From nobody Sun May  5 15:46:33 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zoho.com;
	dkim=fail
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1497915622655462.28899716814146;
 Mon, 19 Jun 2017 16:40:22 -0700 (PDT)
Received: from localhost ([::1]:44809 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1dN6HN-0005tz-1y
	for importer@patchew.org; Mon, 19 Jun 2017 19:40:21 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57336)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <tobleminer@gmail.com>) id 1dN6GC-0005D3-Ey
	for qemu-devel@nongnu.org; Mon, 19 Jun 2017 19:39:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <tobleminer@gmail.com>) id 1dN6GA-00005N-Ss
	for qemu-devel@nongnu.org; Mon, 19 Jun 2017 19:39:08 -0400
Received: from mail-wr0-x244.google.com ([2a00:1450:400c:c0c::244]:36849)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <tobleminer@gmail.com>)
	id 1dN6GA-000057-Ix
	for qemu-devel@nongnu.org; Mon, 19 Jun 2017 19:39:06 -0400
Received: by mail-wr0-x244.google.com with SMTP id 77so15468688wrb.3
	for <qemu-devel@nongnu.org>; Mon, 19 Jun 2017 16:39:06 -0700 (PDT)
Received: from localhost.localdomain
	([2a02:8108:17c0:1500:2bd4:ef21:bc80:a853])
	by smtp.gmail.com with ESMTPSA id
	x71sm23176819wmd.32.2017.06.19.16.39.03
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 19 Jun 2017 16:39:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=oNi9VZdh1EWZOrx0u+FNe71sqBHBEwDI+B5B3iSLu8I=;
	b=fgwg0U+NvUqXRxmLqICA90454ZECoii/yTvUjT4zOCgObNFUxyUIl/1kO7KM88+BMB
	bkixeZgrIBELrY04tBEP8O0eKj53eY6IUrNI1DEnSRI5JB4rNageK1LzaK9N5i/yte2M
	nhfRpz0gVPoG9PePlXXvZNw6IpBFw0J3YWJlFnrrbfAqOyOR8qNGxpUmcBp+EBrakS0U
	v1Zdt0CBbU3FQLQkciW9iIgp4iGdffp7k/RtfPxS/oyYy3SXtpGv37tGCpUCtLAvVMla
	YvQxiAPN8i6YSEEY+UPge3DnA+W4HuW7hL7voUGeMkdh6pIDdPVFzaG/Lt1jorp497rR
	sg5A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=oNi9VZdh1EWZOrx0u+FNe71sqBHBEwDI+B5B3iSLu8I=;
	b=qB4D+tZC5n3nOb+Kgw3JWCq4qf2kc+pm5vlm4xNd1gqJCWPkISCvpescACjIryqiEb
	X6EHL20KWI4TLPkXDTe7tEC4SCDXgZkx4LfV4iLaeKKMJq+j1sdsgUClhSXBcQcQ3uB1
	ind2xHpkmclSkCKsMhm+wu9/UUuUA4ajwHbt1GhtAJTJf9FkLmESSw6dy2ZZlRAce0Py
	0dYCUiB1zVG6wwaD+p5U3+G/ti96GmFyfk82Y9tTFJIQroZidyJFxuCiqS8h4FEO1OBh
	dugslrNjYyFKFDuBk3Hl+fPJzOhK98NfiJGWdb2ACrae5yL6EOSW0DN+pBhoYNAfM/TY
	cUpw==
X-Gm-Message-State: AKS2vOyZocAQz8mDdvVrHa5TN9lbVBmZKW8cQS+azkFw3nFbUSqweRz4
	x/queT3Uf2V6DVTYBjg=
X-Received: by 10.223.136.116 with SMTP id e49mr8259595wre.14.1497915545083;
	Mon, 19 Jun 2017 16:39:05 -0700 (PDT)
From: Tobias Schramm <tobleminer@gmail.com>
To: qemu-devel@nongnu.org
Date: Tue, 20 Jun 2017 01:37:18 +0200
Message-Id: <20170619233718.24959-2-tobleminer@gmail.com>
X-Mailer: git-send-email 2.13.1
In-Reply-To: <20170619233718.24959-1-tobleminer@gmail.com>
References: <20170619233718.24959-1-tobleminer@gmail.com>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2a00:1450:400c:c0c::244
Subject: [Qemu-devel] [PATCH v5 1/1] 9pfs: local: Add support for custom
 fmode/dmode in 9ps mapped security modes
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: el13635@mail.ntua.gr, Tobias Schramm <tobleminer@gmail.com>,
	aneesh.kumar@linux.vnet.ibm.com, groug@kaod.org
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

In mapped security modes, files are created with very restrictive
permissions (600 for files and 700 for directories). This makes
file sharing between virtual machines and users on the host rather
complicated. Imagine eg. a group of users that need to access data
produced by processes on a virtual machine. Giving those users access
to the data will be difficult since the group access mode is always 0.

This patch makes the default mode for both files and directories
configurable. Existing setups that don't know about the new parameters
keep using the current secure behavior.

Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
---
 v5: Eliminate expandable variables, check mandatory commandline options
     first
 v4: Use OPT_NUMBER for file mode arguments, fix back to front naming,
     fix resource leak and add sanity checking for fmode/dmode arguments
 v3: Use unsigned types for umask
 v2: Adjust patch to QEMU code style

 fsdev/file-op-9p.h      |  4 ++++
 fsdev/qemu-fsdev-opts.c | 12 ++++++++++++
 hw/9pfs/9p-local.c      | 25 +++++++++++++++++++++----
 hw/9pfs/9p.c            |  3 +++
 qemu-options.hx         | 20 ++++++++++++++++----
 5 files changed, 56 insertions(+), 8 deletions(-)

diff --git a/fsdev/file-op-9p.h b/fsdev/file-op-9p.h
index 0844a403dc..474c79d003 100644
--- a/fsdev/file-op-9p.h
+++ b/fsdev/file-op-9p.h
@@ -76,6 +76,8 @@ typedef struct FsDriverEntry {
     int export_flags;
     FileOperations *ops;
     FsThrottle fst;
+    mode_t fmode;
+    mode_t dmode;
 } FsDriverEntry;
=20
 typedef struct FsContext
@@ -88,6 +90,8 @@ typedef struct FsContext
     FsThrottle *fst;
     /* fs driver specific data */
     void *private;
+    mode_t fmode;
+    mode_t dmode;
 } FsContext;
=20
 typedef struct V9fsPath {
diff --git a/fsdev/qemu-fsdev-opts.c b/fsdev/qemu-fsdev-opts.c
index bf5713008a..7c31ffffaf 100644
--- a/fsdev/qemu-fsdev-opts.c
+++ b/fsdev/qemu-fsdev-opts.c
@@ -38,6 +38,12 @@ static QemuOptsList qemu_fsdev_opts =3D {
         }, {
             .name =3D "sock_fd",
             .type =3D QEMU_OPT_NUMBER,
+        }, {
+            .name =3D "fmode",
+            .type =3D QEMU_OPT_NUMBER,
+        }, {
+            .name =3D "dmode",
+            .type =3D QEMU_OPT_NUMBER,
         },
=20
         THROTTLE_OPTS,
@@ -75,6 +81,12 @@ static QemuOptsList qemu_virtfs_opts =3D {
         }, {
             .name =3D "sock_fd",
             .type =3D QEMU_OPT_NUMBER,
+        }, {
+            .name =3D "fmode",
+            .type =3D QEMU_OPT_NUMBER,
+        }, {
+            .name =3D "dmode",
+            .type =3D QEMU_OPT_NUMBER,
         },
=20
         { /*End of list */ }
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
index 1e78b7c9e9..f1ce03b06a 100644
--- a/hw/9pfs/9p-local.c
+++ b/hw/9pfs/9p-local.c
@@ -633,7 +633,7 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir=
_path,
=20
     if (fs_ctx->export_flags & V9FS_SM_MAPPED ||
         fs_ctx->export_flags & V9FS_SM_MAPPED_FILE) {
-        err =3D mknodat(dirfd, name, SM_LOCAL_MODE_BITS | S_IFREG, 0);
+        err =3D mknodat(dirfd, name, fs_ctx->fmode | S_IFREG, 0);
         if (err =3D=3D -1) {
             goto out;
         }
@@ -685,7 +685,7 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir=
_path,
=20
     if (fs_ctx->export_flags & V9FS_SM_MAPPED ||
         fs_ctx->export_flags & V9FS_SM_MAPPED_FILE) {
-        err =3D mkdirat(dirfd, name, SM_LOCAL_DIR_MODE_BITS);
+        err =3D mkdirat(dirfd, name, fs_ctx->dmode);
         if (err =3D=3D -1) {
             goto out;
         }
@@ -786,7 +786,7 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir=
_path, const char *name,
     /* Determine the security model */
     if (fs_ctx->export_flags & V9FS_SM_MAPPED ||
         fs_ctx->export_flags & V9FS_SM_MAPPED_FILE) {
-        fd =3D openat_file(dirfd, name, flags, SM_LOCAL_MODE_BITS);
+        fd =3D openat_file(dirfd, name, flags, fs_ctx->fmode);
         if (fd =3D=3D -1) {
             goto out;
         }
@@ -849,7 +849,7 @@ static int local_symlink(FsContext *fs_ctx, const char =
*oldpath,
         ssize_t oldpath_size, write_size;
=20
         fd =3D openat_file(dirfd, name, O_CREAT | O_EXCL | O_RDWR,
-                         SM_LOCAL_MODE_BITS);
+                         fs_ctx->fmode);
         if (fd =3D=3D -1) {
             goto out;
         }
@@ -1467,6 +1467,23 @@ static int local_parse_opts(QemuOpts *opts, struct F=
sDriverEntry *fse)
         return -1;
     }
=20
+    if (fse->export_flags & V9FS_SM_MAPPED ||
+        fse->export_flags & V9FS_SM_MAPPED_FILE) {
+        fse->fmode =3D
+            qemu_opt_get_number(opts, "fmode", SM_LOCAL_MODE_BITS) & 0777;
+        fse->dmode =3D
+            qemu_opt_get_number(opts, "dmode", SM_LOCAL_DIR_MODE_BITS) & 0=
777;
+    } else {
+        if (qemu_opt_find(opts, "fmode")) {
+            error_report("fmode is only valid for mapped 9p modes");
+            return -1;
+        }
+        if (qemu_opt_find(opts, "dmode")) {
+            error_report("dmode is only valid for mapped 9p modes");
+            return -1;
+        }
+    }
+
     fse->path =3D g_strdup(path);
=20
     return 0;
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 96d2683348..a0ae98f7ca 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -3533,6 +3533,9 @@ int v9fs_device_realize_common(V9fsState *s, Error **=
errp)
=20
     s->ops =3D fse->ops;
=20
+    s->ctx.fmode =3D fse->fmode;
+    s->ctx.dmode =3D fse->dmode;
+
     s->fid_list =3D NULL;
     qemu_co_rwlock_init(&s->rename_lock);
=20
diff --git a/qemu-options.hx b/qemu-options.hx
index 30c4f9850f..5999719720 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -847,7 +847,7 @@ ETEXI
=20
 DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
     "-fsdev fsdriver,id=3Did[,path=3Dpath,][security_model=3D{mapped-xattr=
|mapped-file|passthrough|none}]\n"
-    " [,writeout=3Dimmediate][,readonly][,socket=3Dsocket|sock_fd=3Dsock_f=
d]\n"
+    " [,writeout=3Dimmediate][,readonly][,socket=3Dsocket|sock_fd=3Dsock_f=
d][,fmode=3Dfmode][,dmode=3Ddmode]\n"
     " [[,throttling.bps-total=3Db]|[[,throttling.bps-read=3Dr][,throttling=
.bps-write=3Dw]]]\n"
     " [[,throttling.iops-total=3Di]|[[,throttling.iops-read=3Dr][,throttli=
ng.iops-write=3Dw]]]\n"
     " [[,throttling.bps-total-max=3Dbm]|[[,throttling.bps-read-max=3Drm][,=
throttling.bps-write-max=3Dwm]]]\n"
@@ -857,7 +857,7 @@ DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
=20
 STEXI
=20
-@item -fsdev @var{fsdriver},id=3D@var{id},path=3D@var{path},[security_mode=
l=3D@var{security_model}][,writeout=3D@var{writeout}][,readonly][,socket=3D=
@var{socket}|sock_fd=3D@var{sock_fd}]
+@item -fsdev @var{fsdriver},id=3D@var{id},path=3D@var{path},[security_mode=
l=3D@var{security_model}][,writeout=3D@var{writeout}][,readonly][,socket=3D=
@var{socket}|sock_fd=3D@var{sock_fd}][,fmode=3D@var{fmode}][,dmode=3D@var{d=
mode}]
 @findex -fsdev
 Define a new file system device. Valid options are:
 @table @option
@@ -898,6 +898,12 @@ with virtfs-proxy-helper
 Enables proxy filesystem driver to use passed socket descriptor for
 communicating with virtfs-proxy-helper. Usually a helper like libvirt
 will create socketpair and pass one of the fds as sock_fd
+@item fmode=3D@var{fmode}
+Specifies the default mode for newly created files on the host. Works only
+with security models "mapped-xattr" and "mapped-file".
+@item dmode=3D@var{dmode}
+Specifies the default mode for newly created directories on the host. Works
+only with security models "mapped-xattr" and "mapped-file".
 @end table
=20
 -fsdev option is used along with -device driver "virtio-9p-pci".
@@ -914,12 +920,12 @@ ETEXI
=20
 DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs,
     "-virtfs local,path=3Dpath,mount_tag=3Dtag,security_model=3D[mapped-xa=
ttr|mapped-file|passthrough|none]\n"
-    "        [,id=3Did][,writeout=3Dimmediate][,readonly][,socket=3Dsocket=
|sock_fd=3Dsock_fd]\n",
+    "        [,id=3Did][,writeout=3Dimmediate][,readonly][,socket=3Dsocket=
|sock_fd=3Dsock_fd][,fmode=3Dfmode][,dmode=3Ddmode]\n",
     QEMU_ARCH_ALL)
=20
 STEXI
=20
-@item -virtfs @var{fsdriver}[,path=3D@var{path}],mount_tag=3D@var{mount_ta=
g}[,security_model=3D@var{security_model}][,writeout=3D@var{writeout}][,rea=
donly][,socket=3D@var{socket}|sock_fd=3D@var{sock_fd}]
+@item -virtfs @var{fsdriver}[,path=3D@var{path}],mount_tag=3D@var{mount_ta=
g}[,security_model=3D@var{security_model}][,writeout=3D@var{writeout}][,rea=
donly][,socket=3D@var{socket}|sock_fd=3D@var{sock_fd}][,fmode=3D@var{fmode}=
][,dmode=3D@var{dmode}]
 @findex -virtfs
=20
 The general form of a Virtual File system pass-through options are:
@@ -961,6 +967,12 @@ will create socketpair and pass one of the fds as sock=
_fd
 @item sock_fd
 Enables proxy filesystem driver to use passed 'sock_fd' as the socket
 descriptor for interfacing with virtfs-proxy-helper
+@item fmode=3D@var{fmode}
+Specifies the default mode for newly created files on the host. Works only
+with security models "mapped-xattr" and "mapped-file".
+@item dmode=3D@var{dmode}
+Specifies the default mode for newly created directories on the host. Works
+only with security models "mapped-xattr" and "mapped-file".
 @end table
 ETEXI
=20
--=20
2.13.1