Kevin Wolf <kwolf@redhat.com> writes:
Am 12.08.2012 04:48, schrieb Kevin Shanahan:
So qmp_change_blockdev uses bdrv_is_read_only() to check whether to try and open the backing file read only, which uses the ->read_only member of struct BlockDriverState to decide whether to pass the BDRV_O_RDRW flag to qmp_bdrv_open_encypted() and then bdrv_open().
I would assume we want to set this flag in drive_init() when the block driver state is initialised. How about a patch like this instead?
diff --git a/blockdev.c b/blockdev.c index 8669142..ba22064 100644 --- a/blockdev.c +++ b/blockdev.c @@ -526,6 +526,7 @@ DriveInfo *drive_init(QemuOpts *opts, int default_to_scsi) if_name[type], mediastr, unit_id); } dinfo->bdrv = bdrv_new(dinfo->id); + dinfo->bdrv->read_only = ro; dinfo->devaddr = devaddr; dinfo->type = type; dinfo->bus = bus_id;
Ah, yes, this looks much more like the proper fix. Basically we need to set everything that is retained after a 'change' command. We have this code in qmp_change_blockdev():
bdrv_flags = bdrv_is_read_only(bs) ? 0 : BDRV_O_RDWR; bdrv_flags |= bdrv_is_snapshot(bs) ? BDRV_O_SNAPSHOT : 0;
qmp_bdrv_open_encrypted(bs, filename, bdrv_flags, drv, NULL, errp);
bdrv_is_read_only() is covered by your patch, bdrv_is_snapshot() additionally requires bs->open_flags to be right.
Markus, how will this look in the -blockdev world? There seem to be properties that belong to host state, but are not coupled to a medium.
Really? Read-only is clearly a property of the medium. There's a separate read-only belonging to the device. A CD-ROM medium is read-only, even when loaded in an optical disk drive that can burn. An optical disk drive that can't burn is read-only, even when writable medium is loaded. Here's how I believe it should work: * BDS member read_only describes the medium. * block.h gets it right: you specify read-only with bdrv_open(), not with bdrv_new(). * -drive gets it right: parameter readonly gets ignored unless we're defining media. Not nice: it's ignored silently. * Monitor command change gets it wrong: it doesn't let you specify the new medium's read-only-ness. Easy enough to fix for QMP, just add a suitable argument. Even better: create a new, non-multiplexed command, and let "change" rot in peace. Not sure about the best way to fix it in the human monitor. * Device model has its own read-only predicate. * If a device model comes in both a read-only and a read-write flavor, it should have a bool property "readonly". * A device model can only use a backend with a suitable media state (has media, is read-only, ...). For instance, ide-hd can't use a read-only backend. * Media change disabled while backend is attached to a device model with fixed media. * Convenient defaults (optional) * A device model property "readonly" could default to the media's read-only-ness. * Monitor command change could default to readonly when the backend is attached to a device model that can't write. * Both -drive and change could default to readonly when the image isn't writable. This leads to: 1. Replace monitor command change. 2. Optional: look for defaults to improve.