c1019d1687
Move the permission API calls into driver-specific callbacks that always run under BQL. In this case, bdrv_crypto_luks needs to perform permission checks before and after qcrypto_block_amend_options(). The problem is that the caller, block_crypto_amend_options_generic_luks(), can also run in I/O from .bdrv_co_amend(). This does not comply with Global State-I/O API split, as permissions API must always run under BQL. Firstly, introduce .bdrv_amend_pre_run() and .bdrv_amend_clean() callbacks. These two callbacks are guaranteed to be invoked under BQL, respectively before and after .bdrv_co_amend(). They take care of performing the permission checks in the same way as they are currently done before and after qcrypto_block_amend_options(). These callbacks are in preparation for next patch, where we delete the original permission check. Right now they just add redundant control. Then, call .bdrv_amend_pre_run() before job_start in qmp_x_blockdev_amend(), so that it will be run before the job coroutine is created and stay in the main loop. As a cleanup, use JobDriver's .clean() callback to call .bdrv_amend_clean(), and run amend-specific cleanup callbacks under BQL. After this patch, permission failures occur early in the blockdev-amend job to update a LUKS volume's keys. iotest 296 must now expect them in x-blockdev-amend's QMP reply instead of waiting for the actual job to fail later. Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> Message-Id: <20220209105452.1694545-2-eesposit@redhat.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com> Message-Id: <20220304153729.711387-6-hreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
143 lines
4.3 KiB
C
143 lines
4.3 KiB
C
/*
|
|
* Block layer code related to image options amend
|
|
*
|
|
* Copyright (c) 2018 Kevin Wolf <kwolf@redhat.com>
|
|
* Copyright (c) 2020 Red Hat. Inc
|
|
*
|
|
* Heavily based on create.c
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
* in the Software without restriction, including without limitation the rights
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
* THE SOFTWARE.
|
|
*/
|
|
|
|
#include "qemu/osdep.h"
|
|
#include "block/block_int.h"
|
|
#include "qemu/job.h"
|
|
#include "qemu/main-loop.h"
|
|
#include "qapi/qapi-commands-block-core.h"
|
|
#include "qapi/qapi-visit-block-core.h"
|
|
#include "qapi/clone-visitor.h"
|
|
#include "qapi/error.h"
|
|
|
|
typedef struct BlockdevAmendJob {
|
|
Job common;
|
|
BlockdevAmendOptions *opts;
|
|
BlockDriverState *bs;
|
|
bool force;
|
|
} BlockdevAmendJob;
|
|
|
|
static int coroutine_fn blockdev_amend_run(Job *job, Error **errp)
|
|
{
|
|
BlockdevAmendJob *s = container_of(job, BlockdevAmendJob, common);
|
|
int ret;
|
|
|
|
job_progress_set_remaining(&s->common, 1);
|
|
ret = s->bs->drv->bdrv_co_amend(s->bs, s->opts, s->force, errp);
|
|
job_progress_update(&s->common, 1);
|
|
qapi_free_BlockdevAmendOptions(s->opts);
|
|
return ret;
|
|
}
|
|
|
|
static int blockdev_amend_pre_run(BlockdevAmendJob *s, Error **errp)
|
|
{
|
|
if (s->bs->drv->bdrv_amend_pre_run) {
|
|
return s->bs->drv->bdrv_amend_pre_run(s->bs, errp);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void blockdev_amend_clean(Job *job)
|
|
{
|
|
BlockdevAmendJob *s = container_of(job, BlockdevAmendJob, common);
|
|
|
|
if (s->bs->drv->bdrv_amend_clean) {
|
|
s->bs->drv->bdrv_amend_clean(s->bs);
|
|
}
|
|
}
|
|
|
|
static const JobDriver blockdev_amend_job_driver = {
|
|
.instance_size = sizeof(BlockdevAmendJob),
|
|
.job_type = JOB_TYPE_AMEND,
|
|
.run = blockdev_amend_run,
|
|
.clean = blockdev_amend_clean,
|
|
};
|
|
|
|
void qmp_x_blockdev_amend(const char *job_id,
|
|
const char *node_name,
|
|
BlockdevAmendOptions *options,
|
|
bool has_force,
|
|
bool force,
|
|
Error **errp)
|
|
{
|
|
BlockdevAmendJob *s;
|
|
const char *fmt = BlockdevDriver_str(options->driver);
|
|
BlockDriver *drv = bdrv_find_format(fmt);
|
|
BlockDriverState *bs;
|
|
|
|
bs = bdrv_lookup_bs(NULL, node_name, errp);
|
|
if (!bs) {
|
|
return;
|
|
}
|
|
|
|
if (!drv) {
|
|
error_setg(errp, "Block driver '%s' not found or not supported", fmt);
|
|
return;
|
|
}
|
|
|
|
/*
|
|
* If the driver is in the schema, we know that it exists. But it may not
|
|
* be whitelisted.
|
|
*/
|
|
if (bdrv_uses_whitelist() && !bdrv_is_whitelisted(drv, false)) {
|
|
error_setg(errp, "Driver is not whitelisted");
|
|
return;
|
|
}
|
|
|
|
if (bs->drv != drv) {
|
|
error_setg(errp,
|
|
"x-blockdev-amend doesn't support changing the block driver");
|
|
return;
|
|
}
|
|
|
|
/* Error out if the driver doesn't support .bdrv_co_amend */
|
|
if (!drv->bdrv_co_amend) {
|
|
error_setg(errp, "Driver does not support x-blockdev-amend");
|
|
return;
|
|
}
|
|
|
|
/* Create the block job */
|
|
s = job_create(job_id, &blockdev_amend_job_driver, NULL,
|
|
bdrv_get_aio_context(bs), JOB_DEFAULT | JOB_MANUAL_DISMISS,
|
|
NULL, NULL, errp);
|
|
if (!s) {
|
|
return;
|
|
}
|
|
|
|
s->bs = bs,
|
|
s->opts = QAPI_CLONE(BlockdevAmendOptions, options),
|
|
s->force = has_force ? force : false;
|
|
|
|
if (blockdev_amend_pre_run(s, errp)) {
|
|
job_early_fail(&s->common);
|
|
return;
|
|
}
|
|
|
|
job_start(&s->common);
|
|
}
|