Re: [PATCH v3 3/5] tools/virtiofsd: xattr name mappings: Map server xattr names

From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Vivek Goyal <vgoyal@redhat.com>
Cc: dinechin@redhat.com, virtio-fs@redhat.com, qemu-devel@nongnu.org,
	stefanha@redhat.com
Subject: Re: [PATCH v3 3/5] tools/virtiofsd: xattr name mappings: Map server xattr names
Date: Fri, 23 Oct 2020 15:49:12 +0100	[thread overview]
Message-ID: <20201023144912.GE3038@work-vm> (raw)
In-Reply-To: <20201022161656.GD512900@redhat.com>

* Vivek Goyal (vgoyal@redhat.com) wrote:
> On Wed, Oct 14, 2020 at 07:02:07PM +0100, Dr. David Alan Gilbert (git) wrote:
> > From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
> > 
> > Map xattr names coming from the server, i.e. the host filesystem;
> > currently this is only from listxattr.
> > 
> > Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> > ---
> >  tools/virtiofsd/passthrough_ll.c | 89 ++++++++++++++++++++++++++++++++
> >  1 file changed, 89 insertions(+)
> > 
> > diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
> > index 57ebe17ed6..8406a2ae86 100644
> > --- a/tools/virtiofsd/passthrough_ll.c
> > +++ b/tools/virtiofsd/passthrough_ll.c
> > @@ -2220,6 +2220,43 @@ static int xattr_map_client(const struct lo_data *lo, const char *client_name,
> >          }
> >      }
> >  
> > +    /* Shouldn't get here - rules should have an END_* - check parse_xattrmap */
> > +    abort();
> > +}
> > +
> > +/*
> > + * For use with listxattr where the server fs gives us a name and we may need
> > + * to sanitize this for the client.
> > + * Returns a pointer to the result in *out_name
> > + *   This is always the original string or the current string with some prefix
> > + *   removed; no reallocation is done.
> > + * Returns 0 on success
> > + * Can return -ENODATA to indicate the name should be dropped from the list.
> > + */
> > +static int xattr_map_server(const struct lo_data *lo, const char *server_name,
> > +                            const char **out_name)
> > +{
> > +    const XattrMapEntry *cur_entry;
> > +    const char *end;
> > +
> > +    for (cur_entry = lo->xattr_map_list; ; cur_entry++) {
> > +        if ((cur_entry->flags & XATTR_MAP_FLAG_SERVER) &&
> > +            (strstart(server_name, cur_entry->prepend, &end))) {
> > +            if (cur_entry->flags & XATTR_MAP_FLAG_END_BAD) {
> > +                return -ENODATA;
> > +            }
> > +            if (cur_entry->flags & XATTR_MAP_FLAG_END_OK) {
> > +                *out_name = server_name;
> > +                return 0;
> > +            }
> > +            if (cur_entry->flags & XATTR_MAP_FLAG_PREFIX) {
> > +                /* Remove prefix */
> > +                *out_name = end;
> > +                return 0;
> > +            }
> > +        }
> > +    }
> > +
> >      /* Shouldn't get here - rules should have an END_* */
> >      abort();
> 
> I am wondering why to put that restriction. If none of the rules match,
> can't we just return as nothing has to be done.

I always add a terminator in the parse as either a bad/ok, and was just
enforcing it - but I've changed it to a return -ENODATA that's probably
safer than the abort().

> >  }
> > @@ -2378,8 +2415,60 @@ static void lo_listxattr(fuse_req_t req, fuse_ino_t ino, size_t size)
> >          if (ret == 0) {
> >              goto out;
> >          }
> > +
> > +        if (lo->xattr_map_list) {
> > +            /*
> > +             * Map the names back, some attributes might be dropped,
> > +             * some shortened, but not increased, so we shouldn't
> > +             * run out of room.
> > +             */
> > +            size_t out_index, in_index;
> > +            out_index = 0;
> > +            in_index = 0;
> > +            while (in_index < ret) {
> > +                const char *map_out;
> > +                char *in_ptr = value + in_index;
> > +                /* Length of current attribute name */
> > +                size_t in_len = strlen(value + in_index) + 1;
> > +
> > +                int mapret = xattr_map_server(lo, in_ptr, &map_out);
> > +                if (mapret != -ENODATA && mapret != 0) {
> > +                    /* Shouldn't happen */
> > +                    saverr = -mapret;
> > +                    goto out;
> > +                }
> > +                if (mapret == 0) {
> > +                    /* Either unchanged, or truncated */
> > +                    size_t out_len;
> > +                    if (map_out != in_ptr) {
> > +                        /* +1 copies the NIL */
> > +                        out_len = strlen(map_out) + 1;
> > +                    } else {
> > +                        /* No change */
> > +                        out_len = in_len;
> > +                    }
> > +                    /*
> > +                     * Move result along, may still be needed for an unchanged
> > +                     * entry if a previous entry was changed.
> > +                     */
> > +                    memmove(value + out_index, map_out, out_len);
> > +
> > +                    out_index += out_len;
> > +                }
> > +                in_index += in_len;
> > +            }
> > +            ret = out_index;
> > +            if (ret == 0) {
> > +                goto out;
> > +            }
> > +        }
> >          fuse_reply_buf(req, value, ret);
> >      } else {
> > +        /*
> > +         * xattrmap only ever shortens the result,
> > +         * so we don't need to do anything clever with the
> > +         * allocation length here.
> > +         */
> >          fuse_reply_xattr(req, ret);
> 
> Hmmm.., so this code returns the length of buffer which will fit xattrs.
> So we will will changing the semantics a bit. Instead of returning
> the exact size of buffer needed, we will be returning max size. I hope
> its not a problem. Fixing it will be too expensive I guess.

Right, although the semantics are fuzzy anyway since someone can
come along and add/remove an xattr between the listxattr calls.

Dave

> Thanks
> Vivek
-- 
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK