From: "Dr. David Alan Gilbert (git)" <dgilbert@redhat.com> To: qemu-devel@nongnu.org, stefanha@redhat.com, vgoyal@redhat.com, virtio-fs@redhat.com Subject: [PATCH v2 24/25] vhost-user-fs: Implement drop CAP_FSETID functionality Date: Wed, 14 Apr 2021 16:51:36 +0100 [thread overview] Message-ID: <20210414155137.46522-25-dgilbert@redhat.com> (raw) In-Reply-To: <20210414155137.46522-1-dgilbert@redhat.com> From: Vivek Goyal <vgoyal@redhat.com> As part of slave_io message, slave can ask to do I/O on an fd. Additionally slave can ask for dropping CAP_FSETID (if master has it) before doing I/O. Implement functionality to drop CAP_FSETID and gain it back after the operation. This also creates a dependency on libcap-ng. Signed-off-by: Vivek Goyal <vgoyal@redhat.com> --- hw/virtio/meson.build | 1 + hw/virtio/vhost-user-fs.c | 92 ++++++++++++++++++++++++++++++++++++++- meson.build | 6 +++ 3 files changed, 97 insertions(+), 2 deletions(-) diff --git a/hw/virtio/meson.build b/hw/virtio/meson.build index fbff9bc9d4..bdcdc82e13 100644 --- a/hw/virtio/meson.build +++ b/hw/virtio/meson.build @@ -18,6 +18,7 @@ virtio_ss.add(when: 'CONFIG_VIRTIO_BALLOON', if_true: files('virtio-balloon.c')) virtio_ss.add(when: 'CONFIG_VIRTIO_CRYPTO', if_true: files('virtio-crypto.c')) virtio_ss.add(when: ['CONFIG_VIRTIO_CRYPTO', 'CONFIG_VIRTIO_PCI'], if_true: files('virtio-crypto-pci.c')) virtio_ss.add(when: 'CONFIG_VHOST_USER_FS', if_true: files('vhost-user-fs.c')) +virtio_ss.add(when: 'CONFIG_VHOST_USER_FS', if_true: libcap_ng) virtio_ss.add(when: ['CONFIG_VHOST_USER_FS', 'CONFIG_VIRTIO_PCI'], if_true: files('vhost-user-fs-pci.c')) virtio_ss.add(when: 'CONFIG_VIRTIO_PMEM', if_true: files('virtio-pmem.c')) virtio_ss.add(when: 'CONFIG_VHOST_VSOCK', if_true: files('vhost-vsock.c', 'vhost-vsock-common.c')) diff --git a/hw/virtio/vhost-user-fs.c b/hw/virtio/vhost-user-fs.c index 23bb8436e1..09947257f1 100644 --- a/hw/virtio/vhost-user-fs.c +++ b/hw/virtio/vhost-user-fs.c @@ -13,6 +13,8 @@ #include "qemu/osdep.h" #include <sys/ioctl.h> +#include <cap-ng.h> +#include <sys/syscall.h> #include "standard-headers/linux/virtio_fs.h" #include "qapi/error.h" #include "hw/qdev-properties.h" @@ -91,6 +93,84 @@ static bool check_slave_message_entries(const VhostUserFSSlaveMsg *sm, return true; } +/* + * Helpers for dropping and regaining effective capabilities. Returns 0 + * on success, error otherwise + */ +static int drop_effective_cap(const char *cap_name, bool *cap_dropped) +{ + int cap, ret; + + cap = capng_name_to_capability(cap_name); + if (cap < 0) { + ret = -errno; + error_report("capng_name_to_capability(%s) failed:%s", cap_name, + strerror(errno)); + goto out; + } + + if (capng_get_caps_process()) { + ret = -errno; + error_report("capng_get_caps_process() failed:%s", strerror(errno)); + goto out; + } + + /* We dont have this capability in effective set already. */ + if (!capng_have_capability(CAPNG_EFFECTIVE, cap)) { + ret = 0; + goto out; + } + + if (capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, cap)) { + ret = -errno; + error_report("capng_update(DROP,) failed"); + goto out; + } + if (capng_apply(CAPNG_SELECT_CAPS)) { + ret = -errno; + error_report("drop:capng_apply() failed"); + goto out; + } + + ret = 0; + if (cap_dropped) { + *cap_dropped = true; + } + +out: + return ret; +} + +static int gain_effective_cap(const char *cap_name) +{ + int cap; + int ret = 0; + + cap = capng_name_to_capability(cap_name); + if (cap < 0) { + ret = -errno; + error_report("capng_name_to_capability(%s) failed:%s", cap_name, + strerror(errno)); + goto out; + } + + if (capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, cap)) { + ret = -errno; + error_report("capng_update(ADD,) failed"); + goto out; + } + + if (capng_apply(CAPNG_SELECT_CAPS)) { + ret = -errno; + error_report("gain:capng_apply() failed"); + goto out; + } + ret = 0; + +out: + return ret; +} + uint64_t vhost_user_fs_slave_map(struct vhost_dev *dev, int message_size, VhostUserFSSlaveMsg *sm, int fd) { @@ -238,6 +318,7 @@ uint64_t vhost_user_fs_slave_io(struct vhost_dev *dev, int message_size, unsigned int i; int res = 0; size_t done = 0; + bool cap_fsetid_dropped = false; if (fd < 0) { error_report("Bad fd for map"); @@ -245,8 +326,10 @@ uint64_t vhost_user_fs_slave_io(struct vhost_dev *dev, int message_size, } if (sm->flags & VHOST_USER_FS_GENFLAG_DROP_FSETID) { - error_report("Dropping CAP_FSETID is not supported"); - return (uint64_t)-ENOTSUP; + res = drop_effective_cap("FSETID", &cap_fsetid_dropped); + if (res != 0) { + return (uint64_t)res; + } } for (i = 0; i < sm->count && !res; i++) { @@ -313,6 +396,11 @@ uint64_t vhost_user_fs_slave_io(struct vhost_dev *dev, int message_size, } close(fd); + if (cap_fsetid_dropped) { + if (gain_effective_cap("FSETID")) { + error_report("Failed to gain CAP_FSETID"); + } + } trace_vhost_user_fs_slave_io_exit(res, done); if (res < 0) { return (uint64_t)res; diff --git a/meson.build b/meson.build index c6f4b0cf5e..71899d0993 100644 --- a/meson.build +++ b/meson.build @@ -1081,6 +1081,12 @@ elif get_option('virtfs').disabled() have_virtfs = false endif +if config_host.has_key('CONFIG_VHOST_USER_FS') + if not libcap_ng.found() + error('vhost-user-fs requires libcap-ng-devel') + endif +endif + config_host_data.set_quoted('CONFIG_BINDIR', get_option('prefix') / get_option('bindir')) config_host_data.set_quoted('CONFIG_PREFIX', get_option('prefix')) config_host_data.set_quoted('CONFIG_QEMU_CONFDIR', get_option('prefix') / qemu_confdir) -- 2.31.1
WARNING: multiple messages have this Message-ID (diff)
From: "Dr. David Alan Gilbert (git)" <dgilbert@redhat.com> To: qemu-devel@nongnu.org, stefanha@redhat.com, vgoyal@redhat.com, virtio-fs@redhat.com Subject: [Virtio-fs] [PATCH v2 24/25] vhost-user-fs: Implement drop CAP_FSETID functionality Date: Wed, 14 Apr 2021 16:51:36 +0100 [thread overview] Message-ID: <20210414155137.46522-25-dgilbert@redhat.com> (raw) In-Reply-To: <20210414155137.46522-1-dgilbert@redhat.com> From: Vivek Goyal <vgoyal@redhat.com> As part of slave_io message, slave can ask to do I/O on an fd. Additionally slave can ask for dropping CAP_FSETID (if master has it) before doing I/O. Implement functionality to drop CAP_FSETID and gain it back after the operation. This also creates a dependency on libcap-ng. Signed-off-by: Vivek Goyal <vgoyal@redhat.com> --- hw/virtio/meson.build | 1 + hw/virtio/vhost-user-fs.c | 92 ++++++++++++++++++++++++++++++++++++++- meson.build | 6 +++ 3 files changed, 97 insertions(+), 2 deletions(-) diff --git a/hw/virtio/meson.build b/hw/virtio/meson.build index fbff9bc9d4..bdcdc82e13 100644 --- a/hw/virtio/meson.build +++ b/hw/virtio/meson.build @@ -18,6 +18,7 @@ virtio_ss.add(when: 'CONFIG_VIRTIO_BALLOON', if_true: files('virtio-balloon.c')) virtio_ss.add(when: 'CONFIG_VIRTIO_CRYPTO', if_true: files('virtio-crypto.c')) virtio_ss.add(when: ['CONFIG_VIRTIO_CRYPTO', 'CONFIG_VIRTIO_PCI'], if_true: files('virtio-crypto-pci.c')) virtio_ss.add(when: 'CONFIG_VHOST_USER_FS', if_true: files('vhost-user-fs.c')) +virtio_ss.add(when: 'CONFIG_VHOST_USER_FS', if_true: libcap_ng) virtio_ss.add(when: ['CONFIG_VHOST_USER_FS', 'CONFIG_VIRTIO_PCI'], if_true: files('vhost-user-fs-pci.c')) virtio_ss.add(when: 'CONFIG_VIRTIO_PMEM', if_true: files('virtio-pmem.c')) virtio_ss.add(when: 'CONFIG_VHOST_VSOCK', if_true: files('vhost-vsock.c', 'vhost-vsock-common.c')) diff --git a/hw/virtio/vhost-user-fs.c b/hw/virtio/vhost-user-fs.c index 23bb8436e1..09947257f1 100644 --- a/hw/virtio/vhost-user-fs.c +++ b/hw/virtio/vhost-user-fs.c @@ -13,6 +13,8 @@ #include "qemu/osdep.h" #include <sys/ioctl.h> +#include <cap-ng.h> +#include <sys/syscall.h> #include "standard-headers/linux/virtio_fs.h" #include "qapi/error.h" #include "hw/qdev-properties.h" @@ -91,6 +93,84 @@ static bool check_slave_message_entries(const VhostUserFSSlaveMsg *sm, return true; } +/* + * Helpers for dropping and regaining effective capabilities. Returns 0 + * on success, error otherwise + */ +static int drop_effective_cap(const char *cap_name, bool *cap_dropped) +{ + int cap, ret; + + cap = capng_name_to_capability(cap_name); + if (cap < 0) { + ret = -errno; + error_report("capng_name_to_capability(%s) failed:%s", cap_name, + strerror(errno)); + goto out; + } + + if (capng_get_caps_process()) { + ret = -errno; + error_report("capng_get_caps_process() failed:%s", strerror(errno)); + goto out; + } + + /* We dont have this capability in effective set already. */ + if (!capng_have_capability(CAPNG_EFFECTIVE, cap)) { + ret = 0; + goto out; + } + + if (capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, cap)) { + ret = -errno; + error_report("capng_update(DROP,) failed"); + goto out; + } + if (capng_apply(CAPNG_SELECT_CAPS)) { + ret = -errno; + error_report("drop:capng_apply() failed"); + goto out; + } + + ret = 0; + if (cap_dropped) { + *cap_dropped = true; + } + +out: + return ret; +} + +static int gain_effective_cap(const char *cap_name) +{ + int cap; + int ret = 0; + + cap = capng_name_to_capability(cap_name); + if (cap < 0) { + ret = -errno; + error_report("capng_name_to_capability(%s) failed:%s", cap_name, + strerror(errno)); + goto out; + } + + if (capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, cap)) { + ret = -errno; + error_report("capng_update(ADD,) failed"); + goto out; + } + + if (capng_apply(CAPNG_SELECT_CAPS)) { + ret = -errno; + error_report("gain:capng_apply() failed"); + goto out; + } + ret = 0; + +out: + return ret; +} + uint64_t vhost_user_fs_slave_map(struct vhost_dev *dev, int message_size, VhostUserFSSlaveMsg *sm, int fd) { @@ -238,6 +318,7 @@ uint64_t vhost_user_fs_slave_io(struct vhost_dev *dev, int message_size, unsigned int i; int res = 0; size_t done = 0; + bool cap_fsetid_dropped = false; if (fd < 0) { error_report("Bad fd for map"); @@ -245,8 +326,10 @@ uint64_t vhost_user_fs_slave_io(struct vhost_dev *dev, int message_size, } if (sm->flags & VHOST_USER_FS_GENFLAG_DROP_FSETID) { - error_report("Dropping CAP_FSETID is not supported"); - return (uint64_t)-ENOTSUP; + res = drop_effective_cap("FSETID", &cap_fsetid_dropped); + if (res != 0) { + return (uint64_t)res; + } } for (i = 0; i < sm->count && !res; i++) { @@ -313,6 +396,11 @@ uint64_t vhost_user_fs_slave_io(struct vhost_dev *dev, int message_size, } close(fd); + if (cap_fsetid_dropped) { + if (gain_effective_cap("FSETID")) { + error_report("Failed to gain CAP_FSETID"); + } + } trace_vhost_user_fs_slave_io_exit(res, done); if (res < 0) { return (uint64_t)res; diff --git a/meson.build b/meson.build index c6f4b0cf5e..71899d0993 100644 --- a/meson.build +++ b/meson.build @@ -1081,6 +1081,12 @@ elif get_option('virtfs').disabled() have_virtfs = false endif +if config_host.has_key('CONFIG_VHOST_USER_FS') + if not libcap_ng.found() + error('vhost-user-fs requires libcap-ng-devel') + endif +endif + config_host_data.set_quoted('CONFIG_BINDIR', get_option('prefix') / get_option('bindir')) config_host_data.set_quoted('CONFIG_PREFIX', get_option('prefix')) config_host_data.set_quoted('CONFIG_QEMU_CONFDIR', get_option('prefix') / qemu_confdir) -- 2.31.1
next prev parent reply other threads:[~2021-04-14 16:22 UTC|newest] Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-04-14 15:51 [PATCH v2 00/25] virtiofs dax patches Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 01/25] DAX: vhost-user: Rework slave return values Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-16 10:59 ` Greg Kurz 2021-04-16 10:59 ` Greg Kurz 2021-04-21 17:31 ` Dr. David Alan Gilbert 2021-04-21 17:31 ` Dr. David Alan Gilbert 2021-04-14 15:51 ` [PATCH v2 02/25] virtiofsd: Don't assume header layout Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 03/25] DAX: libvhost-user: Route slave message payload Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 04/25] DAX: libvhost-user: Allow popping a queue element with bad pointers Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 05/25] DAX subprojects/libvhost-user: Add virtio-fs slave types Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 06/25] DAX: virtio: Add shared memory capability Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 07/25] DAX: virtio-fs: Add cache BAR Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 08/25] DAX: virtio-fs: Add vhost-user slave commands for mapping Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 16:35 ` Greg Kurz 2021-04-14 16:35 ` Greg Kurz 2021-04-21 17:49 ` Dr. David Alan Gilbert 2021-04-21 17:49 ` Dr. David Alan Gilbert 2021-04-14 15:51 ` [PATCH v2 09/25] DAX: virtio-fs: Fill in " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 10/25] DAX: virtiofsd Add cache accessor functions Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 11/25] DAX: virtiofsd: Add setup/remove mappings fuse commands Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 12/25] DAX: virtiofsd: Add setup/remove mapping handlers to passthrough_ll Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 13/25] DAX: virtiofsd: Wire up passthrough_ll's lo_setupmapping Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 14/25] DAX: virtiofsd: Make lo_removemapping() work Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 15/25] DAX: virtiofsd: route se down to destroy method Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 16/25] DAX: virtiofsd: Perform an unmap on destroy Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 17/25] DAX/unmap: virtiofsd: Add VHOST_USER_SLAVE_FS_IO Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-21 20:07 ` Vivek Goyal 2021-04-21 20:07 ` Vivek Goyal 2021-04-22 9:29 ` Dr. David Alan Gilbert 2021-04-22 9:29 ` Dr. David Alan Gilbert 2021-04-22 15:40 ` Vivek Goyal 2021-04-22 15:40 ` Vivek Goyal 2021-04-22 15:48 ` Dr. David Alan Gilbert 2021-04-22 15:48 ` Dr. David Alan Gilbert 2021-04-14 15:51 ` [PATCH v2 18/25] DAX/unmap virtiofsd: Add wrappers for VHOST_USER_SLAVE_FS_IO Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 19/25] DAX/unmap virtiofsd: Parse unmappable elements Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 20/25] DAX/unmap virtiofsd: Route unmappable reads Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 21/25] DAX/unmap virtiofsd: route unmappable write to slave command Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 22/25] DAX:virtiofsd: implement FUSE_INIT map_alignment field Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 23/25] vhost-user-fs: Extend VhostUserFSSlaveMsg to pass additional info Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` Dr. David Alan Gilbert (git) [this message] 2021-04-14 15:51 ` [Virtio-fs] [PATCH v2 24/25] vhost-user-fs: Implement drop CAP_FSETID functionality Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [PATCH v2 25/25] virtiofsd: Ask qemu to drop CAP_FSETID if client asked for it Dr. David Alan Gilbert (git) 2021-04-14 15:51 ` [Virtio-fs] " Dr. David Alan Gilbert (git)
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210414155137.46522-25-dgilbert@redhat.com \ --to=dgilbert@redhat.com \ --cc=qemu-devel@nongnu.org \ --cc=stefanha@redhat.com \ --cc=vgoyal@redhat.com \ --cc=virtio-fs@redhat.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.