From nobody Mon Feb 9 23:40:28 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1518116422317478.77990914146983; Thu, 8 Feb 2018 11:00:22 -0800 (PST) Received: from localhost ([::1]:36506 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ejrQj-0006Ge-FA for importer@patchew.org; Thu, 08 Feb 2018 14:00:21 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35512) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ejqTz-0002S4-72 for qemu-devel@nongnu.org; Thu, 08 Feb 2018 12:59:40 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ejqTw-0006sl-AZ for qemu-devel@nongnu.org; Thu, 08 Feb 2018 12:59:39 -0500 Received: from lhrrgout.huawei.com ([194.213.3.17]:43311 helo=huawei.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ejqTv-0006r3-Vm for qemu-devel@nongnu.org; Thu, 08 Feb 2018 12:59:36 -0500 Received: from lhreml704-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 6FEE7513ECA13; Thu, 8 Feb 2018 17:59:30 +0000 (GMT) Received: from localhost.localdomain (10.204.62.86) by lhreml704-cah.china.huawei.com (10.201.108.45) with Microsoft SMTP Server id 14.3.361.1; Thu, 8 Feb 2018 17:59:23 +0000 From: To: , Date: Thu, 8 Feb 2018 19:00:17 +0100 Message-ID: <20180208180019.13683-3-antonios.motakis@huawei.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180208180019.13683-1-antonios.motakis@huawei.com> References: <20180208180019.13683-1-antonios.motakis@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.204.62.86] X-CFilter-Loop: Reflected X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-Received-From: 194.213.3.17 Subject: [Qemu-devel] [PATCH 2/4] 9pfs: check for file device to avoid QID path collisions X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: veaceslav.falico@huawei.com, Eduard.Shishkin@huawei.com, andy.wangguoli@huawei.com, cota@braap.org, Antonios Motakis , Jani.Kokkonen@huawei.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Antonios Motakis The QID path should uniquely identify a file. However, the inode of a file is currently used as the QID path, which on its own only uniquely identifies wiles within a device. Here we track the device hosting the 9pfs share, in order to prevent security issues with QID path collisions from other devices. Signed-off-by: Antonios Motakis --- hw/9pfs/9p.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++---------= ---- hw/9pfs/9p.h | 1 + 2 files changed, 54 insertions(+), 14 deletions(-) diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index 85a1ed8..4da858f 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -573,10 +573,16 @@ static void coroutine_fn virtfs_reset(V9fsPDU *pdu) P9_STAT_MODE_SOCKET) =20 /* This is the algorithm from ufs in spfs */ -static void stat_to_qid(const struct stat *stbuf, V9fsQID *qidp) +static int stat_to_qid(V9fsPDU *pdu, const struct stat *stbuf, V9fsQID *qi= dp) { size_t size; =20 + if (pdu->s->dev_id =3D=3D 0) { + pdu->s->dev_id =3D stbuf->st_dev; + } else if (pdu->s->dev_id !=3D stbuf->st_dev) { + return -ENOSYS; + } + memset(&qidp->path, 0, sizeof(qidp->path)); size =3D MIN(sizeof(stbuf->st_ino), sizeof(qidp->path)); memcpy(&qidp->path, &stbuf->st_ino, size); @@ -588,6 +594,8 @@ static void stat_to_qid(const struct stat *stbuf, V9fsQ= ID *qidp) if (S_ISLNK(stbuf->st_mode)) { qidp->type |=3D P9_QID_TYPE_SYMLINK; } + + return 0; } =20 static int coroutine_fn fid_to_qid(V9fsPDU *pdu, V9fsFidState *fidp, @@ -600,7 +608,10 @@ static int coroutine_fn fid_to_qid(V9fsPDU *pdu, V9fsF= idState *fidp, if (err < 0) { return err; } - stat_to_qid(&stbuf, qidp); + err =3D stat_to_qid(pdu, &stbuf, qidp); + if (err < 0) { + return err; + } return 0; } =20 @@ -831,7 +842,10 @@ static int coroutine_fn stat_to_v9stat(V9fsPDU *pdu, V= 9fsPath *path, =20 memset(v9stat, 0, sizeof(*v9stat)); =20 - stat_to_qid(stbuf, &v9stat->qid); + err =3D stat_to_qid(pdu, stbuf, &v9stat->qid); + if (err < 0) { + return err; + } v9stat->mode =3D stat_to_v9mode(stbuf); v9stat->atime =3D stbuf->st_atime; v9stat->mtime =3D stbuf->st_mtime; @@ -892,7 +906,7 @@ static int coroutine_fn stat_to_v9stat(V9fsPDU *pdu, V9= fsPath *path, #define P9_STATS_ALL 0x00003fffULL /* Mask for All fields above = */ =20 =20 -static void stat_to_v9stat_dotl(V9fsState *s, const struct stat *stbuf, +static int stat_to_v9stat_dotl(V9fsPDU *pdu, const struct stat *stbuf, V9fsStatDotl *v9lstat) { memset(v9lstat, 0, sizeof(*v9lstat)); @@ -914,7 +928,7 @@ static void stat_to_v9stat_dotl(V9fsState *s, const str= uct stat *stbuf, /* Currently we only support BASIC fields in stat */ v9lstat->st_result_mask =3D P9_STATS_BASIC; =20 - stat_to_qid(stbuf, &v9lstat->qid); + return stat_to_qid(pdu, stbuf, &v9lstat->qid); } =20 static void print_sg(struct iovec *sg, int cnt) @@ -1116,7 +1130,6 @@ static void coroutine_fn v9fs_getattr(void *opaque) uint64_t request_mask; V9fsStatDotl v9stat_dotl; V9fsPDU *pdu =3D opaque; - V9fsState *s =3D pdu->s; =20 retval =3D pdu_unmarshal(pdu, offset, "dq", &fid, &request_mask); if (retval < 0) { @@ -1137,7 +1150,10 @@ static void coroutine_fn v9fs_getattr(void *opaque) if (retval < 0) { goto out; } - stat_to_v9stat_dotl(s, &stbuf, &v9stat_dotl); + retval =3D stat_to_v9stat_dotl(pdu, &stbuf, &v9stat_dotl); + if (retval < 0) { + goto out; + } =20 /* fill st_gen if requested and supported by underlying fs */ if (request_mask & P9_STATS_GEN) { @@ -1377,7 +1393,10 @@ static void coroutine_fn v9fs_walk(void *opaque) if (err < 0) { goto out; } - stat_to_qid(&stbuf, &qid); + err =3D stat_to_qid(pdu, &stbuf, &qid); + if (err < 0) { + goto out; + } v9fs_path_copy(&dpath, &path); } memcpy(&qids[name_idx], &qid, sizeof(qid)); @@ -1477,7 +1496,10 @@ static void coroutine_fn v9fs_open(void *opaque) if (err < 0) { goto out; } - stat_to_qid(&stbuf, &qid); + err =3D stat_to_qid(pdu, &stbuf, &qid); + if (err < 0) { + goto out; + } if (S_ISDIR(stbuf.st_mode)) { err =3D v9fs_co_opendir(pdu, fidp); if (err < 0) { @@ -1587,7 +1609,10 @@ static void coroutine_fn v9fs_lcreate(void *opaque) fidp->flags |=3D FID_NON_RECLAIMABLE; } iounit =3D get_iounit(pdu, &fidp->path); - stat_to_qid(&stbuf, &qid); + err =3D stat_to_qid(pdu, &stbuf, &qid); + if (err < 0) { + goto out; + } err =3D pdu_marshal(pdu, offset, "Qd", &qid, iounit); if (err < 0) { goto out; @@ -2308,7 +2333,10 @@ static void coroutine_fn v9fs_create(void *opaque) } } iounit =3D get_iounit(pdu, &fidp->path); - stat_to_qid(&stbuf, &qid); + err =3D stat_to_qid(pdu, &stbuf, &qid); + if (err < 0) { + goto out; + } err =3D pdu_marshal(pdu, offset, "Qd", &qid, iounit); if (err < 0) { goto out; @@ -2365,7 +2393,10 @@ static void coroutine_fn v9fs_symlink(void *opaque) if (err < 0) { goto out; } - stat_to_qid(&stbuf, &qid); + err =3D stat_to_qid(pdu, &stbuf, &qid); + if (err < 0) { + goto out; + } err =3D pdu_marshal(pdu, offset, "Q", &qid); if (err < 0) { goto out; @@ -3033,7 +3064,10 @@ static void coroutine_fn v9fs_mknod(void *opaque) if (err < 0) { goto out; } - stat_to_qid(&stbuf, &qid); + err =3D stat_to_qid(pdu, &stbuf, &qid); + if (err < 0) { + goto out; + } err =3D pdu_marshal(pdu, offset, "Q", &qid); if (err < 0) { goto out; @@ -3191,7 +3225,10 @@ static void coroutine_fn v9fs_mkdir(void *opaque) if (err < 0) { goto out; } - stat_to_qid(&stbuf, &qid); + err =3D stat_to_qid(pdu, &stbuf, &qid); + if (err < 0) { + goto out; + } err =3D pdu_marshal(pdu, offset, "Q", &qid); if (err < 0) { goto out; @@ -3589,6 +3626,8 @@ int v9fs_device_realize_common(V9fsState *s, const V9= fsTransport *t, goto out; } =20 + s->dev_id =3D 0; + s->ctx.fst =3D &fse->fst; fsdev_throttle_init(s->ctx.fst); =20 diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h index 5ced427..afb4ebd 100644 --- a/hw/9pfs/9p.h +++ b/hw/9pfs/9p.h @@ -252,6 +252,7 @@ struct V9fsState Error *migration_blocker; V9fsConf fsconf; V9fsQID root_qid; + dev_t dev_id; }; =20 /* 9p2000.L open flags */ --=20 1.8.3.1