qemu/block-backend-Retain-permissions-after-m.patch

From: Hanna Reitz <hreitz@redhat.com>
Date: Thu, 25 Nov 2021 14:53:16 +0100
Subject: block-backend: Retain permissions after migration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Git-commit: 492a119610129f65217580790971fa038e5492d3

After migration, the permissions the guest device wants to impose on its
BlockBackend are stored in blk->perm and blk->shared_perm.  In
blk_root_activate(), we take our permissions, but keep all shared
permissions open by calling `blk_set_perm(blk->perm, BLK_PERM_ALL)`.

Only afterwards (immediately or later, depending on the runstate) do we
restrict the shared permissions by calling
`blk_set_perm(blk->perm, blk->shared_perm)`.  Unfortunately, our first
call with shared_perm=BLK_PERM_ALL has overwritten blk->shared_perm to
be BLK_PERM_ALL, so this is a no-op and the set of shared permissions is
not restricted.

Fix this bug by saving the set of shared permissions before invoking
blk_set_perm() with BLK_PERM_ALL and restoring it afterwards.

Fixes: 5f7772c4d0cf32f4e779fcd5a69ae4dae24aeebf
       ("block-backend: Defer shared_perm tightening migration
       completion")
Reported-by: Peng Liang <liangpeng10@huawei.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20211125135317.186576-2-hreitz@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Peng Liang <liangpeng10@huawei.com>
Signed-off-by: Li Zhang <lizhang@suse.de>
---
 block/block-backend.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/block/block-backend.c b/block/block-backend.c
index 12ef80ea170c04a15500b42bc5e7..41e388fe1f30af8f3cf6a872b37a 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -190,6 +190,7 @@ static void blk_root_activate(BdrvChild *child, Error **errp)
 {
     BlockBackend *blk = child->opaque;
     Error *local_err = NULL;
+    uint64_t saved_shared_perm;
 
     if (!blk->disable_perm) {
         return;
@@ -197,12 +198,22 @@ static void blk_root_activate(BdrvChild *child, Error **errp)
 
     blk->disable_perm = false;
 
+    /*
+     * blk->shared_perm contains the permissions we want to share once
+     * migration is really completely done.  For now, we need to share
+     * all; but we also need to retain blk->shared_perm, which is
+     * overwritten by a successful blk_set_perm() call.  Save it and
+     * restore it below.
+     */
+    saved_shared_perm = blk->shared_perm;
+
     blk_set_perm(blk, blk->perm, BLK_PERM_ALL, &local_err);
     if (local_err) {
         error_propagate(errp, local_err);
         blk->disable_perm = true;
         return;
     }
+    blk->shared_perm = saved_shared_perm;
 
     if (runstate_check(RUN_STATE_INMIGRATE)) {
         /* Activation can happen when migration process is still active, for
Accepting request 955876 from home:lizhang:branches:Virtualization Backport patches related with iotest from upstream * Patches added: block-backend-Retain-permissions-after-m.patch iotest-065-explicit-compression-type.patch iotest-214-explicit-compression-type.patch iotest-302-use-img_info_log-helper.patch iotest-303-explicit-compression-type.patch iotest-39-use-_qcow2_dump_header.patch iotests-60-more-accurate-set-dirty-bit-i.patch iotests-bash-tests-filter-compression-ty.patch iotests-common.rc-introduce-_qcow2_dump_.patch iotests-declare-lack-of-support-for-comp.patch iotests-drop-qemu_img_verbose-helper.patch iotests-massive-use-_qcow2_dump_header.patch iotests-MRCE-Write-data-to-source.patch iotests.py-filter-out-successful-output-.patch iotests.py-img_info_log-rename-imgopts-a.patch iotests.py-implement-unsupported_imgopts.patch iotests.py-qemu_img-create-support-IMGOP.patch iotests.py-rewrite-default-luks-support-.patch iotests-specify-some-unsupported_imgopts.patch qcow2-simple-case-support-for-downgradin.patch tests-qemu-iotests-Fix-051-for-binaries-.patch OBS-URL: https://build.opensuse.org/request/show/955876 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=690 2022-02-18 15:14:04 +01:00			`From: Hanna Reitz <hreitz@redhat.com>`
			`Date: Thu, 25 Nov 2021 14:53:16 +0100`
			`Subject: block-backend: Retain permissions after migration`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`Git-commit: 492a119610129f65217580790971fa038e5492d3`

			`After migration, the permissions the guest device wants to impose on its`
			`BlockBackend are stored in blk->perm and blk->shared_perm. In`
			`blk_root_activate(), we take our permissions, but keep all shared`
			permissions open by calling `blk_set_perm(blk->perm, BLK_PERM_ALL)`.

			`Only afterwards (immediately or later, depending on the runstate) do we`
			`restrict the shared permissions by calling`
			`blk_set_perm(blk->perm, blk->shared_perm)`. Unfortunately, our first
			`call with shared_perm=BLK_PERM_ALL has overwritten blk->shared_perm to`
			`be BLK_PERM_ALL, so this is a no-op and the set of shared permissions is`
			`not restricted.`

			`Fix this bug by saving the set of shared permissions before invoking`
			`blk_set_perm() with BLK_PERM_ALL and restoring it afterwards.`

			`Fixes: 5f7772c4d0cf32f4e779fcd5a69ae4dae24aeebf`
			`("block-backend: Defer shared_perm tightening migration`
			`completion")`
			`Reported-by: Peng Liang <liangpeng10@huawei.com>`
			`Signed-off-by: Hanna Reitz <hreitz@redhat.com>`
			`Message-Id: <20211125135317.186576-2-hreitz@redhat.com>`
			`Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>`
			`Tested-by: Peng Liang <liangpeng10@huawei.com>`
			`Signed-off-by: Li Zhang <lizhang@suse.de>`
			`---`
			`block/block-backend.c \| 11 +++++++++++`
			`1 file changed, 11 insertions(+)`

			`diff --git a/block/block-backend.c b/block/block-backend.c`
			`index 12ef80ea170c04a15500b42bc5e7..41e388fe1f30af8f3cf6a872b37a 100644`
			`--- a/block/block-backend.c`
			`+++ b/block/block-backend.c`
			`@@ -190,6 +190,7 @@ static void blk_root_activate(BdrvChild child, Error *errp)`
			`{`
			`BlockBackend *blk = child->opaque;`
			`Error *local_err = NULL;`
			`+ uint64_t saved_shared_perm;`

			`if (!blk->disable_perm) {`
			`return;`
			`@@ -197,12 +198,22 @@ static void blk_root_activate(BdrvChild child, Error *errp)`

			`blk->disable_perm = false;`

			`+ /*`
			`+ * blk->shared_perm contains the permissions we want to share once`
			`+ * migration is really completely done. For now, we need to share`
			`+ * all; but we also need to retain blk->shared_perm, which is`
			`+ * overwritten by a successful blk_set_perm() call. Save it and`
			`+ * restore it below.`
			`+ */`
			`+ saved_shared_perm = blk->shared_perm;`
			`+`
			`blk_set_perm(blk, blk->perm, BLK_PERM_ALL, &local_err);`
			`if (local_err) {`
			`error_propagate(errp, local_err);`
			`blk->disable_perm = true;`
			`return;`
			`}`
			`+ blk->shared_perm = saved_shared_perm;`

			`if (runstate_check(RUN_STATE_INMIGRATE)) {`
			`/* Activation can happen when migration process is still active, for`