From: "M. Mohan Kumar" <mohan@in.ibm.com>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: qemu-devel@nongnu.org, aneesh.kumar@linux.vnet.ibm.com
Subject: Re: [Qemu-devel] [PATCH V2 03/12] hw/9pfs: File system helper process for qemu 9p proxy FS
Date: Wed, 16 Nov 2011 14:21:10 +0530 [thread overview]
Message-ID: <4EC3797E.5090204@in.ibm.com> (raw)
In-Reply-To: <CAJSP0QUfdXJMgQb319pYD3O2SuSH6vSe=ZhzwviO9nZSq7uetg@mail.gmail.com>
Stefan Hajnoczi wrote:
> On Tue, Nov 15, 2011 at 11:57 AM, M. Mohan Kumar<mohan@in.ibm.com> wrote:
>
>> diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
>> new file mode 100644
>> index 0000000..69daf7c
>> --- /dev/null
>> +++ b/fsdev/virtfs-proxy-helper.c
>> @@ -0,0 +1,271 @@
>> +/*
>> + * Helper for QEMU Proxy FS Driver
>> + * Copyright IBM, Corp. 2011
>> + *
>> + * Authors:
>> + * M. Mohan Kumar<mohan@in.ibm.com>
>> + *
>> + * This work is licensed under the terms of the GNU GPL, version 2. See
>> + * the COPYING file in the top-level directory.
>> + */
>> +#include<stdio.h>
>> +#include<sys/socket.h>
>> +#include<string.h>
>> +#include<sys/un.h>
>> +#include<limits.h>
>> +#include<signal.h>
>> +#include<errno.h>
>> +#include<stdlib.h>
>> +#include<sys/resource.h>
>> +#include<sys/stat.h>
>> +#include<getopt.h>
>> +#include<unistd.h>
>> +#include<syslog.h>
>> +#include<sys/prctl.h>
>> +#include<sys/capability.h>
>> +#include<sys/fsuid.h>
>> +#include<stdarg.h>
>> +#include "bswap.h"
>>
> Where is "bswap.h" used and why above<sys/socket.h>?
>
I will fix it
>
>> +#include<sys/socket.h>
>> +#include "qemu-common.h"
>> +#include "virtio-9p-marshal.h"
>> +#include "hw/9pfs/virtio-9p-proxy.h"
>> +
>> +#define PROGNAME "virtfs-proxy-helper"
>> +
>> +static struct option helper_opts[] = {
>> + {"fd", required_argument, NULL, 'f'},
>> + {"path", required_argument, NULL, 'p'},
>> + {"nodaemon", no_argument, NULL, 'n'},
>> +};
>> +
>> +int is_daemon;
>>
> static?
>
> Also, please use the bool type from<stdbool.h>, it makes it easier
> for readers who don't have to guess how the variable works (might be a
> bitfield or reference count too).
>
>
I will fix it.
>> +static int socket_read(int sockfd, void *buff, ssize_t size)
>> +{
>> + int retval;
>> +
>> + do {
>> + retval = read(sockfd, buff, size);
>> + } while (retval< 0&& errno == EINTR);
>> + if (retval != size) {
>> + return -EIO;
>> + }
>>
> Shouldn't this loop until size bytes have been read?
>
>
Ok, I will fix this.
>> + return retval;
>> +}
>> +
>> +static int socket_write(int sockfd, void *buff, ssize_t size)
>> +{
>> + int retval;
>> +
>> + do {
>> + retval = write(sockfd, buff, size);
>> + } while (retval< 0&& errno == EINTR);
>> + if (retval != size) {
>> + return -EIO;
>>
> We could pass the actual -errno here if retval< 0.
>
>
Socket errors are treated fatal and the reason for failures are not used
by the code. When ever there is socket error, helper exits.
>> + }
>> + return retval;
>> +}
>> +
>> +static int read_request(int sockfd, struct iovec *iovec)
>> +{
>> + int retval;
>> + ProxyHeader header;
>> +
>> + /* read the header */
>> + retval = socket_read(sockfd, iovec->iov_base, sizeof(header));
>> + if (retval != sizeof(header)) {
>> + return -EIO;
>> + }
>> + /* unmarshal header */
>> + proxy_unmarshal(iovec, 1, 0, "dd",&header.type,&header.size);
>> + /* read the request */
>> + retval = socket_read(sockfd, iovec->iov_base + sizeof(header), header.size);
>> + if (retval != header.size) {
>> + return -EIO;
>> + }
>> + return header.type;
>> +}
>>
> Size checks are missing and we're trusting what the client sends!
>
Could you please elaborate?
>
>> +
>> +static void usage(char *prog)
>> +{
>> + fprintf(stderr, "usage: %s\n"
>> + " -p|--path<path> 9p path to export\n"
>> + " {-f|--fd<socket-descriptor>} socket file descriptor to be used\n"
>> + " [-n|--nodaemon] Run as a normal program\n",
>> + basename(prog));
>> +}
>> +
>> +static int process_requests(int sock)
>> +{
>> + int type;
>> + struct iovec iovec;
>> +
>> + iovec.iov_base = g_malloc(BUFF_SZ);
>> + iovec.iov_len = BUFF_SZ;
>> + while (1) {
>> + type = read_request(sock,&iovec);
>> + if (type<= 0) {
>> + goto error;
>> + }
>> + }
>> + (void)socket_write;
>> +error:
>> + g_free(iovec.iov_base);
>> + return -1;
>> +}
>> +
>> +int main(int argc, char **argv)
>> +{
>> + int sock;
>> + char rpath[PATH_MAX];
>> + struct stat stbuf;
>> + int c, option_index;
>> +
>> + is_daemon = 1;
>> + rpath[0] = '\0';
>> + sock = -1;
>> + while (1) {
>> + option_index = 0;
>> + c = getopt_long(argc, argv, "p:nh?f:", helper_opts,
>> +&option_index);
>> + if (c == -1) {
>> + break;
>> + }
>> + switch (c) {
>> + case 'p':
>> + strcpy(rpath, optarg);
>>
> Buffer overflow. The whole thing would be simpler like this:
>
> const char *rpath = "";
> [...]
> case 'p':
> rpath = optarg;
> break;
>
>
I will fix it
>> + break;
>> + case 'n':
>> + is_daemon = 0;
>> + break;
>> + case 'f':
>> + sock = atoi(optarg);
>> + break;
>> + case '?':
>> + case 'h':
>> + default:
>> + usage(argv[0]);
>> + return -1;
>>
> The convention is for programs to exit with 1 (EXIT_FAILURE) on error.
>
>
I will fix it.
>> + break;
>> + }
>> + }
>> +
>> + /* Parameter validation */
>> + if (sock == -1 || rpath[0] == '\0') {
>> + fprintf(stderr, "socket descriptor or path not specified\n");
>> + usage(argv[0]);
>> + return -1;
>> + }
>> +
>> + if (lstat(rpath,&stbuf)< 0) {
>> + fprintf(stderr, "invalid path \"%s\" specified?\n", rpath);
>>
> sterror() would provide further details on what went wrong.
>
Ok
>
>> + return -1;
>> + }
>> +
>> + if (!S_ISDIR(stbuf.st_mode)) {
>> + fprintf(stderr, "specified path \"%s\" is not directory\n", rpath);
>> + return -1;
>> + }
>> +
>> + if (is_daemon) {
>> + if (daemon(0, 0)< 0) {
>> + fprintf(stderr, "daemon call failed\n");
>> + return -1;
>> + }
>> + openlog(PROGNAME, LOG_PID, LOG_DAEMON);
>> + }
>> +
>> + do_log(LOG_INFO, "Started");
>> +
>> + if (chroot(rpath)< 0) {
>> + do_perror("chroot");
>> + goto error;
>> + }
>> + umask(0);
>> +
>> + if (init_capabilities()< 0) {
>> + goto error;
>> + }
>> +
>> + process_requests(sock);
>> +error:
>> + do_log(LOG_INFO, "Done");
>> + closelog();
>> + return 0;
>> +}
>> diff --git a/hw/9pfs/virtio-9p-proxy.h b/hw/9pfs/virtio-9p-proxy.h
>> index f5e1a02..120e940 100644
>> --- a/hw/9pfs/virtio-9p-proxy.h
>> +++ b/hw/9pfs/virtio-9p-proxy.h
>> @@ -3,6 +3,16 @@
>>
>> #define BUFF_SZ (4 * 1024)
>>
>> +#define proxy_unmarshal(in_sg, in_elem, offset, fmt, args...) \
>> + v9fs_unmarshal(in_sg, in_elem, offset, 0 /* convert */, fmt, ##args)
>> +#define proxy_marshal(out_sg, out_elem, offset, fmt, args...) \
>> + v9fs_marshal(out_sg, out_elem, offset, 0 /* convert */, fmt, ##args)
>> +
>> +union MsgControl {
>> + struct cmsghdr cmsg;
>> + char control[CMSG_SPACE(sizeof(int))];
>> +};
>>
> This union isn't used in this patch.
>
>
I will fix it.
next prev parent reply other threads:[~2011-11-16 8:53 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-15 11:57 [Qemu-devel] [PATCH V2 00/12] Proxy FS driver for VirtFS M. Mohan Kumar
2011-11-15 11:57 ` [Qemu-devel] [PATCH V2 01/12] hw/9pfs: Move pdu_marshal/unmarshal code to a seperate file M. Mohan Kumar
2011-11-15 11:57 ` [Qemu-devel] [PATCH V2 02/12] hw/9pfs: Add new proxy filesystem driver M. Mohan Kumar
2011-11-15 11:57 ` [Qemu-devel] [PATCH V2 03/12] hw/9pfs: File system helper process for qemu 9p proxy FS M. Mohan Kumar
2011-11-15 14:03 ` Stefan Hajnoczi
2011-11-16 8:51 ` M. Mohan Kumar [this message]
2011-11-16 10:23 ` Stefan Hajnoczi
2011-11-15 11:57 ` [Qemu-devel] [PATCH V2 04/12] hw/9pfs: Open and create files M. Mohan Kumar
2011-11-17 15:46 ` Stefan Hajnoczi
2011-11-15 11:57 ` [Qemu-devel] [PATCH V2 05/12] hw/9pfs: Create other filesystem objects M. Mohan Kumar
2011-11-15 11:57 ` [Qemu-devel] [PATCH V2 06/12] hw/9pfs: Add stat/readlink/statfs for proxy FS M. Mohan Kumar
2011-11-15 11:57 ` [Qemu-devel] [PATCH V2 07/12] hw/9pfs: File ownership and others M. Mohan Kumar
2011-11-15 11:57 ` [Qemu-devel] [PATCH V2 08/12] hw/9pfs: xattr interfaces in proxy filesystem driver M. Mohan Kumar
2011-11-15 11:57 ` [Qemu-devel] [PATCH V2 09/12] hw/9pfs: Proxy getversion M. Mohan Kumar
2011-11-15 11:57 ` [Qemu-devel] [PATCH V2 10/12] hw/9pfs: Documentation changes related to proxy fs M. Mohan Kumar
2011-11-15 11:57 ` [Qemu-devel] [PATCH V2 11/12] hw/9pfs: man page for proxy helper M. Mohan Kumar
2011-11-15 11:57 ` [Qemu-devel] [PATCH V2 12/12] hw/9pfs: Add support to use named socket for proxy FS M. Mohan Kumar
2011-11-15 11:57 ` [Qemu-devel] [PATCH 00/12] Proxy FS driver for VirtFS M. Mohan Kumar
2011-11-15 12:09 ` [Qemu-devel] [PATCH V2 " M. Mohan Kumar
2011-11-17 16:00 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EC3797E.5090204@in.ibm.com \
--to=mohan@in.ibm.com \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.