Block patches for 5.1:

- Let LUKS images only be shared between VMs if the guest device was configured to allow that - Fix abort() from bdrv_aio_cancel() for guest devices without a BDS -----BEGIN PGP SIGNATURE----- iQFGBAABCAAwFiEEkb62CjDbPohX0Rgp9AfbAGHVz0AFAl8W1cUSHG1yZWl0ekBy ZWRoYXQuY29tAAoJEPQH2wBh1c9AA7wH/1ckTrSDMroVi1adBrz+KycA3O9kSmzl Z4qvLEdj/j7oc3ud96faCguPBv36ogjq/Wu7wl2/5ufNCVtr39LQLi7LeUiuzcuM mZaov8BaFPWcVnEyqJKES/VfOB4AbT2LfFhqC+L2VGShsxFDTVOAno6R87Onkkuy 87qN9gs2b77pyhUQxvgKJzfvjDy0YRDyYn30eBo/WisEjfDfLrf2Fv/wpZze0OC8 9cqEvczTU2nQzX5k2NnANbf8Vr/U6H3tay/f/C3FZ0lWHcqWEieIKlWp4iYezsTk B/LKDMWtvPgrZGxmsHrwOs9Y1Tfre3w86PrLXAC44WpX6OghhXKNKrQ= =BV7d -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-07-21' into staging Block patches for 5.1: - Let LUKS images only be shared between VMs if the guest device was configured to allow that - Fix abort() from bdrv_aio_cancel() for guest devices without a BDS # gpg: Signature made Tue 21 Jul 2020 12:47:17 BST # gpg: using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40 # gpg: issuer "mreitz@redhat.com" # gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full] # Primary key fingerprint: 91BE B60A 30DB 3E88 57D1 1829 F407 DB00 61D5 CF40 * remotes/maxreitz/tags/pull-block-2020-07-21: block: fix bdrv_aio_cancel() for ENOMEDIUM requests qemu-iotests: add testcase for bz #1857490 block/crypto: disallow write sharing by default Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-21 14:03:45 +01:00 · 2020-07-21 14:03:45 +01:00 · 98d897eb4b
parent 90218a9a39 1d719ddc35
commit 98d897eb4b
4 changed files with 62 additions and 4 deletions
--- a/block/block-backend.c
+++ b/block/block-backend.c
@ -1394,8 +1394,16 @@ typedef struct BlkAioEmAIOCB {
    bool has_returned;
 } BlkAioEmAIOCB;
 static AioContext *blk_aio_em_aiocb_get_aio_context(BlockAIOCB *acb_)
 {
    BlkAioEmAIOCB *acb = container_of(acb_, BlkAioEmAIOCB, common);
    return blk_get_aio_context(acb->rwco.blk);
 }
 static const AIOCBInfo blk_aio_em_aiocb_info = {
    .aiocb_size         = sizeof(BlkAioEmAIOCB),
    .get_aio_context    = blk_aio_em_aiocb_get_aio_context,
 };
 static void blk_aio_complete(BlkAioEmAIOCB *acb)
--- a/block/crypto.c
+++ b/block/crypto.c
@ -881,7 +881,7 @@ block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c,
     * For backward compatibility, manually share the write
     * and resize permission
     */
-    *nshared |= (BLK_PERM_WRITE | BLK_PERM_RESIZE);
+    *nshared |= shared & (BLK_PERM_WRITE | BLK_PERM_RESIZE);
    /*
     * Since we are not fully a format driver, don't always request
     * the read/resize permission but only when explicitly
--- a/tests/qemu-iotests/296
+++ b/tests/qemu-iotests/296
@ -133,6 +133,21 @@ class EncryptionSetupTestCase(iotests.QMPTestCase):
        )
        self.assert_qmp(result, 'return', {})
    ###########################################################################
    # add virtio-blk consumer for a block device
    def addImageUser(self, vm, id, disk_id, share_rw=False):
        result = vm.qmp('device_add', **
            {
                'driver': 'virtio-blk',
                'id': id,
                'drive': disk_id,
                'share-rw' : share_rw
            }
        )
        iotests.log(result)
    # close the encrypted block device
    def closeImageQmp(self, vm, id):
        result = vm.qmp('blockdev-del', **{ 'node-name': id })
@ -159,7 +174,7 @@ class EncryptionSetupTestCase(iotests.QMPTestCase):
        vm.run_job('job0')
    # test that when the image opened by two qemu processes,
-    # neither of them can update the image
+    # neither of them can update the encryption keys
    def test1(self):
        self.createImg(test_img, self.secrets[0]);
@ -193,6 +208,9 @@ class EncryptionSetupTestCase(iotests.QMPTestCase):
        os.remove(test_img)
    # test that when the image opened by two qemu processes,
    # even if first VM opens it read-only, the second can't update encryption
    # keys
    def test2(self):
        self.createImg(test_img, self.secrets[0]);
@ -226,6 +244,30 @@ class EncryptionSetupTestCase(iotests.QMPTestCase):
        self.closeImageQmp(self.vm1, "testdev")
        os.remove(test_img)
    # test that two VMs can't open the same luks image by default
    # and attach it to a guest device
    def test3(self):
        self.createImg(test_img, self.secrets[0]);
        self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0])
        self.addImageUser(self.vm1, "testctrl", "testdev")
        self.openImageQmp(self.vm2, "testdev", test_img, self.secrets[0])
        self.addImageUser(self.vm2, "testctrl", "testdev")
    # test that two VMs can attach the same luks image to a guest device,
    # if both use share-rw=on
    def test4(self):
        self.createImg(test_img, self.secrets[0]);
        self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0])
        self.addImageUser(self.vm1, "testctrl", "testdev", share_rw=True)
        self.openImageQmp(self.vm2, "testdev", test_img, self.secrets[0])
        self.addImageUser(self.vm2, "testctrl", "testdev", share_rw=True)
 if __name__ == '__main__':
    # support only raw luks since luks encrypted qcow2 is a proper
--- a/tests/qemu-iotests/296.out
+++ b/tests/qemu-iotests/296.out
@ -26,8 +26,16 @@ Job failed: Failed to get shared "consistent read" lock
 {"return": {}}
 {"execute": "job-dismiss", "arguments": {"id": "job0"}}
 {"return": {}}
-..
+Formatting 'TEST_DIR/test.img', fmt=luks size=1048576 key-secret=keysec0 iter-time=10
 {"return": {}}
 {"error": {"class": "GenericError", "desc": "Failed to get \"write\" lock"}}
 Formatting 'TEST_DIR/test.img', fmt=luks size=1048576 key-secret=keysec0 iter-time=10
 {"return": {}}
 {"return": {}}
 ....
 ----------------------------------------------------------------------
-Ran 2 tests
+Ran 4 tests
 OK