Re: [libvirt] [Qemu-devel] [PATCH v2] Add support for fd: protocol

On Tue, Jun 14, 2011 at 4:31 PM, Corey Bryant<bryntcor(a)us.ibm.com> wrote: > > sVirt provides SELinux MAC isolation for Qemu guest processes and their > > corresponding resources (image files). sVirt provides this support > > by labeling guests and resources with security labels that are stored > > in file system extended attributes. Some file systems, such as NFS, do > > not support the extended attribute security namespace, which is needed > > for image file isolation when using the sVirt SELinux security driver > > in libvirt. > > > > The proposed solution entails a combination of Qemu, libvirt, and > > SELinux patches that work together to isolate multiple guests' images > > when they're stored in the same NFS mount. This results in an > > environment where sVirt isolation and NFS image file isolation can both > > be provided. > > > > This patch contains the Qemu code to support this solution. I would > > like to solicit input from the libvirt community prior to starting > > the libvirt patch. > > > > Currently, Qemu opens an image file in addition to performing the > > necessary read and write operations. The proposed solution will move > > the open out of Qemu and into libvirt. Once libvirt opens an image > > file for the guest, it will pass the file descriptor to Qemu via a > > new fd: protocol. > > > > If the image file resides in an NFS mount, the following SELinux policy > > changes will provide image isolation: > > > > - A new SELinux boolean is created (e.g. virt_read_write_nfs) to > > allow Qemu (svirt_t) to only have SELinux read and write > > permissions on nfs_t files > > > > - Qemu (svirt_t) also gets SELinux use permissions on libvirt > > (virtd_t) file descriptors > > > > Following is a sample invocation of Qemu using the fd: protocol on > > the command line: > > > > qemu -drive file=fd:4,format=qcow2 > > > > The fd: protocol is also supported by the drive_add monitor command. > > This requires that the specified file descriptor is passed to the > > monitor alongside a prior getfd monitor command. > > > > There are some additional features provided by certain image types > > where Qemu reopens the image file. All of these scenarios will be > > unsupported for the fd: protocol, at least for this patch: > > > > - The -snapshot command line option > > - The savevm monitor command > > - The snapshot_blkdev monitor command > > - Starting Qemu with a backing file There's also native CDROM device. Did you consider adding an explicit reopen method to block layer?

> > The thought is that this support can be added in the future, but is > > not required for the initial fd: support. > > > > This patch was tested with the following formats: raw, cow, qcow, > > qcow2, qed, and vmdk, using the fd: protocol from the command line > > and the monitor. Tests were also run to verify existing file name > > support and qemu-img were not regressed. Non-valid file descriptors, > > fd: without format, snapshot and backing files were also tested. > > > > Signed-off-by: Corey Bryant&lt;coreyb(a)linux.vnet.ibm.com&gt; > > --- > > block.c | 16 ++++++++++ > > block.h | 1 + > > block/cow.c | 5 +++ > > block/qcow.c | 5 +++ > > block/qcow2.c | 5 +++ > > block/qed.c | 4 ++ > > block/raw-posix.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++------ > > block/vmdk.c | 5 +++ > > block_int.h | 1 + > > blockdev.c | 10 ++++++ > > monitor.c | 5 +++ > > monitor.h | 1 + > > qemu-options.hx | 8 +++-- > > qemu-tool.c | 5 +++ > > 14 files changed, 140 insertions(+), 12 deletions(-) > > > > diff --git a/block.c b/block.c > > index 24a25d5..500db84 100644 > > --- a/block.c > > +++ b/block.c > > @@ -536,6 +536,10 @@ int bdrv_open(BlockDriverState *bs, const char *filename, int flags, > > char tmp_filename[PATH_MAX]; > > char backing_filename[PATH_MAX]; > > > > + if (bdrv_is_fd_protocol(bs)) { > > + return -ENOTSUP; > > + } > > + > > /* if snapshot, we create a temporary backing file and open it > > instead of opening 'filename' directly */ > > > > @@ -585,6 +589,10 @@ int bdrv_open(BlockDriverState *bs, const char *filename, int flags, > > > > /* Find the right image format driver */ > > if (!drv) { > > + /* format must be specified for fd: protocol */ > > + if (bdrv_is_fd_protocol(bs)) { > > + return -ENOTSUP; > > + } > > ret = find_image_format(filename,&drv); > > } > > > > @@ -1460,6 +1468,11 @@ int bdrv_enable_write_cache(BlockDriverState *bs) > > return bs->enable_write_cache; > > } > > > > +int bdrv_is_fd_protocol(BlockDriverState *bs) > > +{ > > + return bs->fd_protocol; > > +} > > + > > /* XXX: no longer used */ > > void bdrv_set_change_cb(BlockDriverState *bs, > > void (*change_cb)(void *opaque, int reason), > > @@ -1964,6 +1977,9 @@ int bdrv_snapshot_create(BlockDriverState *bs, > > BlockDriver *drv = bs->drv; > > if (!drv) > > return -ENOMEDIUM; > > + if (bdrv_is_fd_protocol(bs)) { > > + return -ENOTSUP; > > + } > > if (drv->bdrv_snapshot_create) > > return drv->bdrv_snapshot_create(bs, sn_info); > > if (bs->file) > > diff --git a/block.h b/block.h > > index da7d39c..dd46d52 100644 > > --- a/block.h > > +++ b/block.h > > @@ -182,6 +182,7 @@ int bdrv_is_removable(BlockDriverState *bs); > > int bdrv_is_read_only(BlockDriverState *bs); > > int bdrv_is_sg(BlockDriverState *bs); > > int bdrv_enable_write_cache(BlockDriverState *bs); > > +int bdrv_is_fd_protocol(BlockDriverState *bs); > > int bdrv_is_inserted(BlockDriverState *bs); > > int bdrv_media_changed(BlockDriverState *bs); > > int bdrv_is_locked(BlockDriverState *bs); > > diff --git a/block/cow.c b/block/cow.c > > index 4cf543c..e17f8e7 100644 > > --- a/block/cow.c > > +++ b/block/cow.c > > @@ -82,6 +82,11 @@ static int cow_open(BlockDriverState *bs, int flags) > > pstrcpy(bs->backing_file, sizeof(bs->backing_file), > > cow_header.backing_file); > > > > + if (bs->backing_file[0] != '\0'&& bdrv_is_fd_protocol(bs)) { > > + /* backing file currently not supported by fd: protocol */ > > + goto fail; > > + } > > + > > bitmap_size = ((bs->total_sectors + 7)>> 3) + sizeof(cow_header); > > s->cow_sectors_offset = (bitmap_size + 511)& ~511; > > return 0; > > diff --git a/block/qcow.c b/block/qcow.c > > index a26c886..1e46bdb 100644 > > --- a/block/qcow.c > > +++ b/block/qcow.c > > @@ -157,6 +157,11 @@ static int qcow_open(BlockDriverState *bs, int flags) > > if (bdrv_pread(bs->file, header.backing_file_offset, bs->backing_file, len) != len) > > goto fail; > > bs->backing_file[len] = '\0'; > > + > > + if (bs->backing_file[0] != '\0'&& bdrv_is_fd_protocol(bs)) { > > + /* backing file currently not supported by fd: protocol */ > > + goto fail; > > + } > > } > > return 0; > > > > diff --git a/block/qcow2.c b/block/qcow2.c > > index 8451ded..8b9c160 100644 > > --- a/block/qcow2.c > > +++ b/block/qcow2.c > > @@ -270,6 +270,11 @@ static int qcow2_open(BlockDriverState *bs, int flags) > > goto fail; > > } > > bs->backing_file[len] = '\0'; > > + > > + if (bs->backing_file[0] != '\0'&& bdrv_is_fd_protocol(bs)) { > > + ret = -ENOTSUP; > > + goto fail; > > + } > > } > > if (qcow2_read_snapshots(bs)< 0) { > > ret = -EINVAL; > > diff --git a/block/qed.c b/block/qed.c > > index 3970379..5028897 100644 > > --- a/block/qed.c > > +++ b/block/qed.c > > @@ -446,6 +446,10 @@ static int bdrv_qed_open(BlockDriverState *bs, int flags) > > return ret; > > } > > > > + if (bs->backing_file[0] != '\0'&& bdrv_is_fd_protocol(bs)) { > > + return -ENOTSUP; > > + } > > + > > if (s->header.features& QED_F_BACKING_FORMAT_NO_PROBE) { > > pstrcpy(bs->backing_format, sizeof(bs->backing_format), "raw"); > > } > > diff --git a/block/raw-posix.c b/block/raw-posix.c > > index 4cd7d7a..c72de3d 100644 > > --- a/block/raw-posix.c > > +++ b/block/raw-posix.c > > @@ -28,6 +28,7 @@ > > #include "block_int.h" > > #include "module.h" > > #include "block/raw-posix-aio.h" > > +#include "monitor.h" > > > > #ifdef CONFIG_COCOA > > #include<paths.h> > > @@ -183,7 +184,8 @@ static int raw_open_common(BlockDriverState *bs, const char *filename, > > int bdrv_flags, int open_flags) > > { > > BDRVRawState *s = bs->opaque; > > - int fd, ret; > > + int fd = -1; > > + int ret; > > > > ret = raw_normalize_devicepath(&filename); > > if (ret != 0) { > > @@ -205,15 +207,17 @@ static int raw_open_common(BlockDriverState *bs, const char *filename, > > if (!(bdrv_flags& BDRV_O_CACHE_WB)) > > s->open_flags |= O_DSYNC; > > > > - s->fd = -1; > > - fd = qemu_open(filename, s->open_flags, 0644); > > - if (fd< 0) { > > - ret = -errno; > > - if (ret == -EROFS) > > - ret = -EACCES; > > - return ret; > > + if (s->fd == -1) { > > + fd = qemu_open(filename, s->open_flags, 0644); > > + if (fd< 0) { > > + ret = -errno; > > + if (ret == -EROFS) { > > + ret = -EACCES; > > + } > > + return ret; > > + } > > + s->fd = fd; > > } > > - s->fd = fd; > > s->aligned_buf = NULL; > > > > if ((bdrv_flags& BDRV_O_NOCACHE)) { > > @@ -270,6 +274,7 @@ static int raw_open(BlockDriverState *bs, const char *filename, int flags) > > { > > BDRVRawState *s = bs->opaque; > > > > + s->fd = -1; > > s->type = FTYPE_FILE; > > return raw_open_common(bs, filename, flags, 0); > > } > > @@ -890,6 +895,60 @@ static BlockDriver bdrv_file = { > > .create_options = raw_create_options, > > }; > > > > +static int raw_open_fd(BlockDriverState *bs, const char *filename, int flags) > > +{ > > + BDRVRawState *s = bs->opaque; > > + const char *fd_str; > > + int fd; > > + > > + /* extract the file descriptor - fail if it's not fd: */ > > + if (!strstart(filename, "fd:",&fd_str)) { > > + return -EINVAL; > > + } > > + > > + if (!qemu_isdigit(fd_str[0])) { > > + /* get fd from monitor */ > > + fd = qemu_get_fd(fd_str); > > + if (fd == -1) { > > + return -EBADF; > > + } > > + } else { > > + char *endptr = NULL; > > + > > + fd = strtol(fd_str,&endptr, 10); > > + if (*endptr || (fd == 0&& fd_str == endptr)) { > > + return -EBADF; > > + } > > + } > > + > > + s->fd = fd; > > + s->type = FTYPE_FILE; > > + > > + return raw_open_common(bs, filename, flags, 0); > > +} > > + > > +static BlockDriver bdrv_file_fd = { > > + .format_name = "file", > > + .protocol_name = "fd", > > + .instance_size = sizeof(BDRVRawState), > > + .bdrv_probe = NULL, /* no probe for protocols */ > > + .bdrv_file_open = raw_open_fd, > > + .bdrv_read = raw_read, > > + .bdrv_write = raw_write, > > + .bdrv_close = raw_close, > > + .bdrv_flush = raw_flush, > > + .bdrv_discard = raw_discard, > > + > > + .bdrv_aio_readv = raw_aio_readv, > > + .bdrv_aio_writev = raw_aio_writev, > > + .bdrv_aio_flush = raw_aio_flush, > > + > > + .bdrv_truncate = raw_truncate, > > + .bdrv_getlength = raw_getlength, > > + > > + .create_options = raw_create_options, > > +}; > > + > > /***********************************************/ > > /* host device */ > > > > @@ -998,6 +1057,7 @@ static int hdev_open(BlockDriverState *bs, const char *filename, int flags) > > } > > #endif > > > > + s->fd = -1; > > s->type = FTYPE_FILE; > > #if defined(__linux__) > > { > > @@ -1168,6 +1228,7 @@ static int floppy_open(BlockDriverState *bs, const char *filename, int flags) > > BDRVRawState *s = bs->opaque; > > int ret; > > > > + s->fd = -1; > > s->type = FTYPE_FD; > > > > /* open will not fail even if no floppy is inserted, so add O_NONBLOCK */ > > @@ -1280,6 +1341,7 @@ static int cdrom_open(BlockDriverState *bs, const char *filename, int flags) > > { > > BDRVRawState *s = bs->opaque; > > > > + s->fd = -1; > > s->type = FTYPE_CD; > > > > /* open will not fail even if no CD is inserted, so add O_NONBLOCK */ > > @@ -1503,6 +1565,7 @@ static void bdrv_file_init(void) > > * Register all the drivers. Note that order is important, the driver > > * registered last will get probed first. > > */ > > + bdrv_register(&bdrv_file_fd); > > bdrv_register(&bdrv_file); > > bdrv_register(&bdrv_host_device); > > #ifdef __linux__ > > diff --git a/block/vmdk.c b/block/vmdk.c > > index 922b23d..2ea808e 100644 > > --- a/block/vmdk.c > > +++ b/block/vmdk.c > > @@ -353,6 +353,11 @@ static int vmdk_parent_open(BlockDriverState *bs) > > return -1; > > > > pstrcpy(bs->backing_file, end_name - p_name + 1, p_name); > > + > > + if (bs->backing_file[0] != '\0'&& bdrv_is_fd_protocol(bs)) { > > + /* backing file currently not supported by fd: protocol */ > > + return -1; > > + } > > } > > > > return 0; > > diff --git a/block_int.h b/block_int.h > > index fa91337..a305ee2 100644 > > --- a/block_int.h > > +++ b/block_int.h > > @@ -152,6 +152,7 @@ struct BlockDriverState { > > int encrypted; /* if true, the media is encrypted */ > > int valid_key; /* if true, a valid encryption key has been set */ > > int sg; /* if true, the device is a /dev/sg* */ > > + int fd_protocol; /* if true, the fd: protocol was specified */ bool?

> > /* event callback when inserting/removing */ > > void (*change_cb)(void *opaque, int reason); > > void *change_opaque; > > diff --git a/blockdev.c b/blockdev.c > > index e81e0ab..a536c20 100644 > > --- a/blockdev.c > > +++ b/blockdev.c > > @@ -546,6 +546,10 @@ DriveInfo *drive_init(QemuOpts *opts, int default_to_scsi) > > > > bdrv_flags |= ro ? 0 : BDRV_O_RDWR; > > > > + if (strncmp(file, "fd:", 3) == 0) { > > + dinfo->bdrv->fd_protocol = 1; > > + } > > + > > ret = bdrv_open(dinfo->bdrv, file, bdrv_flags, drv); > > if (ret< 0) { > > error_report("could not open disk image %s: %s", > > @@ -606,6 +610,12 @@ int do_snapshot_blkdev(Monitor *mon, const QDict *qdict, QObject **ret_data) > > goto out; > > } > > > > + if (bdrv_is_fd_protocol(bs)) { > > + qerror_report(QERR_UNSUPPORTED); > > + ret = -1; > > + goto out; > > + } > > + > > pstrcpy(old_filename, sizeof(old_filename), bs->filename); > > > > old_drv = bs->drv; > > diff --git a/monitor.c b/monitor.c > > index 59a3e76..ea60be2 100644 > > --- a/monitor.c > > +++ b/monitor.c > > @@ -2832,6 +2832,11 @@ int monitor_get_fd(Monitor *mon, const char *fdname) > > return -1; > > } > > > > +int qemu_get_fd(const char *fdname) > > +{ > > + return cur_mon ? monitor_get_fd(cur_mon, fdname) : -1; > > +} > > + > > static const mon_cmd_t mon_cmds[] = { > > #include "hmp-commands.h" > > { NULL, NULL, }, > > diff --git a/monitor.h b/monitor.h > > index 4f2d328..de5b987 100644 > > --- a/monitor.h > > +++ b/monitor.h > > @@ -51,6 +51,7 @@ int monitor_read_bdrv_key_start(Monitor *mon, BlockDriverState *bs, > > void *opaque); > > > > int monitor_get_fd(Monitor *mon, const char *fdname); > > +int qemu_get_fd(const char *fdname); > > > > void monitor_vprintf(Monitor *mon, const char *fmt, va_list ap) > > GCC_FMT_ATTR(2, 0); > > diff --git a/qemu-options.hx b/qemu-options.hx > > index 1d5ad8b..f9b66f4 100644 > > --- a/qemu-options.hx > > +++ b/qemu-options.hx > > @@ -116,7 +116,7 @@ using @file{/dev/cdrom} as filename (@pxref{host_drives}). > > ETEXI > > > > DEF("drive", HAS_ARG, QEMU_OPTION_drive, > > - "-drive [file=file][,if=type][,bus=n][,unit=m][,media=d][,index=i]\n" > > + "-drive [file=[fd:]file][,if=type][,bus=n][,unit=m][,media=d][,index=i]\n" > > " [,cyls=c,heads=h,secs=s[,trans=t]][,snapshot=on|off]\n" > > " [,cache=writethrough|writeback|none|unsafe][,format=f]\n" > > " [,serial=s][,addr=A][,id=name][,aio=threads|native]\n" > > @@ -129,10 +129,12 @@ STEXI > > Define a new drive. Valid options are: > > > > @table @option > > -@item file=@var{file} > > +@item file=[fd:]@var{file} > > This option defines which disk image (@pxref{disk_images}) to use with > > this drive. If the filename contains comma, you must double it > > -(for instance, "file=my,,file" to use file "my,file"). > > +(for instance, "file=my,,file" to use file "my,file"). @option{fd:}@var{file} > > +specifies the file descriptor of an already open disk image. > > +@option{format=}@var{format} is required by @option{fd:}@var{file}. > > @item if=@var{interface} > > This option defines on which type on interface the drive is connected. > > Available types are: ide, scsi, sd, mtd, floppy, pflash, virtio. > > diff --git a/qemu-tool.c b/qemu-tool.c > > index 41e5c41..8fe6b8c 100644 > > --- a/qemu-tool.c > > +++ b/qemu-tool.c > > @@ -96,3 +96,8 @@ int64_t qemu_get_clock_ns(QEMUClock *clock) > > { > > return 0; > > } > > + > > +int qemu_get_fd(const char *fdname) > > +{ > > + return -1; > > +} > > -- > > 1.7.1 > > > > > >