ia64/xen-unstable

changeset 18068:649c975b72f0

fs-backend: do not expose file descriptors to frontend

Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Wed Jul 16 11:13:21 2008 +0100 (2008-07-16)
parents 45787d746db4
children cec304746b36
files tools/fs-back/fs-backend.c tools/fs-back/fs-backend.h tools/fs-back/fs-ops.c
line diff
     1.1 --- a/tools/fs-back/fs-backend.c	Wed Jul 16 11:12:36 2008 +0100
     1.2 +++ b/tools/fs-back/fs-backend.c	Wed Jul 16 11:13:21 2008 +0100
     1.3 @@ -198,6 +198,7 @@ static void handle_connection(int fronte
     1.4      int evt_port;
     1.5      pthread_t handling_thread;
     1.6      struct fsif_sring *sring;
     1.7 +    int i;
     1.8  
     1.9      printf("Handling connection from dom=%d, for export=%d\n", 
    1.10              frontend_dom_id, export_id);
    1.11 @@ -240,6 +241,8 @@ static void handle_connection(int fronte
    1.12                                      PROT_READ | PROT_WRITE);
    1.13      BACK_RING_INIT(&mount->ring, sring, PAGE_SIZE);
    1.14      mount->nr_entries = mount->ring.nr_ents; 
    1.15 +    for (i = 0; i < MAX_FDS; i++)
    1.16 +        mount->fds[i] = -1;
    1.17      xenbus_write_backend_ready(mount);
    1.18  
    1.19      pthread_create(&handling_thread, NULL, &handle_mount, mount);
     2.1 --- a/tools/fs-back/fs-backend.h	Wed Jul 16 11:12:36 2008 +0100
     2.2 +++ b/tools/fs-back/fs-backend.h	Wed Jul 16 11:13:21 2008 +0100
     2.3 @@ -12,6 +12,7 @@
     2.4  #define EXPORTS_SUBNODE     "exports"
     2.5  #define EXPORTS_NODE        ROOT_NODE"/"EXPORTS_SUBNODE
     2.6  #define WATCH_NODE          EXPORTS_NODE"/requests"
     2.7 +#define MAX_FDS             16
     2.8  
     2.9  struct fs_export
    2.10  {
    2.11 @@ -45,6 +46,7 @@ struct mount
    2.12      int nr_entries;
    2.13      struct fs_request *requests;
    2.14      unsigned short *freelist;
    2.15 +    int fds[MAX_FDS];
    2.16  };
    2.17  
    2.18  
     3.1 --- a/tools/fs-back/fs-ops.c	Wed Jul 16 11:12:36 2008 +0100
     3.2 +++ b/tools/fs-back/fs-ops.c	Wed Jul 16 11:13:21 2008 +0100
     3.3 @@ -34,6 +34,16 @@ unsigned short get_request(struct mount 
     3.4      return id;
     3.5  }
     3.6  
     3.7 +int get_fd(struct mount *mount)
     3.8 +{
     3.9 +    int i;
    3.10 +
    3.11 +    for (i = 0; i < MAX_FDS; i++)
    3.12 +        if (mount->fds[i] == -1)
    3.13 +            return i;
    3.14 +    return -1;
    3.15 +}
    3.16 +
    3.17  
    3.18  void dispatch_file_open(struct mount *mount, struct fsif_request *req)
    3.19  {
    3.20 @@ -59,8 +69,17 @@ void dispatch_file_open(struct mount *mo
    3.21             mount->export->export_path, file_name);
    3.22      assert(xc_gnttab_munmap(mount->gnth, file_name, 1) == 0);
    3.23      printf("Issuing open for %s\n", full_path);
    3.24 -    fd = open(full_path, O_RDWR);
    3.25 -    printf("Got FD: %d\n", fd);
    3.26 +    fd = get_fd(mount);
    3.27 +    if (fd >= 0) {
    3.28 +        int real_fd = open(full_path, O_RDWR);
    3.29 +        if (real_fd < 0)
    3.30 +            fd = -1;
    3.31 +        else
    3.32 +        {
    3.33 +            mount->fds[fd] = real_fd;
    3.34 +            printf("Got FD: %d for real %d\n", fd, real_fd);
    3.35 +        }
    3.36 +    }
    3.37      /* We can advance the request consumer index, from here on, the request
    3.38       * should not be used (it may be overrinden by a response) */
    3.39      mount->ring.req_cons++;
    3.40 @@ -84,7 +103,12 @@ void dispatch_file_close(struct mount *m
    3.41      printf("Dispatching file close operation (fd=%d).\n", req->u.fclose.fd);
    3.42     
    3.43      req_id = req->id;
    3.44 -    ret = close(req->u.fclose.fd);
    3.45 +    if (req->u.fclose.fd < MAX_FDS) {
    3.46 +        int fd = mount->fds[req->u.fclose.fd];
    3.47 +        ret = close(fd);
    3.48 +        mount->fds[req->u.fclose.fd] = -1;
    3.49 +    } else
    3.50 +        ret = -1;
    3.51      printf("Got ret: %d\n", ret);
    3.52      /* We can advance the request consumer index, from here on, the request
    3.53       * should not be used (it may be overrinden by a response) */
    3.54 @@ -115,7 +139,12 @@ void dispatch_file_read(struct mount *mo
    3.55      req_id = req->id;
    3.56      printf("File read issued for FD=%d (len=%"PRIu64", offest=%"PRIu64")\n", 
    3.57              req->u.fread.fd, req->u.fread.len, req->u.fread.offset); 
    3.58 -   
    3.59 +
    3.60 +    if (req->u.fread.fd < MAX_FDS)
    3.61 +        fd = mount->fds[req->u.fread.fd];
    3.62 +    else
    3.63 +        fd = -1;
    3.64 +
    3.65      priv_id = get_request(mount, req);
    3.66      printf("Private id is: %d\n", priv_id);
    3.67      priv_req = &mount->requests[priv_id];
    3.68 @@ -123,13 +152,13 @@ void dispatch_file_read(struct mount *mo
    3.69  
    3.70      /* Dispatch AIO read request */
    3.71      bzero(&priv_req->aiocb, sizeof(struct aiocb));
    3.72 -    priv_req->aiocb.aio_fildes = req->u.fread.fd;
    3.73 +    priv_req->aiocb.aio_fildes = fd;
    3.74      priv_req->aiocb.aio_nbytes = req->u.fread.len;
    3.75      priv_req->aiocb.aio_offset = req->u.fread.offset;
    3.76      priv_req->aiocb.aio_buf = buf;
    3.77      assert(aio_read(&priv_req->aiocb) >= 0);
    3.78  
    3.79 -     
    3.80 +out: 
    3.81      /* We can advance the request consumer index, from here on, the request
    3.82       * should not be used (it may be overrinden by a response) */
    3.83      mount->ring.req_cons++;
    3.84 @@ -171,6 +200,11 @@ void dispatch_file_write(struct mount *m
    3.85      printf("File write issued for FD=%d (len=%"PRIu64", offest=%"PRIu64")\n", 
    3.86              req->u.fwrite.fd, req->u.fwrite.len, req->u.fwrite.offset); 
    3.87     
    3.88 +    if (req->u.fwrite.fd < MAX_FDS)
    3.89 +        fd = mount->fds[req->u.fwrite.fd];
    3.90 +    else
    3.91 +        fd = -1;
    3.92 +
    3.93      priv_id = get_request(mount, req);
    3.94      printf("Private id is: %d\n", priv_id);
    3.95      priv_req = &mount->requests[priv_id];
    3.96 @@ -178,7 +212,7 @@ void dispatch_file_write(struct mount *m
    3.97  
    3.98      /* Dispatch AIO write request */
    3.99      bzero(&priv_req->aiocb, sizeof(struct aiocb));
   3.100 -    priv_req->aiocb.aio_fildes = req->u.fwrite.fd;
   3.101 +    priv_req->aiocb.aio_fildes = fd;
   3.102      priv_req->aiocb.aio_nbytes = req->u.fwrite.len;
   3.103      priv_req->aiocb.aio_offset = req->u.fwrite.offset;
   3.104      priv_req->aiocb.aio_buf = buf;
   3.105 @@ -224,8 +258,12 @@ void dispatch_stat(struct mount *mount, 
   3.106                                    PROT_WRITE);
   3.107     
   3.108      req_id = req->id;
   3.109 -    fd = req->u.fstat.fd;
   3.110 -    printf("File stat issued for FD=%d\n", fd); 
   3.111 +    if (req->u.fstat.fd < MAX_FDS)
   3.112 +        fd = mount->fds[req->u.fstat.fd];
   3.113 +    else
   3.114 +        fd = -1;
   3.115 +
   3.116 +    printf("File stat issued for FD=%d\n", req->u.fstat.fd); 
   3.117     
   3.118      /* We can advance the request consumer index, from here on, the request
   3.119       * should not be used (it may be overrinden by a response) */
   3.120 @@ -274,10 +312,14 @@ void dispatch_truncate(struct mount *mou
   3.121      int64_t length;
   3.122  
   3.123      req_id = req->id;
   3.124 -    fd = req->u.ftruncate.fd;
   3.125      length = req->u.ftruncate.length;
   3.126 -    printf("File truncate issued for FD=%d, length=%"PRId64"\n", fd, length); 
   3.127 +    printf("File truncate issued for FD=%d, length=%"PRId64"\n", req->u.ftruncate.fd, length); 
   3.128     
   3.129 +    if (req->u.ftruncate.fd < MAX_FDS)
   3.130 +        fd = mount->fds[req->u.ftruncate.fd];
   3.131 +    else
   3.132 +        fd = -1;
   3.133 +
   3.134      /* We can advance the request consumer index, from here on, the request
   3.135       * should not be used (it may be overrinden by a response) */
   3.136      mount->ring.req_cons++;
   3.137 @@ -510,7 +552,11 @@ void dispatch_chmod(struct mount *mount,
   3.138      printf("Dispatching file chmod operation (fd=%d, mode=%o).\n", 
   3.139              req->u.fchmod.fd, req->u.fchmod.mode);
   3.140      req_id = req->id;
   3.141 -    fd = req->u.fchmod.fd;
   3.142 +    if (req->u.fchmod.fd < MAX_FDS)
   3.143 +        fd = mount->fds[req->u.fchmod.fd];
   3.144 +    else
   3.145 +        fd = -1;
   3.146 +
   3.147      mode = req->u.fchmod.mode;
   3.148      /* We can advance the request consumer index, from here on, the request
   3.149       * should not be used (it may be overrinden by a response) */
   3.150 @@ -575,8 +621,12 @@ void dispatch_file_sync(struct mount *mo
   3.151      struct fs_request *priv_req;
   3.152  
   3.153      req_id = req->id;
   3.154 -    fd = req->u.fsync.fd;
   3.155 -    printf("File sync issued for FD=%d\n", fd); 
   3.156 +    if (req->u.fsync.fd < MAX_FDS)
   3.157 +        fd = mount->fds[req->u.fsync.fd];
   3.158 +    else
   3.159 +        fd = -1;
   3.160 +
   3.161 +    printf("File sync issued for FD=%d\n", req->u.fsync.fd); 
   3.162     
   3.163      priv_id = get_request(mount, req);
   3.164      printf("Private id is: %d\n", priv_id);