[051/104] virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV

Message ID	20191212163904.159893-52-dgilbert@redhat.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=PTTO=2C=nongnu.org=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9034A21655 From: "Dr. David Alan Gilbert (git)" <dgilbert@redhat.com> To: qemu-devel@nongnu.org, stefanha@redhat.com, vgoyal@redhat.com Subject: [PATCH 051/104] virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV Date: Thu, 12 Dec 2019 16:38:11 +0000 Message-Id: <20191212163904.159893-52-dgilbert@redhat.com> In-Reply-To: <20191212163904.159893-1-dgilbert@redhat.com> References: <20191212163904.159893-1-dgilbert@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Precedence: list Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Series	virtiofs daemon [all] \| expand [000/104] virtiofs daemon [all] [001/104] virtiofsd: Pull in upstream headers [002/104] virtiofsd: Pull in kernel's fuse.h [003/104] virtiofsd: Add auxiliary .c's [004/104] virtiofsd: Add fuse_lowlevel.c [005/104] virtiofsd: Add passthrough_ll [006/104] virtiofsd: Trim down imported files [007/104] virtiofsd: Format imported files to qemu style [008/104] virtiofsd: remove mountpoint dummy argument [009/104] virtiofsd: remove unused notify reply support [010/104] virtiofsd: Fix fuse_daemonize ignored return values [011/104] virtiofsd: Fix common header and define for QEMU builds [012/104] virtiofsd: Trim out compatibility code [013/104] virtiofsd: Make fsync work even if only inode is passed in [014/104] virtiofsd: Add options for virtio [015/104] virtiofsd: add -o source=PATH to help output [016/104] virtiofsd: Open vhost connection instead of mounting [017/104] virtiofsd: Start wiring up vhost-user [018/104] virtiofsd: Add main virtio loop [019/104] virtiofsd: get/set features callbacks [020/104] virtiofsd: Start queue threads [021/104] virtiofsd: Poll kick_fd for queue [022/104] virtiofsd: Start reading commands from queue [023/104] virtiofsd: Send replies to messages [024/104] virtiofsd: Keep track of replies [025/104] virtiofsd: Add Makefile wiring for virtiofsd contrib [026/104] virtiofsd: Fast path for virtio read [027/104] virtiofsd: add --fd=FDNUM fd passing option [028/104] virtiofsd: make -f (foreground) the default [029/104] virtiofsd: add vhost-user.json file [030/104] virtiofsd: add --print-capabilities option [031/104] virtiofs: Add maintainers entry [032/104] virtiofsd: passthrough_ll: create new files in caller's context [033/104] virtiofsd: passthrough_ll: add lo_map for ino/fh indirection [034/104] virtiofsd: passthrough_ll: add ino_map to hide lo_inode pointers [035/104] virtiofsd: passthrough_ll: add dirp_map to hide lo_dirp pointers [036/104] virtiofsd: passthrough_ll: add fd_map to hide file descriptors [037/104] virtiofsd: passthrough_ll: add fallback for racy ops [038/104] virtiofsd: validate path components [039/104] virtiofsd: Plumb fuse_bufvec through to do_write_buf [040/104] virtiofsd: Pass write iov's all the way through [041/104] virtiofsd: add fuse_mbuf_iter API [042/104] virtiofsd: validate input buffer sizes in do_write_buf() [043/104] virtiofsd: check input buffer size in fuse_lowlevel.c ops [044/104] virtiofsd: prevent ".." escape in lo_do_lookup() [045/104] virtiofsd: prevent ".." escape in lo_do_readdir() [046/104] virtiofsd: use /proc/self/fd/ O_PATH file descriptor [047/104] virtiofsd: sandbox mount namespace [048/104] virtiofsd: move to an empty network namespace [049/104] virtiofsd: move to a new pid namespace [050/104] virtiofsd: add seccomp whitelist [051/104] virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV [052/104] virtiofsd: cap-ng helpers [053/104] virtiofsd: Drop CAP_FSETID if client asked for it [054/104] virtiofsd: set maximum RLIMIT_NOFILE limit [055/104] virtiofsd: fix libfuse information leaks [056/104] virtiofsd: add security guide document [057/104] virtiofsd: add --syslog command-line option [058/104] virtiofsd: print log only when priority is high enough [059/104] virtiofsd: Add ID to the log with FUSE_LOG_DEBUG level [060/104] virtiofsd: Add timestamp to the log with FUSE_LOG_DEBUG level [061/104] virtiofsd: Handle reinit [062/104] virtiofsd: Handle hard reboot [063/104] virtiofsd: Kill threads when queues are stopped [064/104] vhost-user: Print unexpected slave message types [065/104] contrib/libvhost-user: Protect slave fd with mutex [066/104] virtiofsd: passthrough_ll: add renameat2 support [067/104] virtiofsd: passthrough_ll: disable readdirplus on cache=never [068/104] virtiofsd: passthrough_ll: control readdirplus [069/104] virtiofsd: rename unref_inode() to unref_inode_lolocked() [070/104] virtiofsd: fail when parent inode isn't known in lo_do_lookup() [071/104] virtiofsd: extract root inode init into setup_root() [072/104] virtiofsd: passthrough_ll: fix refcounting on remove/rename [073/104] virtiofsd: passthrough_ll: clean up cache related options [074/104] virtiofsd: passthrough_ll: use hashtable [075/104] virtiofsd: Clean up inodes on destroy [076/104] virtiofsd: support nanosecond resolution for file timestamp [077/104] virtiofsd: fix error handling in main() [078/104] virtiofsd: cleanup allocated resource in se [079/104] virtiofsd: fix memory leak on lo.source [080/104] virtiofsd: add helper for lo_data cleanup [081/104] virtiofsd: Prevent multiply running with same vhost_user_socket [082/104] virtiofsd: enable PARALLEL_DIROPS during INIT [083/104] virtiofsd: fix incorrect error handling in lo_do_lookup [084/104] Virtiofsd: fix memory leak on fuse queueinfo [085/104] virtiofsd: Support remote posix locks [086/104] virtiofsd: use fuse_lowlevel_is_virtio() in fuse_session_destroy() [087/104] virtiofsd: prevent fv_queue_thread() vs virtio_loop() races [088/104] virtiofsd: make lo_release() atomic [089/104] virtiofsd: prevent races with lo_dirp_put() [090/104] virtiofsd: rename inode->refcount to inode->nlookup [091/104] libvhost-user: Fix some memtable remap cases [092/104] virtiofsd: add man page [093/104] virtiofsd: introduce inode refcount to prevent use-after-free [094/104] virtiofsd: do not always set FUSE_FLOCK_LOCKS [095/104] virtiofsd: convert more fprintf and perror to use fuse log infra [096/104] virtiofsd: Reset O_DIRECT flag during file open [097/104] virtiofsd: Fix data corruption with O_APPEND wirte in writeback mode [098/104] virtiofsd: add definition of fuse_buf_writev() [099/104] virtiofsd: use fuse_buf_writev to replace fuse_buf_write for better performance [100/104] virtiofsd: process requests in a thread pool [101/104] virtiofsd: prevent FUSE_INIT/FUSE_DESTROY races [102/104] virtiofsd: fix lo_destroy() resource leaks [103/104] virtiofsd: add --thread-pool-size=NUM option [104/104] virtiofsd: Convert lo_destroy to take the lo->mutex lock itself [105/104] virtiofsd: Unref old/new inodes with the same mutex lock in lo_rename()

Message ID

20191212163904.159893-52-dgilbert@redhat.com (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9034A21655
From: "Dr. David Alan Gilbert (git)" <dgilbert@redhat.com>
To: qemu-devel@nongnu.org,
	stefanha@redhat.com,
	vgoyal@redhat.com
Subject: [PATCH 051/104] virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV
Date: Thu, 12 Dec 2019 16:38:11 +0000
Message-Id: <20191212163904.159893-52-dgilbert@redhat.com>
In-Reply-To: <20191212163904.159893-1-dgilbert@redhat.com>
References: <20191212163904.159893-1-dgilbert@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Precedence: list
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

Series

virtiofs daemon [all] | expand

Commit Message

Dr. David Alan Gilbert Dec. 12, 2019, 4:38 p.m. UTC

From: Vivek Goyal <vgoyal@redhat.com>

Caller can set FUSE_WRITE_KILL_PRIV in write_flags. Parse it and pass it
to the filesystem.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
 tools/virtiofsd/fuse_common.h   | 6 +++++-
 tools/virtiofsd/fuse_lowlevel.c | 4 +++-
 2 files changed, 8 insertions(+), 2 deletions(-)

Comments

Misono Tomohiro Jan. 15, 2020, 12:06 p.m. UTC | #1

> From: Vivek Goyal <vgoyal@redhat.com>
> 
> Caller can set FUSE_WRITE_KILL_PRIV in write_flags. Parse it and pass it
> to the filesystem.
> 
> Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> ---
>  tools/virtiofsd/fuse_common.h   | 6 +++++-
>  tools/virtiofsd/fuse_lowlevel.c | 4 +++-
>  2 files changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/tools/virtiofsd/fuse_common.h b/tools/virtiofsd/fuse_common.h
> index 147c043bd9..1e8191b7a6 100644
> --- a/tools/virtiofsd/fuse_common.h
> +++ b/tools/virtiofsd/fuse_common.h
> @@ -93,8 +93,12 @@ struct fuse_file_info {
>       */
>      unsigned int cache_readdir:1;
>  
> +    /* Indicates that suid/sgid bits should be removed upon write */
> +    unsigned int kill_priv:1;
> +
> +
>      /** Padding.  Reserved for future use*/
> -    unsigned int padding:25;
> +    unsigned int padding:24;
>      unsigned int padding2:32;
>  
>      /*
> diff --git a/tools/virtiofsd/fuse_lowlevel.c b/tools/virtiofsd/fuse_lowlevel.c
> index bd5ca2f157..c8a3b1597a 100644
> --- a/tools/virtiofsd/fuse_lowlevel.c
> +++ b/tools/virtiofsd/fuse_lowlevel.c
> @@ -1144,6 +1144,7 @@ static void do_write(fuse_req_t req, fuse_ino_t nodeid,
>      memset(&fi, 0, sizeof(fi));
>      fi.fh = arg->fh;
>      fi.writepage = (arg->write_flags & FUSE_WRITE_CACHE) != 0;
> +    fi.kill_priv = !!(arg->write_flags & FUSE_WRITE_KILL_PRIV);
>  
>      fi.lock_owner = arg->lock_owner;
>      fi.flags = arg->flags;
> @@ -1179,7 +1180,8 @@ static void do_write_buf(fuse_req_t req, fuse_ino_t nodeid,
>      fi.lock_owner = arg->lock_owner;
>      fi.flags = arg->flags;
>      fi.fh = arg->fh;
> -    fi.writepage = arg->write_flags & FUSE_WRITE_CACHE;
> +    fi.writepage = !!(arg->write_flags & FUSE_WRITE_CACHE);
> +    fi.kill_priv = !!(arg->write_flags & FUSE_WRITE_KILL_PRIV);
>  
>      if (ibufv->count == 1) {
>          assert(!(tmpbufv.buf[0].flags & FUSE_BUF_IS_FD));
> -- 
> 2.23.0

Reviewed-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>

side-note: virtiofs uses write_buf() and therefore do_write() is never called.
How about cleanup the function?

Dr. David Alan Gilbert Jan. 15, 2020, 2:34 p.m. UTC | #2

* Misono Tomohiro (misono.tomohiro@jp.fujitsu.com) wrote:
> > From: Vivek Goyal <vgoyal@redhat.com>
> > 
> > Caller can set FUSE_WRITE_KILL_PRIV in write_flags. Parse it and pass it
> > to the filesystem.
> > 
> > Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> > ---
> >  tools/virtiofsd/fuse_common.h   | 6 +++++-
> >  tools/virtiofsd/fuse_lowlevel.c | 4 +++-
> >  2 files changed, 8 insertions(+), 2 deletions(-)
> > 
> > diff --git a/tools/virtiofsd/fuse_common.h b/tools/virtiofsd/fuse_common.h
> > index 147c043bd9..1e8191b7a6 100644
> > --- a/tools/virtiofsd/fuse_common.h
> > +++ b/tools/virtiofsd/fuse_common.h
> > @@ -93,8 +93,12 @@ struct fuse_file_info {
> >       */
> >      unsigned int cache_readdir:1;
> >  
> > +    /* Indicates that suid/sgid bits should be removed upon write */
> > +    unsigned int kill_priv:1;
> > +
> > +
> >      /** Padding.  Reserved for future use*/
> > -    unsigned int padding:25;
> > +    unsigned int padding:24;
> >      unsigned int padding2:32;
> >  
> >      /*
> > diff --git a/tools/virtiofsd/fuse_lowlevel.c b/tools/virtiofsd/fuse_lowlevel.c
> > index bd5ca2f157..c8a3b1597a 100644
> > --- a/tools/virtiofsd/fuse_lowlevel.c
> > +++ b/tools/virtiofsd/fuse_lowlevel.c
> > @@ -1144,6 +1144,7 @@ static void do_write(fuse_req_t req, fuse_ino_t nodeid,
> >      memset(&fi, 0, sizeof(fi));
> >      fi.fh = arg->fh;
> >      fi.writepage = (arg->write_flags & FUSE_WRITE_CACHE) != 0;
> > +    fi.kill_priv = !!(arg->write_flags & FUSE_WRITE_KILL_PRIV);
> >  
> >      fi.lock_owner = arg->lock_owner;
> >      fi.flags = arg->flags;
> > @@ -1179,7 +1180,8 @@ static void do_write_buf(fuse_req_t req, fuse_ino_t nodeid,
> >      fi.lock_owner = arg->lock_owner;
> >      fi.flags = arg->flags;
> >      fi.fh = arg->fh;
> > -    fi.writepage = arg->write_flags & FUSE_WRITE_CACHE;
> > +    fi.writepage = !!(arg->write_flags & FUSE_WRITE_CACHE);
> > +    fi.kill_priv = !!(arg->write_flags & FUSE_WRITE_KILL_PRIV);
> >  
> >      if (ibufv->count == 1) {
> >          assert(!(tmpbufv.buf[0].flags & FUSE_BUF_IS_FD));
> > -- 
> > 2.23.0
> 
> Reviewed-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>

Thank you.

> side-note: virtiofs uses write_buf() and therefore do_write() is never called.
> How about cleanup the function?

Yes I think you're right; I need to go through and check there's no
corner case which can get into the plain do_write.

Dave

> 
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

Sergio Lopez Jan. 16, 2020, 2:37 p.m. UTC | #3

Dr. David Alan Gilbert (git) <dgilbert@redhat.com> writes:

> From: Vivek Goyal <vgoyal@redhat.com>
>
> Caller can set FUSE_WRITE_KILL_PRIV in write_flags. Parse it and pass it
> to the filesystem.
>
> Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> ---
>  tools/virtiofsd/fuse_common.h   | 6 +++++-
>  tools/virtiofsd/fuse_lowlevel.c | 4 +++-
>  2 files changed, 8 insertions(+), 2 deletions(-)

Reviewed-by: Sergio Lopez <slp@redhat.com>

diff --git a/tools/virtiofsd/fuse_common.h b/tools/virtiofsd/fuse_common.h
index 147c043bd9..1e8191b7a6 100644
--- a/tools/virtiofsd/fuse_common.h
+++ b/tools/virtiofsd/fuse_common.h
@@ -93,8 +93,12 @@  struct fuse_file_info {
      */
     unsigned int cache_readdir:1;
 
+    /* Indicates that suid/sgid bits should be removed upon write */
+    unsigned int kill_priv:1;
+
+
     /** Padding.  Reserved for future use*/
-    unsigned int padding:25;
+    unsigned int padding:24;
     unsigned int padding2:32;
 
     /*
diff --git a/tools/virtiofsd/fuse_lowlevel.c b/tools/virtiofsd/fuse_lowlevel.c
index bd5ca2f157..c8a3b1597a 100644
--- a/tools/virtiofsd/fuse_lowlevel.c
+++ b/tools/virtiofsd/fuse_lowlevel.c
@@ -1144,6 +1144,7 @@  static void do_write(fuse_req_t req, fuse_ino_t nodeid,
     memset(&fi, 0, sizeof(fi));
     fi.fh = arg->fh;
     fi.writepage = (arg->write_flags & FUSE_WRITE_CACHE) != 0;
+    fi.kill_priv = !!(arg->write_flags & FUSE_WRITE_KILL_PRIV);
 
     fi.lock_owner = arg->lock_owner;
     fi.flags = arg->flags;
@@ -1179,7 +1180,8 @@  static void do_write_buf(fuse_req_t req, fuse_ino_t nodeid,
     fi.lock_owner = arg->lock_owner;
     fi.flags = arg->flags;
     fi.fh = arg->fh;
-    fi.writepage = arg->write_flags & FUSE_WRITE_CACHE;
+    fi.writepage = !!(arg->write_flags & FUSE_WRITE_CACHE);
+    fi.kill_priv = !!(arg->write_flags & FUSE_WRITE_KILL_PRIV);
 
     if (ibufv->count == 1) {
         assert(!(tmpbufv.buf[0].flags & FUSE_BUF_IS_FD));

[051/104] virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV

Commit Message

Comments

Patch