git.proxmox.com Git - mirror_qemu.git/commit

author	Kevin Wolf <kwolf@redhat.com>
	Tue, 5 Mar 2019 16:18:22 +0000 (17:18 +0100)
committer	Kevin Wolf <kwolf@redhat.com>
	Tue, 12 Mar 2019 19:30:14 +0000 (20:30 +0100)
commit	69b736e76567ecbc9b9e55570bc0afc840614a98
tree	9785fb617e6e0785f52815d145c3b195b1bc7321	tree
parent	a4615ab31cade201641cbb17a81dcac1b3bea624	commit \| diff

block: Make permission changes in reopen less wrong

The way that reopen interacts with permission changes has one big
problem: Both operations are recursive, and the permissions are changes
for each node in the reopen queue.

For a simple graph that consists just of parent and child,
.bdrv_check_perm will be called twice for the child, once recursively
when adjusting the permissions of parent, and once again when the child
itself is reopened.

Even worse, the first .bdrv_check_perm call happens before
.bdrv_reopen_prepare was called for the child and the second one is
called afterwards.

Making sure that .bdrv_check_perm (and the other permission callbacks)
are called only once is hard. We can cope with multiple calls right now,
but as soon as file-posix gets a dynamic auto-read-only that may need to
open a new file descriptor, we get the additional requirement that all
of them are after the .bdrv_reopen_prepare call.

So reorder things in bdrv_reopen_multiple() to first call
.bdrv_reopen_prepare for all involved nodes and only then adjust
permissions.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>