Re: [Qemu-devel] [RFC PATCH 06/41] block: Involve block drivers in permission granting

[Kevin Wolf]

Am 14.02.2017 um 06:51 hat Fam Zheng geschrieben:
> On Mon, 02/13 18:22, Kevin Wolf wrote:
> > +int bdrv_child_try_set_perm(BdrvChild *c, uint64_t perm, uint64_t shared,
> > +                            Error **errp)
> > +{
> > +    int ret;
> > +
> > +    ret = bdrv_child_check_perm(c, perm, shared, errp);
> > +    if (ret < 0) {
> > +        return ret;
> > +    }
> > +
> > +    bdrv_child_set_perm(c, perm, shared);
> 
> This has an issue of TOCTOU, which means image locking cannot fit in easily.
> Maybe squash them into one callback (.bdrv_try_set_perm) that can return 
> error?

That doesn't work, it would leave us with broken error handling. If one
driver in the middle of the update process fails to update the
permissions, we would end up with half of the nodes having the old
permissions and half having the new ones.

I think the file driver needs to lock the file already on check, and
then we need to add a callback for the failure case so that it gives up
the lock again. In other words, we might need a transaction with
prepare/commit/abort here (*sigh*). Hm, or maybe just prepare/abort
could be enough? Needs some thinking about.

Kevin