| Message ID | 20240125072214.318382-2-aharivel@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Add support for the RAPL MSRs series | expand |
On Thu, Jan 25, 2024 at 08:22:12AM +0100, Anthony Harivel wrote: > The function qio_channel_get_peercred() returns a pointer to the > credentials of the peer process connected to this socket. > > This credentials structure is defined in <sys/socket.h> as follows: > > struct ucred { > pid_t pid; /* Process ID of the sending process */ > uid_t uid; /* User ID of the sending process */ > gid_t gid; /* Group ID of the sending process */ > }; > > The use of this function is possible only for connected AF_UNIX stream > sockets and for AF_UNIX stream and datagram socket pairs. > > On platform other than Linux, the function return 0. > > Signed-off-by: Anthony Harivel <aharivel@redhat.com> > --- > include/io/channel.h | 21 +++++++++++++++++++++ > io/channel-socket.c | 23 +++++++++++++++++++++++ > io/channel.c | 12 ++++++++++++ > 3 files changed, 56 insertions(+) > > diff --git a/include/io/channel.h b/include/io/channel.h > index 5f9dbaab65b0..0413435ce011 100644 > --- a/include/io/channel.h > +++ b/include/io/channel.h > @@ -149,6 +149,9 @@ struct QIOChannelClass { > void *opaque); > int (*io_flush)(QIOChannel *ioc, > Error **errp); > + void (*io_peerpid)(QIOChannel *ioc, > + unsigned int *pid, > + Error **errp); Idented 1 space too many > }; > > /* General I/O handling functions */ > @@ -898,4 +901,22 @@ int coroutine_mixed_fn qio_channel_writev_full_all(QIOChannel *ioc, > int qio_channel_flush(QIOChannel *ioc, > Error **errp); > > +/** > + * qio_channel_get_peercred: > + * @ioc: the channel object > + * @pid: pointer to pid > + * @errp: pointer to a NULL-initialized error object > + * > + * Returns the pid of the peer process connected to this socket. > + * > + * The use of this function is possible only for connected > + * AF_UNIX stream sockets and for AF_UNIX stream and datagram > + * socket pairs on Linux. > + * Return 0 for the non-Linux OS. Update to say this returns an error for other platforms > + * > + */ > +void qio_channel_get_peerpid(QIOChannel *ioc, > + unsigned int *pid, > + Error **errp); Idented 1 space too many > + > #endif /* QIO_CHANNEL_H */ > diff --git a/io/channel-socket.c b/io/channel-socket.c > index 3a899b060858..e6a73592650c 100644 > --- a/io/channel-socket.c > +++ b/io/channel-socket.c > @@ -841,6 +841,28 @@ qio_channel_socket_set_cork(QIOChannel *ioc, > socket_set_cork(sioc->fd, v); > } > > +static void > +qio_channel_socket_get_peerpid(QIOChannel *ioc, > + unsigned int *pid, > + Error **errp) > +{ > +#ifdef CONFIG_LINUX > + QIOChannelSocket *sioc = QIO_CHANNEL_SOCKET(ioc); > + Error *err = NULL; > + socklen_t len = sizeof(struct ucred); > + > + struct ucred cred; > + if (getsockopt(sioc->fd, > + SOL_SOCKET, SO_PEERCRED, > + &cred, &len) == -1) { > + error_setg_errno(&err, errno, "Unable to get peer credentials"); > + error_propagate(errp, err); > + } > + *pid = (unsigned int)cred.pid; > +#else > + *pid = 0; Defaulting 'pid' to 0 is potentially unsafe, because to a caller it now appears that the remote party is 'root' and thus implied to be a privileged account. We should 'error_setg' for any platform we don't have an impl on, so the caller will see a fail for any usage. > +#endif > +} > > static int > qio_channel_socket_close(QIOChannel *ioc, > @@ -938,6 +960,7 @@ static void qio_channel_socket_class_init(ObjectClass *klass, > #ifdef QEMU_MSG_ZEROCOPY > ioc_klass->io_flush = qio_channel_socket_flush; > #endif > + ioc_klass->io_peerpid = qio_channel_socket_get_peerpid; > } > > static const TypeInfo qio_channel_socket_info = { > diff --git a/io/channel.c b/io/channel.c > index 86c5834510ff..a5646650cf72 100644 > --- a/io/channel.c > +++ b/io/channel.c > @@ -490,6 +490,18 @@ void qio_channel_set_cork(QIOChannel *ioc, > } > } > > +void qio_channel_get_peerpid(QIOChannel *ioc, > + unsigned int *pid, > + Error **errp) > +{ > + QIOChannelClass *klass = QIO_CHANNEL_GET_CLASS(ioc); > + > + if (!klass->io_peerpid) { > + error_setg(errp, "Channel does not support peer pid"); > + return; > + } > + klass->io_peerpid(ioc, pid, errp); > +} > > off_t qio_channel_io_seek(QIOChannel *ioc, > off_t offset, With regards, Daniel
On Thu, Jan 25, 2024 at 5:38 PM Daniel P. Berrangé <berrange@redhat.com> wrote: > > +static void > > +qio_channel_socket_get_peerpid(QIOChannel *ioc, > > + unsigned int *pid, > > + Error **errp) > > +{ > > +#ifdef CONFIG_LINUX > > + QIOChannelSocket *sioc = QIO_CHANNEL_SOCKET(ioc); > > + Error *err = NULL; > > + socklen_t len = sizeof(struct ucred); > > + > > + struct ucred cred; > > + if (getsockopt(sioc->fd, > > + SOL_SOCKET, SO_PEERCRED, > > + &cred, &len) == -1) { > > + error_setg_errno(&err, errno, "Unable to get peer credentials"); > > + error_propagate(errp, err); > > + } > > + *pid = (unsigned int)cred.pid; > > +#else > > + *pid = 0; > > Defaulting 'pid' to 0 is potentially unsafe, because to a caller it > now appears that the remote party is 'root' and thus implied to be > a privileged account. This is a pid, so 0 cannot be confused; however, I agree that returning an error is better. Paolo
On Mon, Jan 29, 2024 at 08:25:29PM +0100, Paolo Bonzini wrote: > On Thu, Jan 25, 2024 at 5:38 PM Daniel P. Berrangé <berrange@redhat.com> wrote: > > > +static void > > > +qio_channel_socket_get_peerpid(QIOChannel *ioc, > > > + unsigned int *pid, > > > + Error **errp) > > > +{ > > > +#ifdef CONFIG_LINUX > > > + QIOChannelSocket *sioc = QIO_CHANNEL_SOCKET(ioc); > > > + Error *err = NULL; > > > + socklen_t len = sizeof(struct ucred); > > > + > > > + struct ucred cred; > > > + if (getsockopt(sioc->fd, > > > + SOL_SOCKET, SO_PEERCRED, > > > + &cred, &len) == -1) { > > > + error_setg_errno(&err, errno, "Unable to get peer credentials"); > > > + error_propagate(errp, err); > > > + } > > > + *pid = (unsigned int)cred.pid; > > > +#else > > > + *pid = 0; > > > > Defaulting 'pid' to 0 is potentially unsafe, because to a caller it > > now appears that the remote party is 'root' and thus implied to be > > a privileged account. > > This is a pid, so 0 cannot be confused; however, I agree that > returning an error is better. Opps, face-palm ! With regards, Daniel
diff --git a/include/io/channel.h b/include/io/channel.h index 5f9dbaab65b0..0413435ce011 100644 --- a/include/io/channel.h +++ b/include/io/channel.h @@ -149,6 +149,9 @@ struct QIOChannelClass { void *opaque); int (*io_flush)(QIOChannel *ioc, Error **errp); + void (*io_peerpid)(QIOChannel *ioc, + unsigned int *pid, + Error **errp); }; /* General I/O handling functions */ @@ -898,4 +901,22 @@ int coroutine_mixed_fn qio_channel_writev_full_all(QIOChannel *ioc, int qio_channel_flush(QIOChannel *ioc, Error **errp); +/** + * qio_channel_get_peercred: + * @ioc: the channel object + * @pid: pointer to pid + * @errp: pointer to a NULL-initialized error object + * + * Returns the pid of the peer process connected to this socket. + * + * The use of this function is possible only for connected + * AF_UNIX stream sockets and for AF_UNIX stream and datagram + * socket pairs on Linux. + * Return 0 for the non-Linux OS. + * + */ +void qio_channel_get_peerpid(QIOChannel *ioc, + unsigned int *pid, + Error **errp); + #endif /* QIO_CHANNEL_H */ diff --git a/io/channel-socket.c b/io/channel-socket.c index 3a899b060858..e6a73592650c 100644 --- a/io/channel-socket.c +++ b/io/channel-socket.c @@ -841,6 +841,28 @@ qio_channel_socket_set_cork(QIOChannel *ioc, socket_set_cork(sioc->fd, v); } +static void +qio_channel_socket_get_peerpid(QIOChannel *ioc, + unsigned int *pid, + Error **errp) +{ +#ifdef CONFIG_LINUX + QIOChannelSocket *sioc = QIO_CHANNEL_SOCKET(ioc); + Error *err = NULL; + socklen_t len = sizeof(struct ucred); + + struct ucred cred; + if (getsockopt(sioc->fd, + SOL_SOCKET, SO_PEERCRED, + &cred, &len) == -1) { + error_setg_errno(&err, errno, "Unable to get peer credentials"); + error_propagate(errp, err); + } + *pid = (unsigned int)cred.pid; +#else + *pid = 0; +#endif +} static int qio_channel_socket_close(QIOChannel *ioc, @@ -938,6 +960,7 @@ static void qio_channel_socket_class_init(ObjectClass *klass, #ifdef QEMU_MSG_ZEROCOPY ioc_klass->io_flush = qio_channel_socket_flush; #endif + ioc_klass->io_peerpid = qio_channel_socket_get_peerpid; } static const TypeInfo qio_channel_socket_info = { diff --git a/io/channel.c b/io/channel.c index 86c5834510ff..a5646650cf72 100644 --- a/io/channel.c +++ b/io/channel.c @@ -490,6 +490,18 @@ void qio_channel_set_cork(QIOChannel *ioc, } } +void qio_channel_get_peerpid(QIOChannel *ioc, + unsigned int *pid, + Error **errp) +{ + QIOChannelClass *klass = QIO_CHANNEL_GET_CLASS(ioc); + + if (!klass->io_peerpid) { + error_setg(errp, "Channel does not support peer pid"); + return; + } + klass->io_peerpid(ioc, pid, errp); +} off_t qio_channel_io_seek(QIOChannel *ioc, off_t offset,
The function qio_channel_get_peercred() returns a pointer to the credentials of the peer process connected to this socket. This credentials structure is defined in <sys/socket.h> as follows: struct ucred { pid_t pid; /* Process ID of the sending process */ uid_t uid; /* User ID of the sending process */ gid_t gid; /* Group ID of the sending process */ }; The use of this function is possible only for connected AF_UNIX stream sockets and for AF_UNIX stream and datagram socket pairs. On platform other than Linux, the function return 0. Signed-off-by: Anthony Harivel <aharivel@redhat.com> --- include/io/channel.h | 21 +++++++++++++++++++++ io/channel-socket.c | 23 +++++++++++++++++++++++ io/channel.c | 12 ++++++++++++ 3 files changed, 56 insertions(+)