Re: [PATCH 1/5] crypto: perform permission checks under BQL

[Kevin Wolf]

Am 09.02.2022 um 11:54 hat Emanuele Giuseppe Esposito geschrieben:
> Move the permission API calls into driver-specific callbacks
> that always run under BQL. In this case, bdrv_crypto_luks
> needs to perform permission checks before and after
> qcrypto_block_amend_options(). The problem is that the caller,
> block_crypto_amend_options_generic_luks(), can also run in I/O
> from .bdrv_co_amend(). This does not comply with Global State-I/O API split,
> as permissions API must always run under BQL.
> 
> Firstly, introduce .bdrv_amend_pre_run() and .bdrv_amend_clean()
> callbacks. These two callbacks are guaranteed to be invoked under
> BQL, respectively before and after .bdrv_co_amend().
> They take care of performing the permission checks
> in the same way as they are currently done before and after
> qcrypto_block_amend_options().
> These callbacks are in preparation for next patch, where we
> delete the original permission check. Right now they just add redundant
> control.
> 
> Then, call .bdrv_amend_pre_run() before job_start in
> qmp_x_blockdev_amend(), so that it will be run before the job coroutine
> is created and stay in the main loop.
> As a cleanup, use JobDriver's .clean() callback to call
> .bdrv_amend_clean(), and run amend-specific cleanup callbacks under BQL.
> 
> Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
> ---
>  block/amend.c             | 24 ++++++++++++++++++++++++
>  block/crypto.c            | 27 +++++++++++++++++++++++++++
>  include/block/block_int.h | 14 ++++++++++++++
>  3 files changed, 65 insertions(+)
> 
> diff --git a/block/amend.c b/block/amend.c
> index 392df9ef83..329bca53dc 100644
> --- a/block/amend.c
> +++ b/block/amend.c
> @@ -53,10 +53,29 @@ static int coroutine_fn blockdev_amend_run(Job *job, 
> Error **errp)
>      return ret;
>  }
>  
> +static int blockdev_amend_pre_run(BlockdevAmendJob *s, Error **errp)
> +{
> +    if (s->bs->drv->bdrv_amend_pre_run) {
> +        return s->bs->drv->bdrv_amend_pre_run(s->bs, errp);
> +    }
> +
> +    return 0;
> +}
> +
> +static void blockdev_amend_clean(Job *job)
> +{
> +    BlockdevAmendJob *s = container_of(job, BlockdevAmendJob, common);
> +
> +    if (s->bs->drv->bdrv_amend_clean) {
> +        s->bs->drv->bdrv_amend_clean(s->bs);
> +    }
> +}
> +
>  static const JobDriver blockdev_amend_job_driver = {
>      .instance_size = sizeof(BlockdevAmendJob),
>      .job_type      = JOB_TYPE_AMEND,
>      .run           = blockdev_amend_run,
> +    .clean         = blockdev_amend_clean,
>  };
>  
>  void qmp_x_blockdev_amend(const char *job_id,
> @@ -113,5 +132,10 @@ void qmp_x_blockdev_amend(const char *job_id,
>      s->bs = bs,
>      s->opts = QAPI_CLONE(BlockdevAmendOptions, options),
>      s->force = has_force ? force : false;
> +
> +    if (blockdev_amend_pre_run(s, errp)) {
> +        return;
> +    }
> +
>      job_start(&s->common);
>  }
> diff --git a/block/crypto.c b/block/crypto.c
> index c8ba4681e2..59f768ea8d 100644
> --- a/block/crypto.c
> +++ b/block/crypto.c
> @@ -777,6 +777,31 @@ block_crypto_get_specific_info_luks(BlockDriverState 
> *bs, Error **errp)
>      return spec_info;
>  }
>  
> +static int
> +block_crypto_amend_prepare(BlockDriverState *bs, Error **errp)
> +{
> +    BlockCrypto *crypto = bs->opaque;
> +
> +    /* apply for exclusive read/write permissions to the underlying file*/

Missing space before the end of the comment.

> +    crypto->updating_keys = true;
> +    return bdrv_child_refresh_perms(bs, bs->file, errp);
> +}
> +
> +static void
> +block_crypto_amend_cleanup(BlockDriverState *bs)
> +{
> +    BlockCrypto *crypto = bs->opaque;
> +    Error *errp = NULL;
> +
> +    /* release exclusive read/write permissions to the underlying file*/

And here.

I can fix this up while applying.

Kevin