Re: [Qemu-devel] [RESEND] [PATCH] hw/9pfs: fix P9_STATS_GEN handling
Kirill A. Shutemov kir...@shutemov.name writes: From: Kirill A. Shutemov kirill.shute...@linux.intel.com Currently we have few issues with P9_STATS_GEN: - We don't try to read st_gen anything except files or directories, but still set P9_STATS_GEN bit in st_result_mask. It may mislead client: we present garbage as valid st_gen. We should return 0 right ? We do memset(v9lstat, 0, sizeof(*v9lstat)); in stat_to_v9stat_dotl - If we failed to get valid st_gen with ENOTTY, we ignore error, but still set P9_STATS_GEN bit in st_result_mask. and have v9lstat.st_gen set to zero - If we failed to get valid st_gen with any other errno, we fail getattr altogether. It's excessive: we block valid client use-cases, like chdir(2) to non-readable directory with execution bit set. Can you explain this in detail ? The patch fixes these issues and cleanup code a bit. Signed-off-by: Kirill A. Shutemov kirill.shute...@linux.intel.com Reviewed-by: Daniel P. Berrange berra...@redhat.com --- hw/9pfs/cofile.c | 4 hw/9pfs/virtio-9p-handle.c | 8 +++- hw/9pfs/virtio-9p-local.c | 10 ++ hw/9pfs/virtio-9p-proxy.c | 3 ++- hw/9pfs/virtio-9p.c| 12 ++-- 5 files changed, 25 insertions(+), 12 deletions(-) -aneesh
Re: [Qemu-devel] [RESEND] [PATCH] hw/9pfs: fix P9_STATS_GEN handling
On Wed, Nov 06, 2013 at 09:41:47PM +0530, Aneesh Kumar K.V wrote: Kirill A. Shutemov kir...@shutemov.name writes: From: Kirill A. Shutemov kirill.shute...@linux.intel.com Currently we have few issues with P9_STATS_GEN: - We don't try to read st_gen anything except files or directories, but still set P9_STATS_GEN bit in st_result_mask. It may mislead client: we present garbage as valid st_gen. We should return 0 right ? We do memset(v9lstat, 0, sizeof(*v9lstat)); in stat_to_v9stat_dotl The right way is not set P9_STATS_GEN in st_result_mask if we don't know it. - If we failed to get valid st_gen with ENOTTY, we ignore error, but still set P9_STATS_GEN bit in st_result_mask. and have v9lstat.st_gen set to zero The same as above. And if ioctl(fd, FS_IOC_GETVERSION, st_gen) fails, nobody specifies what will be stored into st_gen, if any. We should not relay that fs will not touch st_gen even if it sounds reasonable. - If we failed to get valid st_gen with any other errno, we fail getattr altogether. It's excessive: we block valid client use-cases, like chdir(2) to non-readable directory with execution bit set. Can you explain this in detail ? If you have following tree: % mkdir testdir % echo test testdir/testfile % chmod -r testdir In normal environment it's usable: you can chdir(2) into it and read files inside if you know its name: % cd testdir % cat testfile test You only can't list directory content: % ls ls: cannot open directory .: Permission denied With current qemu 9p implementation you'll get on guest -EACCES on chdir(2) or read, since qemu fill fail to provide basic stats to guess. It happens because qemu try open(2) non-readable file to run FS_IOC_GETVERSION and fails getattr altogether. I believe it also breaks more trivial use-cases: ls -l on non-readable file or directory for the same reason. But I haven't checked that. -- Kirill A. Shutemov
Re: [Qemu-devel] [RESEND] [PATCH] hw/9pfs: fix P9_STATS_GEN handling
Kirill A. Shutemov kir...@shutemov.name writes:
From: Kirill A. Shutemov kirill.shute...@linux.intel.com
Currently we have few issues with P9_STATS_GEN:
- We don't try to read st_gen anything except files or directories, but
still set P9_STATS_GEN bit in st_result_mask. It may mislead client:
we present garbage as valid st_gen.
- If we failed to get valid st_gen with ENOTTY, we ignore error, but
still set P9_STATS_GEN bit in st_result_mask.
- If we failed to get valid st_gen with any other errno, we fail
getattr altogether. It's excessive: we block valid client use-cases,
like chdir(2) to non-readable directory with execution bit set.
The patch fixes these issues and cleanup code a bit.
Signed-off-by: Kirill A. Shutemov kirill.shute...@linux.intel.com
Reviewed-by: Daniel P. Berrange berra...@redhat.com
Reviewed-by: Aneesh Kumar K.V aneesh.ku...@linux.vnet.ibm.com
---
hw/9pfs/cofile.c | 4
hw/9pfs/virtio-9p-handle.c | 8 +++-
hw/9pfs/virtio-9p-local.c | 10 ++
hw/9pfs/virtio-9p-proxy.c | 3 ++-
hw/9pfs/virtio-9p.c| 12 ++--
5 files changed, 25 insertions(+), 12 deletions(-)
diff --git a/hw/9pfs/cofile.c b/hw/9pfs/cofile.c
index 194c1306c665..2efebf35710f 100644
--- a/hw/9pfs/cofile.c
+++ b/hw/9pfs/cofile.c
@@ -38,10 +38,6 @@ int v9fs_co_st_gen(V9fsPDU *pdu, V9fsPath *path, mode_t
st_mode,
});
v9fs_path_unlock(s);
}
-/* The ioctl may not be supported depending on the path */
-if (err == -ENOTTY) {
-err = 0;
-}
return err;
}
diff --git a/hw/9pfs/virtio-9p-handle.c b/hw/9pfs/virtio-9p-handle.c
index fe8e0ed19dcc..17002a3d2867 100644
--- a/hw/9pfs/virtio-9p-handle.c
+++ b/hw/9pfs/virtio-9p-handle.c
@@ -582,6 +582,7 @@ static int handle_unlinkat(FsContext *ctx, V9fsPath *dir,
static int handle_ioc_getversion(FsContext *ctx, V9fsPath *path,
mode_t st_mode, uint64_t *st_gen)
{
+#ifdef FS_IOC_GETVERSION
int err;
V9fsFidOpenState fid_open;
@@ -590,7 +591,8 @@ static int handle_ioc_getversion(FsContext *ctx, V9fsPath
*path,
* We can get fd for regular files and directories only
*/
if (!S_ISREG(st_mode) !S_ISDIR(st_mode)) {
-return 0;
+errno = ENOTTY;
+return -1;
}
err = handle_open(ctx, path, O_RDONLY, fid_open);
if (err 0) {
@@ -599,6 +601,10 @@ static int handle_ioc_getversion(FsContext *ctx,
V9fsPath *path,
err = ioctl(fid_open.fd, FS_IOC_GETVERSION, st_gen);
handle_close(ctx, fid_open);
return err;
+#else
+errno = ENOTTY;
+return -1;
+#endif
}
static int handle_init(FsContext *ctx)
diff --git a/hw/9pfs/virtio-9p-local.c b/hw/9pfs/virtio-9p-local.c
index fc93e9e6e8da..df0dbffa7ac4 100644
--- a/hw/9pfs/virtio-9p-local.c
+++ b/hw/9pfs/virtio-9p-local.c
@@ -1068,8 +1068,8 @@ err_out:
static int local_ioc_getversion(FsContext *ctx, V9fsPath *path,
mode_t st_mode, uint64_t *st_gen)
{
-int err;
#ifdef FS_IOC_GETVERSION
+int err;
V9fsFidOpenState fid_open;
/*
@@ -1077,7 +1077,8 @@ static int local_ioc_getversion(FsContext *ctx,
V9fsPath *path,
* We can get fd for regular files and directories only
*/
if (!S_ISREG(st_mode) !S_ISDIR(st_mode)) {
-return 0;
+errno = ENOTTY;
+return -1;
}
err = local_open(ctx, path, O_RDONLY, fid_open);
if (err 0) {
@@ -1085,10 +1086,11 @@ static int local_ioc_getversion(FsContext *ctx,
V9fsPath *path,
}
err = ioctl(fid_open.fd, FS_IOC_GETVERSION, st_gen);
local_close(ctx, fid_open);
+return err;
#else
-err = -ENOTTY;
+errno = ENOTTY;
+return -1;
#endif
-return err;
}
static int local_init(FsContext *ctx)
diff --git a/hw/9pfs/virtio-9p-proxy.c b/hw/9pfs/virtio-9p-proxy.c
index 5f44bb758b35..b57966d9d883 100644
--- a/hw/9pfs/virtio-9p-proxy.c
+++ b/hw/9pfs/virtio-9p-proxy.c
@@ -1086,7 +1086,8 @@ static int proxy_ioc_getversion(FsContext *fs_ctx,
V9fsPath *path,
* we can get fd for regular files and directories only
*/
if (!S_ISREG(st_mode) !S_ISDIR(st_mode)) {
-return 0;
+errno = ENOTTY;
+return -1;
}
err = v9fs_request(fs_ctx-private, T_GETVERSION, st_gen, s, path);
if (err 0) {
diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c
index 8cbb8ae32a03..3e51fcd152f8 100644
--- a/hw/9pfs/virtio-9p.c
+++ b/hw/9pfs/virtio-9p.c
@@ -1080,10 +1080,18 @@ static void v9fs_getattr(void *opaque)
/* fill st_gen if requested and supported by underlying fs */
if (request_mask P9_STATS_GEN) {
retval = v9fs_co_st_gen(pdu, fidp-path, stbuf.st_mode,
v9stat_dotl);
-if (retval 0) {
+switch (retval) {
+case 0:
+/* we have valid st_gen: update
[Qemu-devel] [RESEND] [PATCH] hw/9pfs: fix P9_STATS_GEN handling
From: Kirill A. Shutemov kirill.shute...@linux.intel.com
Currently we have few issues with P9_STATS_GEN:
- We don't try to read st_gen anything except files or directories, but
still set P9_STATS_GEN bit in st_result_mask. It may mislead client:
we present garbage as valid st_gen.
- If we failed to get valid st_gen with ENOTTY, we ignore error, but
still set P9_STATS_GEN bit in st_result_mask.
- If we failed to get valid st_gen with any other errno, we fail
getattr altogether. It's excessive: we block valid client use-cases,
like chdir(2) to non-readable directory with execution bit set.
The patch fixes these issues and cleanup code a bit.
Signed-off-by: Kirill A. Shutemov kirill.shute...@linux.intel.com
Reviewed-by: Daniel P. Berrange berra...@redhat.com
---
hw/9pfs/cofile.c | 4
hw/9pfs/virtio-9p-handle.c | 8 +++-
hw/9pfs/virtio-9p-local.c | 10 ++
hw/9pfs/virtio-9p-proxy.c | 3 ++-
hw/9pfs/virtio-9p.c| 12 ++--
5 files changed, 25 insertions(+), 12 deletions(-)
diff --git a/hw/9pfs/cofile.c b/hw/9pfs/cofile.c
index 194c1306c665..2efebf35710f 100644
--- a/hw/9pfs/cofile.c
+++ b/hw/9pfs/cofile.c
@@ -38,10 +38,6 @@ int v9fs_co_st_gen(V9fsPDU *pdu, V9fsPath *path, mode_t
st_mode,
});
v9fs_path_unlock(s);
}
-/* The ioctl may not be supported depending on the path */
-if (err == -ENOTTY) {
-err = 0;
-}
return err;
}
diff --git a/hw/9pfs/virtio-9p-handle.c b/hw/9pfs/virtio-9p-handle.c
index fe8e0ed19dcc..17002a3d2867 100644
--- a/hw/9pfs/virtio-9p-handle.c
+++ b/hw/9pfs/virtio-9p-handle.c
@@ -582,6 +582,7 @@ static int handle_unlinkat(FsContext *ctx, V9fsPath *dir,
static int handle_ioc_getversion(FsContext *ctx, V9fsPath *path,
mode_t st_mode, uint64_t *st_gen)
{
+#ifdef FS_IOC_GETVERSION
int err;
V9fsFidOpenState fid_open;
@@ -590,7 +591,8 @@ static int handle_ioc_getversion(FsContext *ctx, V9fsPath
*path,
* We can get fd for regular files and directories only
*/
if (!S_ISREG(st_mode) !S_ISDIR(st_mode)) {
-return 0;
+errno = ENOTTY;
+return -1;
}
err = handle_open(ctx, path, O_RDONLY, fid_open);
if (err 0) {
@@ -599,6 +601,10 @@ static int handle_ioc_getversion(FsContext *ctx, V9fsPath
*path,
err = ioctl(fid_open.fd, FS_IOC_GETVERSION, st_gen);
handle_close(ctx, fid_open);
return err;
+#else
+errno = ENOTTY;
+return -1;
+#endif
}
static int handle_init(FsContext *ctx)
diff --git a/hw/9pfs/virtio-9p-local.c b/hw/9pfs/virtio-9p-local.c
index fc93e9e6e8da..df0dbffa7ac4 100644
--- a/hw/9pfs/virtio-9p-local.c
+++ b/hw/9pfs/virtio-9p-local.c
@@ -1068,8 +1068,8 @@ err_out:
static int local_ioc_getversion(FsContext *ctx, V9fsPath *path,
mode_t st_mode, uint64_t *st_gen)
{
-int err;
#ifdef FS_IOC_GETVERSION
+int err;
V9fsFidOpenState fid_open;
/*
@@ -1077,7 +1077,8 @@ static int local_ioc_getversion(FsContext *ctx, V9fsPath
*path,
* We can get fd for regular files and directories only
*/
if (!S_ISREG(st_mode) !S_ISDIR(st_mode)) {
-return 0;
+errno = ENOTTY;
+return -1;
}
err = local_open(ctx, path, O_RDONLY, fid_open);
if (err 0) {
@@ -1085,10 +1086,11 @@ static int local_ioc_getversion(FsContext *ctx,
V9fsPath *path,
}
err = ioctl(fid_open.fd, FS_IOC_GETVERSION, st_gen);
local_close(ctx, fid_open);
+return err;
#else
-err = -ENOTTY;
+errno = ENOTTY;
+return -1;
#endif
-return err;
}
static int local_init(FsContext *ctx)
diff --git a/hw/9pfs/virtio-9p-proxy.c b/hw/9pfs/virtio-9p-proxy.c
index 5f44bb758b35..b57966d9d883 100644
--- a/hw/9pfs/virtio-9p-proxy.c
+++ b/hw/9pfs/virtio-9p-proxy.c
@@ -1086,7 +1086,8 @@ static int proxy_ioc_getversion(FsContext *fs_ctx,
V9fsPath *path,
* we can get fd for regular files and directories only
*/
if (!S_ISREG(st_mode) !S_ISDIR(st_mode)) {
-return 0;
+errno = ENOTTY;
+return -1;
}
err = v9fs_request(fs_ctx-private, T_GETVERSION, st_gen, s, path);
if (err 0) {
diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c
index 8cbb8ae32a03..3e51fcd152f8 100644
--- a/hw/9pfs/virtio-9p.c
+++ b/hw/9pfs/virtio-9p.c
@@ -1080,10 +1080,18 @@ static void v9fs_getattr(void *opaque)
/* fill st_gen if requested and supported by underlying fs */
if (request_mask P9_STATS_GEN) {
retval = v9fs_co_st_gen(pdu, fidp-path, stbuf.st_mode, v9stat_dotl);
-if (retval 0) {
+switch (retval) {
+case 0:
+/* we have valid st_gen: update result mask */
+v9stat_dotl.st_result_mask |= P9_STATS_GEN;
+break;
+case -EINTR:
+/* request cancelled */
goto out;
+default:
+/* failed to get st_gen: not fatal,
