From nobody Wed May 15 13:15:45 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1586964224; cv=none; d=zohomail.com; s=zohoarc; b=CuYxfLgpTsJLoOzbe4MORSpFM29a1u4yBP/+hS2/IA1yHDzHey8nFSF6pwqaF4k10CVm/pf2/Yr0kWi2nj3bgHEUkZsbvfeeF0khj1a/Kx9bTs297mpbfQ6EFW928jnerThtx4/UIEVZoPbY3YPl/eDtk0FZl3CuNiMtnpdlCCs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1586964224; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=3DFy+ChVYIUarTQAJg0/nyLApUHfl1jA+3AToMlPlGQ=; b=iJhjUn6L6PBjKxnOOzrJdWNobB3Ro3dBDuAArMBP+1GULfCY23Ax0HI7wO1IxDf6THiO8ApdmghavHXkHIQeOOnHy34ihaD0S81nXAmo+8Z2EfC9e/LXiU1pA65tFevowcS59vFJ5JAw96j7EbB3X8LrB+C3UjI83zwUm6fFeWo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1586964224828746.2017162595187; Wed, 15 Apr 2020 08:23:44 -0700 (PDT) Received: from localhost ([::1]:51622 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOjt9-0004Cu-9D for importer@patchew.org; Wed, 15 Apr 2020 11:23:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54987) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOjs0-0002rR-KO for qemu-devel@nongnu.org; Wed, 15 Apr 2020 11:22:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jOjrz-00027O-Ev for qemu-devel@nongnu.org; Wed, 15 Apr 2020 11:22:32 -0400 Received: from mail-ot1-x334.google.com ([2607:f8b0:4864:20::334]:41692) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jOjrz-00027C-AY for qemu-devel@nongnu.org; Wed, 15 Apr 2020 11:22:31 -0400 Received: by mail-ot1-x334.google.com with SMTP id f52so244837otf.8 for ; Wed, 15 Apr 2020 08:22:31 -0700 (PDT) Received: from localhost (76-251-165-188.lightspeed.austtx.sbcglobal.net. [76.251.165.188]) by smtp.gmail.com with ESMTPSA id d23sm6346720ote.70.2020.04.15.08.22.29 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 15 Apr 2020 08:22:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=3DFy+ChVYIUarTQAJg0/nyLApUHfl1jA+3AToMlPlGQ=; b=esMj1QFXQ1c53wZCBqddXQr0AfYAis/0opIy3beKC0jgPJrC9CjGSU46DjuX0vd14/ dh1zjA9VAMLsLw84vsSQ0PKGWBp5qy9aZ2GYM5Bw2Qx2ZbYyh65UPM1MSuNTQlV6crfn VlhpVgqh78t/LFGAWPrXu0izHg7Y2jaKVyTgDKXl/CpDn6uia0upDUS+1/mo1XL+i9Zb zFF3EGyg7TaBQyQx0icp4X6Xg4ySbzqsVFyieewWzi4b0ePkyVC+TQKUFPipskQr0t59 f5y+TZ+iKxzWxw2NdUMEsemraYbcvWzm3daPgICQF6Tx0m3rNkTq/JJ8krGoLX0+e1v/ Eltw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=3DFy+ChVYIUarTQAJg0/nyLApUHfl1jA+3AToMlPlGQ=; b=BCI82C6autNa2UlYNUqmMlqJUDxn7QP1SD0P/DTNgxivyqGSTIINNGLYs1J3yu+L3n eKIvuQ++X4umwxCZjtQBex1zwK9RufYsGnEiNvny3nFSN74+sREMfNu7A0kX4ZBtt23r TaNF3UJwqKWOmjISURVe0haXmGco5Qw2ivB2K9ttLClcuVbW6N9NgB6u+BmUedVFjiWR aVCcealNmH/Vaiwp3FVuXutfDkrKnm7jdFcQdJM8LsJEXDeMbT1VHG/IZXmf0MHZx0lO 4tkzD3tqvn17Qs+3tCV61xNhUb/0PDMeV5t8HQMGPw3t3DT1QSuOrmvR1zLLhoXmBJ+F UO3Q== X-Gm-Message-State: AGi0PuY7ZJ3n/c5z4pIPsRCw2HCDhtJ8cEkfVE3xINw2W3LGkh9PZXzO iJ4jpq9DFTfV32AtvKCiRW5CQZZcciA= X-Google-Smtp-Source: APiQypLbq0RRfmQDty2km2+vB2cP7tOw8RwJ+DiygsdDJlOOmJaenj2/K4yqPqenE5f18TpNV3vRBw== X-Received: by 2002:a9d:6414:: with SMTP id h20mr13638502otl.286.1586964150139; Wed, 15 Apr 2020 08:22:30 -0700 (PDT) From: Michael Roth To: qemu-devel@nongnu.org Subject: [PULL for-5.0 1/4] Revert "prevent crash when executing guest-file-read with large count" Date: Wed, 15 Apr 2020 10:21:59 -0500 Message-Id: <20200415152202.14463-2-mdroth@linux.vnet.ibm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200415152202.14463-1-mdroth@linux.vnet.ibm.com> References: <20200415152202.14463-1-mdroth@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::334 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) From: Philippe Mathieu-Daud=C3=A9 As noted by Daniel Berrang=C3=A9 in [*], the fix from commit 807e2b6fce which replaced malloc() by try_malloc() is not enough, the process can still run out of memory a few line later: 346 buf =3D g_try_malloc0(count + 1); 347 if (!buf) { 348 error_setg(errp, 349 "failed to allocate sufficient memory " 350 "to complete the requested service"); 351 return NULL; 352 } 353 is_ok =3D ReadFile(fh, buf, count, &read_count, NULL); 354 if (!is_ok) { 355 error_setg_win32(errp, GetLastError(), "failed to read file"); 356 slog("guest-file-read failed, handle %" PRId64, handle); 357 } else { 358 buf[read_count] =3D 0; 359 read_data =3D g_new0(GuestFileRead, 1); ^^^^^^ Instead we are going to put a low hard limit on 'count' in the next commits. This reverts commit 807e2b6fce022707418bc8f61c069d91c613b3d2. [*] https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03471.html Suggested-by: Daniel P. Berrang=C3=A9 Signed-off-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Michael Roth --- qga/commands-win32.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/qga/commands-win32.c b/qga/commands-win32.c index b49920e201..46cea7d1d9 100644 --- a/qga/commands-win32.c +++ b/qga/commands-win32.c @@ -343,13 +343,7 @@ GuestFileRead *qmp_guest_file_read(int64_t handle, boo= l has_count, } =20 fh =3D gfh->fh; - buf =3D g_try_malloc0(count + 1); - if (!buf) { - error_setg(errp, - "failed to allocate sufficient memory " - "to complete the requested service"); - return NULL; - } + buf =3D g_malloc0(count + 1); is_ok =3D ReadFile(fh, buf, count, &read_count, NULL); if (!is_ok) { error_setg_win32(errp, GetLastError(), "failed to read file"); --=20 2.17.1 From nobody Wed May 15 13:15:45 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1586964313; cv=none; d=zohomail.com; s=zohoarc; b=M8mbZT+N7FLeCkmbZp+Ca65Dz6FD8OXLupg2hl1cqhmKmglZwzFtIWIMRVm82I1M2t4ePVuZPfUoAz+cElx8xkugfmq7o86/9HLpqEIxA7k4Xxt3qFh7wq/PGlpcCvbk7zYy5ZKuDk3EvSVSLEil19ex2e7WDb1SLDpdVS4PAZ4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1586964313; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=fhbbqO70eYReDnemV03U2WqJFqhr9unuoXv8ipfHzp0=; b=Y5XmyDPt+cxZ5xPjgYY86ym0h4owY0Uk/Pa2cf4vDvI/MSmg6CMrM4r9JqVUexYsHRCllkOTYZELnkYswjZAxNISAXrvm3Mwzlr9sC4VQ2Yph3sTOj8tZbE4BlkKLjiv03ybZkC1PaNBn9KUKilWojyiaGKYMjypxmEsQwQpAXw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1586964313447487.3306960512216; Wed, 15 Apr 2020 08:25:13 -0700 (PDT) Received: from localhost ([::1]:51646 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOjua-0007NF-7b for importer@patchew.org; Wed, 15 Apr 2020 11:25:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54998) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOjs1-0002rT-Nu for qemu-devel@nongnu.org; Wed, 15 Apr 2020 11:22:34 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jOjs0-00027w-Lu for qemu-devel@nongnu.org; Wed, 15 Apr 2020 11:22:33 -0400 Received: from mail-oi1-x241.google.com ([2607:f8b0:4864:20::241]:36463) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jOjs0-00027Y-HT for qemu-devel@nongnu.org; Wed, 15 Apr 2020 11:22:32 -0400 Received: by mail-oi1-x241.google.com with SMTP id s202so10559102oih.3 for ; Wed, 15 Apr 2020 08:22:32 -0700 (PDT) Received: from localhost (76-251-165-188.lightspeed.austtx.sbcglobal.net. [76.251.165.188]) by smtp.gmail.com with ESMTPSA id h14sm2685171oov.11.2020.04.15.08.22.30 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 15 Apr 2020 08:22:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=fhbbqO70eYReDnemV03U2WqJFqhr9unuoXv8ipfHzp0=; b=AX06IJQEKORp7aGrXSGKiWy40OXVGXaMk4bJo1xIsP58znfKxFjcqDZl2J8Ihr9U67 ywPEtl4eYDnW7nZl+uepZEIbP5Bm8NymXcSygoTtrx3qXSkvT7annRASvfwIiNWhyT+M Xrjjlg9z0EympAQz5gVAOoCpqekXoGGiVS4K0rwnZ7lcYZxed1lLBZHZRZf+Ag9Idts5 SN8kYE1OUASbJM2Q9CB3lycQLaHK7qS2bN5SbehcmVrtuyow3kH8dW6qQ2Oxwj/plf9H F3jpcUkUPWoiRgY5aRr+upp32lMRGL/dmQY5SXqO6RJkYhuq7IG8m5PVWasgRiYpw10t 83eA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=fhbbqO70eYReDnemV03U2WqJFqhr9unuoXv8ipfHzp0=; b=LahU/32jjJAbcEWtr68t6mCTphh5nh20dC0TTZIVXD88kGec6Tf8hRT6qxrxWlXZvH T+ao2G2/zyMOYaeWulCDb/j1OEJ5lZV1zkEQ9TMcGgGSxzWAW2tNtSBe7GU0xjw7dhbF 5xKSNQ9Ip8wa4P9wgZsu+s16X0EYLWSvqUhTmIxr52uYQFK0DU4aBuJ04OB4thXngslv nRhk8WsHIaz3S2QpsgrZBsBwVOjIaURaSZWBMMlj84D2mZf5UyjKHRcBs/Zy9aMBGDyW BwRi4oqEg65lpj9Fda6wNhNqWU1h6NPAn5o2cpLfEElC8dyCvI/BcpFMnbdinrXXfT0i n0JA== X-Gm-Message-State: AGi0PuYZmvfcMPeSLv5h1MobqvDjQotD0wY3+c7WdwTa2R1QNX9CY7cC adEPdRIHEUoO0zE2NqYRvHNbW7tJVdM= X-Google-Smtp-Source: APiQypLkZtRRQf9o/aISmQ0qf8TD3FnDYVBtyAVxiVTgOdNIpwY5A8C4y8iGbGb2ngMYqiiVVRy17w== X-Received: by 2002:aca:cd0e:: with SMTP id d14mr18041804oig.167.1586964151457; Wed, 15 Apr 2020 08:22:31 -0700 (PDT) From: Michael Roth To: qemu-devel@nongnu.org Subject: [PULL for-5.0 2/4] qga: Extract guest_file_handle_find() to commands-common.h Date: Wed, 15 Apr 2020 10:22:00 -0500 Message-Id: <20200415152202.14463-3-mdroth@linux.vnet.ibm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200415152202.14463-1-mdroth@linux.vnet.ibm.com> References: <20200415152202.14463-1-mdroth@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::241 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) From: Philippe Mathieu-Daud=C3=A9 As we are going to reuse this method, declare it in common header. Signed-off-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Michael Roth --- qga/commands-common.h | 18 ++++++++++++++++++ qga/commands-posix.c | 7 ++++--- qga/commands-win32.c | 7 ++++--- 3 files changed, 26 insertions(+), 6 deletions(-) create mode 100644 qga/commands-common.h diff --git a/qga/commands-common.h b/qga/commands-common.h new file mode 100644 index 0000000000..af90e5481e --- /dev/null +++ b/qga/commands-common.h @@ -0,0 +1,18 @@ +/* + * QEMU Guest Agent common/cross-platform common commands + * + * Copyright (c) 2020 Red Hat, Inc. + * + * This work is licensed under the terms of the GNU GPL, version 2 or late= r. + * See the COPYING file in the top-level directory. + */ +#ifndef QGA_COMMANDS_COMMON_H +#define QGA_COMMANDS_COMMON_H + +#include "qga-qapi-types.h" + +typedef struct GuestFileHandle GuestFileHandle; + +GuestFileHandle *guest_file_handle_find(int64_t id, Error **errp); + +#endif diff --git a/qga/commands-posix.c b/qga/commands-posix.c index cc69b82704..c59c32185c 100644 --- a/qga/commands-posix.c +++ b/qga/commands-posix.c @@ -26,6 +26,7 @@ #include "qemu/sockets.h" #include "qemu/base64.h" #include "qemu/cutils.h" +#include "commands-common.h" =20 #ifdef HAVE_UTMPX #include @@ -237,12 +238,12 @@ typedef enum { RW_STATE_WRITING, } RwState; =20 -typedef struct GuestFileHandle { +struct GuestFileHandle { uint64_t id; FILE *fh; RwState state; QTAILQ_ENTRY(GuestFileHandle) next; -} GuestFileHandle; +}; =20 static struct { QTAILQ_HEAD(, GuestFileHandle) filehandles; @@ -268,7 +269,7 @@ static int64_t guest_file_handle_add(FILE *fh, Error **= errp) return handle; } =20 -static GuestFileHandle *guest_file_handle_find(int64_t id, Error **errp) +GuestFileHandle *guest_file_handle_find(int64_t id, Error **errp) { GuestFileHandle *gfh; =20 diff --git a/qga/commands-win32.c b/qga/commands-win32.c index 46cea7d1d9..cfaf6b84b8 100644 --- a/qga/commands-win32.c +++ b/qga/commands-win32.c @@ -37,6 +37,7 @@ #include "qemu/queue.h" #include "qemu/host-utils.h" #include "qemu/base64.h" +#include "commands-common.h" =20 #ifndef SHTDN_REASON_FLAG_PLANNED #define SHTDN_REASON_FLAG_PLANNED 0x80000000 @@ -50,11 +51,11 @@ =20 #define INVALID_SET_FILE_POINTER ((DWORD)-1) =20 -typedef struct GuestFileHandle { +struct GuestFileHandle { int64_t id; HANDLE fh; QTAILQ_ENTRY(GuestFileHandle) next; -} GuestFileHandle; +}; =20 static struct { QTAILQ_HEAD(, GuestFileHandle) filehandles; @@ -126,7 +127,7 @@ static int64_t guest_file_handle_add(HANDLE fh, Error *= *errp) return handle; } =20 -static GuestFileHandle *guest_file_handle_find(int64_t id, Error **errp) +GuestFileHandle *guest_file_handle_find(int64_t id, Error **errp) { GuestFileHandle *gfh; QTAILQ_FOREACH(gfh, &guest_file_state.filehandles, next) { --=20 2.17.1 From nobody Wed May 15 13:15:45 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1586964227; cv=none; d=zohomail.com; s=zohoarc; b=mfK71Jb0sy3XLNdxZsiDaZPA31tODp+Pp0w8A30MOqCa43CvY2T6xJD3Q92+tLyArgaNL5GWW4bPVqGkctucPzOzPlVJsxePwVyTdkQMgpCmpCyCoKUJlmu3JmkJxr/2NLEHkdTHXZGUV+lFChws0YAAiS4KXVKbcSH4nhUEeY8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1586964227; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=KceTHV7pQV4klqcfJPr/8hOIvfOLjh6kumuldohc+h0=; b=ME8EqlsmSEAAsDhA+2MMHWgS3UXl9E36d500wXQW8pxnu28xwDDTRmwiXLSSsjVE3SaAQYJyYqK7XzpziYbO3EdRJq2huMrW+EpjTyShbrdrWKf+EqzIRe+sCO9DDphkPoYKNvB7nsguICd6UJV76Q/3iSahC54dW/BSz29VAB4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1586964227084258.8238512553793; Wed, 15 Apr 2020 08:23:47 -0700 (PDT) Received: from localhost ([::1]:51624 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOjtB-0004Iv-Mw for importer@patchew.org; Wed, 15 Apr 2020 11:23:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55014) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOjs3-0002se-EI for qemu-devel@nongnu.org; Wed, 15 Apr 2020 11:22:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jOjs2-00028z-7P for qemu-devel@nongnu.org; Wed, 15 Apr 2020 11:22:35 -0400 Received: from mail-ot1-x32d.google.com ([2607:f8b0:4864:20::32d]:43710) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jOjs2-00028p-2M for qemu-devel@nongnu.org; Wed, 15 Apr 2020 11:22:34 -0400 Received: by mail-ot1-x32d.google.com with SMTP id g14so227464otg.10 for ; Wed, 15 Apr 2020 08:22:34 -0700 (PDT) Received: from localhost (76-251-165-188.lightspeed.austtx.sbcglobal.net. [76.251.165.188]) by smtp.gmail.com with ESMTPSA id c13sm1902320otf.35.2020.04.15.08.22.31 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 15 Apr 2020 08:22:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=KceTHV7pQV4klqcfJPr/8hOIvfOLjh6kumuldohc+h0=; b=mFZWO388M5tPoR70k5KxMVY6wdzTuIrvBaX6IPOc0MMD+J5lL+K/LptxMBsUFKmvKO xnLfAb2SacxLgYOfehGj+VUXdqzodyMnIuoJHLFMRyWXOTqsWbZcFtA1duCuzWOqYJNq 9wWJ+gTaOIQIuXW+oz3lcBDiaradvvBZnvOSY5MF0J8+AVjNP3A6mUZZbuMD9NQTsMos 9VMnAv2uC7C7MD0sEBw5gtvTlkYuRkHupLG+0UseHJNovx31n0kwKR+dhHm0usq2Z8tk FWP843MdCkP2DsaPc33PRF4YB4jnheXkGCa7GntkADMb+7fpcnh2hJe6r4YSAeVg9+NT +wyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=KceTHV7pQV4klqcfJPr/8hOIvfOLjh6kumuldohc+h0=; b=oSjUB85LyhWEWQ8+ANXrAUZTiaL6OZnextj42g5HTBm7UasbnIwzCnSZKOeR0bXJTD yz2mi+mks0UplCI7TaFMe0VXHKt1mTr6m58Sc28+pRtKdX+a8d/QoBo3v9karlE2nNlp QwOIvGWJHzX1cpKfHO4Hx+YZicN31a1yXZ6ogWQPKuEi0N7/0FSwVOHqRl1dDiLmLyY5 vgLpfZ4nVkkjWdSgbi44OXvQSRjBH/ed5rI4qQ8/JXTLlkLUtQvj84lPYiPEI04KBIxD HBYhy4htoYJdGlceTbpRb6FXqC3fPMbRiCvevalSAGzjcls4W+lfJhr95l6hQT+5faAl a8nw== X-Gm-Message-State: AGi0PubGLOUeMypIoIedvLjKF1g26g13XF0sbNQpyFpIqTmXp8BSDca4 7sWvHBoGbw3ZDmNxiCzkaoUe0n6fdAA= X-Google-Smtp-Source: APiQypK/NDLJUi/U09XM6MWR63nqpQvi7s/SsuzdGMMXf8pAq9bQMyzi6yryoQytTSB85lU03H6DLg== X-Received: by 2002:a9d:1a6:: with SMTP id e35mr5915796ote.240.1586964152993; Wed, 15 Apr 2020 08:22:32 -0700 (PDT) From: Michael Roth To: qemu-devel@nongnu.org Subject: [PULL for-5.0 3/4] qga: Extract qmp_guest_file_read() to common commands.c Date: Wed, 15 Apr 2020 10:22:01 -0500 Message-Id: <20200415152202.14463-4-mdroth@linux.vnet.ibm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200415152202.14463-1-mdroth@linux.vnet.ibm.com> References: <20200415152202.14463-1-mdroth@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::32d X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) From: Philippe Mathieu-Daud=C3=A9 Extract the common code shared by both POSIX/Win32 implementations. Signed-off-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Michael Roth --- qga/commands-common.h | 3 +++ qga/commands-posix.c | 22 +++------------------- qga/commands-win32.c | 20 +++----------------- qga/commands.c | 26 ++++++++++++++++++++++++++ 4 files changed, 35 insertions(+), 36 deletions(-) diff --git a/qga/commands-common.h b/qga/commands-common.h index af90e5481e..90785ed4bb 100644 --- a/qga/commands-common.h +++ b/qga/commands-common.h @@ -15,4 +15,7 @@ typedef struct GuestFileHandle GuestFileHandle; =20 GuestFileHandle *guest_file_handle_find(int64_t id, Error **errp); =20 +GuestFileRead *guest_file_read_unsafe(GuestFileHandle *gfh, + int64_t count, Error **errp); + #endif diff --git a/qga/commands-posix.c b/qga/commands-posix.c index c59c32185c..a52af0315f 100644 --- a/qga/commands-posix.c +++ b/qga/commands-posix.c @@ -461,29 +461,14 @@ void qmp_guest_file_close(int64_t handle, Error **err= p) g_free(gfh); } =20 -struct GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count, - int64_t count, Error **errp) +GuestFileRead *guest_file_read_unsafe(GuestFileHandle *gfh, + int64_t count, Error **errp) { - GuestFileHandle *gfh =3D guest_file_handle_find(handle, errp); GuestFileRead *read_data =3D NULL; guchar *buf; - FILE *fh; + FILE *fh =3D gfh->fh; size_t read_count; =20 - if (!gfh) { - return NULL; - } - - if (!has_count) { - count =3D QGA_READ_COUNT_DEFAULT; - } else if (count < 0 || count >=3D UINT32_MAX) { - error_setg(errp, "value '%" PRId64 "' is invalid for argument coun= t", - count); - return NULL; - } - - fh =3D gfh->fh; - /* explicitly flush when switching from writing to reading */ if (gfh->state =3D=3D RW_STATE_WRITING) { int ret =3D fflush(fh); @@ -498,7 +483,6 @@ struct GuestFileRead *qmp_guest_file_read(int64_t handl= e, bool has_count, read_count =3D fread(buf, 1, count, fh); if (ferror(fh)) { error_setg_errno(errp, errno, "failed to read file"); - slog("guest-file-read failed, handle: %" PRId64, handle); } else { buf[read_count] =3D 0; read_data =3D g_new0(GuestFileRead, 1); diff --git a/qga/commands-win32.c b/qga/commands-win32.c index cfaf6b84b8..9717a8d52d 100644 --- a/qga/commands-win32.c +++ b/qga/commands-win32.c @@ -322,33 +322,19 @@ void qmp_guest_shutdown(bool has_mode, const char *mo= de, Error **errp) } } =20 -GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count, - int64_t count, Error **errp) +GuestFileRead *guest_file_read_unsafe(GuestFileHandle *gfh, + int64_t count, Error **errp) { GuestFileRead *read_data =3D NULL; guchar *buf; - HANDLE fh; + HANDLE fh =3D gfh->fh; bool is_ok; DWORD read_count; - GuestFileHandle *gfh =3D guest_file_handle_find(handle, errp); - - if (!gfh) { - return NULL; - } - if (!has_count) { - count =3D QGA_READ_COUNT_DEFAULT; - } else if (count < 0 || count >=3D UINT32_MAX) { - error_setg(errp, "value '%" PRId64 - "' is invalid for argument count", count); - return NULL; - } =20 - fh =3D gfh->fh; buf =3D g_malloc0(count + 1); is_ok =3D ReadFile(fh, buf, count, &read_count, NULL); if (!is_ok) { error_setg_win32(errp, GetLastError(), "failed to read file"); - slog("guest-file-read failed, handle %" PRId64, handle); } else { buf[read_count] =3D 0; read_data =3D g_new0(GuestFileRead, 1); diff --git a/qga/commands.c b/qga/commands.c index 4471a9f08d..5611117372 100644 --- a/qga/commands.c +++ b/qga/commands.c @@ -18,6 +18,7 @@ #include "qemu/base64.h" #include "qemu/cutils.h" #include "qemu/atomic.h" +#include "commands-common.h" =20 /* Maximum captured guest-exec out_data/err_data - 16MB */ #define GUEST_EXEC_MAX_OUTPUT (16*1024*1024) @@ -547,3 +548,28 @@ error: g_free(info); return NULL; } + +GuestFileRead *qmp_guest_file_read(int64_t handle, bool has_count, + int64_t count, Error **errp) +{ + GuestFileHandle *gfh =3D guest_file_handle_find(handle, errp); + GuestFileRead *read_data; + + if (!gfh) { + return NULL; + } + if (!has_count) { + count =3D QGA_READ_COUNT_DEFAULT; + } else if (count < 0 || count >=3D UINT32_MAX) { + error_setg(errp, "value '%" PRId64 "' is invalid for argument coun= t", + count); + return NULL; + } + + read_data =3D guest_file_read_unsafe(gfh, count, errp); + if (!read_data) { + slog("guest-file-write failed, handle: %" PRId64, handle); + } + + return read_data; +} --=20 2.17.1 From nobody Wed May 15 13:15:45 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org ARC-Seal: i=1; a=rsa-sha256; t=1586964315; cv=none; d=zohomail.com; s=zohoarc; b=YtQLHhy3672xFD6tHtmwd9WA8xAuzbXfkvvLHYAWVh8kqCZbGeUl/Bda2cor7CBsdixL7jU4vltNZ3EjtWHf832Nr1XLtZreTkYUQLyGV8bBda+c3Az2cpHxctwln7qBsGYdSUpHP1J+BBADqX/mWo9A3N5T0OOxMinbRiRpisw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1586964315; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=60zYU/qYsLmR5TFYPhM3vkVS2aNqUcRYbedGqccHM3A=; b=RT2ksLyLs4Q2gmwn98BDSyEpzAe5QT9mKeeF6ovzmnb5iMbmUtfSQQEJ5zqfOvpH9a4raqUaHy9Lz8DbWOZFhXaWQnQx/oIAUiHPZA5wM4R1OWls5RvSw+dGwMShL9u2wrmeDbnvxjmVVA9EllHT2FNym9O0voHf4Vd2JHykLCo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 158696431591537.78325377976785; Wed, 15 Apr 2020 08:25:15 -0700 (PDT) Received: from localhost ([::1]:51648 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOjuc-0007UR-J2 for importer@patchew.org; Wed, 15 Apr 2020 11:25:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55037) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jOjs6-0002xn-JH for qemu-devel@nongnu.org; Wed, 15 Apr 2020 11:22:39 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jOjs4-0002AT-93 for qemu-devel@nongnu.org; Wed, 15 Apr 2020 11:22:38 -0400 Received: from mail-ot1-x344.google.com ([2607:f8b0:4864:20::344]:41074) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jOjs4-0002AF-49 for qemu-devel@nongnu.org; Wed, 15 Apr 2020 11:22:36 -0400 Received: by mail-ot1-x344.google.com with SMTP id f52so245143otf.8 for ; Wed, 15 Apr 2020 08:22:36 -0700 (PDT) Received: from localhost (76-251-165-188.lightspeed.austtx.sbcglobal.net. [76.251.165.188]) by smtp.gmail.com with ESMTPSA id l186sm6420434oia.46.2020.04.15.08.22.34 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 15 Apr 2020 08:22:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=60zYU/qYsLmR5TFYPhM3vkVS2aNqUcRYbedGqccHM3A=; b=ll3Yft3AfMrAvz5YpGU01fy/hk+g4buQcWP77E/vkNNBcsBqBaWv8uE1yF3Bdx2adD j8QldQ2acPW7VefUbB0ZwearI3XxFzpa4xQPj8IU71vs+5GPBLPpIDH+nvFhevrTRoDb zJukb2LCPS5so8sAE3IOJoPqrxd2On9NdAkh4eXiZ5DkTt8Xm6oLcihU0U9dNAFdtoFR bcwX+7JkHemlvv3dy/v0sUXPY00XpDmyuEOKP3Bx3LwPaOvySwZ5S1aCQcOLxEbO1GZA h3ALlyPsmtXr28pl1ujr2MPkfl6EDtklehT7yBOayVXeuJJLh8wb6ncEUvtRVfLPx5/Z BeSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=60zYU/qYsLmR5TFYPhM3vkVS2aNqUcRYbedGqccHM3A=; b=NfWf24OBZmEyPu1SMyfT2tDebU1Ffkx1s5ikovzQ6YHlxR/9QghNxrmz33VVO+7l4e zY03OR9zd3shwxKdTQJzTCgSZENbxT8EDpeGczCsswxlr7DhVk47ntmfv8vG5mJ+Espp wARFWe8ZLzdlLjbwvE1lHShQLH7VTHj916rS/F0ACfvP5t6dnadKfORk/GmHuiHzRjQN YAKBOD+KMRwR9AjLza3nm3WC6NGcXJ3S7rjYXFigE139cxBZO9P2dGrvr4la4rsLHZqY MzO5hD3dU0ojcQM4kT1+WJGCm13a4ysbwQdbLaROXl3bNLHHkS3S2ii2DhkF03dPh2Cs H2Ng== X-Gm-Message-State: AGi0PuYl7iICjQRJrfgkMhYedGR5PIuSgjvx5Q+D35v5EtR+Z1vpg6Ph EFQFOIfmK6Rzt3fLFfnIXUMlSy3W438= X-Google-Smtp-Source: APiQypJhqI5kLlaYIVwTY1Vtkw3rF5vV/pm8DuC78Ao/sHEYAQnn0EzOcq5LKSzDSL4jDZs7lIBJXw== X-Received: by 2002:a9d:37c9:: with SMTP id x67mr22678923otb.207.1586964155040; Wed, 15 Apr 2020 08:22:35 -0700 (PDT) From: Michael Roth To: qemu-devel@nongnu.org Subject: [PULL for-5.0 4/4] qga: Restrict guest-file-read count to 48 MB to avoid crashes Date: Wed, 15 Apr 2020 10:22:02 -0500 Message-Id: <20200415152202.14463-5-mdroth@linux.vnet.ibm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200415152202.14463-1-mdroth@linux.vnet.ibm.com> References: <20200415152202.14463-1-mdroth@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::344 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) From: Philippe Mathieu-Daud=C3=A9 On [*] Daniel Berrang=C3=A9 commented: The QEMU guest agent protocol is not sensible way to access huge files inside the guest. It requires the inefficient process of reading the entire data into memory than duplicating it again in base64 format, and then copying it again in the JSON serializer / monitor code. For arbitrary general purpose file access, especially for large files, use a real file transfer program or use a network block device, not the QEMU guest agent. To avoid bug reports as BZ#1594054 (CVE-2018-12617), follow his suggestion to put a low, hard limit on "count" in the guest agent QAPI schema, and don't allow count to be larger than 48 MB. [*] https://www.mail-archive.com/qemu-devel@nongnu.org/msg693176.html Fixes: CVE-2018-12617 Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=3D1594054 Reported-by: Fakhri Zulkifli Suggested-by: Daniel P. Berrang=C3=A9 Signed-off-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Daniel P. Berrang=C3=A9 *update schema documentation to indicate 48MB limit instead of 10MB Signed-off-by: Michael Roth --- qga/commands.c | 9 ++++++++- qga/qapi-schema.json | 6 ++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/qga/commands.c b/qga/commands.c index 5611117372..efc8b90281 100644 --- a/qga/commands.c +++ b/qga/commands.c @@ -11,6 +11,7 @@ */ =20 #include "qemu/osdep.h" +#include "qemu/units.h" #include "guest-agent-core.h" #include "qga-qapi-commands.h" #include "qapi/error.h" @@ -24,6 +25,12 @@ #define GUEST_EXEC_MAX_OUTPUT (16*1024*1024) /* Allocation and I/O buffer for reading guest-exec out_data/err_data - 4K= B */ #define GUEST_EXEC_IO_SIZE (4*1024) +/* + * Maximum file size to read - 48MB + * + * (48MB + Base64 3:4 overhead =3D JSON parser 64 MB limit) + */ +#define GUEST_FILE_READ_COUNT_MAX (48 * MiB) =20 /* Note: in some situations, like with the fsfreeze, logging may be * temporarilly disabled. if it is necessary that a command be able @@ -560,7 +567,7 @@ GuestFileRead *qmp_guest_file_read(int64_t handle, bool= has_count, } if (!has_count) { count =3D QGA_READ_COUNT_DEFAULT; - } else if (count < 0 || count >=3D UINT32_MAX) { + } else if (count < 0 || count > GUEST_FILE_READ_COUNT_MAX) { error_setg(errp, "value '%" PRId64 "' is invalid for argument coun= t", count); return NULL; diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json index f6fcb59f34..4be9aad48e 100644 --- a/qga/qapi-schema.json +++ b/qga/qapi-schema.json @@ -266,11 +266,13 @@ ## # @guest-file-read: # -# Read from an open file in the guest. Data will be base64-encoded +# Read from an open file in the guest. Data will be base64-encoded. +# As this command is just for limited, ad-hoc debugging, such as log +# file access, the number of bytes to read is limited to 48 MB. # # @handle: filehandle returned by guest-file-open # -# @count: maximum number of bytes to read (default is 4KB) +# @count: maximum number of bytes to read (default is 4KB, maximum is 48MB) # # Returns: @GuestFileRead on success. # --=20 2.17.1