From nobody Thu Apr 25 07:30:16 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=suse.de Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1642077956714363.6605352817818; Thu, 13 Jan 2022 04:45:56 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-660-n4gebiqhPxy1swL9RhWqHw-1; Thu, 13 Jan 2022 07:45:52 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D234F93926; Thu, 13 Jan 2022 12:45:47 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B2F347CD6C; Thu, 13 Jan 2022 12:45:47 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 809E11809CB8; Thu, 13 Jan 2022 12:45:47 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 20DCgx28009467 for ; Thu, 13 Jan 2022 07:43:00 -0500 Received: by smtp.corp.redhat.com (Postfix) id DCCB81120AC3; Thu, 13 Jan 2022 12:42:59 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast08.extmail.prod.ext.rdu2.redhat.com [10.11.55.24]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D895E1120ABD for ; Thu, 13 Jan 2022 12:42:57 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DF4CC3800689 for ; Thu, 13 Jan 2022 12:42:56 +0000 (UTC) Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-292-kjyexceON6OXCBU3cE43ig-1; Thu, 13 Jan 2022 07:42:55 -0500 Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id E25E41F3BA; Thu, 13 Jan 2022 12:42:53 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id B927713BF7; Thu, 13 Jan 2022 12:42:53 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id cNBrK00e4GG0SQAAMHmgww (envelope-from ); Thu, 13 Jan 2022 12:42:53 +0000 X-MC-Unique: n4gebiqhPxy1swL9RhWqHw-1 X-MC-Unique: kjyexceON6OXCBU3cE43ig-1 From: Vasiliy Ulyanov To: libvir-list@redhat.com Subject: [PATCH v2 1/4] virfile: Add virFileGetLockOwner function Date: Thu, 13 Jan 2022 13:42:35 +0100 Message-Id: <20220113124238.2279-2-vulyanov@suse.de> In-Reply-To: <20220113124238.2279-1-vulyanov@suse.de> References: <20220113124238.2279-1-vulyanov@suse.de> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 20DCgx28009467 X-loop: libvir-list@redhat.com Cc: Vasiliy Ulyanov X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1642077959051100001 Content-Type: text/plain; charset="utf-8" The function is used to retrieve the PID of the process holding an exclusive lock on the file. Signed-off-by: Vasiliy Ulyanov --- src/libvirt_private.syms | 1 + src/util/virfile.c | 45 ++++++++++++++++++++++++++++++++++++++++ src/util/virfile.h | 2 ++ 3 files changed, 48 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 5b76e66e61..214f375a91 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2224,6 +2224,7 @@ virFileFreeACLs; virFileGetACLs; virFileGetDefaultHugepage; virFileGetHugepageSize; +virFileGetLockOwner; virFileGetMountReverseSubtree; virFileGetMountSubtree; virFileGetXAttr; diff --git a/src/util/virfile.c b/src/util/virfile.c index d6faf7e3d2..b9149fb0d7 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -460,6 +460,43 @@ int virFileUnlock(int fd, off_t start, off_t len) } =20 =20 +/** + * virFileGetLockOwner: + * @fd: file descriptor to get the lock from + * @start: byte offset for the lock + * @len: length of the lock (0 to specify entire remaining file from @star= t) + * @pid: variable to return the PID of the process owning the lock + * + * Attempt to retrieve the PID of the process holding an exclusive lock + * on the file @fd. + * + * Returns 0 on success, or -errno on error. If the file is not locked @pid + * will be set ot -1. + */ +int virFileGetLockOwner(int fd, + off_t start, + off_t len, + pid_t *pid) +{ + struct flock fl =3D { + .l_type =3D F_WRLCK, + .l_whence =3D SEEK_SET, + .l_start =3D start, + .l_len =3D len, + }; + + *pid =3D -1; + + if (fcntl(fd, F_GETLK, &fl) < 0) + return -errno; + + if (fl.l_type !=3D F_UNLCK) + *pid =3D fl.l_pid; + + return 0; +} + + #else /* WIN32 */ =20 =20 @@ -480,6 +517,14 @@ int virFileUnlock(int fd G_GNUC_UNUSED, return -ENOSYS; } =20 +int virFileGetLockOwner(int fd G_GNUC_UNUSED, + off_t start G_GNUC_UNUSED, + off_t len G_GNUC_UNUSED, + pid_t *pid G_GNUC_UNUSED) +{ + return -ENOSYS; +} + =20 #endif /* WIN32 */ =20 diff --git a/src/util/virfile.h b/src/util/virfile.h index 967c9a9b4f..0f4aa6e441 100644 --- a/src/util/virfile.h +++ b/src/util/virfile.h @@ -122,6 +122,8 @@ int virFileLock(int fd, bool shared, off_t start, off_t= len, bool waitForLock) G_GNUC_NO_INLINE; int virFileUnlock(int fd, off_t start, off_t len) G_GNUC_NO_INLINE; +int virFileGetLockOwner(int fd, off_t start, off_t len, pid_t *pid) + G_GNUC_NO_INLINE; =20 typedef int (*virFileRewriteFunc)(int fd, const void *opaque); int virFileRewrite(const char *path, --=20 2.34.1 From nobody Thu Apr 25 07:30:16 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=suse.de Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1642078039065865.4873438791268; Thu, 13 Jan 2022 04:47:19 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-557-7JBqZuldO7OT-8zQR_hkXg-1; Thu, 13 Jan 2022 07:47:16 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 49A011023F4D; Thu, 13 Jan 2022 12:47:11 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2B13D60C49; Thu, 13 Jan 2022 12:47:11 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id EC64E4A7C9; Thu, 13 Jan 2022 12:47:10 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 20DCgv4r009453 for ; Thu, 13 Jan 2022 07:42:58 -0500 Received: by smtp.corp.redhat.com (Postfix) id B6F86C080AD; Thu, 13 Jan 2022 12:42:57 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B2A5CC0809E for ; Thu, 13 Jan 2022 12:42:57 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 987AA801E95 for ; Thu, 13 Jan 2022 12:42:57 +0000 (UTC) Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-647-qJthMNFePzGrT1FU7UQ8Og-1; Thu, 13 Jan 2022 07:42:55 -0500 Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id D375E21129; Thu, 13 Jan 2022 12:42:54 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id A3F4C13BF7; Thu, 13 Jan 2022 12:42:54 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id EFNiJk4e4GG0SQAAMHmgww (envelope-from ); Thu, 13 Jan 2022 12:42:54 +0000 X-MC-Unique: 7JBqZuldO7OT-8zQR_hkXg-1 X-MC-Unique: qJthMNFePzGrT1FU7UQ8Og-1 From: Vasiliy Ulyanov To: libvir-list@redhat.com Subject: [PATCH v2 2/4] virpidfile: Refactor virPidFileReadPathIfAlive Date: Thu, 13 Jan 2022 13:42:36 +0100 Message-Id: <20220113124238.2279-3-vulyanov@suse.de> In-Reply-To: <20220113124238.2279-1-vulyanov@suse.de> References: <20220113124238.2279-1-vulyanov@suse.de> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 20DCgv4r009453 X-loop: libvir-list@redhat.com Cc: Vasiliy Ulyanov X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1642078039812100001 Content-Type: text/plain; charset="utf-8" If the binary path is not provided check that the pid file is locked by the owner process. Signed-off-by: Vasiliy Ulyanov --- src/util/virpidfile.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/util/virpidfile.c b/src/util/virpidfile.c index 7069f8343d..8ddc336d6c 100644 --- a/src/util/virpidfile.c +++ b/src/util/virpidfile.c @@ -216,6 +216,26 @@ int virPidFileReadPathIfAlive(const char *path, #endif =20 if (!binPath) { + int fd; + pid_t ownerPid; + + if ((fd =3D open(path, O_RDONLY)) < 0) + return -1; + + if (virFileGetLockOwner(fd, 0, 1, &ownerPid) < 0) { + VIR_FORCE_CLOSE(fd); + return -1; + } + + if (VIR_CLOSE(fd) < 0) + return -1; + + /* A pid file should be locked by the process owning it. */ + if (ownerPid !=3D retPid) { + *pid =3D -1; + return 0; + } + /* we only knew the pid, and that pid is alive, so we can * return it. */ --=20 2.34.1 From nobody Thu Apr 25 07:30:16 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=suse.de Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1642077960457781.8625326882021; Thu, 13 Jan 2022 04:46:00 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-631-Cf3JoVWHNH2wnmEH7smXDw-1; Thu, 13 Jan 2022 07:45:56 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9CB3B1006AA4; Thu, 13 Jan 2022 12:45:50 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7832C26E46; Thu, 13 Jan 2022 12:45:50 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4AACB4BB7C; Thu, 13 Jan 2022 12:45:50 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 20DCh0vl009468 for ; Thu, 13 Jan 2022 07:43:00 -0500 Received: by smtp.corp.redhat.com (Postfix) id DEC101121335; Thu, 13 Jan 2022 12:42:59 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast08.extmail.prod.ext.rdu2.redhat.com [10.11.55.24]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D99EA1120AC1 for ; Thu, 13 Jan 2022 12:42:58 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6F3613800686 for ; Thu, 13 Jan 2022 12:42:58 +0000 (UTC) Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-418-Kpae1ylUMKSIdZCV4QFA-A-1; Thu, 13 Jan 2022 07:42:56 -0500 Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id B7D2F1F3A5; Thu, 13 Jan 2022 12:42:55 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 947E713BF7; Thu, 13 Jan 2022 12:42:55 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id ODmZIk8e4GG0SQAAMHmgww (envelope-from ); Thu, 13 Jan 2022 12:42:55 +0000 X-MC-Unique: Cf3JoVWHNH2wnmEH7smXDw-1 X-MC-Unique: Kpae1ylUMKSIdZCV4QFA-A-1 From: Vasiliy Ulyanov To: libvir-list@redhat.com Subject: [PATCH v2 3/4] qemu_tpm: Get swtpm pid without binary validation Date: Thu, 13 Jan 2022 13:42:37 +0100 Message-Id: <20220113124238.2279-4-vulyanov@suse.de> In-Reply-To: <20220113124238.2279-1-vulyanov@suse.de> References: <20220113124238.2279-1-vulyanov@suse.de> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 20DCh0vl009468 X-loop: libvir-list@redhat.com Cc: Vasiliy Ulyanov X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1642077961467100001 Content-Type: text/plain; charset="utf-8" Access to /proc/[pid]/exe may be restricted in certain environments (e.g. in containers) and any attempt to stat(2) or readlink(2) the file will result in 'permission denied' error if the calling process does not have CAP_SYS_PTRACE capability. According to proc(5) manpage: Permission to dereference or read (readlink(2)) this symbolic link is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2). The binary validation in virPidFileReadPathIfAlive may fail with EACCES. Therefore instead do only the check that the pidfile is locked by the correct process. To ensure this is always the case the daemonization and pidfile handling of the swtpm command is now controlled by libvirt. Signed-off-by: Vasiliy Ulyanov --- src/qemu/qemu_tpm.c | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 7e7b01768e..792ee19bbd 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -258,13 +258,12 @@ qemuTPMEmulatorGetPid(const char *swtpmStateDir, const char *shortName, pid_t *pid) { - g_autofree char *swtpm =3D virTPMGetSwtpm(); g_autofree char *pidfile =3D qemuTPMEmulatorCreatePidFilename(swtpmSta= teDir, shortName); if (!pidfile) return -1; =20 - if (virPidFileReadPathIfAlive(pidfile, pid, swtpm) < 0) + if (virPidFileReadPathIfAlive(pidfile, pid, NULL) < 0) return -1; =20 return 0; @@ -721,7 +720,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, =20 virCommandClearCaps(cmd); =20 - virCommandAddArgList(cmd, "socket", "--daemon", "--ctrl", NULL); + virCommandAddArgList(cmd, "socket", "--ctrl", NULL); virCommandAddArgFormat(cmd, "type=3Dunixio,path=3D%s,mode=3D0600", tpm->data.emulator.source->data.nix.path); =20 @@ -751,8 +750,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, if (!(pidfile =3D qemuTPMEmulatorCreatePidFilename(swtpmStateDir, shor= tName))) goto error; =20 - virCommandAddArg(cmd, "--pid"); - virCommandAddArgFormat(cmd, "file=3D%s", pidfile); + virCommandSetPidFile(cmd, pidfile); + virCommandDaemonize(cmd); =20 if (tpm->data.emulator.hassecretuuid) { if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) { @@ -905,7 +904,6 @@ qemuExtTPMStartEmulator(virQEMUDriver *driver, { g_autoptr(virCommand) cmd =3D NULL; int exitstatus =3D 0; - g_autofree char *errbuf =3D NULL; g_autoptr(virQEMUDriverConfig) cfg =3D NULL; g_autofree char *shortName =3D virDomainDefGetShortName(vm->def); int cmdret =3D 0, timeout, rc; @@ -930,8 +928,6 @@ qemuExtTPMStartEmulator(virQEMUDriver *driver, if (qemuExtDeviceLogCommand(driver, vm, cmd, "TPM Emulator") < 0) return -1; =20 - virCommandSetErrorBuffer(cmd, &errbuf); - if (qemuSecurityStartTPMEmulator(driver, vm, cmd, cfg->swtpm_user, cfg->swtpm_group, &exitstatus, &cmdret) < 0) @@ -939,22 +935,22 @@ qemuExtTPMStartEmulator(virQEMUDriver *driver, =20 if (cmdret < 0 || exitstatus !=3D 0) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("Could not start 'swtpm'. exitstatus: %d, " - "error: %s"), exitstatus, errbuf); + _("Could not start 'swtpm'. exitstatus: %d"), exits= tatus); return -1; } =20 - /* check that the swtpm has written its pid into the file */ + /* check that the swtpm has written its pid into the file and the cont= rol + * socket has been created. */ + rc =3D qemuTPMEmulatorGetPid(cfg->swtpmStateDir, shortName, &pid); + if ((rc =3D=3D 0 && pid =3D=3D (pid_t)-1) || rc < 0) + goto error; timeout =3D 1000; /* ms */ while (timeout > 0) { - rc =3D qemuTPMEmulatorGetPid(cfg->swtpmStateDir, shortName, &pid); - if (rc < 0) { + if (!virFileExists(tpm->data.emulator.source->data.nix.path)) { timeout -=3D 50; g_usleep(50 * 1000); continue; } - if (rc =3D=3D 0 && pid =3D=3D (pid_t)-1) - goto error; break; } if (timeout <=3D 0) --=20 2.34.1 From nobody Thu Apr 25 07:30:16 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=suse.de Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1642077918952735.0210942194063; Thu, 13 Jan 2022 04:45:18 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-264-7cDXr8uFPVycOH7Z_psW8w-1; Thu, 13 Jan 2022 07:45:16 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id DE9B41006AA4; Thu, 13 Jan 2022 12:45:11 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B0B028470E; Thu, 13 Jan 2022 12:45:11 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5CE2C4BB7C; Thu, 13 Jan 2022 12:45:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 20DCh6qu009510 for ; Thu, 13 Jan 2022 07:43:06 -0500 Received: by smtp.corp.redhat.com (Postfix) id 066792166B18; Thu, 13 Jan 2022 12:43:06 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast10.extmail.prod.ext.rdu2.redhat.com [10.11.55.26]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 014F72166B17 for ; Thu, 13 Jan 2022 12:42:59 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5AC631C0155D for ; Thu, 13 Jan 2022 12:42:59 +0000 (UTC) Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-465-CC9ldQW2Nh-6Jb8xTntFBw-1; Thu, 13 Jan 2022 07:42:57 -0500 Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 903C91F3A8; Thu, 13 Jan 2022 12:42:56 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 6D4BF13BF7; Thu, 13 Jan 2022 12:42:56 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id 0EcGGVAe4GG0SQAAMHmgww (envelope-from ); Thu, 13 Jan 2022 12:42:56 +0000 X-MC-Unique: 7cDXr8uFPVycOH7Z_psW8w-1 X-MC-Unique: CC9ldQW2Nh-6Jb8xTntFBw-1 From: Vasiliy Ulyanov To: libvir-list@redhat.com Subject: [PATCH v2 4/4] qemu: gpu: Get pid without binary validation Date: Thu, 13 Jan 2022 13:42:38 +0100 Message-Id: <20220113124238.2279-5-vulyanov@suse.de> In-Reply-To: <20220113124238.2279-1-vulyanov@suse.de> References: <20220113124238.2279-1-vulyanov@suse.de> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 20DCh6qu009510 X-loop: libvir-list@redhat.com Cc: Vasiliy Ulyanov X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1642077920447100001 Content-Type: text/plain; charset="utf-8" The binary validation in virPidFileReadPathIfAlive may fail with EACCES if the calling process does not have CAP_SYS_PTRACE capability. Therefore instead do only the check that the pidfile is locked by the correct process. Fixes the same issue as faee4e3dbf550597cd9700eff8289ea089df3c7a. Signed-off-by: Vasiliy Ulyanov --- src/qemu/qemu_vhost_user_gpu.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_vhost_user_gpu.c b/src/qemu/qemu_vhost_user_gpu.c index ef198a4820..66d2f93b66 100644 --- a/src/qemu/qemu_vhost_user_gpu.c +++ b/src/qemu/qemu_vhost_user_gpu.c @@ -54,7 +54,6 @@ qemuVhostUserGPUCreatePidFilename(const char *stateDir, =20 /* * qemuVhostUserGPUGetPid: - * @binpath: path of executable associated with the pidfile * @stateDir: the directory where vhost-user-gpu writes the pidfile into * @shortName: short name of the domain * @alias: video device alias @@ -65,8 +64,7 @@ qemuVhostUserGPUCreatePidFilename(const char *stateDir, * set to -1; */ static int -qemuVhostUserGPUGetPid(const char *binPath, - const char *stateDir, +qemuVhostUserGPUGetPid(const char *stateDir, const char *shortName, const char *alias, pid_t *pid) @@ -76,7 +74,7 @@ qemuVhostUserGPUGetPid(const char *binPath, if (!(pidfile =3D qemuVhostUserGPUCreatePidFilename(stateDir, shortNam= e, alias))) return -1; =20 - if (virPidFileReadPathIfAlive(pidfile, pid, binPath) < 0) + if (virPidFileReadPathIfAlive(pidfile, pid, NULL) < 0) return -1; =20 return 0; @@ -253,8 +251,7 @@ qemuExtVhostUserGPUSetupCgroup(virQEMUDriver *driver, if (!shortname) return -1; =20 - rc =3D qemuVhostUserGPUGetPid(video->driver->vhost_user_binary, - cfg->stateDir, shortname, video->info.alia= s, &pid); + rc =3D qemuVhostUserGPUGetPid(cfg->stateDir, shortname, video->info.al= ias, &pid); if (rc < 0 || (rc =3D=3D 0 && pid =3D=3D (pid_t)-1)) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Could not get process id of vhost-user-gpu")); --=20 2.34.1