From nobody Mon Feb 9 00:55:36 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564132306; cv=none; d=zoho.com; s=zohoarc; b=XfkA/vLD5oYgcqPTmZAguzIggdob9/sqHM9ddqsMmNTeNQX0t+A0aztq5dMAZDHTAYVxpDav7+XBNMc//MJyFHY8oGBsg1upnVtYvm5CWuz8w1snyO50Hpr4eyPiIRcvom/XBNsBf5KMl6A60ZVHtyByOwXRnqRxWhdhO7g55OU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564132306; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=FSuEoOMuvmaRAs9KHZxIIT5EhjLWFTUy9lY7PE/akVI=; b=BWSuMvytn/Sc2Sn+q62MJwJpdgbX7T8/B2cXQmlprRRSiO/njQppUCmMgWfwiBAUylfe9ewramAnWSYxkQc+GfyUVqGz4bz4o2a7YCLfiT+V4lalkKIxORRPZXErBDDlMqEEmtKqaNGjOIfA+viBY5ox8ZhqBuLyQlIKwC0KSeU= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1564132306538181.7987178306563; Fri, 26 Jul 2019 02:11:46 -0700 (PDT) Received: from localhost ([::1]:37593 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqwGN-00058s-Fk for importer@patchew.org; Fri, 26 Jul 2019 05:11:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60125) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqwG2-0003z9-Vd for qemu-devel@nongnu.org; Fri, 26 Jul 2019 05:11:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqwFy-0004NX-NT for qemu-devel@nongnu.org; Fri, 26 Jul 2019 05:11:20 -0400 Received: from mx1.redhat.com ([209.132.183.28]:46730) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqwFy-0004G9-GP for qemu-devel@nongnu.org; Fri, 26 Jul 2019 05:11:18 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9D71E5AFE3 for ; Fri, 26 Jul 2019 09:11:16 +0000 (UTC) Received: from localhost (ovpn-117-212.ams2.redhat.com [10.36.117.212]) by smtp.corp.redhat.com (Postfix) with ESMTP id C9C4B101E24A; Fri, 26 Jul 2019 09:11:11 +0000 (UTC) From: Stefan Hajnoczi To: virtio-fs@redhat.com, qemu-devel@nongnu.org Date: Fri, 26 Jul 2019 10:10:59 +0100 Message-Id: <20190726091103.23503-2-stefanha@redhat.com> In-Reply-To: <20190726091103.23503-1-stefanha@redhat.com> References: <20190726091103.23503-1-stefanha@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 26 Jul 2019 09:11:16 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 1/5] virtiofsd: skip unnecessary vu_queue_get_avail_bytes() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Dr. David Alan Gilbert" , Stefan Hajnoczi Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" When debug output is disabled there is no need to calculate the number of in/out bytes available. There is also no need to skip a request if there are 0 out bytes. The request parsing code already handles invalid requests. Signed-off-by: Stefan Hajnoczi Reviewed-by: Liu Bo --- contrib/virtiofsd/fuse_virtio.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/contrib/virtiofsd/fuse_virtio.c b/contrib/virtiofsd/fuse_virti= o.c index 083e4fc317..d543c6d30f 100644 --- a/contrib/virtiofsd/fuse_virtio.c +++ b/contrib/virtiofsd/fuse_virtio.c @@ -507,18 +507,16 @@ static void *fv_queue_thread(void *opaque) ret =3D pthread_rwlock_rdlock(&qi->virtio_dev->vu_dispatch_= rwlock); assert(ret =3D=3D 0); /* there is no possible error case */ =20 - /* out is from guest, in is too guest */ - unsigned int in_bytes, out_bytes; - vu_queue_get_avail_bytes(dev, q, &in_bytes, &out_bytes, ~0,= ~0); + if (se->debug) { + /* out is from guest, in is too guest */ + unsigned int in_bytes, out_bytes; + vu_queue_get_avail_bytes(dev, q, &in_bytes, &out_by= tes, ~0, ~0); =20 - if (se->debug) fuse_debug("%s: Queue %d gave evalue: %zx available= : in: %u out: %u\n", __func__, qi->qidx, (size_t)evalue, in_bytes, out_bytes); - - if (!out_bytes) { - goto next; } + while (1) { bool allocated_bufv =3D false; struct fuse_bufvec bufv; @@ -708,7 +706,6 @@ static void *fv_queue_thread(void *opaque) elem =3D NULL; } =20 -next: pthread_rwlock_unlock(&qi->virtio_dev->vu_dispatch_rwlock); } pthread_mutex_destroy(&ch.lock); --=20 2.21.0 From nobody Mon Feb 9 00:55:36 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564132331; cv=none; d=zoho.com; s=zohoarc; b=WsYl3Pj9E8xjobaXZFPUqhqEscArvJ+dgRAcI+wkBlER1Kd+zr2MMaFJpzXqpq7K6nB/gzB61wnES2GNMplbc/xE0du1dTxZ4p9rC8lwPFe+AWeM+K+t5vs8FdIcXCsXT4n0wzE0UgQIwNPnLnoFxFGN93uIslUpA46IVZTVaLE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564132331; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=f28hZoVE1j+Br/OA2EipO8O8N6c1+8I0MEg0DdGFwsc=; b=UbRXC2B1GTNoVvR+U5REVlzjScXnPcxNfMC+E6t3GuaNfDqTTbZceC7O1AzHbIWPi0MYEoAVin0vXztrydSierDaDiV27jR2zUXNo/SzbWjAj84xA2NtLuAhtTHqaG1PymNyEaQSfLF2hGrOnOXGvZVFmbBRBTebHoah85+d4jU= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1564132331313403.355480609516; Fri, 26 Jul 2019 02:12:11 -0700 (PDT) Received: from localhost ([::1]:37604 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqwGn-0006p2-4N for importer@patchew.org; Fri, 26 Jul 2019 05:12:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60500) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqwGA-0004Wi-7f for qemu-devel@nongnu.org; Fri, 26 Jul 2019 05:11:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqwG7-0004vf-7W for qemu-devel@nongnu.org; Fri, 26 Jul 2019 05:11:29 -0400 Received: from mx1.redhat.com ([209.132.183.28]:35846) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqwG7-0004kU-1G for qemu-devel@nongnu.org; Fri, 26 Jul 2019 05:11:27 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6294EC055673 for ; Fri, 26 Jul 2019 09:11:24 +0000 (UTC) Received: from localhost (ovpn-117-212.ams2.redhat.com [10.36.117.212]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2B8D560C18; Fri, 26 Jul 2019 09:11:18 +0000 (UTC) From: Stefan Hajnoczi To: virtio-fs@redhat.com, qemu-devel@nongnu.org Date: Fri, 26 Jul 2019 10:11:00 +0100 Message-Id: <20190726091103.23503-3-stefanha@redhat.com> In-Reply-To: <20190726091103.23503-1-stefanha@redhat.com> References: <20190726091103.23503-1-stefanha@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Fri, 26 Jul 2019 09:11:24 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 2/5] virtiofsd: prevent lo_lookup() NULL pointer dereference X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Dr. David Alan Gilbert" , Stefan Hajnoczi Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" Most lo_do_lookup() have already checked that the parent inode exists. lo_lookup() hasn't and can therefore hit a NULL pointer dereference when lo_inode(req, parent) returns NULL. Signed-off-by: Stefan Hajnoczi --- contrib/virtiofsd/passthrough_ll.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/contrib/virtiofsd/passthrough_ll.c b/contrib/virtiofsd/passthr= ough_ll.c index 9ae1381618..277a17fc03 100644 --- a/contrib/virtiofsd/passthrough_ll.c +++ b/contrib/virtiofsd/passthrough_ll.c @@ -766,6 +766,10 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t par= ent, const char *name, struct lo_data *lo =3D lo_data(req); struct lo_inode *inode, *dir =3D lo_inode(req, parent); =20 + if (!dir) { + return EBADF; + } + memset(e, 0, sizeof(*e)); e->attr_timeout =3D lo->timeout; e->entry_timeout =3D lo->timeout; --=20 2.21.0 From nobody Mon Feb 9 00:55:36 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564132314; cv=none; d=zoho.com; s=zohoarc; b=H1/YrzZokascKWHgphstp2Etf5XlTGgutSDu5BEBdBqm3LGZsJ+bLEW7htexCcHp0XO2Cisucm5mrUphxDmAirsP8OQzkPztZZRBdPz7BKCwUPqqfwDCSlnzgkLuo8lx5vMglYhAa5/F+cQkgXyth7EEcdoWMsgg2MPGcBSK0uw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564132314; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=T6e5MvrvFdvkazmxEGfmr2ZGiTaWjZEF6ZbC5vnEFtc=; b=KybHeQ/3hSzZfe1Ezp9keEbOht3fzdrQ923dCPtf8FqZ88ouu/4aljTZz1qgksM2tAUcDom6yIbBYuJLHcftSNfW0yEvroruy5XglkKBwnNHBIa0wauPc2oneny82Usiq459E5r6xnawJzF6EXopX9hL+YuqPQfjozfwPHTwKTg= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1564132314053405.5128892673587; Fri, 26 Jul 2019 02:11:54 -0700 (PDT) Received: from localhost ([::1]:37594 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqwGW-0005tq-WC for importer@patchew.org; Fri, 26 Jul 2019 05:11:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60565) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqwGA-0004b4-9U for qemu-devel@nongnu.org; Fri, 26 Jul 2019 05:11:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqwG8-0004zO-3w for qemu-devel@nongnu.org; Fri, 26 Jul 2019 05:11:30 -0400 Received: from mx1.redhat.com ([209.132.183.28]:36978) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqwG7-0004sb-T2 for qemu-devel@nongnu.org; Fri, 26 Jul 2019 05:11:28 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3E4508665A for ; Fri, 26 Jul 2019 09:11:26 +0000 (UTC) Received: from localhost (ovpn-117-212.ams2.redhat.com [10.36.117.212]) by smtp.corp.redhat.com (Postfix) with ESMTP id C6D211001938; Fri, 26 Jul 2019 09:11:25 +0000 (UTC) From: Stefan Hajnoczi To: virtio-fs@redhat.com, qemu-devel@nongnu.org Date: Fri, 26 Jul 2019 10:11:01 +0100 Message-Id: <20190726091103.23503-4-stefanha@redhat.com> In-Reply-To: <20190726091103.23503-1-stefanha@redhat.com> References: <20190726091103.23503-1-stefanha@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Fri, 26 Jul 2019 09:11:26 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 3/5] virtiofsd: make lo_release() atomic X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Dr. David Alan Gilbert" , Stefan Hajnoczi Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" Hold the lock across both lo_map_get() and lo_map_remove() to prevent races between two FUSE_RELEASE requests. In this case I don't see a serious bug but it's safer to do things atomically. Signed-off-by: Stefan Hajnoczi Reviewed-by: Dr. David Alan Gilbert --- contrib/virtiofsd/passthrough_ll.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/contrib/virtiofsd/passthrough_ll.c b/contrib/virtiofsd/passthr= ough_ll.c index 277a17fc03..c1500e092d 100644 --- a/contrib/virtiofsd/passthrough_ll.c +++ b/contrib/virtiofsd/passthrough_ll.c @@ -1759,14 +1759,18 @@ static void lo_open(fuse_req_t req, fuse_ino_t ino,= struct fuse_file_info *fi) static void lo_release(fuse_req_t req, fuse_ino_t ino, struct fuse_file_in= fo *fi) { struct lo_data *lo =3D lo_data(req); - int fd; + struct lo_map_elem *elem; + int fd =3D -1; =20 (void) ino; =20 - fd =3D lo_fi_fd(req, fi); - pthread_mutex_lock(&lo->mutex); - lo_map_remove(&lo->fd_map, fi->fh); + elem =3D lo_map_get(&lo->fd_map, fi->fh); + if (elem) { + fd =3D elem->fd; + elem =3D NULL; + lo_map_remove(&lo->fd_map, fi->fh); + } pthread_mutex_unlock(&lo->mutex); =20 close(fd); --=20 2.21.0 From nobody Mon Feb 9 00:55:36 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564132352; cv=none; d=zoho.com; s=zohoarc; b=J9A4p6dZjSO2TNEI3/fdLeniuForiP1xe2yeSz6PgJg34P/2EC0kNM+1qNb+FFXux+j5Cy2l1sVSA2yMU7FnlCesjwEqG8rtub4/8JPfOUu+7aDzFQ50YGCqtCiSa4VitBJXQUI4anp8k91zLETJhu+7XaXjuuNLH4GE6R4DAbs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564132352; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=ag8NJko2VfowL6eExnauAkruLlk1c6HHv91sBm4coY0=; b=bqAcWU5jG0Sdis54cSnKAdc0znHPVDnjJQ3lth8pZZGex1gu0WMhhYXstsXUHUk5iwhvFv1J0qwcEuEHYih1r+Xd3UJLC7om2NY5SZEQp5JnHcvBRz6MBjBMplrMVfRvmaPoHq8QX43Mq/eqycjdrcnSnUK7CBNNQmj98zJsPoI= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1564132352160787.5517966968191; Fri, 26 Jul 2019 02:12:32 -0700 (PDT) Received: from localhost ([::1]:37614 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqwH9-00005c-7R for importer@patchew.org; Fri, 26 Jul 2019 05:12:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60706) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqwGG-0004l7-IM for qemu-devel@nongnu.org; Fri, 26 Jul 2019 05:11:38 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqwGB-0005Ap-EJ for qemu-devel@nongnu.org; Fri, 26 Jul 2019 05:11:32 -0400 Received: from mx1.redhat.com ([209.132.183.28]:37012) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqwGB-0004zg-7K for qemu-devel@nongnu.org; Fri, 26 Jul 2019 05:11:31 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 19B14B2CD for ; Fri, 26 Jul 2019 09:11:28 +0000 (UTC) Received: from localhost (ovpn-117-212.ams2.redhat.com [10.36.117.212]) by smtp.corp.redhat.com (Postfix) with ESMTP id A048360C18; Fri, 26 Jul 2019 09:11:27 +0000 (UTC) From: Stefan Hajnoczi To: virtio-fs@redhat.com, qemu-devel@nongnu.org Date: Fri, 26 Jul 2019 10:11:02 +0100 Message-Id: <20190726091103.23503-5-stefanha@redhat.com> In-Reply-To: <20190726091103.23503-1-stefanha@redhat.com> References: <20190726091103.23503-1-stefanha@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Fri, 26 Jul 2019 09:11:28 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 4/5] virtiofsd: drop lo_dirp->fd field X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Dr. David Alan Gilbert" , Stefan Hajnoczi Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" fdopendir(3) takes ownership of the file descriptor. The presence of the lo_dirp->fd field could lead to someone incorrectly adding a close(d->fd) cleanup call in the future. Do not store the file descriptor in struct lo_dirp since it is unused. Signed-off-by: Stefan Hajnoczi Reviewed-by: Dr. David Alan Gilbert --- contrib/virtiofsd/passthrough_ll.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/contrib/virtiofsd/passthrough_ll.c b/contrib/virtiofsd/passthr= ough_ll.c index c1500e092d..ad3abdd532 100644 --- a/contrib/virtiofsd/passthrough_ll.c +++ b/contrib/virtiofsd/passthrough_ll.c @@ -1293,7 +1293,6 @@ static void lo_readlink(fuse_req_t req, fuse_ino_t in= o) } =20 struct lo_dirp { - int fd; DIR *dp; struct dirent *entry; off_t offset; @@ -1319,16 +1318,17 @@ static void lo_opendir(fuse_req_t req, fuse_ino_t i= no, struct fuse_file_info *fi struct lo_data *lo =3D lo_data(req); struct lo_dirp *d; ssize_t fh; + int fd =3D -1; =20 d =3D calloc(1, sizeof(struct lo_dirp)); if (d =3D=3D NULL) goto out_err; =20 - d->fd =3D openat(lo_fd(req, ino), ".", O_RDONLY); - if (d->fd =3D=3D -1) + fd =3D openat(lo_fd(req, ino), ".", O_RDONLY); + if (fd =3D=3D -1) goto out_errno; =20 - d->dp =3D fdopendir(d->fd); + d->dp =3D fdopendir(fd); if (d->dp =3D=3D NULL) goto out_errno; =20 @@ -1348,11 +1348,12 @@ static void lo_opendir(fuse_req_t req, fuse_ino_t i= no, struct fuse_file_info *fi out_errno: error =3D errno; out_err: + if (fd !=3D -1) { + close(fd); + } if (d) { if (d->dp) closedir(d->dp); - if (d->fd !=3D -1) - close(d->fd); free(d); } fuse_reply_err(req, error); --=20 2.21.0 From nobody Mon Feb 9 00:55:36 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1564132341; cv=none; d=zoho.com; s=zohoarc; b=gWqFap3v4cWW/JPxJy/Kblv962Xt7MQFHVTHYmzC0BocLuDVr1kW+1jn8cevNDjG2jsBe7kv+Lhq69FrKaFhT5gFcATXzbpbb5SzzOKj+OU7P7PCrld5R8I+A3vzCc2GKzfDMwyJBttSeONiH/VShRcfxFZhVD9fVdyVxuT5xAQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1564132341; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=WfCWVcGTVOyKPmJp4zUCUAyuAaHgxTrJ6hn0hARX9aY=; b=Zk7LJ17M9JGnhuS5+dXNLhdq7z9utLZg8cRikVglsqaAKjMEEB0UcNNraOhDQtVAVVe9evJVUaovefpkdBzVtyKDf9yuKb/uuEAfyA7/WSSeOmJPaMQGqi7EDRIZ3ts2WnE2DE4uy04VhyrtV4nExod/vyuUMxfejNkWZBlU6HY= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1564132341118321.2252955877791; Fri, 26 Jul 2019 02:12:21 -0700 (PDT) Received: from localhost ([::1]:37606 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqwGu-0007Xr-Ty for importer@patchew.org; Fri, 26 Jul 2019 05:12:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32903) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hqwGM-0005Le-0U for qemu-devel@nongnu.org; Fri, 26 Jul 2019 05:11:44 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hqwGG-0005Vw-Kb for qemu-devel@nongnu.org; Fri, 26 Jul 2019 05:11:39 -0400 Received: from mx1.redhat.com ([209.132.183.28]:58756) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hqwGG-0005PB-AY for qemu-devel@nongnu.org; Fri, 26 Jul 2019 05:11:36 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9EB3581F25 for ; Fri, 26 Jul 2019 09:11:34 +0000 (UTC) Received: from localhost (ovpn-117-212.ams2.redhat.com [10.36.117.212]) by smtp.corp.redhat.com (Postfix) with ESMTP id D86455D9C6; Fri, 26 Jul 2019 09:11:29 +0000 (UTC) From: Stefan Hajnoczi To: virtio-fs@redhat.com, qemu-devel@nongnu.org Date: Fri, 26 Jul 2019 10:11:03 +0100 Message-Id: <20190726091103.23503-6-stefanha@redhat.com> In-Reply-To: <20190726091103.23503-1-stefanha@redhat.com> References: <20190726091103.23503-1-stefanha@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Fri, 26 Jul 2019 09:11:34 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 5/5] virtiofsd: prevent races with lo_dirp_put() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Dr. David Alan Gilbert" , Stefan Hajnoczi Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" Introduce lo_dirp_put() so that FUSE_RELEASEDIR does not cause use-after-free races with other threads that are accessing lo_dirp. Also make lo_releasedir() atomic to prevent FUSE_RELEASEDIR racing with itself. This prevents double-frees. Signed-off-by: Stefan Hajnoczi --- contrib/virtiofsd/passthrough_ll.c | 42 +++++++++++++++++++++++++----- 1 file changed, 36 insertions(+), 6 deletions(-) diff --git a/contrib/virtiofsd/passthrough_ll.c b/contrib/virtiofsd/passthr= ough_ll.c index ad3abdd532..f74e7d2d21 100644 --- a/contrib/virtiofsd/passthrough_ll.c +++ b/contrib/virtiofsd/passthrough_ll.c @@ -1293,11 +1293,28 @@ static void lo_readlink(fuse_req_t req, fuse_ino_t = ino) } =20 struct lo_dirp { + gint refcount; DIR *dp; struct dirent *entry; off_t offset; }; =20 +static void lo_dirp_put(struct lo_dirp **dp) +{ + struct lo_dirp *d =3D *dp; + + if (!d) { + return; + } + *dp =3D NULL; + + if (g_atomic_int_dec_and_test(&d->refcount)) { + closedir(d->dp); + free(d); + } +} + +/* Call lo_dirp_put() on the return value when no longer needed */ static struct lo_dirp *lo_dirp(fuse_req_t req, struct fuse_file_info *fi) { struct lo_data *lo =3D lo_data(req); @@ -1305,6 +1322,9 @@ static struct lo_dirp *lo_dirp(fuse_req_t req, struct= fuse_file_info *fi) =20 pthread_mutex_lock(&lo->mutex); elem =3D lo_map_get(&lo->dirp_map, fi->fh); + if (elem) { + g_atomic_int_inc(&elem->dirp->refcount); + } pthread_mutex_unlock(&lo->mutex); if (!elem) return NULL; @@ -1335,6 +1355,8 @@ static void lo_opendir(fuse_req_t req, fuse_ino_t ino= , struct fuse_file_info *fi d->offset =3D 0; d->entry =3D NULL; =20 + g_atomic_int_set(&d->refcount, 1); /* paired with lo_releasedir() */ + fh =3D lo_add_dirp_mapping(req, d); if (fh =3D=3D -1) goto out_err; @@ -1363,7 +1385,7 @@ static void lo_do_readdir(fuse_req_t req, fuse_ino_t = ino, size_t size, off_t offset, struct fuse_file_info *fi, int plus) { struct lo_data *lo =3D lo_data(req); - struct lo_dirp *d; + struct lo_dirp *d =3D NULL; struct lo_inode *dinode; char *buf =3D NULL; char *p; @@ -1451,6 +1473,8 @@ static void lo_do_readdir(fuse_req_t req, fuse_ino_t = ino, size_t size, =20 err =3D 0; error: + lo_dirp_put(&d); + // If there's an error, we can only signal it if we haven't stored // any entries yet - otherwise we'd end up with wrong lookup // counts for the entries that are already in the buffer. So we @@ -1477,22 +1501,25 @@ static void lo_readdirplus(fuse_req_t req, fuse_ino= _t ino, size_t size, static void lo_releasedir(fuse_req_t req, fuse_ino_t ino, struct fuse_file= _info *fi) { struct lo_data *lo =3D lo_data(req); + struct lo_map_elem *elem; struct lo_dirp *d; =20 (void) ino; =20 - d =3D lo_dirp(req, fi); - if (!d) { + pthread_mutex_lock(&lo->mutex); + elem =3D lo_map_get(&lo->dirp_map, fi->fh); + if (!elem) { + pthread_mutex_unlock(&lo->mutex); fuse_reply_err(req, EBADF); return; } =20 - pthread_mutex_lock(&lo->mutex); + d =3D elem->dirp; lo_map_remove(&lo->dirp_map, fi->fh); pthread_mutex_unlock(&lo->mutex); =20 - closedir(d->dp); - free(d); + lo_dirp_put(&d); /* paired with lo_opendir() */ + fuse_reply_err(req, 0); } =20 @@ -1701,6 +1728,9 @@ static void lo_fsyncdir(fuse_req_t req, fuse_ino_t in= o, int datasync, res =3D fdatasync(fd); else res =3D fsync(fd); + + lo_dirp_put(&d); + fuse_reply_err(req, res =3D=3D -1 ? errno : 0); } =20 --=20 2.21.0