From c62d32f503b37322a3960bad4cd4cdb69947d81e Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Fri, 13 Jan 2017 19:13:00 +0100 Subject: block: Request real permissions in blk_new_open() We can figure out the necessary permissions from the flags that the caller passed. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Acked-by: Fam Zheng --- block/block-backend.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) (limited to 'block') diff --git a/block/block-backend.c b/block/block-backend.c index 299948f96b..03d5495a87 100644 --- a/block/block-backend.c +++ b/block/block-backend.c @@ -166,17 +166,33 @@ BlockBackend *blk_new_open(const char *filename, const char *reference, { BlockBackend *blk; BlockDriverState *bs; + uint64_t perm; + + /* blk_new_open() is mainly used in .bdrv_create implementations and the + * tools where sharing isn't a concern because the BDS stays private, so we + * just request permission according to the flags. + * + * The exceptions are xen_disk and blockdev_init(); in these cases, the + * caller of blk_new_open() doesn't make use of the permissions, but they + * shouldn't hurt either. We can still share everything here because the + * guest devices will add their own blockers if they can't share. */ + perm = BLK_PERM_CONSISTENT_READ; + if (flags & BDRV_O_RDWR) { + perm |= BLK_PERM_WRITE; + } + if (flags & BDRV_O_RESIZE) { + perm |= BLK_PERM_RESIZE; + } - blk = blk_new(0, BLK_PERM_ALL); + blk = blk_new(perm, BLK_PERM_ALL); bs = bdrv_open(filename, reference, options, flags, errp); if (!bs) { blk_unref(blk); return NULL; } - /* FIXME Use real permissions */ blk->root = bdrv_root_attach_child(bs, "root", &child_root, - 0, BLK_PERM_ALL, blk, &error_abort); + perm, BLK_PERM_ALL, blk, &error_abort); return blk; } -- cgit v1.2.3-55-g7522