qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 41af44: virtiofsd: Do not support blocking fl


From: Peter Maydell
Subject: [Qemu-commits] [qemu/qemu] 41af44: virtiofsd: Do not support blocking flock
Date: Sun, 20 Feb 2022 07:05:36 -0800

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 41af4459ac47e107093c3f54b6875d54723aa613
      
https://github.com/qemu/qemu/commit/41af4459ac47e107093c3f54b6875d54723aa613
  Author: Sebastian Hasler <sebastian.hasler@stuvus.uni-stuttgart.de>
  Date:   2022-02-16 (Wed, 16 Feb 2022)

  Changed paths:
    M tools/virtiofsd/passthrough_ll.c

  Log Message:
  -----------
  virtiofsd: Do not support blocking flock

With the current implementation, blocking flock can lead to
deadlock. Thus, it's better to return EOPNOTSUPP if a user attempts
to perform a blocking flock request.

Signed-off-by: Sebastian Hasler <sebastian.hasler@stuvus.uni-stuttgart.de>
Message-Id: <20220113153249.710216-1-sebastian.hasler@stuvus.uni-stuttgart.de>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>


  Commit: a086d54c6ffa38f7e71f182b63a25315304a3392
      
https://github.com/qemu/qemu/commit/a086d54c6ffa38f7e71f182b63a25315304a3392
  Author: Vivek Goyal <vgoyal@redhat.com>
  Date:   2022-02-17 (Thu, 17 Feb 2022)

  Changed paths:
    M tools/virtiofsd/fuse_lowlevel.c

  Log Message:
  -----------
  virtiofsd: Fix breakage due to fuse_init_in size change

Kernel version 5.17 has increased the size of "struct fuse_init_in" struct.
Previously this struct was 16 bytes and now it has been extended to
64 bytes in size.

Once qemu headers are updated to latest, it will expect to receive 64 byte
size struct (for protocol version major 7 and minor > 6). But if guest is
booting older kernel (older than 5.17), then it still sends older
fuse_init_in of size 16 bytes. And do_init() fails. It is expecting
64 byte struct. And this results in mount of virtiofs failing.

Fix this by parsing 16 bytes only for now. Separate patches will be
posted which will parse rest of the bytes and enable new functionality.
Right now we don't support any of the new functionality, so we don't
lose anything by not parsing bytes beyond 16.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20220208204813.682906-2-vgoyal@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>


  Commit: ef17dd6a8e6b6e3aeb29233996d44dfcb736d515
      
https://github.com/qemu/qemu/commit/ef17dd6a8e6b6e3aeb29233996d44dfcb736d515
  Author: Vivek Goyal <vgoyal@redhat.com>
  Date:   2022-02-17 (Thu, 17 Feb 2022)

  Changed paths:
    M include/standard-headers/asm-x86/kvm_para.h
    M include/standard-headers/drm/drm_fourcc.h
    M include/standard-headers/linux/ethtool.h
    M include/standard-headers/linux/fuse.h
    M include/standard-headers/linux/pci_regs.h
    A include/standard-headers/linux/virtio_gpio.h
    A include/standard-headers/linux/virtio_i2c.h
    M include/standard-headers/linux/virtio_iommu.h
    A include/standard-headers/linux/virtio_pcidev.h
    A include/standard-headers/linux/virtio_scmi.h
    M linux-headers/asm-generic/unistd.h
    M linux-headers/asm-mips/unistd_n32.h
    M linux-headers/asm-mips/unistd_n64.h
    M linux-headers/asm-mips/unistd_o32.h
    M linux-headers/asm-powerpc/unistd_32.h
    M linux-headers/asm-powerpc/unistd_64.h
    A linux-headers/asm-riscv/bitsperlong.h
    A linux-headers/asm-riscv/mman.h
    A linux-headers/asm-riscv/unistd.h
    M linux-headers/asm-s390/unistd_32.h
    M linux-headers/asm-s390/unistd_64.h
    M linux-headers/asm-x86/kvm.h
    M linux-headers/asm-x86/unistd_32.h
    M linux-headers/asm-x86/unistd_64.h
    M linux-headers/asm-x86/unistd_x32.h
    M linux-headers/linux/kvm.h

  Log Message:
  -----------
  linux-headers: Update headers to v5.17-rc1

Update headers to 5.17-rc1. I need latest fuse changes.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20220208204813.682906-3-vgoyal@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>


  Commit: 776dc4b1650062099df3cb4f90fa01c8e73eecfa
      
https://github.com/qemu/qemu/commit/776dc4b1650062099df3cb4f90fa01c8e73eecfa
  Author: Vivek Goyal <vgoyal@redhat.com>
  Date:   2022-02-17 (Thu, 17 Feb 2022)

  Changed paths:
    M tools/virtiofsd/fuse_lowlevel.c

  Log Message:
  -----------
  virtiofsd: Parse extended "struct fuse_init_in"

Add some code to parse extended "struct fuse_init_in". And use a local
variable "flag" to represent 64 bit flags. This will make it easier
to add more features without having to worry about two 32bit flags (->flags
and ->flags2) in "fuse_struct_in".

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20220208204813.682906-4-vgoyal@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
  dgilbert: Fixed up long line


  Commit: 4c7c393c7baadecf44a3d3c726f99660387a3293
      
https://github.com/qemu/qemu/commit/4c7c393c7baadecf44a3d3c726f99660387a3293
  Author: Vivek Goyal <vgoyal@redhat.com>
  Date:   2022-02-17 (Thu, 17 Feb 2022)

  Changed paths:
    M tools/virtiofsd/fuse_common.h
    M tools/virtiofsd/fuse_lowlevel.c

  Log Message:
  -----------
  virtiofsd: Extend size of fuse_conn_info->capable and ->want fields

->capable keeps track of what capabilities kernel supports and ->wants keep
track of what capabilities filesytem wants.

Right now these fields are 32bit in size. But now fuse has run out of
bits and capabilities can now have bit number which are higher than 31.

That means 32 bit fields are not suffcient anymore. Increase size to 64
bit so that we can add newer capabilities and still be able to use existing
code to check and set the capabilities.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20220208204813.682906-5-vgoyal@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>


  Commit: 36cfab870e834209d034266592786310acea8311
      
https://github.com/qemu/qemu/commit/36cfab870e834209d034266592786310acea8311
  Author: Vivek Goyal <vgoyal@redhat.com>
  Date:   2022-02-17 (Thu, 17 Feb 2022)

  Changed paths:
    M tools/virtiofsd/fuse_common.h
    M tools/virtiofsd/fuse_i.h
    M tools/virtiofsd/fuse_lowlevel.c

  Log Message:
  -----------
  virtiofsd, fuse_lowlevel.c: Add capability to parse security context

Add capability to enable and parse security context as sent by client
and put into fuse_req. Filesystems now can get security context from
request and set it on files during creation.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20220208204813.682906-6-vgoyal@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>


  Commit: 81489726ad8d9adc2710eb7acff8e3d9c056dbdb
      
https://github.com/qemu/qemu/commit/81489726ad8d9adc2710eb7acff8e3d9c056dbdb
  Author: Vivek Goyal <vgoyal@redhat.com>
  Date:   2022-02-17 (Thu, 17 Feb 2022)

  Changed paths:
    M tools/virtiofsd/passthrough_ll.c

  Log Message:
  -----------
  virtiofsd: Move core file creation code in separate function

Move core file creation bits in a separate function. Soon this is going
to get more complex as file creation need to set security context also.
And there will be multiple modes of file creation in next patch.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20220208204813.682906-7-vgoyal@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>


  Commit: cb282e556acef3764adde88701ec923a0731bc56
      
https://github.com/qemu/qemu/commit/cb282e556acef3764adde88701ec923a0731bc56
  Author: Vivek Goyal <vgoyal@redhat.com>
  Date:   2022-02-17 (Thu, 17 Feb 2022)

  Changed paths:
    M tools/virtiofsd/passthrough_ll.c

  Log Message:
  -----------
  virtiofsd: Add helpers to work with /proc/self/task/tid/attr/fscreate

Soon we will be able to create and also set security context on the file
atomically using /proc/self/task/tid/attr/fscreate knob. If this knob
is available on the system, first set the knob with the desired context
and then create the file. It will be created with the context set in
fscreate. This works basically for SELinux and its per thread.

This patch just introduces the helper functions. Subsequent patches will
make use of these helpers.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20220208204813.682906-8-vgoyal@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
  dgilbert: Manually merged gettid syscall number fixup from Vivek


  Commit: 0c3f81e13184ef0dc4b7c1a2afc15cb77fdad99b
      
https://github.com/qemu/qemu/commit/0c3f81e13184ef0dc4b7c1a2afc15cb77fdad99b
  Author: Vivek Goyal <vgoyal@redhat.com>
  Date:   2022-02-17 (Thu, 17 Feb 2022)

  Changed paths:
    M tools/virtiofsd/passthrough_ll.c

  Log Message:
  -----------
  virtiofsd: Create new file with security context

This patch adds support for creating new file with security context
as sent by client. It basically takes three paths.

- If no security context enabled, then it continues to create files without
  security context.

- If security context is enabled and but security.selinux has not been
  remapped, then it uses /proc/thread-self/attr/fscreate knob to set
  security context and then create the file. This will make sure that
  newly created file gets the security context as set in "fscreate" and
  this is atomic w.r.t file creation.

  This is useful and host and guest SELinux policies don't conflict and
  can work with each other. In that case, guest security.selinux xattr
  is not remapped and it is passthrough as "security.selinux" xattr
  on host.

- If security context is enabled but security.selinux xattr has been
  remapped to something else, then it first creates the file and then
  uses setxattr() to set the remapped xattr with the security context.
  This is a non-atomic operation w.r.t file creation.

  This mode will be most versatile and allow host and guest to have their
  own separate SELinux xattrs and have their own separate SELinux policies.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20220208204813.682906-9-vgoyal@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>


  Commit: a675c9a600389d210882fd1511edc2be65d53cdc
      
https://github.com/qemu/qemu/commit/a675c9a600389d210882fd1511edc2be65d53cdc
  Author: Vivek Goyal <vgoyal@redhat.com>
  Date:   2022-02-17 (Thu, 17 Feb 2022)

  Changed paths:
    M tools/virtiofsd/passthrough_ll.c

  Log Message:
  -----------
  virtiofsd: Create new file using O_TMPFILE and set security context

If guest and host policies can't work with each other, then guest security
context (selinux label) needs to be set into an xattr. Say remap guest
security.selinux xattr to trusted.virtiofs.security.selinux.

That means setting "fscreate" is not going to help as that's ony useful
for security.selinux xattr on host.

So we need another method which is atomic. Use O_TMPFILE to create new
file, set xattr and then linkat() to proper place.

But this works only for regular files. So dir, symlinks will continue
to be non-atomic.

Also if host filesystem does not support O_TMPFILE, we fallback to
non-atomic behavior.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20220208204813.682906-10-vgoyal@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>


  Commit: 963061dc11e762285a6c1825b9c09e48cc8c6f5f
      
https://github.com/qemu/qemu/commit/963061dc11e762285a6c1825b9c09e48cc8c6f5f
  Author: Vivek Goyal <vgoyal@redhat.com>
  Date:   2022-02-17 (Thu, 17 Feb 2022)

  Changed paths:
    M docs/tools/virtiofsd.rst
    M tools/virtiofsd/helper.c
    M tools/virtiofsd/passthrough_ll.c

  Log Message:
  -----------
  virtiofsd: Add an option to enable/disable security label

Provide an option "-o security_label/no_security_label" to enable/disable
security label functionality. By default these are turned off.

If enabled, server will indicate to client that it is capable of handling
one security label during file creation. Typically this is expected to
be a SELinux label. File server will set this label on the file. It will
try to set it atomically wherever possible. But its not possible in
all the cases.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20220208204813.682906-11-vgoyal@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>


  Commit: 45b04ef48dbbeb18d93c2631bf5584ac493de749
      
https://github.com/qemu/qemu/commit/45b04ef48dbbeb18d93c2631bf5584ac493de749
  Author: Greg Kurz <groug@kaod.org>
  Date:   2022-02-17 (Thu, 17 Feb 2022)

  Changed paths:
    M tools/virtiofsd/fuse_lowlevel.c
    M tools/virtiofsd/fuse_lowlevel.h
    M tools/virtiofsd/passthrough_ll.c
    M tools/virtiofsd/passthrough_seccomp.c

  Log Message:
  -----------
  virtiofsd: Add basic support for FUSE_SYNCFS request

Honor the expected behavior of syncfs() to synchronously flush all data
and metadata to disk on linux systems.

If virtiofsd is started with '-o announce_submounts', the client is
expected to send a FUSE_SYNCFS request for each individual submount.
In this case, we just create a new file descriptor on the submount
inode with lo_inode_open(), call syncfs() on it and close it. The
intermediary file is needed because O_PATH descriptors aren't
backed by an actual file and syncfs() would fail with EBADF.

If virtiofsd is started without '-o announce_submounts' or if the
client doesn't have the FUSE_CAP_SUBMOUNTS capability, the client
only sends a single FUSE_SYNCFS request for the root inode. The
server would thus need to track submounts internally and call
syncfs() on each of them. This will be implemented later.

Note that syncfs() might suffer from a time penalty if the submounts
are being hammered by some unrelated workload on the host. The only
solution to prevent that is to avoid shared mounts.

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20220215181529.164070-2-groug@kaod.org>
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>


  Commit: 242f2cae782d433d69d195e14564b6437ec9f7e6
      
https://github.com/qemu/qemu/commit/242f2cae782d433d69d195e14564b6437ec9f7e6
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2022-02-19 (Sat, 19 Feb 2022)

  Changed paths:
    M docs/tools/virtiofsd.rst
    M include/standard-headers/asm-x86/kvm_para.h
    M include/standard-headers/drm/drm_fourcc.h
    M include/standard-headers/linux/ethtool.h
    M include/standard-headers/linux/fuse.h
    M include/standard-headers/linux/pci_regs.h
    A include/standard-headers/linux/virtio_gpio.h
    A include/standard-headers/linux/virtio_i2c.h
    M include/standard-headers/linux/virtio_iommu.h
    A include/standard-headers/linux/virtio_pcidev.h
    A include/standard-headers/linux/virtio_scmi.h
    M linux-headers/asm-generic/unistd.h
    M linux-headers/asm-mips/unistd_n32.h
    M linux-headers/asm-mips/unistd_n64.h
    M linux-headers/asm-mips/unistd_o32.h
    M linux-headers/asm-powerpc/unistd_32.h
    M linux-headers/asm-powerpc/unistd_64.h
    A linux-headers/asm-riscv/bitsperlong.h
    A linux-headers/asm-riscv/mman.h
    A linux-headers/asm-riscv/unistd.h
    M linux-headers/asm-s390/unistd_32.h
    M linux-headers/asm-s390/unistd_64.h
    M linux-headers/asm-x86/kvm.h
    M linux-headers/asm-x86/unistd_32.h
    M linux-headers/asm-x86/unistd_64.h
    M linux-headers/asm-x86/unistd_x32.h
    M linux-headers/linux/kvm.h
    M tools/virtiofsd/fuse_common.h
    M tools/virtiofsd/fuse_i.h
    M tools/virtiofsd/fuse_lowlevel.c
    M tools/virtiofsd/fuse_lowlevel.h
    M tools/virtiofsd/helper.c
    M tools/virtiofsd/passthrough_ll.c
    M tools/virtiofsd/passthrough_seccomp.c

  Log Message:
  -----------
  Merge remote-tracking branch 
'remotes/dgilbert-gitlab/tags/pull-virtiofs-20220217b' into staging

V3: virtiofs pull 2022-02-17

Security label improvements from Vivek
  - includes a fix for building against new kernel headers
  [V3: checkpatch style fixes]
  [V2: Fix building on old Linux]
Blocking flock disable from Sebastian
SYNCFS support from Greg

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

# gpg: Signature made Thu 17 Feb 2022 17:24:25 GMT
# gpg:                using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" 
[full]
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A  9FA9 0516 331E BC5B FDE7

* remotes/dgilbert-gitlab/tags/pull-virtiofs-20220217b:
  virtiofsd: Add basic support for FUSE_SYNCFS request
  virtiofsd: Add an option to enable/disable security label
  virtiofsd: Create new file using O_TMPFILE and set security context
  virtiofsd: Create new file with security context
  virtiofsd: Add helpers to work with /proc/self/task/tid/attr/fscreate
  virtiofsd: Move core file creation code in separate function
  virtiofsd, fuse_lowlevel.c: Add capability to parse security context
  virtiofsd: Extend size of fuse_conn_info->capable and ->want fields
  virtiofsd: Parse extended "struct fuse_init_in"
  linux-headers: Update headers to v5.17-rc1
  virtiofsd: Fix breakage due to fuse_init_in size change
  virtiofsd: Do not support blocking flock

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/439346ce8fa3...242f2cae782d



reply via email to

[Prev in Thread] Current Thread [Next in Thread]