We have to start by applying the permission restrictions to new_bs
before we can loosen them on old_bs. See the comment for the
explanation.
Signed-off-by: Max Reitz <mre...@redhat.com>
Reviewed-by: Kevin Wolf <kw...@redhat.com>
---
block.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/block.c b/block.c
index 02157e0652..3029f5c302 100644
--- a/block.c
+++ b/block.c
@@ -2240,6 +2240,19 @@ static void bdrv_replace_child(BdrvChild *child,
BlockDriverState *new_bs)
bdrv_replace_child_noperm(child, new_bs);
+ /*
+ * Start with the new node's permissions. If @new_bs is a (direct
+ * or indirect) child of @old_bs, we must complete the permission
+ * update on @new_bs before we loosen the restrictions on @old_bs.
+ * Otherwise, bdrv_check_perm() on @old_bs would re-initiate
+ * updating the permissions of @new_bs, and thus not purely loosen
+ * restrictions.
+ */
+ if (new_bs) {
+ bdrv_get_cumulative_perm(new_bs, &perm, &shared_perm);
+ bdrv_set_perm(new_bs, perm, shared_perm);
+ }
+
if (old_bs) {
/* Update permissions for old node. This is guaranteed to succeed
* because we're just taking a parent away, so we're loosening
@@ -2248,11 +2261,6 @@ static void bdrv_replace_child(BdrvChild *child,
BlockDriverState *new_bs)
bdrv_check_perm(old_bs, NULL, perm, shared_perm, NULL, &error_abort);
bdrv_set_perm(old_bs, perm, shared_perm);
}
-
- if (new_bs) {
- bdrv_get_cumulative_perm(new_bs, &perm, &shared_perm);
- bdrv_set_perm(new_bs, perm, shared_perm);
- }
}
/*
--
2.21.0
