Re: [Qemu-devel] [PATCH v2 3/7] ppc: different creation paths for cpus in system and user mode

On Mon, 4 Jul 2016 09:14:43 +0200 Igor Mammedov <imamm...@redhat.com> wrote: > On Sat, 02 Jul 2016 00:41:40 +0200 > Greg Kurz <gr...@kaod.org> wrote: > > > The machine code currently uses the same cpu_ppc_init() function to > > create cpus as the user mode. Th

Re: [Qemu-devel] [Qemu-ppc] [PATCH v2 4/7] ppc: open code cpu creation for machine types

On Mon, 4 Jul 2016 08:32:04 +0200 Greg Kurz <gr...@kaod.org> wrote: > On Mon, 4 Jul 2016 13:54:55 +1000 > David Gibson <da...@gibson.dropbear.id.au> wrote: > > > On Sat, Jul 02, 2016 at 10:33:33AM +0200, Greg Kurz wrote: > > > On Sat, 2 Jul 2016 13:3

Re: [Qemu-devel] [PATCH v2 4/7] ppc: open code cpu creation for machine types

On Mon, 4 Jul 2016 13:54:55 +1000 David Gibson <da...@gibson.dropbear.id.au> wrote: > On Sat, Jul 02, 2016 at 10:33:33AM +0200, Greg Kurz wrote: > > On Sat, 2 Jul 2016 13:36:22 +0530 > > Bharata B Rao <bhar...@linux.vnet.ibm.com> wrote: > > > > > On S

[Qemu-devel] [PATCH v2 1/7] spapr: Ensure thread0 of CPU core is always realized first

always realized in the correct order. Future TODO: CPU DT nodes are per-core properties and we should ideally base the creation of CPU DT nodes on core objects rather than the thread objects. Signed-off-by: Bharata B Rao <bhar...@linux.vnet.ibm.com> Reviewed-by: Greg Kurz <gr...@kaod.org> S

[Qemu-devel] [PATCH v2 5/7] ppc: introduce ppc_set_vcpu_dt_id()

in the array. The only exception is pseries-2.7 which supports hotplug of cpu cores and already open codes the cpu creation. Its case will be covered in follow-up patch. Suggested-by: Igor Mammedov <imamm...@redhat.com> Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/ppc/e500.c

[Qemu-devel] [PATCH v2 7/7] ppc: move the cpu_dt_id logic to machine code

logic (it is required by the future powernv machine type for example). Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/ppc/ppc.c| 28 +++- target-ppc/translate_init.c | 30 -- 2 files changed, 27 insertions(+), 31 del

[Qemu-devel] [PATCH v2 4/7] ppc: open code cpu creation for machine types

If we want to generate cpu_dt_id in the machine code, this must occur before the cpu gets realized. We must open code the cpu creation to be able to do this. This patch just does that. It borrows some lines from previous work from Bharata to handle the feature parsing. Signed-off-by: Greg Kurz

Re: [Qemu-devel] [PATCH 1/2 v16] fsdev: add IO throttle support to fsdev devices

On Tue, 7 Feb 2017 00:15:33 +0100 Greg Kurz <gr...@kaod.org> wrote: > On Mon, 6 Feb 2017 13:36:43 -0600 > Eric Blake <ebl...@redhat.com> wrote: > > > On 02/03/2017 05:57 AM, Pradeep Jagadeesh wrote: > > > This patchset adds the throttle support fo

Re: [Qemu-devel] [PATCH 03/28] tests: fix leaks in test-io-channel-command

ndré Lureau <marcandre.lur...@redhat.com> > --- Reviewed-by: Greg Kurz <gr...@kaod.org> > tests/test-io-channel-command.c | 6 ++ > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/tests/test-io-channel-command.c b/tests/test-io-channel-command.c > index

Re: [Qemu-devel] [PATCH 1/2 v16] fsdev: add IO throttle support to fsdev devices

Cc'ing Stefan who reviewed patch 2/2. On Tue, 7 Feb 2017 09:56:08 -0600 Eric Blake <ebl...@redhat.com> wrote: > On 02/07/2017 04:32 AM, Greg Kurz wrote: > >> > >> I'm not aware of anything related to fsdev in QMP... and libvirt seems to > >> only pars

Re: [Qemu-devel] [PATCH 20/28] tests: fix virtio-scsi-test leak

On Tue, 7 Feb 2017 17:52:03 +0400 Marc-André Lureau <marcandre.lur...@redhat.com> wrote: > Spotted by ASAN. > > Cc: Paolo Bonzini <pbonz...@redhat.com> > Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com> > --- Reviewed-by: Greg Kurz <gr...@ka

Re: [Qemu-devel] [PATCH 04/28] timer: use an inline function for free

; Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com> > --- Reviewed-by: Greg Kurz <gr...@kaod.org> > include/qemu/timer.h | 5 - > qemu-timer.c | 5 - > 2 files changed, 4 insertions(+), 6 deletions(-) > > diff --git a/include/qemu/time

Re: [Qemu-devel] [PATCH 21/28] tests: fix virtio-9p-test leaks

On Tue, 7 Feb 2017 17:52:04 +0400 Marc-André Lureau <marcandre.lur...@redhat.com> wrote: > Spotted by ASAN. > > Cc: "Aneesh Kumar K.V" <aneesh.ku...@linux.vnet.ibm.com> > Cc: Greg Kurz <gr...@kaod.org> > Signed-off-by: Marc-André Lureau <marcandre.

Re: [Qemu-devel] [PATCH 2/2 v16] throttle: factor out duplicate code

On Fri, 3 Feb 2017 06:57:23 -0500 Pradeep Jagadeesh wrote: > This patch removes the redundant throttle code that was present in > block and fsdev device files. Now the common code is moved > to a single file. > > Signed-off-by: Pradeep Jagadeesh

[Qemu-devel] [PATCH] 9pfs: proxy: assert if unmarshal fails

checking the return value of proxy_unmarshal(). Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-proxy.c | 22 +++--- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/hw/9pfs/9p-proxy.c b/hw/9pfs/9p-proxy.c index f4aa7a9d70f8..4ad42a1ad158 100644 --

Re: [Qemu-devel] [PATCH 1/2 v16] fsdev: add IO throttle support to fsdev devices

On Mon, 6 Feb 2017 13:36:43 -0600 Eric Blake wrote: > On 02/03/2017 05:57 AM, Pradeep Jagadeesh wrote: > > This patchset adds the throttle support for the 9p-local driver. > > For now this functionality can be enabled only through qemu cli options. > > QMP interface and

Re: [Qemu-devel] Build of master pollutes parent directory

On Mon, 6 Feb 2017 14:07:24 -0700 Rebecca Cran wrote: > Building commit 7d2c6c95511e42dffe2b263275e09957723d0ff4 is causing > pollution of the parent directory: e.g. ~/workspace/qemu/.. contains the > following extra directories: > > audio backends block chardev crypto

Re: [Qemu-devel] [PATCH 0/2 v14] fsdev: add IO throttle support to fsdev devices

On Fri, 3 Feb 2017 10:41:33 +0100 Pradeep Jagadeesh wrote: > On 2/1/2017 3:44 PM, Alberto Garcia wrote: > > On Tue 24 Jan 2017 10:24:06 AM CET, Pradeep Jagadeesh > > wrote: > > > >> Pradeep Jagadeesh (2): > >> fsdev: add IO throttle

[Qemu-devel] [PATCH] 9pfs: local: trivial cosmetic fix in pwritev op

Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c |3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 845675e7a1bb..7de07e1ba67f 100644 --- a/hw/9pfs/9p-local.c +++ b/hw/9pfs/9p-local.c @@ -436,8 +436,7 @@

Re: [Qemu-devel] [PATCH V1] throttle:Removed duplicate throtlle code from block and 9p files

On Mon, 23 Jan 2017 04:19:55 -0500 Pradeep Jagadeesh wrote: > This will allow other subsystems (i.e. fsdev) to implement throttling > without duplicating the command line options. > > Signed-off-by: Pradeep Jagadeesh > --- This patch

Re: [Qemu-devel] [PATCH V12] fsdev: add IO throttle support to fsdev devices

ottle_configure_iolimits function > -Checking throttle structure validity before initializing other structures > in fsdev_throttle_configure_iolimits > > -Addressed following comments by Greg Kurz > -Moved the code from 9pfs directory to fsdev directory, because the > throttling >

Re: [Qemu-devel] [PATCH V12] fsdev: add IO throttle support to fsdev devices

On Mon, 23 Jan 2017 10:38:21 +0100 Pradeep Kiruvale <pradeepkiruv...@gmail.com> wrote: > On 23 January 2017 at 10:32, Greg Kurz <gr...@kaod.org> wrote: > > > On Thu, 12 Jan 2017 11:57:25 -0500 > > Pradeep Jagadeesh <pradeepkiruv...@gmail.com> wrote: > &

[Qemu-devel] [PATCH] 9pfs: fix offset error in v9fs_xattr_read()

the whole of it. Moreover, this is consistent with the other places where v9fs_init_qiov_from_pdu() is called. This fixes commit "bcb8998fac16 9pfs: call v9fs_init_qiov_from_pdu before v9fs_pack". Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p.c |4 ++-- 1 file chang

Re: [Qemu-devel] [PATCH V1] throttle:Removed duplicate throtlle code from block and 9p files

On Mon, 23 Jan 2017 10:58:19 +0100 Pradeep Jagadeesh <pradeep.jagade...@huawei.com> wrote: > On 1/23/2017 10:47 AM, Greg Kurz wrote: > > On Mon, 23 Jan 2017 04:19:55 -0500 > > Pradeep Jagadeesh <pradeepkiruv...@gmail.com> wrote: > > > >> Th

Re: [Qemu-devel] [PATCH 0/2 V13] fsdev: add IO throttle support to fsdev devices

On Mon, 23 Jan 2017 08:03:18 -0800 (PST) no-re...@patchew.org wrote: > Hi, > > Your series seems to have some coding style problems. See output below for > more information: > Pradeep, One should usually take patchew's findings into account. See below. > Type: series > Subject: [Qemu-devel]

Re: [Qemu-devel] [PATCH 0/2 V13] fsdev: add IO throttle support to fsdev devices

On Mon, 23 Jan 2017 17:30:13 +0100 Pradeep Jagadeesh <pradeep.jagade...@huawei.com> wrote: > On 1/23/2017 5:22 PM, Greg Kurz wrote: > > On Mon, 23 Jan 2017 08:03:18 -0800 (PST) > > no-re...@patchew.org wrote: > >> Hi, > >> > >> Your series seem

Re: [Qemu-devel] [PATCH V1] throttle:Removed duplicate throtlle code from block and 9p files

On Mon, 23 Jan 2017 14:02:33 + Pradeep Jagadeesh <pradeep.jagade...@huawei.com> wrote: > -Original Message- > From: Greg Kurz [mailto:gr...@kaod.org] > Sent: Monday, January 23, 2017 11:28 AM > To: Pradeep Jagadeesh > Cc: Pradeep Jagadeesh; Alberto Garcia;

Re: [Qemu-devel] [PATCH] 9pfs: fix offset error in v9fs_xattr_read()

On Mon, 23 Jan 2017 12:20:57 -0800 (PST) Stefano Stabellini <sstabell...@kernel.org> wrote: > On Sat, 21 Jan 2017, Greg Kurz wrote: > > The current code tries to copy `read_count' bytes starting at offset > > `offset' from a `read_count`-sized iovec. This causes v9

Re: [Qemu-devel] [PATCH] 9pfs: fix v9fs_lock error case

On Thu, 26 Jan 2017 11:07:05 +0100 Paolo Bonzini wrote: > In this case, we are marshaling an error status instead of the errno value. > Reorganize the out and out_nofid labels to look like all the other cases. > Coverity reports this because the "err = -ENOENT" and "err =

[Qemu-devel] [PATCH RFC 17/36] 9pfs: local: keep a file descriptor on the shared folder

-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 38 -- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index d3c6ccf30b53..8a1d52cd6c2a 100644 --- a/hw/9pfs/9p-local.c +++ b/hw/9pfs/9p-l

[Qemu-devel] [PATCH RFC 29/36] 9pfs: local: remove: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" and "mapped" security models. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 28 +++- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/hw/9pfs/9p-local.c

[Qemu-devel] [PATCH RFC 23/36] 9pfs: local: mknod/mkdir/open2: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" security model. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 128 1 file changed, 59 insertions(+), 69 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw

[Qemu-devel] [PATCH RFC 02/36] 9pfs: local: split chmod operation per security model

Having all security models implemented in one monolithic function is cumbersome. Especially when the need arises to fix something in the shared code, as it forces to change all the paths at the same time. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz <

[Qemu-devel] [PATCH RFC 03/36] 9pfs: local: split mknod operation per security model

Having all security models implemented in one monolithic function is cumbersome. Especially when the need arises to fix something in the shared code, as it forces to change all the paths at the same time. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz <

[Qemu-devel] [PATCH RFC 06/36] 9pfs: local: split symlink operation per security model

Having all security models implemented in one monolithic function is cumbersome. Especially when the need arises to fix something in the shared code, as it forces to change all the paths at the same time. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz <

[Qemu-devel] [PATCH RFC 21/36] 9pfs: local: truncate: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 15 --- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 1f9239de07e5..4377aa6524c2 100644 --- a/h

[Qemu-devel] [PATCH RFC 05/36] 9pfs: local: split open2 operation per security model

Having all security models implemented in one monolithic function is cumbersome. Especially when the need arises to fix something in the shared code, as it forces to change all the paths at the same time. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz <

[Qemu-devel] [PATCH RFC 08/36] 9pfs: local: improve error handling in link op

When using the mapped-file security model, we also have to create a link for the metadata file if it exists. In case of failuire, we should rollback. That's what this patch does. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 26 +++--- 1 file c

[Qemu-devel] [PATCH RFC 07/36] 9pfs: local: split mkdir operation per security model

Having all security models implemented in one monolithic function is cumbersome. Especially when the need arises to fix something in the shared code, as it forces to change all the paths at the same time. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz <

[Qemu-devel] [PATCH RFC 11/36] 9pfs: local: post rename operation for mapped-file security

The rename operation is really the same for the passthrough and mapped security models. This patch simply moves the mapped-file bits to a separate function. This will make future modifications easier. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz <

[Qemu-devel] [PATCH RFC 27/36] 9pfs: local: link: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" and "mapped" security models. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 40 ++-- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/hw/9pfs/9p-lo

[Qemu-devel] [PATCH RFC 24/36] 9pfs: local: chmod: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" security model. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 13 +++-- 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 48d46b6abd28..9df

[Qemu-devel] [PATCH RFC 33/36] 9pfs: local: lgetxattr: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-posix-acl.c | 16 ++-- hw/9pfs/9p-xattr-user.c |8 +--- hw/9pfs/9p-xattr.c |8 +--- 3 files changed, 4 insertions(+), 28 deletions(-) diff --gi

[Qemu-devel] [PATCH RFC 34/36] 9pfs: local: llistxattr: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-xattr.c | 30 -- 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/hw/9pfs/9p-xattr.c b/hw/9pfs/9p-xattr.c index 29f4f940a23f..08df02e0bab2

[Qemu-devel] [PATCH RFC 04/36] 9pfs: local: split mkdir operation per security model

Having all security models implemented in one monolithic function is cumbersome. Especially when the need arises to fix something in the shared code, as it forces to change all the paths at the same time. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz <

[Qemu-devel] [PATCH RFC 01/36] 9pfs: local: move xattr security ops to 9p-xattr.c

These functions are always called indirectly. It really doesn't make sense for them to sit in a header file. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-xattr.c | 61 hw/9pfs/9p-xattr.h

[Qemu-devel] [PATCH RFC 09/36] 9pfs: local: post link operation for mapped-file security

The link operation is really the same for the passthrough and mapped security models. This patch simply moves the mapped-file bits to a separate function. This will make future modifications easier. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz <

[Qemu-devel] [PATCH RFC 22/36] 9pfs: local: statfs: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 13 ++--- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 4377aa6524c2..dbc56b16979c 100644 --- a/hw/9

[Qemu-devel] [PATCH RFC 36/36] 9pfs: local: lremovexattr: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-posix-acl.c | 14 -- hw/9pfs/9p-xattr-user.c | 12 +++- hw/9pfs/9p-xattr.c |8 +--- 3 files changed, 8 insertions(+), 26 deletions(-) diff --gi

[Qemu-devel] [PATCH RFC 26/36] 9pfs: local: chown: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" security model. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 20 ++-- 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index bbc0818456

[Qemu-devel] [PATCH RFC 10/36] v9fs: local: improve error handling in rename op

When using the mapped-file security model, we also have to rename the metadata file if it exists. In case of failure, we should rollback. To achieve that, this patch moves the renaming of the main file before the renaming of the metadata file. Signed-off-by: Greg Kurz <gr...@kaod.org> -

[Qemu-devel] [PATCH RFC 20/36] 9pfs: local: readlink: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 37 +++-- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index a1fff0

[Qemu-devel] [PATCH RFC 15/36] 9pfs: remove side-effects in local_open() and local_opendir()

If these functions fail, they should not change *fs. Let's use local variables to fix this. While here, let's also do some cosmetic fixes on the function args. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c

[Qemu-devel] [PATCH RFC 14/36] 9pfs: remove side-effects in local_init()

If this function fails, it should not modify *ctx. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 37 +++-- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/hw/9

[Qemu-devel] [PATCH RFC 35/36] 9pfs: local: lsetxattr: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-posix-acl.c | 18 -- hw/9pfs/9p-xattr-user.c |8 +--- hw/9pfs/9p-xattr.c |8 +--- 3 files changed, 6 insertions(+), 28 deletions(-) diff --gi

[Qemu-devel] [PATCH RFC 00/36] 9pfs: local: fix vulnerability to symlink attacks

aratory patches to split the code. This allows to have patches of reasonable size, that don't affect too many code paths. TODO: - the accesses to metadata files of the "mapped-file" security mode also need to be converted --- Greg Kurz (36): 9pfs: local: move xattr security ops to

[Qemu-devel] [PATCH RFC 18/36] 9pfs: local: open/opendir: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 31 +-- hw/9pfs/9p-local.h | 20 2 files changed, 41 insertions(+), 10 deletions(-) create mode 100644 hw/9pfs/9p-l

[Qemu-devel] [PATCH RFC 30/36] 9pfs: local: unlinkat: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" and "mapped" security models. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 18 -- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-

[Qemu-devel] [PATCH RFC 12/36] 9pfs: local: pre remove operation for mapped-file security

The remove operation is really the same for the passthrough and mapped security models. This patch simply moves the mapped-file bits to a separate function. This will make future modifications easier. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz <

[Qemu-devel] [PATCH RFC 16/36] 9pfs: introduce openat_nofollow() helper

introduces a variant of the openat() syscall that successively opens each path element with O_NOFOLLOW. It will be used by subsequent patches to implement symlink-safe path walk for any access to the backend. Suggested-by: Jann Horn <ja...@google.com> Signed-off-by: Greg Kurz <gr...@kaod.org>

[Qemu-devel] [PATCH RFC 19/36] 9pfs: local: utimensat: don't follow symlinks

This fixes CVE-2016-9602 for all security models. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 37 ++--- hw/9pfs/9p-local.h |2 ++ 2 files changed, 32 insertions(+), 7 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-l

[Qemu-devel] [PATCH RFC 28/36] 9pfs: local: rename: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" and "mapped" security models. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 44 +++- 1 file changed, 31 insertions(+), 13 deletions(-) diff --git a/hw/9p

[Qemu-devel] [PATCH RFC 32/36] 9pfs: local: lstat: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" and "mapped" security models. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 36 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/hw/9pfs/9p-local.c

[Qemu-devel] [PATCH RFC 31/36] 9pfs: local: introduce symlink-attack safe xattr helpers

There are no "at" variants for xattr syscalls. This patch implement them using a separate process. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-xattr.c | 156 hw/9pfs/9p-xattr.h | 11 2 files changed

[Qemu-devel] [PATCH RFC 13/36] 9pfs: local: pre unlikat operation for mapped-file security

The unlinkat operation is really the same for the passthrough and mapped security models. This patch simply moves the mapped-file bits to a separate function. This will make future modifications easier. This doesn't fix any bug, it is just preparatory cleanup. Signed-off-by: Greg Kurz <

[Qemu-devel] [PATCH RFC 25/36] 9pfs: local: symlink: don't follow symlinks

This fixes CVE-2016-9602 for the "passthrough" security model. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 26 ++ 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c in

Re: [Qemu-devel] [PATCH] migrate: Migration aborts abruptly for machine "none"

On Thu, 26 Jan 2017 14:46:52 +0530 Ashijeet Acharya wrote: > Migration of a "none" machine with no RAM crashes abruptly as > bitmap_new() fails and thus aborts. Instead, place a check for > last_ram_offset() being '0' at the start of ram_save_setup() and > error out

[Qemu-devel] [PULL 4/5] 9pfs: local: trivial cosmetic fix in pwritev op

Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 845675e7a1bb..7de07e1ba67f 100644 --- a/hw/9pfs/9p-local.c +++ b/hw/9pfs/9p-local.c @@ -436,8 +436,7 @@

[Qemu-devel] [PULL 2/5] tests: virtio-9p: improve error reporting

Signed-off-by: Greg Kurz <gr...@kaod.org> --- tests/virtio-9p-test.c | 24 +++- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/tests/virtio-9p-test.c b/tests/virtio-9p-test.c index 060407b20e39..9556291567a4 100644 --- a/tests/virtio-9p-test.c +++ b

[Qemu-devel] [PULL 3/5] 9pfs: fix off-by-one error in PDU free list

init loop. Reported-by: Tuomas Tynkkynen <tuo...@tuxera.com> Suggested-by: Al Viro <v...@zeniv.linux.org.uk> Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index 58310ca8d5a5..

[Qemu-devel] [PULL 0/5] 9p patches 20170125

. Other patches are minor enhancements. Greg Kurz (5): 9pfs: add missing coroutine_fn annotations tests: virtio-9p: improve error reporting 9pfs: fix off-by-one error in PDU free list 9pfs: local: trivial

[Qemu-devel] [PULL 5/5] 9pfs: fix offset error in v9fs_xattr_read()

the whole of it. Moreover, this is consistent with the other places where v9fs_init_qiov_from_pdu() is called. This fixes commit "bcb8998fac16 9pfs: call v9fs_init_qiov_from_pdu before v9fs_pack". Signed-off-by: Greg Kurz <gr...@kaod.org> Reviewed-by: Stefano Stabellini <sst

[Qemu-devel] [PULL 1/5] 9pfs: add missing coroutine_fn annotations

Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index fa58877570f6..58310ca8d5a5 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -1571,7 +1571,7 @@ out_nofid: v9fs_strin

[Qemu-devel] [PATCH v2] 9pfs: fix offset error in v9fs_xattr_read()

the whole of it. Moreover, this is consistent with the other places where v9fs_init_qiov_from_pdu() is called. This fixes commit "bcb8998fac16 9pfs: call v9fs_init_qiov_from_pdu before v9fs_pack". Signed-off-by: Greg Kurz <gr...@kaod.org> --- v2: - pass size + skip to the init

Re: [Qemu-devel] [PATCH] 9pfs: fix offset error in v9fs_xattr_read()

On Tue, 24 Jan 2017 14:24:23 -0800 (PST) Stefano Stabellini <sstabell...@kernel.org> wrote: > On Tue, 24 Jan 2017, Greg Kurz wrote: > > On Mon, 23 Jan 2017 12:20:57 -0800 (PST) > > Stefano Stabellini <sstabell...@kernel.org> wrote: > > > >

Re: [Qemu-devel] [PATCH] migrate: Migration aborts abruptly for machine "none"

On Sun, 29 Jan 2017 01:06:47 +0530 Ashijeet Acharya <ashijeetacha...@gmail.com> wrote: > On Sun, Jan 29, 2017 at 12:11 AM, Greg Kurz <gr...@kaod.org> wrote: > > On Thu, 26 Jan 2017 14:46:52 +0530 > > Ashijeet Acharya <ashijeetacha...@gmail.com> wrote: > &g

[Qemu-devel] [PATCH] spapr/pci: populate PCI DT in reverse order

From: Greg Kurz <gk...@linux.vnet.ibm.com> Since commit 1d2d974244c6 "spapr_pci: enumerate and add PCI device tree", QEMU populates the PCI device tree in the opposite order compared to SLOF. Before 1d2d974244c6: Populating /pci@8002000 00

Re: [Qemu-devel] [PATCH 1/2 v16] fsdev: add IO throttle support to fsdev devices

<stefa...@redhat.com> wrote: > On Tue, Feb 07, 2017 at 05:29:33PM +0100, Greg Kurz wrote: > > Cc'ing Stefan who reviewed patch 2/2. > > > > On Tue, 7 Feb 2017 09:56:08 -0600 > > Eric Blake <ebl...@redhat.com> wrote: > > > > > On 02/07/2

[Qemu-devel] [PATCH 04/29] 9pfs: introduce openat_nofollow() helper

e descriptor pointing to a path which is beneath the trusted directory. This will be used by subsequent patches to implement symlink-safe path walk for any access to the backend. Suggested-by: Jann Horn <ja...@google.com> Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-util

[Qemu-devel] [PATCH 02/29] 9pfs: remove side-effects in local_init()

If this function fails, it should not modify *ctx. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 37 +++-- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 7de07e

[Qemu-devel] [PATCH 07/29] 9pfs: local: introduce symlink-attack safe xattr helpers

n a separate process. The extended attributes code spreads over several files: all helpers are hence declared with external linkage in 9p-xattr.h. Note that the listxattr-based code is fully contained in 9p-xattr.c: the flistxattrat_nofollow() helper is added in a subsequent patch. Signed-off-by: Greg

[Qemu-devel] [PATCH 09/29] 9pfs: local: llistxattr: don't follow symlinks

-2016-9602. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-xattr.c | 30 -- 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/hw/9pfs/9p-xattr.c b/hw/9pfs/9p-xattr.c index 4c3c0046bd47..803d4bbbc50b 100644 --- a/hw/9pfs/9p-xattr.c +++ b/h

[Qemu-devel] [PATCH 27/29] 9pfs: local: mkdir: don't follow symlinks

als and file modes are stored. While here, we also make that explicit by sharing the call to mkdirat(). This partly fixes CVE-2016-9602. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 55 +++- 1 file changed, 20 insertio

[Qemu-devel] [PATCH 29/29] 9pfs: local: drop unused code

Now that the all callbacks have been converted to use "at" syscalls, we can drop this code. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 198 1 file changed, 198 deletions(-) diff --git a/hw/9pfs/9p-loca

[Qemu-devel] [PATCH 10/29] 9pfs: local: lsetxattr: don't follow symlinks

-9602. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-posix-acl.c | 18 -- hw/9pfs/9p-xattr-user.c |8 +--- hw/9pfs/9p-xattr.c |8 +--- 3 files changed, 6 insertions(+), 28 deletions(-) diff --git a/hw/9pfs/9p-posix-acl.c b/hw/9pfs/9p-posix

[Qemu-devel] [PATCH 15/29] 9pfs: local: statfs: don't follow symlinks

The local_statfs() callback is vulnerable to symlink attacks because it calls statfs() which follows symbolic links in all path elements. This patch converts local_statfs() to rely on open_nofollow() and fstatfs() instead. This partly fixes CVE-2016-9602. Signed-off-by: Greg Kurz <

[Qemu-devel] [PATCH 23/29] 9pfs: local: chmod: don't follow symlinks

use the "at" versions. This partly fixes CVE-2016-9602. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 163 1 file changed, 150 insertions(+), 13 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c

[Qemu-devel] [PATCH 14/29] 9pfs: local: utimensat: don't follow symlinks

E-2016-9602. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 19 +-- 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index c6f4c8d95442..7f3d9dd9a499 100644 --- a/hw/9pfs/9p-local.c +++ b/hw/9pf

[Qemu-devel] [PATCH 28/29] 9pfs: local: open2: don't follow symlinks

use it instead of opening a new one. The mapped and mapped-file security modes are supposed to be identical, except for the place where credentials and file modes are stored. While here, we also make that explicit by sharing the call to openat(). This partly fixes CVE-2016-9602. Signed-off-by: G

[Qemu-devel] [PATCH 13/29] 9pfs: local: remove: don't follow symlinks

() to rely on opendir_nofollow(), fstatat(AT_SYMLINK_NOFOLLOW) to fix (1) and unlinkat() to fix (2). This partly fixes CVE-2016-9602. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 64 +--- 1 file changed, 21 insertions(

[Qemu-devel] [PATCH 19/29] 9pfs: local: renameat: don't follow symlinks

The local_renameat() callback is currently a wrapper around local_rename() which is vulnerable to symlink attacks. This patch rewrites local_renameat() to have its own implementation, based on local_opendir_nofollow() and renameat(). This partly fixes CVE-2016-9602. Signed-off-by: Greg Kurz <

[Qemu-devel] [PATCH 06/29] 9pfs: local: open/opendir: don't follow symlinks

to use new helpers based on openat_nofollow() to only open files and directories if they are below the virtfs shared folder This partly fixes CVE-2016-9602. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 31 +-- hw/9pfs/9p-local.h

[Qemu-devel] [PATCH 00/29] 9pfs: local: fix vulnerability to symlink attacks

up with some numbers later. Stefan and Daniel, I've Cc'ed you because we talked about the issue on irc already. Feel free to comment/review if you have some spare cycles, it will be appreciated (but of course, I'll understand if you don't :) --- Greg Kurz (29): 9pfs: local: move xattr secu

[Qemu-devel] [PATCH 05/29] 9pfs: local: keep a file descriptor on the shared folder

This patch opens the shared folder and caches the file descriptor, so that it can be used to do symlink-safe path walk. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 30 -- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/h

[Qemu-devel] [PATCH 08/29] 9pfs: local: lgetxattr: don't follow symlinks

-9602. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-posix-acl.c | 16 ++-- hw/9pfs/9p-xattr-user.c |8 +--- hw/9pfs/9p-xattr.c |8 +--- 3 files changed, 4 insertions(+), 28 deletions(-) diff --git a/hw/9pfs/9p-posix-acl.c b/hw/9pfs/9p-posix

[Qemu-devel] [PATCH 11/29] 9pfs: local: lremovexattr: don't follow symlinks

fixes CVE-2016-9602. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-posix-acl.c | 10 ++ hw/9pfs/9p-xattr-user.c |8 +--- hw/9pfs/9p-xattr.c |8 +--- 3 files changed, 4 insertions(+), 22 deletions(-) diff --git a/hw/9pfs/9p-posix-acl.c b/hw/9pfs/9p

[Qemu-devel] [PATCH 16/29] 9pfs: local: truncate: don't follow symlinks

The local_truncate() callback is vulnerable to symlink attacks because it calls truncate() which follows symbolic links in all path elements. This patch converts local_truncate() to rely on open_nofollow() and ftruncate() instead. This partly fixes CVE-2016-9602. Signed-off-by: Greg Kurz <

[Qemu-devel] [PATCH 22/29] 9pfs: local: link: don't follow symlinks

tch converts local_link() to rely on opendir_nofollow() and linkat() to fix (1), mkdirat() to fix (2). This partly fixes CVE-2016-9602. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 86 ++-- 1 file changed, 57 insertio

[Qemu-devel] [PATCH 20/29] 9pfs: local: rename: use renameat

-2016-9602. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local.c | 57 +--- 1 file changed, 27 insertions(+), 30 deletions(-) diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c index 07b7110d87d7..15e746ede86a 100644 --- a/hw/9

[Qemu-devel] [PATCH 25/29] 9pfs: local: symlink: don't follow symlinks

low() and symlinkat() to fix (1), openat(O_NOFOLLOW) to fix (2), as well as local_set_xattrat() and local_set_mapped_file_attrat() to fix (3) and (4) respectively. This partly fixes CVE-2016-9602. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/9pfs/9p-local

<    5   6   7   8   9   10   11   12   13   14   >