From: Ilya Dryomov <idryomov@gmail.com>
Date: Tue, 12 Nov 2019 19:50:55 +0100
Subject: rbd: disallow read-write partitions on images mapped read-only
Git-commit: c1b6205730ef009868fbb68cf4755b20055fcc6c
Patch-mainline: v5.5-rc1
References: jsc#SES-1134
If an image is mapped read-only, don't allow setting its partition(s)
to read-write via BLKROSET: with the previous patch all writes to such
images are failed anyway.
If an image is mapped read-write, its partition(s) can be set to
read-only (and back to read-write) as before. Note that at the rbd
level the image will remain writeable: anything sent down by the block
layer will be executed, including any write from internal kernel users.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Jason Dillaman <dillaman@redhat.com>
Reviewed-by: Dongsheng Yang <dongsheng.yang@easystack.cn>
Acked-by: Luis Henriques <lhenriques@suse.com>
---
drivers/block/rbd.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
index 02cd2a7df6dd..978e4d846f64 100644
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -706,9 +706,16 @@ static int rbd_ioctl_set_ro(struct rbd_device *rbd_dev, unsigned long arg)
if (get_user(ro, (int __user *)arg))
return -EFAULT;
- /* Snapshots can't be marked read-write */
- if (rbd_is_snap(rbd_dev) && !ro)
- return -EROFS;
+ /*
+ * Both images mapped read-only and snapshots can't be marked
+ * read-write.
+ */
+ if (!ro) {
+ if (rbd_is_ro(rbd_dev))
+ return -EROFS;
+
+ rbd_assert(!rbd_is_snap(rbd_dev));
+ }
/* Let blkdev_roset() handle it */
return -ENOTTY;