From 22362ed8a2d865e0b84bb20615eb1415086eb713 Mon Sep 17 00:00:00 2001 From: Jiajie Li Date: Wed, 18 Aug 2021 11:18:45 +0800 Subject: [PATCH 4/8] machine/standard_vm: fix inappropriate file open permissions For PFlash device, code file is read-only and vars file is readable and writable. So using right permissions to open these two files. Signed-off-by: Jiajie Li --- machine/src/standard_vm/aarch64/mod.rs | 9 ++++----- machine/src/standard_vm/mod.rs | 17 ++++++++++++++++- machine/src/standard_vm/x86_64/mod.rs | 8 +++----- 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/machine/src/standard_vm/aarch64/mod.rs b/machine/src/standard_vm/aarch64/mod.rs index 54c103c..d3c8670 100644 --- a/machine/src/standard_vm/aarch64/mod.rs +++ b/machine/src/standard_vm/aarch64/mod.rs @@ -44,9 +44,9 @@ use virtio::{qmp_balloon, qmp_query_balloon}; use vmm_sys_util::eventfd::EventFd; use super::{AcpiBuilder, StdMachineOps}; -use crate::errors::Result as MachineResult; use crate::errors::{ErrorKind, Result}; use crate::MachineOps; +use crate::{errors::Result as MachineResult, standard_vm::open_pflash_file}; use pci_host_root::PciHostRoot; use syscall::syscall_whitelist; @@ -397,6 +397,7 @@ impl MachineOps for StdMachine { /// Add pflash device. fn add_pflash_device(&mut self, configs: &[PFlashConfig]) -> Result<()> { + use super::errors::ErrorKind as StdErrorKind; use crate::errors::ResultExt; let mut configs_vec = configs.to_vec(); @@ -407,10 +408,8 @@ impl MachineOps for StdMachine { for i in 0..=1 { let (fd, read_only) = if i < configs_vec.len() { let config = &configs_vec[i]; - let fd = std::fs::OpenOptions::new() - .read(true) - .write(true) - .open(config.path_on_host.clone())?; + let fd = open_pflash_file(&config.path_on_host, config.unit) + .chain_err(|| StdErrorKind::OpenFileErr(config.path_on_host.clone()))?; (Some(fd), config.read_only) } else { (None, false) diff --git a/machine/src/standard_vm/mod.rs b/machine/src/standard_vm/mod.rs index 5ba7929..ff469c3 100644 --- a/machine/src/standard_vm/mod.rs +++ b/machine/src/standard_vm/mod.rs @@ -39,12 +39,15 @@ pub mod errors { InitPCIeHostErr { display("Failed to init PCIe host.") } + OpenFileErr(path: String) { + display("Failed to open file: {}.", path) + } } } } -use std::mem::size_of; use std::sync::{Arc, Mutex}; +use std::{fs::File, mem::size_of}; #[cfg(target_arch = "x86_64")] use acpi::AcpiGenericAddress; @@ -61,6 +64,18 @@ use aarch64::{LayoutEntryType, MEM_LAYOUT}; #[cfg(target_arch = "x86_64")] use x86_64::{LayoutEntryType, MEM_LAYOUT}; +fn open_pflash_file(file_name: &str, unit: usize) -> Result { + let fd = if unit == 0 { + std::fs::OpenOptions::new().read(true).open(file_name)? + } else { + std::fs::OpenOptions::new() + .read(true) + .write(true) + .open(file_name)? + }; + Ok(fd) +} + trait StdMachineOps: AcpiBuilder { fn init_pci_host(&self) -> Result<()>; diff --git a/machine/src/standard_vm/x86_64/mod.rs b/machine/src/standard_vm/x86_64/mod.rs index 0cb2b63..1c29703 100644 --- a/machine/src/standard_vm/x86_64/mod.rs +++ b/machine/src/standard_vm/x86_64/mod.rs @@ -49,7 +49,7 @@ use vmm_sys_util::eventfd::EventFd; use super::errors::{ErrorKind, Result}; use super::{AcpiBuilder, StdMachineOps}; use crate::errors::{ErrorKind as MachineErrorKind, Result as MachineResult}; -use crate::MachineOps; +use crate::{standard_vm::open_pflash_file, MachineOps}; use mch::Mch; use syscall::syscall_whitelist; use util::byte_code::ByteCode; @@ -398,10 +398,8 @@ impl MachineOps for StdMachine { // of current PFlash device. let mut flash_end: u64 = MEM_LAYOUT[LayoutEntryType::MemAbove4g as usize].0; for config in configs_vec { - let mut fd = std::fs::OpenOptions::new() - .read(true) - .write(true) - .open(config.path_on_host.clone())?; + let mut fd = open_pflash_file(&config.path_on_host, config.unit) + .chain_err(|| ErrorKind::OpenFileErr(config.path_on_host.clone()))?; let pfl_size = fd.metadata().unwrap().len(); if config.unit == 0 { -- 2.25.1