ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

xen: xen-domid-restrict improvements 

-----BEGIN PGP SIGNATURE-----
 
 iQFUBAABCAA+FiEEVZrkbC1rbTJl58uh4+M5I0i1DTkFAlriFkogHGlqYWNrc29u
 QGNoaWFyay5ncmVlbmVuZC5vcmcudWsACgkQ4+M5I0i1DTnRkgf7BJhxaGrtOfsR
 pM1p/SAAq5LoivCtglk7h5veSykPWbHJZb0QMHZGJiksQ+7p8+/mpZ4W9vQRpkqP
 Tw54Of8mPGhMBxZ2dikw8WhUsP7efjPPmTZOHR85CSNZe06jnMsYXCUrfc3HyZ/T
 eOoU4+RJw8uZYW/e8CMf5RFe55zXWsZyI1bGkTwuDPr4ilyEvMQ9WFSXZt0PdBFV
 8FvA+xY8J/DZkLSsFlPFYycyCVkSl4HXOHjBsgDc5ggfo32QXI6Isku1eOaZ/15N
 ydCnn02yRnNhkIamPEl8UQMu4wrHCDj5HMRvy+TyDO/GVq0HAm/hOBFeYnQvLCZu
 fkN2q2wUng==
 =1ON4
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/iwj/tags/for-upstream.depriv-2' into staging

xen: xen-domid-restrict improvements

# gpg: Signature made Thu 26 Apr 2018 19:11:22 BST
# gpg:                using RSA key E3E3392348B50D39
# gpg: Good signature from "Ian Jackson (new general purpose key) <ijackson@chiark.greenend.org.uk>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 559A E46C 2D6B 6D32 65E7  CBA1 E3E3 3923 48B5 0D39

* remotes/iwj/tags/for-upstream.depriv-2:
  configure: do_compiler: Dump some extra info under bash
  os-posix: cleanup: Replace perror with error_report
  os-posix: cleanup: Replace fprintf with error_report in remaining call sites
  xen: Expect xenstore write to fail when restricted
  xen: Remove now-obsolete xen_xc_domain_add_to_physmap
  xen: Use newly added dmops for mapping VGA memory
  os-posix: Provide new -runas <uid>:<gid> facility
  os-posix: cleanup: Replace fprintfs with error_report in change_process_uid
  xen: destroy_hvm_domain: Try xendevicemodel_shutdown
  xen: move xc_interface compatibility fallback further up the file
  xen: destroy_hvm_domain: Move reason into a variable
  xen: defer call to xen_restrict until just before os_setup_post
  xen: restrict: use xentoolcore_restrict_all
  xen: link against xentoolcore
  AccelClass: Introduce accel_setup_post
  checkpatch: Add xendevicemodel_handle to the list of types

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell 2018-04-26 19:22:09 +01:00
parent b8846a4d63 8bbe05d773
commit ca92651697
10 changed files with 240 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
accel/accel.c
View File

@ -126,6 +126,15 @@ void accel_register_compat_props(AccelState *accel)
register_compat_props_array(class->global_props); register_compat_props_array(class->global_props);
} }
void accel_setup_post(MachineState *ms)
{
AccelState *accel = ms->accelerator;
AccelClass *acc = ACCEL_GET_CLASS(accel);
if (acc->setup_post) {
acc->setup_post(ms, accel);
}
}
static void register_accel_types(void) static void register_accel_types(void)
{ {
type_register_static(&accel_type); type_register_static(&accel_type);

33
configure vendored
View File

@ -60,6 +60,11 @@ do_compiler() {
# is compiler binary to execute. # is compiler binary to execute.
local compiler="$1" local compiler="$1"
shift shift
if test -n "$BASH_VERSION"; then eval '
echo >>config.log "
funcs: ${FUNCNAME[*]}
lines: ${BASH_LINENO[*]}"
'; fi
echo $compiler "$@" >> config.log echo $compiler "$@" >> config.log
$compiler "$@" >> config.log 2>&1 || return $? $compiler "$@" >> config.log 2>&1 || return $?
# Test passed. If this is an --enable-werror build, rerun # Test passed. If this is an --enable-werror build, rerun
@ -2189,6 +2194,9 @@ if test "$xen" != "no" ; then
xen=yes xen=yes
xen_pc="xencontrol xenstore xenguest xenforeignmemory xengnttab" xen_pc="xencontrol xenstore xenguest xenforeignmemory xengnttab"
xen_pc="$xen_pc xenevtchn xendevicemodel" xen_pc="$xen_pc xenevtchn xendevicemodel"
if $pkg_config --exists xentoolcore; then
xen_pc="$xen_pc xentoolcore"
fi
QEMU_CFLAGS="$QEMU_CFLAGS $($pkg_config --cflags $xen_pc)" QEMU_CFLAGS="$QEMU_CFLAGS $($pkg_config --cflags $xen_pc)"
libs_softmmu="$($pkg_config --libs $xen_pc) $libs_softmmu" libs_softmmu="$($pkg_config --libs $xen_pc) $libs_softmmu"
LDFLAGS="$($pkg_config --libs $xen_pc) $LDFLAGS" LDFLAGS="$($pkg_config --libs $xen_pc) $LDFLAGS"
@ -2218,20 +2226,41 @@ EOF
# Xen unstable # Xen unstable
elif elif
cat > $TMPC <<EOF && cat > $TMPC <<EOF &&
#undef XC_WANT_COMPAT_DEVICEMODEL_API
#define __XEN_TOOLS__
#include <xendevicemodel.h>
int main(void) {
xendevicemodel_handle *xd;
xd = xendevicemodel_open(0, 0);
xendevicemodel_pin_memory_cacheattr(xd, 0, 0, 0, 0);
return 0;
}
EOF
compile_prog "" "$xen_libs -lxendevicemodel $xen_stable_libs -lxentoolcore"
then
xen_stable_libs="-lxendevicemodel $xen_stable_libs -lxentoolcore"
xen_ctrl_version=41100
xen=yes
elif
cat > $TMPC <<EOF &&
#undef XC_WANT_COMPAT_MAP_FOREIGN_API #undef XC_WANT_COMPAT_MAP_FOREIGN_API
#include <xenforeignmemory.h> #include <xenforeignmemory.h>
#include <xentoolcore.h>
int main(void) { int main(void) {
xenforeignmemory_handle *xfmem; xenforeignmemory_handle *xfmem;
xfmem = xenforeignmemory_open(0, 0); xfmem = xenforeignmemory_open(0, 0);
xenforeignmemory_map2(xfmem, 0, 0, 0, 0, 0, 0, 0); xenforeignmemory_map2(xfmem, 0, 0, 0, 0, 0, 0, 0);
xentoolcore_restrict_all(0);
return 0; return 0;
} }
EOF EOF
compile_prog "" "$xen_libs -lxendevicemodel $xen_stable_libs" compile_prog "" "$xen_libs -lxendevicemodel $xen_stable_libs -lxentoolcore"
then then
xen_stable_libs="-lxendevicemodel $xen_stable_libs" xen_stable_libs="-lxendevicemodel $xen_stable_libs -lxentoolcore"
xen_ctrl_version=41000 xen_ctrl_version=41000
xen=yes xen=yes
elif elif

71
hw/i386/xen/xen-hvm.c
View File

@ -347,7 +347,7 @@ static int xen_add_to_physmap(XenIOState *state,
MemoryRegion *mr, MemoryRegion *mr,
hwaddr offset_within_region) hwaddr offset_within_region)
{ {
unsigned long i = 0; unsigned long nr_pages;
int rc = 0; int rc = 0;
XenPhysmap *physmap = NULL; XenPhysmap *physmap = NULL;
hwaddr pfn, start_gpfn; hwaddr pfn, start_gpfn;
@ -396,22 +396,26 @@ go_physmap:
pfn = phys_offset >> TARGET_PAGE_BITS; pfn = phys_offset >> TARGET_PAGE_BITS;
start_gpfn = start_addr >> TARGET_PAGE_BITS; start_gpfn = start_addr >> TARGET_PAGE_BITS;
for (i = 0; i < size >> TARGET_PAGE_BITS; i++) { nr_pages = size >> TARGET_PAGE_BITS;
unsigned long idx = pfn + i; rc = xendevicemodel_relocate_memory(xen_dmod, xen_domid, nr_pages, pfn,
xen_pfn_t gpfn = start_gpfn + i; start_gpfn);
if (rc) {
int saved_errno = errno;
rc = xen_xc_domain_add_to_physmap(xen_xc, xen_domid, XENMAPSPACE_gmfn, idx, gpfn); error_report("relocate_memory %lu pages from GFN %"HWADDR_PRIx
if (rc) { " to GFN %"HWADDR_PRIx" failed: %s",
DPRINTF("add_to_physmap MFN %"PRI_xen_pfn" to PFN %" nr_pages, pfn, start_gpfn, strerror(saved_errno));
PRI_xen_pfn" failed: %d (errno: %d)\n", idx, gpfn, rc, errno); errno = saved_errno;
return -rc; return -1;
}
} }
xc_domain_pin_memory_cacheattr(xen_xc, xen_domid, rc = xendevicemodel_pin_memory_cacheattr(xen_dmod, xen_domid,
start_addr >> TARGET_PAGE_BITS, start_addr >> TARGET_PAGE_BITS,
(start_addr + size - 1) >> TARGET_PAGE_BITS, (start_addr + size - 1) >> TARGET_PAGE_BITS,
XEN_DOMCTL_MEM_CACHEATTR_WB); XEN_DOMCTL_MEM_CACHEATTR_WB);
if (rc) {
error_report("pin_memory_cacheattr failed: %s", strerror(errno));
}
return xen_save_physmap(state, physmap); return xen_save_physmap(state, physmap);
} }
@ -419,7 +423,6 @@ static int xen_remove_from_physmap(XenIOState *state,
hwaddr start_addr, hwaddr start_addr,
ram_addr_t size) ram_addr_t size)
{ {
unsigned long i = 0;
int rc = 0; int rc = 0;
XenPhysmap *physmap = NULL; XenPhysmap *physmap = NULL;
hwaddr phys_offset = 0; hwaddr phys_offset = 0;
@ -438,16 +441,17 @@ static int xen_remove_from_physmap(XenIOState *state,
size >>= TARGET_PAGE_BITS; size >>= TARGET_PAGE_BITS;
start_addr >>= TARGET_PAGE_BITS; start_addr >>= TARGET_PAGE_BITS;
phys_offset >>= TARGET_PAGE_BITS; phys_offset >>= TARGET_PAGE_BITS;
for (i = 0; i < size; i++) { rc = xendevicemodel_relocate_memory(xen_dmod, xen_domid, size, start_addr,
xen_pfn_t idx = start_addr + i; phys_offset);
xen_pfn_t gpfn = phys_offset + i; if (rc) {
int saved_errno = errno;
rc = xen_xc_domain_add_to_physmap(xen_xc, xen_domid, XENMAPSPACE_gmfn, idx, gpfn); error_report("relocate_memory "RAM_ADDR_FMT" pages"
if (rc) { " from GFN %"HWADDR_PRIx
fprintf(stderr, "add_to_physmap MFN %"PRI_xen_pfn" to PFN %" " to GFN %"HWADDR_PRIx" failed: %s",
PRI_xen_pfn" failed: %d (errno: %d)\n", idx, gpfn, rc, errno); size, start_addr, phys_offset, strerror(saved_errno));
return -rc; errno = saved_errno;
} return -1;
} }
QLIST_REMOVE(physmap, list); QLIST_REMOVE(physmap, list);
@ -1254,14 +1258,6 @@ void xen_hvm_init(PCMachineState *pcms, MemoryRegion **ram_memory)
goto err; goto err;
} }
if (xen_domid_restrict) {
rc = xen_restrict(xen_domid);
if (rc < 0) {
error_report("failed to restrict: error %d", errno);
goto err;
}
}
xen_create_ioreq_server(xen_domid, &state->ioservid); xen_create_ioreq_server(xen_domid, &state->ioservid);
state->exit.notify = xen_exit_notifier; state->exit.notify = xen_exit_notifier;
@ -1394,13 +1390,26 @@ void destroy_hvm_domain(bool reboot)
{ {
xc_interface *xc_handle; xc_interface *xc_handle;
int sts; int sts;
int rc;
unsigned int reason = reboot ? SHUTDOWN_reboot : SHUTDOWN_poweroff;
if (xen_dmod) {
rc = xendevicemodel_shutdown(xen_dmod, xen_domid, reason);
if (!rc) {
return;
}
if (errno != ENOTTY /* old Xen */) {
perror("xendevicemodel_shutdown failed");
}
/* well, try the old thing then */
}
xc_handle = xc_interface_open(0, 0, 0); xc_handle = xc_interface_open(0, 0, 0);
if (xc_handle == NULL) { if (xc_handle == NULL) {
fprintf(stderr, "Cannot acquire xenctrl handle\n"); fprintf(stderr, "Cannot acquire xenctrl handle\n");
} else { } else {
sts = xc_domain_shutdown(xc_handle, xen_domid, sts = xc_domain_shutdown(xc_handle, xen_domid, reason);
reboot ? SHUTDOWN_reboot : SHUTDOWN_poweroff);
if (sts != 0) { if (sts != 0) {
fprintf(stderr, "xc_domain_shutdown failed to issue %s, " fprintf(stderr, "xc_domain_shutdown failed to issue %s, "
"sts %d, %s\n", reboot ? "reboot" : "poweroff", "sts %d, %s\n", reboot ? "reboot" : "poweroff",

21
hw/xen/xen-common.c
View File

@ -101,7 +101,12 @@ static void xenstore_record_dm_state(struct xs_handle *xs, const char *state)
} }
snprintf(path, sizeof (path), "device-model/%u/state", xen_domid); snprintf(path, sizeof (path), "device-model/%u/state", xen_domid);
if (!xs_write(xs, XBT_NULL, path, state, strlen(state))) { /*
* This call may fail when running restricted so don't make it fatal in
* that case. Toolstacks should instead use QMP to listen for state changes.
*/
if (!xs_write(xs, XBT_NULL, path, state, strlen(state)) &&
!xen_domid_restrict) {
error_report("error recording dm state"); error_report("error recording dm state");
exit(1); exit(1);
} }
@ -117,6 +122,19 @@ static void xen_change_state_handler(void *opaque, int running,
} }
} }
static void xen_setup_post(MachineState *ms, AccelState *accel)
{
int rc;
if (xen_domid_restrict) {
rc = xen_restrict(xen_domid);
if (rc < 0) {
perror("xen: failed to restrict");
exit(1);
}
}
}
static int xen_init(MachineState *ms) static int xen_init(MachineState *ms)
{ {
xen_xc = xc_interface_open(0, 0, 0); xen_xc = xc_interface_open(0, 0, 0);
@ -165,6 +183,7 @@ static void xen_accel_class_init(ObjectClass *oc, void *data)
AccelClass *ac = ACCEL_CLASS(oc); AccelClass *ac = ACCEL_CLASS(oc);
ac->name = "Xen"; ac->name = "Xen";
ac->init_machine = xen_init; ac->init_machine = xen_init;
ac->setup_post = xen_setup_post;
ac->allowed = &xen_allowed; ac->allowed = &xen_allowed;
ac->global_props = xen_compat_props; ac->global_props = xen_compat_props;
} }

125
include/hw/xen/xen_common.h
View File

@ -78,6 +78,49 @@ static inline void *xenforeignmemory_map(xc_interface *h, uint32_t dom,
extern xenforeignmemory_handle *xen_fmem; extern xenforeignmemory_handle *xen_fmem;
#if CONFIG_XEN_CTRL_INTERFACE_VERSION < 40900
typedef xc_interface xendevicemodel_handle;
#else /* CONFIG_XEN_CTRL_INTERFACE_VERSION >= 40900 */
#undef XC_WANT_COMPAT_DEVICEMODEL_API
#include <xendevicemodel.h>
#endif
#if CONFIG_XEN_CTRL_INTERFACE_VERSION < 41100
static inline int xendevicemodel_relocate_memory(
xendevicemodel_handle *dmod, domid_t domid, uint32_t size, uint64_t src_gfn,
uint64_t dst_gfn)
{
uint32_t i;
int rc;
for (i = 0; i < size; i++) {
unsigned long idx = src_gfn + i;
xen_pfn_t gpfn = dst_gfn + i;
rc = xc_domain_add_to_physmap(xen_xc, domid, XENMAPSPACE_gmfn, idx,
gpfn);
if (rc) {
return rc;
}
}
return 0;
}
static inline int xendevicemodel_pin_memory_cacheattr(
xendevicemodel_handle *dmod, domid_t domid, uint64_t start, uint64_t end,
uint32_t type)
{
return xc_domain_pin_memory_cacheattr(xen_xc, domid, start, end, type);
}
#endif /* CONFIG_XEN_CTRL_INTERFACE_VERSION < 41100 */
#if CONFIG_XEN_CTRL_INTERFACE_VERSION < 41000 #if CONFIG_XEN_CTRL_INTERFACE_VERSION < 41000
#define XEN_COMPAT_PHYSMAP #define XEN_COMPAT_PHYSMAP
@ -91,12 +134,27 @@ static inline void *xenforeignmemory_map2(xenforeignmemory_handle *h,
return xenforeignmemory_map(h, dom, prot, pages, arr, err); return xenforeignmemory_map(h, dom, prot, pages, arr, err);
} }
static inline int xentoolcore_restrict_all(domid_t domid)
{
errno = ENOTTY;
return -1;
}
static inline int xendevicemodel_shutdown(xendevicemodel_handle *dmod,
domid_t domid, unsigned int reason)
{
errno = ENOTTY;
return -1;
}
#else /* CONFIG_XEN_CTRL_INTERFACE_VERSION >= 41000 */
#include <xentoolcore.h>
#endif #endif
#if CONFIG_XEN_CTRL_INTERFACE_VERSION < 40900 #if CONFIG_XEN_CTRL_INTERFACE_VERSION < 40900
typedef xc_interface xendevicemodel_handle;
static inline xendevicemodel_handle *xendevicemodel_open( static inline xendevicemodel_handle *xendevicemodel_open(
struct xentoollog_logger *logger, unsigned int open_flags) struct xentoollog_logger *logger, unsigned int open_flags)
{ {
@ -218,25 +276,6 @@ static inline int xendevicemodel_set_mem_type(
return xc_hvm_set_mem_type(dmod, domid, mem_type, first_pfn, nr); return xc_hvm_set_mem_type(dmod, domid, mem_type, first_pfn, nr);
} }
static inline int xendevicemodel_restrict(
xendevicemodel_handle *dmod, domid_t domid)
{
errno = ENOTTY;
return -1;
}
static inline int xenforeignmemory_restrict(
xenforeignmemory_handle *fmem, domid_t domid)
{
errno = ENOTTY;
return -1;
}
#else /* CONFIG_XEN_CTRL_INTERFACE_VERSION >= 40900 */
#undef XC_WANT_COMPAT_DEVICEMODEL_API
#include <xendevicemodel.h>
#endif #endif
extern xendevicemodel_handle *xen_dmod; extern xendevicemodel_handle *xen_dmod;
@ -290,28 +329,8 @@ static inline int xen_modified_memory(domid_t domid, uint64_t first_pfn,
static inline int xen_restrict(domid_t domid) static inline int xen_restrict(domid_t domid)
{ {
int rc; int rc;
rc = xentoolcore_restrict_all(domid);
/* Attempt to restrict devicemodel operations */
rc = xendevicemodel_restrict(xen_dmod, domid);
trace_xen_domid_restrict(rc ? errno : 0); trace_xen_domid_restrict(rc ? errno : 0);
if (rc < 0) {
/*
* If errno is ENOTTY then restriction is not implemented so
* there's no point in trying to restrict other types of
* operation, but it should not be treated as a failure.
*/
if (errno == ENOTTY) {
return 0;
}
return rc;
}
/* Restrict foreignmemory operations */
rc = xenforeignmemory_restrict(xen_fmem, domid);
trace_xen_domid_restrict(rc ? errno : 0);
return rc; return rc;
} }
@ -626,28 +645,6 @@ static inline int xen_set_ioreq_server_state(domid_t dom,
#endif #endif
#if CONFIG_XEN_CTRL_INTERFACE_VERSION < 40600
static inline int xen_xc_domain_add_to_physmap(xc_interface *xch, uint32_t domid,
unsigned int space,
unsigned long idx,
xen_pfn_t gpfn)
{
return xc_domain_add_to_physmap(xch, domid, space, idx, gpfn);
}
#else
static inline int xen_xc_domain_add_to_physmap(xc_interface *xch, uint32_t domid,
unsigned int space,
unsigned long idx,
xen_pfn_t gpfn)
{
/* In Xen 4.6 rc is -1 and errno contains the error value. */
int rc = xc_domain_add_to_physmap(xch, domid, space, idx, gpfn);
if (rc == -1)
return errno;
return rc;
}
#endif
#ifdef CONFIG_XEN_PV_DOMAIN_BUILD #ifdef CONFIG_XEN_PV_DOMAIN_BUILD
#if CONFIG_XEN_CTRL_INTERFACE_VERSION < 40700 #if CONFIG_XEN_CTRL_INTERFACE_VERSION < 40700
static inline int xen_domain_create(xc_interface *xc, uint32_t ssidref, static inline int xen_domain_create(xc_interface *xc, uint32_t ssidref,

3
include/sysemu/accel.h
View File

@ -40,6 +40,7 @@ typedef struct AccelClass {
const char *name; const char *name;
int (*available)(void); int (*available)(void);
int (*init_machine)(MachineState *ms); int (*init_machine)(MachineState *ms);
void (*setup_post)(MachineState *ms, AccelState *accel);
bool *allowed; bool *allowed;
/* /*
* Array of global properties that would be applied when specific * Array of global properties that would be applied when specific
@ -68,5 +69,7 @@ extern unsigned long tcg_tb_size;
void configure_accelerator(MachineState *ms); void configure_accelerator(MachineState *ms);
/* Register accelerator specific global properties */ /* Register accelerator specific global properties */
void accel_register_compat_props(AccelState *accel); void accel_register_compat_props(AccelState *accel);
/* Called just before os_setup_post (ie just before drop OS privs) */
void accel_setup_post(MachineState *ms);
#endif #endif

91
os-posix.c
View File

@ -41,7 +41,14 @@
#include <sys/prctl.h> #include <sys/prctl.h>
#endif #endif
static struct passwd *user_pwd; /*
* Must set all three of these at once.
* Legal combinations are unset by name by uid
*/
static struct passwd *user_pwd; /* NULL non-NULL NULL */
static uid_t user_uid = (uid_t)-1; /* -1 -1 >=0 */
static gid_t user_gid = (gid_t)-1; /* -1 -1 >=0 */
static const char *chroot_dir; static const char *chroot_dir;
static int daemonize; static int daemonize;
static int daemon_pipe; static int daemon_pipe;
@ -118,15 +125,42 @@ void os_set_proc_name(const char *s)
/* Could rewrite argv[0] too, but that's a bit more complicated. /* Could rewrite argv[0] too, but that's a bit more complicated.
This simple way is enough for `top'. */ This simple way is enough for `top'. */
if (prctl(PR_SET_NAME, name)) { if (prctl(PR_SET_NAME, name)) {
perror("unable to change process name"); error_report("unable to change process name: %s", strerror(errno));
exit(1); exit(1);
} }
#else #else
fprintf(stderr, "Change of process name not supported by your OS\n"); error_report("Change of process name not supported by your OS");
exit(1); exit(1);
#endif #endif
} }
static bool os_parse_runas_uid_gid(const char *optarg)
{
unsigned long lv;
const char *ep;
uid_t got_uid;
gid_t got_gid;
int rc;
rc = qemu_strtoul(optarg, &ep, 0, &lv);
got_uid = lv; /* overflow here is ID in C99 */
if (rc || *ep != ':' || got_uid != lv || got_uid == (uid_t)-1) {
return false;
}
rc = qemu_strtoul(ep + 1, 0, 0, &lv);
got_gid = lv; /* overflow here is ID in C99 */
if (rc || got_gid != lv || got_gid == (gid_t)-1) {
return false;
}
user_pwd = NULL;
user_uid = got_uid;
user_gid = got_gid;
return true;
}
/* /*
* Parse OS specific command line options. * Parse OS specific command line options.
* return 0 if option handled, -1 otherwise * return 0 if option handled, -1 otherwise
@ -144,8 +178,13 @@ void os_parse_cmd_args(int index, const char *optarg)
#endif #endif
case QEMU_OPTION_runas: case QEMU_OPTION_runas:
user_pwd = getpwnam(optarg); user_pwd = getpwnam(optarg);
if (!user_pwd) { if (user_pwd) {
fprintf(stderr, "User \"%s\" doesn't exist\n", optarg); user_uid = -1;
user_gid = -1;
} else if (!os_parse_runas_uid_gid(optarg)) {
error_report("User \"%s\" doesn't exist"
" (and is not <uid>:<gid>)",
optarg);
exit(1); exit(1);
} }
break; break;
@ -165,22 +204,36 @@ void os_parse_cmd_args(int index, const char *optarg)
static void change_process_uid(void) static void change_process_uid(void)
{ {
if (user_pwd) { assert((user_uid == (uid_t)-1) || user_pwd == NULL);
if (setgid(user_pwd->pw_gid) < 0) { assert((user_uid == (uid_t)-1) ==
fprintf(stderr, "Failed to setgid(%d)\n", user_pwd->pw_gid); (user_gid == (gid_t)-1));
if (user_pwd || user_uid != (uid_t)-1) {
gid_t intended_gid = user_pwd ? user_pwd->pw_gid : user_gid;
uid_t intended_uid = user_pwd ? user_pwd->pw_uid : user_uid;
if (setgid(intended_gid) < 0) {
error_report("Failed to setgid(%d)", intended_gid);
exit(1); exit(1);
} }
if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) { if (user_pwd) {
fprintf(stderr, "Failed to initgroups(\"%s\", %d)\n", if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) {
user_pwd->pw_name, user_pwd->pw_gid); error_report("Failed to initgroups(\"%s\", %d)",
exit(1); user_pwd->pw_name, user_pwd->pw_gid);
exit(1);
}
} else {
if (setgroups(1, &user_gid) < 0) {
error_report("Failed to setgroups(1, [%d])",
user_gid);
exit(1);
}
} }
if (setuid(user_pwd->pw_uid) < 0) { if (setuid(intended_uid) < 0) {
fprintf(stderr, "Failed to setuid(%d)\n", user_pwd->pw_uid); error_report("Failed to setuid(%d)", intended_uid);
exit(1); exit(1);
} }
if (setuid(0) != -1) { if (setuid(0) != -1) {
fprintf(stderr, "Dropping privileges failed\n"); error_report("Dropping privileges failed");
exit(1); exit(1);
} }
} }
@ -190,11 +243,11 @@ static void change_root(void)
{ {
if (chroot_dir) { if (chroot_dir) {
if (chroot(chroot_dir) < 0) { if (chroot(chroot_dir) < 0) {
fprintf(stderr, "chroot failed\n"); error_report("chroot failed");
exit(1); exit(1);
} }
if (chdir("/")) { if (chdir("/")) {
perror("not able to chdir to /"); error_report("not able to chdir to /: %s", strerror(errno));
exit(1); exit(1);
} }
} }
@ -256,7 +309,7 @@ void os_setup_post(void)
if (daemonize) { if (daemonize) {
if (chdir("/")) { if (chdir("/")) {
perror("not able to chdir to /"); error_report("not able to chdir to /: %s", strerror(errno));
exit(1); exit(1);
} }
TFR(fd = qemu_open("/dev/null", O_RDWR)); TFR(fd = qemu_open("/dev/null", O_RDWR));
@ -330,7 +383,7 @@ int os_mlock(void)
ret = mlockall(MCL_CURRENT | MCL_FUTURE); ret = mlockall(MCL_CURRENT | MCL_FUTURE);
if (ret < 0) { if (ret < 0) {
perror("mlockall"); error_report("mlockall: %s", strerror(errno));
} }
return ret; return ret;

3
qemu-options.hx
View File

@ -3765,7 +3765,8 @@ ETEXI
#ifndef _WIN32 #ifndef _WIN32
DEF("runas", HAS_ARG, QEMU_OPTION_runas, \ DEF("runas", HAS_ARG, QEMU_OPTION_runas, \
"-runas user change to user id user just before starting the VM\n", "-runas user change to user id user just before starting the VM\n" \
" user can be numeric uid:gid instead\n",
QEMU_ARCH_ALL) QEMU_ARCH_ALL)
#endif #endif
STEXI STEXI

1
scripts/checkpatch.pl
View File

@ -266,6 +266,7 @@ our @typeList = (
qr{target_(?:u)?long}, qr{target_(?:u)?long},
qr{hwaddr}, qr{hwaddr},
qr{xml${Ident}}, qr{xml${Ident}},
qr{xendevicemodel_handle},
); );
# This can be modified by sub possible. Since it can be empty, be careful # This can be modified by sub possible. Since it can be empty, be careful

1
vl.c
View File

@ -4742,6 +4742,7 @@ int main(int argc, char **argv, char **envp)
vm_start(); vm_start();
} }
accel_setup_post(current_machine);
os_setup_post(); os_setup_post();
main_loop(); main_loop();