From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Map xattr names coming from the server, i.e. the host filesystem;
currently this is only from listxattr.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
---
tools/virtiofsd/passthrough_ll.c | 89 ++++++++++++++++++++++++++++++++
1 file changed, 89 insertions(+)
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 57ebe17ed6..8406a2ae86 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -2220,6 +2220,43 @@ static int xattr_map_client(const struct lo_data *lo, const char *client_name,
}
}
+ /* Shouldn't get here - rules should have an END_* - check parse_xattrmap */
+ abort();
+}
+
+/*
+ * For use with listxattr where the server fs gives us a name and we may need
+ * to sanitize this for the client.
+ * Returns a pointer to the result in *out_name
+ * This is always the original string or the current string with some prefix
+ * removed; no reallocation is done.
+ * Returns 0 on success
+ * Can return -ENODATA to indicate the name should be dropped from the list.
+ */
+static int xattr_map_server(const struct lo_data *lo, const char *server_name,
+ const char **out_name)
+{
+ const XattrMapEntry *cur_entry;
+ const char *end;
+
+ for (cur_entry = lo->xattr_map_list; ; cur_entry++) {
+ if ((cur_entry->flags & XATTR_MAP_FLAG_SERVER) &&
+ (strstart(server_name, cur_entry->prepend, &end))) {
+ if (cur_entry->flags & XATTR_MAP_FLAG_END_BAD) {
+ return -ENODATA;
+ }
+ if (cur_entry->flags & XATTR_MAP_FLAG_END_OK) {
+ *out_name = server_name;
+ return 0;
+ }
+ if (cur_entry->flags & XATTR_MAP_FLAG_PREFIX) {
+ /* Remove prefix */
+ *out_name = end;
+ return 0;
+ }
+ }
+ }
+
/* Shouldn't get here - rules should have an END_* */
abort();
}
@@ -2378,8 +2415,60 @@ static void lo_listxattr(fuse_req_t req, fuse_ino_t ino, size_t size)
if (ret == 0) {
goto out;
}
+
+ if (lo->xattr_map_list) {
+ /*
+ * Map the names back, some attributes might be dropped,
+ * some shortened, but not increased, so we shouldn't
+ * run out of room.
+ */
+ size_t out_index, in_index;
+ out_index = 0;
+ in_index = 0;
+ while (in_index < ret) {
+ const char *map_out;
+ char *in_ptr = value + in_index;
+ /* Length of current attribute name */
+ size_t in_len = strlen(value + in_index) + 1;
+
+ int mapret = xattr_map_server(lo, in_ptr, &map_out);
+ if (mapret != -ENODATA && mapret != 0) {
+ /* Shouldn't happen */
+ saverr = -mapret;
+ goto out;
+ }
+ if (mapret == 0) {
+ /* Either unchanged, or truncated */
+ size_t out_len;
+ if (map_out != in_ptr) {
+ /* +1 copies the NIL */
+ out_len = strlen(map_out) + 1;
+ } else {
+ /* No change */
+ out_len = in_len;
+ }
+ /*
+ * Move result along, may still be needed for an unchanged
+ * entry if a previous entry was changed.
+ */
+ memmove(value + out_index, map_out, out_len);
+
+ out_index += out_len;
+ }
+ in_index += in_len;
+ }
+ ret = out_index;
+ if (ret == 0) {
+ goto out;
+ }
+ }
fuse_reply_buf(req, value, ret);
} else {
+ /*
+ * xattrmap only ever shortens the result,
+ * so we don't need to do anything clever with the
+ * allocation length here.
+ */
fuse_reply_xattr(req, ret);
}
out_free:
--
2.28.0
On Wed, Oct 14, 2020 at 07:02:07PM +0100, Dr. David Alan Gilbert (git) wrote: > From: "Dr. David Alan Gilbert" <dgilbert@redhat.com> > > Map xattr names coming from the server, i.e. the host filesystem; > currently this is only from listxattr. > > Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> > --- > tools/virtiofsd/passthrough_ll.c | 89 ++++++++++++++++++++++++++++++++ > 1 file changed, 89 insertions(+) Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
On Wed, Oct 14, 2020 at 07:02:07PM +0100, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
>
> Map xattr names coming from the server, i.e. the host filesystem;
> currently this is only from listxattr.
>
> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> ---
> tools/virtiofsd/passthrough_ll.c | 89 ++++++++++++++++++++++++++++++++
> 1 file changed, 89 insertions(+)
>
> diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
> index 57ebe17ed6..8406a2ae86 100644
> --- a/tools/virtiofsd/passthrough_ll.c
> +++ b/tools/virtiofsd/passthrough_ll.c
> @@ -2220,6 +2220,43 @@ static int xattr_map_client(const struct lo_data *lo, const char *client_name,
> }
> }
>
> + /* Shouldn't get here - rules should have an END_* - check parse_xattrmap */
> + abort();
> +}
> +
> +/*
> + * For use with listxattr where the server fs gives us a name and we may need
> + * to sanitize this for the client.
> + * Returns a pointer to the result in *out_name
> + * This is always the original string or the current string with some prefix
> + * removed; no reallocation is done.
> + * Returns 0 on success
> + * Can return -ENODATA to indicate the name should be dropped from the list.
> + */
> +static int xattr_map_server(const struct lo_data *lo, const char *server_name,
> + const char **out_name)
> +{
> + const XattrMapEntry *cur_entry;
> + const char *end;
> +
> + for (cur_entry = lo->xattr_map_list; ; cur_entry++) {
> + if ((cur_entry->flags & XATTR_MAP_FLAG_SERVER) &&
> + (strstart(server_name, cur_entry->prepend, &end))) {
> + if (cur_entry->flags & XATTR_MAP_FLAG_END_BAD) {
> + return -ENODATA;
> + }
> + if (cur_entry->flags & XATTR_MAP_FLAG_END_OK) {
> + *out_name = server_name;
> + return 0;
> + }
> + if (cur_entry->flags & XATTR_MAP_FLAG_PREFIX) {
> + /* Remove prefix */
> + *out_name = end;
> + return 0;
> + }
> + }
> + }
> +
> /* Shouldn't get here - rules should have an END_* */
> abort();
I am wondering why to put that restriction. If none of the rules match,
can't we just return as nothing has to be done.
> }
> @@ -2378,8 +2415,60 @@ static void lo_listxattr(fuse_req_t req, fuse_ino_t ino, size_t size)
> if (ret == 0) {
> goto out;
> }
> +
> + if (lo->xattr_map_list) {
> + /*
> + * Map the names back, some attributes might be dropped,
> + * some shortened, but not increased, so we shouldn't
> + * run out of room.
> + */
> + size_t out_index, in_index;
> + out_index = 0;
> + in_index = 0;
> + while (in_index < ret) {
> + const char *map_out;
> + char *in_ptr = value + in_index;
> + /* Length of current attribute name */
> + size_t in_len = strlen(value + in_index) + 1;
> +
> + int mapret = xattr_map_server(lo, in_ptr, &map_out);
> + if (mapret != -ENODATA && mapret != 0) {
> + /* Shouldn't happen */
> + saverr = -mapret;
> + goto out;
> + }
> + if (mapret == 0) {
> + /* Either unchanged, or truncated */
> + size_t out_len;
> + if (map_out != in_ptr) {
> + /* +1 copies the NIL */
> + out_len = strlen(map_out) + 1;
> + } else {
> + /* No change */
> + out_len = in_len;
> + }
> + /*
> + * Move result along, may still be needed for an unchanged
> + * entry if a previous entry was changed.
> + */
> + memmove(value + out_index, map_out, out_len);
> +
> + out_index += out_len;
> + }
> + in_index += in_len;
> + }
> + ret = out_index;
> + if (ret == 0) {
> + goto out;
> + }
> + }
> fuse_reply_buf(req, value, ret);
> } else {
> + /*
> + * xattrmap only ever shortens the result,
> + * so we don't need to do anything clever with the
> + * allocation length here.
> + */
> fuse_reply_xattr(req, ret);
Hmmm.., so this code returns the length of buffer which will fit xattrs.
So we will will changing the semantics a bit. Instead of returning
the exact size of buffer needed, we will be returning max size. I hope
its not a problem. Fixing it will be too expensive I guess.
Thanks
Vivek
* Vivek Goyal (vgoyal@redhat.com) wrote:
> On Wed, Oct 14, 2020 at 07:02:07PM +0100, Dr. David Alan Gilbert (git) wrote:
> > From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
> >
> > Map xattr names coming from the server, i.e. the host filesystem;
> > currently this is only from listxattr.
> >
> > Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> > ---
> > tools/virtiofsd/passthrough_ll.c | 89 ++++++++++++++++++++++++++++++++
> > 1 file changed, 89 insertions(+)
> >
> > diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
> > index 57ebe17ed6..8406a2ae86 100644
> > --- a/tools/virtiofsd/passthrough_ll.c
> > +++ b/tools/virtiofsd/passthrough_ll.c
> > @@ -2220,6 +2220,43 @@ static int xattr_map_client(const struct lo_data *lo, const char *client_name,
> > }
> > }
> >
> > + /* Shouldn't get here - rules should have an END_* - check parse_xattrmap */
> > + abort();
> > +}
> > +
> > +/*
> > + * For use with listxattr where the server fs gives us a name and we may need
> > + * to sanitize this for the client.
> > + * Returns a pointer to the result in *out_name
> > + * This is always the original string or the current string with some prefix
> > + * removed; no reallocation is done.
> > + * Returns 0 on success
> > + * Can return -ENODATA to indicate the name should be dropped from the list.
> > + */
> > +static int xattr_map_server(const struct lo_data *lo, const char *server_name,
> > + const char **out_name)
> > +{
> > + const XattrMapEntry *cur_entry;
> > + const char *end;
> > +
> > + for (cur_entry = lo->xattr_map_list; ; cur_entry++) {
> > + if ((cur_entry->flags & XATTR_MAP_FLAG_SERVER) &&
> > + (strstart(server_name, cur_entry->prepend, &end))) {
> > + if (cur_entry->flags & XATTR_MAP_FLAG_END_BAD) {
> > + return -ENODATA;
> > + }
> > + if (cur_entry->flags & XATTR_MAP_FLAG_END_OK) {
> > + *out_name = server_name;
> > + return 0;
> > + }
> > + if (cur_entry->flags & XATTR_MAP_FLAG_PREFIX) {
> > + /* Remove prefix */
> > + *out_name = end;
> > + return 0;
> > + }
> > + }
> > + }
> > +
> > /* Shouldn't get here - rules should have an END_* */
> > abort();
>
> I am wondering why to put that restriction. If none of the rules match,
> can't we just return as nothing has to be done.
I always add a terminator in the parse as either a bad/ok, and was just
enforcing it - but I've changed it to a return -ENODATA that's probably
safer than the abort().
> > }
> > @@ -2378,8 +2415,60 @@ static void lo_listxattr(fuse_req_t req, fuse_ino_t ino, size_t size)
> > if (ret == 0) {
> > goto out;
> > }
> > +
> > + if (lo->xattr_map_list) {
> > + /*
> > + * Map the names back, some attributes might be dropped,
> > + * some shortened, but not increased, so we shouldn't
> > + * run out of room.
> > + */
> > + size_t out_index, in_index;
> > + out_index = 0;
> > + in_index = 0;
> > + while (in_index < ret) {
> > + const char *map_out;
> > + char *in_ptr = value + in_index;
> > + /* Length of current attribute name */
> > + size_t in_len = strlen(value + in_index) + 1;
> > +
> > + int mapret = xattr_map_server(lo, in_ptr, &map_out);
> > + if (mapret != -ENODATA && mapret != 0) {
> > + /* Shouldn't happen */
> > + saverr = -mapret;
> > + goto out;
> > + }
> > + if (mapret == 0) {
> > + /* Either unchanged, or truncated */
> > + size_t out_len;
> > + if (map_out != in_ptr) {
> > + /* +1 copies the NIL */
> > + out_len = strlen(map_out) + 1;
> > + } else {
> > + /* No change */
> > + out_len = in_len;
> > + }
> > + /*
> > + * Move result along, may still be needed for an unchanged
> > + * entry if a previous entry was changed.
> > + */
> > + memmove(value + out_index, map_out, out_len);
> > +
> > + out_index += out_len;
> > + }
> > + in_index += in_len;
> > + }
> > + ret = out_index;
> > + if (ret == 0) {
> > + goto out;
> > + }
> > + }
> > fuse_reply_buf(req, value, ret);
> > } else {
> > + /*
> > + * xattrmap only ever shortens the result,
> > + * so we don't need to do anything clever with the
> > + * allocation length here.
> > + */
> > fuse_reply_xattr(req, ret);
>
> Hmmm.., so this code returns the length of buffer which will fit xattrs.
> So we will will changing the semantics a bit. Instead of returning
> the exact size of buffer needed, we will be returning max size. I hope
> its not a problem. Fixing it will be too expensive I guess.
Right, although the semantics are fuzzy anyway since someone can
come along and add/remove an xattr between the listxattr calls.
Dave
> Thanks
> Vivek
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
© 2016 - 2026 Red Hat, Inc.