File 0355-virtio-9p-add-reset-handler.patch of Package qemu.6354
From 7dc111386220374406e50ce5c42992df5eec6350 Mon Sep 17 00:00:00 2001
From: Greg Kurz <groug@kaod.org>
Date: Mon, 17 Oct 2016 14:13:58 +0200
Subject: [PATCH] virtio-9p: add reset handler
Virtio devices should implement the VirtIODevice->reset() function to
perform necessary cleanup actions and to bring the device to a quiescent
state.
In the case of the virtio-9p device, this means:
- emptying the list of active PDUs (i.e. draining all in-flight I/O)
- freeing all fids (i.e. close open file descriptors and free memory)
That's what this patch does.
The reset handler first waits for all active PDUs to complete. Since
completion happens in the QEMU global aio context, we just have to
loop around aio_poll() until the active list is empty.
The freeing part involves some actions to be performed on the backend,
like closing file descriptors or flushing extended attributes to the
underlying filesystem. The virtfs_reset() function already does the
job: it calls free_fid() for all open fids not involved in an ongoing
I/O operation. We are sure this is the case since we have drained
the PDU active list.
The current code implements all backend accesses with coroutines, but we
want to stay synchronous on the reset path. We can either change the
current code to be able to run when not in coroutine context, or create
a coroutine context and wait for virtfs_reset() to complete. This patch
goes for the latter because it results in simpler code.
Note that we also need to create a dummy PDU because it is also an API
to pass the FsContext pointer to all backend callbacks.
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 0e44a0fd3f28cccb8963fdfc05c53c546b3f46b6)
[BR: Fix and/or infrastructure for BSC#1020427 CVE-2016-9602]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/9pfs/9p.c | 30 ++++++++++++++++++++++++++++++
hw/9pfs/9p.h | 1 +
hw/9pfs/virtio-9p-device.c | 8 ++++++++
3 files changed, 39 insertions(+)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 46dd54db7c..134c329df6 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -3386,6 +3386,36 @@ void v9fs_device_unrealize_common(V9fsState *s, Error **errp)
g_free(s->tag);
}
+typedef struct VirtfsCoResetData {
+ V9fsPDU pdu;
+ bool done;
+} VirtfsCoResetData;
+
+static void coroutine_fn virtfs_co_reset(void *opaque)
+{
+ VirtfsCoResetData *data = opaque;
+
+ virtfs_reset(&data->pdu);
+ data->done = true;
+}
+
+void v9fs_reset(V9fsState *s)
+{
+ VirtfsCoResetData data = { .pdu = { .s = s }, .done = false };
+ Coroutine *co;
+
+ while (!QLIST_EMPTY(&s->active_list)) {
+ aio_poll(qemu_get_aio_context(), true);
+ }
+
+ co = qemu_coroutine_create(virtfs_co_reset);
+ qemu_coroutine_enter(co, &data);
+
+ while (!data.done) {
+ aio_poll(qemu_get_aio_context(), true);
+ }
+}
+
static void __attribute__((__constructor__)) v9fs_set_fd_limit(void)
{
struct rlimit rlim;
diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h
index 5b75969cab..cf42c016bb 100644
--- a/hw/9pfs/9p.h
+++ b/hw/9pfs/9p.h
@@ -323,5 +323,6 @@ ssize_t pdu_unmarshal(V9fsPDU *pdu, size_t offset, const char *fmt, ...);
V9fsPDU *pdu_alloc(V9fsState *s);
void pdu_free(V9fsPDU *pdu);
void pdu_submit(V9fsPDU *pdu);
+void v9fs_reset(V9fsState *s);
#endif
diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c
index b02e7f9d2a..465f203ee4 100644
--- a/hw/9pfs/virtio-9p-device.c
+++ b/hw/9pfs/virtio-9p-device.c
@@ -134,6 +134,13 @@ static void virtio_9p_device_unrealize(DeviceState *dev, Error **errp)
v9fs_device_unrealize_common(s, errp);
}
+static void virtio_9p_reset(VirtIODevice *vdev)
+{
+ V9fsVirtioState *v = (V9fsVirtioState *)vdev;
+
+ v9fs_reset(&v->state);
+}
+
ssize_t virtio_pdu_vmarshal(V9fsPDU *pdu, size_t offset,
const char *fmt, va_list ap)
{
@@ -189,6 +196,7 @@ static void virtio_9p_class_init(ObjectClass *klass, void *data)
vdc->unrealize = virtio_9p_device_unrealize;
vdc->get_features = virtio_9p_get_features;
vdc->get_config = virtio_9p_get_config;
+ vdc->reset = virtio_9p_reset;
}
static const TypeInfo virtio_device_info = {
