[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v1 3/7] xen: xenstore: add possibility to preserve owner

  • To: David Woodhouse <dwmw2@xxxxxxxxxxxxx>
  • From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Date: Mon, 13 Nov 2023 13:00:32 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oQzdyFmHSxrCbdjsBwVJqlOeGwPxXs4lNxMNphdlySQ=; b=Yn7V2kc7G2bTZhBJyJFh7ys8Q4TpiOhVgGMlOjmQWkYgl/Tb4lAlQzGL9MNYRFHjFs3beNgyii1PWmb9B6AK51J9RrQ083ZTfKtgfn9EwXoNjwG2hYb75rRwtDc1Azwp0mlfQJgqrCqMzLaY+bAB/YQsAmfzpXzfSwI+X8IldVkgn/t0RptDWfoinZ3cqwneRrrOtyHWHARW/8RxPf5AJBUHSPP02RZzNqZ1qRaBtRfmvhos2tWHcy/SiAwvWbObfCESeYl+0Jzykb2869yxZX5NsGPEO+y5Wyy9ALAUfTUsD2KW3a8gpVlMD1y6wq7sDbp2/VswkZGo1XQ16Dnoww==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NqZPa8dIR1ubxN2QlRGCfOcWSStixVusJqTADZRHSLo94lxtQ/xxtIaQds+B964DOaOwPTv15+HuHliPui/61OxgrNsLWc9RfC7HSEU02+V4U9EvnyEVvgGC7rtlc/xDq4EwNCfa01IUg6y/721z3yzEsFh85BH5erlRpLtUIPVTZ1uxDz36O8cTe3Z0AwxjwSYa9CBbphObBm95UC+iYrXwZGU045OoAo0YNuV5O4CfulmpgmTYqGCkPfj+r8ceEHivigKxjPnA415LbG1iCU263zj2fjZnhenR+l7xjbP589b5z2z4nUO1iEvHsVCW+5Al54qiadh/ITvqLKpoww==
  • Cc: "qemu-devel@xxxxxxxxxx" <qemu-devel@xxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, "Michael S. Tsirkin" <mst@xxxxxxxxxx>, Marcel Apfelbaum <marcel.apfelbaum@xxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Richard Henderson <richard.henderson@xxxxxxxxxx>, Eduardo Habkost <eduardo@xxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, "open list:X86 Xen CPUs" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 13 Nov 2023 13:00:59 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHaFBZoS99E/RofVU6d/7dbafCRirB09L6AgANCSwA=
  • Thread-topic: [PATCH v1 3/7] xen: xenstore: add possibility to preserve owner
Hi David,

David Woodhouse <dwmw2@xxxxxxxxxxxxx> writes:

> [[S/MIME Signed Part:Undecided]]
> On Fri, 2023-11-10 at 20:42 +0000, Volodymyr Babchuk wrote:
>> Add option to preserve owner when creating an entry in Xen Store. This
>> may be needed in cases when Qemu is working as device model in a
>> domain that is Domain-0, e.g. in driver domain.
>> 
>> "owner" parameter for qemu_xen_xs_create() function can have special
>> value XS_PRESERVE_OWNER, which will make specific implementation to
>> get original owner of an entry and pass it back to
>> set_permissions() call.
>> 
>> Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>
>
> I like this, although I'd like it more if XenStore itself offered this
> facility rather than making QEMU do it.

XenStore itself ensures that access rights are inherited. The problem
is with qemu_xen_xs_create() function that does two things at a time:
creates a new entry and then assigns permissions, overwriting any
permissions that existed before.

> Can we make it abundantly clear
> that XS_PRESERVE_OWNER is a QEMU internal thing?

It is defined in xen_backend_ops.h which is internal QEMU interface for
XenStore. Do you have any suggestions how to make it even clearer?

>>  hw/i386/kvm/xen_xenstore.c       | 18 ++++++++++++++++++
>>  hw/xen/xen-operations.c          | 12 ++++++++++++
>>  include/hw/xen/xen_backend_ops.h |  2 ++
>>  3 files changed, 32 insertions(+)
>> 
>> diff --git a/hw/i386/kvm/xen_xenstore.c b/hw/i386/kvm/xen_xenstore.c
>> index 660d0b72f9..7b894a9884 100644
>> --- a/hw/i386/kvm/xen_xenstore.c
>> +++ b/hw/i386/kvm/xen_xenstore.c
>> @@ -1572,6 +1572,24 @@ static bool xs_be_create(struct qemu_xs_handle *h, 
>> xs_transaction_t t,
>>          return false;
>>      }
>>  
>> +    if (owner == XS_PRESERVE_OWNER) {
>> +        GList *perms;
>> +        char letter;
>> +
>> +        err = xs_impl_get_perms(h->impl, 0, t, path, &perms);
>> +        if (err) {
>> +            errno = err;
>> +            return false;
>> +        }
>
> I guess we get away without a race here because it's all internal and
> we're holding the QEMU iothread mutex? Perhaps assert that?
>

I am not quite familiar with QEMU internals, but why we do we need
assert here? xe_be_create() calls xs_impl* function before and after
this part. Is this piece of code special in some way?


>> +        if (sscanf(perms->data, "%c%u", &letter, &owner) != 2) {
>
> I'd be slightly happier if you used parse_perm() from xenstore_impl.c,
> but it's static so I suppose that's fair enough.
>

Yes, I wanted to use that function, but it is internal for
xenstore_impl.c

I can rename it to xs_impl_parse_perm() and make it public, if you
believe that this is a better approach.

>> +            errno = EFAULT;
>> +            g_list_free_full(perms, g_free);
>> +            return false;
>> +        }
>> +        g_list_free_full(perms, g_free);
>> +    }
>> +
>>      perms_list = g_list_append(perms_list,
>>                                 xs_perm_as_string(XS_PERM_NONE, owner));
>>      perms_list = g_list_append(perms_list,
>> diff --git a/hw/xen/xen-operations.c b/hw/xen/xen-operations.c
>> index e00983ec44..1df59b3c08 100644
>> --- a/hw/xen/xen-operations.c
>> +++ b/hw/xen/xen-operations.c
>> @@ -300,6 +300,18 @@ static bool libxenstore_create(struct qemu_xs_handle 
>> *h, xs_transaction_t t,
>>          return false;
>>      }
>>  
>> +    if (owner == XS_PRESERVE_OWNER) {
>> +        struct xs_permissions *tmp;
>> +        unsigned int num;
>> +
>> +        tmp = xs_get_permissions(h->xsh, 0, path, &num);
>> +        if (tmp == NULL) {
>> +            return false;
>> +        }
>> +        perms_list[0].id = tmp[0].id;
>> +        free(tmp);
>> +    }
>> +
>
> Don't see what saves you from someone else changing it at this point on
> true Xen though. Which is why I'd prefer XenStore to do it natively.
>

Oh, I missed the transaction parameter. My bad. Will fix in the next
version.

>>      return xs_set_permissions(h->xsh, t, path, perms_list,
>>                                ARRAY_SIZE(perms_list));
>>  }
>> diff --git a/include/hw/xen/xen_backend_ops.h 
>> b/include/hw/xen/xen_backend_ops.h
>> index 90cca85f52..273e414559 100644
>> --- a/include/hw/xen/xen_backend_ops.h
>> +++ b/include/hw/xen/xen_backend_ops.h
>> @@ -266,6 +266,8 @@ typedef uint32_t xs_transaction_t;
>>  #define XS_PERM_READ  0x01
>>  #define XS_PERM_WRITE 0x02
>>  
>> +#define XS_PRESERVE_OWNER        0xFFFE
>> +
>>  struct xenstore_backend_ops {
>>      struct qemu_xs_handle *(*open)(void);
>>      void (*close)(struct qemu_xs_handle *h);
>
> [[End of S/MIME Signed Part]]


-- 
WBR, Volodymyr

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.