[PATCH] fs-backend: do not expose file descriptors to frontend

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] fs-backend: do not expose file descriptors to frontend
@ 2008-07-15 18:30 Samuel Thibault
  0 siblings, 0 replies; only message in thread
From: Samuel Thibault @ 2008-07-15 18:30 UTC (permalink / raw)
  To: xen-devel

fs-backend: do not expose file descriptors to frontend

Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>

diff -r 4e17922324d3 tools/fs-back/fs-backend.c
--- a/tools/fs-back/fs-backend.c	Tue Jul 15 18:20:10 2008 +0100
+++ b/tools/fs-back/fs-backend.c	Tue Jul 15 19:31:44 2008 +0100
@@ -200,6 +200,7 @@
     int evt_port;
     pthread_t handling_thread;
     struct fsif_sring *sring;
+    int i;
 
     printf("Handling connection from dom=%d, for export=%d\n", 
             frontend_dom_id, export_id);
@@ -242,6 +243,8 @@
                                     PROT_READ | PROT_WRITE);
     BACK_RING_INIT(&mount->ring, sring, PAGE_SIZE);
     mount->nr_entries = mount->ring.nr_ents; 
+    for (i = 0; i < MAX_FDS; i++)
+        mount->fds[i] = -1;
     xenbus_write_backend_ready(mount);
 
     pthread_create(&handling_thread, NULL, &handle_mount, mount);
diff -r 4e17922324d3 tools/fs-back/fs-backend.h
--- a/tools/fs-back/fs-backend.h	Tue Jul 15 18:20:10 2008 +0100
+++ b/tools/fs-back/fs-backend.h	Tue Jul 15 19:31:44 2008 +0100
@@ -12,6 +12,7 @@
 #define EXPORTS_SUBNODE     "exports"
 #define EXPORTS_NODE        ROOT_NODE"/"EXPORTS_SUBNODE
 #define WATCH_NODE          EXPORTS_NODE"/requests"
+#define MAX_FDS             16
 
 struct fs_export
 {
@@ -45,6 +46,7 @@
     int nr_entries;
     struct fs_request *requests;
     unsigned short *freelist;
+    int fds[MAX_FDS];
 };
 
 
diff -r 4e17922324d3 tools/fs-back/fs-ops.c
--- a/tools/fs-back/fs-ops.c	Tue Jul 15 18:20:10 2008 +0100
+++ b/tools/fs-back/fs-ops.c	Tue Jul 15 19:31:44 2008 +0100
@@ -34,6 +34,16 @@
     mount->requests[id].active = 1;
 
     return id;
+}
+
+int get_fd(struct mount *mount)
+{
+    int i;
+
+    for (i = 0; i < MAX_FDS; i++)
+        if (mount->fds[i] == -1)
+            return i;
+    return -1;
 }
 
 
@@ -61,8 +71,17 @@
            mount->export->export_path, file_name);
     assert(xc_gnttab_munmap(mount->gnth, file_name, 1) == 0);
     printf("Issuing open for %s\n", full_path);
-    fd = open(full_path, O_RDWR);
-    printf("Got FD: %d\n", fd);
+    fd = get_fd(mount);
+    if (fd >= 0) {
+        int real_fd = open(full_path, O_RDWR);
+        if (real_fd < 0)
+            fd = -1;
+        else
+        {
+            mount->fds[fd] = real_fd;
+            printf("Got FD: %d for real %d\n", fd, real_fd);
+        }
+    }
     /* We can advance the request consumer index, from here on, the request
      * should not be used (it may be overrinden by a response) */
     mount->ring.req_cons++;
@@ -86,7 +105,12 @@
     printf("Dispatching file close operation (fd=%d).\n", req->u.fclose.fd);
    
     req_id = req->id;
-    ret = close(req->u.fclose.fd);
+    if (req->u.fclose.fd < MAX_FDS) {
+        int fd = mount->fds[req->u.fclose.fd];
+        ret = close(fd);
+        mount->fds[req->u.fclose.fd] = -1;
+    } else
+        ret = -1;
     printf("Got ret: %d\n", ret);
     /* We can advance the request consumer index, from here on, the request
      * should not be used (it may be overrinden by a response) */
@@ -117,7 +141,12 @@
     req_id = req->id;
     printf("File read issued for FD=%d (len=%"PRIu64", offest=%"PRIu64")\n", 
             req->u.fread.fd, req->u.fread.len, req->u.fread.offset); 
-   
+
+    if (req->u.fread.fd < MAX_FDS)
+        fd = mount->fds[req->u.fread.fd];
+    else
+        fd = -1;
+
     priv_id = get_request(mount, req);
     printf("Private id is: %d\n", priv_id);
     priv_req = &mount->requests[priv_id];
@@ -125,13 +154,13 @@
 
     /* Dispatch AIO read request */
     bzero(&priv_req->aiocb, sizeof(struct aiocb));
-    priv_req->aiocb.aio_fildes = req->u.fread.fd;
+    priv_req->aiocb.aio_fildes = fd;
     priv_req->aiocb.aio_nbytes = req->u.fread.len;
     priv_req->aiocb.aio_offset = req->u.fread.offset;
     priv_req->aiocb.aio_buf = buf;
     assert(aio_read(&priv_req->aiocb) >= 0);
 
-     
+out: 
     /* We can advance the request consumer index, from here on, the request
      * should not be used (it may be overrinden by a response) */
     mount->ring.req_cons++;
@@ -173,6 +202,11 @@
     printf("File write issued for FD=%d (len=%"PRIu64", offest=%"PRIu64")\n", 
             req->u.fwrite.fd, req->u.fwrite.len, req->u.fwrite.offset); 
    
+    if (req->u.fwrite.fd < MAX_FDS)
+        fd = mount->fds[req->u.fwrite.fd];
+    else
+        fd = -1;
+
     priv_id = get_request(mount, req);
     printf("Private id is: %d\n", priv_id);
     priv_req = &mount->requests[priv_id];
@@ -180,7 +214,7 @@
 
     /* Dispatch AIO write request */
     bzero(&priv_req->aiocb, sizeof(struct aiocb));
-    priv_req->aiocb.aio_fildes = req->u.fwrite.fd;
+    priv_req->aiocb.aio_fildes = fd;
     priv_req->aiocb.aio_nbytes = req->u.fwrite.len;
     priv_req->aiocb.aio_offset = req->u.fwrite.offset;
     priv_req->aiocb.aio_buf = buf;
@@ -226,8 +260,12 @@
                                   PROT_WRITE);
    
     req_id = req->id;
-    fd = req->u.fstat.fd;
-    printf("File stat issued for FD=%d\n", fd); 
+    if (req->u.fstat.fd < MAX_FDS)
+        fd = mount->fds[req->u.fstat.fd];
+    else
+        fd = -1;
+
+    printf("File stat issued for FD=%d\n", req->u.fstat.fd); 
    
     /* We can advance the request consumer index, from here on, the request
      * should not be used (it may be overrinden by a response) */
@@ -276,10 +314,14 @@
     int64_t length;
 
     req_id = req->id;
-    fd = req->u.ftruncate.fd;
     length = req->u.ftruncate.length;
-    printf("File truncate issued for FD=%d, length=%"PRId64"\n", fd, length); 
+    printf("File truncate issued for FD=%d, length=%"PRId64"\n", req->u.ftruncate.fd, length); 
    
+    if (req->u.ftruncate.fd < MAX_FDS)
+        fd = mount->fds[req->u.ftruncate.fd];
+    else
+        fd = -1;
+
     /* We can advance the request consumer index, from here on, the request
      * should not be used (it may be overrinden by a response) */
     mount->ring.req_cons++;
@@ -512,7 +554,11 @@
     printf("Dispatching file chmod operation (fd=%d, mode=%o).\n", 
             req->u.fchmod.fd, req->u.fchmod.mode);
     req_id = req->id;
-    fd = req->u.fchmod.fd;
+    if (req->u.fchmod.fd < MAX_FDS)
+        fd = mount->fds[req->u.fchmod.fd];
+    else
+        fd = -1;
+
     mode = req->u.fchmod.mode;
     /* We can advance the request consumer index, from here on, the request
      * should not be used (it may be overrinden by a response) */
@@ -577,8 +623,12 @@
     struct fs_request *priv_req;
 
     req_id = req->id;
-    fd = req->u.fsync.fd;
-    printf("File sync issued for FD=%d\n", fd); 
+    if (req->u.fsync.fd < MAX_FDS)
+        fd = mount->fds[req->u.fsync.fd];
+    else
+        fd = -1;
+
+    printf("File sync issued for FD=%d\n", req->u.fsync.fd); 
    
     priv_id = get_request(mount, req);
     printf("Private id is: %d\n", priv_id);

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2008-07-15 18:30 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-07-15 18:30 [PATCH] fs-backend: do not expose file descriptors to frontend Samuel Thibault

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.