File 0336-9pfs-PDU-processing-functions-don-t.patch of Package qemu.6354
From c41a18cc4adffa58fa8bfc11a314fc30f9669306 Mon Sep 17 00:00:00 2001
From: Wei Liu <wei.liu2@citrix.com>
Date: Wed, 2 Dec 2015 12:06:28 +0000
Subject: [PATCH] 9pfs: PDU processing functions don't need to take V9fsState
as argument
V9fsState can be referenced by pdu->s. Initialise that in device
realization function.
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
(cherry picked from commit ad38ce9ed16c66583952c7697c62255a74de6196)
[BR: Fix and/or infrastructure for BSC#1020427 CVE-2016-9602]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/9pfs/virtio-9p-device.c | 1 +
hw/9pfs/virtio-9p.c | 99 +++++++++++++++++++++-------------------------
2 files changed, 47 insertions(+), 53 deletions(-)
diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c
index 637c1ed985..737331ed3f 100644
--- a/hw/9pfs/virtio-9p-device.c
+++ b/hw/9pfs/virtio-9p-device.c
@@ -68,6 +68,7 @@ static void virtio_9p_device_realize(DeviceState *dev, Error **errp)
QLIST_INIT(&s->active_list);
for (i = 0; i < (MAX_REQ - 1); i++) {
QLIST_INSERT_HEAD(&s->free_list, &s->pdus[i], next);
+ s->pdus[i].s = s;
}
s->vq = virtio_add_queue(vdev, MAX_REQ, handle_9p_output);
diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c
index bef777aba5..3aac0c8427 100644
--- a/hw/9pfs/virtio-9p.c
+++ b/hw/9pfs/virtio-9p.c
@@ -575,9 +575,10 @@ static V9fsPDU *alloc_pdu(V9fsState *s)
return pdu;
}
-static void free_pdu(V9fsState *s, V9fsPDU *pdu)
+static void free_pdu(V9fsPDU *pdu)
{
if (pdu) {
+ V9fsState *s = pdu->s;
/*
* Cancelled pdu are added back to the freelist
* by flush request .
@@ -594,9 +595,10 @@ static void free_pdu(V9fsState *s, V9fsPDU *pdu)
* because we always expect to have enough space to encode
* error details
*/
-static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len)
+static void complete_pdu(V9fsPDU *pdu, ssize_t len)
{
int8_t id = pdu->id + 1; /* Response */
+ V9fsState *s = pdu->s;
if (len < 0) {
int err = -len;
@@ -636,7 +638,7 @@ static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len)
/* Now wakeup anybody waiting in flush for this request */
qemu_co_queue_next(&pdu->complete);
- free_pdu(s, pdu);
+ free_pdu(pdu);
}
static mode_t v9mode_to_mode(uint32_t mode, V9fsString *extension)
@@ -931,7 +933,7 @@ static void v9fs_version(void *opaque)
offset += err;
trace_v9fs_version_return(pdu->tag, pdu->id, s->msize, version.data);
out:
- complete_pdu(s, pdu, offset);
+ complete_pdu(pdu, offset);
v9fs_string_free(&version);
}
@@ -994,7 +996,7 @@ static void v9fs_attach(void *opaque)
out:
put_fid(pdu, fidp);
out_nofid:
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
v9fs_string_free(&uname);
v9fs_string_free(&aname);
}
@@ -1008,7 +1010,6 @@ static void v9fs_stat(void *opaque)
struct stat stbuf;
V9fsFidState *fidp;
V9fsPDU *pdu = opaque;
- V9fsState *s = pdu->s;
err = pdu_unmarshal(pdu, offset, "d", &fid);
if (err < 0) {
@@ -1041,7 +1042,7 @@ static void v9fs_stat(void *opaque)
out:
put_fid(pdu, fidp);
out_nofid:
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
}
static void v9fs_getattr(void *opaque)
@@ -1104,7 +1105,7 @@ static void v9fs_getattr(void *opaque)
out:
put_fid(pdu, fidp);
out_nofid:
- complete_pdu(s, pdu, retval);
+ complete_pdu(pdu, retval);
}
/* Attribute flags */
@@ -1128,7 +1129,6 @@ static void v9fs_setattr(void *opaque)
size_t offset = 7;
V9fsIattr v9iattr;
V9fsPDU *pdu = opaque;
- V9fsState *s = pdu->s;
err = pdu_unmarshal(pdu, offset, "dI", &fid, &v9iattr);
if (err < 0) {
@@ -1202,7 +1202,7 @@ static void v9fs_setattr(void *opaque)
out:
put_fid(pdu, fidp);
out_nofid:
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
}
static int v9fs_walk_marshal(V9fsPDU *pdu, uint16_t nwnames, V9fsQID *qids)
@@ -1244,7 +1244,7 @@ static void v9fs_walk(void *opaque)
err = pdu_unmarshal(pdu, offset, "ddw", &fid, &newfid, &nwnames);
if (err < 0) {
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
return ;
}
offset += err;
@@ -1312,7 +1312,7 @@ out:
v9fs_path_free(&dpath);
v9fs_path_free(&path);
out_nofid:
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
if (nwnames && nwnames <= P9_MAXWELEM) {
for (name_idx = 0; name_idx < nwnames; name_idx++) {
v9fs_string_free(&wnames[name_idx]);
@@ -1429,7 +1429,7 @@ static void v9fs_open(void *opaque)
out:
put_fid(pdu, fidp);
out_nofid:
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
}
static void v9fs_lcreate(void *opaque)
@@ -1486,7 +1486,7 @@ static void v9fs_lcreate(void *opaque)
out:
put_fid(pdu, fidp);
out_nofid:
- complete_pdu(pdu->s, pdu, err);
+ complete_pdu(pdu, err);
v9fs_string_free(&name);
}
@@ -1498,7 +1498,6 @@ static void v9fs_fsync(void *opaque)
size_t offset = 7;
V9fsFidState *fidp;
V9fsPDU *pdu = opaque;
- V9fsState *s = pdu->s;
err = pdu_unmarshal(pdu, offset, "dd", &fid, &datasync);
if (err < 0) {
@@ -1517,7 +1516,7 @@ static void v9fs_fsync(void *opaque)
}
put_fid(pdu, fidp);
out_nofid:
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
}
static void v9fs_clunk(void *opaque)
@@ -1550,7 +1549,7 @@ static void v9fs_clunk(void *opaque)
err = offset;
}
out_nofid:
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
}
static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,
@@ -1760,7 +1759,7 @@ static void v9fs_read(void *opaque)
out:
put_fid(pdu, fidp);
out_nofid:
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
}
static size_t v9fs_readdir_data_size(V9fsString *name)
@@ -1847,7 +1846,6 @@ static void v9fs_readdir(void *opaque)
int32_t count;
uint32_t max_count;
V9fsPDU *pdu = opaque;
- V9fsState *s = pdu->s;
retval = pdu_unmarshal(pdu, offset, "dqd", &fid,
&initial_offset, &max_count);
@@ -1884,7 +1882,7 @@ static void v9fs_readdir(void *opaque)
out:
put_fid(pdu, fidp);
out_nofid:
- complete_pdu(s, pdu, retval);
+ complete_pdu(pdu, retval);
}
static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,
@@ -1951,7 +1949,8 @@ static void v9fs_write(void *opaque)
err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count);
if (err < 0) {
- return complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
+ return;
}
offset += err;
v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true);
@@ -2013,7 +2012,7 @@ out:
put_fid(pdu, fidp);
out_nofid:
qemu_iovec_destroy(&qiov_full);
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
}
static void v9fs_create(void *opaque)
@@ -2180,7 +2179,7 @@ static void v9fs_create(void *opaque)
out:
put_fid(pdu, fidp);
out_nofid:
- complete_pdu(pdu->s, pdu, err);
+ complete_pdu(pdu, err);
v9fs_string_free(&name);
v9fs_string_free(&extension);
v9fs_path_free(&path);
@@ -2227,7 +2226,7 @@ static void v9fs_symlink(void *opaque)
out:
put_fid(pdu, dfidp);
out_nofid:
- complete_pdu(pdu->s, pdu, err);
+ complete_pdu(pdu, err);
v9fs_string_free(&name);
v9fs_string_free(&symname);
}
@@ -2243,7 +2242,7 @@ static void v9fs_flush(void *opaque)
err = pdu_unmarshal(pdu, offset, "w", &tag);
if (err < 0) {
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
return;
}
trace_v9fs_flush(pdu->tag, pdu->id, tag);
@@ -2260,15 +2259,14 @@ static void v9fs_flush(void *opaque)
*/
qemu_co_queue_wait(&cancel_pdu->complete);
cancel_pdu->cancelled = 0;
- free_pdu(pdu->s, cancel_pdu);
+ free_pdu(cancel_pdu);
}
- complete_pdu(s, pdu, 7);
+ complete_pdu(pdu, 7);
}
static void v9fs_link(void *opaque)
{
V9fsPDU *pdu = opaque;
- V9fsState *s = pdu->s;
int32_t dfid, oldfid;
V9fsFidState *dfidp, *oldfidp;
V9fsString name;
@@ -2301,7 +2299,7 @@ out:
put_fid(pdu, dfidp);
out_nofid:
v9fs_string_free(&name);
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
}
/* Only works with path name based fid */
@@ -2346,7 +2344,7 @@ out_err:
clunk_fid(pdu->s, fidp->fid);
put_fid(pdu, fidp);
out_nofid:
- complete_pdu(pdu->s, pdu, err);
+ complete_pdu(pdu, err);
}
static void v9fs_unlinkat(void *opaque)
@@ -2390,7 +2388,7 @@ out_err:
put_fid(pdu, dfidp);
v9fs_path_free(&path);
out_nofid:
- complete_pdu(pdu->s, pdu, err);
+ complete_pdu(pdu, err);
v9fs_string_free(&name);
}
@@ -2490,7 +2488,7 @@ static void v9fs_rename(void *opaque)
out:
put_fid(pdu, fidp);
out_nofid:
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
v9fs_string_free(&name);
}
@@ -2591,7 +2589,7 @@ static void v9fs_renameat(void *opaque)
}
out_err:
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
v9fs_string_free(&old_name);
v9fs_string_free(&new_name);
}
@@ -2606,7 +2604,6 @@ static void v9fs_wstat(void *opaque)
struct stat stbuf;
V9fsFidState *fidp;
V9fsPDU *pdu = opaque;
- V9fsState *s = pdu->s;
v9fs_stat_init(&v9stat);
err = pdu_unmarshal(pdu, offset, "dwS", &fid, &unused, &v9stat);
@@ -2688,7 +2685,7 @@ out:
put_fid(pdu, fidp);
out_nofid:
v9fs_stat_free(&v9stat);
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
}
static int v9fs_fill_statfs(V9fsState *s, V9fsPDU *pdu, struct statfs *stbuf)
@@ -2767,7 +2764,7 @@ static void v9fs_statfs(void *opaque)
out:
put_fid(pdu, fidp);
out_nofid:
- complete_pdu(s, pdu, retval);
+ complete_pdu(pdu, retval);
}
static void v9fs_mknod(void *opaque)
@@ -2784,7 +2781,6 @@ static void v9fs_mknod(void *opaque)
struct stat stbuf;
V9fsFidState *fidp;
V9fsPDU *pdu = opaque;
- V9fsState *s = pdu->s;
v9fs_string_init(&name);
err = pdu_unmarshal(pdu, offset, "dsdddd", &fid, &name, &mode,
@@ -2815,7 +2811,7 @@ static void v9fs_mknod(void *opaque)
out:
put_fid(pdu, fidp);
out_nofid:
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
v9fs_string_free(&name);
}
@@ -2836,7 +2832,6 @@ static void v9fs_lock(void *opaque)
V9fsFidState *fidp;
int32_t fid, err = 0;
V9fsPDU *pdu = opaque;
- V9fsState *s = pdu->s;
status = P9_LOCK_ERROR;
v9fs_string_init(&flock.client_id);
@@ -2873,7 +2868,7 @@ out_nofid:
err += offset;
}
trace_v9fs_lock_return(pdu->tag, pdu->id, status);
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
v9fs_string_free(&flock.client_id);
}
@@ -2889,7 +2884,6 @@ static void v9fs_getlock(void *opaque)
V9fsGetlock glock;
int32_t fid, err = 0;
V9fsPDU *pdu = opaque;
- V9fsState *s = pdu->s;
v9fs_string_init(&glock.client_id);
err = pdu_unmarshal(pdu, offset, "dbqqds", &fid, &glock.type,
@@ -2923,7 +2917,7 @@ static void v9fs_getlock(void *opaque)
out:
put_fid(pdu, fidp);
out_nofid:
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
v9fs_string_free(&glock.client_id);
}
@@ -2967,7 +2961,7 @@ static void v9fs_mkdir(void *opaque)
out:
put_fid(pdu, fidp);
out_nofid:
- complete_pdu(pdu->s, pdu, err);
+ complete_pdu(pdu, err);
v9fs_string_free(&name);
}
@@ -3073,7 +3067,7 @@ out:
put_fid(pdu, xattr_fidp);
}
out_nofid:
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
v9fs_string_free(&name);
}
@@ -3088,7 +3082,6 @@ static void v9fs_xattrcreate(void *opaque)
V9fsFidState *file_fidp;
V9fsFidState *xattr_fidp;
V9fsPDU *pdu = opaque;
- V9fsState *s = pdu->s;
v9fs_string_init(&name);
err = pdu_unmarshal(pdu, offset, "dsqd", &fid, &name, &size, &flags);
@@ -3114,7 +3107,7 @@ static void v9fs_xattrcreate(void *opaque)
err = offset;
put_fid(pdu, file_fidp);
out_nofid:
- complete_pdu(s, pdu, err);
+ complete_pdu(pdu, err);
v9fs_string_free(&name);
}
@@ -3154,7 +3147,7 @@ static void v9fs_readlink(void *opaque)
out:
put_fid(pdu, fidp);
out_nofid:
- complete_pdu(pdu->s, pdu, err);
+ complete_pdu(pdu, err);
}
static CoroutineEntry *pdu_co_handlers[] = {
@@ -3197,13 +3190,13 @@ static CoroutineEntry *pdu_co_handlers[] = {
static void v9fs_op_not_supp(void *opaque)
{
V9fsPDU *pdu = opaque;
- complete_pdu(pdu->s, pdu, -EOPNOTSUPP);
+ complete_pdu(pdu, -EOPNOTSUPP);
}
static void v9fs_fs_ro(void *opaque)
{
V9fsPDU *pdu = opaque;
- complete_pdu(pdu->s, pdu, -EROFS);
+ complete_pdu(pdu, -EROFS);
}
static inline bool is_read_only_op(V9fsPDU *pdu)
@@ -3233,10 +3226,11 @@ static inline bool is_read_only_op(V9fsPDU *pdu)
}
}
-static void submit_pdu(V9fsState *s, V9fsPDU *pdu)
+static void submit_pdu(V9fsPDU *pdu)
{
Coroutine *co;
CoroutineEntry *handler;
+ V9fsState *s = pdu->s;
if (pdu->id >= ARRAY_SIZE(pdu_co_handlers) ||
(pdu_co_handlers[pdu->id] == NULL)) {
@@ -3261,7 +3255,6 @@ void handle_9p_output(VirtIODevice *vdev, VirtQueue *vq)
while ((pdu = alloc_pdu(s)) &&
(len = virtqueue_pop(vq, &pdu->elem)) != 0) {
uint8_t *ptr;
- pdu->s = s;
BUG_ON(pdu->elem.out_num == 0 || pdu->elem.in_num == 0);
BUG_ON(pdu->elem.out_sg[0].iov_len < 7);
@@ -3271,9 +3264,9 @@ void handle_9p_output(VirtIODevice *vdev, VirtQueue *vq)
pdu->id = ptr[4];
pdu->tag = le16_to_cpu(*(uint16_t *)(ptr + 5));
qemu_co_queue_init(&pdu->complete);
- submit_pdu(s, pdu);
+ submit_pdu(pdu);
}
- free_pdu(s, pdu);
+ free_pdu(pdu);
}
static void __attribute__((__constructor__)) virtio_9p_set_fd_limit(void)
