mirror of
https://gitlab.com/qemu-project/qemu
synced 2024-10-15 15:32:51 +00:00
softmmu/physmem: Fail creation of new files in file_ram_open() with readonly=true
Currently, if a file does not exist yet, file_ram_open() will create new empty file and open it writable. However, it even does that when readonly=true was specified. Specifying O_RDONLY instead to create a new readonly file would theoretically work, however, ftruncate() will refuse to resize the new empty file and we'll get a warning: ftruncate: Invalid argument And later eventually more problems when actually mmap'ing that file and accessing it. If someone intends to let QEMU open+mmap a file read-only, better create+resize+fill that file ahead of time outside of QEMU context. We'll now fail with: ./qemu-system-x86_64 \ -object memory-backend-file,id=ram0,mem-path=tmp,readonly=true,size=1g qemu-system-x86_64: can't open backing store tmp for guest RAM: No such file or directory All use cases of readonly files (R/O NVDIMMs, VM templating) work on existing files, so silently creating new files might just hide user errors when accidentally specifying a non-existent file. Note that the only memory-backend-file will end up calling memory_region_init_ram_from_file() -> qemu_ram_alloc_from_file() -> file_ram_open(). Move error reporting to the single caller. Message-ID: <20230906120503.359863-7-david@redhat.com> Acked-by: Peter Xu <peterx@redhat.com> Signed-off-by: David Hildenbrand <david@redhat.com>
This commit is contained in:
parent
b2cccb52bd
commit
4d6b23f7e2
|
@ -1288,8 +1288,7 @@ static int64_t get_file_align(int fd)
|
||||||
static int file_ram_open(const char *path,
|
static int file_ram_open(const char *path,
|
||||||
const char *region_name,
|
const char *region_name,
|
||||||
bool readonly,
|
bool readonly,
|
||||||
bool *created,
|
bool *created)
|
||||||
Error **errp)
|
|
||||||
{
|
{
|
||||||
char *filename;
|
char *filename;
|
||||||
char *sanitized_name;
|
char *sanitized_name;
|
||||||
|
@ -1304,6 +1303,10 @@ static int file_ram_open(const char *path,
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (errno == ENOENT) {
|
if (errno == ENOENT) {
|
||||||
|
if (readonly) {
|
||||||
|
/* Refuse to create new, readonly files. */
|
||||||
|
return -ENOENT;
|
||||||
|
}
|
||||||
/* @path names a file that doesn't exist, create it */
|
/* @path names a file that doesn't exist, create it */
|
||||||
fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
|
fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
|
||||||
if (fd >= 0) {
|
if (fd >= 0) {
|
||||||
|
@ -1333,10 +1336,7 @@ static int file_ram_open(const char *path,
|
||||||
g_free(filename);
|
g_free(filename);
|
||||||
}
|
}
|
||||||
if (errno != EEXIST && errno != EINTR) {
|
if (errno != EEXIST && errno != EINTR) {
|
||||||
error_setg_errno(errp, errno,
|
return -errno;
|
||||||
"can't open backing store %s for guest RAM",
|
|
||||||
path);
|
|
||||||
return -1;
|
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
* Try again on EINTR and EEXIST. The latter happens when
|
* Try again on EINTR and EEXIST. The latter happens when
|
||||||
|
@ -1946,8 +1946,10 @@ RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
|
||||||
RAMBlock *block;
|
RAMBlock *block;
|
||||||
|
|
||||||
fd = file_ram_open(mem_path, memory_region_name(mr),
|
fd = file_ram_open(mem_path, memory_region_name(mr),
|
||||||
!!(ram_flags & RAM_READONLY_FD), &created, errp);
|
!!(ram_flags & RAM_READONLY_FD), &created);
|
||||||
if (fd < 0) {
|
if (fd < 0) {
|
||||||
|
error_setg_errno(errp, -fd, "can't open backing store %s for guest RAM",
|
||||||
|
mem_path);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue