[092/104] virtiofsd: add man page

Message ID	20191212163904.159893-93-dgilbert@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: "Dr. David Alan Gilbert (git)" <dgilbert@redhat.com> To: qemu-devel@nongnu.org, stefanha@redhat.com, vgoyal@redhat.com Subject: [PATCH 092/104] virtiofsd: add man page Date: Thu, 12 Dec 2019 16:38:52 +0000 Message-Id: <20191212163904.159893-93-dgilbert@redhat.com> In-Reply-To: <20191212163904.159893-1-dgilbert@redhat.com> References: <20191212163904.159893-1-dgilbert@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
Series	virtiofs daemon [all] \| expand [000/104] virtiofs daemon [all] [001/104] virtiofsd: Pull in upstream headers [002/104] virtiofsd: Pull in kernel's fuse.h [003/104] virtiofsd: Add auxiliary .c's [004/104] virtiofsd: Add fuse_lowlevel.c [005/104] virtiofsd: Add passthrough_ll [006/104] virtiofsd: Trim down imported files [007/104] virtiofsd: Format imported files to qemu style [008/104] virtiofsd: remove mountpoint dummy argument [009/104] virtiofsd: remove unused notify reply support [010/104] virtiofsd: Fix fuse_daemonize ignored return values [011/104] virtiofsd: Fix common header and define for QEMU builds [012/104] virtiofsd: Trim out compatibility code [013/104] virtiofsd: Make fsync work even if only inode is passed in [014/104] virtiofsd: Add options for virtio [015/104] virtiofsd: add -o source=PATH to help output [016/104] virtiofsd: Open vhost connection instead of mounting [017/104] virtiofsd: Start wiring up vhost-user [018/104] virtiofsd: Add main virtio loop [019/104] virtiofsd: get/set features callbacks [020/104] virtiofsd: Start queue threads [021/104] virtiofsd: Poll kick_fd for queue [022/104] virtiofsd: Start reading commands from queue [023/104] virtiofsd: Send replies to messages [024/104] virtiofsd: Keep track of replies [025/104] virtiofsd: Add Makefile wiring for virtiofsd contrib [026/104] virtiofsd: Fast path for virtio read [027/104] virtiofsd: add --fd=FDNUM fd passing option [028/104] virtiofsd: make -f (foreground) the default [029/104] virtiofsd: add vhost-user.json file [030/104] virtiofsd: add --print-capabilities option [031/104] virtiofs: Add maintainers entry [032/104] virtiofsd: passthrough_ll: create new files in caller's context [033/104] virtiofsd: passthrough_ll: add lo_map for ino/fh indirection [034/104] virtiofsd: passthrough_ll: add ino_map to hide lo_inode pointers [035/104] virtiofsd: passthrough_ll: add dirp_map to hide lo_dirp pointers [036/104] virtiofsd: passthrough_ll: add fd_map to hide file descriptors [037/104] virtiofsd: passthrough_ll: add fallback for racy ops [038/104] virtiofsd: validate path components [039/104] virtiofsd: Plumb fuse_bufvec through to do_write_buf [040/104] virtiofsd: Pass write iov's all the way through [041/104] virtiofsd: add fuse_mbuf_iter API [042/104] virtiofsd: validate input buffer sizes in do_write_buf() [043/104] virtiofsd: check input buffer size in fuse_lowlevel.c ops [044/104] virtiofsd: prevent ".." escape in lo_do_lookup() [045/104] virtiofsd: prevent ".." escape in lo_do_readdir() [046/104] virtiofsd: use /proc/self/fd/ O_PATH file descriptor [047/104] virtiofsd: sandbox mount namespace [048/104] virtiofsd: move to an empty network namespace [049/104] virtiofsd: move to a new pid namespace [050/104] virtiofsd: add seccomp whitelist [051/104] virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV [052/104] virtiofsd: cap-ng helpers [053/104] virtiofsd: Drop CAP_FSETID if client asked for it [054/104] virtiofsd: set maximum RLIMIT_NOFILE limit [055/104] virtiofsd: fix libfuse information leaks [056/104] virtiofsd: add security guide document [057/104] virtiofsd: add --syslog command-line option [058/104] virtiofsd: print log only when priority is high enough [059/104] virtiofsd: Add ID to the log with FUSE_LOG_DEBUG level [060/104] virtiofsd: Add timestamp to the log with FUSE_LOG_DEBUG level [061/104] virtiofsd: Handle reinit [062/104] virtiofsd: Handle hard reboot [063/104] virtiofsd: Kill threads when queues are stopped [064/104] vhost-user: Print unexpected slave message types [065/104] contrib/libvhost-user: Protect slave fd with mutex [066/104] virtiofsd: passthrough_ll: add renameat2 support [067/104] virtiofsd: passthrough_ll: disable readdirplus on cache=never [068/104] virtiofsd: passthrough_ll: control readdirplus [069/104] virtiofsd: rename unref_inode() to unref_inode_lolocked() [070/104] virtiofsd: fail when parent inode isn't known in lo_do_lookup() [071/104] virtiofsd: extract root inode init into setup_root() [072/104] virtiofsd: passthrough_ll: fix refcounting on remove/rename [073/104] virtiofsd: passthrough_ll: clean up cache related options [074/104] virtiofsd: passthrough_ll: use hashtable [075/104] virtiofsd: Clean up inodes on destroy [076/104] virtiofsd: support nanosecond resolution for file timestamp [077/104] virtiofsd: fix error handling in main() [078/104] virtiofsd: cleanup allocated resource in se [079/104] virtiofsd: fix memory leak on lo.source [080/104] virtiofsd: add helper for lo_data cleanup [081/104] virtiofsd: Prevent multiply running with same vhost_user_socket [082/104] virtiofsd: enable PARALLEL_DIROPS during INIT [083/104] virtiofsd: fix incorrect error handling in lo_do_lookup [084/104] Virtiofsd: fix memory leak on fuse queueinfo [085/104] virtiofsd: Support remote posix locks [086/104] virtiofsd: use fuse_lowlevel_is_virtio() in fuse_session_destroy() [087/104] virtiofsd: prevent fv_queue_thread() vs virtio_loop() races [088/104] virtiofsd: make lo_release() atomic [089/104] virtiofsd: prevent races with lo_dirp_put() [090/104] virtiofsd: rename inode->refcount to inode->nlookup [091/104] libvhost-user: Fix some memtable remap cases [092/104] virtiofsd: add man page [093/104] virtiofsd: introduce inode refcount to prevent use-after-free [094/104] virtiofsd: do not always set FUSE_FLOCK_LOCKS [095/104] virtiofsd: convert more fprintf and perror to use fuse log infra [096/104] virtiofsd: Reset O_DIRECT flag during file open [097/104] virtiofsd: Fix data corruption with O_APPEND wirte in writeback mode [098/104] virtiofsd: add definition of fuse_buf_writev() [099/104] virtiofsd: use fuse_buf_writev to replace fuse_buf_write for better performance [100/104] virtiofsd: process requests in a thread pool [101/104] virtiofsd: prevent FUSE_INIT/FUSE_DESTROY races [102/104] virtiofsd: fix lo_destroy() resource leaks [103/104] virtiofsd: add --thread-pool-size=NUM option [104/104] virtiofsd: Convert lo_destroy to take the lo->mutex lock itself [105/104] virtiofsd: Unref old/new inodes with the same mutex lock in lo_rename()

Dr. David Alan Gilbert Dec. 12, 2019, 4:38 p.m. UTC

From: Stefan Hajnoczi <stefanha@redhat.com>

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 Makefile                       |  7 +++
 tools/virtiofsd/virtiofsd.texi | 85 ++++++++++++++++++++++++++++++++++
 2 files changed, 92 insertions(+)
 create mode 100644 tools/virtiofsd/virtiofsd.texi

Liam Merwick Dec. 13, 2019, 2:33 p.m. UTC | #1

On 12/12/2019 16:38, Dr. David Alan Gilbert (git) wrote:
> From: Stefan Hajnoczi <stefanha@redhat.com>
> 
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
>   Makefile                       |  7 +++
>   tools/virtiofsd/virtiofsd.texi | 85 ++++++++++++++++++++++++++++++++++
>   2 files changed, 92 insertions(+)
>   create mode 100644 tools/virtiofsd/virtiofsd.texi
> 

... deleted ...

> +@c man begin EXAMPLES
> +Export @code{/var/lib/fs/vm001/} on vhost-user UNIX domain socket @code{/var/run/vm001-vhost-fs.sock}:
> +
> +@example
> +host# virtiofsd --socket-path=/var/run/vm001-vhost-fs.sock -o source=/var/lib/fs/vm001
> +host# qemu-system-x86_64 \
> +    -chardev socket,id=char0,path=/var/run/vm001-vhost-fs.sock \
> +    -device vhost-user-fs-pci,chardev=char0,tag=myfs \
> +    -object memory-backend-file,id=mem,size=4G,mem-path=/dev/shm,share=on \
> +    -numa node,memdev=mem \
> +    ...
> +guest# mount -t virtio_fs \
> +    -o default_permissions,allow_other,user_id=0,group_id=0,rootmode=040000,dax \
> +    myfs /mnt



Should this be 'mount -t virtiofs myfs /mnt' like on 
https://virtio-fs.gitlab.io/howto-qemu.html ?

otherwise

Reviewed-by: Liam Merwick <liam.merwick@oracle.com>

Dr. David Alan Gilbert Dec. 13, 2019, 3:26 p.m. UTC | #2

* Liam Merwick (liam.merwick@oracle.com) wrote:
> On 12/12/2019 16:38, Dr. David Alan Gilbert (git) wrote:
> > From: Stefan Hajnoczi <stefanha@redhat.com>
> > 
> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> > ---
> >   Makefile                       |  7 +++
> >   tools/virtiofsd/virtiofsd.texi | 85 ++++++++++++++++++++++++++++++++++
> >   2 files changed, 92 insertions(+)
> >   create mode 100644 tools/virtiofsd/virtiofsd.texi
> > 
> 
> ... deleted ...
> 
> > +@c man begin EXAMPLES
> > +Export @code{/var/lib/fs/vm001/} on vhost-user UNIX domain socket @code{/var/run/vm001-vhost-fs.sock}:
> > +
> > +@example
> > +host# virtiofsd --socket-path=/var/run/vm001-vhost-fs.sock -o source=/var/lib/fs/vm001
> > +host# qemu-system-x86_64 \
> > +    -chardev socket,id=char0,path=/var/run/vm001-vhost-fs.sock \
> > +    -device vhost-user-fs-pci,chardev=char0,tag=myfs \
> > +    -object memory-backend-file,id=mem,size=4G,mem-path=/dev/shm,share=on \
> > +    -numa node,memdev=mem \
> > +    ...
> > +guest# mount -t virtio_fs \
> > +    -o default_permissions,allow_other,user_id=0,group_id=0,rootmode=040000,dax \
> > +    myfs /mnt
> 
> 
> 
> Should this be 'mount -t virtiofs myfs /mnt' like on
> https://virtio-fs.gitlab.io/howto-qemu.html ?

It should! The man page still had the old format; thanks for spotting
it.

> otherwise
> 
> Reviewed-by: Liam Merwick <liam.merwick@oracle.com>

Thank you!

Dave

> 
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

Daniel P. Berrangé Jan. 7, 2020, 12:13 p.m. UTC | #3

On Thu, Dec 12, 2019 at 04:38:52PM +0000, Dr. David Alan Gilbert (git) wrote:
> From: Stefan Hajnoczi <stefanha@redhat.com>
> 
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
>  Makefile                       |  7 +++
>  tools/virtiofsd/virtiofsd.texi | 85 ++++++++++++++++++++++++++++++++++
>  2 files changed, 92 insertions(+)
>  create mode 100644 tools/virtiofsd/virtiofsd.texi

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

with some notes at the very end


> diff --git a/Makefile b/Makefile
> index fa15174ba0..53d175d12f 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -357,6 +357,9 @@ DOCS+=docs/qemu-cpu-models.7
>  ifdef CONFIG_VIRTFS
>  DOCS+=fsdev/virtfs-proxy-helper.1
>  endif
> +ifdef CONFIG_LINUX
> +DOCS+=tools/virtiofsd/virtiofsd.1
> +endif
>  ifdef CONFIG_TRACE_SYSTEMTAP
>  DOCS+=scripts/qemu-trace-stap.1
>  endif
> @@ -863,6 +866,9 @@ ifdef CONFIG_VIRTFS
>  	$(INSTALL_DIR) "$(DESTDIR)$(mandir)/man1"
>  	$(INSTALL_DATA) fsdev/virtfs-proxy-helper.1 "$(DESTDIR)$(mandir)/man1"
>  endif
> +ifdef CONFIG_LINUX
> +	$(INSTALL_DATA) tools/virtiofsd/virtiofsd.1 "$(DESTDIR)$(mandir)/man1"
> +endif
>  
>  install-datadir:
>  	$(INSTALL_DIR) "$(DESTDIR)$(qemu_datadir)"
> @@ -1061,6 +1067,7 @@ qemu.1: qemu-doc.texi qemu-options.texi qemu-monitor.texi qemu-monitor-info.texi
>  qemu.1: qemu-option-trace.texi
>  qemu-img.1: qemu-img.texi qemu-option-trace.texi qemu-img-cmds.texi
>  fsdev/virtfs-proxy-helper.1: fsdev/virtfs-proxy-helper.texi
> +tools/virtiofsd/virtiofsd.1: tools/virtiofsd/virtiofsd.texi
>  qemu-nbd.8: qemu-nbd.texi qemu-option-trace.texi
>  docs/qemu-block-drivers.7: docs/qemu-block-drivers.texi
>  docs/qemu-cpu-models.7: docs/qemu-cpu-models.texi
> diff --git a/tools/virtiofsd/virtiofsd.texi b/tools/virtiofsd/virtiofsd.texi
> new file mode 100644
> index 0000000000..eec7fbf4e6
> --- /dev/null
> +++ b/tools/virtiofsd/virtiofsd.texi
> @@ -0,0 +1,85 @@
> +@example
> +@c man begin SYNOPSIS
> +@command{virtiofsd} [OPTION] @option{--socket-path=}@var{path}|@option{--fd=}@var{fdnum} @option{-o source=}@var{path}
> +@c man end
> +@end example
> +
> +@c man begin DESCRIPTION
> +
> +Share a host directory tree with a guest through a virtio-fs device.  This
> +program is a vhost-user backend that implements the virtio-fs device.  Each
> +virtio-fs device instance requires its own virtiofsd process.
> +
> +This program is designed to work with QEMU's @code{--device vhost-user-fs-pci}
> +but should work with any virtual machine monitor (VMM) that supports
> +vhost-user.  See the EXAMPLES section below.
> +
> +This program must be run as the root user.

So there's no way for an unprivileged user to do file sharing like they
can with 9p right now ?

>                                              Upon startup the program will
> +switch into a new file system namespace with the shared directory tree as its
> +root.  This prevents "file system escapes" due to symlinks and other file
> +system objects that might lead to files outside the shared directory.  The
> +program also sandboxes itself using seccomp(2) to prevent ptrace(2) and other
> +vectors that could allow an attacker to compromise the system after gaining
> +control of the virtiofsd process.
> +
> +@c man end
> +
> +@c man begin OPTIONS
> +@table @option
> +@item -h, --help
> +Print help.
> +@item -V, --version
> +Print version.
> +@item -d, -o debug
> +Enable debug output.
> +@item --syslog
> +Print log messages to syslog instead of stderr.
> +@item -o log_level=@var{level}
> +Print only log messages matching @var{level} or more severe.  @var{level} is
> +one of @code{err}, @code{warn}, @code{info}, or @code{debug}.  The default is
> +@var{info}.
> +@item -o source=@var{path}
> +Share host directory tree located at @var{path}.  This option is required.
> +@item --socket-path=@var{path}, -o vhost_user_socket=@var{path}
> +Listen on vhost-user UNIX domain socket at @var{path}.
> +@item --fd=@var{fdnum}
> +Accept connections from vhost-user UNIX domain socket file descriptor @var{fdnum}.  The file descriptor must already be listening for connections.
> +@item --thread-pool-size=@var{num}
> +Restrict the number of worker threads per request queue to @var{num}.  The default is 64.
> +@item --cache=@code{none}|@code{auto}|@code{always}
> +Select the desired trade-off between coherency and performance.  @code{none}
> +forbids the FUSE client from caching to achieve best coherency at the cost of
> +performance.  @code{auto} acts similar to NFS with a 1 second metadata cache
> +timeout.  @code{always} sets a long cache lifetime at the expense of coherency.
> +@item --writeback
> +Enable writeback cache, allowing the FUSE client to buffer and merge write requests.
> +@end table
> +@c man end
> +
> +@c man begin EXAMPLES
> +Export @code{/var/lib/fs/vm001/} on vhost-user UNIX domain socket @code{/var/run/vm001-vhost-fs.sock}:
> +
> +@example
> +host# virtiofsd --socket-path=/var/run/vm001-vhost-fs.sock -o source=/var/lib/fs/vm001
> +host# qemu-system-x86_64 \
> +    -chardev socket,id=char0,path=/var/run/vm001-vhost-fs.sock \
> +    -device vhost-user-fs-pci,chardev=char0,tag=myfs \
> +    -object memory-backend-file,id=mem,size=4G,mem-path=/dev/shm,share=on \
> +    -numa node,memdev=mem \
> +    ...
> +guest# mount -t virtio_fs \
> +    -o default_permissions,allow_other,user_id=0,group_id=0,rootmode=040000,dax \
> +    myfs /mnt
> +@end example
> +@c man end
> +
> +@ignore
> +@setfilename virtiofsd
> +@settitle QEMU virtio-fs shared file system daemon
> +
> +@c man begin AUTHOR

s/AUTHOR/COPYRIGHT/

since this isn't providing any author information.

> +Copyright (C) 2019 Red Hat, Inc.

2019-2020 !

And now insert

 @c man end
 @c man begin LICENSE

> +This is free software; see the source for copying conditions.  There is NO
> +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> +@c man end
> +@end ignore



Regards,
Daniel

Dr. David Alan Gilbert Jan. 9, 2020, 8:02 p.m. UTC | #4

* Daniel P. Berrangé (berrange@redhat.com) wrote:
> On Thu, Dec 12, 2019 at 04:38:52PM +0000, Dr. David Alan Gilbert (git) wrote:
> > From: Stefan Hajnoczi <stefanha@redhat.com>
> > 
> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> > ---
> >  Makefile                       |  7 +++
> >  tools/virtiofsd/virtiofsd.texi | 85 ++++++++++++++++++++++++++++++++++
> >  2 files changed, 92 insertions(+)
> >  create mode 100644 tools/virtiofsd/virtiofsd.texi
> 
> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

Thanks.

> with some notes at the very end

<snip>

> > +@c man begin DESCRIPTION
> > +
> > +Share a host directory tree with a guest through a virtio-fs device.  This
> > +program is a vhost-user backend that implements the virtio-fs device.  Each
> > +virtio-fs device instance requires its own virtiofsd process.
> > +
> > +This program is designed to work with QEMU's @code{--device vhost-user-fs-pci}
> > +but should work with any virtual machine monitor (VMM) that supports
> > +vhost-user.  See the EXAMPLES section below.
> > +
> > +This program must be run as the root user.
> 
> So there's no way for an unprivileged user to do file sharing like they
> can with 9p right now ?

Correct.

(Which also makes it a pain for using in a make check)

> >                                              Upon startup the program will
> > +switch into a new file system namespace with the shared directory tree as its
> > +root.  This prevents "file system escapes" due to symlinks and other file
> > +system objects that might lead to files outside the shared directory.  The
> > +program also sandboxes itself using seccomp(2) to prevent ptrace(2) and other
> > +vectors that could allow an attacker to compromise the system after gaining
> > +control of the virtiofsd process.
> > +
> > +@c man end
> > +
> > +@c man begin OPTIONS
> > +@table @option
> > +@item -h, --help
> > +Print help.
> > +@item -V, --version
> > +Print version.
> > +@item -d, -o debug
> > +Enable debug output.
> > +@item --syslog
> > +Print log messages to syslog instead of stderr.
> > +@item -o log_level=@var{level}
> > +Print only log messages matching @var{level} or more severe.  @var{level} is
> > +one of @code{err}, @code{warn}, @code{info}, or @code{debug}.  The default is
> > +@var{info}.
> > +@item -o source=@var{path}
> > +Share host directory tree located at @var{path}.  This option is required.
> > +@item --socket-path=@var{path}, -o vhost_user_socket=@var{path}
> > +Listen on vhost-user UNIX domain socket at @var{path}.
> > +@item --fd=@var{fdnum}
> > +Accept connections from vhost-user UNIX domain socket file descriptor @var{fdnum}.  The file descriptor must already be listening for connections.
> > +@item --thread-pool-size=@var{num}
> > +Restrict the number of worker threads per request queue to @var{num}.  The default is 64.
> > +@item --cache=@code{none}|@code{auto}|@code{always}
> > +Select the desired trade-off between coherency and performance.  @code{none}
> > +forbids the FUSE client from caching to achieve best coherency at the cost of
> > +performance.  @code{auto} acts similar to NFS with a 1 second metadata cache
> > +timeout.  @code{always} sets a long cache lifetime at the expense of coherency.
> > +@item --writeback
> > +Enable writeback cache, allowing the FUSE client to buffer and merge write requests.
> > +@end table
> > +@c man end
> > +
> > +@c man begin EXAMPLES
> > +Export @code{/var/lib/fs/vm001/} on vhost-user UNIX domain socket @code{/var/run/vm001-vhost-fs.sock}:
> > +
> > +@example
> > +host# virtiofsd --socket-path=/var/run/vm001-vhost-fs.sock -o source=/var/lib/fs/vm001
> > +host# qemu-system-x86_64 \
> > +    -chardev socket,id=char0,path=/var/run/vm001-vhost-fs.sock \
> > +    -device vhost-user-fs-pci,chardev=char0,tag=myfs \
> > +    -object memory-backend-file,id=mem,size=4G,mem-path=/dev/shm,share=on \
> > +    -numa node,memdev=mem \
> > +    ...
> > +guest# mount -t virtio_fs \
> > +    -o default_permissions,allow_other,user_id=0,group_id=0,rootmode=040000,dax \
> > +    myfs /mnt
> > +@end example
> > +@c man end
> > +
> > +@ignore
> > +@setfilename virtiofsd
> > +@settitle QEMU virtio-fs shared file system daemon
> > +
> > +@c man begin AUTHOR
> 
> s/AUTHOR/COPYRIGHT/

OK

> since this isn't providing any author information.
> 
> > +Copyright (C) 2019 Red Hat, Inc.
> 
> 2019-2020 !

Time flies...

> And now insert
> 
>  @c man end
>  @c man begin LICENSE
> 
> > +This is free software; see the source for copying conditions.  There is NO
> > +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> > +@c man end
> > +@end ignore

Hmm, so it ends up like:


@c man end

@ignore
@setfilename virtiofsd
@settitle QEMU virtio-fs shared file system daemon

@c man begin COPYRIGHT
Copyright (C) 2019-2020 Red Hat, Inc.
@c man end
@c man begin LICENSE
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
@c man end
@end ignore


That results in:

COPYRIGHT
       Copyright (C) 2019-2020 Red Hat, Inc.

but with no license printed.
That's from after a make doing a   nroff -man ./tools/virtiofsd/virtiofsd.1 |more

is that what's expected?  I'd expected to see the license somewhere.

Dave
> 
> 
> 
> Regards,
> Daniel
> -- 
> |: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org         -o-            https://fstop138.berrange.com :|
> |: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

Daniel P. Berrangé Jan. 10, 2020, 9:30 a.m. UTC | #5

On Thu, Jan 09, 2020 at 08:02:13PM +0000, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrangé (berrange@redhat.com) wrote:
> > On Thu, Dec 12, 2019 at 04:38:52PM +0000, Dr. David Alan Gilbert (git) wrote:
> > > From: Stefan Hajnoczi <stefanha@redhat.com>
> > > 
> > > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> > > ---
> > >  Makefile                       |  7 +++
> > >  tools/virtiofsd/virtiofsd.texi | 85 ++++++++++++++++++++++++++++++++++
> > >  2 files changed, 92 insertions(+)
> > >  create mode 100644 tools/virtiofsd/virtiofsd.texi
> > 
> > Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
> 
> Thanks.
> 
> > with some notes at the very end
> 
> <snip>
> 
> > > +@c man begin DESCRIPTION
> > > +
> > > +Share a host directory tree with a guest through a virtio-fs device.  This
> > > +program is a vhost-user backend that implements the virtio-fs device.  Each
> > > +virtio-fs device instance requires its own virtiofsd process.
> > > +
> > > +This program is designed to work with QEMU's @code{--device vhost-user-fs-pci}
> > > +but should work with any virtual machine monitor (VMM) that supports
> > > +vhost-user.  See the EXAMPLES section below.
> > > +
> > > +This program must be run as the root user.
> > 
> > So there's no way for an unprivileged user to do file sharing like they
> > can with 9p right now ?
> 
> Correct.
> 
> (Which also makes it a pain for using in a make check)
> 
> > >                                              Upon startup the program will
> > > +switch into a new file system namespace with the shared directory tree as its
> > > +root.  This prevents "file system escapes" due to symlinks and other file
> > > +system objects that might lead to files outside the shared directory.  The
> > > +program also sandboxes itself using seccomp(2) to prevent ptrace(2) and other
> > > +vectors that could allow an attacker to compromise the system after gaining
> > > +control of the virtiofsd process.
> > > +
> > > +@c man end
> > > +
> > > +@c man begin OPTIONS
> > > +@table @option
> > > +@item -h, --help
> > > +Print help.
> > > +@item -V, --version
> > > +Print version.
> > > +@item -d, -o debug
> > > +Enable debug output.
> > > +@item --syslog
> > > +Print log messages to syslog instead of stderr.
> > > +@item -o log_level=@var{level}
> > > +Print only log messages matching @var{level} or more severe.  @var{level} is
> > > +one of @code{err}, @code{warn}, @code{info}, or @code{debug}.  The default is
> > > +@var{info}.
> > > +@item -o source=@var{path}
> > > +Share host directory tree located at @var{path}.  This option is required.
> > > +@item --socket-path=@var{path}, -o vhost_user_socket=@var{path}
> > > +Listen on vhost-user UNIX domain socket at @var{path}.
> > > +@item --fd=@var{fdnum}
> > > +Accept connections from vhost-user UNIX domain socket file descriptor @var{fdnum}.  The file descriptor must already be listening for connections.
> > > +@item --thread-pool-size=@var{num}
> > > +Restrict the number of worker threads per request queue to @var{num}.  The default is 64.
> > > +@item --cache=@code{none}|@code{auto}|@code{always}
> > > +Select the desired trade-off between coherency and performance.  @code{none}
> > > +forbids the FUSE client from caching to achieve best coherency at the cost of
> > > +performance.  @code{auto} acts similar to NFS with a 1 second metadata cache
> > > +timeout.  @code{always} sets a long cache lifetime at the expense of coherency.
> > > +@item --writeback
> > > +Enable writeback cache, allowing the FUSE client to buffer and merge write requests.
> > > +@end table
> > > +@c man end
> > > +
> > > +@c man begin EXAMPLES
> > > +Export @code{/var/lib/fs/vm001/} on vhost-user UNIX domain socket @code{/var/run/vm001-vhost-fs.sock}:
> > > +
> > > +@example
> > > +host# virtiofsd --socket-path=/var/run/vm001-vhost-fs.sock -o source=/var/lib/fs/vm001
> > > +host# qemu-system-x86_64 \
> > > +    -chardev socket,id=char0,path=/var/run/vm001-vhost-fs.sock \
> > > +    -device vhost-user-fs-pci,chardev=char0,tag=myfs \
> > > +    -object memory-backend-file,id=mem,size=4G,mem-path=/dev/shm,share=on \
> > > +    -numa node,memdev=mem \
> > > +    ...
> > > +guest# mount -t virtio_fs \
> > > +    -o default_permissions,allow_other,user_id=0,group_id=0,rootmode=040000,dax \
> > > +    myfs /mnt
> > > +@end example
> > > +@c man end
> > > +
> > > +@ignore
> > > +@setfilename virtiofsd
> > > +@settitle QEMU virtio-fs shared file system daemon
> > > +
> > > +@c man begin AUTHOR
> > 
> > s/AUTHOR/COPYRIGHT/
> 
> OK
> 
> > since this isn't providing any author information.
> > 
> > > +Copyright (C) 2019 Red Hat, Inc.
> > 
> > 2019-2020 !
> 
> Time flies...
> 
> > And now insert
> > 
> >  @c man end
> >  @c man begin LICENSE
> > 
> > > +This is free software; see the source for copying conditions.  There is NO
> > > +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> > > +@c man end
> > > +@end ignore
> 
> Hmm, so it ends up like:
> 
> 
> @c man end
> 
> @ignore
> @setfilename virtiofsd
> @settitle QEMU virtio-fs shared file system daemon
> 
> @c man begin COPYRIGHT
> Copyright (C) 2019-2020 Red Hat, Inc.
> @c man end
> @c man begin LICENSE
> This is free software; see the source for copying conditions.  There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> @c man end
> @end ignore
> 
> 
> That results in:
> 
> COPYRIGHT
>        Copyright (C) 2019-2020 Red Hat, Inc.
> 
> but with no license printed.
> That's from after a make doing a   nroff -man ./tools/virtiofsd/virtiofsd.1 |more
> 
> is that what's expected?  I'd expected to see the license somewhere.

No, that's not expected :-(  It seems my good intentions were killed by
texi2pod.pl which whitelists the permitted section names, and does not
allow "LICENSE" as one of them. Either ignore my suggestion, given that
this bug is pre-existing in all QEMU man pages, or fix texi2pod.pl to
allow LICENSE.

Regards,
Daniel

Dr. David Alan Gilbert Jan. 10, 2020, 11:06 a.m. UTC | #6

* Daniel P. Berrangé (berrange@redhat.com) wrote:
> On Thu, Jan 09, 2020 at 08:02:13PM +0000, Dr. David Alan Gilbert wrote:
> > * Daniel P. Berrangé (berrange@redhat.com) wrote:
> > > On Thu, Dec 12, 2019 at 04:38:52PM +0000, Dr. David Alan Gilbert (git) wrote:
> > > > From: Stefan Hajnoczi <stefanha@redhat.com>
> > > > 
> > > > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> > > > ---
> > > >  Makefile                       |  7 +++
> > > >  tools/virtiofsd/virtiofsd.texi | 85 ++++++++++++++++++++++++++++++++++
> > > >  2 files changed, 92 insertions(+)
> > > >  create mode 100644 tools/virtiofsd/virtiofsd.texi
> > > 
> > > Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
> > 
> > Thanks.
> > 
> > > with some notes at the very end
> > 
> > <snip>
> > 
> > > > +@c man begin DESCRIPTION
> > > > +
> > > > +Share a host directory tree with a guest through a virtio-fs device.  This
> > > > +program is a vhost-user backend that implements the virtio-fs device.  Each
> > > > +virtio-fs device instance requires its own virtiofsd process.
> > > > +
> > > > +This program is designed to work with QEMU's @code{--device vhost-user-fs-pci}
> > > > +but should work with any virtual machine monitor (VMM) that supports
> > > > +vhost-user.  See the EXAMPLES section below.
> > > > +
> > > > +This program must be run as the root user.
> > > 
> > > So there's no way for an unprivileged user to do file sharing like they
> > > can with 9p right now ?
> > 
> > Correct.
> > 
> > (Which also makes it a pain for using in a make check)
> > 
> > > >                                              Upon startup the program will
> > > > +switch into a new file system namespace with the shared directory tree as its
> > > > +root.  This prevents "file system escapes" due to symlinks and other file
> > > > +system objects that might lead to files outside the shared directory.  The
> > > > +program also sandboxes itself using seccomp(2) to prevent ptrace(2) and other
> > > > +vectors that could allow an attacker to compromise the system after gaining
> > > > +control of the virtiofsd process.
> > > > +
> > > > +@c man end
> > > > +
> > > > +@c man begin OPTIONS
> > > > +@table @option
> > > > +@item -h, --help
> > > > +Print help.
> > > > +@item -V, --version
> > > > +Print version.
> > > > +@item -d, -o debug
> > > > +Enable debug output.
> > > > +@item --syslog
> > > > +Print log messages to syslog instead of stderr.
> > > > +@item -o log_level=@var{level}
> > > > +Print only log messages matching @var{level} or more severe.  @var{level} is
> > > > +one of @code{err}, @code{warn}, @code{info}, or @code{debug}.  The default is
> > > > +@var{info}.
> > > > +@item -o source=@var{path}
> > > > +Share host directory tree located at @var{path}.  This option is required.
> > > > +@item --socket-path=@var{path}, -o vhost_user_socket=@var{path}
> > > > +Listen on vhost-user UNIX domain socket at @var{path}.
> > > > +@item --fd=@var{fdnum}
> > > > +Accept connections from vhost-user UNIX domain socket file descriptor @var{fdnum}.  The file descriptor must already be listening for connections.
> > > > +@item --thread-pool-size=@var{num}
> > > > +Restrict the number of worker threads per request queue to @var{num}.  The default is 64.
> > > > +@item --cache=@code{none}|@code{auto}|@code{always}
> > > > +Select the desired trade-off between coherency and performance.  @code{none}
> > > > +forbids the FUSE client from caching to achieve best coherency at the cost of
> > > > +performance.  @code{auto} acts similar to NFS with a 1 second metadata cache
> > > > +timeout.  @code{always} sets a long cache lifetime at the expense of coherency.
> > > > +@item --writeback
> > > > +Enable writeback cache, allowing the FUSE client to buffer and merge write requests.
> > > > +@end table
> > > > +@c man end
> > > > +
> > > > +@c man begin EXAMPLES
> > > > +Export @code{/var/lib/fs/vm001/} on vhost-user UNIX domain socket @code{/var/run/vm001-vhost-fs.sock}:
> > > > +
> > > > +@example
> > > > +host# virtiofsd --socket-path=/var/run/vm001-vhost-fs.sock -o source=/var/lib/fs/vm001
> > > > +host# qemu-system-x86_64 \
> > > > +    -chardev socket,id=char0,path=/var/run/vm001-vhost-fs.sock \
> > > > +    -device vhost-user-fs-pci,chardev=char0,tag=myfs \
> > > > +    -object memory-backend-file,id=mem,size=4G,mem-path=/dev/shm,share=on \
> > > > +    -numa node,memdev=mem \
> > > > +    ...
> > > > +guest# mount -t virtio_fs \
> > > > +    -o default_permissions,allow_other,user_id=0,group_id=0,rootmode=040000,dax \
> > > > +    myfs /mnt
> > > > +@end example
> > > > +@c man end
> > > > +
> > > > +@ignore
> > > > +@setfilename virtiofsd
> > > > +@settitle QEMU virtio-fs shared file system daemon
> > > > +
> > > > +@c man begin AUTHOR
> > > 
> > > s/AUTHOR/COPYRIGHT/
> > 
> > OK
> > 
> > > since this isn't providing any author information.
> > > 
> > > > +Copyright (C) 2019 Red Hat, Inc.
> > > 
> > > 2019-2020 !
> > 
> > Time flies...
> > 
> > > And now insert
> > > 
> > >  @c man end
> > >  @c man begin LICENSE
> > > 
> > > > +This is free software; see the source for copying conditions.  There is NO
> > > > +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> > > > +@c man end
> > > > +@end ignore
> > 
> > Hmm, so it ends up like:
> > 
> > 
> > @c man end
> > 
> > @ignore
> > @setfilename virtiofsd
> > @settitle QEMU virtio-fs shared file system daemon
> > 
> > @c man begin COPYRIGHT
> > Copyright (C) 2019-2020 Red Hat, Inc.
> > @c man end
> > @c man begin LICENSE
> > This is free software; see the source for copying conditions.  There is NO
> > warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> > @c man end
> > @end ignore
> > 
> > 
> > That results in:
> > 
> > COPYRIGHT
> >        Copyright (C) 2019-2020 Red Hat, Inc.
> > 
> > but with no license printed.
> > That's from after a make doing a   nroff -man ./tools/virtiofsd/virtiofsd.1 |more
> > 
> > is that what's expected?  I'd expected to see the license somewhere.
> 
> No, that's not expected :-(  It seems my good intentions were killed by
> texi2pod.pl which whitelists the permitted section names, and does not
> allow "LICENSE" as one of them. Either ignore my suggestion, given that
> this bug is pre-existing in all QEMU man pages, or fix texi2pod.pl to
> allow LICENSE.

OK, I've removed the 'man end/man begin LICENSE' and it now comes out
as:

COPYRIGHT
       Copyright (C) 2019-2020 Red Hat, Inc.

       This is free software; see the source for copying conditions.  There is
       NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
       PURPOSE.

which I think is OK.

Dave

> Regards,
> Daniel
> -- 
> |: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org         -o-            https://fstop138.berrange.com :|
> |: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

[092/104] virtiofsd: add man page

Commit Message

Comments

Patch