From nobody Sat Oct 25 21:30:35 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1521662562768298.3203302398308; Wed, 21 Mar 2018 13:02:42 -0700 (PDT) Received: from localhost ([::1]:57064 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eyjwU-0005Le-4I for importer@patchew.org; Wed, 21 Mar 2018 16:02:38 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:39125) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eyjvS-0004xD-4B for qemu-devel@nongnu.org; Wed, 21 Mar 2018 16:01:38 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eyjvQ-0003Ag-Uo for qemu-devel@nongnu.org; Wed, 21 Mar 2018 16:01:34 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:35330 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eyjvM-00035q-8p; Wed, 21 Mar 2018 16:01:28 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 58B6F6166C; Wed, 21 Mar 2018 20:01:22 +0000 (UTC) Received: from probe.bos.redhat.com (dhcp-17-231.bos.redhat.com [10.18.17.231]) by smtp.corp.redhat.com (Postfix) with ESMTP id 47E8210B009A; Wed, 21 Mar 2018 20:01:15 +0000 (UTC) From: John Snow To: qemu-block@nongnu.org Date: Wed, 21 Mar 2018 16:01:14 -0400 Message-Id: <20180321200114.10981-1-jsnow@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Wed, 21 Mar 2018 20:01:22 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Wed, 21 Mar 2018 20:01:22 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'jsnow@redhat.com' RCPT:'' X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.187.233.73 Subject: [Qemu-devel] [PATCH v5] file-posix: specify expected filetypes X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kwolf@redhat.com, John Snow , qemu-devel@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Adjust each caller of raw_open_common to specify if they are expecting host and character devices or not. Tighten expectations of file types upon open in the common code and refuse types that are not expected. This has two effects: (1) Character and block devices are now considered deprecated for the 'file' driver, which expects only S_IFREG, and (2) no file-posix driver (file, host_cdrom, or host_device) can open directories now. I don't think there's a legitimate reason to open directories as if they were files. This prevents QEMU from opening and attempting to probe a directory inode, which can break in exciting ways. One of those ways is lseek on ext4/xfs, which will return 0x7fffffffffffffff as the file size instead of EISDIR. This can coax QEMU into responding with a confusing "file too big" instead of "Hey, that's not a file". See: https://bugs.launchpad.net/qemu/+bug/1739304/ Signed-off-by: John Snow Reviewed-by: Eric Blake --- v5: rebase for 2.12.0-rc0 block/file-posix.c | 37 +++++++++++++++++++++++++++++-------- qemu-doc.texi | 6 ++++++ 2 files changed, 35 insertions(+), 8 deletions(-) diff --git a/block/file-posix.c b/block/file-posix.c index d7fb772c14..31d9afe026 100644 --- a/block/file-posix.c +++ b/block/file-posix.c @@ -420,7 +420,8 @@ static QemuOptsList raw_runtime_opts =3D { }; =20 static int raw_open_common(BlockDriverState *bs, QDict *options, - int bdrv_flags, int open_flags, Error **errp) + int bdrv_flags, int open_flags, + bool device, Error **errp) { BDRVRawState *s =3D bs->opaque; QemuOpts *opts; @@ -558,10 +559,30 @@ static int raw_open_common(BlockDriverState *bs, QDic= t *options, error_setg_errno(errp, errno, "Could not stat file"); goto fail; } - if (S_ISREG(st.st_mode)) { - s->discard_zeroes =3D true; - s->has_fallocate =3D true; + + if (!device) { + if (S_ISBLK(st.st_mode)) { + warn_report("Opening a block device as file using 'file' " + "driver is deprecated"); + } else if (S_ISCHR(st.st_mode)) { + warn_report("Opening a character device as file using the 'fil= e' " + "driver is deprecated"); + } else if (!S_ISREG(st.st_mode)) { + error_setg(errp, "A regular file was expected by the 'file' dr= iver, " + "but something else was given"); + goto fail; + } else { + s->discard_zeroes =3D true; + s->has_fallocate =3D true; + } + } else { + if (!(S_ISCHR(st.st_mode) || S_ISBLK(st.st_mode))) { + error_setg(errp, "host_device/host_cdrom driver expects either= " + "a character or block device"); + goto fail; + } } + if (S_ISBLK(st.st_mode)) { #ifdef BLKDISCARDZEROES unsigned int arg; @@ -614,7 +635,7 @@ static int raw_open(BlockDriverState *bs, QDict *option= s, int flags, BDRVRawState *s =3D bs->opaque; =20 s->type =3D FTYPE_FILE; - return raw_open_common(bs, options, flags, 0, errp); + return raw_open_common(bs, options, flags, 0, false, errp); } =20 typedef enum { @@ -2611,7 +2632,7 @@ hdev_open_Mac_error: =20 s->type =3D FTYPE_FILE; =20 - ret =3D raw_open_common(bs, options, flags, 0, &local_err); + ret =3D raw_open_common(bs, options, flags, 0, true, &local_err); if (ret < 0) { error_propagate(errp, local_err); #if defined(__APPLE__) && defined(__MACH__) @@ -2838,7 +2859,7 @@ static int cdrom_open(BlockDriverState *bs, QDict *op= tions, int flags, s->type =3D FTYPE_CD; =20 /* open will not fail even if no CD is inserted, so add O_NONBLOCK */ - return raw_open_common(bs, options, flags, O_NONBLOCK, errp); + return raw_open_common(bs, options, flags, O_NONBLOCK, true, errp); } =20 static int cdrom_probe_device(const char *filename) @@ -2951,7 +2972,7 @@ static int cdrom_open(BlockDriverState *bs, QDict *op= tions, int flags, =20 s->type =3D FTYPE_CD; =20 - ret =3D raw_open_common(bs, options, flags, 0, &local_err); + ret =3D raw_open_common(bs, options, flags, 0, true, &local_err); if (ret) { error_propagate(errp, local_err); return ret; diff --git a/qemu-doc.texi b/qemu-doc.texi index 89fa80518a..ff4a098fd7 100644 --- a/qemu-doc.texi +++ b/qemu-doc.texi @@ -2699,6 +2699,12 @@ that can be specified with the ``-device'' parameter. The drive addr argument is replaced by the the addr argument that can be specified with the ``-device'' parameter. =20 +@subsection -drive file=3Djson:@{...@{'driver':'file'@}@} (since 2.12.0) + +The 'file' driver for drives is no longer appropriate for character or host +devices and will only accept regular files (S_IFREG). The correct driver +for these file types is 'host_cdrom' or 'host_device' as appropriate. + @subsection -usbdevice (since 2.10.0) =20 The ``-usbdevice DEV'' argument is now a synonym for setting --=20 2.14.3