packages/stratovirt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
stratovirt/machine-standard_vm-fix-inappropriate-file-open-perm.patch
Jie Yang 2d9d03c21a Update version to 2.0.0-6 
Signed-off-by: Jie Yang <yangjieyj.yang@huawei.com>
(cherry picked from commit 6158eab66897bf7fb11ce7ae8c3b568f8de0e2dd)
2021-08-30 21:19:11 +08:00

123 lines
4.5 KiB
Diff
Raw Blame History

From 22362ed8a2d865e0b84bb20615eb1415086eb713 Mon Sep 17 00:00:00 2001
From: Jiajie Li <lijiajie11@huawei.com>
Date: Wed, 18 Aug 2021 11:18:45 +0800
Subject: [PATCH 4/8] machine/standard_vm: fix inappropriate file open
permissions
For PFlash device, code file is read-only and vars file is
readable and writable. So using right permissions to open
these two files.
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
---
machine/src/standard_vm/aarch64/mod.rs | 9 ++++-----
machine/src/standard_vm/mod.rs | 17 ++++++++++++++++-
machine/src/standard_vm/x86_64/mod.rs | 8 +++-----
3 files changed, 23 insertions(+), 11 deletions(-)
diff --git a/machine/src/standard_vm/aarch64/mod.rs b/machine/src/standard_vm/aarch64/mod.rs
index 54c103c..d3c8670 100644
--- a/machine/src/standard_vm/aarch64/mod.rs
+++ b/machine/src/standard_vm/aarch64/mod.rs
@@ -44,9 +44,9 @@ use virtio::{qmp_balloon, qmp_query_balloon};
use vmm_sys_util::eventfd::EventFd;
use super::{AcpiBuilder, StdMachineOps};
-use crate::errors::Result as MachineResult;
use crate::errors::{ErrorKind, Result};
use crate::MachineOps;
+use crate::{errors::Result as MachineResult, standard_vm::open_pflash_file};
use pci_host_root::PciHostRoot;
use syscall::syscall_whitelist;
@@ -397,6 +397,7 @@ impl MachineOps for StdMachine {
/// Add pflash device.
fn add_pflash_device(&mut self, configs: &[PFlashConfig]) -> Result<()> {
+ use super::errors::ErrorKind as StdErrorKind;
use crate::errors::ResultExt;
let mut configs_vec = configs.to_vec();
@@ -407,10 +408,8 @@ impl MachineOps for StdMachine {
for i in 0..=1 {
let (fd, read_only) = if i < configs_vec.len() {
let config = &configs_vec[i];
- let fd = std::fs::OpenOptions::new()
- .read(true)
- .write(true)
- .open(config.path_on_host.clone())?;
+ let fd = open_pflash_file(&config.path_on_host, config.unit)
+ .chain_err(|| StdErrorKind::OpenFileErr(config.path_on_host.clone()))?;
(Some(fd), config.read_only)
} else {
(None, false)
diff --git a/machine/src/standard_vm/mod.rs b/machine/src/standard_vm/mod.rs
index 5ba7929..ff469c3 100644
--- a/machine/src/standard_vm/mod.rs
+++ b/machine/src/standard_vm/mod.rs
@@ -39,12 +39,15 @@ pub mod errors {
InitPCIeHostErr {
display("Failed to init PCIe host.")
}
+ OpenFileErr(path: String) {
+ display("Failed to open file: {}.", path)
+ }
}
}
}
-use std::mem::size_of;
use std::sync::{Arc, Mutex};
+use std::{fs::File, mem::size_of};
#[cfg(target_arch = "x86_64")]
use acpi::AcpiGenericAddress;
@@ -61,6 +64,18 @@ use aarch64::{LayoutEntryType, MEM_LAYOUT};
#[cfg(target_arch = "x86_64")]
use x86_64::{LayoutEntryType, MEM_LAYOUT};
+fn open_pflash_file(file_name: &str, unit: usize) -> Result<File> {
+ let fd = if unit == 0 {
+ std::fs::OpenOptions::new().read(true).open(file_name)?
+ } else {
+ std::fs::OpenOptions::new()
+ .read(true)
+ .write(true)
+ .open(file_name)?
+ };
+ Ok(fd)
+}
+
trait StdMachineOps: AcpiBuilder {
fn init_pci_host(&self) -> Result<()>;
diff --git a/machine/src/standard_vm/x86_64/mod.rs b/machine/src/standard_vm/x86_64/mod.rs
index 0cb2b63..1c29703 100644
--- a/machine/src/standard_vm/x86_64/mod.rs
+++ b/machine/src/standard_vm/x86_64/mod.rs
@@ -49,7 +49,7 @@ use vmm_sys_util::eventfd::EventFd;
use super::errors::{ErrorKind, Result};
use super::{AcpiBuilder, StdMachineOps};
use crate::errors::{ErrorKind as MachineErrorKind, Result as MachineResult};
-use crate::MachineOps;
+use crate::{standard_vm::open_pflash_file, MachineOps};
use mch::Mch;
use syscall::syscall_whitelist;
use util::byte_code::ByteCode;
@@ -398,10 +398,8 @@ impl MachineOps for StdMachine {
// of current PFlash device.
let mut flash_end: u64 = MEM_LAYOUT[LayoutEntryType::MemAbove4g as usize].0;
for config in configs_vec {
- let mut fd = std::fs::OpenOptions::new()
- .read(true)
- .write(true)
- .open(config.path_on_host.clone())?;
+ let mut fd = open_pflash_file(&config.path_on_host, config.unit)
+ .chain_err(|| ErrorKind::OpenFileErr(config.path_on_host.clone()))?;
let pfl_size = fd.metadata().unwrap().len();
if config.unit == 0 {
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink