From: "Dr. David Alan Gilbert (git)" <dgilbert@redhat.com>
To: qemu-devel@nongnu.org, stefanha@redhat.com, vgoyal@redhat.com,
virtio-fs@redhat.com
Subject: [PATCH v2 24/25] vhost-user-fs: Implement drop CAP_FSETID functionality
Date: Wed, 14 Apr 2021 16:51:36 +0100 [thread overview]
Message-ID: <20210414155137.46522-25-dgilbert@redhat.com> (raw)
In-Reply-To: <20210414155137.46522-1-dgilbert@redhat.com>
From: Vivek Goyal <vgoyal@redhat.com>
As part of slave_io message, slave can ask to do I/O on an fd. Additionally
slave can ask for dropping CAP_FSETID (if master has it) before doing I/O.
Implement functionality to drop CAP_FSETID and gain it back after the
operation.
This also creates a dependency on libcap-ng.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
hw/virtio/meson.build | 1 +
hw/virtio/vhost-user-fs.c | 92 ++++++++++++++++++++++++++++++++++++++-
meson.build | 6 +++
3 files changed, 97 insertions(+), 2 deletions(-)
diff --git a/hw/virtio/meson.build b/hw/virtio/meson.build
index fbff9bc9d4..bdcdc82e13 100644
--- a/hw/virtio/meson.build
+++ b/hw/virtio/meson.build
@@ -18,6 +18,7 @@ virtio_ss.add(when: 'CONFIG_VIRTIO_BALLOON', if_true: files('virtio-balloon.c'))
virtio_ss.add(when: 'CONFIG_VIRTIO_CRYPTO', if_true: files('virtio-crypto.c'))
virtio_ss.add(when: ['CONFIG_VIRTIO_CRYPTO', 'CONFIG_VIRTIO_PCI'], if_true: files('virtio-crypto-pci.c'))
virtio_ss.add(when: 'CONFIG_VHOST_USER_FS', if_true: files('vhost-user-fs.c'))
+virtio_ss.add(when: 'CONFIG_VHOST_USER_FS', if_true: libcap_ng)
virtio_ss.add(when: ['CONFIG_VHOST_USER_FS', 'CONFIG_VIRTIO_PCI'], if_true: files('vhost-user-fs-pci.c'))
virtio_ss.add(when: 'CONFIG_VIRTIO_PMEM', if_true: files('virtio-pmem.c'))
virtio_ss.add(when: 'CONFIG_VHOST_VSOCK', if_true: files('vhost-vsock.c', 'vhost-vsock-common.c'))
diff --git a/hw/virtio/vhost-user-fs.c b/hw/virtio/vhost-user-fs.c
index 23bb8436e1..09947257f1 100644
--- a/hw/virtio/vhost-user-fs.c
+++ b/hw/virtio/vhost-user-fs.c
@@ -13,6 +13,8 @@
#include "qemu/osdep.h"
#include <sys/ioctl.h>
+#include <cap-ng.h>
+#include <sys/syscall.h>
#include "standard-headers/linux/virtio_fs.h"
#include "qapi/error.h"
#include "hw/qdev-properties.h"
@@ -91,6 +93,84 @@ static bool check_slave_message_entries(const VhostUserFSSlaveMsg *sm,
return true;
}
+/*
+ * Helpers for dropping and regaining effective capabilities. Returns 0
+ * on success, error otherwise
+ */
+static int drop_effective_cap(const char *cap_name, bool *cap_dropped)
+{
+ int cap, ret;
+
+ cap = capng_name_to_capability(cap_name);
+ if (cap < 0) {
+ ret = -errno;
+ error_report("capng_name_to_capability(%s) failed:%s", cap_name,
+ strerror(errno));
+ goto out;
+ }
+
+ if (capng_get_caps_process()) {
+ ret = -errno;
+ error_report("capng_get_caps_process() failed:%s", strerror(errno));
+ goto out;
+ }
+
+ /* We dont have this capability in effective set already. */
+ if (!capng_have_capability(CAPNG_EFFECTIVE, cap)) {
+ ret = 0;
+ goto out;
+ }
+
+ if (capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, cap)) {
+ ret = -errno;
+ error_report("capng_update(DROP,) failed");
+ goto out;
+ }
+ if (capng_apply(CAPNG_SELECT_CAPS)) {
+ ret = -errno;
+ error_report("drop:capng_apply() failed");
+ goto out;
+ }
+
+ ret = 0;
+ if (cap_dropped) {
+ *cap_dropped = true;
+ }
+
+out:
+ return ret;
+}
+
+static int gain_effective_cap(const char *cap_name)
+{
+ int cap;
+ int ret = 0;
+
+ cap = capng_name_to_capability(cap_name);
+ if (cap < 0) {
+ ret = -errno;
+ error_report("capng_name_to_capability(%s) failed:%s", cap_name,
+ strerror(errno));
+ goto out;
+ }
+
+ if (capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, cap)) {
+ ret = -errno;
+ error_report("capng_update(ADD,) failed");
+ goto out;
+ }
+
+ if (capng_apply(CAPNG_SELECT_CAPS)) {
+ ret = -errno;
+ error_report("gain:capng_apply() failed");
+ goto out;
+ }
+ ret = 0;
+
+out:
+ return ret;
+}
+
uint64_t vhost_user_fs_slave_map(struct vhost_dev *dev, int message_size,
VhostUserFSSlaveMsg *sm, int fd)
{
@@ -238,6 +318,7 @@ uint64_t vhost_user_fs_slave_io(struct vhost_dev *dev, int message_size,
unsigned int i;
int res = 0;
size_t done = 0;
+ bool cap_fsetid_dropped = false;
if (fd < 0) {
error_report("Bad fd for map");
@@ -245,8 +326,10 @@ uint64_t vhost_user_fs_slave_io(struct vhost_dev *dev, int message_size,
}
if (sm->flags & VHOST_USER_FS_GENFLAG_DROP_FSETID) {
- error_report("Dropping CAP_FSETID is not supported");
- return (uint64_t)-ENOTSUP;
+ res = drop_effective_cap("FSETID", &cap_fsetid_dropped);
+ if (res != 0) {
+ return (uint64_t)res;
+ }
}
for (i = 0; i < sm->count && !res; i++) {
@@ -313,6 +396,11 @@ uint64_t vhost_user_fs_slave_io(struct vhost_dev *dev, int message_size,
}
close(fd);
+ if (cap_fsetid_dropped) {
+ if (gain_effective_cap("FSETID")) {
+ error_report("Failed to gain CAP_FSETID");
+ }
+ }
trace_vhost_user_fs_slave_io_exit(res, done);
if (res < 0) {
return (uint64_t)res;
diff --git a/meson.build b/meson.build
index c6f4b0cf5e..71899d0993 100644
--- a/meson.build
+++ b/meson.build
@@ -1081,6 +1081,12 @@ elif get_option('virtfs').disabled()
have_virtfs = false
endif
+if config_host.has_key('CONFIG_VHOST_USER_FS')
+ if not libcap_ng.found()
+ error('vhost-user-fs requires libcap-ng-devel')
+ endif
+endif
+
config_host_data.set_quoted('CONFIG_BINDIR', get_option('prefix') / get_option('bindir'))
config_host_data.set_quoted('CONFIG_PREFIX', get_option('prefix'))
config_host_data.set_quoted('CONFIG_QEMU_CONFDIR', get_option('prefix') / qemu_confdir)
--
2.31.1
next prev parent reply other threads:[~2021-04-14 16:22 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-14 15:51 [PATCH v2 00/25] virtiofs dax patches Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 01/25] DAX: vhost-user: Rework slave return values Dr. David Alan Gilbert (git)
2021-04-16 10:59 ` [Virtio-fs] " Greg Kurz
2021-04-21 17:31 ` Dr. David Alan Gilbert
2021-04-14 15:51 ` [PATCH v2 02/25] virtiofsd: Don't assume header layout Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 03/25] DAX: libvhost-user: Route slave message payload Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 04/25] DAX: libvhost-user: Allow popping a queue element with bad pointers Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 05/25] DAX subprojects/libvhost-user: Add virtio-fs slave types Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 06/25] DAX: virtio: Add shared memory capability Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 07/25] DAX: virtio-fs: Add cache BAR Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 08/25] DAX: virtio-fs: Add vhost-user slave commands for mapping Dr. David Alan Gilbert (git)
2021-04-14 16:35 ` [Virtio-fs] " Greg Kurz
2021-04-21 17:49 ` Dr. David Alan Gilbert
2021-04-14 15:51 ` [PATCH v2 09/25] DAX: virtio-fs: Fill in " Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 10/25] DAX: virtiofsd Add cache accessor functions Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 11/25] DAX: virtiofsd: Add setup/remove mappings fuse commands Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 12/25] DAX: virtiofsd: Add setup/remove mapping handlers to passthrough_ll Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 13/25] DAX: virtiofsd: Wire up passthrough_ll's lo_setupmapping Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 14/25] DAX: virtiofsd: Make lo_removemapping() work Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 15/25] DAX: virtiofsd: route se down to destroy method Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 16/25] DAX: virtiofsd: Perform an unmap on destroy Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 17/25] DAX/unmap: virtiofsd: Add VHOST_USER_SLAVE_FS_IO Dr. David Alan Gilbert (git)
2021-04-21 20:07 ` [Virtio-fs] " Vivek Goyal
2021-04-22 9:29 ` Dr. David Alan Gilbert
2021-04-22 15:40 ` Vivek Goyal
2021-04-22 15:48 ` Dr. David Alan Gilbert
2021-04-14 15:51 ` [PATCH v2 18/25] DAX/unmap virtiofsd: Add wrappers for VHOST_USER_SLAVE_FS_IO Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 19/25] DAX/unmap virtiofsd: Parse unmappable elements Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 20/25] DAX/unmap virtiofsd: Route unmappable reads Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 21/25] DAX/unmap virtiofsd: route unmappable write to slave command Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 22/25] DAX:virtiofsd: implement FUSE_INIT map_alignment field Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` [PATCH v2 23/25] vhost-user-fs: Extend VhostUserFSSlaveMsg to pass additional info Dr. David Alan Gilbert (git)
2021-04-14 15:51 ` Dr. David Alan Gilbert (git) [this message]
2021-04-14 15:51 ` [PATCH v2 25/25] virtiofsd: Ask qemu to drop CAP_FSETID if client asked for it Dr. David Alan Gilbert (git)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210414155137.46522-25-dgilbert@redhat.com \
--to=dgilbert@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=vgoyal@redhat.com \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).