Block patches for 5.1:

- Let LUKS images only be shared between VMs if the guest device was configured to allow that - Fix abort() from bdrv_aio_cancel() for guest devices without a BDS -----BEGIN PGP SIGNATURE----- iQFGBAABCAAwFiEEkb62CjDbPohX0Rgp9AfbAGHVz0AFAl8W1cUSHG1yZWl0ekBy ZWRoYXQuY29tAAoJEPQH2wBh1c9AA7wH/1ckTrSDMroVi1adBrz+KycA3O9kSmzl Z4qvLEdj/j7oc3ud96faCguPBv36ogjq/Wu7wl2/5ufNCVtr39LQLi7LeUiuzcuM mZaov8BaFPWcVnEyqJKES/VfOB4AbT2LfFhqC+L2VGShsxFDTVOAno6R87Onkkuy 87qN9gs2b77pyhUQxvgKJzfvjDy0YRDyYn30eBo/WisEjfDfLrf2Fv/wpZze0OC8 9cqEvczTU2nQzX5k2NnANbf8Vr/U6H3tay/f/C3FZ0lWHcqWEieIKlWp4iYezsTk B/LKDMWtvPgrZGxmsHrwOs9Y1Tfre3w86PrLXAC44WpX6OghhXKNKrQ= =BV7d -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-07-21' into staging Block patches for 5.1: - Let LUKS images only be shared between VMs if the guest device was configured to allow that - Fix abort() from bdrv_aio_cancel() for guest devices without a BDS # gpg: Signature made Tue 21 Jul 2020 12:47:17 BST # gpg: using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40 # gpg: issuer "mreitz@redhat.com" # gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full] # Primary key fingerprint: 91BE B60A 30DB 3E88 57D1 1829 F407 DB00 61D5 CF40 * remotes/maxreitz/tags/pull-block-2020-07-21: block: fix bdrv_aio_cancel() for ENOMEDIUM requests qemu-iotests: add testcase for bz #1857490 block/crypto: disallow write sharing by default Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-21 14:03:45 +01:00 · 2020-07-21 14:03:45 +01:00 · 98d897eb4b
parent 90218a9a39 1d719ddc35
commit 98d897eb4b
4 changed files with 62 additions and 4 deletions
--- a/block/block-backend.c
+++ b/block/block-backend.c
@ -1394,8 +1394,16 @@ typedef struct BlkAioEmAIOCB {
    bool has_returned;
 } BlkAioEmAIOCB;

+static AioContext *blk_aio_em_aiocb_get_aio_context(BlockAIOCB *acb_)
+{
+    BlkAioEmAIOCB *acb = container_of(acb_, BlkAioEmAIOCB, common);
+
+    return blk_get_aio_context(acb->rwco.blk);
+}
+
 static const AIOCBInfo blk_aio_em_aiocb_info = {
    .aiocb_size         = sizeof(BlkAioEmAIOCB),
+    .get_aio_context    = blk_aio_em_aiocb_get_aio_context,
 };

 static void blk_aio_complete(BlkAioEmAIOCB *acb)
--- a/block/crypto.c
+++ b/block/crypto.c
@ -881,7 +881,7 @@ block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c,
     * For backward compatibility, manually share the write
     * and resize permission
     */
-    *nshared |= (BLK_PERM_WRITE | BLK_PERM_RESIZE);
+    *nshared |= shared & (BLK_PERM_WRITE | BLK_PERM_RESIZE);
    /*
     * Since we are not fully a format driver, don't always request
     * the read/resize permission but only when explicitly
--- a/tests/qemu-iotests/296
+++ b/tests/qemu-iotests/296
@ -133,6 +133,21 @@ class EncryptionSetupTestCase(iotests.QMPTestCase):
        )
        self.assert_qmp(result, 'return', {})

+
+    ###########################################################################
+    # add virtio-blk consumer for a block device
+    def addImageUser(self, vm, id, disk_id, share_rw=False):
+        result = vm.qmp('device_add', **
+            {
+                'driver': 'virtio-blk',
+                'id': id,
+                'drive': disk_id,
+                'share-rw' : share_rw
+            }
+        )
+
+        iotests.log(result)
+
    # close the encrypted block device
    def closeImageQmp(self, vm, id):
        result = vm.qmp('blockdev-del', **{ 'node-name': id })
@ -159,7 +174,7 @@ class EncryptionSetupTestCase(iotests.QMPTestCase):
        vm.run_job('job0')

    # test that when the image opened by two qemu processes,
-    # neither of them can update the image
+    # neither of them can update the encryption keys
    def test1(self):
        self.createImg(test_img, self.secrets[0]);

@ -193,6 +208,9 @@ class EncryptionSetupTestCase(iotests.QMPTestCase):
        os.remove(test_img)


+    # test that when the image opened by two qemu processes,
+    # even if first VM opens it read-only, the second can't update encryption
+    # keys
    def test2(self):
        self.createImg(test_img, self.secrets[0]);

@ -226,6 +244,30 @@ class EncryptionSetupTestCase(iotests.QMPTestCase):
        self.closeImageQmp(self.vm1, "testdev")
        os.remove(test_img)

+    # test that two VMs can't open the same luks image by default
+    # and attach it to a guest device
+    def test3(self):
+        self.createImg(test_img, self.secrets[0]);
+
+        self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0])
+        self.addImageUser(self.vm1, "testctrl", "testdev")
+
+        self.openImageQmp(self.vm2, "testdev", test_img, self.secrets[0])
+        self.addImageUser(self.vm2, "testctrl", "testdev")
+
+
+    # test that two VMs can attach the same luks image to a guest device,
+    # if both use share-rw=on
+    def test4(self):
+        self.createImg(test_img, self.secrets[0]);
+
+        self.openImageQmp(self.vm1, "testdev", test_img, self.secrets[0])
+        self.addImageUser(self.vm1, "testctrl", "testdev", share_rw=True)
+
+        self.openImageQmp(self.vm2, "testdev", test_img, self.secrets[0])
+        self.addImageUser(self.vm2, "testctrl", "testdev", share_rw=True)
+
+

 if __name__ == '__main__':
    # support only raw luks since luks encrypted qcow2 is a proper
--- a/tests/qemu-iotests/296.out
+++ b/tests/qemu-iotests/296.out
@ -26,8 +26,16 @@ Job failed: Failed to get shared "consistent read" lock
 {"return": {}}
 {"execute": "job-dismiss", "arguments": {"id": "job0"}}
 {"return": {}}
-..
+Formatting 'TEST_DIR/test.img', fmt=luks size=1048576 key-secret=keysec0 iter-time=10
+
+{"return": {}}
+{"error": {"class": "GenericError", "desc": "Failed to get \"write\" lock"}}
+Formatting 'TEST_DIR/test.img', fmt=luks size=1048576 key-secret=keysec0 iter-time=10
+
+{"return": {}}
+{"return": {}}
+....
 ----------------------------------------------------------------------
-Ran 2 tests
+Ran 4 tests

 OK