crypto: perform permission checks under BQL
Move the permission API calls into driver-specific callbacks that always run under BQL. In this case, bdrv_crypto_luks needs to perform permission checks before and after qcrypto_block_amend_options(). The problem is that the caller, block_crypto_amend_options_generic_luks(), can also run in I/O from .bdrv_co_amend(). This does not comply with Global State-I/O API split, as permissions API must always run under BQL. Firstly, introduce .bdrv_amend_pre_run() and .bdrv_amend_clean() callbacks. These two callbacks are guaranteed to be invoked under BQL, respectively before and after .bdrv_co_amend(). They take care of performing the permission checks in the same way as they are currently done before and after qcrypto_block_amend_options(). These callbacks are in preparation for next patch, where we delete the original permission check. Right now they just add redundant control. Then, call .bdrv_amend_pre_run() before job_start in qmp_x_blockdev_amend(), so that it will be run before the job coroutine is created and stay in the main loop. As a cleanup, use JobDriver's .clean() callback to call .bdrv_amend_clean(), and run amend-specific cleanup callbacks under BQL. After this patch, permission failures occur early in the blockdev-amend job to update a LUKS volume's keys. iotest 296 must now expect them in x-blockdev-amend's QMP reply instead of waiting for the actual job to fail later. Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> Message-Id: <20220209105452.1694545-2-eesposit@redhat.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com> Message-Id: <20220304153729.711387-6-hreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This commit is contained in:
parent
3d1fbc5966
commit
c1019d1687
@ -53,10 +53,29 @@ static int coroutine_fn blockdev_amend_run(Job *job, Error **errp)
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int blockdev_amend_pre_run(BlockdevAmendJob *s, Error **errp)
|
||||
{
|
||||
if (s->bs->drv->bdrv_amend_pre_run) {
|
||||
return s->bs->drv->bdrv_amend_pre_run(s->bs, errp);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void blockdev_amend_clean(Job *job)
|
||||
{
|
||||
BlockdevAmendJob *s = container_of(job, BlockdevAmendJob, common);
|
||||
|
||||
if (s->bs->drv->bdrv_amend_clean) {
|
||||
s->bs->drv->bdrv_amend_clean(s->bs);
|
||||
}
|
||||
}
|
||||
|
||||
static const JobDriver blockdev_amend_job_driver = {
|
||||
.instance_size = sizeof(BlockdevAmendJob),
|
||||
.job_type = JOB_TYPE_AMEND,
|
||||
.run = blockdev_amend_run,
|
||||
.clean = blockdev_amend_clean,
|
||||
};
|
||||
|
||||
void qmp_x_blockdev_amend(const char *job_id,
|
||||
@ -113,5 +132,11 @@ void qmp_x_blockdev_amend(const char *job_id,
|
||||
s->bs = bs,
|
||||
s->opts = QAPI_CLONE(BlockdevAmendOptions, options),
|
||||
s->force = has_force ? force : false;
|
||||
|
||||
if (blockdev_amend_pre_run(s, errp)) {
|
||||
job_early_fail(&s->common);
|
||||
return;
|
||||
}
|
||||
|
||||
job_start(&s->common);
|
||||
}
|
||||
|
@ -777,6 +777,37 @@ block_crypto_get_specific_info_luks(BlockDriverState *bs, Error **errp)
|
||||
return spec_info;
|
||||
}
|
||||
|
||||
static int
|
||||
block_crypto_amend_prepare(BlockDriverState *bs, Error **errp)
|
||||
{
|
||||
BlockCrypto *crypto = bs->opaque;
|
||||
int ret;
|
||||
|
||||
/* apply for exclusive read/write permissions to the underlying file */
|
||||
crypto->updating_keys = true;
|
||||
ret = bdrv_child_refresh_perms(bs, bs->file, errp);
|
||||
if (ret < 0) {
|
||||
/* Well, in this case we will not be updating any keys */
|
||||
crypto->updating_keys = false;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void
|
||||
block_crypto_amend_cleanup(BlockDriverState *bs)
|
||||
{
|
||||
BlockCrypto *crypto = bs->opaque;
|
||||
Error *errp = NULL;
|
||||
|
||||
/* release exclusive read/write permissions to the underlying file */
|
||||
crypto->updating_keys = false;
|
||||
bdrv_child_refresh_perms(bs, bs->file, &errp);
|
||||
|
||||
if (errp) {
|
||||
error_report_err(errp);
|
||||
}
|
||||
}
|
||||
|
||||
static int
|
||||
block_crypto_amend_options_generic_luks(BlockDriverState *bs,
|
||||
QCryptoBlockAmendOptions *amend_options,
|
||||
@ -931,6 +962,8 @@ static BlockDriver bdrv_crypto_luks = {
|
||||
.bdrv_get_specific_info = block_crypto_get_specific_info_luks,
|
||||
.bdrv_amend_options = block_crypto_amend_options_luks,
|
||||
.bdrv_co_amend = block_crypto_co_amend_luks,
|
||||
.bdrv_amend_pre_run = block_crypto_amend_prepare,
|
||||
.bdrv_amend_clean = block_crypto_amend_cleanup,
|
||||
|
||||
.is_format = true,
|
||||
|
||||
|
@ -124,6 +124,20 @@ struct BlockDriver {
|
||||
* on those children.
|
||||
*/
|
||||
bool is_format;
|
||||
|
||||
/*
|
||||
* This function is invoked under BQL before .bdrv_co_amend()
|
||||
* (which in contrast does not necessarily run under the BQL)
|
||||
* to allow driver-specific initialization code that requires
|
||||
* the BQL, like setting up specific permission flags.
|
||||
*/
|
||||
int (*bdrv_amend_pre_run)(BlockDriverState *bs, Error **errp);
|
||||
/*
|
||||
* This function is invoked under BQL after .bdrv_co_amend()
|
||||
* to allow cleaning up what was done in .bdrv_amend_pre_run().
|
||||
*/
|
||||
void (*bdrv_amend_clean)(BlockDriverState *bs);
|
||||
|
||||
/*
|
||||
* Return true if @to_replace can be replaced by a BDS with the
|
||||
* same data as @bs without it affecting @bs's behavior (that is,
|
||||
|
@ -174,8 +174,12 @@ class EncryptionSetupTestCase(iotests.QMPTestCase):
|
||||
}
|
||||
|
||||
result = vm.qmp('x-blockdev-amend', **args)
|
||||
assert result['return'] == {}
|
||||
vm.run_job('job0')
|
||||
iotests.log(result)
|
||||
# Run the job only if it was created
|
||||
event = ('JOB_STATUS_CHANGE',
|
||||
{'data': {'id': 'job0', 'status': 'created'}})
|
||||
if vm.events_wait([event], timeout=0.0) is not None:
|
||||
vm.run_job('job0')
|
||||
|
||||
# test that when the image opened by two qemu processes,
|
||||
# neither of them can update the encryption keys
|
||||
|
@ -1,11 +1,9 @@
|
||||
|
||||
{"return": {}}
|
||||
{"execute": "job-dismiss", "arguments": {"id": "job0"}}
|
||||
{"return": {}}
|
||||
Job failed: Failed to get shared "consistent read" lock
|
||||
{"execute": "job-dismiss", "arguments": {"id": "job0"}}
|
||||
{"return": {}}
|
||||
Job failed: Failed to get shared "consistent read" lock
|
||||
{"execute": "job-dismiss", "arguments": {"id": "job0"}}
|
||||
{"error": {"class": "GenericError", "desc": "Failed to get shared \"consistent read\" lock"}}
|
||||
{"error": {"class": "GenericError", "desc": "Failed to get shared \"consistent read\" lock"}}
|
||||
{"return": {}}
|
||||
{"execute": "job-dismiss", "arguments": {"id": "job0"}}
|
||||
{"return": {}}
|
||||
@ -13,14 +11,9 @@ qemu-img: Failed to get shared "consistent read" lock
|
||||
Is another process using the image [TEST_DIR/test.img]?
|
||||
|
||||
.
|
||||
Job failed: Block node is read-only
|
||||
{"execute": "job-dismiss", "arguments": {"id": "job0"}}
|
||||
{"return": {}}
|
||||
Job failed: Failed to get shared "consistent read" lock
|
||||
{"execute": "job-dismiss", "arguments": {"id": "job0"}}
|
||||
{"return": {}}
|
||||
Job failed: Failed to get shared "consistent read" lock
|
||||
{"execute": "job-dismiss", "arguments": {"id": "job0"}}
|
||||
{"error": {"class": "GenericError", "desc": "Block node is read-only"}}
|
||||
{"error": {"class": "GenericError", "desc": "Failed to get shared \"consistent read\" lock"}}
|
||||
{"error": {"class": "GenericError", "desc": "Failed to get shared \"consistent read\" lock"}}
|
||||
{"return": {}}
|
||||
{"execute": "job-dismiss", "arguments": {"id": "job0"}}
|
||||
{"return": {}}
|
||||
|
Loading…
Reference in New Issue
Block a user