Message ID | 1321864151-13988-1-git-send-email-pbonzini@redhat.com |
---|---|
State | New |
Headers | show |
On 11/21/2011 02:29 AM, Paolo Bonzini wrote: > Small requirements on "new" features have percolated to virtio-9p-local.c. > In particular, the utimensat wrapper actually only supports dirfd = AT_FDCWD > and flags = AT_SYMLINK_NOFOLLOW in the fallback code. Remove the arguments > so that virtio-9p-local.c will not use AT_* constants. > > At the same time, fail local_ioc_getversion if the ioctl is not supported > by the host. > > Signed-off-by: Paolo Bonzini<pbonzini@redhat.com> > --- > hw/9pfs/virtio-9p-local.c | 7 +++++-- > oslib-posix.c | 5 ++--- > qemu-os-posix.h | 3 +-- > 3 files changed, 8 insertions(+), 7 deletions(-) > > diff --git a/hw/9pfs/virtio-9p-local.c b/hw/9pfs/virtio-9p-local.c > index 7f1c089..cbd07e8 100644 > --- a/hw/9pfs/virtio-9p-local.c > +++ b/hw/9pfs/virtio-9p-local.c > @@ -583,8 +583,7 @@ static int local_utimensat(FsContext *s, V9fsPath *fs_path, > char buffer[PATH_MAX]; > char *path = fs_path->data; > > - return qemu_utimensat(AT_FDCWD, rpath(s, path, buffer), buf, > - AT_SYMLINK_NOFOLLOW); > + return qemu_utimens(rpath(s, path, buffer), buf); Hrm, I thought the SYMLINK_NOFOLLOW was critical in enforcing security? Regards, Anthony Liguori > } > > static int local_remove(FsContext *ctx, const char *path) > @@ -694,6 +693,7 @@ static int local_ioc_getversion(FsContext *ctx, V9fsPath *path, > mode_t st_mode, uint64_t *st_gen) > { > int err; > +#ifdef FS_IOC_GETVERSION > V9fsFidOpenState fid_open; > > /* > @@ -709,6 +709,9 @@ static int local_ioc_getversion(FsContext *ctx, V9fsPath *path, > } > err = ioctl(fid_open.fd, FS_IOC_GETVERSION, st_gen); > local_close(ctx,&fid_open); > +#else > + err = -ENOTTY; > +#endif > return err; > } > > diff --git a/oslib-posix.c b/oslib-posix.c > index 6f29762..ce75549 100644 > --- a/oslib-posix.c > +++ b/oslib-posix.c > @@ -162,8 +162,7 @@ int qemu_pipe(int pipefd[2]) > return ret; > } > > -int qemu_utimensat(int dirfd, const char *path, const struct timespec *times, > - int flags) > +int qemu_utimens(const char *path, const struct timespec *times) > { > struct timeval tv[2], tv_now; > struct stat st; > @@ -171,7 +170,7 @@ int qemu_utimensat(int dirfd, const char *path, const struct timespec *times, > #ifdef CONFIG_UTIMENSAT > int ret; > > - ret = utimensat(dirfd, path, times, flags); > + ret = utimensat(AT_FDCWD, path, times, AT_SYMLINK_NOFOLLOW); > if (ret != -1 || errno != ENOSYS) { > return ret; > } > diff --git a/qemu-os-posix.h b/qemu-os-posix.h > index 920499d..8e1149d 100644 > --- a/qemu-os-posix.h > +++ b/qemu-os-posix.h > @@ -44,7 +44,6 @@ typedef struct timeval qemu_timeval; > #endif > #endif > typedef struct timespec qemu_timespec; > -int qemu_utimensat(int dirfd, const char *path, const qemu_timespec *times, > - int flags); > +int qemu_utimens(const char *path, const qemu_timespec *times); > > #endif
On 11/21/2011 10:01 PM, Anthony Liguori wrote: >> >> - return qemu_utimensat(AT_FDCWD, rpath(s, path, buffer), buf, >> - AT_SYMLINK_NOFOLLOW); >> + return qemu_utimens(rpath(s, path, buffer), buf); > > Hrm, I thought the SYMLINK_NOFOLLOW was critical in enforcing security? Yes, and it is applied by qemu_utimens automatically (but the constant only appears in a section where we know it is defined). Paolo
diff --git a/hw/9pfs/virtio-9p-local.c b/hw/9pfs/virtio-9p-local.c index 7f1c089..cbd07e8 100644 --- a/hw/9pfs/virtio-9p-local.c +++ b/hw/9pfs/virtio-9p-local.c @@ -583,8 +583,7 @@ static int local_utimensat(FsContext *s, V9fsPath *fs_path, char buffer[PATH_MAX]; char *path = fs_path->data; - return qemu_utimensat(AT_FDCWD, rpath(s, path, buffer), buf, - AT_SYMLINK_NOFOLLOW); + return qemu_utimens(rpath(s, path, buffer), buf); } static int local_remove(FsContext *ctx, const char *path) @@ -694,6 +693,7 @@ static int local_ioc_getversion(FsContext *ctx, V9fsPath *path, mode_t st_mode, uint64_t *st_gen) { int err; +#ifdef FS_IOC_GETVERSION V9fsFidOpenState fid_open; /* @@ -709,6 +709,9 @@ static int local_ioc_getversion(FsContext *ctx, V9fsPath *path, } err = ioctl(fid_open.fd, FS_IOC_GETVERSION, st_gen); local_close(ctx, &fid_open); +#else + err = -ENOTTY; +#endif return err; } diff --git a/oslib-posix.c b/oslib-posix.c index 6f29762..ce75549 100644 --- a/oslib-posix.c +++ b/oslib-posix.c @@ -162,8 +162,7 @@ int qemu_pipe(int pipefd[2]) return ret; } -int qemu_utimensat(int dirfd, const char *path, const struct timespec *times, - int flags) +int qemu_utimens(const char *path, const struct timespec *times) { struct timeval tv[2], tv_now; struct stat st; @@ -171,7 +170,7 @@ int qemu_utimensat(int dirfd, const char *path, const struct timespec *times, #ifdef CONFIG_UTIMENSAT int ret; - ret = utimensat(dirfd, path, times, flags); + ret = utimensat(AT_FDCWD, path, times, AT_SYMLINK_NOFOLLOW); if (ret != -1 || errno != ENOSYS) { return ret; } diff --git a/qemu-os-posix.h b/qemu-os-posix.h index 920499d..8e1149d 100644 --- a/qemu-os-posix.h +++ b/qemu-os-posix.h @@ -44,7 +44,6 @@ typedef struct timeval qemu_timeval; #endif #endif typedef struct timespec qemu_timespec; -int qemu_utimensat(int dirfd, const char *path, const qemu_timespec *times, - int flags); +int qemu_utimens(const char *path, const qemu_timespec *times); #endif
Small requirements on "new" features have percolated to virtio-9p-local.c. In particular, the utimensat wrapper actually only supports dirfd = AT_FDCWD and flags = AT_SYMLINK_NOFOLLOW in the fallback code. Remove the arguments so that virtio-9p-local.c will not use AT_* constants. At the same time, fail local_ioc_getversion if the ioctl is not supported by the host. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> --- hw/9pfs/virtio-9p-local.c | 7 +++++-- oslib-posix.c | 5 ++--- qemu-os-posix.h | 3 +-- 3 files changed, 8 insertions(+), 7 deletions(-)