All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Marc-André Lureau" <marcandre.lureau@redhat.com>
To: qemu-devel@nongnu.org
Cc: berrange@redhat.com, kraxel@redhat.com,
	"Marc-André Lureau" <marcandre.lureau@redhat.com>
Subject: [Qemu-devel] [PATCH v3 09/26] HACK: vhost-user-backend: allow to specify binary to execute
Date: Mon, 18 Jun 2018 18:17:12 +0200	[thread overview]
Message-ID: <20180618161729.334-10-marcandre.lureau@redhat.com> (raw)
In-Reply-To: <20180618161729.334-1-marcandre.lureau@redhat.com>

An executable with its arguments may be given as 'cmd' property, ex:
-object vhost-user-backend,id=vui,cmd="./vhost-user-input
/dev/input..". The executable is then spawn and, by convention, the
vhost-user socket is passed as fd=3. It may be considered a security
breach to allow creating processes that may execute arbitrary
executables, so this may be restricted to some known executables (via
signature etc) or directory.

To make the patch more acceptable, the command argument would have to
be passed via an array (probably via -object json: syntax), instead of
using g_shell_parse_argv().

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 backends/vhost-user.c | 83 +++++++++++++++++++++++++++++++++++++------
 1 file changed, 73 insertions(+), 10 deletions(-)

diff --git a/backends/vhost-user.c b/backends/vhost-user.c
index db97037306..32d3ec0e8b 100644
--- a/backends/vhost-user.c
+++ b/backends/vhost-user.c
@@ -154,26 +154,87 @@ vhost_user_backend_complete(UserCreatable *uc, Error **errp)
 {
     VhostUserBackend *b = VHOST_USER_BACKEND(uc);
     Chardev *chr;
+    char **argv = NULL;
 
-    if (!b->chr_name) {
-        error_setg(errp, "You must specificy 'chardev'.");
+    if (!!b->chr_name + !!b->cmd != 1) {
+        error_setg(errp, "You may specificy only one of 'chardev' or 'cmd'.");
         return;
     }
 
-    chr = qemu_chr_find(b->chr_name);
-    if (chr == NULL) {
-        error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
-                  "Chardev '%s' not found", b->chr_name);
-        return;
-    }
+    if (b->chr_name) {
+        chr = qemu_chr_find(b->chr_name);
+        if (chr == NULL) {
+            error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
+                      "Chardev '%s' not found", b->chr_name);
+            return;
+        }
 
-    if (!qemu_chr_fe_init(&b->chr, chr, errp)) {
-        return;
+        if (!qemu_chr_fe_init(&b->chr, chr, errp)) {
+            return;
+        }
+    } else {
+        QIOChannelCommand *child;
+        GError *err;
+        int sv[2];
+
+        if (!g_shell_parse_argv(b->cmd, NULL, &argv, &err)) {
+            error_setg(errp, "Fail to parse command: %s", err->message);
+            g_error_free(err);
+            return;
+        }
+
+        if (socketpair(PF_UNIX, SOCK_STREAM, 0, sv) == -1) {
+            error_setg_errno(errp, errno, "socketpair() failed");
+            goto end;
+        }
+
+        chr = CHARDEV(object_new(TYPE_CHARDEV_SOCKET));
+        if (!chr || qemu_chr_add_client(chr, sv[0]) == -1) {
+            error_setg(errp, "Failed to make socket chardev");
+            object_unref(OBJECT(chr));
+            goto end;
+        }
+
+        if (!qemu_chr_fe_init(&b->chr, chr, errp)) {
+            goto end;
+        }
+
+        child = qio_channel_command_new_spawn_with_pre_exec(
+            (const char * const *)argv, O_RDONLY | O_WRONLY,
+            pre_exec_cb, sv, errp);
+        if (!child) {
+            goto end;
+        }
+        b->child = QIO_CHANNEL(child);
+
+        close(sv[1]);
     }
 
     b->completed = true;
     /* could vhost_dev_init() happen here, so early vhost-user message
      * can be exchanged */
+end:
+    g_strfreev(argv);
+}
+
+static char *get_cmd(Object *obj, Error **errp)
+{
+    VhostUserBackend *b = VHOST_USER_BACKEND(obj);
+
+    return g_strdup(b->cmd);
+}
+
+static void set_cmd(Object *obj, const char *str, Error **errp)
+{
+    VhostUserBackend *b = VHOST_USER_BACKEND(obj);
+
+    if (b->child) {
+        error_setg(errp, "cannot change property value");
+        return;
+    }
+
+    g_free(b->cmd);
+    b->cmd = g_strdup(str);
 }
 
 static void set_chardev(Object *obj, const char *value, Error **errp)
@@ -202,6 +263,7 @@ static char *get_chardev(Object *obj, Error **errp)
 
 static void vhost_user_backend_init(Object *obj)
 {
+    object_property_add_str(obj, "cmd", get_cmd, set_cmd, NULL);
     object_property_add_str(obj, "chardev", get_chardev, set_chardev, NULL);
 }
 
@@ -210,6 +272,7 @@ static void vhost_user_backend_finalize(Object *obj)
     VhostUserBackend *b = VHOST_USER_BACKEND(obj);
 
     g_free(b->dev.vqs);
+    g_free(b->cmd);
     g_free(b->chr_name);
 
     vhost_user_cleanup(&b->vhost_user);
-- 
2.18.0.rc1

  parent reply	other threads:[~2018-06-18 16:17 UTC|newest]

Thread overview: 52+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-18 16:17 [Qemu-devel] [PATCH v3 00/26] vhost-user for input & GPU Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 01/26] chardev: avoid crash if no associated address Marc-André Lureau
2018-06-19 12:01   ` Daniel P. Berrangé
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 02/26] chardev: remove qemu_chr_fe_write_all() counter Marc-André Lureau
2018-06-20 13:53   ` Paolo Bonzini
2018-06-20 14:03   ` Peter Maydell
2018-06-20 14:36     ` Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 03/26] dmabuf: add y0_top, pass it to spice Marc-André Lureau
2018-06-19  6:21   ` Gerd Hoffmann
2018-06-19  9:05     ` Marc-André Lureau
2018-06-19 10:21     ` Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 04/26] vhost-user: simplify vhost_user_init/vhost_user_cleanup Marc-André Lureau
2018-06-21 12:33   ` Tiwei Bie
2018-06-21 12:48     ` Marc-André Lureau
2018-06-21 13:27       ` Tiwei Bie
2018-06-26 12:24         ` Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 05/26] libvhost-user: exit by default on VHOST_USER_NONE Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 06/26] vhost-user: wrap some read/write with retry handling Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 07/26] qio: add qio_channel_command_new_spawn_with_pre_exec() Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 08/26] Add vhost-user-backend Marc-André Lureau
2018-06-20 14:31   ` Marc-André Lureau
2018-06-18 16:17 ` Marc-André Lureau [this message]
2018-06-19  6:19   ` [Qemu-devel] [PATCH v3 09/26] HACK: vhost-user-backend: allow to specify binary to execute Gerd Hoffmann
2018-06-19  9:07     ` Daniel P. Berrangé
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 10/26] vhost-user: split vhost_user_read() Marc-André Lureau
2018-06-19  6:23   ` Gerd Hoffmann
2018-06-19  9:01     ` Marc-André Lureau
2018-06-19 11:20       ` Gerd Hoffmann
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 11/26] vhost-user: add vhost_user_input_get_config() Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 12/26] libvhost-user: export vug_source_new() Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 13/26] contrib: add vhost-user-input Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 14/26] Add vhost-user-input-pci Marc-André Lureau
2018-06-19  6:31   ` Gerd Hoffmann
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 15/26] vhost-user: add vhost_user_gpu_set_socket() Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 16/26] vhost-user: add vhost_user_gpu_get_num_capsets() Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 17/26] virtio: add virtio-gpu bswap helpers header Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 18/26] util: promote qemu_egl_rendernode_open() to libqemuutil Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 19/26] contrib: add vhost-user-gpu Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 20/26] virtio-gpu: remove unused qdev Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 21/26] virtio-gpu: remove unused config_size Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 22/26] virtio-gpu: block both 2d and 3d rendering Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 23/26] virtio-gpu: remove useless 'waiting' field Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 24/26] virtio-gpu: split virtio-gpu, introduce virtio-gpu-base Marc-André Lureau
2018-06-19  6:43   ` Gerd Hoffmann
2018-06-20 16:04     ` Marc-André Lureau
2018-06-21  6:05       ` Gerd Hoffmann
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 25/26] virtio-gpu: split virtio-gpu-pci & virtio-vga Marc-André Lureau
2018-06-20 16:59   ` Marc-André Lureau
2018-06-18 16:17 ` [Qemu-devel] [PATCH v3 26/26] hw/display: add vhost-user-vga & gpu-pci Marc-André Lureau
2018-06-19  6:54   ` Gerd Hoffmann
2018-06-19  8:58     ` Marc-André Lureau
2018-06-18 18:50 ` [Qemu-devel] [PATCH v3 00/26] vhost-user for input & GPU no-reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180618161729.334-10-marcandre.lureau@redhat.com \
    --to=marcandre.lureau@redhat.com \
    --cc=berrange@redhat.com \
    --cc=kraxel@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.