virtio-9p: Security model for mkdir

Signed-off-by: N Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com> Signed-off-by: N Anthony Liguori <aliguori@us.ibm.com>

virtio-9p: Security model for mkdir
Signed-off-by: N Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com> Signed-off-by: N Anthony Liguori <aliguori@us.ibm.com>
00ec5c37 · Venkateswararao Jujjuri (JV) · Anthony Liguori · 4750a96f · 00ec5c37 · 00ec5c37
隐藏空白更改
内联并排

Showing with 43 addition and 6 deletion

hw/file-op-9p.h hw/file-op-9p.h +1 -1

hw/virtio-9p-local.c hw/virtio-9p-local.c +33 -2

hw/virtio-9p.c hw/virtio-9p.c +9 -3

未找到文件。
--- a/hw/file-op-9p.h
+++ b/hw/file-op-9p.h
@@ -70,7 +70,7 @@ typedef struct FileOperations
    ssize_t (*readv)(FsContext *, int, const struct iovec *, int);
    ssize_t (*writev)(FsContext *, int, const struct iovec *, int);
    off_t (*lseek)(FsContext *, int, off_t, int);
-    int (*mkdir)(FsContext *, const char *, mode_t);
+    int (*mkdir)(FsContext *, const char *, FsCred *);
    int (*fstat)(FsContext *, int, struct stat *);
    int (*rename)(FsContext *, const char *, const char *);
    int (*truncate)(FsContext *, const char *, off_t);

--- a/hw/virtio-9p-local.c
+++ b/hw/virtio-9p-local.c
@@ -207,9 +207,40 @@ static int local_mksock(FsContext *ctx2, const char *path)
    return 0;
 }

-static int local_mkdir(FsContext *ctx, const char *path, mode_t mode)
+static int local_mkdir(FsContext *fs_ctx, const char *path, FsCred *credp)
 {
-    return mkdir(rpath(ctx, path), mode);
+    int err = -1;
+    int serrno = 0;
+
+    /* Determine the security model */
+    if (fs_ctx->fs_sm == SM_MAPPED) {
+        err = mkdir(rpath(fs_ctx, path), SM_LOCAL_DIR_MODE_BITS);
+        if (err == -1) {
+            return err;
+        }
+        credp->fc_mode = credp->fc_mode|S_IFDIR;
+        err = local_set_xattr(rpath(fs_ctx, path), credp);
+        if (err == -1) {
+            serrno = errno;
+            goto err_end;
+        }
+    } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+        err = mkdir(rpath(fs_ctx, path), credp->fc_mode);
+        if (err == -1) {
+            return err;
+        }
+        err = local_post_create_passthrough(fs_ctx, path, credp);
+        if (err == -1) {
+            serrno = errno;
+            goto err_end;
+        }
+    }
+    return err;
+
+err_end:
+    remove(rpath(fs_ctx, path));
+    errno = serrno;
+    return err;
 }

 static int local_fstat(FsContext *fs_ctx, int fd, struct stat *stbuf)

--- a/hw/virtio-9p.c
+++ b/hw/virtio-9p.c
@@ -170,9 +170,15 @@ static int v9fs_do_mksock(V9fsState *s, V9fsString *path)
    return s->ops->mksock(&s->ctx, path->data);
 }

-static int v9fs_do_mkdir(V9fsState *s, V9fsString *path, mode_t mode)
+static int v9fs_do_mkdir(V9fsState *s, V9fsCreateState *vs)
 {
-    return s->ops->mkdir(&s->ctx, path->data, mode);
+    FsCred cred;
+
+    cred_init(&cred);
+    cred.fc_uid = vs->fidp->uid;
+    cred.fc_mode = vs->perm & 0777;
+
+    return s->ops->mkdir(&s->ctx, vs->fullname.data, &cred);
 }

 static int v9fs_do_fstat(V9fsState *s, int fd, struct stat *stbuf)
@@ -1776,7 +1782,7 @@ static void v9fs_create_post_lstat(V9fsState *s, V9fsCreateState *vs, int err)
    }

    if (vs->perm & P9_STAT_MODE_DIR) {
-        err = v9fs_do_mkdir(s, &vs->fullname, vs->perm & 0777);
+        err = v9fs_do_mkdir(s, vs);
        v9fs_create_post_mkdir(s, vs, err);
    } else if (vs->perm & P9_STAT_MODE_SYMLINK) {
        err = v9fs_do_symlink(s, &vs->extension, &vs->fullname);