From: Anthony Liguori <aliguori@linux.vnet.ibm.com>
To: "Venkateswararao Jujjuri (JV)" <jvrao@linux.vnet.ibm.com>
Cc: aliguori@us.ibm.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH -V3 5/7] virtio-9p: Implemented security model for symlink and link.
Date: Mon, 24 May 2010 15:13:39 -0500 [thread overview]
Message-ID: <4BFADDF3.4010901@linux.vnet.ibm.com> (raw)
In-Reply-To: <1274477170-7658-6-git-send-email-jvrao@linux.vnet.ibm.com>
On 05/21/2010 04:26 PM, Venkateswararao Jujjuri (JV) wrote:
> Signed-off-by: Venkateswararao Jujjuri<jvrao@linux.vnet.ibm.com>
> ---
> hw/file-op-9p.h | 4 +-
> hw/virtio-9p-local.c | 87 +++++++++++++++++++++++++++++++++++++++----------
> hw/virtio-9p.c | 24 ++++++++++----
> 3 files changed, 88 insertions(+), 27 deletions(-)
>
> diff --git a/hw/file-op-9p.h b/hw/file-op-9p.h
> index 752fbad..0a9c10a 100644
> --- a/hw/file-op-9p.h
> +++ b/hw/file-op-9p.h
> @@ -54,8 +54,8 @@ typedef struct FileOperations
> int (*mknod)(FsContext *, const char *, FsCred *);
> int (*utime)(FsContext *, const char *, const struct utimbuf *);
> int (*remove)(FsContext *, const char *);
> - int (*symlink)(FsContext *, const char *, const char *);
> - int (*link)(FsContext *, const char *, const char *);
> + int (*symlink)(FsContext *, const char *, const char *, FsCred *);
> + int (*link)(FsContext *, const char *, const char *, FsCred *);
> int (*setuid)(FsContext *, uid_t);
> int (*close)(FsContext *, int);
> int (*closedir)(FsContext *, DIR *);
> diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c
> index bfcd695..ca0f065 100644
> --- a/hw/virtio-9p-local.c
> +++ b/hw/virtio-9p-local.c
> @@ -64,12 +64,25 @@ static int local_set_xattr(const char *path, FsCred *credp)
> }
> }
> return 0;
> - }
> +}
>
> -static ssize_t local_readlink(FsContext *ctx, const char *path,
> - char *buf, size_t bufsz)
> +static ssize_t local_readlink(FsContext *fs_ctx, const char *path,
> + char *buf, size_t bufsz)
> {
> - return readlink(rpath(ctx, path), buf, bufsz);
> + ssize_t tsize = -1;
> + if (fs_ctx->fs_sm == sm_mapped) {
> + int fd;
> + fd = open(rpath(fs_ctx, path), O_RDONLY);
> + if (fd == -1) {
> + return -1;
> + }
> + tsize = read(fd, (void *)buf, bufsz);
> + close(fd);
> + return tsize;
> + } else if (fs_ctx->fs_sm == sm_passthrough) {
> + tsize = readlink(rpath(fs_ctx, path), buf, bufsz);
> + }
> + return tsize;
> }
>
> static int local_close(FsContext *ctx, int fd)
> @@ -247,32 +260,70 @@ err_end:
> return err;
> }
>
> -static int local_symlink(FsContext *ctx, const char *oldpath,
> - const char *newpath)
> +
> +static int local_symlink(FsContext *fs_ctx, const char *oldpath,
> + const char *newpath, FsCred *credp)
> {
> - return symlink(oldpath, rpath(ctx, newpath));
> + int err = -1;
> + /* Determine the security model */
> + if (fs_ctx->fs_sm == sm_mapped) {
> + int fd;
> + ssize_t oldpath_size, write_size;
> + fd = open(rpath(fs_ctx, newpath), O_CREAT|O_EXCL|O_RDWR,
> + SM_LOCAL_MODE_BITS);
> + if (fd == -1) {
> + return fd;
> + }
> + /* Write the oldpath (target) to the file. */
> + oldpath_size = strlen(oldpath) + 1;
> + write_size = write(fd, (void *)oldpath, oldpath_size);
>
Signals are pretty frequent in qemu so not handling EINTR is asking for
trouble.
Regards,
Anthony Liguori
> + if (write_size != oldpath_size) {
> + close(fd);
> + err = -1;
> + goto err_end;
> + }
> + close(fd);
> + /* Set cleint credentials in symlink's xattr */
> + credp->fc_mode = credp->fc_mode|S_IFLNK;
> + err = local_set_xattr(rpath(fs_ctx, newpath), credp);
> + if (err == -1) {
> + goto err_end;
> + }
> + } else if (fs_ctx->fs_sm == sm_passthrough) {
> + err = symlink(oldpath, rpath(fs_ctx, newpath));
> + if (err) {
> + return err;
> + }
> + err = chmod(rpath(fs_ctx, newpath), credp->fc_mode& 07777);
> + if (err == -1) {
> + goto err_end;
> + }
> + err = chown(rpath(fs_ctx, newpath), credp->fc_uid, credp->fc_gid);
> + if (err == -1) {
> + goto err_end;
> + }
> + }
> + return err;
> +
> +err_end:
> + remove(rpath(fs_ctx, newpath));
> + return err;
> }
>
> -static int local_link(FsContext *ctx, const char *oldpath, const char *newpath)
> +static int local_link(FsContext *fs_ctx, const char *oldpath,
> + const char *newpath, FsCred *credp)
> {
> - char *tmp = qemu_strdup(rpath(ctx, oldpath));
> - int err, serrno = 0;
> + char *tmp = qemu_strdup(rpath(fs_ctx, oldpath));
> + int err;
>
> if (tmp == NULL) {
> return -ENOMEM;
> }
>
> - err = link(tmp, rpath(ctx, newpath));
> - if (err == -1) {
> - serrno = errno;
> - }
> + err = link(tmp, rpath(fs_ctx, newpath));
>
> qemu_free(tmp);
>
> - if (err == -1) {
> - errno = serrno;
> - }
> -
> return err;
> }
>
> diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
> index 30f649d..fbc846b 100644
> --- a/hw/virtio-9p.c
> +++ b/hw/virtio-9p.c
> @@ -197,15 +197,25 @@ static int v9fs_do_open2(V9fsState *s, V9fsCreateState *vs)
> return s->ops->open2(&s->ctx, vs->fullname.data, flags,&cred);
> }
>
> -static int v9fs_do_symlink(V9fsState *s, V9fsString *oldpath,
> - V9fsString *newpath)
> +static int v9fs_do_symlink(V9fsState *s, V9fsCreateState *vs)
> {
> - return s->ops->symlink(&s->ctx, oldpath->data, newpath->data);
> + FsCred cred;
> + cred_init(&cred);
> + cred.fc_uid = vs->fidp->uid;
> + cred.fc_mode = vs->perm | 0777;
> +
> + return s->ops->symlink(&s->ctx, vs->extension.data, vs->fullname.data,
> +&cred);
> }
>
> -static int v9fs_do_link(V9fsState *s, V9fsString *oldpath, V9fsString *newpath)
> +static int v9fs_do_link(V9fsState *s, V9fsFidState *nfidp, V9fsCreateState *vs)
> {
> - return s->ops->link(&s->ctx, oldpath->data, newpath->data);
> + FsCred cred;
> + cred_init(&cred);
> + cred.fc_uid = nfidp->uid;
> + cred.fc_mode = vs->perm& 0777;
> +
> + return s->ops->link(&s->ctx, nfidp->path.data, vs->fullname.data,&cred);
> }
>
> static int v9fs_do_truncate(V9fsState *s, V9fsString *path, off_t size)
> @@ -1782,7 +1792,7 @@ static void v9fs_create_post_lstat(V9fsState *s, V9fsCreateState *vs, int err)
> err = v9fs_do_mkdir(s, vs);
> v9fs_create_post_mkdir(s, vs, err);
> } else if (vs->perm& P9_STAT_MODE_SYMLINK) {
> - err = v9fs_do_symlink(s,&vs->extension,&vs->fullname);
> + err = v9fs_do_symlink(s, vs);
> v9fs_create_post_perms(s, vs, err);
> } else if (vs->perm& P9_STAT_MODE_LINK) {
> int32_t nfid = atoi(vs->extension.data);
> @@ -1791,7 +1801,7 @@ static void v9fs_create_post_lstat(V9fsState *s, V9fsCreateState *vs, int err)
> err = -errno;
> v9fs_post_create(s, vs, err);
> }
> - err = v9fs_do_link(s,&nfidp->path,&vs->fullname);
> + err = v9fs_do_link(s, nfidp, vs);
> v9fs_create_post_perms(s, vs, err);
> } else if (vs->perm& P9_STAT_MODE_DEVICE) {
> char ctype;
>
next prev parent reply other threads:[~2010-05-24 20:14 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-21 21:26 [Qemu-devel] [PATCH-V2 0/7] virtio-9p:Introducing security model for VirtFS Venkateswararao Jujjuri (JV)
2010-05-21 21:26 ` [Qemu-devel] [PATCH -V3 1/7] virtio-9p: Introduces an option to specify the security model Venkateswararao Jujjuri (JV)
2010-05-24 20:10 ` Anthony Liguori
2010-05-21 21:26 ` [Qemu-devel] [PATCH -V3 2/7] virtio-9p: Rearrange fileop structures Venkateswararao Jujjuri (JV)
2010-05-25 18:07 ` Sripathi Kodi
2010-05-26 20:21 ` Venkateswararao Jujjuri (JV)
2010-05-21 21:26 ` [Qemu-devel] [PATCH -V3 3/7] virtio-9p: modify create/open2 and mkdir for new security model Venkateswararao Jujjuri (JV)
2010-05-24 20:12 ` Anthony Liguori
2010-05-21 21:26 ` [Qemu-devel] [PATCH -V3 4/7] virtio-9p: Implement Security model for mknod related files Venkateswararao Jujjuri (JV)
2010-05-21 21:26 ` [Qemu-devel] [PATCH -V3 5/7] virtio-9p: Implemented security model for symlink and link Venkateswararao Jujjuri (JV)
2010-05-24 20:13 ` Anthony Liguori [this message]
2010-05-21 21:26 ` [Qemu-devel] [PATCH -V3 6/7] virtio-9p: Implemented Security model for lstat and fstat Venkateswararao Jujjuri (JV)
2010-05-21 21:26 ` [Qemu-devel] [PATCH -V3 7/7] virtio-9p: Implemented security model for chown and chgrp Venkateswararao Jujjuri (JV)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BFADDF3.4010901@linux.vnet.ibm.com \
--to=aliguori@linux.vnet.ibm.com \
--cc=aliguori@us.ibm.com \
--cc=jvrao@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).