From nobody Mon Dec 15 01:47:30 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1522915804801430.98832883207376;
 Thu, 5 Apr 2018 01:10:04 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 6CD024E8AB;
	Thu,  5 Apr 2018 08:10:03 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 3E0496C35F;
	Thu,  5 Apr 2018 08:10:03 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id C202B1800CA0;
	Thu,  5 Apr 2018 08:10:02 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
	[10.11.54.6])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w3589jPS004413 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 5 Apr 2018 04:09:45 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 835B52166BB2; Thu,  5 Apr 2018 08:09:45 +0000 (UTC)
Received: from moe.brq.redhat.com (unknown [10.43.2.192])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 2ABF12166BAE
	for <libvir-list@redhat.com>; Thu,  5 Apr 2018 08:09:45 +0000 (UTC)
From: Michal Privoznik <mprivozn@redhat.com>
To: libvir-list@redhat.com
Date: Thu,  5 Apr 2018 10:09:40 +0200
Message-Id: 
 <ae38513a5f7953b176e06b6839b2ca86611f3ccd.1522915381.git.mprivozn@redhat.com>
In-Reply-To: <cover.1522915381.git.mprivozn@redhat.com>
References: <cover.1522915381.git.mprivozn@redhat.com>
In-Reply-To: <cover.1522915381.git.mprivozn@redhat.com>
References: <cover.1522915381.git.mprivozn@redhat.com>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v4 2/3] qemu_cgroup: Handle device mapper targets
	properly
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]);
 Thu, 05 Apr 2018 08:10:03 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

https://bugzilla.redhat.com/show_bug.cgi?id=3D1557769

Problem with device mapper targets is that there can be several
other devices 'hidden' behind them. For instance, /dev/dm-1 can
consist of /dev/sda, /dev/sdb and /dev/sdc. Therefore, when
setting up devices CGroup and namespaces we have to take this
into account.

This bug was exposed after Linux kernel was fixed. Initially,
kernel used different functions for getting block device in
open() and ioctl(). While CGroup permissions were checked in the
former case, due to a bug in kernel they were not checked in the
latter case. This changed with the upstream commit of
519049afead4f7c3e6446028c41e99fde958cc04 (v4.16-rc5~11^2~4).

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 libvirt.spec.in        |  2 ++
 src/qemu/qemu_cgroup.c | 46 +++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 45 insertions(+), 3 deletions(-)

diff --git a/libvirt.spec.in b/libvirt.spec.in
index 97143c68ae..7dd63c0762 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -801,6 +801,8 @@ Requires: gzip
 Requires: bzip2
 Requires: lzop
 Requires: xz
+# For mpath devices
+Requires: device-mapper
     %if 0%{?fedora} || 0%{?rhel} > 7
 Requires: systemd-container
     %endif
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index b604edb31c..d88eb7881f 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -37,6 +37,7 @@
 #include "virtypedparam.h"
 #include "virnuma.h"
 #include "virsystemd.h"
+#include "virdevmapper.h"
=20
 #define VIR_FROM_THIS VIR_FROM_QEMU
=20
@@ -60,7 +61,10 @@ qemuSetupImagePathCgroup(virDomainObjPtr vm,
 {
     qemuDomainObjPrivatePtr priv =3D vm->privateData;
     int perms =3D VIR_CGROUP_DEVICE_READ;
-    int ret;
+    char **targetPaths =3D NULL;
+    size_t i;
+    int rv;
+    int ret =3D -1;
=20
     if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICE=
S))
         return 0;
@@ -71,12 +75,41 @@ qemuSetupImagePathCgroup(virDomainObjPtr vm,
     VIR_DEBUG("Allow path %s, perms: %s",
               path, virCgroupGetDevicePermsString(perms));
=20
-    ret =3D virCgroupAllowDevicePath(priv->cgroup, path, perms, true);
+    rv =3D virCgroupAllowDevicePath(priv->cgroup, path, perms, true);
=20
     virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path,
                              virCgroupGetDevicePermsString(perms),
-                             ret);
+                             rv);
+    if (rv < 0)
+        goto cleanup;
=20
+    if (rv > 0) {
+        /* @path is neither character device nor block device. */
+        ret =3D 0;
+        goto cleanup;
+    }
+
+    if (virDevMapperGetTargets(path, &targetPaths) < 0 &&
+        errno !=3D ENOSYS && errno !=3D EBADF) {
+        virReportSystemError(errno,
+                             _("Unable to get devmapper targets for %s"),
+                             path);
+        goto cleanup;
+    }
+
+    for (i =3D 0; targetPaths && targetPaths[i]; i++) {
+        rv =3D virCgroupAllowDevicePath(priv->cgroup, targetPaths[i], perm=
s, false);
+
+        virDomainAuditCgroupPath(vm, priv->cgroup, "allow", targetPaths[i],
+                                 virCgroupGetDevicePermsString(perms),
+                                 rv);
+        if (rv < 0)
+            goto cleanup;
+    }
+
+    ret =3D 0;
+ cleanup:
+    virStringListFree(targetPaths);
     return ret;
 }
=20
@@ -131,6 +164,13 @@ qemuTeardownImageCgroup(virDomainObjPtr vm,
     virDomainAuditCgroupPath(vm, priv->cgroup, "deny", src->path,
                              virCgroupGetDevicePermsString(perms), ret);
=20
+    /* If you're looking for a counter part to
+     * qemuSetupImagePathCgroup you're at the right place.
+     * However, we can't just blindly deny all the device mapper
+     * targets of src->path because they might still be used by
+     * another disk in domain. Just like we are not removing
+     * disks from namespace. */
+
     return ret;
 }
=20
--=20
2.16.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list