From: "M. Mohan Kumar" <mohan@in.ibm.com>
To: qemu-devel@nongnu.org, Anthony Liguori <anthony@codemonkey.ws>,
Stefan Hajnoczi <stefanha@gmail.com>
Subject: [Qemu-devel] [PATCH V12 04/15] hw/9pfs: qemu interfaces for chroot environment
Date: Mon, 5 Sep 2011 21:48:25 +0530 [thread overview]
Message-ID: <1315239516-4451-5-git-send-email-mohan@in.ibm.com> (raw)
In-Reply-To: <1315239516-4451-1-git-send-email-mohan@in.ibm.com>
QEMU side interfaces to communicate with chroot worker process.
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
[malahal@us.ibm.com: Handle when qemu process can not receive fd because
it already reached max fds]
---
Makefile.objs | 2 +-
hw/9pfs/virtio-9p-chroot.c | 103 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 104 insertions(+), 1 deletions(-)
create mode 100644 hw/9pfs/virtio-9p-chroot.c
diff --git a/Makefile.objs b/Makefile.objs
index 01e9350..fa8a755 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -308,7 +308,7 @@ hw-obj-$(CONFIG_SOUND) += $(sound-obj-y)
9pfs-nested-$(CONFIG_VIRTFS) += virtio-9p-coth.o cofs.o codir.o cofile.o
9pfs-nested-$(CONFIG_VIRTFS) += coxattr.o virtio-9p-handle.o
9pfs-nested-$(CONFIG_VIRTFS) += virtio-9p-synth.o
-9pfs-nested-$(CONFIG_VIRTFS) += virtio-9p-chroot-worker.o
+9pfs-nested-$(CONFIG_VIRTFS) += virtio-9p-chroot-worker.o virtio-9p-chroot.o
hw-obj-$(CONFIG_REALLY_VIRTFS) += $(addprefix 9pfs/, $(9pfs-nested-y))
$(addprefix 9pfs/, $(9pfs-nested-y)): QEMU_CFLAGS+=$(GLIB_CFLAGS)
diff --git a/hw/9pfs/virtio-9p-chroot.c b/hw/9pfs/virtio-9p-chroot.c
new file mode 100644
index 0000000..63de410
--- /dev/null
+++ b/hw/9pfs/virtio-9p-chroot.c
@@ -0,0 +1,103 @@
+/*
+ * Virtio 9p chroot environment for contained access to exported path
+ * Code handles qemu side interfaces to communicate with chroot worker process
+ * Copyright IBM, Corp. 2011
+ *
+ * Authors:
+ * M. Mohan Kumar <mohan@in.ibm.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the copying file in the top-level directory
+ *
+ */
+
+#include <sys/fsuid.h>
+#include <sys/resource.h>
+#include <signal.h>
+#include "qemu_socket.h"
+#include "qemu-thread.h"
+#include "qerror.h"
+#include "virtio-9p.h"
+#include "virtio-9p-chroot.h"
+
+/*
+ * Return received file descriptor on success and -errno on failure.
+ * sock_error is set to 1 whenever there is error in socket IO
+ */
+static int v9fs_receivefd(int sockfd, int *sock_error)
+{
+ struct msghdr msg = { };
+ struct iovec iov;
+ union MsgControl msg_control;
+ struct cmsghdr *cmsg;
+ int retval, data, fd;
+
+ iov.iov_base = &data;
+ iov.iov_len = sizeof(data);
+
+ *sock_error = 0;
+ memset(&msg, 0, sizeof(msg));
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_control = &msg_control;
+ msg.msg_controllen = sizeof(msg_control);
+
+ do {
+ retval = recvmsg(sockfd, &msg, 0);
+ } while (retval < 0 && errno == EINTR);
+ if (retval <= 0) {
+ *sock_error = 1;
+ return -EIO;
+ }
+
+ /*
+ * data is set to V9FS_FD_VALID, if ancillary data is sent. If this
+ * request doesn't need ancillary data (fd) or an error occurred,
+ * data is set to negative errno value.
+ */
+ if (data != V9FS_FD_VALID) {
+ return data;
+ }
+
+ /*
+ * File descriptor (fd) is sent in the ancillary data. Check if we
+ * indeed received it. One of the reasons to fail to receive it is if
+ * we exceeded the maximum number of file descriptors!
+ */
+ for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+ if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)) ||
+ cmsg->cmsg_level != SOL_SOCKET ||
+ cmsg->cmsg_type != SCM_RIGHTS) {
+ continue;
+ }
+ fd = *((int *)CMSG_DATA(cmsg));
+ return fd;
+ }
+
+ return -ENFILE; /* Ancillary data sent but not received */
+}
+
+/*
+ * V9fsFileObjectRequest is written into the socket by QEMU process.
+ * Then this request is read by chroot process using v9fs_read_request function
+ */
+static int v9fs_write_request(int sockfd, V9fsFileObjectRequest *request)
+{
+ int retval;
+ retval = qemu_write_full(sockfd, request, sizeof(*request));
+ if (retval != sizeof(*request)) {
+ return -EIO;
+ }
+ return 0;
+}
+
+/*
+ * This patch adds v9fs_receivefd and v9fs_write_request functions,
+ * but there is no caller. To avoid compiler warning message,
+ * refer these two functions
+ */
+void chroot_dummy(void)
+{
+ (void)v9fs_receivefd;
+ (void)v9fs_write_request;
+}
--
1.7.6
next prev parent reply other threads:[~2011-09-05 16:18 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-05 16:18 [Qemu-devel] [PATCH V12 00/15] virtio-9p: chroot environment for passthrough security model M. Mohan Kumar
2011-09-05 16:18 ` [Qemu-devel] [PATCH V12 01/15] Implement qemu_read_full M. Mohan Kumar
2011-09-05 17:57 ` malc
2011-09-05 16:18 ` [Qemu-devel] [PATCH V12 02/15] hw/9pfs: Enable CONFIG_THREAD if CONFIG_VIRTFS is enabled M. Mohan Kumar
2011-09-05 16:18 ` [Qemu-devel] [PATCH V12 03/15] hw/9pfs: Provide chroot worker side interfaces M. Mohan Kumar
2011-09-05 16:18 ` M. Mohan Kumar [this message]
2011-09-05 16:18 ` [Qemu-devel] [PATCH V12 05/15] hw/9pfs: Support for opening a file in chroot environment M. Mohan Kumar
2011-09-05 16:18 ` [Qemu-devel] [PATCH V12 06/15] hw/9pfs: Create support " M. Mohan Kumar
2011-09-05 16:18 ` [Qemu-devel] [PATCH V12 07/15] hw/9pfs: Creating special files " M. Mohan Kumar
2011-09-05 16:18 ` [Qemu-devel] [PATCH V12 08/15] hw/9pfs: Removing file or directory " M. Mohan Kumar
2011-09-05 16:18 ` [Qemu-devel] [PATCH V12 09/15] hw/9pfs: Rename " M. Mohan Kumar
2011-09-05 16:18 ` [Qemu-devel] [PATCH V12 10/15] hw/9pfs: Move file post creation changes to none security model M. Mohan Kumar
2011-09-05 16:18 ` [Qemu-devel] [PATCH V12 11/15] hw/9pfs: chmod in chroot environment M. Mohan Kumar
2011-09-05 16:18 ` [Qemu-devel] [PATCH V12 12/15] hw/9pfs: chown " M. Mohan Kumar
2011-09-05 16:18 ` [Qemu-devel] [PATCH V12 13/15] hw/9pfs: stat " M. Mohan Kumar
2011-09-05 16:18 ` [Qemu-devel] [PATCH V12 14/15] hw/9pfs: readlink " M. Mohan Kumar
2011-09-05 16:18 ` [Qemu-devel] [PATCH V12 15/15] hw/9pfs: Chroot environment for other functions M. Mohan Kumar
2011-09-06 14:48 ` [Qemu-devel] [PATCH V12 00/15] virtio-9p: chroot environment for passthrough security model Stefan Hajnoczi
2011-09-06 14:49 ` Stefan Hajnoczi
2011-09-12 14:15 ` M. Mohan Kumar
2011-09-12 16:23 ` Daniel P. Berrange
2011-09-13 6:29 ` M. Mohan Kumar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1315239516-4451-5-git-send-email-mohan@in.ibm.com \
--to=mohan@in.ibm.com \
--cc=anthony@codemonkey.ws \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).