From nobody Thu May 2 10:08:04 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1498743948738304.3960251824466; Thu, 29 Jun 2017 06:45:48 -0700 (PDT) Received: from localhost ([::1]:39465 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQZlT-0004M3-CG for importer@patchew.org; Thu, 29 Jun 2017 09:45:47 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54939) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQZjy-00037p-QY for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:20 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dQZjt-0002rG-Uq for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:14 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:34709 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dQZjt-0002r2-Mm for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:09 -0400 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v5TDcu0S008721 for ; Thu, 29 Jun 2017 09:44:08 -0400 Received: from e06smtp11.uk.ibm.com (e06smtp11.uk.ibm.com [195.75.94.107]) by mx0b-001b2d01.pphosted.com with ESMTP id 2bcsuw5p5s-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 29 Jun 2017 09:44:08 -0400 Received: from localhost by e06smtp11.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 29 Jun 2017 14:44:05 +0100 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp11.uk.ibm.com (192.168.101.141) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 29 Jun 2017 14:44:03 +0100 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v5TDi3Av17367392; Thu, 29 Jun 2017 13:44:03 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DAB014C050; Thu, 29 Jun 2017 14:41:58 +0100 (BST) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C8D884C04A; Thu, 29 Jun 2017 14:41:58 +0100 (BST) Received: from smtp.lab.toulouse-stg.fr.ibm.com (unknown [9.101.4.1]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 29 Jun 2017 14:41:58 +0100 (BST) Received: from bahia.lan (icon-9-164-130-68.megacenter.de.ibm.com [9.164.130.68]) by smtp.lab.toulouse-stg.fr.ibm.com (Postfix) with ESMTP id AD35F220144; Thu, 29 Jun 2017 15:44:02 +0200 (CEST) From: Greg Kurz To: qemu-devel@nongnu.org Date: Thu, 29 Jun 2017 15:43:44 +0200 X-Mailer: git-send-email 2.7.5 In-Reply-To: <1498743831-28676-1-git-send-email-groug@kaod.org> References: <1498743831-28676-1-git-send-email-groug@kaod.org> X-TM-AS-GCONF: 00 x-cbid: 17062913-0040-0000-0000-000003D764A8 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17062913-0041-0000-0000-000020716500 Message-Id: <1498743831-28676-2-git-send-email-groug@kaod.org> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-06-29_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=4 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1706290224 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.158.5 Subject: [Qemu-devel] [PULL 1/8] 9pfs: local: remove: use correct path component X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Greg Kurz , Bruce Rogers Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Bruce Rogers Commit a0e640a8 introduced a path processing error. Pass fstatat the dirpath based path component instead of the entire path. Signed-off-by: Bruce Rogers Signed-off-by: Greg Kurz --- hw/9pfs/9p-local.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 1e78b7c9e961..83952eff0a11 100644 --- a/hw/9pfs/9p-local.c +++ b/hw/9pfs/9p-local.c @@ -1100,7 +1100,7 @@ static int local_remove(FsContext *ctx, const char *p= ath) goto out; } =20 - if (fstatat(dirfd, path, &stbuf, AT_SYMLINK_NOFOLLOW) < 0) { + if (fstatat(dirfd, name, &stbuf, AT_SYMLINK_NOFOLLOW) < 0) { goto err_out; } =20 --=20 2.7.5 From nobody Thu May 2 10:08:04 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1498744343463246.90915281751097; Thu, 29 Jun 2017 06:52:23 -0700 (PDT) Received: from localhost ([::1]:39498 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQZrn-0002El-1m for importer@patchew.org; Thu, 29 Jun 2017 09:52:19 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54945) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQZk1-0003As-W4 for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:22 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dQZjx-0002s9-1v for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:18 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:55155) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dQZjw-0002rv-Nm for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:12 -0400 Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v5TDcoPk054979 for ; Thu, 29 Jun 2017 09:44:11 -0400 Received: from e06smtp10.uk.ibm.com (e06smtp10.uk.ibm.com [195.75.94.106]) by mx0a-001b2d01.pphosted.com with ESMTP id 2bd1dt3t25-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 29 Jun 2017 09:44:11 -0400 Received: from localhost by e06smtp10.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 29 Jun 2017 14:44:07 +0100 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp10.uk.ibm.com (192.168.101.140) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 29 Jun 2017 14:44:06 +0100 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v5TDi6Ga4915602; Thu, 29 Jun 2017 13:44:06 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 79E60AE058; Thu, 29 Jun 2017 14:41:04 +0100 (BST) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5D502AE055; Thu, 29 Jun 2017 14:41:04 +0100 (BST) Received: from smtp.lab.toulouse-stg.fr.ibm.com (unknown [9.101.4.1]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 29 Jun 2017 14:41:04 +0100 (BST) Received: from bahia.lan (icon-9-164-130-68.megacenter.de.ibm.com [9.164.130.68]) by smtp.lab.toulouse-stg.fr.ibm.com (Postfix) with ESMTP id 108DB220144; Thu, 29 Jun 2017 15:44:04 +0200 (CEST) From: Greg Kurz To: qemu-devel@nongnu.org Date: Thu, 29 Jun 2017 15:43:45 +0200 X-Mailer: git-send-email 2.7.5 In-Reply-To: <1498743831-28676-1-git-send-email-groug@kaod.org> References: <1498743831-28676-1-git-send-email-groug@kaod.org> X-TM-AS-GCONF: 00 x-cbid: 17062913-0040-0000-0000-000003B76432 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17062913-0041-0000-0000-000025B163F6 Message-Id: <1498743831-28676-3-git-send-email-groug@kaod.org> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-06-29_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=4 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1706290224 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.156.1 Subject: [Qemu-devel] [PULL 2/8] 9pfs: local: Add support for custom fmode/dmode in 9ps mapped security modes X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Tobias Schramm , Greg Kurz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Tobias Schramm In mapped security modes, files are created with very restrictive permissions (600 for files and 700 for directories). This makes file sharing between virtual machines and users on the host rather complicated. Imagine eg. a group of users that need to access data produced by processes on a virtual machine. Giving those users access to the data will be difficult since the group access mode is always 0. This patch makes the default mode for both files and directories configurable. Existing setups that don't know about the new parameters keep using the current secure behavior. Signed-off-by: Tobias Schramm Signed-off-by: Greg Kurz --- fsdev/file-op-9p.h | 4 ++++ fsdev/qemu-fsdev-opts.c | 12 ++++++++++++ hw/9pfs/9p-local.c | 25 +++++++++++++++++++++---- hw/9pfs/9p.c | 3 +++ qemu-options.hx | 20 ++++++++++++++++---- 5 files changed, 56 insertions(+), 8 deletions(-) diff --git a/fsdev/file-op-9p.h b/fsdev/file-op-9p.h index 0844a403dcd4..474c79d003f6 100644 --- a/fsdev/file-op-9p.h +++ b/fsdev/file-op-9p.h @@ -76,6 +76,8 @@ typedef struct FsDriverEntry { int export_flags; FileOperations *ops; FsThrottle fst; + mode_t fmode; + mode_t dmode; } FsDriverEntry; =20 typedef struct FsContext @@ -88,6 +90,8 @@ typedef struct FsContext FsThrottle *fst; /* fs driver specific data */ void *private; + mode_t fmode; + mode_t dmode; } FsContext; =20 typedef struct V9fsPath { diff --git a/fsdev/qemu-fsdev-opts.c b/fsdev/qemu-fsdev-opts.c index bf5713008a1b..7c31ffffafb5 100644 --- a/fsdev/qemu-fsdev-opts.c +++ b/fsdev/qemu-fsdev-opts.c @@ -38,6 +38,12 @@ static QemuOptsList qemu_fsdev_opts =3D { }, { .name =3D "sock_fd", .type =3D QEMU_OPT_NUMBER, + }, { + .name =3D "fmode", + .type =3D QEMU_OPT_NUMBER, + }, { + .name =3D "dmode", + .type =3D QEMU_OPT_NUMBER, }, =20 THROTTLE_OPTS, @@ -75,6 +81,12 @@ static QemuOptsList qemu_virtfs_opts =3D { }, { .name =3D "sock_fd", .type =3D QEMU_OPT_NUMBER, + }, { + .name =3D "fmode", + .type =3D QEMU_OPT_NUMBER, + }, { + .name =3D "dmode", + .type =3D QEMU_OPT_NUMBER, }, =20 { /*End of list */ } diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 83952eff0a11..6e478f4765ef 100644 --- a/hw/9pfs/9p-local.c +++ b/hw/9pfs/9p-local.c @@ -633,7 +633,7 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir= _path, =20 if (fs_ctx->export_flags & V9FS_SM_MAPPED || fs_ctx->export_flags & V9FS_SM_MAPPED_FILE) { - err =3D mknodat(dirfd, name, SM_LOCAL_MODE_BITS | S_IFREG, 0); + err =3D mknodat(dirfd, name, fs_ctx->fmode | S_IFREG, 0); if (err =3D=3D -1) { goto out; } @@ -685,7 +685,7 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir= _path, =20 if (fs_ctx->export_flags & V9FS_SM_MAPPED || fs_ctx->export_flags & V9FS_SM_MAPPED_FILE) { - err =3D mkdirat(dirfd, name, SM_LOCAL_DIR_MODE_BITS); + err =3D mkdirat(dirfd, name, fs_ctx->dmode); if (err =3D=3D -1) { goto out; } @@ -786,7 +786,7 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir= _path, const char *name, /* Determine the security model */ if (fs_ctx->export_flags & V9FS_SM_MAPPED || fs_ctx->export_flags & V9FS_SM_MAPPED_FILE) { - fd =3D openat_file(dirfd, name, flags, SM_LOCAL_MODE_BITS); + fd =3D openat_file(dirfd, name, flags, fs_ctx->fmode); if (fd =3D=3D -1) { goto out; } @@ -849,7 +849,7 @@ static int local_symlink(FsContext *fs_ctx, const char = *oldpath, ssize_t oldpath_size, write_size; =20 fd =3D openat_file(dirfd, name, O_CREAT | O_EXCL | O_RDWR, - SM_LOCAL_MODE_BITS); + fs_ctx->fmode); if (fd =3D=3D -1) { goto out; } @@ -1467,6 +1467,23 @@ static int local_parse_opts(QemuOpts *opts, struct F= sDriverEntry *fse) return -1; } =20 + if (fse->export_flags & V9FS_SM_MAPPED || + fse->export_flags & V9FS_SM_MAPPED_FILE) { + fse->fmode =3D + qemu_opt_get_number(opts, "fmode", SM_LOCAL_MODE_BITS) & 0777; + fse->dmode =3D + qemu_opt_get_number(opts, "dmode", SM_LOCAL_DIR_MODE_BITS) & 0= 777; + } else { + if (qemu_opt_find(opts, "fmode")) { + error_report("fmode is only valid for mapped 9p modes"); + return -1; + } + if (qemu_opt_find(opts, "dmode")) { + error_report("dmode is only valid for mapped 9p modes"); + return -1; + } + } + fse->path =3D g_strdup(path); =20 return 0; diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index 96d268334865..a0ae98f7ca6f 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -3533,6 +3533,9 @@ int v9fs_device_realize_common(V9fsState *s, Error **= errp) =20 s->ops =3D fse->ops; =20 + s->ctx.fmode =3D fse->fmode; + s->ctx.dmode =3D fse->dmode; + s->fid_list =3D NULL; qemu_co_rwlock_init(&s->rename_lock); =20 diff --git a/qemu-options.hx b/qemu-options.hx index 896ff177c311..297bd8aca430 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -1010,7 +1010,7 @@ ETEXI =20 DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev, "-fsdev fsdriver,id=3Did[,path=3Dpath,][security_model=3D{mapped-xattr= |mapped-file|passthrough|none}]\n" - " [,writeout=3Dimmediate][,readonly][,socket=3Dsocket|sock_fd=3Dsock_f= d]\n" + " [,writeout=3Dimmediate][,readonly][,socket=3Dsocket|sock_fd=3Dsock_f= d][,fmode=3Dfmode][,dmode=3Ddmode]\n" " [[,throttling.bps-total=3Db]|[[,throttling.bps-read=3Dr][,throttling= .bps-write=3Dw]]]\n" " [[,throttling.iops-total=3Di]|[[,throttling.iops-read=3Dr][,throttli= ng.iops-write=3Dw]]]\n" " [[,throttling.bps-total-max=3Dbm]|[[,throttling.bps-read-max=3Drm][,= throttling.bps-write-max=3Dwm]]]\n" @@ -1020,7 +1020,7 @@ DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev, =20 STEXI =20 -@item -fsdev @var{fsdriver},id=3D@var{id},path=3D@var{path},[security_mode= l=3D@var{security_model}][,writeout=3D@var{writeout}][,readonly][,socket=3D= @var{socket}|sock_fd=3D@var{sock_fd}] +@item -fsdev @var{fsdriver},id=3D@var{id},path=3D@var{path},[security_mode= l=3D@var{security_model}][,writeout=3D@var{writeout}][,readonly][,socket=3D= @var{socket}|sock_fd=3D@var{sock_fd}][,fmode=3D@var{fmode}][,dmode=3D@var{d= mode}] @findex -fsdev Define a new file system device. Valid options are: @table @option @@ -1061,6 +1061,12 @@ with virtfs-proxy-helper Enables proxy filesystem driver to use passed socket descriptor for communicating with virtfs-proxy-helper. Usually a helper like libvirt will create socketpair and pass one of the fds as sock_fd +@item fmode=3D@var{fmode} +Specifies the default mode for newly created files on the host. Works only +with security models "mapped-xattr" and "mapped-file". +@item dmode=3D@var{dmode} +Specifies the default mode for newly created directories on the host. Works +only with security models "mapped-xattr" and "mapped-file". @end table =20 -fsdev option is used along with -device driver "virtio-9p-pci". @@ -1077,12 +1083,12 @@ ETEXI =20 DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs, "-virtfs local,path=3Dpath,mount_tag=3Dtag,security_model=3D[mapped-xa= ttr|mapped-file|passthrough|none]\n" - " [,id=3Did][,writeout=3Dimmediate][,readonly][,socket=3Dsocket= |sock_fd=3Dsock_fd]\n", + " [,id=3Did][,writeout=3Dimmediate][,readonly][,socket=3Dsocket= |sock_fd=3Dsock_fd][,fmode=3Dfmode][,dmode=3Ddmode]\n", QEMU_ARCH_ALL) =20 STEXI =20 -@item -virtfs @var{fsdriver}[,path=3D@var{path}],mount_tag=3D@var{mount_ta= g}[,security_model=3D@var{security_model}][,writeout=3D@var{writeout}][,rea= donly][,socket=3D@var{socket}|sock_fd=3D@var{sock_fd}] +@item -virtfs @var{fsdriver}[,path=3D@var{path}],mount_tag=3D@var{mount_ta= g}[,security_model=3D@var{security_model}][,writeout=3D@var{writeout}][,rea= donly][,socket=3D@var{socket}|sock_fd=3D@var{sock_fd}][,fmode=3D@var{fmode}= ][,dmode=3D@var{dmode}] @findex -virtfs =20 The general form of a Virtual File system pass-through options are: @@ -1124,6 +1130,12 @@ will create socketpair and pass one of the fds as so= ck_fd @item sock_fd Enables proxy filesystem driver to use passed 'sock_fd' as the socket descriptor for interfacing with virtfs-proxy-helper +@item fmode=3D@var{fmode} +Specifies the default mode for newly created files on the host. Works only +with security models "mapped-xattr" and "mapped-file". +@item dmode=3D@var{dmode} +Specifies the default mode for newly created directories on the host. Works +only with security models "mapped-xattr" and "mapped-file". @end table ETEXI =20 --=20 2.7.5 From nobody Thu May 2 10:08:04 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1498744474431961.0896976232509; Thu, 29 Jun 2017 06:54:34 -0700 (PDT) Received: from localhost ([::1]:39506 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQZtv-0004Gc-OL for importer@patchew.org; Thu, 29 Jun 2017 09:54:31 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54968) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQZk7-0003Eb-1M for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:27 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dQZk2-0002tF-Fi for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:23 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:41442 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dQZk2-0002sz-9O for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:18 -0400 Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v5TDcr2x124544 for ; Thu, 29 Jun 2017 09:44:17 -0400 Received: from e06smtp11.uk.ibm.com (e06smtp11.uk.ibm.com [195.75.94.107]) by mx0b-001b2d01.pphosted.com with ESMTP id 2bcyr8867s-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 29 Jun 2017 09:44:16 -0400 Received: from localhost by e06smtp11.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 29 Jun 2017 14:44:14 +0100 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp11.uk.ibm.com (192.168.101.141) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 29 Jun 2017 14:44:10 +0100 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v5TDiAbB15925630; Thu, 29 Jun 2017 13:44:10 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C368811C050; Thu, 29 Jun 2017 14:41:54 +0100 (BST) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B15B811C04C; Thu, 29 Jun 2017 14:41:54 +0100 (BST) Received: from smtp.lab.toulouse-stg.fr.ibm.com (unknown [9.101.4.1]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 29 Jun 2017 14:41:54 +0100 (BST) Received: from bahia.lan (icon-9-164-130-68.megacenter.de.ibm.com [9.164.130.68]) by smtp.lab.toulouse-stg.fr.ibm.com (Postfix) with ESMTP id A2E6B220144; Thu, 29 Jun 2017 15:44:09 +0200 (CEST) From: Greg Kurz To: qemu-devel@nongnu.org Date: Thu, 29 Jun 2017 15:43:46 +0200 X-Mailer: git-send-email 2.7.5 In-Reply-To: <1498743831-28676-1-git-send-email-groug@kaod.org> References: <1498743831-28676-1-git-send-email-groug@kaod.org> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 17062913-0040-0000-0000-000003D764B8 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17062913-0041-0000-0000-00002071650E Message-Id: <1498743831-28676-4-git-send-email-groug@kaod.org> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-06-29_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=4 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1706290224 Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by mx0b-001b2d01.pphosted.com id v5TDcr2x124544 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.158.5 Subject: [Qemu-devel] [PULL 3/8] 9pfs: replace g_malloc()+memcpy() with g_memdup() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Greg Kurz , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Marc-Andr=C3=A9 Lureau I found these pattern via grepping the source tree. I don't have a coccinelle script for it! Signed-off-by: Marc-Andr=C3=A9 Lureau --- hw/9pfs/9p-synth.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hw/9pfs/9p-synth.c b/hw/9pfs/9p-synth.c index 4b6d4e6a3f1c..df0a8de08aed 100644 --- a/hw/9pfs/9p-synth.c +++ b/hw/9pfs/9p-synth.c @@ -494,8 +494,7 @@ static int synth_name_to_path(FsContext *ctx, V9fsPath = *dir_path, } out: /* Copy the node pointer to fid */ - target->data =3D g_malloc(sizeof(void *)); - memcpy(target->data, &node, sizeof(void *)); + target->data =3D g_memdup(&node, sizeof(void *)); target->size =3D sizeof(void *); return 0; } --=20 2.7.5 From nobody Thu May 2 10:08:04 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1498744113529333.80752909687703; Thu, 29 Jun 2017 06:48:33 -0700 (PDT) Received: from localhost ([::1]:39475 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQZo3-0006u4-60 for importer@patchew.org; Thu, 29 Jun 2017 09:48:27 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54974) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQZk9-0003GS-0I for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:25 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dQZk4-0002td-20 for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:25 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:35754 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dQZk3-0002tT-Rz for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:19 -0400 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v5TDctZh143238 for ; Thu, 29 Jun 2017 09:44:19 -0400 Received: from e06smtp12.uk.ibm.com (e06smtp12.uk.ibm.com [195.75.94.108]) by mx0a-001b2d01.pphosted.com with ESMTP id 2bcx8h3srh-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 29 Jun 2017 09:44:19 -0400 Received: from localhost by e06smtp12.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 29 Jun 2017 14:44:17 +0100 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp12.uk.ibm.com (192.168.101.142) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 29 Jun 2017 14:44:15 +0100 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v5TDiFm939321696; Thu, 29 Jun 2017 13:44:15 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0AFB0A404D; Thu, 29 Jun 2017 14:41:49 +0100 (BST) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id ED510A4051; Thu, 29 Jun 2017 14:41:48 +0100 (BST) Received: from smtp.lab.toulouse-stg.fr.ibm.com (unknown [9.101.4.1]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 29 Jun 2017 14:41:48 +0100 (BST) Received: from bahia.lan (icon-9-164-130-68.megacenter.de.ibm.com [9.164.130.68]) by smtp.lab.toulouse-stg.fr.ibm.com (Postfix) with ESMTP id 7A1F1220144; Thu, 29 Jun 2017 15:44:14 +0200 (CEST) From: Greg Kurz To: qemu-devel@nongnu.org Date: Thu, 29 Jun 2017 15:43:47 +0200 X-Mailer: git-send-email 2.7.5 In-Reply-To: <1498743831-28676-1-git-send-email-groug@kaod.org> References: <1498743831-28676-1-git-send-email-groug@kaod.org> X-TM-AS-GCONF: 00 x-cbid: 17062913-0008-0000-0000-0000047464ED X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17062913-0009-0000-0000-00001DFE64F7 Message-Id: <1498743831-28676-5-git-send-email-groug@kaod.org> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-06-29_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=13 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1706290224 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.158.5 Subject: [Qemu-devel] [PULL 4/8] virtio-9p: record element after sanity checks X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Greg Kurz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" If the guest sends a malformed request, we end up with a dangling pointer in V9fsVirtioState. This doesn't seem to cause any bug, but let's remove this side effect anyway. Signed-off-by: Greg Kurz Reviewed-by: Michael S. Tsirkin --- hw/9pfs/virtio-9p-device.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c index 245abd8aaef1..3380bfc0c551 100644 --- a/hw/9pfs/virtio-9p-device.c +++ b/hw/9pfs/virtio-9p-device.c @@ -61,7 +61,6 @@ static void handle_9p_output(VirtIODevice *vdev, VirtQueu= e *vq) } QEMU_BUILD_BUG_ON(sizeof(out) !=3D 7); =20 - v->elems[pdu->idx] =3D elem; len =3D iov_to_buf(elem->out_sg, elem->out_num, 0, &out, sizeof(out)); if (len !=3D sizeof(out)) { @@ -70,6 +69,8 @@ static void handle_9p_output(VirtIODevice *vdev, VirtQueu= e *vq) goto out_free_req; } =20 + v->elems[pdu->idx] =3D elem; + pdu_submit(pdu, &out); } =20 --=20 2.7.5 From nobody Thu May 2 10:08:04 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1498744096958332.922595138902; Thu, 29 Jun 2017 06:48:16 -0700 (PDT) Received: from localhost ([::1]:39473 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQZnp-0006iR-BQ for importer@patchew.org; Thu, 29 Jun 2017 09:48:13 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54997) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQZkE-0003L2-8d for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dQZk9-0002vY-Oy for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:30 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:45994) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dQZk9-0002vA-Et for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:25 -0400 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v5TDcoHY027803 for ; Thu, 29 Jun 2017 09:44:24 -0400 Received: from e06smtp11.uk.ibm.com (e06smtp11.uk.ibm.com [195.75.94.107]) by mx0a-001b2d01.pphosted.com with ESMTP id 2bcy9qs7bu-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 29 Jun 2017 09:44:23 -0400 Received: from localhost by e06smtp11.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 29 Jun 2017 14:44:20 +0100 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp11.uk.ibm.com (192.168.101.141) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 29 Jun 2017 14:44:18 +0100 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v5TDiH1N17432912; Thu, 29 Jun 2017 13:44:17 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 579AFAE051; Thu, 29 Jun 2017 14:41:16 +0100 (BST) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 41E2CAE04D; Thu, 29 Jun 2017 14:41:16 +0100 (BST) Received: from smtp.lab.toulouse-stg.fr.ibm.com (unknown [9.101.4.1]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 29 Jun 2017 14:41:16 +0100 (BST) Received: from bahia.lan (icon-9-164-130-68.megacenter.de.ibm.com [9.164.130.68]) by smtp.lab.toulouse-stg.fr.ibm.com (Postfix) with ESMTP id E9EA3220144; Thu, 29 Jun 2017 15:44:16 +0200 (CEST) From: Greg Kurz To: qemu-devel@nongnu.org Date: Thu, 29 Jun 2017 15:43:48 +0200 X-Mailer: git-send-email 2.7.5 In-Reply-To: <1498743831-28676-1-git-send-email-groug@kaod.org> References: <1498743831-28676-1-git-send-email-groug@kaod.org> X-TM-AS-GCONF: 00 x-cbid: 17062913-0040-0000-0000-000003D764C5 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17062913-0041-0000-0000-00002071651D Message-Id: <1498743831-28676-6-git-send-email-groug@kaod.org> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-06-29_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=15 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1706290224 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.156.1 Subject: [Qemu-devel] [PULL 5/8] virtio-9p: message header is 7-byte long X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Greg Kurz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The 9p spec at http://man.cat-v.org/plan_9/5/intro reads: "Each 9P message begins with a four-byte size field specify- ing the length in bytes of the complete message including the four bytes of the size field itself. The next byte is the message type, one of the constants in the enumeration in the include file . The next two bytes are an iden- tifying tag, described below." ie, each message starts with a 7-byte long header. The core 9P code already assumes this pretty much everywhere. This patch does the following: - makes the assumption explicit in the common 9p.h header, since it isn't related to the transport - open codes the header size in handle_9p_output() and hardens the sanity check on the space needed for the reply message Signed-off-by: Greg Kurz Acked-by: Stefano Stabellini --- hw/9pfs/9p.h | 5 +++++ hw/9pfs/virtio-9p-device.c | 8 +++----- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h index c886ba78d2ee..aac1b0b2ce3d 100644 --- a/hw/9pfs/9p.h +++ b/hw/9pfs/9p.h @@ -124,6 +124,11 @@ typedef struct { uint8_t id; uint16_t tag_le; } QEMU_PACKED P9MsgHeader; +/* According to the specification, 9p messages start with a 7-byte header. + * Since most of the code uses this header size in literal form, we must be + * sure this is indeed the case. + */ +QEMU_BUILD_BUG_ON(sizeof(P9MsgHeader) !=3D 7); =20 struct V9fsPDU { diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c index 3380bfc0c551..1a68c1622d3a 100644 --- a/hw/9pfs/virtio-9p-device.c +++ b/hw/9pfs/virtio-9p-device.c @@ -53,17 +53,15 @@ static void handle_9p_output(VirtIODevice *vdev, VirtQu= eue *vq) goto out_free_pdu; } =20 - if (elem->in_num =3D=3D 0) { + if (iov_size(elem->in_sg, elem->in_num) < 7) { virtio_error(vdev, "The guest sent a VirtFS request without space fo= r " "the reply"); goto out_free_req; } - QEMU_BUILD_BUG_ON(sizeof(out) !=3D 7); =20 - len =3D iov_to_buf(elem->out_sg, elem->out_num, 0, - &out, sizeof(out)); - if (len !=3D sizeof(out)) { + len =3D iov_to_buf(elem->out_sg, elem->out_num, 0, &out, 7); + if (len !=3D 7) { virtio_error(vdev, "The guest sent a malformed VirtFS request:= " "header size is %zd, should be 7", len); goto out_free_req; --=20 2.7.5 From nobody Thu May 2 10:08:04 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1498744255906666.112534027541; Thu, 29 Jun 2017 06:50:55 -0700 (PDT) Received: from localhost ([::1]:39486 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQZqO-00014r-EO for importer@patchew.org; Thu, 29 Jun 2017 09:50:52 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:55018) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQZkF-0003ML-Sa for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dQZkB-0002w3-0S for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:31 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:35813 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dQZkA-0002vr-Q0 for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:26 -0400 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v5TDcxKd008927 for ; Thu, 29 Jun 2017 09:44:26 -0400 Received: from e06smtp14.uk.ibm.com (e06smtp14.uk.ibm.com [195.75.94.110]) by mx0b-001b2d01.pphosted.com with ESMTP id 2bcsuw5pnc-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 29 Jun 2017 09:44:25 -0400 Received: from localhost by e06smtp14.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 29 Jun 2017 14:44:23 +0100 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp14.uk.ibm.com (192.168.101.144) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 29 Jun 2017 14:44:20 +0100 Received: from d06av21.portsmouth.uk.ibm.com (d06av21.portsmouth.uk.ibm.com [9.149.105.232]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v5TDiKej17367442; Thu, 29 Jun 2017 13:44:20 GMT Received: from d06av21.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 31BD852047; Thu, 29 Jun 2017 13:40:51 +0100 (BST) Received: from smtp.lab.toulouse-stg.fr.ibm.com (unknown [9.101.4.1]) by d06av21.portsmouth.uk.ibm.com (Postfix) with ESMTP id 1C00F52043; Thu, 29 Jun 2017 13:40:51 +0100 (BST) Received: from bahia.lan (icon-9-164-130-68.megacenter.de.ibm.com [9.164.130.68]) by smtp.lab.toulouse-stg.fr.ibm.com (Postfix) with ESMTP id 35184220144; Thu, 29 Jun 2017 15:44:19 +0200 (CEST) From: Greg Kurz To: qemu-devel@nongnu.org Date: Thu, 29 Jun 2017 15:43:49 +0200 X-Mailer: git-send-email 2.7.5 In-Reply-To: <1498743831-28676-1-git-send-email-groug@kaod.org> References: <1498743831-28676-1-git-send-email-groug@kaod.org> X-TM-AS-GCONF: 00 x-cbid: 17062913-0016-0000-0000-000004CA661B X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17062913-0017-0000-0000-000027FD6612 Message-Id: <1498743831-28676-7-git-send-email-groug@kaod.org> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-06-29_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=4 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1706290224 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.158.5 Subject: [Qemu-devel] [PULL 6/8] virtio-9p: break device if buffers are misconfigured X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Greg Kurz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The 9P protocol is transport agnostic: if the guest misconfigured the buffers, the best we can do is to set the broken flag on the device. Signed-off-by: Greg Kurz --- hw/9pfs/9p.c | 2 +- hw/9pfs/9p.h | 2 +- hw/9pfs/virtio-9p-device.c | 40 ++++++++++++++++++++++++++++++++++++---- hw/9pfs/xen-9p-backend.c | 3 ++- 4 files changed, 40 insertions(+), 7 deletions(-) diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index a0ae98f7ca6f..8e5cac71eb60 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -1664,7 +1664,7 @@ static void v9fs_init_qiov_from_pdu(QEMUIOVector *qio= v, V9fsPDU *pdu, unsigned int niov; =20 if (is_write) { - pdu->s->transport->init_out_iov_from_pdu(pdu, &iov, &niov); + pdu->s->transport->init_out_iov_from_pdu(pdu, &iov, &niov, size + = skip); } else { pdu->s->transport->init_in_iov_from_pdu(pdu, &iov, &niov, size + s= kip); } diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h index aac1b0b2ce3d..d1cfeaf10e4f 100644 --- a/hw/9pfs/9p.h +++ b/hw/9pfs/9p.h @@ -363,7 +363,7 @@ struct V9fsTransport { void (*init_in_iov_from_pdu)(V9fsPDU *pdu, struct iovec **piov, unsigned int *pniov, size_t size); void (*init_out_iov_from_pdu)(V9fsPDU *pdu, struct iovec **piov, - unsigned int *pniov); + unsigned int *pniov, size_t size); void (*push_and_notify)(V9fsPDU *pdu); }; =20 diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c index 1a68c1622d3a..62650b0a6b99 100644 --- a/hw/9pfs/virtio-9p-device.c +++ b/hw/9pfs/virtio-9p-device.c @@ -146,8 +146,16 @@ static ssize_t virtio_pdu_vmarshal(V9fsPDU *pdu, size_= t offset, V9fsState *s =3D pdu->s; V9fsVirtioState *v =3D container_of(s, V9fsVirtioState, state); VirtQueueElement *elem =3D v->elems[pdu->idx]; + ssize_t ret; =20 - return v9fs_iov_vmarshal(elem->in_sg, elem->in_num, offset, 1, fmt, ap= ); + ret =3D v9fs_iov_vmarshal(elem->in_sg, elem->in_num, offset, 1, fmt, a= p); + if (ret < 0) { + VirtIODevice *vdev =3D VIRTIO_DEVICE(v); + + virtio_error(vdev, "Failed to encode VirtFS reply type %d", + pdu->id + 1); + } + return ret; } =20 static ssize_t virtio_pdu_vunmarshal(V9fsPDU *pdu, size_t offset, @@ -156,28 +164,52 @@ static ssize_t virtio_pdu_vunmarshal(V9fsPDU *pdu, si= ze_t offset, V9fsState *s =3D pdu->s; V9fsVirtioState *v =3D container_of(s, V9fsVirtioState, state); VirtQueueElement *elem =3D v->elems[pdu->idx]; + ssize_t ret; + + ret =3D v9fs_iov_vunmarshal(elem->out_sg, elem->out_num, offset, 1, fm= t, ap); + if (ret < 0) { + VirtIODevice *vdev =3D VIRTIO_DEVICE(v); =20 - return v9fs_iov_vunmarshal(elem->out_sg, elem->out_num, offset, 1, fmt= , ap); + virtio_error(vdev, "Failed to decode VirtFS request type %d", pdu-= >id); + } + return ret; } =20 -/* The size parameter is used by other transports. Do not drop it. */ static void virtio_init_in_iov_from_pdu(V9fsPDU *pdu, struct iovec **piov, unsigned int *pniov, size_t size) { V9fsState *s =3D pdu->s; V9fsVirtioState *v =3D container_of(s, V9fsVirtioState, state); VirtQueueElement *elem =3D v->elems[pdu->idx]; + size_t buf_size =3D iov_size(elem->in_sg, elem->in_num); + + if (buf_size < size) { + VirtIODevice *vdev =3D VIRTIO_DEVICE(v); + + virtio_error(vdev, + "VirtFS reply type %d needs %zu bytes, buffer has %zu= ", + pdu->id + 1, size, buf_size); + } =20 *piov =3D elem->in_sg; *pniov =3D elem->in_num; } =20 static void virtio_init_out_iov_from_pdu(V9fsPDU *pdu, struct iovec **piov, - unsigned int *pniov) + unsigned int *pniov, size_t size) { V9fsState *s =3D pdu->s; V9fsVirtioState *v =3D container_of(s, V9fsVirtioState, state); VirtQueueElement *elem =3D v->elems[pdu->idx]; + size_t buf_size =3D iov_size(elem->out_sg, elem->out_num); + + if (buf_size < size) { + VirtIODevice *vdev =3D VIRTIO_DEVICE(v); + + virtio_error(vdev, + "VirtFS request type %d needs %zu bytes, buffer has %= zu", + pdu->id, size, buf_size); + } =20 *piov =3D elem->out_sg; *pniov =3D elem->out_num; diff --git a/hw/9pfs/xen-9p-backend.c b/hw/9pfs/xen-9p-backend.c index 922cc967be63..a82cf817fe45 100644 --- a/hw/9pfs/xen-9p-backend.c +++ b/hw/9pfs/xen-9p-backend.c @@ -147,7 +147,8 @@ static ssize_t xen_9pfs_pdu_vunmarshal(V9fsPDU *pdu, =20 static void xen_9pfs_init_out_iov_from_pdu(V9fsPDU *pdu, struct iovec **piov, - unsigned int *pniov) + unsigned int *pniov, + size_t size) { Xen9pfsDev *xen_9pfs =3D container_of(pdu->s, Xen9pfsDev, state); Xen9pfsRing *ring =3D &xen_9pfs->rings[pdu->tag % xen_9pfs->num_rings]; --=20 2.7.5 From nobody Thu May 2 10:08:04 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1498744271815164.2268140093306; Thu, 29 Jun 2017 06:51:11 -0700 (PDT) Received: from localhost ([::1]:39489 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQZqe-0001HE-C2 for importer@patchew.org; Thu, 29 Jun 2017 09:51:08 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:55032) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQZkJ-0003Pa-OC for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dQZkE-0002wy-QY for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:35 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:42184 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dQZkE-0002wn-Jv for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:30 -0400 Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v5TDcsuw124619 for ; Thu, 29 Jun 2017 09:44:30 -0400 Received: from e06smtp13.uk.ibm.com (e06smtp13.uk.ibm.com [195.75.94.109]) by mx0b-001b2d01.pphosted.com with ESMTP id 2bcyr886m4-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 29 Jun 2017 09:44:29 -0400 Received: from localhost by e06smtp13.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 29 Jun 2017 14:44:27 +0100 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp13.uk.ibm.com (192.168.101.143) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 29 Jun 2017 14:44:24 +0100 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v5TDiOgB14549430; Thu, 29 Jun 2017 13:44:24 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 645444C04E; Thu, 29 Jun 2017 14:42:19 +0100 (BST) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 459244C040; Thu, 29 Jun 2017 14:42:19 +0100 (BST) Received: from smtp.lab.toulouse-stg.fr.ibm.com (unknown [9.101.4.1]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 29 Jun 2017 14:42:19 +0100 (BST) Received: from bahia.lan (icon-9-164-130-68.megacenter.de.ibm.com [9.164.130.68]) by smtp.lab.toulouse-stg.fr.ibm.com (Postfix) with ESMTP id 10949220144; Thu, 29 Jun 2017 15:44:22 +0200 (CEST) From: Greg Kurz To: qemu-devel@nongnu.org Date: Thu, 29 Jun 2017 15:43:50 +0200 X-Mailer: git-send-email 2.7.5 In-Reply-To: <1498743831-28676-1-git-send-email-groug@kaod.org> References: <1498743831-28676-1-git-send-email-groug@kaod.org> X-TM-AS-GCONF: 00 x-cbid: 17062913-0012-0000-0000-0000055A62A7 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17062913-0013-0000-0000-000018CC62E7 Message-Id: <1498743831-28676-8-git-send-email-groug@kaod.org> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-06-29_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=13 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1706290224 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.158.5 Subject: [Qemu-devel] [PULL 7/8] xen-9pfs: disconnect if buffers are misconfigured X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , Peter Maydell , Stefano Stabellini , Greg Kurz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Stefano Stabellini Implement xen_9pfs_disconnect by unbinding the event channels. On xen_9pfs_free, call disconnect if any event channels haven't been disconnected. If the frontend misconfigured the buffers set the backend to "Closing" and disconnect it. Misconfigurations include requesting a read of more bytes than available on the ring buffer, or claiming to be writing more data than available on the ring buffer. Signed-off-by: Stefano Stabellini Signed-off-by: Greg Kurz --- hw/9pfs/xen-9p-backend.c | 85 ++++++++++++++++++++++++++++++++++++--------= ---- 1 file changed, 64 insertions(+), 21 deletions(-) diff --git a/hw/9pfs/xen-9p-backend.c b/hw/9pfs/xen-9p-backend.c index a82cf817fe45..ee87f08926a2 100644 --- a/hw/9pfs/xen-9p-backend.c +++ b/hw/9pfs/xen-9p-backend.c @@ -54,6 +54,8 @@ typedef struct Xen9pfsDev { Xen9pfsRing *rings; } Xen9pfsDev; =20 +static void xen_9pfs_disconnect(struct XenDevice *xendev); + static void xen_9pfs_in_sg(Xen9pfsRing *ring, struct iovec *in_sg, int *num, @@ -125,10 +127,19 @@ static ssize_t xen_9pfs_pdu_vmarshal(V9fsPDU *pdu, Xen9pfsDev *xen_9pfs =3D container_of(pdu->s, Xen9pfsDev, state); struct iovec in_sg[2]; int num; + ssize_t ret; =20 xen_9pfs_in_sg(&xen_9pfs->rings[pdu->tag % xen_9pfs->num_rings], in_sg, &num, pdu->idx, ROUND_UP(offset + 128, 512)); - return v9fs_iov_vmarshal(in_sg, num, offset, 0, fmt, ap); + + ret =3D v9fs_iov_vmarshal(in_sg, num, offset, 0, fmt, ap); + if (ret < 0) { + xen_pv_printf(&xen_9pfs->xendev, 0, + "Failed to encode VirtFS request type %d\n", pdu->id= + 1); + xen_be_set_state(&xen_9pfs->xendev, XenbusStateClosing); + xen_9pfs_disconnect(&xen_9pfs->xendev); + } + return ret; } =20 static ssize_t xen_9pfs_pdu_vunmarshal(V9fsPDU *pdu, @@ -139,10 +150,19 @@ static ssize_t xen_9pfs_pdu_vunmarshal(V9fsPDU *pdu, Xen9pfsDev *xen_9pfs =3D container_of(pdu->s, Xen9pfsDev, state); struct iovec out_sg[2]; int num; + ssize_t ret; =20 xen_9pfs_out_sg(&xen_9pfs->rings[pdu->tag % xen_9pfs->num_rings], out_sg, &num, pdu->idx); - return v9fs_iov_vunmarshal(out_sg, num, offset, 0, fmt, ap); + + ret =3D v9fs_iov_vunmarshal(out_sg, num, offset, 0, fmt, ap); + if (ret < 0) { + xen_pv_printf(&xen_9pfs->xendev, 0, + "Failed to decode VirtFS request type %d\n", pdu->id= ); + xen_be_set_state(&xen_9pfs->xendev, XenbusStateClosing); + xen_9pfs_disconnect(&xen_9pfs->xendev); + } + return ret; } =20 static void xen_9pfs_init_out_iov_from_pdu(V9fsPDU *pdu, @@ -170,11 +190,22 @@ static void xen_9pfs_init_in_iov_from_pdu(V9fsPDU *pd= u, Xen9pfsDev *xen_9pfs =3D container_of(pdu->s, Xen9pfsDev, state); Xen9pfsRing *ring =3D &xen_9pfs->rings[pdu->tag % xen_9pfs->num_rings]; int num; + size_t buf_size; =20 g_free(ring->sg); =20 ring->sg =3D g_malloc0(sizeof(*ring->sg) * 2); xen_9pfs_in_sg(ring, ring->sg, &num, pdu->idx, size); + + buf_size =3D iov_size(ring->sg, num); + if (buf_size < size) { + xen_pv_printf(&xen_9pfs->xendev, 0, "Xen 9pfs request type %d" + "needs %zu bytes, buffer has %zu\n", pdu->id, size, + buf_size); + xen_be_set_state(&xen_9pfs->xendev, XenbusStateClosing); + xen_9pfs_disconnect(&xen_9pfs->xendev); + } + *piov =3D ring->sg; *pniov =3D num; } @@ -218,7 +249,7 @@ static int xen_9pfs_init(struct XenDevice *xendev) static int xen_9pfs_receive(Xen9pfsRing *ring) { P9MsgHeader h; - RING_IDX cons, prod, masked_prod, masked_cons; + RING_IDX cons, prod, masked_prod, masked_cons, queued; V9fsPDU *pdu; =20 if (ring->inprogress) { @@ -229,8 +260,8 @@ static int xen_9pfs_receive(Xen9pfsRing *ring) prod =3D ring->intf->out_prod; xen_rmb(); =20 - if (xen_9pfs_queued(prod, cons, XEN_FLEX_RING_SIZE(ring->ring_order)) < - sizeof(h)) { + queued =3D xen_9pfs_queued(prod, cons, XEN_FLEX_RING_SIZE(ring->ring_o= rder)); + if (queued < sizeof(h)) { return 0; } ring->inprogress =3D true; @@ -241,6 +272,9 @@ static int xen_9pfs_receive(Xen9pfsRing *ring) xen_9pfs_read_packet((uint8_t *) &h, ring->ring.out, sizeof(h), masked_prod, &masked_cons, XEN_FLEX_RING_SIZE(ring->ring_order)); + if (queued < le32_to_cpu(h.size_le)) { + return 0; + } =20 /* cannot fail, because we only handle one request per ring at a time = */ pdu =3D pdu_alloc(&ring->priv->state); @@ -269,15 +303,30 @@ static void xen_9pfs_evtchn_event(void *opaque) qemu_bh_schedule(ring->bh); } =20 -static int xen_9pfs_free(struct XenDevice *xendev) +static void xen_9pfs_disconnect(struct XenDevice *xendev) { + Xen9pfsDev *xen_9pdev =3D container_of(xendev, Xen9pfsDev, xendev); int i; + + for (i =3D 0; i < xen_9pdev->num_rings; i++) { + if (xen_9pdev->rings[i].evtchndev !=3D NULL) { + qemu_set_fd_handler(xenevtchn_fd(xen_9pdev->rings[i].evtchndev= ), + NULL, NULL, NULL); + xenevtchn_unbind(xen_9pdev->rings[i].evtchndev, + xen_9pdev->rings[i].local_port); + xen_9pdev->rings[i].evtchndev =3D NULL; + } + } +} + +static int xen_9pfs_free(struct XenDevice *xendev) +{ Xen9pfsDev *xen_9pdev =3D container_of(xendev, Xen9pfsDev, xendev); + int i; =20 - g_free(xen_9pdev->id); - g_free(xen_9pdev->tag); - g_free(xen_9pdev->path); - g_free(xen_9pdev->security_model); + if (xen_9pdev->rings[0].evtchndev !=3D NULL) { + xen_9pfs_disconnect(xendev); + } =20 for (i =3D 0; i < xen_9pdev->num_rings; i++) { if (xen_9pdev->rings[i].data !=3D NULL) { @@ -290,16 +339,15 @@ static int xen_9pfs_free(struct XenDevice *xendev) xen_9pdev->rings[i].intf, 1); } - if (xen_9pdev->rings[i].evtchndev > 0) { - qemu_set_fd_handler(xenevtchn_fd(xen_9pdev->rings[i].evtchndev= ), - NULL, NULL, NULL); - xenevtchn_unbind(xen_9pdev->rings[i].evtchndev, - xen_9pdev->rings[i].local_port); - } if (xen_9pdev->rings[i].bh !=3D NULL) { qemu_bh_delete(xen_9pdev->rings[i].bh); } } + + g_free(xen_9pdev->id); + g_free(xen_9pdev->tag); + g_free(xen_9pdev->path); + g_free(xen_9pdev->security_model); g_free(xen_9pdev->rings); return 0; } @@ -423,11 +471,6 @@ static void xen_9pfs_alloc(struct XenDevice *xendev) xenstore_write_be_int(xendev, "max-ring-page-order", MAX_RING_ORDER); } =20 -static void xen_9pfs_disconnect(struct XenDevice *xendev) -{ - /* Dynamic hotplug of PV filesystems at runtime is not supported. */ -} - struct XenDevOps xen_9pfs_ops =3D { .size =3D sizeof(Xen9pfsDev), .flags =3D DEVOPS_FLAG_NEED_GNTDEV, --=20 2.7.5 From nobody Thu May 2 10:08:04 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1498744377496250.41681857634433; Thu, 29 Jun 2017 06:52:57 -0700 (PDT) Received: from localhost ([::1]:39499 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQZsO-0002dS-6C for importer@patchew.org; Thu, 29 Jun 2017 09:52:56 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:55039) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQZkK-0003QZ-Tg for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dQZkG-0002xh-1K for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:36 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:37002 helo=mx0a-001b2d01.pphosted.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dQZkF-0002xG-Ro for qemu-devel@nongnu.org; Thu, 29 Jun 2017 09:44:31 -0400 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v5TDcuNY111243 for ; Thu, 29 Jun 2017 09:44:31 -0400 Received: from e06smtp14.uk.ibm.com (e06smtp14.uk.ibm.com [195.75.94.110]) by mx0a-001b2d01.pphosted.com with ESMTP id 2bd1mfka6h-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 29 Jun 2017 09:44:30 -0400 Received: from localhost by e06smtp14.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 29 Jun 2017 14:44:29 +0100 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp14.uk.ibm.com (192.168.101.144) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 29 Jun 2017 14:44:26 +0100 Received: from d06av24.portsmouth.uk.ibm.com (d06av24.portsmouth.uk.ibm.com [9.149.105.60]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v5TDiQea29425740; Thu, 29 Jun 2017 13:44:26 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0ACB542047; Thu, 29 Jun 2017 14:42:02 +0100 (BST) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id ECD204203F; Thu, 29 Jun 2017 14:42:01 +0100 (BST) Received: from smtp.lab.toulouse-stg.fr.ibm.com (unknown [9.101.4.1]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 29 Jun 2017 14:42:01 +0100 (BST) Received: from bahia.lan (icon-9-164-130-68.megacenter.de.ibm.com [9.164.130.68]) by smtp.lab.toulouse-stg.fr.ibm.com (Postfix) with ESMTP id 783BC220144; Thu, 29 Jun 2017 15:44:25 +0200 (CEST) From: Greg Kurz To: qemu-devel@nongnu.org Date: Thu, 29 Jun 2017 15:43:51 +0200 X-Mailer: git-send-email 2.7.5 In-Reply-To: <1498743831-28676-1-git-send-email-groug@kaod.org> References: <1498743831-28676-1-git-send-email-groug@kaod.org> X-TM-AS-GCONF: 00 x-cbid: 17062913-0016-0000-0000-000004CA6625 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17062913-0017-0000-0000-000027FD661D Message-Id: <1498743831-28676-9-git-send-email-groug@kaod.org> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-06-29_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=13 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1706290224 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.158.5 Subject: [Qemu-devel] [PULL 8/8] 9pfs: handle transport errors in pdu_complete() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Greg Kurz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Contrary to what is written in the comment, a buggy guest can misconfigure the transport buffers and pdu_marshal() may return an error. If this ever happens, it is up to the transport layer to handle the situation (9P is transport agnostic). This fixes Coverity issue CID1348518. Signed-off-by: Greg Kurz Reviewed-by: Stefano Stabellini --- hw/9pfs/9p.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index 8e5cac71eb60..6c92bad5b3b4 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -624,15 +624,11 @@ void pdu_free(V9fsPDU *pdu) QLIST_INSERT_HEAD(&s->free_list, pdu, next); } =20 -/* - * We don't do error checking for pdu_marshal/unmarshal here - * because we always expect to have enough space to encode - * error details - */ static void coroutine_fn pdu_complete(V9fsPDU *pdu, ssize_t len) { int8_t id =3D pdu->id + 1; /* Response */ V9fsState *s =3D pdu->s; + int ret; =20 if (len < 0) { int err =3D -len; @@ -644,11 +640,19 @@ static void coroutine_fn pdu_complete(V9fsPDU *pdu, s= size_t len) str.data =3D strerror(err); str.size =3D strlen(str.data); =20 - len +=3D pdu_marshal(pdu, len, "s", &str); + ret =3D pdu_marshal(pdu, len, "s", &str); + if (ret < 0) { + goto out_notify; + } + len +=3D ret; id =3D P9_RERROR; } =20 - len +=3D pdu_marshal(pdu, len, "d", err); + ret =3D pdu_marshal(pdu, len, "d", err); + if (ret < 0) { + goto out_notify; + } + len +=3D ret; =20 if (s->proto_version =3D=3D V9FS_PROTO_2000L) { id =3D P9_RLERROR; @@ -657,12 +661,15 @@ static void coroutine_fn pdu_complete(V9fsPDU *pdu, s= size_t len) } =20 /* fill out the header */ - pdu_marshal(pdu, 0, "dbw", (int32_t)len, id, pdu->tag); + if (pdu_marshal(pdu, 0, "dbw", (int32_t)len, id, pdu->tag) < 0) { + goto out_notify; + } =20 /* keep these in sync */ pdu->size =3D len; pdu->id =3D id; =20 +out_notify: pdu->s->transport->push_and_notify(pdu); =20 /* Now wakeup anybody waiting in flush for this request */ --=20 2.7.5