virtio-9p: Make infrastructure for the new security model.

This patch adds required infrastructure for the new security model.

- A new configure option for attr/xattr.
- if CONFIG_VIRTFS will be defined if both CONFIG_LINUX and CONFIG_ATTR defined.
- Defines routines related to both security models.

Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
diff --git a/hw/file-op-9p.h b/hw/file-op-9p.h
index f84767f..307bd1e 100644
--- a/hw/file-op-9p.h
+++ b/hw/file-op-9p.h
@@ -18,13 +18,33 @@
 #include <utime.h>
 #include <sys/stat.h>
 #include <sys/uio.h>
+#include <sys/vfs.h>
+#define SM_LOCAL_MODE_BITS    0600
+#define SM_LOCAL_DIR_MODE_BITS    0700
+
+typedef enum
+{
+    SM_PASSTHROUGH = 1, /* uid/gid set on fileserver files */
+    SM_MAPPED,  /* uid/gid part of xattr */
+} SecModel;
+
+typedef struct FsCred
+{
+    uid_t   fc_uid;
+    gid_t   fc_gid;
+    mode_t  fc_mode;
+    dev_t   fc_rdev;
+} FsCred;
 
 typedef struct FsContext
 {
     char *fs_root;
+    SecModel fs_sm;
     uid_t uid;
 } FsContext;
 
+extern void cred_init(FsCred *);
+
 typedef struct FileOperations
 {
     int (*lstat)(FsContext *, const char *, struct stat *);
diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c
index 1afb731..056b4ba 100644
--- a/hw/virtio-9p-local.c
+++ b/hw/virtio-9p-local.c
@@ -17,6 +17,7 @@
 #include <grp.h>
 #include <sys/socket.h>
 #include <sys/un.h>
+#include <attr/xattr.h>
 
 static const char *rpath(FsContext *ctx, const char *path)
 {
@@ -31,45 +32,37 @@
     return lstat(rpath(ctx, path), stbuf);
 }
 
-static int local_setuid(FsContext *ctx, uid_t uid)
+static int local_set_xattr(const char *path, FsCred *credp)
 {
-    struct passwd *pw;
-    gid_t groups[33];
-    int ngroups;
-    static uid_t cur_uid = -1;
-
-    if (cur_uid == uid) {
-        return 0;
+    int err;
+    if (credp->fc_uid != -1) {
+        err = setxattr(path, "user.virtfs.uid", &credp->fc_uid, sizeof(uid_t),
+                0);
+        if (err) {
+            return err;
+        }
     }
-
-    if (setreuid(0, 0)) {
-        return -1;
+    if (credp->fc_gid != -1) {
+        err = setxattr(path, "user.virtfs.gid", &credp->fc_gid, sizeof(gid_t),
+                0);
+        if (err) {
+            return err;
+        }
     }
-
-    pw = getpwuid(uid);
-    if (pw == NULL) {
-        return -1;
+    if (credp->fc_mode != -1) {
+        err = setxattr(path, "user.virtfs.mode", &credp->fc_mode,
+                sizeof(mode_t), 0);
+        if (err) {
+            return err;
+        }
     }
-
-    ngroups = 33;
-    if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups) == -1) {
-        return -1;
+    if (credp->fc_rdev != -1) {
+        err = setxattr(path, "user.virtfs.rdev", &credp->fc_rdev,
+                sizeof(dev_t), 0);
+        if (err) {
+            return err;
+        }
     }
-
-    if (setgroups(ngroups, groups)) {
-        return -1;
-    }
-
-    if (setregid(-1, pw->pw_gid)) {
-        return -1;
-    }
-
-    if (setreuid(-1, uid)) {
-        return -1;
-    }
-
-    cur_uid = uid;
-
     return 0;
 }
 
@@ -183,6 +176,7 @@
     return open(rpath(ctx, path), flags, mode);
 }
 
+
 static int local_symlink(FsContext *ctx, const char *oldpath,
                             const char *newpath)
 {
@@ -259,12 +253,13 @@
 
 static int local_fsync(FsContext *ctx, int fd)
 {
+    if (0) /* Just to supress the warning. Will be removed in next patch. */
+        (void)local_set_xattr(NULL, NULL);
     return fsync(fd);
 }
 
 FileOperations local_ops = {
     .lstat = local_lstat,
-    .setuid = local_setuid,
     .readlink = local_readlink,
     .close = local_close,
     .closedir = local_closedir,
diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
index 2530488..a7ba4b6 100644
--- a/hw/virtio-9p.c
+++ b/hw/virtio-9p.c
@@ -67,16 +67,19 @@
     return ret;
 }
 
+void cred_init(FsCred *credp)
+{
+    credp->fc_uid = -1;
+    credp->fc_gid = -1;
+    credp->fc_mode = -1;
+    credp->fc_rdev = -1;
+}
+
 static int v9fs_do_lstat(V9fsState *s, V9fsString *path, struct stat *stbuf)
 {
     return s->ops->lstat(&s->ctx, path->data, stbuf);
 }
 
-static int v9fs_do_setuid(V9fsState *s, uid_t uid)
-{
-    return s->ops->setuid(&s->ctx, uid);
-}
-
 static ssize_t v9fs_do_readlink(V9fsState *s, V9fsString *path, V9fsString *buf)
 {
     ssize_t len;
@@ -348,7 +351,6 @@
 
     for (f = s->fid_list; f; f = f->next) {
         if (f->fid == fid) {
-            v9fs_do_setuid(s, f->uid);
             return f;
         }
     }
@@ -2253,8 +2255,15 @@
         exit(1);
     }
 
-    if (!strcmp(fse->security_model, "passthrough") &&
-                !strcmp(fse->security_model, "mapped")) {
+    if (!strcmp(fse->security_model, "passthrough")) {
+        /* Files on the Fileserver set to client user credentials */
+        s->ctx.fs_sm = SM_PASSTHROUGH;
+    } else if (!strcmp(fse->security_model, "mapped")) {
+        /* Files on the fileserver are set to QEMU credentials.
+         * Client user credentials are saved in extended attributes.
+         */
+        s->ctx.fs_sm = SM_MAPPED;
+    } else {
         /* user haven't specified a correct security option */
         fprintf(stderr, "one of the following must be specified as the"
                 "security option:\n\t security_model=passthrough \n\t "
diff --git a/hw/virtio-pci.c b/hw/virtio-pci.c
index e101fa0..9accb77 100644
--- a/hw/virtio-pci.c
+++ b/hw/virtio-pci.c
@@ -641,7 +641,7 @@
     return 0;
 }
 
-#ifdef CONFIG_LINUX
+#ifdef CONFIG_VIRTFS
 static int virtio_9p_init_pci(PCIDevice *pci_dev)
 {
     VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
@@ -712,7 +712,7 @@
         },
         .qdev.reset = virtio_pci_reset,
     },{
-#ifdef CONFIG_LINUX
+#ifdef CONFIG_VIRTFS
         .qdev.name = "virtio-9p-pci",
         .qdev.size = sizeof(VirtIOPCIProxy),
         .init      = virtio_9p_init_pci,