File 0345-9pfs-move-handle_9p_output-and-make.patch of Package qemu.8405
From b49994f7fb1010538e1c8cffac1222d93bf56d84 Mon Sep 17 00:00:00 2001
From: Wei Liu <wei.liu2@citrix.com>
Date: Thu, 7 Jan 2016 18:37:25 +0000
Subject: [PATCH] 9pfs: move handle_9p_output and make it static function
It's only used in virtio device.
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
(cherry picked from commit 0192cc5d796a0bdf679b786c7244ec5211be6791)
[BR: Fix and/or infrastructure for BSC#1020427 CVE-2016-9602]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/9pfs/virtio-9p-device.c | 34 ++++++++++++++++++++++++++++++++++
hw/9pfs/virtio-9p.c | 23 -----------------------
hw/9pfs/virtio-9p.h | 1 -
3 files changed, 34 insertions(+), 24 deletions(-)
diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c
index 0660e0b751..de4f4b582d 100644
--- a/hw/9pfs/virtio-9p-device.c
+++ b/hw/9pfs/virtio-9p-device.c
@@ -19,6 +19,40 @@
#include "9p-xattr.h"
#include "virtio-9p-coth.h"
#include "hw/virtio/virtio-access.h"
+#include "qemu/iov.h"
+
+static void handle_9p_output(VirtIODevice *vdev, VirtQueue *vq)
+{
+ V9fsState *s = (V9fsState *)vdev;
+ V9fsPDU *pdu;
+ ssize_t len;
+
+ while ((pdu = pdu_alloc(s)) &&
+ (len = virtqueue_pop(vq, &pdu->elem)) != 0) {
+ struct {
+ uint32_t size_le;
+ uint8_t id;
+ uint16_t tag_le;
+ } QEMU_PACKED out;
+ int len;
+
+ BUG_ON(pdu->elem.out_num == 0 || pdu->elem.in_num == 0);
+ QEMU_BUILD_BUG_ON(sizeof out != 7);
+
+ len = iov_to_buf(pdu->elem.out_sg, pdu->elem.out_num, 0,
+ &out, sizeof out);
+ BUG_ON(len != sizeof out);
+
+ pdu->size = le32_to_cpu(out.size_le);
+
+ pdu->id = out.id;
+ pdu->tag = le16_to_cpu(out.tag_le);
+
+ qemu_co_queue_init(&pdu->complete);
+ pdu_submit(pdu);
+ }
+ pdu_free(pdu);
+}
void virtio_9p_push_and_notify(V9fsPDU *pdu)
{
diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c
index 98ed32d92c..1a322d34a6 100644
--- a/hw/9pfs/virtio-9p.c
+++ b/hw/9pfs/virtio-9p.c
@@ -3265,29 +3265,6 @@ void pdu_submit(V9fsPDU *pdu)
qemu_coroutine_enter(co, pdu);
}
-void handle_9p_output(VirtIODevice *vdev, VirtQueue *vq)
-{
- V9fsState *s = (V9fsState *)vdev;
- V9fsPDU *pdu;
- ssize_t len;
-
- while ((pdu = pdu_alloc(s)) &&
- (len = virtqueue_pop(vq, &pdu->elem)) != 0) {
- uint8_t *ptr;
- BUG_ON(pdu->elem.out_num == 0 || pdu->elem.in_num == 0);
- BUG_ON(pdu->elem.out_sg[0].iov_len < 7);
-
- ptr = pdu->elem.out_sg[0].iov_base;
-
- pdu->size = le32_to_cpu(*(uint32_t *)ptr);
- pdu->id = ptr[4];
- pdu->tag = le16_to_cpu(*(uint16_t *)(ptr + 5));
- qemu_co_queue_init(&pdu->complete);
- pdu_submit(pdu);
- }
- pdu_free(pdu);
-}
-
static void __attribute__((__constructor__)) virtio_9p_set_fd_limit(void)
{
struct rlimit rlim;
diff --git a/hw/9pfs/virtio-9p.h b/hw/9pfs/virtio-9p.h
index a1ac3980ee..474ab94c08 100644
--- a/hw/9pfs/virtio-9p.h
+++ b/hw/9pfs/virtio-9p.h
@@ -5,7 +5,6 @@
#include "hw/virtio/virtio.h"
#include "9p.h"
-extern void handle_9p_output(VirtIODevice *vdev, VirtQueue *vq);
extern void virtio_9p_push_and_notify(V9fsPDU *pdu);
ssize_t virtio_pdu_vmarshal(V9fsPDU *pdu, size_t offset,
