From: Christian Schoenebeck <qemu_oss@crudebyte.com>
To: qemu-devel@nongnu.org
Cc: Will Cohen <wwcohen@gmail.com>,
Keno Fischer <keno@juliacomputing.com>,
Michael Roitzsch <reactorcontrol@icloud.com>,
hi@alyssa.is, Greg Kurz <groug@kaod.org>
Subject: Re: [PATCH v2 10/11] 9p: darwin: Implement compatibility for mknodat
Date: Fri, 28 Jan 2022 16:15:12 +0100 [thread overview]
Message-ID: <1868804.s9PD02ncGZ@silver> (raw)
In-Reply-To: <CAB26zV3uHf1r9nVUcrcysbvMojHE_Jz5sM941pc_uSSjYNnogg@mail.gmail.com>
On Donnerstag, 27. Januar 2022 22:47:54 CET Will Cohen wrote:
> Back when this was being proposed, the original proposer did file such a
> report to Apple, but we're still in this situation!
Ok, but still, do you find it appropriate to just blindly use a private
syscall that may or may not exist or might change its behaviour at any time
without a user being aware?
I am not opposed to using workarounds at all, but what I worry about is that
Apple might change this in whatever way at any time, and as this sycall is
currently not guarded in this patch at all, we might one day receive bug
reports by macOS users with symptoms that might not immediately be obvious to
relate to this being the root cause.
Options that would come to my mind:
- a test case for this syscall
- a clear runtime error message for ordinary users
Is there a rdar or FB number for the report on Apple's side?
> Replacing clang with gcc in v3.
>
> On Wed, Nov 24, 2021 at 12:20 PM Christian Schoenebeck <
>
> qemu_oss@crudebyte.com> wrote:
> > On Montag, 22. November 2021 01:49:12 CET Will Cohen wrote:
> > > From: Keno Fischer <keno@juliacomputing.com>
> > >
> > > Darwin does not support mknodat. However, to avoid race conditions
> > > with later setting the permissions, we must avoid using mknod on
> > > the full path instead. We could try to fchdir, but that would cause
> > > problems if multiple threads try to call mknodat at the same time.
> > > However, luckily there is a solution: Darwin as an (unexposed in the
> > > C library) system call that sets the cwd for the current thread only.
> > > This should suffice to use mknod safely.
> > >
> > > Signed-off-by: Keno Fischer <keno@juliacomputing.com>
> > > Signed-off-by: Michael Roitzsch <reactorcontrol@icloud.com>
> > > [Will Cohen: - Adjust coding style]
> > > Signed-off-by: Will Cohen <wwcohen@gmail.com>
> > > ---
> > >
> > > hw/9pfs/9p-local.c | 5 +++--
> > > hw/9pfs/9p-util-darwin.c | 33 +++++++++++++++++++++++++++++++++
> > > hw/9pfs/9p-util-linux.c | 5 +++++
> > > hw/9pfs/9p-util.h | 2 ++
> > > 4 files changed, 43 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
> > > index 4268703d05..42b65e143b 100644
> > > --- a/hw/9pfs/9p-local.c
> > > +++ b/hw/9pfs/9p-local.c
> > > @@ -673,7 +673,7 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath
> > > *dir_path,
> > >
> > > if (fs_ctx->export_flags & V9FS_SM_MAPPED ||
> > >
> > > fs_ctx->export_flags & V9FS_SM_MAPPED_FILE) {
> > >
> > > - err = mknodat(dirfd, name, fs_ctx->fmode | S_IFREG, 0);
> > > + err = qemu_mknodat(dirfd, name, fs_ctx->fmode | S_IFREG, 0);
> > >
> > > if (err == -1) {
> > >
> > > goto out;
> > >
> > > }
> > >
> > > @@ -688,7 +688,7 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath
> > > *dir_path, }
> > >
> > > } else if (fs_ctx->export_flags & V9FS_SM_PASSTHROUGH ||
> > >
> > > fs_ctx->export_flags & V9FS_SM_NONE) {
> > >
> > > - err = mknodat(dirfd, name, credp->fc_mode, credp->fc_rdev);
> > > + err = qemu_mknodat(dirfd, name, credp->fc_mode,
> > > credp->fc_rdev);
> > >
> > > if (err == -1) {
> > >
> > > goto out;
> > >
> > > }
> > >
> > > @@ -701,6 +701,7 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath
> > > *dir_path,
> > >
> > > err_end:
> > > unlinkat_preserve_errno(dirfd, name, 0);
> > >
> > > +
> > >
> > > out:
> > > close_preserve_errno(dirfd);
> > > return err;
> > >
> > > diff --git a/hw/9pfs/9p-util-darwin.c b/hw/9pfs/9p-util-darwin.c
> > > index ac414bcbfd..25e67d5067 100644
> > > --- a/hw/9pfs/9p-util-darwin.c
> > > +++ b/hw/9pfs/9p-util-darwin.c
> > >
> > > @@ -158,3 +158,36 @@ done:
> > > close_preserve_errno(fd);
> > > return ret;
> > >
> > > }
> > >
> > > +
> > > +#ifndef SYS___pthread_fchdir
> > > +# define SYS___pthread_fchdir 349
> > > +#endif
> > > +
> > > +/*
> > > + * This is an undocumented OS X syscall. It would be best to avoid it,
> > > + * but there doesn't seem to be another safe way to implement mknodat.
> > > + * Dear Apple, please implement mknodat before you remove this syscall.
> > > + */
> > > +static int fchdir_thread_local(int fd)
> >
> > Hooo, that's a brave move. Shouldn't its future and likely becoming
> > absence be
> > guarded "somehow"? :)
> >
> > BTW it might make sense to file a report instead of hoping Apple will just
> > read this comment: ;-)
> > https://feedbackassistant.apple.com/
> >
> > > +{
> > > +#pragma clang diagnostic push
> > > +#pragma clang diagnostic ignored "-Wdeprecated-declarations"
> > > + return syscall(SYS___pthread_fchdir, fd);
> > > +#pragma clang diagnostic pop
> > > +}
> >
> > Consider s/clang/GCC/ then it would also work with GCC. In the end most
> > people
> > probably just use clang on macOS anyway, but just saying.
> >
> > > +
> > > +int qemu_mknodat(int dirfd, const char *filename, mode_t mode, dev_t
> >
> > dev)
> >
> > > +{
> > > + int preserved_errno, err;
> > > + if (fchdir_thread_local(dirfd) < 0) {
> > > + return -1;
> > > + }
> > > + err = mknod(filename, mode, dev);
> > > + preserved_errno = errno;
> > > + /* Stop using the thread-local cwd */
> > > + fchdir_thread_local(-1);
> > > + if (err < 0) {
> > > + errno = preserved_errno;
> > > + }
> > > + return err;
> > > +}
> > > diff --git a/hw/9pfs/9p-util-linux.c b/hw/9pfs/9p-util-linux.c
> > > index d54bf57a59..4f57d8c047 100644
> > > --- a/hw/9pfs/9p-util-linux.c
> > > +++ b/hw/9pfs/9p-util-linux.c
> > > @@ -68,3 +68,8 @@ int utimensat_nofollow(int dirfd, const char
> > > *filename,
> > >
> > > {
> > >
> > > return utimensat(dirfd, filename, times, AT_SYMLINK_NOFOLLOW);
> > >
> > > }
> > >
> > > +
> > > +int qemu_mknodat(int dirfd, const char *filename, mode_t mode, dev_t
> >
> > dev)
> >
> > > +{
> > > + return mknodat(dirfd, filename, mode, dev);
> > > +}
> > > diff --git a/hw/9pfs/9p-util.h b/hw/9pfs/9p-util.h
> > > index 1c477a0e66..cac682d335 100644
> > > --- a/hw/9pfs/9p-util.h
> > > +++ b/hw/9pfs/9p-util.h
> > > @@ -105,4 +105,6 @@ ssize_t fremovexattrat_nofollow(int dirfd, const
> > > char
> > > *filename, int utimensat_nofollow(int dirfd, const char *filename,
> > >
> > > const struct timespec times[2]);
> > >
> > > +int qemu_mknodat(int dirfd, const char *filename, mode_t mode, dev_t
> >
> > dev);
> >
> > > +
> > >
> > > #endif
Best regards,
Christian Schoenebeck
next prev parent reply other threads:[~2022-01-28 15:18 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-22 0:49 [PATCH v2 00/11] 9p: Add support for darwin Will Cohen
2021-11-22 0:49 ` [PATCH v2 01/11] 9p: linux: Fix a couple Linux assumptions Will Cohen
2021-11-24 12:41 ` Christian Schoenebeck
2021-11-22 0:49 ` [PATCH v2 02/11] 9p: Rename 9p-util -> 9p-util-linux Will Cohen
2021-11-22 0:49 ` [PATCH v2 03/11] 9p: darwin: Handle struct stat(fs) differences Will Cohen
2021-11-24 14:23 ` Christian Schoenebeck
2021-12-01 22:46 ` Will Cohen
2021-12-02 15:35 ` Christian Schoenebeck
2021-11-22 0:49 ` [PATCH v2 04/11] 9p: darwin: Handle struct dirent differences Will Cohen
2021-11-24 14:58 ` Christian Schoenebeck
2021-11-24 15:45 ` Michael Roitzsch
2021-11-24 19:09 ` Christian Schoenebeck
2022-01-27 21:48 ` Will Cohen
2022-01-28 15:48 ` Christian Schoenebeck
2021-11-22 0:49 ` [PATCH v2 05/11] 9p: darwin: Ignore O_{NOATIME, DIRECT} Will Cohen
2021-11-22 0:49 ` [PATCH v2 06/11] 9p: darwin: Compatibility defn for XATTR_SIZE_MAX Will Cohen
2021-11-24 15:44 ` Christian Schoenebeck
2021-11-22 0:49 ` [PATCH v2 07/11] 9p: darwin: *xattr_nofollow implementations Will Cohen
2021-11-22 0:49 ` [PATCH v2 08/11] 9p: darwin: Compatibility for f/l*xattr Will Cohen
2021-11-24 16:20 ` Christian Schoenebeck
2022-01-27 21:47 ` Will Cohen
2021-11-22 0:49 ` [PATCH v2 09/11] 9p: darwin: Provide fallback impl for utimensat Will Cohen
2021-11-24 17:07 ` Christian Schoenebeck
2021-11-22 0:49 ` [PATCH v2 10/11] 9p: darwin: Implement compatibility for mknodat Will Cohen
2021-11-24 17:20 ` Christian Schoenebeck
2022-01-27 21:47 ` Will Cohen
2022-01-28 15:15 ` Christian Schoenebeck [this message]
2022-01-28 18:28 ` Will Cohen
2022-01-31 22:26 ` Will Cohen
2022-02-01 12:44 ` Christian Schoenebeck
2021-11-22 0:49 ` [PATCH v2 11/11] 9p: darwin: meson: Allow VirtFS on Darwin Will Cohen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1868804.s9PD02ncGZ@silver \
--to=qemu_oss@crudebyte.com \
--cc=groug@kaod.org \
--cc=hi@alyssa.is \
--cc=keno@juliacomputing.com \
--cc=qemu-devel@nongnu.org \
--cc=reactorcontrol@icloud.com \
--cc=wwcohen@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).