From: Dominik Csapak <d.csapak@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup] tape/drive/linux_tape: fix and refactor usage of sg-tape-cmd
Date: Thu, 28 Jan 2021 15:11:20 +0100 [thread overview]
Message-ID: <20210128141120.6955-1-d.csapak@proxmox.com> (raw)
when executing this code as non-root, we use sg-tape-cmd (a setuid binary)
to execute various ioctls on the tape device
we give the command the open tape device fd as stdin, but did not
dup it, so the std::process:Stdio handle closed it on drop,
which let subsequent operation on that file fail (since it was closed)
fix it by dup'ing it before giving it to the command, and also refactor
the calling code, so that we do not forget to do this
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
src/tape/drive/linux_tape.rs | 52 ++++++++++++++++--------------------
1 file changed, 23 insertions(+), 29 deletions(-)
diff --git a/src/tape/drive/linux_tape.rs b/src/tape/drive/linux_tape.rs
index a41b3183..e3c4918c 100644
--- a/src/tape/drive/linux_tape.rs
+++ b/src/tape/drive/linux_tape.rs
@@ -2,7 +2,7 @@
use std::fs::{OpenOptions, File};
use std::os::unix::fs::OpenOptionsExt;
-use std::os::unix::io::{AsRawFd, FromRawFd};
+use std::os::unix::io::{AsRawFd, FromRawFd, RawFd};
use std::convert::TryFrom;
use anyhow::{bail, format_err, Error};
@@ -51,6 +51,17 @@ use crate::{
}
};
+fn run_sg_tape_cmd(subcmd: &str, args: &[&str], fd: RawFd) -> Result<String, Error> {
+ let mut command = std::process::Command::new(
+ "/usr/lib/x86_64-linux-gnu/proxmox-backup/sg-tape-cmd");
+ command.args(&[subcmd]);
+ command.args(&["--stdin"]);
+ command.args(args);
+ let device_fd = nix::unistd::dup(fd)?;
+ command.stdin(unsafe { std::process::Stdio::from_raw_fd(device_fd)});
+ run_command(command, None)
+}
+
/// Linux tape drive status
#[derive(Debug)]
pub struct LinuxDriveStatus {
@@ -351,12 +362,7 @@ impl LinuxTapeHandle {
return read_mam_attributes(&mut self.file);
}
- let mut command = std::process::Command::new(
- "/usr/lib/x86_64-linux-gnu/proxmox-backup/sg-tape-cmd");
- command.args(&["cartridge-memory"]);
- command.args(&["--stdin"]);
- command.stdin(unsafe { std::process::Stdio::from_raw_fd(self.file.as_raw_fd())});
- let output = run_command(command, None)?;
+ let output = run_sg_tape_cmd("cartridge-memory", &[], self.file.as_raw_fd())?;
let result: Result<Vec<MamAttribute>, String> = serde_json::from_str(&output)?;
result.map_err(|err| format_err!("{}", err))
}
@@ -371,12 +377,7 @@ impl LinuxTapeHandle {
return read_volume_statistics(&mut self.file);
}
- let mut command = std::process::Command::new(
- "/usr/lib/x86_64-linux-gnu/proxmox-backup/sg-tape-cmd");
- command.args(&["volume-statistics"]);
- command.args(&["--stdin"]);
- command.stdin(unsafe { std::process::Stdio::from_raw_fd(self.file.as_raw_fd())});
- let output = run_command(command, None)?;
+ let output = run_sg_tape_cmd("volume-statistics", &[], self.file.as_raw_fd())?;
let result: Result<Lp17VolumeStatistics, String> = serde_json::from_str(&output)?;
result.map_err(|err| format_err!("{}", err))
}
@@ -533,12 +534,7 @@ impl TapeDriver for LinuxTapeHandle {
return read_tape_alert_flags(&mut self.file);
}
- let mut command = std::process::Command::new(
- "/usr/lib/x86_64-linux-gnu/proxmox-backup/sg-tape-cmd");
- command.args(&["tape-alert-flags"]);
- command.args(&["--stdin"]);
- command.stdin(unsafe { std::process::Stdio::from_raw_fd(self.file.as_raw_fd())});
- let output = run_command(command, None)?;
+ let output = run_sg_tape_cmd("tape-alert-flags", &[], self.file.as_raw_fd())?;
let result: Result<u64, String> = serde_json::from_str(&output)?;
result
.map_err(|err| format_err!("{}", err))
@@ -585,17 +581,15 @@ impl TapeDriver for LinuxTapeHandle {
}
}
- let mut command = std::process::Command::new(
- "/usr/lib/x86_64-linux-gnu/proxmox-backup/sg-tape-cmd");
- command.args(&["encryption"]);
- if let Some((fingerprint, uuid)) = key_fingerprint {
+ let output = if let Some((fingerprint, uuid)) = key_fingerprint {
let fingerprint = crate::tools::format::as_fingerprint(fingerprint.bytes());
- command.args(&["--fingerprint", &fingerprint]);
- command.args(&["--uuid", &uuid.to_string()]);
- }
- command.args(&["--stdin"]);
- command.stdin(unsafe { std::process::Stdio::from_raw_fd(self.file.as_raw_fd())});
- let output = run_command(command, None)?;
+ run_sg_tape_cmd("encryption", &[
+ "--fingerprint", &fingerprint,
+ "--uuid", &uuid.to_string(),
+ ], self.file.as_raw_fd())?
+ } else {
+ run_sg_tape_cmd("encryption", &[], self.file.as_raw_fd())?
+ };
let result: Result<(), String> = serde_json::from_str(&output)?;
result.map_err(|err| format_err!("{}", err))
}
--
2.20.1
reply other threads:[~2021-01-28 14:11 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210128141120.6955-1-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox