From bf9aeab4f0c274e56bc7bc25ff0c27186c6befda Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 21 Jul 2020 09:44:36 +0200
Subject: [PATCH] qemuDomainAttachDeviceMknodRecursive: Isolate bind mounted
 devices condition
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When attaching a device into a domain, the corresponding /dev
node might need to be created in the domain's namespace. For some
types of files we call mknod(), for symlinks we call symlink(),
but for others - which exist in the host namespace - we need to
so called 'bind mount' them (which is a way of passing a
file/directory between mount namespaces). There is this condition
in qemuDomainAttachDeviceMknodRecursive() which decides whether a
bind mount will be used, move it into a separate function so that
it can be reused later.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
 src/qemu/qemu_namespace.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index e78760df29..7b04691148 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -1253,6 +1253,17 @@ qemuDomainAttachDeviceMknodHelper(pid_t pid G_GNUC_UNUSED,
 }
 
 
+static bool
+qemuNamespaceMknodItemNeedsBindMount(mode_t st_mode)
+{
+    /* A block device S_ISBLK() or a chardev S_ISCHR() is intentionally not
+     * handled.  We want to mknod() it instead of passing in through bind
+     * mounting. */
+    return S_ISREG(st_mode) || S_ISFIFO(st_mode) ||
+           S_ISSOCK(st_mode) || S_ISDIR(st_mode);
+}
+
+
 static int
 qemuDomainAttachDeviceMknodRecursive(virQEMUDriverPtr driver,
                                      virDomainObjPtr vm,
@@ -1266,8 +1277,7 @@ qemuDomainAttachDeviceMknodRecursive(virQEMUDriverPtr driver,
     int ret = -1;
     g_autofree char *target = NULL;
     bool isLink;
-    bool isReg;
-    bool isDir;
+    bool needsBindMount;
 
     if (!ttl) {
         virReportSystemError(ELOOP,
@@ -1289,10 +1299,9 @@ qemuDomainAttachDeviceMknodRecursive(virQEMUDriverPtr driver,
     }
 
     isLink = S_ISLNK(data.sb.st_mode);
-    isReg = S_ISREG(data.sb.st_mode) || S_ISFIFO(data.sb.st_mode) || S_ISSOCK(data.sb.st_mode);
-    isDir = S_ISDIR(data.sb.st_mode);
+    needsBindMount = qemuNamespaceMknodItemNeedsBindMount(data.sb.st_mode);
 
-    if ((isReg || isDir) && STRPREFIX(file, QEMU_DEVPREFIX)) {
+    if (needsBindMount && STRPREFIX(file, QEMU_DEVPREFIX)) {
         cfg = virQEMUDriverGetConfig(driver);
         if (!(target = qemuDomainGetPreservedMountPath(cfg, vm, file)))
             goto cleanup;
@@ -1382,7 +1391,7 @@ qemuDomainAttachDeviceMknodRecursive(virQEMUDriverPtr driver,
     freecon(data.tcon);
 # endif
     virFileFreeACLs(&data.acl);
-    if (isReg && target)
+    if (needsBindMount && target)
         umount(target);
     return ret;
 }