a bit tricky because it wants to work on
the original BlockBackend, but additional permissions could be required.
The details are explained in a comment in the code, but in summary, just
request whatever permissions the current qemu-io command needs.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
---
block/block-backend.c | 6 ++++++
hmp.c | 26 +++++++++++++++++++++++++-
include/qemu-io.h | 1 +
include/sysemu/block-backend.h | 1 +
qemu-io-cmds.c | 28 ++++++++++++++++++++++++++++
5 files changed, 61 insertions(+), 1 deletion(-)
diff --git a/block/block-backend.c b/block/block-backend.c
index 38a3858..daa7908 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -584,6 +584,12 @@ int blk_set_perm(BlockBackend *blk, uint64_t perm, uint64_t shared_perm,
return 0;
}
+void blk_get_perm(BlockBackend *blk, uint64_t *perm, uint64_t *shared_perm)
+{
+ *perm = blk->perm;
+ *shared_perm = blk->shared_perm;
+}
+
static int blk_do_attach_dev(BlockBackend *blk, void *dev)
{
if (blk->dev) {
diff --git a/hmp.c b/hmp.c
index e219f97..7b44e64 100644
--- a/hmp.c
+++ b/hmp.c
@@ -2051,7 +2051,6 @@ void hmp_qemu_io(Monitor *mon, const QDict *qdict)
if (!blk) {
BlockDriverState *bs = bdrv_lookup_bs(NULL, device, &err);
if (bs) {
- /* FIXME Use real permissions */
blk = local_blk = blk_new(0, BLK_PERM_ALL);
ret = blk_insert_bs(blk, bs, &err);
if (ret < 0) {
@@ -2065,6 +2064,31 @@ void hmp_qemu_io(Monitor *mon, const QDict *qdict)
aio_context = blk_get_aio_context(blk);
aio_context_acquire(aio_context);
+ /*
+ * Notably absent: Proper permission management. This is sad, but it seems
+ * almost impossible to achieve without changing the semantics and thereby
+ * limiting the use cases of the qemu-io HMP command.
+ *
+ * In an ideal world we would unconditionally create a new BlockBackend for
+ * qemuio_command(), but we have commands like 'reopen' and want them to
+ * take effect on the exact BlockBackend whose name the user passed instead
+ * of just on a temporary copy of it.
+ *
+ * Another problem is that deleting the temporary BlockBackend involves
+ * draining all requests on it first, but some qemu-iotests cases want to
+ * issue multiple aio_read/write requests and expect them to complete in
+ * the background while the monitor has already returned.
+ *
+ * This is also what prevents us from saving the original permissions and
+ * restoring them later: We can't revoke permissions until all requests
+ * have completed, and we don't know when that is nor can we really let
+ * anything else run before we have revoken them to avoid race conditions.
+ *
+ * What happens now is that command() in qemu-io-cmds.c can extend the
+ * permissions if necessary for the qemu-io command. And they simply stay
+ * extended, possibly resulting in a read-only guest device keeping write
+ * permissions. Ugly, but it appears to be the lesser evil.
+ */
qemuio_command(blk, command);
aio_context_release(aio_context);
diff --git a/include/qemu-io.h b/include/qemu-io.h
index 4d402b9..196fde0 100644
--- a/include/qemu-io.h
+++ b/include/qemu-io.h
@@ -36,6 +36,7 @@ typedef struct cmdinfo {
const char *args;
const char *oneline;
helpfunc_t help;
+ uint64_t perm;
} cmdinfo_t;
extern bool qemuio_misalign;
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index b23f683..096c17f 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -107,6 +107,7 @@ bool bdrv_has_blk(BlockDriverState *bs);
bool bdrv_is_root_node(BlockDriverState *bs);
int blk_set_perm(BlockBackend *blk, uint64_t perm, uint64_t shared_perm,
Error **errp);
+void blk_get_perm(BlockBackend *blk, uint64_t *perm, uint64_t *shared_perm);
void blk_set_allow_write_beyond_eof(BlockBackend *blk, bool allow);
void blk_iostatus_enable(BlockBackend *blk);
diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
index 7ac1576..2c48f9c 100644
--- a/qemu-io-cmds.c
+++ b/qemu-io-cmds.c
@@ -83,6 +83,29 @@ static int command(BlockBackend *blk, const cmdinfo_t *ct, int argc,
}
return 0;
}
+
+ /* Request additional permissions if necessary for this command. The caller
+ * is responsible for restoring the original permissions afterwards if this
+ * is what it wants. */
+ if (ct->perm && blk_is_available(blk)) {
+ uint64_t orig_perm, orig_shared_perm;
+ blk_get_perm(blk, &orig_perm, &orig_shared_perm);
+
+ if (ct->perm & ~orig_perm) {
+ uint64_t new_perm;
+ Error *local_err = NULL;
+ int ret;
+
+ new_perm = orig_perm | ct->perm;
+
+ ret = blk_set_perm(blk, new_perm, orig_shared_perm, &local_err);
+ if (ret < 0) {
+ error_report_err(local_err);
+ return 0;
+ }
+ }
+ }
+
optind = 0;
return ct->cfunc(blk, argc, argv);
}
@@ -918,6 +941,7 @@ static const cmdinfo_t write_cmd = {
.name = "write",
.altname = "w",
.cfunc = write_f,
+ .perm = BLK_PERM_WRITE,
.argmin = 2,
.argmax = -1,
.args = "[-bcCfquz] [-P pattern] off len",
@@ -1093,6 +1117,7 @@ static int writev_f(BlockBackend *blk, int argc, char **argv);
static const cmdinfo_t writev_cmd = {
.name = "writev",
.cfunc = writev_f,
+ .perm = BLK_PERM_WRITE,
.argmin = 2,
.argmax = -1,
.args = "[-Cfq] [-P pattern] off len [len..]",
@@ -1392,6 +1417,7 @@ static int aio_write_f(BlockBackend *blk, int argc, char **argv);
static const cmdinfo_t aio_write_cmd = {
.name = "aio_write",
.cfunc = aio_write_f,
+ .perm = BLK_PERM_WRITE,
.argmin = 2,
.argmax = -1,
.args = "[-Cfiquz] [-P pattern] off len [len..]",
@@ -1556,6 +1582,7 @@ static const cmdinfo_t truncate_cmd = {
.name = "truncate",
.altname = "t",
.cfunc = truncate_f,
+ .perm = BLK_PERM_WRITE | BLK_PERM_RESIZE,
.argmin = 1,
.argmax = 1,
.args = "off",
@@ -1653,6 +1680,7 @@ static const cmdinfo_t discard_cmd = {
.name = "discard",
.altname = "d",
.cfunc = discard_f,
+ .perm = BLK_PERM_WRITE,
.argmin = 2,
.argmax = -1,
.args = "[-Cq] off len",
--
1.8.3.1
next prev parent reply other threads:[~2017-02-27 20:11 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-27 20:09 [Qemu-devel] [PATCH v2 00/43] New op blocker system, part 1 Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 01/43] block: Add op blocker permission constants Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 02/43] block: Add Error argument to bdrv_attach_child() Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 03/43] block: Let callers request permissions when attaching a child node Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 04/43] block: Involve block drivers in permission granting Kevin Wolf
2017-02-28 8:18 ` Fam Zheng
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 05/43] block: Default .bdrv_child_perm() for filter drivers Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 06/43] block: Request child permissions in " Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 07/43] block: Default .bdrv_child_perm() for format drivers Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 08/43] block: Request child permissions in " Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 09/43] vvfat: Implement .bdrv_child_perm() Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 10/43] block: Require .bdrv_child_perm() with child nodes Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 11/43] block: Request real permissions in bdrv_attach_child() Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 12/43] block: Add permissions to BlockBackend Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 13/43] block: Add permissions to blk_new() Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 14/43] block: Add error parameter to blk_insert_bs() Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 15/43] block: Add BDRV_O_RESIZE for blk_new_open() Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 16/43] block: Request real permissions in blk_new_open() Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 17/43] block: Allow error return in BlockDevOps.change_media_cb() Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 18/43] hw/block: Request permissions Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 19/43] hw/block: Introduce share-rw qdev property Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 20/43] blockjob: Add permissions to block_job_create() Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 21/43] block: Add BdrvChildRole.get_parent_desc() Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 22/43] block: Include details on permission errors in message Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 23/43] block: Add BdrvChildRole.stay_at_node Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 24/43] blockjob: Add permissions to block_job_add_bdrv() Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 25/43] commit: Use real permissions in commit block job Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 26/43] commit: Use real permissions for HMP 'commit' Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 27/43] backup: Use real permissions in backup block job Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 28/43] block: Fix pending requests check in bdrv_append() Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 29/43] block: BdrvChildRole.attach/detach() callbacks Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 30/43] block: Allow backing file links in change_parent_backing_link() Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 31/43] mirror: Use real permissions in mirror/active commit block job Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 32/43] stream: Use real permissions in streaming " Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 33/43] mirror: Add filter-node-name to blockdev-mirror Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 34/43] commit: Add filter-node-name to block-commit Kevin Wolf
2017-02-27 20:09 ` Kevin Wolf [this message]
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 36/43] migration/block: Use real permissions Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 37/43] nbd/server: Use real permissions for NBD exports Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 38/43] tests: Remove FIXME comments Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 39/43] block: Pass BdrvChild to bdrv_aligned_preadv/pwritev and copy-on-read Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 40/43] block: Assertions for write permissions Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 41/43] block: Assertions for resize permission Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 42/43] block: Add Error parameter to bdrv_set_backing_hd() Kevin Wolf
2017-02-27 20:09 ` [Qemu-devel] [PATCH v2 43/43] block: Add Error parameter to bdrv_append() Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1488226184-9044-36-git-send-email-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=famz@redhat.com \
--cc=jcody@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).