All of lore.kernel.org
 help / color / mirror / Atom feed
From: Stefan Hajnoczi <stefanha@redhat.com>
To: "Philippe Mathieu-Daudé" <philmd@linaro.org>
Cc: Shu-Chun Weng <scw@google.com>, Helge Deller <deller@gmx.de>,
	qemu-devel@nongnu.org, Laurent Vivier <laurent@vivier.eu>,
	Richard Henderson <richard.henderson@linaro.org>,
	Samuel Thibault <samuel.thibault@ens-lyon.org>,
	Jonah Petri <jonah@petri.us>,
	Edoardo Spadolini <edoardo.spadolini@gmail.com>,
	Thomas Huth <thuth@redhat.com>
Subject: Re: [PATCH 2/2] linux-user: Fix openat() emulation to not modify atime
Date: Mon, 4 Dec 2023 10:34:38 -0500	[thread overview]
Message-ID: <20231204153438.GG1492005@fedora> (raw)
In-Reply-To: <4f149724-37f6-4e7f-95ef-61e3d4f0c3f8@linaro.org>

[-- Attachment #1: Type: text/plain, Size: 4345 bytes --]

On Mon, Dec 04, 2023 at 02:39:24PM +0100, Philippe Mathieu-Daudé wrote:
> Hi Laurent, Helge, Richard,
> 
> On 1/12/23 19:51, Shu-Chun Weng wrote:
> > On Fri, Dec 1, 2023 at 4:42 AM Philippe Mathieu-Daudé <philmd@linaro.org
> > <mailto:philmd@linaro.org>> wrote:
> > 
> >     Hi Shu-Chun,
> > 
> >     On 1/12/23 04:21, Shu-Chun Weng wrote:
> >      > Commit b8002058 strengthened openat()'s /proc detection by calling
> >      > realpath(3) on the given path, which allows various paths and
> >     symlinks
> >      > that points to the /proc file system to be intercepted correctly.
> >      >
> >      > Using realpath(3), though, has a side effect that it reads the
> >     symlinks
> >      > along the way, and thus changes their atime. The results in the
> >      > following code snippet already get ~now instead of the real atime:
> >      >
> >      >    int fd = open("/path/to/a/symlink", O_PATH | O_NOFOLLOW);
> >      >    struct stat st;
> >      >    fstat(fd, st);
> >      >    return st.st_atime;
> >      >
> >      > This change opens a path that doesn't appear to be part of /proc
> >      > directly and checks the destination of /proc/self/fd/n to
> >     determine if
> >      > it actually refers to a file in /proc.
> >      >
> >      > Neither this nor the existing code works with symlinks or
> >     indirect paths
> >      > (e.g.  /tmp/../proc/self/exe) that points to /proc/self/exe
> >     because it
> >      > is itself a symlink, and both realpath(3) and /proc/self/fd/n will
> >      > resolve into the location of QEMU.
> > 
> >     Does this fix any of the following issues?
> >     https://gitlab.com/qemu-project/qemu/-/issues/829
> >     <https://gitlab.com/qemu-project/qemu/-/issues/829>
> > 
> > 
> > Not this one -- this is purely in the logic of util/path.c, which we do
> > see and carry an internal patch. It's quite a behavior change so we
> > never upstreamed it.
> > 
> >     https://gitlab.com/qemu-project/qemu/-/issues/927
> >     <https://gitlab.com/qemu-project/qemu/-/issues/927>
> > 
> > 
> > No, either. This patch only touches the path handling, not how files are
> > opened.
> > 
> >     https://gitlab.com/qemu-project/qemu/-/issues/2004
> >     <https://gitlab.com/qemu-project/qemu/-/issues/2004>
> > 
> > 
> > Yes! Though I don't have a toolchain for HPPA or any of the
> > architectures intercepting /proc/cpuinfo handy, I hacked the condition
> > and confirmed that on 7.1 and 8.2, test.c as attached in the bug prints
> > out the host cpuinfo while with this patch, it prints out the content
> > generated by `open_cpuinfo()`.
> > 
> > 
> > 
> >      > Signed-off-by: Shu-Chun Weng <scw@google.com <mailto:scw@google.com>>
> > 
> > 
> > Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2004
> > <https://gitlab.com/qemu-project/qemu/-/issues/2004>
> 
> Do we need to merge this for 8.2?

Please assign release blocker issues to the 8.2 milestone so that are
tracked:
https://gitlab.com/qemu-project/qemu/-/milestones/10

Thanks,
Stefan

> 
> > 
> >      > ---
> >      >   linux-user/syscall.c | 42
> >     +++++++++++++++++++++++++++++++++---------
> >      >   1 file changed, 33 insertions(+), 9 deletions(-)
> > 
> > 
> > On Fri, Dec 1, 2023 at 9:09 AM Helge Deller <deller@gmx.de
> > <mailto:deller@gmx.de>> wrote:
> > 
> >     On 12/1/23 04:21, Shu-Chun Weng wrote:
> >      > Commit b8002058 strengthened openat()'s /proc detection by calling
> >      > realpath(3) on the given path, which allows various paths and
> >     symlinks
> >      > that points to the /proc file system to be intercepted correctly.
> >      >
> >      > Using realpath(3), though, has a side effect that it reads the
> >     symlinks
> >      > along the way, and thus changes their atime.
> > 
> >     Ah, ok. I didn't thought of that side effect when I came up with the
> >     patch.
> >     Does the updated atimes trigger some real case issue ?
> > 
> > 
> > We have an internal library shimming the underlying filesystem that uses
> > the `open(O_PATH|O_NOFOLLOW)`+`fstat()` pattern for all file stats.
> > Checking symlink atime is in one of the unittests, though I don't know
> > if production ever uses it.
> > 
> > 
> >     Helge
> > 
> 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

  reply	other threads:[~2023-12-04 15:35 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-01  3:21 [PATCH 0/2] linux-user: openat() fixes Shu-Chun Weng
2023-12-01  3:21 ` [PATCH 1/2] linux-user: Define TARGET_O_LARGEFILE for aarch64 Shu-Chun Weng
2023-12-01 12:38   ` [PATCH-for-8.2? " Philippe Mathieu-Daudé
2023-12-03 13:28   ` [PATCH " Laurent Vivier
2023-12-01  3:21 ` [PATCH 2/2] linux-user: Fix openat() emulation to not modify atime Shu-Chun Weng
2023-12-01 12:42   ` Philippe Mathieu-Daudé
2023-12-01 18:51     ` Shu-Chun Weng
2023-12-04 13:39       ` Philippe Mathieu-Daudé
2023-12-04 15:34         ` Stefan Hajnoczi [this message]
2023-12-01 17:09   ` Helge Deller
2023-12-04 16:58   ` Daniel P. Berrangé
2023-12-08 20:52     ` Shu-Chun Weng

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231204153438.GG1492005@fedora \
    --to=stefanha@redhat.com \
    --cc=deller@gmx.de \
    --cc=edoardo.spadolini@gmail.com \
    --cc=jonah@petri.us \
    --cc=laurent@vivier.eu \
    --cc=philmd@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=richard.henderson@linaro.org \
    --cc=samuel.thibault@ens-lyon.org \
    --cc=scw@google.com \
    --cc=thuth@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.