Re: [Virtio-fs] [PATCH v7 1/6] virtiofsd: add .ioctl() support

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Vivek Goyal <vgoyal@redhat.com>
To: Jeffle Xu <jefflexu@linux.alibaba.com>
Cc: virtio-fs@redhat.com, joseph.qi@linux.alibaba.com, miklos@szeredi.hu
Subject: Re: [Virtio-fs] [PATCH v7 1/6] virtiofsd: add .ioctl() support
Date: Thu, 9 Dec 2021 14:33:59 -0500	[thread overview]
Message-ID: <YbJaJ90FldHUo1/C@redhat.com> (raw)
In-Reply-To: <20211102055646.103337-2-jefflexu@linux.alibaba.com>

On Tue, Nov 02, 2021 at 01:56:41PM +0800, Jeffle Xu wrote:
> For passthrough, it passes corresponding ioctls to host directly.
> 
> Currently only these ioctls that handling persistent inode flags, i.e.,
> FS_IOC_[G|S]ETFLAGS and FS_IOC_FS[G|S]ETXATTR are supported for security
> concern, though it's implemented in a quite general way, so that we can
> expand the scope of allowed ioctls if it is really needed later.
> 
> Signed-off-by: Jeffle Xu <jefflexu@linux.alibaba.com>
> ---
>  tools/virtiofsd/passthrough_ll.c      | 65 +++++++++++++++++++++++++++
>  tools/virtiofsd/passthrough_seccomp.c |  1 +
>  2 files changed, 66 insertions(+)
> 
> diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
> index b7c1fa71b5..2768497be4 100644
> --- a/tools/virtiofsd/passthrough_ll.c
> +++ b/tools/virtiofsd/passthrough_ll.c
> @@ -47,6 +47,7 @@
>  #include <dirent.h>
>  #include <pthread.h>
>  #include <sys/file.h>
> +#include <sys/ioctl.h>
>  #include <sys/mount.h>
>  #include <sys/prctl.h>
>  #include <sys/resource.h>
> @@ -54,6 +55,7 @@
>  #include <sys/wait.h>
>  #include <sys/xattr.h>
>  #include <syslog.h>
> +#include <linux/fs.h>
>  
>  #include "qemu/cutils.h"
>  #include "passthrough_helpers.h"
> @@ -2188,6 +2190,68 @@ out:
>      fuse_reply_err(req, saverr);
>  }
>  
> +
> +static void lo_ioctl(fuse_req_t req, fuse_ino_t ino, unsigned int cmd,
> +                     void *arg, struct fuse_file_info *fi,
> +                     unsigned flags, const void *in_buf,
> +                     size_t in_bufsz, size_t out_bufsz)
> +{
> +    int res, dir;
> +    int fd = lo_fi_fd(req, fi);
> +    int saverr = ENOSYS;
> +    void *buf = NULL;
> +    size_t size = 0;
> +
> +    fuse_log(FUSE_LOG_DEBUG, "lo_ioctl(ino=%" PRIu64 ", cmd=0x%x, flags=0x%x, "
> +            "in_bufsz = %lu, out_bufsz = %lu)\n",
> +            ino, cmd, flags, in_bufsz, out_bufsz);
> +
> +    if (!(cmd == FS_IOC_SETFLAGS || cmd == FS_IOC_GETFLAGS ||
> +          cmd == FS_IOC_FSSETXATTR || cmd == FS_IOC_FSGETXATTR)) {
> +        goto out;

Good that you allowed only two operations. Still I think people might
have concern about all the inode attrs and whether it is safe to
allow that. For example immutable flag. Now even host can't delete
that file without first clearing that flag. I think it is doable
just that involves extra step.

So we probably might have to block certain attrs if it becomes an
issue or make it configurable.

> +    }
> +
> +    /* unrestricted ioctl is not supported yet */
> +    if (flags & FUSE_IOCTL_UNRESTRICTED) {
> +        goto out;
> +    }
> +
> +    dir = _IOC_DIR(cmd);
> +
> +    if (dir & _IOC_READ) {
> +        size = out_bufsz;
> +        buf = malloc(size);
> +        if (!buf) {
> +            goto out_err;
> +        }
> +
> +        if (dir & _IOC_WRITE) {
> +            memcpy(buf, in_buf, size);
> +        }
> +
> +        res = ioctl(fd, cmd, buf);
> +    } else if (dir & _IOC_WRITE) {
> +        res = ioctl(fd, cmd, in_buf);
> +    } else {
> +        res = ioctl(fd, cmd, arg);
> +    }

I do not understand this if block. So if _IOC_READ and _IOC_WRITE
is not set, then we just send "arg" as third argument. Can you
shed some light on how this third argument works for file attr
flags. I am assuming that "lsattr" will use the _IOC_READ path,
while chattr will use "_IOC_WRITE" path? If that's the case,
as of now third condition is not even required. Until and unless
we are supporting more ioctls.

Thanks
Vivek
> +
> +    if (res < 0) {
> +        goto out_err;
> +    }
> +
> +    fuse_reply_ioctl(req, 0, buf, size);
> +    free(buf);
> +
> +    return;
> +
> +out_err:
> +    saverr = errno;
> +out:
> +    fuse_reply_err(req, saverr);
> +    free(buf);
> +}
> +
>  static void lo_fsyncdir(fuse_req_t req, fuse_ino_t ino, int datasync,
>                          struct fuse_file_info *fi)
>  {
> @@ -3474,6 +3538,7 @@ static struct fuse_lowlevel_ops lo_oper = {
>      .fsyncdir = lo_fsyncdir,
>      .create = lo_create,
>      .getlk = lo_getlk,
> +    .ioctl = lo_ioctl,
>      .setlk = lo_setlk,
>      .open = lo_open,
>      .release = lo_release,
> diff --git a/tools/virtiofsd/passthrough_seccomp.c b/tools/virtiofsd/passthrough_seccomp.c
> index f49ed94b5e..eaed5b151b 100644
> --- a/tools/virtiofsd/passthrough_seccomp.c
> +++ b/tools/virtiofsd/passthrough_seccomp.c
> @@ -62,6 +62,7 @@ static const int syscall_allowlist[] = {
>      SCMP_SYS(gettid),
>      SCMP_SYS(gettimeofday),
>      SCMP_SYS(getxattr),
> +    SCMP_SYS(ioctl),
>      SCMP_SYS(linkat),
>      SCMP_SYS(listxattr),
>      SCMP_SYS(lseek),
> -- 
> 2.27.0
>

next prev parent reply	other threads:[~2021-12-09 19:33 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-02  5:56 [Virtio-fs] [PATCH v7 0/6] virtiofsd: support per inode DAX Jeffle Xu
2021-11-02  5:56 ` [Virtio-fs] [PATCH v7 1/6] virtiofsd: add .ioctl() support Jeffle Xu
2021-12-09 19:33   ` Vivek Goyal [this message]
2021-12-10  2:51     ` JeffleXu
2021-12-13 18:02       ` Vivek Goyal
2021-11-02  5:56 ` [Virtio-fs] [PATCH v7 2/6] virtiofsd: support per inode DAX in fuse protocol Jeffle Xu
2021-11-02  5:56 ` [Virtio-fs] [PATCH v7 3/6] virtiofsd: add 'dax=' option Jeffle Xu
2021-12-09 20:00   ` Vivek Goyal
2021-12-10  3:02     ` JeffleXu
2021-11-02  5:56 ` [Virtio-fs] [PATCH v7 4/6] virtiofsd: negotiate per inode DAX in FUSE_INIT Jeffle Xu
2021-11-02  5:56 ` [Virtio-fs] [PATCH v7 5/6] virtiofsd: implement xflag based dax policy Jeffle Xu
2021-12-09 20:16   ` Vivek Goyal
2021-12-10  3:13     ` JeffleXu
2021-12-09 22:02   ` Vivek Goyal
2021-12-10  3:16     ` JeffleXu
2021-11-02  5:56 ` [Virtio-fs] [PATCH v7 6/6] virtiofsd: implement file size " Jeffle Xu
2021-12-09 21:59   ` Vivek Goyal
2021-12-10  3:21     ` JeffleXu
2021-12-07 14:42 ` [Virtio-fs] [PATCH v7 0/6] virtiofsd: support per inode DAX Vivek Goyal
2021-12-08  1:38   ` JeffleXu
2021-12-08 20:05     ` Vivek Goyal
2021-12-09  1:41       ` JeffleXu
2021-12-10  2:54       ` JeffleXu
2021-12-13 18:03         ` Vivek Goyal
2021-12-14 10:17           ` Miklos Szeredi
2021-12-14 15:51             ` JeffleXu
2021-12-14 16:10               ` Miklos Szeredi
2021-12-15  1:08                 ` JeffleXu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YbJaJ90FldHUo1/C@redhat.com \
    --to=vgoyal@redhat.com \
    --cc=jefflexu@linux.alibaba.com \
    --cc=joseph.qi@linux.alibaba.com \
    --cc=miklos@szeredi.hu \
    --cc=virtio-fs@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.