From: Samuel Thibault <samuel.thibault@eu.citrix.com>
To: xen-devel@lists.xensource.com
Subject: [PATCH] fs-backend: do not expose file descriptors to frontend
Date: Tue, 15 Jul 2008 19:30:29 +0100 [thread overview]
Message-ID: <20080715183029.GE4529@implementation.uk.xensource.com> (raw)
fs-backend: do not expose file descriptors to frontend
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
diff -r 4e17922324d3 tools/fs-back/fs-backend.c
--- a/tools/fs-back/fs-backend.c Tue Jul 15 18:20:10 2008 +0100
+++ b/tools/fs-back/fs-backend.c Tue Jul 15 19:31:44 2008 +0100
@@ -200,6 +200,7 @@
int evt_port;
pthread_t handling_thread;
struct fsif_sring *sring;
+ int i;
printf("Handling connection from dom=%d, for export=%d\n",
frontend_dom_id, export_id);
@@ -242,6 +243,8 @@
PROT_READ | PROT_WRITE);
BACK_RING_INIT(&mount->ring, sring, PAGE_SIZE);
mount->nr_entries = mount->ring.nr_ents;
+ for (i = 0; i < MAX_FDS; i++)
+ mount->fds[i] = -1;
xenbus_write_backend_ready(mount);
pthread_create(&handling_thread, NULL, &handle_mount, mount);
diff -r 4e17922324d3 tools/fs-back/fs-backend.h
--- a/tools/fs-back/fs-backend.h Tue Jul 15 18:20:10 2008 +0100
+++ b/tools/fs-back/fs-backend.h Tue Jul 15 19:31:44 2008 +0100
@@ -12,6 +12,7 @@
#define EXPORTS_SUBNODE "exports"
#define EXPORTS_NODE ROOT_NODE"/"EXPORTS_SUBNODE
#define WATCH_NODE EXPORTS_NODE"/requests"
+#define MAX_FDS 16
struct fs_export
{
@@ -45,6 +46,7 @@
int nr_entries;
struct fs_request *requests;
unsigned short *freelist;
+ int fds[MAX_FDS];
};
diff -r 4e17922324d3 tools/fs-back/fs-ops.c
--- a/tools/fs-back/fs-ops.c Tue Jul 15 18:20:10 2008 +0100
+++ b/tools/fs-back/fs-ops.c Tue Jul 15 19:31:44 2008 +0100
@@ -34,6 +34,16 @@
mount->requests[id].active = 1;
return id;
+}
+
+int get_fd(struct mount *mount)
+{
+ int i;
+
+ for (i = 0; i < MAX_FDS; i++)
+ if (mount->fds[i] == -1)
+ return i;
+ return -1;
}
@@ -61,8 +71,17 @@
mount->export->export_path, file_name);
assert(xc_gnttab_munmap(mount->gnth, file_name, 1) == 0);
printf("Issuing open for %s\n", full_path);
- fd = open(full_path, O_RDWR);
- printf("Got FD: %d\n", fd);
+ fd = get_fd(mount);
+ if (fd >= 0) {
+ int real_fd = open(full_path, O_RDWR);
+ if (real_fd < 0)
+ fd = -1;
+ else
+ {
+ mount->fds[fd] = real_fd;
+ printf("Got FD: %d for real %d\n", fd, real_fd);
+ }
+ }
/* We can advance the request consumer index, from here on, the request
* should not be used (it may be overrinden by a response) */
mount->ring.req_cons++;
@@ -86,7 +105,12 @@
printf("Dispatching file close operation (fd=%d).\n", req->u.fclose.fd);
req_id = req->id;
- ret = close(req->u.fclose.fd);
+ if (req->u.fclose.fd < MAX_FDS) {
+ int fd = mount->fds[req->u.fclose.fd];
+ ret = close(fd);
+ mount->fds[req->u.fclose.fd] = -1;
+ } else
+ ret = -1;
printf("Got ret: %d\n", ret);
/* We can advance the request consumer index, from here on, the request
* should not be used (it may be overrinden by a response) */
@@ -117,7 +141,12 @@
req_id = req->id;
printf("File read issued for FD=%d (len=%"PRIu64", offest=%"PRIu64")\n",
req->u.fread.fd, req->u.fread.len, req->u.fread.offset);
-
+
+ if (req->u.fread.fd < MAX_FDS)
+ fd = mount->fds[req->u.fread.fd];
+ else
+ fd = -1;
+
priv_id = get_request(mount, req);
printf("Private id is: %d\n", priv_id);
priv_req = &mount->requests[priv_id];
@@ -125,13 +154,13 @@
/* Dispatch AIO read request */
bzero(&priv_req->aiocb, sizeof(struct aiocb));
- priv_req->aiocb.aio_fildes = req->u.fread.fd;
+ priv_req->aiocb.aio_fildes = fd;
priv_req->aiocb.aio_nbytes = req->u.fread.len;
priv_req->aiocb.aio_offset = req->u.fread.offset;
priv_req->aiocb.aio_buf = buf;
assert(aio_read(&priv_req->aiocb) >= 0);
-
+out:
/* We can advance the request consumer index, from here on, the request
* should not be used (it may be overrinden by a response) */
mount->ring.req_cons++;
@@ -173,6 +202,11 @@
printf("File write issued for FD=%d (len=%"PRIu64", offest=%"PRIu64")\n",
req->u.fwrite.fd, req->u.fwrite.len, req->u.fwrite.offset);
+ if (req->u.fwrite.fd < MAX_FDS)
+ fd = mount->fds[req->u.fwrite.fd];
+ else
+ fd = -1;
+
priv_id = get_request(mount, req);
printf("Private id is: %d\n", priv_id);
priv_req = &mount->requests[priv_id];
@@ -180,7 +214,7 @@
/* Dispatch AIO write request */
bzero(&priv_req->aiocb, sizeof(struct aiocb));
- priv_req->aiocb.aio_fildes = req->u.fwrite.fd;
+ priv_req->aiocb.aio_fildes = fd;
priv_req->aiocb.aio_nbytes = req->u.fwrite.len;
priv_req->aiocb.aio_offset = req->u.fwrite.offset;
priv_req->aiocb.aio_buf = buf;
@@ -226,8 +260,12 @@
PROT_WRITE);
req_id = req->id;
- fd = req->u.fstat.fd;
- printf("File stat issued for FD=%d\n", fd);
+ if (req->u.fstat.fd < MAX_FDS)
+ fd = mount->fds[req->u.fstat.fd];
+ else
+ fd = -1;
+
+ printf("File stat issued for FD=%d\n", req->u.fstat.fd);
/* We can advance the request consumer index, from here on, the request
* should not be used (it may be overrinden by a response) */
@@ -276,10 +314,14 @@
int64_t length;
req_id = req->id;
- fd = req->u.ftruncate.fd;
length = req->u.ftruncate.length;
- printf("File truncate issued for FD=%d, length=%"PRId64"\n", fd, length);
+ printf("File truncate issued for FD=%d, length=%"PRId64"\n", req->u.ftruncate.fd, length);
+ if (req->u.ftruncate.fd < MAX_FDS)
+ fd = mount->fds[req->u.ftruncate.fd];
+ else
+ fd = -1;
+
/* We can advance the request consumer index, from here on, the request
* should not be used (it may be overrinden by a response) */
mount->ring.req_cons++;
@@ -512,7 +554,11 @@
printf("Dispatching file chmod operation (fd=%d, mode=%o).\n",
req->u.fchmod.fd, req->u.fchmod.mode);
req_id = req->id;
- fd = req->u.fchmod.fd;
+ if (req->u.fchmod.fd < MAX_FDS)
+ fd = mount->fds[req->u.fchmod.fd];
+ else
+ fd = -1;
+
mode = req->u.fchmod.mode;
/* We can advance the request consumer index, from here on, the request
* should not be used (it may be overrinden by a response) */
@@ -577,8 +623,12 @@
struct fs_request *priv_req;
req_id = req->id;
- fd = req->u.fsync.fd;
- printf("File sync issued for FD=%d\n", fd);
+ if (req->u.fsync.fd < MAX_FDS)
+ fd = mount->fds[req->u.fsync.fd];
+ else
+ fd = -1;
+
+ printf("File sync issued for FD=%d\n", req->u.fsync.fd);
priv_id = get_request(mount, req);
printf("Private id is: %d\n", priv_id);
reply other threads:[~2008-07-15 18:30 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080715183029.GE4529@implementation.uk.xensource.com \
--to=samuel.thibault@eu.citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.