File 0368-9p-introduce-the-V9fsDir-type.patch of Package qemu.6354
From 2f64dc602a7096db4041294b6f88707be4c6a3c2 Mon Sep 17 00:00:00 2001
From: Greg Kurz <gkurz@linux.vnet.ibm.com>
Date: Mon, 6 Jun 2016 11:52:34 +0200
Subject: [PATCH] 9p: introduce the V9fsDir type
If we are to switch back to readdir(), we need a more complex type than
DIR * to be able to serialize concurrent accesses to the directory stream.
This patch introduces a placeholder type and fixes all users.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
(cherry picked from commit f314ea4e30a1ef87bf8845da952c6dd0bac20b95)
[BR: Fix and/or infrastructure for BSC#1020427 CVE-2016-9602]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/9pfs/9p-handle.c | 18 +++++++++---------
hw/9pfs/9p-local.c | 18 +++++++++---------
hw/9pfs/9p-proxy.c | 20 ++++++++++----------
hw/9pfs/9p.c | 12 ++++++------
hw/9pfs/9p.h | 6 +++++-
5 files changed, 39 insertions(+), 35 deletions(-)
diff --git a/hw/9pfs/9p-handle.c b/hw/9pfs/9p-handle.c
index f088c421a5..3537c8a7f0 100644
--- a/hw/9pfs/9p-handle.c
+++ b/hw/9pfs/9p-handle.c
@@ -110,7 +110,7 @@ static int handle_close(FsContext *ctx, V9fsFidOpenState *fs)
static int handle_closedir(FsContext *ctx, V9fsFidOpenState *fs)
{
- return closedir(fs->dir);
+ return closedir(fs->dir.stream);
}
static int handle_open(FsContext *ctx, V9fsPath *fs_path,
@@ -130,8 +130,8 @@ static int handle_opendir(FsContext *ctx,
if (ret < 0) {
return -1;
}
- fs->dir = fdopendir(ret);
- if (!fs->dir) {
+ fs->dir.stream = fdopendir(ret);
+ if (!fs->dir.stream) {
return -1;
}
return 0;
@@ -139,24 +139,24 @@ static int handle_opendir(FsContext *ctx,
static void handle_rewinddir(FsContext *ctx, V9fsFidOpenState *fs)
{
- return rewinddir(fs->dir);
+ rewinddir(fs->dir.stream);
}
static off_t handle_telldir(FsContext *ctx, V9fsFidOpenState *fs)
{
- return telldir(fs->dir);
+ return telldir(fs->dir.stream);
}
static int handle_readdir_r(FsContext *ctx, V9fsFidOpenState *fs,
struct dirent *entry,
struct dirent **result)
{
- return readdir_r(fs->dir, entry, result);
+ return readdir_r(fs->dir.stream, entry, result);
}
static void handle_seekdir(FsContext *ctx, V9fsFidOpenState *fs, off_t off)
{
- return seekdir(fs->dir, off);
+ seekdir(fs->dir.stream, off);
}
static ssize_t handle_preadv(FsContext *ctx, V9fsFidOpenState *fs,
@@ -260,7 +260,7 @@ static int handle_fstat(FsContext *fs_ctx, int fid_type,
int fd;
if (fid_type == P9_FID_DIR) {
- fd = dirfd(fs->dir);
+ fd = dirfd(fs->dir.stream);
} else {
fd = fs->fd;
}
@@ -407,7 +407,7 @@ static int handle_fsync(FsContext *ctx, int fid_type,
int fd;
if (fid_type == P9_FID_DIR) {
- fd = dirfd(fs->dir);
+ fd = dirfd(fs->dir.stream);
} else {
fd = fs->fd;
}
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
index f875ec5173..648a0ad5a2 100644
--- a/hw/9pfs/9p-local.c
+++ b/hw/9pfs/9p-local.c
@@ -347,7 +347,7 @@ static int local_close(FsContext *ctx, V9fsFidOpenState *fs)
static int local_closedir(FsContext *ctx, V9fsFidOpenState *fs)
{
- return closedir(fs->dir);
+ return closedir(fs->dir.stream);
}
static int local_open(FsContext *ctx, V9fsPath *fs_path,
@@ -369,9 +369,9 @@ static int local_opendir(FsContext *ctx,
char *path = fs_path->data;
buffer = rpath(ctx, path);
- fs->dir = opendir(buffer);
+ fs->dir.stream = opendir(buffer);
g_free(buffer);
- if (!fs->dir) {
+ if (!fs->dir.stream) {
return -1;
}
return 0;
@@ -379,12 +379,12 @@ static int local_opendir(FsContext *ctx,
static void local_rewinddir(FsContext *ctx, V9fsFidOpenState *fs)
{
- return rewinddir(fs->dir);
+ rewinddir(fs->dir.stream);
}
static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs)
{
- return telldir(fs->dir);
+ return telldir(fs->dir.stream);
}
static int local_readdir_r(FsContext *ctx, V9fsFidOpenState *fs,
@@ -394,7 +394,7 @@ static int local_readdir_r(FsContext *ctx, V9fsFidOpenState *fs,
int ret;
again:
- ret = readdir_r(fs->dir, entry, result);
+ ret = readdir_r(fs->dir.stream, entry, result);
if (ctx->export_flags & V9FS_SM_MAPPED_FILE) {
if (!ret && *result != NULL &&
!strcmp(entry->d_name, VIRTFS_META_DIR)) {
@@ -407,7 +407,7 @@ again:
static void local_seekdir(FsContext *ctx, V9fsFidOpenState *fs, off_t off)
{
- return seekdir(fs->dir, off);
+ seekdir(fs->dir.stream, off);
}
static ssize_t local_preadv(FsContext *ctx, V9fsFidOpenState *fs,
@@ -612,7 +612,7 @@ static int local_fstat(FsContext *fs_ctx, int fid_type,
int err, fd;
if (fid_type == P9_FID_DIR) {
- fd = dirfd(fs->dir);
+ fd = dirfd(fs->dir.stream);
} else {
fd = fs->fd;
}
@@ -1010,7 +1010,7 @@ static int local_fsync(FsContext *ctx, int fid_type,
int fd;
if (fid_type == P9_FID_DIR) {
- fd = dirfd(fs->dir);
+ fd = dirfd(fs->dir.stream);
} else {
fd = fs->fd;
}
diff --git a/hw/9pfs/9p-proxy.c b/hw/9pfs/9p-proxy.c
index 4a33a09eea..14efdd373a 100644
--- a/hw/9pfs/9p-proxy.c
+++ b/hw/9pfs/9p-proxy.c
@@ -631,7 +631,7 @@ static int proxy_close(FsContext *ctx, V9fsFidOpenState *fs)
static int proxy_closedir(FsContext *ctx, V9fsFidOpenState *fs)
{
- return closedir(fs->dir);
+ return closedir(fs->dir.stream);
}
static int proxy_open(FsContext *ctx, V9fsPath *fs_path,
@@ -650,14 +650,14 @@ static int proxy_opendir(FsContext *ctx,
{
int serrno, fd;
- fs->dir = NULL;
+ fs->dir.stream = NULL;
fd = v9fs_request(ctx->private, T_OPEN, NULL, "sd", fs_path, O_DIRECTORY);
if (fd < 0) {
errno = -fd;
return -1;
}
- fs->dir = fdopendir(fd);
- if (!fs->dir) {
+ fs->dir.stream = fdopendir(fd);
+ if (!fs->dir.stream) {
serrno = errno;
close(fd);
errno = serrno;
@@ -668,24 +668,24 @@ static int proxy_opendir(FsContext *ctx,
static void proxy_rewinddir(FsContext *ctx, V9fsFidOpenState *fs)
{
- return rewinddir(fs->dir);
+ rewinddir(fs->dir.stream);
}
static off_t proxy_telldir(FsContext *ctx, V9fsFidOpenState *fs)
{
- return telldir(fs->dir);
+ return telldir(fs->dir.stream);
}
static int proxy_readdir_r(FsContext *ctx, V9fsFidOpenState *fs,
struct dirent *entry,
struct dirent **result)
{
- return readdir_r(fs->dir, entry, result);
+ return readdir_r(fs->dir.stream, entry, result);
}
static void proxy_seekdir(FsContext *ctx, V9fsFidOpenState *fs, off_t off)
{
- return seekdir(fs->dir, off);
+ seekdir(fs->dir.stream, off);
}
static ssize_t proxy_preadv(FsContext *ctx, V9fsFidOpenState *fs,
@@ -791,7 +791,7 @@ static int proxy_fstat(FsContext *fs_ctx, int fid_type,
int fd;
if (fid_type == P9_FID_DIR) {
- fd = dirfd(fs->dir);
+ fd = dirfd(fs->dir.stream);
} else {
fd = fs->fd;
}
@@ -936,7 +936,7 @@ static int proxy_fsync(FsContext *ctx, int fid_type,
int fd;
if (fid_type == P9_FID_DIR) {
- fd = dirfd(fs->dir);
+ fd = dirfd(fs->dir.stream);
} else {
fd = fs->fd;
}
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 3adb942a98..aeb970c82f 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -228,7 +228,7 @@ static int v9fs_reopen_fid(V9fsPDU *pdu, V9fsFidState *f)
} while (err == -EINTR && !pdu->cancelled);
}
} else if (f->fid_type == P9_FID_DIR) {
- if (f->fs.dir == NULL) {
+ if (f->fs.dir.stream == NULL) {
do {
err = v9fs_co_opendir(pdu, f);
} while (err == -EINTR && !pdu->cancelled);
@@ -344,7 +344,7 @@ static int free_fid(V9fsPDU *pdu, V9fsFidState *fidp)
retval = v9fs_co_close(pdu, &fidp->fs);
}
} else if (fidp->fid_type == P9_FID_DIR) {
- if (fidp->fs.dir != NULL) {
+ if (fidp->fs.dir.stream != NULL) {
retval = v9fs_co_closedir(pdu, &fidp->fs);
}
} else if (fidp->fid_type == P9_FID_XATTR) {
@@ -442,7 +442,7 @@ void v9fs_reclaim_fd(V9fsPDU *pdu)
reclaim_count++;
}
} else if (f->fid_type == P9_FID_DIR) {
- if (f->fs.dir != NULL) {
+ if (f->fs.dir.stream != NULL) {
/*
* Up the reference count so that
* a clunk request won't free this fid
@@ -450,8 +450,8 @@ void v9fs_reclaim_fd(V9fsPDU *pdu)
f->ref++;
f->rclm_lst = reclaim_list;
reclaim_list = f;
- f->fs_reclaim.dir = f->fs.dir;
- f->fs.dir = NULL;
+ f->fs_reclaim.dir.stream = f->fs.dir.stream;
+ f->fs.dir.stream = NULL;
reclaim_count++;
}
}
@@ -1890,7 +1890,7 @@ static void v9fs_readdir(void *opaque)
retval = -EINVAL;
goto out_nofid;
}
- if (!fidp->fs.dir) {
+ if (!fidp->fs.dir.stream) {
retval = -EINVAL;
goto out;
}
diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h
index f5a7387798..c0ce0e33c2 100644
--- a/hw/9pfs/9p.h
+++ b/hw/9pfs/9p.h
@@ -171,13 +171,17 @@ typedef struct V9fsXattr
int flags;
} V9fsXattr;
+typedef struct V9fsDir {
+ DIR *stream;
+} V9fsDir;
+
/*
* Filled by fs driver on open and other
* calls.
*/
union V9fsFidOpenState {
int fd;
- DIR *dir;
+ V9fsDir dir;
V9fsXattr xattr;
/*
* private pointer for fs drivers, that
