[PATCH] qemu: Check if unpriv_sgio is already set before trying to set it

Michal Privoznik posted 1 patch 2 weeks, 3 days ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/61c9cb75b696c95ca39b8fccd255e7a512a83031.1633438079.git.mprivozn@redhat.com
src/qemu/qemu_conf.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)

[PATCH] qemu: Check if unpriv_sgio is already set before trying to set it

Posted by Michal Privoznik 2 weeks, 3 days ago
In case when libvirt runs inside a restricted container it may
not have enough permissions to modify unpriv_sgio. However, it
may have been set beforehand by sysadmin or an orchestration
tool. Therefore, let's check whether the currently set value is
the one we want and if it is refrain from writing to the file.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2010306
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/qemu/qemu_conf.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 916a3d36ee..0451bc70ac 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -1878,9 +1878,17 @@ qemuSetUnprivSGIO(virDomainDeviceDef *dev)
      * whitelist is enabled.  But if requesting unfiltered access, always call
      * virSetDeviceUnprivSGIO, to report an error for unsupported unpriv_sgio.
      */
-    if ((virFileExists(sysfs_path) || val == 1) &&
-        virSetDeviceUnprivSGIO(path, NULL, val) < 0)
-        return -1;
+    if (virFileExists(sysfs_path) || val == 1) {
+        int curr_val;
+
+        if (virGetDeviceUnprivSGIO(path, NULL, &curr_val) < 0)
+            return -1;
+
+        if (curr_val != val &&
+            virSetDeviceUnprivSGIO(path, NULL, val) < 0) {
+            return -1;
+        }
+    }
 
     return 0;
 }
-- 
2.32.0

Re: [PATCH] qemu: Check if unpriv_sgio is already set before trying to set it

Posted by Ján Tomko 2 weeks, 3 days ago
On a Tuesday in 2021, Michal Privoznik wrote:
>In case when libvirt runs inside a restricted container it may
>not have enough permissions to modify unpriv_sgio. However, it
>may have been set beforehand by sysadmin or an orchestration
>tool. Therefore, let's check whether the currently set value is
>the one we want and if it is refrain from writing to the file.
>
>Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2010306
>Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
>---
> src/qemu/qemu_conf.c | 14 +++++++++++---
> 1 file changed, 11 insertions(+), 3 deletions(-)
>

Reviewed-by: Ján Tomko <jtomko@redhat.com>

Jano