File 0188-9pfs-break-out-virtio_init_iov_from.patch of Package qemu.5922
From d1ac5ef2ebb5a03014138d34cf7d88d3263adf49 Mon Sep 17 00:00:00 2001
From: Wei Liu <wei.liu2@citrix.com>
Date: Thu, 3 Dec 2015 13:21:51 +0000
Subject: [PATCH] 9pfs: break out virtio_init_iov_from_pdu
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
(cherry picked from commit 592707af7f9e7098949adae6ebf2b065456e0773)
[BR: Fix and/or infrastructure for BSC#1020427 CVE-2016-9602]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/9pfs/virtio-9p-device.c | 12 ++++++++++++
hw/9pfs/virtio-9p.c | 8 +-------
hw/9pfs/virtio-9p.h | 2 ++
3 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c
index d071924c64..8578278324 100644
--- a/hw/9pfs/virtio-9p-device.c
+++ b/hw/9pfs/virtio-9p-device.c
@@ -173,6 +173,18 @@ ssize_t virtio_pdu_vunmarshal(V9fsPDU *pdu, size_t offset,
offset, 1, fmt, ap);
}
+void virtio_init_iov_from_pdu(V9fsPDU *pdu, struct iovec **piov,
+ unsigned int *pniov, bool is_write)
+{
+ if (is_write) {
+ *piov = pdu->elem.out_sg;
+ *pniov = pdu->elem.out_num;
+ } else {
+ *piov = pdu->elem.in_sg;
+ *pniov = pdu->elem.in_num;
+ }
+}
+
/* virtio-9p device */
static Property virtio_9p_properties[] = {
diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c
index c8fb312ac7..3d8c1cffa1 100644
--- a/hw/9pfs/virtio-9p.c
+++ b/hw/9pfs/virtio-9p.c
@@ -1695,13 +1695,7 @@ static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu,
struct iovec *iov;
unsigned int niov;
- if (is_write) {
- iov = pdu->elem.out_sg;
- niov = pdu->elem.out_num;
- } else {
- iov = pdu->elem.in_sg;
- niov = pdu->elem.in_num;
- }
+ virtio_init_iov_from_pdu(pdu, &iov, &niov, is_write);
qemu_iovec_init_external(&elem, iov, niov);
qemu_iovec_init(qiov, niov);
diff --git a/hw/9pfs/virtio-9p.h b/hw/9pfs/virtio-9p.h
index e298949fde..5024ad0460 100644
--- a/hw/9pfs/virtio-9p.h
+++ b/hw/9pfs/virtio-9p.h
@@ -327,6 +327,8 @@ ssize_t virtio_pdu_vmarshal(V9fsPDU *pdu, size_t offset,
const char *fmt, va_list ap);
ssize_t virtio_pdu_vunmarshal(V9fsPDU *pdu, size_t offset,
const char *fmt, va_list ap);
+void virtio_init_iov_from_pdu(V9fsPDU *pdu, struct iovec **piov,
+ unsigned int *pniov, bool is_write);
#define TYPE_VIRTIO_9P "virtio-9p-device"
#define VIRTIO_9P(obj) \
