| Message ID | 1298892156-11667-5-git-send-email-mohan@in.ibm.com |
|---|---|
| State | New |
| Headers | show |
On Mon, Feb 28, 2011 at 11:22 AM, M. Mohan Kumar <mohan@in.ibm.com> wrote: > + retval = recvmsg(sockfd, &msg, 0); > + if (retval < 0) { > + *sock_error = 1; > + return -EIO; > + } Are we guaranteed this will be called with signals blocked? Otherwise we need to handle EINTR. > + if (fd_info.fi_flags & FI_FD_SOCKERR) { > + *sock_error = 1; > + return -EIO; > + } > + /* If fd is invalid, ancillary data is not present */ > + if (fd_info.fi_fd < 0 || fd_info.fi_flags & FI_FD_INVALID) { > + return fd_info.fi_fd; > + } Testing fd_info.fi_flags & FI_FD_INVALID looks dangerous to me. If for some reason fi_fd >= 0 then we'd return success here. fd_fd < 0 should be a sufficient check, perhaps you wanted an assert() instead? Stefan
On Thursday 03 March 2011 5:08:10 pm Stefan Hajnoczi wrote: > On Mon, Feb 28, 2011 at 11:22 AM, M. Mohan Kumar <mohan@in.ibm.com> wrote: > > + retval = recvmsg(sockfd, &msg, 0); > > + if (retval < 0) { > > + *sock_error = 1; > > + return -EIO; > > + } > > Are we guaranteed this will be called with signals blocked? Otherwise > we need to handle EINTR. Ok > > > + if (fd_info.fi_flags & FI_FD_SOCKERR) { > > + *sock_error = 1; > > + return -EIO; > > + } > > + /* If fd is invalid, ancillary data is not present */ > > + if (fd_info.fi_fd < 0 || fd_info.fi_flags & FI_FD_INVALID) { > > + return fd_info.fi_fd; > > + } > > Testing fd_info.fi_flags & FI_FD_INVALID looks dangerous to me. If > for some reason fi_fd >= 0 then we'd return success here. fd_fd < 0 > should be a sufficient check, perhaps you wanted an assert() instead? This check is required because, Creating special objects like directory, device nodes will not have a valid fd, usually fd will be 0 on success and -ve on error. During success cases, we can't do sendmsg for fd=0 value with SCM_RIGHTS, that would result in problem. In this case, we set fd_info.fi_flags to FI_FD_INVALID indicating fd is not a valid one, but its not an error case also. ---- M. Mohan Kumar
On Thu, Mar 3, 2011 at 2:01 PM, M. Mohan Kumar <mohan@in.ibm.com> wrote: > On Thursday 03 March 2011 5:08:10 pm Stefan Hajnoczi wrote: >> On Mon, Feb 28, 2011 at 11:22 AM, M. Mohan Kumar <mohan@in.ibm.com> wrote: >> > + retval = recvmsg(sockfd, &msg, 0); >> > + if (retval < 0) { >> > + *sock_error = 1; >> > + return -EIO; >> > + } >> >> Are we guaranteed this will be called with signals blocked? Otherwise >> we need to handle EINTR. > > Ok > >> >> > + if (fd_info.fi_flags & FI_FD_SOCKERR) { >> > + *sock_error = 1; >> > + return -EIO; >> > + } >> > + /* If fd is invalid, ancillary data is not present */ >> > + if (fd_info.fi_fd < 0 || fd_info.fi_flags & FI_FD_INVALID) { >> > + return fd_info.fi_fd; >> > + } >> >> Testing fd_info.fi_flags & FI_FD_INVALID looks dangerous to me. If >> for some reason fi_fd >= 0 then we'd return success here. fd_fd < 0 >> should be a sufficient check, perhaps you wanted an assert() instead? > > This check is required because, > > Creating special objects like directory, device nodes will not have a valid > fd, usually fd will be 0 on success and -ve on error. During success cases, we > can't do sendmsg for fd=0 value with SCM_RIGHTS, that would result in problem. > In this case, we set fd_info.fi_flags to FI_FD_INVALID indicating fd is not a > valid one, but its not an error case also. + /* If fd is invalid, ancillary data is not present */ + if (fd_info.fi_fd < 0 || fd_info.fi_flags & FI_FD_INVALID) { if (fd_info.fi_fd < 0) { + return fd_info.fi_fd; + } We can get here now when no fd has been sent, but that's okay because... + + for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) { + if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)) || + cmsg->cmsg_level != SOL_SOCKET || + cmsg->cmsg_type != SCM_RIGHTS) { + continue; + } + fd = *((int *)CMSG_DATA(cmsg)); + return fd; + } + *sock_error = 1; + return -EIO; ...no SCM_RIGHTS was sent (it was optional) so instead of considering this case an error, we have reached a success case without an fd: return 0; Stefan
diff --git a/Makefile.objs b/Makefile.objs index f09cdee..9ea7946 100644 --- a/Makefile.objs +++ b/Makefile.objs @@ -283,7 +283,7 @@ hw-obj-$(CONFIG_SOUND) += $(sound-obj-y) 9pfs-nested-$(CONFIG_VIRTFS) = virtio-9p-debug.o 9pfs-nested-$(CONFIG_VIRTFS) += virtio-9p-local.o virtio-9p-xattr.o 9pfs-nested-$(CONFIG_VIRTFS) += virtio-9p-xattr-user.o virtio-9p-posix-acl.o -9pfs-nested-$(CONFIG_VIRTFS) += virtio-9p-chroot-dm.o +9pfs-nested-$(CONFIG_VIRTFS) += virtio-9p-chroot-dm.o virtio-9p-chroot-qemu.o hw-obj-$(CONFIG_REALLY_VIRTFS) += $(addprefix 9pfs/, $(9pfs-nested-y)) $(addprefix 9pfs/, $(9pfs-nested-y)): CFLAGS += -I$(SRC_PATH)/hw/ diff --git a/hw/9pfs/virtio-9p-chroot-qemu.c b/hw/9pfs/virtio-9p-chroot-qemu.c new file mode 100644 index 0000000..d2d8ab9 --- /dev/null +++ b/hw/9pfs/virtio-9p-chroot-qemu.c @@ -0,0 +1,97 @@ +/* + * Virtio 9p chroot environment for contained access to exported path + * Code handles qemu side interfaces to communicate with chroot daemon process + * Copyright IBM, Corp. 2011 + * + * Authors: + * M. Mohan Kumar <mohan@in.ibm.com> + * + * This work is licensed under the terms of the GNU GPL, version 2. See + * the copying file in the top-level directory + * + */ + +#include <sys/fsuid.h> +#include <sys/resource.h> +#include <signal.h> +#include "virtio.h" +#include "qemu_socket.h" +#include "qemu-thread.h" +#include "qerror.h" +#include "virtio-9p.h" +#include "virtio-9p-chroot.h" + +/* + * Return received file descriptor on success and -errno on failure. + * sock_error is set to 1 whenever there is error in socket IO + */ +static int v9fs_receivefd(int sockfd, int *sock_error) +{ + struct msghdr msg = { }; + struct iovec iov; + union MsgControl msg_control; + struct cmsghdr *cmsg; + int retval, fd; + FdInfo fd_info; + + iov.iov_base = &fd_info; + iov.iov_len = sizeof(fd_info); + + *sock_error = 0; + memset(&msg, 0, sizeof(msg)); + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + msg.msg_control = &msg_control; + msg.msg_controllen = sizeof(msg_control); + + retval = recvmsg(sockfd, &msg, 0); + if (retval < 0) { + *sock_error = 1; + return -EIO; + } + if (fd_info.fi_flags & FI_FD_SOCKERR) { + *sock_error = 1; + return -EIO; + } + /* If fd is invalid, ancillary data is not present */ + if (fd_info.fi_fd < 0 || fd_info.fi_flags & FI_FD_INVALID) { + return fd_info.fi_fd; + } + + for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) { + if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)) || + cmsg->cmsg_level != SOL_SOCKET || + cmsg->cmsg_type != SCM_RIGHTS) { + continue; + } + fd = *((int *)CMSG_DATA(cmsg)); + return fd; + } + *sock_error = 1; + return -EIO; +} + +/* + * V9fsFileObjectRequest is written into the socket by QEMU process. + * Then this request is read by chroot process using v9fs_read_request function + */ +static int v9fs_write_request(int sockfd, V9fsFileObjectRequest *request) +{ + int retval; + retval = qemu_write_full(sockfd, request, sizeof(*request)); + if (retval != sizeof(*request)) { + return -EIO; + } + return 0; +} + +/* + * This patch adds v9fs_receivefd and v9fs_write_request functions, + * but there is no callers. To avoid compiler warning message, + * refer these two functions + */ +void chroot_dummy(void) +{ + (void)v9fs_receivefd; + (void)v9fs_write_request; +} diff --git a/hw/9pfs/virtio-9p-chroot.h b/hw/9pfs/virtio-9p-chroot.h index a5b2a41..bd186dd 100644 --- a/hw/9pfs/virtio-9p-chroot.h +++ b/hw/9pfs/virtio-9p-chroot.h @@ -53,5 +53,6 @@ typedef struct V9fsFileObjectRequest } V9fsFileObjectRequest; int v9fs_chroot(FsContext *fs_ctx); +void chroot_dummy(void); #endif /* _QEMU_VIRTIO_9P_CHROOT_H */
QEMU side interfaces to communicate with chroot daemon process. Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com> --- Makefile.objs | 2 +- hw/9pfs/virtio-9p-chroot-qemu.c | 97 +++++++++++++++++++++++++++++++++++++++ hw/9pfs/virtio-9p-chroot.h | 1 + 3 files changed, 99 insertions(+), 1 deletions(-) create mode 100644 hw/9pfs/virtio-9p-chroot-qemu.c