Xen project Mailing List

[Xen-changelog] [xen-unstable] fs-backend: do not expose file descriptors to frontend

From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>

Date: Wed, 16 Jul 2008 07:30:08 -0700

Delivery-date: Wed, 16 Jul 2008 07:30:07 -0700

List-id: BK change log <xen-changelog.lists.xensource.com>

# HG changeset patch # User Keir Fraser <keir.fraser@xxxxxxxxxx> # Date 1216203201 -3600 # Node ID 649c975b72f00eff06659d683b9999dffec1063a # Parent 45787d746db410deaa4cb7249e35d42cd8d01a9c fs-backend: do not expose file descriptors to frontend Signed-off-by: Samuel Thibault <samuel.thibault@xxxxxxxxxxxxx> --- tools/fs-back/fs-backend.c | 3 + tools/fs-back/fs-backend.h | 2 + tools/fs-back/fs-ops.c | 80 ++++++++++++++++++++++++++++++++++++--------- 3 files changed, 70 insertions(+), 15 deletions(-) diff -r 45787d746db4 -r 649c975b72f0 tools/fs-back/fs-backend.c --- a/tools/fs-back/fs-backend.c Wed Jul 16 11:12:36 2008 +0100 +++ b/tools/fs-back/fs-backend.c Wed Jul 16 11:13:21 2008 +0100 @@ -198,6 +198,7 @@ static void handle_connection(int fronte int evt_port; pthread_t handling_thread; struct fsif_sring *sring; + int i; printf("Handling connection from dom=%d, for export=%d\n", frontend_dom_id, export_id); @@ -240,6 +241,8 @@ static void handle_connection(int fronte PROT_READ | PROT_WRITE); BACK_RING_INIT(&mount->ring, sring, PAGE_SIZE); mount->nr_entries = mount->ring.nr_ents; + for (i = 0; i < MAX_FDS; i++) + mount->fds[i] = -1; xenbus_write_backend_ready(mount); pthread_create(&handling_thread, NULL, &handle_mount, mount); diff -r 45787d746db4 -r 649c975b72f0 tools/fs-back/fs-backend.h --- a/tools/fs-back/fs-backend.h Wed Jul 16 11:12:36 2008 +0100 +++ b/tools/fs-back/fs-backend.h Wed Jul 16 11:13:21 2008 +0100 @@ -12,6 +12,7 @@ #define EXPORTS_SUBNODE "exports" #define EXPORTS_NODE ROOT_NODE"/"EXPORTS_SUBNODE #define WATCH_NODE EXPORTS_NODE"/requests" +#define MAX_FDS 16 struct fs_export { @@ -45,6 +46,7 @@ struct mount int nr_entries; struct fs_request *requests; unsigned short *freelist; + int fds[MAX_FDS]; }; diff -r 45787d746db4 -r 649c975b72f0 tools/fs-back/fs-ops.c --- a/tools/fs-back/fs-ops.c Wed Jul 16 11:12:36 2008 +0100 +++ b/tools/fs-back/fs-ops.c Wed Jul 16 11:13:21 2008 +0100 @@ -34,6 +34,16 @@ unsigned short get_request(struct mount return id; } +int get_fd(struct mount *mount) +{ + int i; + + for (i = 0; i < MAX_FDS; i++) + if (mount->fds[i] == -1) + return i; + return -1; +} + void dispatch_file_open(struct mount *mount, struct fsif_request *req) { @@ -59,8 +69,17 @@ void dispatch_file_open(struct mount *mo mount->export->export_path, file_name); assert(xc_gnttab_munmap(mount->gnth, file_name, 1) == 0); printf("Issuing open for %s\n", full_path); - fd = open(full_path, O_RDWR); - printf("Got FD: %d\n", fd); + fd = get_fd(mount); + if (fd >= 0) { + int real_fd = open(full_path, O_RDWR); + if (real_fd < 0) + fd = -1; + else + { + mount->fds[fd] = real_fd; + printf("Got FD: %d for real %d\n", fd, real_fd); + } + } /* We can advance the request consumer index, from here on, the request * should not be used (it may be overrinden by a response) */ mount->ring.req_cons++; @@ -84,7 +103,12 @@ void dispatch_file_close(struct mount *m printf("Dispatching file close operation (fd=%d).\n", req->u.fclose.fd); req_id = req->id; - ret = close(req->u.fclose.fd); + if (req->u.fclose.fd < MAX_FDS) { + int fd = mount->fds[req->u.fclose.fd]; + ret = close(fd); + mount->fds[req->u.fclose.fd] = -1; + } else + ret = -1; printf("Got ret: %d\n", ret); /* We can advance the request consumer index, from here on, the request * should not be used (it may be overrinden by a response) */ @@ -115,7 +139,12 @@ void dispatch_file_read(struct mount *mo req_id = req->id; printf("File read issued for FD=%d (len=%"PRIu64", offest=%"PRIu64")\n", req->u.fread.fd, req->u.fread.len, req->u.fread.offset); - + + if (req->u.fread.fd < MAX_FDS) + fd = mount->fds[req->u.fread.fd]; + else + fd = -1; + priv_id = get_request(mount, req); printf("Private id is: %d\n", priv_id); priv_req = &mount->requests[priv_id]; @@ -123,13 +152,13 @@ void dispatch_file_read(struct mount *mo /* Dispatch AIO read request */ bzero(&priv_req->aiocb, sizeof(struct aiocb)); - priv_req->aiocb.aio_fildes = req->u.fread.fd; + priv_req->aiocb.aio_fildes = fd; priv_req->aiocb.aio_nbytes = req->u.fread.len; priv_req->aiocb.aio_offset = req->u.fread.offset; priv_req->aiocb.aio_buf = buf; assert(aio_read(&priv_req->aiocb) >= 0); - +out: /* We can advance the request consumer index, from here on, the request * should not be used (it may be overrinden by a response) */ mount->ring.req_cons++; @@ -171,6 +200,11 @@ void dispatch_file_write(struct mount *m printf("File write issued for FD=%d (len=%"PRIu64", offest=%"PRIu64")\n", req->u.fwrite.fd, req->u.fwrite.len, req->u.fwrite.offset); + if (req->u.fwrite.fd < MAX_FDS) + fd = mount->fds[req->u.fwrite.fd]; + else + fd = -1; + priv_id = get_request(mount, req); printf("Private id is: %d\n", priv_id); priv_req = &mount->requests[priv_id]; @@ -178,7 +212,7 @@ void dispatch_file_write(struct mount *m /* Dispatch AIO write request */ bzero(&priv_req->aiocb, sizeof(struct aiocb)); - priv_req->aiocb.aio_fildes = req->u.fwrite.fd; + priv_req->aiocb.aio_fildes = fd; priv_req->aiocb.aio_nbytes = req->u.fwrite.len; priv_req->aiocb.aio_offset = req->u.fwrite.offset; priv_req->aiocb.aio_buf = buf; @@ -224,8 +258,12 @@ void dispatch_stat(struct mount *mount, PROT_WRITE); req_id = req->id; - fd = req->u.fstat.fd; - printf("File stat issued for FD=%d\n", fd); + if (req->u.fstat.fd < MAX_FDS) + fd = mount->fds[req->u.fstat.fd]; + else + fd = -1; + + printf("File stat issued for FD=%d\n", req->u.fstat.fd); /* We can advance the request consumer index, from here on, the request * should not be used (it may be overrinden by a response) */ @@ -274,10 +312,14 @@ void dispatch_truncate(struct mount *mou int64_t length; req_id = req->id; - fd = req->u.ftruncate.fd; length = req->u.ftruncate.length; - printf("File truncate issued for FD=%d, length=%"PRId64"\n", fd, length); - + printf("File truncate issued for FD=%d, length=%"PRId64"\n", req->u.ftruncate.fd, length); + + if (req->u.ftruncate.fd < MAX_FDS) + fd = mount->fds[req->u.ftruncate.fd]; + else + fd = -1; + /* We can advance the request consumer index, from here on, the request * should not be used (it may be overrinden by a response) */ mount->ring.req_cons++; @@ -510,7 +552,11 @@ void dispatch_chmod(struct mount *mount, printf("Dispatching file chmod operation (fd=%d, mode=%o).\n", req->u.fchmod.fd, req->u.fchmod.mode); req_id = req->id; - fd = req->u.fchmod.fd; + if (req->u.fchmod.fd < MAX_FDS) + fd = mount->fds[req->u.fchmod.fd]; + else + fd = -1; + mode = req->u.fchmod.mode; /* We can advance the request consumer index, from here on, the request * should not be used (it may be overrinden by a response) */ @@ -575,8 +621,12 @@ void dispatch_file_sync(struct mount *mo struct fs_request *priv_req; req_id = req->id; - fd = req->u.fsync.fd; - printf("File sync issued for FD=%d\n", fd); + if (req->u.fsync.fd < MAX_FDS) + fd = mount->fds[req->u.fsync.fd]; + else + fd = -1; + + printf("File sync issued for FD=%d\n", req->u.fsync.fd); priv_id = get_request(mount, req); printf("Private id is: %d\n", priv_id); _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.