fs-backend: do not expose file descriptors to frontend
Signed-off-by: Samuel Thibault <samuel.thibault@xxxxxxxxxxxxx>
diff -r 4e17922324d3 tools/fs-back/fs-backend.c
--- a/tools/fs-back/fs-backend.c Tue Jul 15 18:20:10 2008 +0100
+++ b/tools/fs-back/fs-backend.c Tue Jul 15 19:31:44 2008 +0100
@@ -200,6 +200,7 @@
int evt_port;
pthread_t handling_thread;
struct fsif_sring *sring;
+ int i;
printf("Handling connection from dom=%d, for export=%d\n",
frontend_dom_id, export_id);
@@ -242,6 +243,8 @@
PROT_READ | PROT_WRITE);
BACK_RING_INIT(&mount->ring, sring, PAGE_SIZE);
mount->nr_entries = mount->ring.nr_ents;
+ for (i = 0; i < MAX_FDS; i++)
+ mount->fds[i] = -1;
xenbus_write_backend_ready(mount);
pthread_create(&handling_thread, NULL, &handle_mount, mount);
diff -r 4e17922324d3 tools/fs-back/fs-backend.h
--- a/tools/fs-back/fs-backend.h Tue Jul 15 18:20:10 2008 +0100
+++ b/tools/fs-back/fs-backend.h Tue Jul 15 19:31:44 2008 +0100
@@ -12,6 +12,7 @@
#define EXPORTS_SUBNODE "exports"
#define EXPORTS_NODE ROOT_NODE"/"EXPORTS_SUBNODE
#define WATCH_NODE EXPORTS_NODE"/requests"
+#define MAX_FDS 16
struct fs_export
{
@@ -45,6 +46,7 @@
int nr_entries;
struct fs_request *requests;
unsigned short *freelist;
+ int fds[MAX_FDS];
};
diff -r 4e17922324d3 tools/fs-back/fs-ops.c
--- a/tools/fs-back/fs-ops.c Tue Jul 15 18:20:10 2008 +0100
+++ b/tools/fs-back/fs-ops.c Tue Jul 15 19:31:44 2008 +0100
@@ -34,6 +34,16 @@
mount->requests[id].active = 1;
return id;
+}
+
+int get_fd(struct mount *mount)
+{
+ int i;
+
+ for (i = 0; i < MAX_FDS; i++)
+ if (mount->fds[i] == -1)
+ return i;
+ return -1;
}
@@ -61,8 +71,17 @@
mount->export->export_path, file_name);
assert(xc_gnttab_munmap(mount->gnth, file_name, 1) == 0);
printf("Issuing open for %s\n", full_path);
- fd = open(full_path, O_RDWR);
- printf("Got FD: %d\n", fd);
+ fd = get_fd(mount);
+ if (fd >= 0) {
+ int real_fd = open(full_path, O_RDWR);
+ if (real_fd < 0)
+ fd = -1;
+ else
+ {
+ mount->fds[fd] = real_fd;
+ printf("Got FD: %d for real %d\n", fd, real_fd);
+ }
+ }
/* We can advance the request consumer index, from here on, the request
* should not be used (it may be overrinden by a response) */
mount->ring.req_cons++;
@@ -86,7 +105,12 @@
printf("Dispatching file close operation (fd=%d).\n", req->u.fclose.fd);
req_id = req->id;
- ret = close(req->u.fclose.fd);
+ if (req->u.fclose.fd < MAX_FDS) {
+ int fd = mount->fds[req->u.fclose.fd];
+ ret = close(fd);
+ mount->fds[req->u.fclose.fd] = -1;
+ } else
+ ret = -1;
printf("Got ret: %d\n", ret);
/* We can advance the request consumer index, from here on, the request
* should not be used (it may be overrinden by a response) */
@@ -117,7 +141,12 @@
req_id = req->id;
printf("File read issued for FD=%d (len=%"PRIu64", offest=%"PRIu64")\n",
req->u.fread.fd, req->u.fread.len, req->u.fread.offset);
-
+
+ if (req->u.fread.fd < MAX_FDS)
+ fd = mount->fds[req->u.fread.fd];
+ else
+ fd = -1;
+
priv_id = get_request(mount, req);
printf("Private id is: %d\n", priv_id);
priv_req = &mount->requests[priv_id];
@@ -125,13 +154,13 @@
/* Dispatch AIO read request */
bzero(&priv_req->aiocb, sizeof(struct aiocb));
- priv_req->aiocb.aio_fildes = req->u.fread.fd;
+ priv_req->aiocb.aio_fildes = fd;
priv_req->aiocb.aio_nbytes = req->u.fread.len;
priv_req->aiocb.aio_offset = req->u.fread.offset;
priv_req->aiocb.aio_buf = buf;
assert(aio_read(&priv_req->aiocb) >= 0);
-
+out:
/* We can advance the request consumer index, from here on, the request
* should not be used (it may be overrinden by a response) */
mount->ring.req_cons++;
@@ -173,6 +202,11 @@
printf("File write issued for FD=%d (len=%"PRIu64", offest=%"PRIu64")\n",
req->u.fwrite.fd, req->u.fwrite.len, req->u.fwrite.offset);
+ if (req->u.fwrite.fd < MAX_FDS)
+ fd = mount->fds[req->u.fwrite.fd];
+ else
+ fd = -1;
+
priv_id = get_request(mount, req);
printf("Private id is: %d\n", priv_id);
priv_req = &mount->requests[priv_id];
@@ -180,7 +214,7 @@
/* Dispatch AIO write request */
bzero(&priv_req->aiocb, sizeof(struct aiocb));
- priv_req->aiocb.aio_fildes = req->u.fwrite.fd;
+ priv_req->aiocb.aio_fildes = fd;
priv_req->aiocb.aio_nbytes = req->u.fwrite.len;
priv_req->aiocb.aio_offset = req->u.fwrite.offset;
priv_req->aiocb.aio_buf = buf;
@@ -226,8 +260,12 @@
PROT_WRITE);
req_id = req->id;
- fd = req->u.fstat.fd;
- printf("File stat issued for FD=%d\n", fd);
+ if (req->u.fstat.fd < MAX_FDS)
+ fd = mount->fds[req->u.fstat.fd];
+ else
+ fd = -1;
+
+ printf("File stat issued for FD=%d\n", req->u.fstat.fd);
/* We can advance the request consumer index, from here on, the request
* should not be used (it may be overrinden by a response) */
@@ -276,10 +314,14 @@
int64_t length;
req_id = req->id;
- fd = req->u.ftruncate.fd;
length = req->u.ftruncate.length;
- printf("File truncate issued for FD=%d, length=%"PRId64"\n", fd, length);
+ printf("File truncate issued for FD=%d, length=%"PRId64"\n",
req->u.ftruncate.fd, length);
+ if (req->u.ftruncate.fd < MAX_FDS)
+ fd = mount->fds[req->u.ftruncate.fd];
+ else
+ fd = -1;
+
/* We can advance the request consumer index, from here on, the request
* should not be used (it may be overrinden by a response) */
mount->ring.req_cons++;
@@ -512,7 +554,11 @@
printf("Dispatching file chmod operation (fd=%d, mode=%o).\n",
req->u.fchmod.fd, req->u.fchmod.mode);
req_id = req->id;
- fd = req->u.fchmod.fd;
+ if (req->u.fchmod.fd < MAX_FDS)
+ fd = mount->fds[req->u.fchmod.fd];
+ else
+ fd = -1;
+
mode = req->u.fchmod.mode;
/* We can advance the request consumer index, from here on, the request
* should not be used (it may be overrinden by a response) */
@@ -577,8 +623,12 @@
struct fs_request *priv_req;
req_id = req->id;
- fd = req->u.fsync.fd;
- printf("File sync issued for FD=%d\n", fd);
+ if (req->u.fsync.fd < MAX_FDS)
+ fd = mount->fds[req->u.fsync.fd];
+ else
+ fd = -1;
+
+ printf("File sync issued for FD=%d\n", req->u.fsync.fd);
priv_id = get_request(mount, req);
printf("Private id is: %d\n", priv_id);
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home