aboutsummaryrefslogtreecommitdiff
path: root/fsdev
AgeCommit message (Collapse)AuthorFilesLines
2017-06-299pfs: local: Add support for custom fmode/dmode in 9ps mapped security modesTobias Schramm2-0/+16
In mapped security modes, files are created with very restrictive permissions (600 for files and 700 for directories). This makes file sharing between virtual machines and users on the host rather complicated. Imagine eg. a group of users that need to access data produced by processes on a virtual machine. Giving those users access to the data will be difficult since the group access mode is always 0. This patch makes the default mode for both files and directories configurable. Existing setups that don't know about the new parameters keep using the current secure behavior. Signed-off-by: Tobias Schramm <tobleminer@gmail.com> Signed-off-by: Greg Kurz <groug@kaod.org>
2017-05-259pfs: assume utimensat() and futimens() are presentGreg Kurz1-1/+2
The utimensat() and futimens() syscalls have been around for ages (ie, glibc 2.6 and linux 2.6.22), and the decision was already taken to switch to utimensat() anyway when fixing CVE-2016-9602 in 2.9. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Eric Blake <eblake@redhat.com>
2017-05-25fsdev: fix virtfs-proxy-helper cwdGreg Kurz1-4/+4
Since chroot() doesn't change the current directory, it is indeed a good practice to chdir() to the target directory and then then chroot(), or to chroot() to the target directory and then chdir("/"). The current code does neither of them actually. Let's go for the latter. This doesn't fix any security issue since all of this takes place before the helper begins to process requests. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Eric Blake <eblake@redhat.com>
2017-05-25fsdev: don't allow unknown format in marshal/unmarshalGreg Kurz1-2/+2
The code only uses well known format strings. An unknown format token is a bug. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
2017-02-28throttle: factor out duplicate codePradeep Jagadeesh1-76/+4
This patch removes the redundant throttle code that was present in block and fsdev device files. Now the common code is moved to a single file. Signed-off-by: Pradeep Jagadeesh <pradeep.jagadeesh@huawei.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> (fix indent nit, Greg Kurz) Signed-off-by: Greg Kurz <groug@kaod.org>
2017-02-28fsdev: add IO throttle support to fsdev devicesPradeep Jagadeesh5-2/+237
This patchset adds the throttle support for the 9p-local driver. For now this functionality can be enabled only through qemu cli options. QMP interface and support to other drivers need further extensions. To make it simple for other 9p drivers, the throttle code has been put in separate files. Signed-off-by: Pradeep Jagadeesh <pradeep.jagadeesh@huawei.com> Reviewed-by: Alberto Garcia <berto@igalia.com> (pass extra NULL CoMutex * argument to qemu_co_queue_wait(), added options to qemu-options.hx, Greg Kurz) Signed-off-by: Greg Kurz <groug@kaod.org>
2016-11-239pfs: add cleanup operation in FileOperationsLi Qiang1-0/+1
Currently, the backend of VirtFS doesn't have a cleanup function. This will lead resource leak issues if the backed driver allocates resources. This patch addresses this issue. Signed-off-by: Li Qiang <liq3ea@gmail.com> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: Greg Kurz <groug@kaod.org>
2016-10-179pfs: fsdev: drop useless extern annotation for functionsGreg Kurz1-3/+3
Signed-off-by: Greg Kurz <groug@kaod.org>
2016-10-179pfs: allocate space for guest originated empty stringsLi Qiang1-1/+1
If a guest sends an empty string paramater to any 9P operation, the current code unmarshals it into a V9fsString equal to { .size = 0, .data = NULL }. This is unfortunate because it can cause NULL pointer dereference to happen at various locations in the 9pfs code. And we don't want to check str->data everywhere we pass it to strcmp() or any other function which expects a dereferenceable pointer. This patch enforces the allocation of genuine C empty strings instead, so callers don't have to bother. Out of all v9fs_iov_vunmarshal() users, only v9fs_xattrwalk() checks if the returned string is empty. It now uses v9fs_string_size() since name.data cannot be NULL anymore. Signed-off-by: Li Qiang <liqiang6-s@360.cn> [groug, rewritten title and changelog, fix empty string check in v9fs_xattrwalk()] Signed-off-by: Greg Kurz <groug@kaod.org>
2016-09-169pfs: drop useless v9fs_string_null() functionGreg Kurz2-6/+0
The v9fs_string_null() function just calls v9fs_string_free(). Also it only has 4 users, whereas v9fs_string_free() has 87. This patch converts users to call directly v9fs_string_free() and drops the useless function. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Cédric Le Goater <clg@kaod.org>
2016-07-12Merge remote-tracking branch 'remotes/armbru/tags/pull-include-2016-07-12' ↵Peter Maydell3-6/+8
into staging Clean up #include "..." vs <...> and header guards # gpg: Signature made Tue 12 Jul 2016 15:23:43 BST # gpg: using RSA key 0x3870B400EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-include-2016-07-12: cris: Fix broken header guard in hw/cris/boot.h Clean up decorations and whitespace around header guards Clean up ill-advised or unusual header guards libdecnumber: Don't error out on decNumberLocal.h re-inclusion libdecnumber: Don't fool around with guards to avoid #include Clean up header guards that don't match their file name Drop Emacs local variables lists redundant with .dir-locals.el spapr_pci: Include spapr.h instead of playing games with #error tcg: Clean up tcg-target.h header guards linux-user: Fix broken header guard in syscall_defs.h linux-user: Clean up hostdep.h header guards linux-user: Clean up target_structs.h header guards linux-user: Clean up target_signal.h header guards linux-user: Clean up target_cpu.h header guards linux-user: Clean up target_syscall.h header guards target-*: Clean up cpu.h header guards scripts: New clean-header-guards.pl Use #include "..." for our own headers, <...> for others Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-12Clean up ill-advised or unusual header guardsMarkus Armbruster2-4/+4
Cleaned up with scripts/clean-header-guards.pl. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-07-12Clean up header guards that don't match their file nameMarkus Armbruster1-2/+4
Header guard symbols should match their file name to make guard collisions less likely. Offenders found with scripts/clean-header-guards.pl -vn. Cleaned up with scripts/clean-header-guards.pl, followed by some renaming of new guard symbols picked by the script to better ones. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-07-12fsdev/9p-iov-marshal.c: Don't use cpu_to_*w() functionsPeter Maydell1-12/+6
Don't use the cpu_to_*w() functions, which we are trying to deprecate. Instead just use cpu_to_*() to do the byteswap, which brings the code in the marshal function in line with that in the unmarshal. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Message-id: 1467908460-27048-2-git-send-email-peter.maydell@linaro.org
2016-07-019p: don't include <sys/uio.h>Greg Kurz3-3/+0
The <sys/uio.h> system header doesn't exist on all host platforms. Code should include "qemu/osdep.h" instead to avoid build breaks on plafforms that don't define CONFIG_IOVEC (like win32, if it is to support 9p one day). Acked-by: Cédric Le Goater <clg@kaod.org> Acked-by: Michael Fritscher <michael@fritscher.net> Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
2016-06-07all: Remove unnecessary glib.h includesPeter Maydell2-2/+0
Remove glib.h includes, as it is provided by osdep.h. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Tested-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2016-06-07fsdev: spelling fixMichael Tokarev1-1/+1
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2016-06-069p: switch back to readdir()Greg Kurz1-2/+1
This patch changes the 9p code to use readdir() again instead of readdir_r(), which is deprecated in glibc 2.24. All the locking was put in place by a previous patch. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
2016-06-069p/fsdev: remove obsolete references to virtioGreg Kurz5-5/+5
Most of the 9p code is now virtio agnostic. This patch does a final cleanup: - drop references to Virtio from the header comments - fix includes Also drop a couple of leading empty lines while here. Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
2016-03-16module: Rename machine_init() to opts_init()Eduardo Habkost1-1/+1
The only remaining users of machine_init() only call qemu_add_opts(). Rename machine_init() to opts_init() and move it closer to the qemu_add_opts() calls on vl.c. Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2016-02-23all: Clean up includesPeter Maydell1-3/+0
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com>
2016-02-11man: virtfs-proxy-helper: Rework awkward sentenceChristophe Fergeau1-2/+2
There was a 'capbilities' typo in this man page. This commit reformulates the sentence the typo was in to make it easier to grasp. This is based on a suggestion from Eric Blake. Signed-off-by: Christophe Fergeau <cfergeau@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2016-01-299pfs: Clean up includesPeter Maydell6-17/+6
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-18-git-send-email-peter.maydell@linaro.org
2016-01-26Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell1-1/+1
* chardev support for TLS and leak fix * NBD fix from Denis * condvar fix from Dave * kvm_stat and dump-guest-memory almost rewrite * mem-prealloc fix from Luiz * manpage style improvement # gpg: Signature made Tue 26 Jan 2016 14:58:18 GMT using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" * remotes/bonzini/tags/for-upstream: (49 commits) scripts/dump-guest-memory.py: Fix module docstring scripts/dump-guest-memory.py: Introduce multi-arch support scripts/dump-guest-memory.py: Cleanup functions scripts/dump-guest-memory.py: Improve python 3 compatibility scripts/dump-guest-memory.py: Make methods functions scripts/dump-guest-memory.py: Move constants to the top nbd: add missed aio_context_acquire in nbd_export_new memory: exit when hugepage allocation fails if mem-prealloc cpus: use broadcast on qemu_pause_cond scripts/kvm/kvm_stat: Add optparse description scripts/kvm/kvm_stat: Add interactive filtering scripts/kvm/kvm_stat: Fixup filtering scripts/kvm/kvm_stat: Fix rlimit for unprivileged users scripts/kvm/kvm_stat: Read event values as u64 scripts/kvm/kvm_stat: Cleanup and pre-init perf_event_attr scripts/kvm/kvm_stat: Fix output formatting scripts/kvm/kvm_stat: Make tui function a class scripts/kvm/kvm_stat: Remove unneeded X86_EXIT_REASONS scripts/kvm/kvm_stat: Group arch specific data scripts/kvm/kvm_stat: Cleanup of Event class ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-01-26docs: Style the command and its options in the synopsisSitsofe Wheeler1-1/+1
Signed-off-by: Sitsofe Wheeler <sitsofe@yahoo.com> Message-Id: <1452718226-25001-1-git-send-email-sitsofe@yahoo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-22fsdev: use error_report() instead of fprintf(stderr)Greg Kurz1-3/+4
Only fix the code that gets built into QEMU. Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
2016-01-089pfs: make pdu_{,un}marshal proper functionsWei Liu2-12/+35
Factor out v9fs_iov_v{,un}marshal. Implement pdu_{,un}marshal with those functions. Signed-off-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2016-01-08fsdev: rename virtio-9p-marshal.{c,h} to 9p-iov-marshal.{c,h}Wei Liu5-66/+76
And rename v9fs_marshal to v9fs_iov_marshal, v9fs_unmarshal to v9fs_iov_unmarshal. The rationale behind this change is that, this marshalling interface is used both by virtio and proxy helper. Renaming files and functions to reflect the true nature of this interface. Xen transport is going to have its own marshalling interface. Signed-off-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2016-01-08fsdev: break out 9p-marshal.{c,h} from virtio-9p-marshal.{c,h}Wei Liu5-110/+142
Break out some generic functions for marshaling 9p state. Pure code motion plus minor fixes for build system. Signed-off-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2016-01-089pfs: rename virtio-9p-proxy.{c,h} to 9p-proxy.{c,h}Wei Liu1-1/+1
Those two files are not virtio specific. Rename them to use generic names. Fix includes in various C files. Change define guards and comments in header files. Signed-off-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2015-11-30fsdev-proxy-helper: avoid TOC/TOU racePaolo Bonzini1-10/+10
There is a minor time of check/time of use race between statfs and chroot. It can be fixed easily by stat-ing the root after it has been changed. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
2015-09-11maint: remove unused include for dirent.hDaniel P. Berrange1-1/+0
A number of files were including dirent.h but not using any of the functions it provides Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-16virtfs-proxy-helper: fail gracefully if socket path is too longStefan Hajnoczi1-1/+6
Replace the assertion check with graceful failure when the socket path is too long. Programs should not crash on invalid input. Print an error message and exit properly. Cc: Shannon Zhao <zhaoshenglong@huawei.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2015-06-16virtfs-proxy-helper: add missing long option terminatorStefan Hajnoczi1-0/+1
The getopt_long(3) long options array must have a zeroed terminator. This patch solves a segmentation fault when an unknown command-line option is encountered: $ fsdev/virtfs-proxy-helper --help Segmentation fault (core dumped) Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2015-03-19Fix typos in commentsViswesh1-1/+1
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Viswesh <visweshn92@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-03-16virtfs-proxy: Fix possible overflowShannon Zhao1-0/+1
It's detected by coverity. The socket name specified should fit in the sockadd_un.sun_path. If not abort. Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com> Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2015-03-16fsdev/virtfs-proxy-helper: Fix improper use of negative valueShannon Zhao1-0/+3
It's detected by coverity. Check the return value of proxy_marshal. Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com> Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2015-02-10virtfs-proxy-helper: Fix possible socket leak.Gonglei1-4/+9
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-04-28virtfs-proxy-helper: fix call to acceptTim Comer1-0/+1
The current code calls accept() without initializing the size parameter which means the accept call might write too much to the stack. URL: https://bugs.gentoo.org/486714 Signed-off-by: Tim Comer <comer0@gmail.com> Signed-off-by: Mike Frysinger <vapier@gentoo.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-03-04hw/9pfs: Include virtio-9p-device.o in buildAneesh Kumar K.V1-1/+3
After commit ba1183da9a10b94611cad88c44a5c6df005f9b55 we are including hw/Makefile.objs directly from Makefile.target. Make sure hw/Makefile.objs rules doesn't depend on variable defined in Makefile.objs Tested-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2014-02-26fsdev: Fix overrun after readlink() fills buffer completelyMarkus Armbruster1-1/+1
readlink() returns the number of bytes written to the buffer, and it doesn't write a terminating null byte. do_readlink() writes it itself. Overruns the buffer when readlink() filled it completely. Fix by reserving space for the null byte when calling readlink(), like we do elsewhere. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2013-07-09fsdev: Fix potential memory leakStefan Weil1-0/+2
This leak was reported by cppcheck. Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: M. Mohan Kumar <mohan@in.ibm.com> Message-id: 1371376960-18192-1-git-send-email-sw@weilnetz.de Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-05-12remove double semicolonsDong Xu Wang1-2/+2
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-01-30virtfs-proxy-helper: Fix unchecked strdup() by conv. to g_strdup()Markus Armbruster1-2/+2
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-01-26build: remove extra-obj-yPaolo Bonzini1-4/+4
extra-obj-y is somewhat complicated to understand. Replace it with a special CONFIG_ALL symbol that is defined only at toplevel. This limits the case of directories defining more than one *-obj-y target. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-01-12qemu-option: move standard option definitions out of qemu-config.cPaolo Bonzini4-15/+86
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19misc: move include files to include/qemu/Paolo Bonzini5-10/+10
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-05virtfs-proxy-helper: use setresuid and setresgidPaolo Bonzini1-29/+64
The setfsuid and setfsgid system calls are obscure and they complicate the error checking (that glibc's warn_unused_result "feature" forces us to do). Switch to the standard setresuid and setresgid functions. Signed-off-by: Paolo Bonzini <pbonini@redhat.com Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
2012-11-15qemu-fsdev-dummy.c: Include module.hEduardo Habkost1-0/+1
module.h is where machine_init() is defined, but qemu-fsdev-dummy.c doesn't include it. The header is probably being included by accident because some other headers are including qemu-common.h, but those headers should eventually stop including qemu-common.h. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2012-06-07build: move fsdev/ objects to nested Makefile.objsPaolo Bonzini1-0/+9
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>