Hi,
your PATCH 1/1 doesn't appear to be a reply of PATCH 0/1 (mail header tag
"In-Reply-To:"/"Reference") so it is not correctly collected by patchew.org. Do you have the
'thread' parameter for git-send-email?
See my comments below:
Le 19/09/2024 à 21:46, Michael Vogt a écrit :
This commit adds support for the `openat2()` syscall in the
`linux-user` userspace emulator.
It is implemented by extracting a new helper `maybe_do_fake_open()`
out of the exiting `do_guest_openat()` and share that with the
new `do_guest_openat2()`. Unfortunately we cannot just make
do_guest_openat2() a superset of do_guest_openat() because the
openat2() syscall is stricter with the argument checking and
will return an error for invalid flags or mode combinations (which
open()/openat() will ignore).
The implementation is similar to SYSCALL_DEFINE(openat2), i.e.
a new `copy_struct_from_user()` is used that works the same
as the kernels version to support backwards-compatibility
for struct syscall argument.
Instead of including openat2.h we create a copy of `open_how`
as `open_how_ver0` to ensure that if the structure grows we
can log a LOG_UNIMP warning.
Note that in this commit using openat2() for a "faked" file in
/proc will ignore the "resolve" flags. This is not great but it
seems similar to the exiting behavior when openat() is called
with a dirfd to "/proc". Here too the fake file lookup may
not catch the special file because "realpath()" is used to
determine if the path is in /proc. Alternatively to ignoring
we could simply fail with `-TARGET_ENOSYS` (or similar) if
`resolve` flags are passed and we found something that looks
like a file in /proc that needs faking.
Signed-off-by: Michael Vogt <mv...@redhat.com>
Buglink: https://github.com/osbuild/bootc-image-builder/issues/619
---
linux-user/syscall.c | 107 +++++++++++++++++++++++++++++++++++++-
linux-user/syscall_defs.h | 7 +++
2 files changed, 112 insertions(+), 2 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index b693aeff5b..99f3afece7 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -602,6 +602,34 @@ static int check_zeroed_user(abi_long addr, size_t ksize,
size_t usize)
return 1;
}
+/*
+ * Copies a target struct to a host struct, in a way that guarantees
+ * backwards-compatibility for struct syscall arguments.
+ *
+ * Similar to kernels uaccess.h:copy_struct_from_user()
+ */
+static int
+copy_struct_from_user(void *dst, size_t ksize, abi_ptr src, size_t usize)
+{
+ size_t size = MIN(ksize, usize);
+ size_t rest = MAX(ksize, usize) - size;
+
+ /* Deal with trailing bytes. */
+ if (usize < ksize) {
+ memset(dst + size, 0, rest);
+ } else if (usize > ksize) {
+ int ret = check_zeroed_user(src, ksize, usize);
+ if (ret <= 0) {
+ return ret ?: -TARGET_E2BIG;
+ }
+ }
+ /* Copy the interoperable parts of the struct. */
+ if (copy_from_user(dst, src, size)) {
+ return -TARGET_EFAULT;
+ }
+ return 0;
+}
+
#define safe_syscall0(type, name) \
static type safe_##name(void) \
{ \
@@ -653,6 +681,15 @@ safe_syscall3(ssize_t, read, int, fd, void *, buff,
size_t, count)
safe_syscall3(ssize_t, write, int, fd, const void *, buff, size_t, count)
safe_syscall4(int, openat, int, dirfd, const char *, pathname, \
int, flags, mode_t, mode)
+
+struct open_how_ver0 {
+ __u64 flags;
+ __u64 mode;
+ __u64 resolve;
+};
+safe_syscall4(int, openat2, int, dirfd, const char *, pathname, \
+ const struct open_how_ver0 *, how, size_t, size)
+
#if defined(TARGET_NR_wait4) || defined(TARGET_NR_waitpid)
safe_syscall4(pid_t, wait4, pid_t, pid, int *, status, int, options, \
struct rusage *, rusage)
@@ -8334,8 +8371,9 @@ static int open_net_route(CPUArchState *cpu_env, int fd)
}
#endif
-int do_guest_openat(CPUArchState *cpu_env, int dirfd, const char *fname,
- int flags, mode_t mode, bool safe)
+static int maybe_do_fake_open(CPUArchState *cpu_env, int dirfd,
+ const char *fname, int flags, mode_t mode,
+ bool safe)
{
g_autofree char *proc_name = NULL;
const char *pathname;
@@ -8418,6 +8456,17 @@ int do_guest_openat(CPUArchState *cpu_env, int dirfd,
const char *fname,
return fd;
}
+ return -2;
+}
+
+int do_guest_openat(CPUArchState *cpu_env, int dirfd, const char *pathname,
+ int flags, mode_t mode, bool safe)
+{
+ int fd = maybe_do_fake_open(cpu_env, dirfd, pathname, flags, mode, safe);
+ if (fd > -2) {
+ return get_errno(fd);
Don't put the get_errno() here, because safe_openat() and openat() below don't have one, and
moreover the callers are doing get_errno(do_guest_openat()).
+ }
+
if (safe) {
return safe_openat(dirfd, path(pathname), flags, mode);
} else {
@@ -8425,6 +8474,55 @@ int do_guest_openat(CPUArchState *cpu_env, int dirfd,
const char *fname,
}
}
+
+static int do_openat2(CPUArchState *cpu_env, abi_long dirfd,
+ abi_ptr guest_pathname, abi_ptr guest_open_how,
+ abi_long guest_size)
+{
+ struct open_how_ver0 how = {0};
+ int ret;
+
+ if (guest_size < sizeof(struct target_open_how_ver0)) {
+ return -TARGET_EINVAL;
+ }
+ ret = copy_struct_from_user(&how, sizeof(how), guest_open_how, guest_size);
+ if (ret) {
+ if (ret == -TARGET_E2BIG) {
+ qemu_log_mask(LOG_UNIMP,
+ "Unimplemented openat2 open_how size: %lu\n",
+ guest_size);
+ }
+ return ret;
+ }
+ char *pathname = lock_user_string(guest_pathname);
Don't put the declaration in the middle of the code.
See https://qemu-project.gitlab.io/qemu/devel/style.html#declarations
+ if (!pathname) {
+ return -TARGET_EFAULT;
+ }
+
+ how.flags = target_to_host_bitmask(how.flags, fcntl_flags_tbl);
+ how.mode = tswap64(how.mode);
+ how.resolve = tswap64(how.resolve);
+
+ /*
+ * Ideally we would pass "how->resolve" flags into this helper too but
+ * the lookup for files that need faking is based on "realpath()" so
+ * neither a dirfd for "proc" nor restrictions via "resolve" flags can
+ * be honored right now.
+ */
+ int fd = maybe_do_fake_open(cpu_env, dirfd, pathname, how.flags, how.mode,
+ true);
+ if (fd > -2) {
+ return get_errno(fd);
it's better to set "ret = get_errno(fd);" and not return to execute the fd_trans_unregister() and
unlock_user() below.
+ } else { > + ret = get_errno(safe_openat2(dirfd, pathname, &how,
+ sizeof(struct open_how_ver0)));
+ }
+
+ fd_trans_unregister(ret);
+ unlock_user(pathname, guest_pathname, 0);
+ return ret;
+}
+
Thanks,
Laurent
