From: Ilya Dryomov <idryomov@gmail.com>
Date: Tue, 12 Nov 2019 19:50:55 +0100
Subject: rbd: disallow read-write partitions on images mapped read-only
Git-commit: c1b6205730ef009868fbb68cf4755b20055fcc6c
Patch-mainline: v5.5-rc1
References: jsc#SES-1134

If an image is mapped read-only, don't allow setting its partition(s)
to read-write via BLKROSET: with the previous patch all writes to such
images are failed anyway.

If an image is mapped read-write, its partition(s) can be set to
read-only (and back to read-write) as before.  Note that at the rbd
level the image will remain writeable: anything sent down by the block
layer will be executed, including any write from internal kernel users.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Jason Dillaman <dillaman@redhat.com>
Reviewed-by: Dongsheng Yang <dongsheng.yang@easystack.cn>
Acked-by: Luis Henriques <lhenriques@suse.com>
---
 drivers/block/rbd.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
index 02cd2a7df6dd..978e4d846f64 100644
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -706,9 +706,16 @@ static int rbd_ioctl_set_ro(struct rbd_device *rbd_dev, unsigned long arg)
 	if (get_user(ro, (int __user *)arg))
 		return -EFAULT;
 
-	/* Snapshots can't be marked read-write */
-	if (rbd_is_snap(rbd_dev) && !ro)
-		return -EROFS;
+	/*
+	 * Both images mapped read-only and snapshots can't be marked
+	 * read-write.
+	 */
+	if (!ro) {
+		if (rbd_is_ro(rbd_dev))
+			return -EROFS;
+
+		rbd_assert(!rbd_is_snap(rbd_dev));
+	}
 
 	/* Let blkdev_roset() handle it */
 	return -ENOTTY;