From nobody Fri May 3 19:00:24 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1641395255; cv=none; d=zohomail.com; s=zohoarc; b=asuBe9BuQ0ZNbfuBi3G85ji6geZGT8l4FCJbeg++f8OPHwSbykCq6qnVFRmHlT3f9dCRUE0B90crbiaB1sWrkeDE2CDjIhEDZFnz1B2eH4++HV6xzcxQnJzU9/mi0K/IXHqVnxCqXScH4FCd4etQgJ4hM3dmekI5aHykwN1oKWo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1641395255; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=UFtzXp8kIB+1F83xka2+XB9vY0tapqdI0t/cM0hAovU=; b=LZQmfjXrYCFajNQebCOC6XSDgPFYEiVqrTbHmxHhFTdjWkuQ0RAlsYZHJTtDgZ8ny+Cqyy8dmv3DQiYw8XrGxIxguzl22M301t5xuHJN7uWUjoN0zFrXgbLq0S3Q8WJc+y/0StXTvIkmMDLmJtyiq3Ur6afN7H9CA+pEOXh5BDk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1641395255362388.1304509988902; Wed, 5 Jan 2022 07:07:35 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-658-zeUOiBd0NEalBJXx8SeCHA-1; Wed, 05 Jan 2022 10:07:30 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 80BC910B7473; Wed, 5 Jan 2022 15:07:12 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5C38A75745; Wed, 5 Jan 2022 15:07:12 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 27C574CA93; Wed, 5 Jan 2022 15:07:12 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 205F6vNo027697 for ; Wed, 5 Jan 2022 10:06:57 -0500 Received: by smtp.corp.redhat.com (Postfix) id DEA7F84A23; Wed, 5 Jan 2022 15:06:55 +0000 (UTC) Received: from fedora.redhat.com (unknown [10.40.193.78]) by smtp.corp.redhat.com (Postfix) with ESMTP id 05FED84D04 for ; Wed, 5 Jan 2022 15:06:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1641395253; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=UFtzXp8kIB+1F83xka2+XB9vY0tapqdI0t/cM0hAovU=; b=irFPefhrsmu9ciq5S66ybE/Wnb8kMlfvdL33iMR21LSP9oCjPgt8dAZ1XytuwclOzP9IjI aZ/JgI1ZVWqnG/C9RUhITNbY5qXO0Ft3WH2Cw7GzYqQOqsjes1shS7MWakdf7CKgeSWU3j 2pDOZwhkmlRl640KJvsGtMi56VOiJM0= X-MC-Unique: zeUOiBd0NEalBJXx8SeCHA-1 From: =?UTF-8?q?J=C3=A1n=20Tomko?= To: libvir-list@redhat.com Subject: [libvirt PATCH 1/2] conf: add killpriv v2 attribute for virtiofs Date: Wed, 5 Jan 2022 16:06:49 +0100 Message-Id: <06d6ecd01f3e985fc0da4687f4934379f61e5e7e.1641395187.git.jtomko@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1641395257076100001 Add a new attribute to control the killpriv feature: ... https://bugzilla.redhat.com/show_bug.cgi?id=3D1972571 Signed-off-by: J=C3=A1n Tomko --- docs/formatdomain.rst | 4 ++++ docs/schemas/domaincommon.rng | 7 +++++++ src/conf/domain_conf.c | 15 +++++++++++++++ src/conf/domain_conf.h | 1 + .../qemuxml2argvdata/vhost-user-fs-fd-memory.xml | 1 + 5 files changed, 28 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index d4f30bb8af..73ff8bce51 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -3313,6 +3313,7 @@ A directory on the host that can be accessed directly= from the guest. + @@ -3447,6 +3448,9 @@ A directory on the host that can be accessed directly= from the guest. ``chroot``, see the `virtiofsd documentation `__ for more details. ( :since:`Since 7.2.0` ) + The ``killpriv`` element with the attribute ``v2`` (values: ``on`` or `= `off``) + can be used to disable the killpriv capability which is used to improve= performance + by expecting writes to reset some security attributes. ( :since:`Since = 8.0.0` ) ``source`` The resource on the host that is being accessed in the guest. The ``nam= e`` attribute must be used with ``type=3D'template'``, and the ``dir`` attr= ibute diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 7fa5c2b8b5..5701bbe193 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -3057,6 +3057,13 @@ + + + + + + + diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 5691b8d2d5..2a1802a3d5 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -9874,6 +9874,7 @@ virDomainFSDefParseXML(virDomainXMLOption *xmlopt, g_autofree char *sandbox =3D virXPathString("string(./binary/sandb= ox/@mode)", ctxt); g_autofree char *posix_lock =3D virXPathString("string(./binary/lo= ck/@posix)", ctxt); g_autofree char *flock =3D virXPathString("string(./binary/lock/@f= lock)", ctxt); + g_autofree char *killpriv_v2 =3D virXPathString("string(./binary/k= illpriv/@v2)", ctxt); int val; =20 if (queue_size && virStrToLong_ull(queue_size, NULL, 10, &def->que= ue_size) < 0) { @@ -9932,6 +9933,15 @@ virDomainFSDefParseXML(virDomainXMLOption *xmlopt, } def->flock =3D val; } + + if (killpriv_v2) { + if ((val =3D virTristateSwitchTypeFromString(killpriv_v2)) <= =3D 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unknown killpriv_v2 value '%s'"), killpr= iv_v2); + goto error; + } + def->killpriv_v2 =3D val; + } } =20 if (source =3D=3D NULL && def->type !=3D VIR_DOMAIN_FS_TYPE_RAM @@ -24197,6 +24207,11 @@ virDomainFSDefFormat(virBuffer *buf, virTristateSwitchTypeToString(def->flock)); } =20 + if (def->killpriv_v2 !=3D VIR_TRISTATE_SWITCH_ABSENT) { + virBufferAsprintf(&binaryBuf, "\n", + virTristateSwitchTypeToString(def->killpriv_= v2)); + } + virXMLFormatElement(&binaryBuf, "lock", &lockAttrBuf, NULL); } =20 diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 144ba4dd12..4619fcbfd1 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -892,6 +892,7 @@ struct _virDomainFSDef { virTristateSwitch posix_lock; virTristateSwitch flock; virDomainFSSandboxMode sandbox; + virTristateSwitch killpriv_v2; virDomainVirtioOptions *virtio; virObject *privateData; }; diff --git a/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml b/tests/qem= uxml2argvdata/vhost-user-fs-fd-memory.xml index abddf0870b..2f44a1593a 100644 --- a/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml +++ b/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml @@ -31,6 +31,7 @@ + --=20 2.31.1 From nobody Fri May 3 19:00:24 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1641395233; cv=none; d=zohomail.com; s=zohoarc; b=HeG/ABZfDQ0gsHyhNCjuRlYEKy7jQ2sv0pBwU5l4uCTGgBc3rXOujpT0Qs6pvbfYj+a4uzFkwwuJs7Fuwz5h8ecW25rk+s44BJfJ8o/5ERWYPJ7tewMpIJi4pDWnZisiKVGuoW0iUzClacjMSfHo8gcGqwWMZJ1OMqfWsbqiPEI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1641395233; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=wLG0XovTKnaLzmIcYzJrH5sZpz8Irc1iRbNdEBaKKWo=; b=HkDRAmumqx4C7eUbVDseHFm0H6nTC6IqCbGcsxto4hr7ht8cqr8Is9k/dm7Mv2ZSfsIsulLrBV4+S1MtkHLV85T0Sz3ON6tB2kc91ubaZkr3USWps0TeXm+DCuudOY1PwHA4wJL9CNRNbnktdMVvF8k9RQWlJf9WuT6gCN2Orsk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1641395233492709.1543977114633; Wed, 5 Jan 2022 07:07:13 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-500-auUJkZsGMhG3Fni0yO3qKw-1; Wed, 05 Jan 2022 10:07:09 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 71DAF80D6BA; Wed, 5 Jan 2022 15:07:00 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 29F8573150; Wed, 5 Jan 2022 15:07:00 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4C7D11809CB9; Wed, 5 Jan 2022 15:06:58 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 205F6uFH027696 for ; Wed, 5 Jan 2022 10:06:57 -0500 Received: by smtp.corp.redhat.com (Postfix) id 27DF68D5A7; Wed, 5 Jan 2022 15:06:56 +0000 (UTC) Received: from fedora.redhat.com (unknown [10.40.193.78]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2A31B73175 for ; Wed, 5 Jan 2022 15:06:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1641395231; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=wLG0XovTKnaLzmIcYzJrH5sZpz8Irc1iRbNdEBaKKWo=; b=VLgIToBHWA6/fWxkM6E1iZDC+AvbkQiZ2UbdCCDplthCVViKsoRkYG7k/Op4Ua+vufcZ1Q /7T28oYeFsjWk+Btw3MElMgvay5dU/uTiGlyeeZMzqeTAEupLY324jIgAjriihJI42m34F Vdsofbq+tI5oH1s/OA390ag58D3dkd8= X-MC-Unique: auUJkZsGMhG3Fni0yO3qKw-1 From: =?UTF-8?q?J=C3=A1n=20Tomko?= To: libvir-list@redhat.com Subject: [libvirt PATCH 2/2] qemu: virtiofs: add (no_)killpriv_v2 support Date: Wed, 5 Jan 2022 16:06:50 +0100 Message-Id: <4afba0e503eff6ed78d29b3fe175fac810c88482.1641395187.git.jtomko@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1641395235193100004 https://bugzilla.redhat.com/show_bug.cgi?id=3D1972571 Signed-off-by: J=C3=A1n Tomko --- src/qemu/qemu_virtiofs.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c index 1b853a5a59..c89da76c27 100644 --- a/src/qemu/qemu_virtiofs.c +++ b/src/qemu/qemu_virtiofs.c @@ -162,6 +162,11 @@ qemuVirtioFSBuildCommandLine(virQEMUDriverConfig *cfg, else if (fs->posix_lock =3D=3D VIR_TRISTATE_SWITCH_OFF) virBufferAddLit(&opts, ",no_posix_lock"); =20 + if (fs->killpriv_v2 =3D=3D VIR_TRISTATE_SWITCH_ON) + virBufferAddLit(&opts, ",killpriv_v2"); + else if (fs->killpriv_v2 =3D=3D VIR_TRISTATE_SWITCH_OFF) + virBufferAddLit(&opts, ",no_killpriv_v2"); + virCommandAddArgBuffer(cmd, &opts); if (cfg->virtiofsdDebug) virCommandAddArg(cmd, "-d"); --=20 2.31.1