From nobody Sun Feb 8 13:53:30 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 149337856228750.73803454875883; Fri, 28 Apr 2017 04:22:42 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C432C63336; Fri, 28 Apr 2017 11:22:40 +0000 (UTC) Received: from colo-mx.corp.redhat.com (unknown [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A002D8BC25; Fri, 28 Apr 2017 11:22:40 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D46084E9BD; Fri, 28 Apr 2017 11:22:39 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v3SBMPUV006947 for ; Fri, 28 Apr 2017 07:22:25 -0400 Received: by smtp.corp.redhat.com (Postfix) id 3B1248FBF0; Fri, 28 Apr 2017 11:22:25 +0000 (UTC) Received: from moe.brq.redhat.com (dhcp129-131.brq.redhat.com [10.34.129.131]) by smtp.corp.redhat.com (Postfix) with ESMTP id 94BEF8EE5C; Fri, 28 Apr 2017 11:22:24 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com C432C63336 Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com C432C63336 From: Michal Privoznik To: libvir-list@redhat.com Date: Fri, 28 Apr 2017 13:22:14 +0200 Message-Id: In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Cc: cbosdonnat@suse.com Subject: [libvirt] [PATCH 5/5] qemuDomainDetachDeviceUnlink: Don't unlink files we haven't created X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 28 Apr 2017 11:22:41 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Even though there are several checks before calling this function and for some scenarios we don't call it at all (e.g. on disk hot unplug), it may be possible to sneak in some weird files (e.g. if domain would have RNG with /dev/shm/some_file as its backend). No matter how improbable, we shouldn't unlink it as we would be unlinking a file from the host which we haven't created in the first place. Signed-off-by: Michal Privoznik --- src/qemu/qemu_domain.c | 86 ++++++++++++++++++++++++++++++++++++++++++++--= ---- 1 file changed, 76 insertions(+), 10 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 60f8f01..c393d5e 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -8395,14 +8395,32 @@ qemuDomainDetachDeviceUnlinkHelper(pid_t pid ATTRIB= UTE_UNUSED, static int qemuDomainDetachDeviceUnlink(virQEMUDriverPtr driver ATTRIBUTE_UNUSED, virDomainObjPtr vm, - const char *file) + const char *file, + char * const *devMountsPath, + size_t ndevMountsPath) { - if (virProcessRunInMountNamespace(vm->pid, - qemuDomainDetachDeviceUnlinkHelper, - (void *)file) < 0) - return -1; + int ret =3D -1; + size_t i; =20 - return 0; + if (STRPREFIX(file, DEVPREFIX)) { + for (i =3D 0; i < ndevMountsPath; i++) { + if (STREQ(devMountsPath[i], "/dev")) + continue; + if (STRPREFIX(file, devMountsPath[i])) + break; + } + + if (i =3D=3D ndevMountsPath) { + if (virProcessRunInMountNamespace(vm->pid, + qemuDomainDetachDeviceUnlink= Helper, + (void *)file) < 0) + goto cleanup; + } + } + + ret =3D 0; + cleanup: + return ret; } =20 =20 @@ -8521,6 +8539,9 @@ qemuDomainNamespaceTeardownHostdev(virQEMUDriverPtr d= river, virDomainObjPtr vm, virDomainHostdevDefPtr hostdev) { + virQEMUDriverConfigPtr cfg =3D NULL; + char **devMountsPath =3D NULL; + size_t ndevMountsPath =3D 0; int ret =3D -1; char **path =3D NULL; size_t i, npaths =3D 0; @@ -8532,8 +8553,15 @@ qemuDomainNamespaceTeardownHostdev(virQEMUDriverPtr = driver, &npaths, &path, NULL) < 0) goto cleanup; =20 + cfg =3D virQEMUDriverGetConfig(driver); + if (qemuDomainGetPreservedMounts(cfg, vm, + &devMountsPath, NULL, + &ndevMountsPath) < 0) + goto cleanup; + for (i =3D 0; i < npaths; i++) { - if (qemuDomainDetachDeviceUnlink(driver, vm, path[i]) < 0) + if (qemuDomainDetachDeviceUnlink(driver, vm, path[i], + devMountsPath, ndevMountsPath) < = 0) goto cleanup; } =20 @@ -8542,6 +8570,8 @@ qemuDomainNamespaceTeardownHostdev(virQEMUDriverPtr d= river, for (i =3D 0; i < npaths; i++) VIR_FREE(path[i]); VIR_FREE(path); + virStringListFreeCount(devMountsPath, ndevMountsPath); + virObjectUnref(cfg); return ret; } =20 @@ -8584,6 +8614,9 @@ qemuDomainNamespaceTeardownMemory(virQEMUDriverPtr dr= iver, virDomainObjPtr vm, virDomainMemoryDefPtr mem) { + virQEMUDriverConfigPtr cfg =3D NULL; + char **devMountsPath =3D NULL; + size_t ndevMountsPath =3D 0; int ret =3D -1; =20 if (mem->model !=3D VIR_DOMAIN_MEMORY_MODEL_NVDIMM) @@ -8592,10 +8625,19 @@ qemuDomainNamespaceTeardownMemory(virQEMUDriverPtr = driver, if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) return 0; =20 - if (qemuDomainDetachDeviceUnlink(driver, vm, mem->nvdimmPath) < 0) + cfg =3D virQEMUDriverGetConfig(driver); + if (qemuDomainGetPreservedMounts(cfg, vm, + &devMountsPath, NULL, + &ndevMountsPath) < 0) + goto cleanup; + + if (qemuDomainDetachDeviceUnlink(driver, vm, mem->nvdimmPath, + devMountsPath, ndevMountsPath) < 0) goto cleanup; ret =3D 0; cleanup: + virStringListFreeCount(devMountsPath, ndevMountsPath); + virObjectUnref(cfg); return ret; } =20 @@ -8643,6 +8685,9 @@ qemuDomainNamespaceTeardownChardev(virQEMUDriverPtr d= river, virDomainObjPtr vm, virDomainChrDefPtr chr) { + virQEMUDriverConfigPtr cfg =3D NULL; + char **devMountsPath =3D NULL; + size_t ndevMountsPath =3D 0; int ret =3D -1; const char *path =3D NULL; =20 @@ -8654,11 +8699,20 @@ qemuDomainNamespaceTeardownChardev(virQEMUDriverPtr= driver, =20 path =3D chr->source->data.file.path; =20 - if (qemuDomainDetachDeviceUnlink(driver, vm, path) < 0) + cfg =3D virQEMUDriverGetConfig(driver); + if (qemuDomainGetPreservedMounts(cfg, vm, + &devMountsPath, NULL, + &ndevMountsPath) < 0) + goto cleanup; + + if (qemuDomainDetachDeviceUnlink(driver, vm, path, + devMountsPath, ndevMountsPath) < 0) goto cleanup; =20 ret =3D 0; cleanup: + virStringListFreeCount(devMountsPath, ndevMountsPath); + virObjectUnref(cfg); return ret; } =20 @@ -8712,6 +8766,9 @@ qemuDomainNamespaceTeardownRNG(virQEMUDriverPtr drive= r, virDomainObjPtr vm, virDomainRNGDefPtr rng) { + virQEMUDriverConfigPtr cfg =3D NULL; + char **devMountsPath =3D NULL; + size_t ndevMountsPath =3D 0; int ret =3D -1; const char *path =3D NULL; =20 @@ -8729,11 +8786,20 @@ qemuDomainNamespaceTeardownRNG(virQEMUDriverPtr dri= ver, goto cleanup; } =20 - if (qemuDomainDetachDeviceUnlink(driver, vm, path) < 0) + cfg =3D virQEMUDriverGetConfig(driver); + if (qemuDomainGetPreservedMounts(cfg, vm, + &devMountsPath, NULL, + &ndevMountsPath) < 0) + goto cleanup; + + if (qemuDomainDetachDeviceUnlink(driver, vm, path, + devMountsPath, ndevMountsPath) < 0) goto cleanup; =20 ret =3D 0; cleanup: + virStringListFreeCount(devMountsPath, ndevMountsPath); + virObjectUnref(cfg); return ret; } =20 --=20 2.10.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list