From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Anthony Harivel <aharivel@redhat.com>
Cc: pbonzini@redhat.com, mtosatti@redhat.com, qemu-devel@nongnu.org,
vchundur@redhat.com
Subject: Re: [PATCH v3 1/3] qio: add support for SO_PEERCRED for socket channel
Date: Thu, 25 Jan 2024 16:37:58 +0000 [thread overview]
Message-ID: <ZbKOZpi0v3sdKV8q@redhat.com> (raw)
In-Reply-To: <20240125072214.318382-2-aharivel@redhat.com>
On Thu, Jan 25, 2024 at 08:22:12AM +0100, Anthony Harivel wrote:
> The function qio_channel_get_peercred() returns a pointer to the
> credentials of the peer process connected to this socket.
>
> This credentials structure is defined in <sys/socket.h> as follows:
>
> struct ucred {
> pid_t pid; /* Process ID of the sending process */
> uid_t uid; /* User ID of the sending process */
> gid_t gid; /* Group ID of the sending process */
> };
>
> The use of this function is possible only for connected AF_UNIX stream
> sockets and for AF_UNIX stream and datagram socket pairs.
>
> On platform other than Linux, the function return 0.
>
> Signed-off-by: Anthony Harivel <aharivel@redhat.com>
> ---
> include/io/channel.h | 21 +++++++++++++++++++++
> io/channel-socket.c | 23 +++++++++++++++++++++++
> io/channel.c | 12 ++++++++++++
> 3 files changed, 56 insertions(+)
>
> diff --git a/include/io/channel.h b/include/io/channel.h
> index 5f9dbaab65b0..0413435ce011 100644
> --- a/include/io/channel.h
> +++ b/include/io/channel.h
> @@ -149,6 +149,9 @@ struct QIOChannelClass {
> void *opaque);
> int (*io_flush)(QIOChannel *ioc,
> Error **errp);
> + void (*io_peerpid)(QIOChannel *ioc,
> + unsigned int *pid,
> + Error **errp);
Idented 1 space too many
> };
>
> /* General I/O handling functions */
> @@ -898,4 +901,22 @@ int coroutine_mixed_fn qio_channel_writev_full_all(QIOChannel *ioc,
> int qio_channel_flush(QIOChannel *ioc,
> Error **errp);
>
> +/**
> + * qio_channel_get_peercred:
> + * @ioc: the channel object
> + * @pid: pointer to pid
> + * @errp: pointer to a NULL-initialized error object
> + *
> + * Returns the pid of the peer process connected to this socket.
> + *
> + * The use of this function is possible only for connected
> + * AF_UNIX stream sockets and for AF_UNIX stream and datagram
> + * socket pairs on Linux.
> + * Return 0 for the non-Linux OS.
Update to say this returns an error for other platforms
> + *
> + */
> +void qio_channel_get_peerpid(QIOChannel *ioc,
> + unsigned int *pid,
> + Error **errp);
Idented 1 space too many
> +
> #endif /* QIO_CHANNEL_H */
> diff --git a/io/channel-socket.c b/io/channel-socket.c
> index 3a899b060858..e6a73592650c 100644
> --- a/io/channel-socket.c
> +++ b/io/channel-socket.c
> @@ -841,6 +841,28 @@ qio_channel_socket_set_cork(QIOChannel *ioc,
> socket_set_cork(sioc->fd, v);
> }
>
> +static void
> +qio_channel_socket_get_peerpid(QIOChannel *ioc,
> + unsigned int *pid,
> + Error **errp)
> +{
> +#ifdef CONFIG_LINUX
> + QIOChannelSocket *sioc = QIO_CHANNEL_SOCKET(ioc);
> + Error *err = NULL;
> + socklen_t len = sizeof(struct ucred);
> +
> + struct ucred cred;
> + if (getsockopt(sioc->fd,
> + SOL_SOCKET, SO_PEERCRED,
> + &cred, &len) == -1) {
> + error_setg_errno(&err, errno, "Unable to get peer credentials");
> + error_propagate(errp, err);
> + }
> + *pid = (unsigned int)cred.pid;
> +#else
> + *pid = 0;
Defaulting 'pid' to 0 is potentially unsafe, because to a caller it
now appears that the remote party is 'root' and thus implied to be
a privileged account.
We should 'error_setg' for any platform we don't have an impl on,
so the caller will see a fail for any usage.
> +#endif
> +}
>
> static int
> qio_channel_socket_close(QIOChannel *ioc,
> @@ -938,6 +960,7 @@ static void qio_channel_socket_class_init(ObjectClass *klass,
> #ifdef QEMU_MSG_ZEROCOPY
> ioc_klass->io_flush = qio_channel_socket_flush;
> #endif
> + ioc_klass->io_peerpid = qio_channel_socket_get_peerpid;
> }
>
> static const TypeInfo qio_channel_socket_info = {
> diff --git a/io/channel.c b/io/channel.c
> index 86c5834510ff..a5646650cf72 100644
> --- a/io/channel.c
> +++ b/io/channel.c
> @@ -490,6 +490,18 @@ void qio_channel_set_cork(QIOChannel *ioc,
> }
> }
>
> +void qio_channel_get_peerpid(QIOChannel *ioc,
> + unsigned int *pid,
> + Error **errp)
> +{
> + QIOChannelClass *klass = QIO_CHANNEL_GET_CLASS(ioc);
> +
> + if (!klass->io_peerpid) {
> + error_setg(errp, "Channel does not support peer pid");
> + return;
> + }
> + klass->io_peerpid(ioc, pid, errp);
> +}
>
> off_t qio_channel_io_seek(QIOChannel *ioc,
> off_t offset,
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2024-01-25 16:38 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-25 7:22 [PATCH v3 0/3] Add support for the RAPL MSRs series Anthony Harivel
2024-01-25 7:22 ` [PATCH v3 1/3] qio: add support for SO_PEERCRED for socket channel Anthony Harivel
2024-01-25 16:37 ` Daniel P. Berrangé [this message]
2024-01-29 19:25 ` Paolo Bonzini
2024-01-29 19:30 ` Daniel P. Berrangé
2024-01-25 7:22 ` [PATCH v3 2/3] tools: build qemu-vmsr-helper Anthony Harivel
2024-01-29 18:53 ` Daniel P. Berrangé
2024-01-29 19:33 ` Paolo Bonzini
2024-01-29 19:45 ` Daniel P. Berrangé
2024-01-29 19:53 ` Daniel P. Berrangé
2024-01-29 20:21 ` Paolo Bonzini
2024-02-21 13:19 ` Anthony Harivel
2024-02-21 13:47 ` Daniel P. Berrangé
2024-02-21 13:52 ` Anthony Harivel
2024-03-01 11:08 ` Anthony Harivel
2024-01-25 7:22 ` [PATCH v3 3/3] Add support for RAPL MSRs in KVM/Qemu Anthony Harivel
2024-01-29 19:29 ` Daniel P. Berrangé
2024-02-20 14:00 ` Anthony Harivel
2024-02-20 15:00 ` Daniel P. Berrangé
2024-03-05 14:58 ` Anthony Harivel
2024-01-30 9:13 ` Daniel P. Berrangé
2024-03-04 14:41 ` Anthony Harivel
2024-03-04 14:48 ` Daniel P. Berrangé
2024-03-05 13:25 ` Anthony Harivel
2024-03-05 13:57 ` Daniel P. Berrangé
2024-01-30 9:39 ` Daniel P. Berrangé
2024-03-12 11:21 ` Anthony Harivel
2024-03-12 15:49 ` Daniel P. Berrangé
2024-03-13 10:48 ` Anthony Harivel
2024-03-13 11:04 ` Daniel P. Berrangé
2024-03-14 8:26 ` Anthony Harivel
2024-03-14 8:55 ` Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZbKOZpi0v3sdKV8q@redhat.com \
--to=berrange@redhat.com \
--cc=aharivel@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=vchundur@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).