Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
qemu
0336-9pfs-PDU-processing-functions-don-t.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0336-9pfs-PDU-processing-functions-don-t.patch of Package qemu
From c41a18cc4adffa58fa8bfc11a314fc30f9669306 Mon Sep 17 00:00:00 2001 From: Wei Liu <wei.liu2@citrix.com> Date: Wed, 2 Dec 2015 12:06:28 +0000 Subject: [PATCH] 9pfs: PDU processing functions don't need to take V9fsState as argument V9fsState can be referenced by pdu->s. Initialise that in device realization function. Signed-off-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> (cherry picked from commit ad38ce9ed16c66583952c7697c62255a74de6196) [BR: Fix and/or infrastructure for BSC#1020427 CVE-2016-9602] Signed-off-by: Bruce Rogers <brogers@suse.com> --- hw/9pfs/virtio-9p-device.c | 1 + hw/9pfs/virtio-9p.c | 99 ++++++++++++++++++-------------------- 2 files changed, 47 insertions(+), 53 deletions(-) diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c index 637c1ed985..737331ed3f 100644 --- a/hw/9pfs/virtio-9p-device.c +++ b/hw/9pfs/virtio-9p-device.c @@ -68,6 +68,7 @@ static void virtio_9p_device_realize(DeviceState *dev, Error **errp) QLIST_INIT(&s->active_list); for (i = 0; i < (MAX_REQ - 1); i++) { QLIST_INSERT_HEAD(&s->free_list, &s->pdus[i], next); + s->pdus[i].s = s; } s->vq = virtio_add_queue(vdev, MAX_REQ, handle_9p_output); diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c index bef777aba5..3aac0c8427 100644 --- a/hw/9pfs/virtio-9p.c +++ b/hw/9pfs/virtio-9p.c @@ -575,9 +575,10 @@ static V9fsPDU *alloc_pdu(V9fsState *s) return pdu; } -static void free_pdu(V9fsState *s, V9fsPDU *pdu) +static void free_pdu(V9fsPDU *pdu) { if (pdu) { + V9fsState *s = pdu->s; /* * Cancelled pdu are added back to the freelist * by flush request . @@ -594,9 +595,10 @@ static void free_pdu(V9fsState *s, V9fsPDU *pdu) * because we always expect to have enough space to encode * error details */ -static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) +static void complete_pdu(V9fsPDU *pdu, ssize_t len) { int8_t id = pdu->id + 1; /* Response */ + V9fsState *s = pdu->s; if (len < 0) { int err = -len; @@ -636,7 +638,7 @@ static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) /* Now wakeup anybody waiting in flush for this request */ qemu_co_queue_next(&pdu->complete); - free_pdu(s, pdu); + free_pdu(pdu); } static mode_t v9mode_to_mode(uint32_t mode, V9fsString *extension) @@ -931,7 +933,7 @@ static void v9fs_version(void *opaque) offset += err; trace_v9fs_version_return(pdu->tag, pdu->id, s->msize, version.data); out: - complete_pdu(s, pdu, offset); + complete_pdu(pdu, offset); v9fs_string_free(&version); } @@ -994,7 +996,7 @@ static void v9fs_attach(void *opaque) out: put_fid(pdu, fidp); out_nofid: - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); v9fs_string_free(&uname); v9fs_string_free(&aname); } @@ -1008,7 +1010,6 @@ static void v9fs_stat(void *opaque) struct stat stbuf; V9fsFidState *fidp; V9fsPDU *pdu = opaque; - V9fsState *s = pdu->s; err = pdu_unmarshal(pdu, offset, "d", &fid); if (err < 0) { @@ -1041,7 +1042,7 @@ static void v9fs_stat(void *opaque) out: put_fid(pdu, fidp); out_nofid: - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); } static void v9fs_getattr(void *opaque) @@ -1104,7 +1105,7 @@ static void v9fs_getattr(void *opaque) out: put_fid(pdu, fidp); out_nofid: - complete_pdu(s, pdu, retval); + complete_pdu(pdu, retval); } /* Attribute flags */ @@ -1128,7 +1129,6 @@ static void v9fs_setattr(void *opaque) size_t offset = 7; V9fsIattr v9iattr; V9fsPDU *pdu = opaque; - V9fsState *s = pdu->s; err = pdu_unmarshal(pdu, offset, "dI", &fid, &v9iattr); if (err < 0) { @@ -1202,7 +1202,7 @@ static void v9fs_setattr(void *opaque) out: put_fid(pdu, fidp); out_nofid: - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); } static int v9fs_walk_marshal(V9fsPDU *pdu, uint16_t nwnames, V9fsQID *qids) @@ -1244,7 +1244,7 @@ static void v9fs_walk(void *opaque) err = pdu_unmarshal(pdu, offset, "ddw", &fid, &newfid, &nwnames); if (err < 0) { - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); return ; } offset += err; @@ -1312,7 +1312,7 @@ out: v9fs_path_free(&dpath); v9fs_path_free(&path); out_nofid: - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); if (nwnames && nwnames <= P9_MAXWELEM) { for (name_idx = 0; name_idx < nwnames; name_idx++) { v9fs_string_free(&wnames[name_idx]); @@ -1429,7 +1429,7 @@ static void v9fs_open(void *opaque) out: put_fid(pdu, fidp); out_nofid: - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); } static void v9fs_lcreate(void *opaque) @@ -1486,7 +1486,7 @@ static void v9fs_lcreate(void *opaque) out: put_fid(pdu, fidp); out_nofid: - complete_pdu(pdu->s, pdu, err); + complete_pdu(pdu, err); v9fs_string_free(&name); } @@ -1498,7 +1498,6 @@ static void v9fs_fsync(void *opaque) size_t offset = 7; V9fsFidState *fidp; V9fsPDU *pdu = opaque; - V9fsState *s = pdu->s; err = pdu_unmarshal(pdu, offset, "dd", &fid, &datasync); if (err < 0) { @@ -1517,7 +1516,7 @@ static void v9fs_fsync(void *opaque) } put_fid(pdu, fidp); out_nofid: - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); } static void v9fs_clunk(void *opaque) @@ -1550,7 +1549,7 @@ static void v9fs_clunk(void *opaque) err = offset; } out_nofid: - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); } static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, @@ -1760,7 +1759,7 @@ static void v9fs_read(void *opaque) out: put_fid(pdu, fidp); out_nofid: - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); } static size_t v9fs_readdir_data_size(V9fsString *name) @@ -1847,7 +1846,6 @@ static void v9fs_readdir(void *opaque) int32_t count; uint32_t max_count; V9fsPDU *pdu = opaque; - V9fsState *s = pdu->s; retval = pdu_unmarshal(pdu, offset, "dqd", &fid, &initial_offset, &max_count); @@ -1884,7 +1882,7 @@ static void v9fs_readdir(void *opaque) out: put_fid(pdu, fidp); out_nofid: - complete_pdu(s, pdu, retval); + complete_pdu(pdu, retval); } static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, @@ -1951,7 +1949,8 @@ static void v9fs_write(void *opaque) err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); if (err < 0) { - return complete_pdu(s, pdu, err); + complete_pdu(pdu, err); + return; } offset += err; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); @@ -2013,7 +2012,7 @@ out: put_fid(pdu, fidp); out_nofid: qemu_iovec_destroy(&qiov_full); - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); } static void v9fs_create(void *opaque) @@ -2180,7 +2179,7 @@ static void v9fs_create(void *opaque) out: put_fid(pdu, fidp); out_nofid: - complete_pdu(pdu->s, pdu, err); + complete_pdu(pdu, err); v9fs_string_free(&name); v9fs_string_free(&extension); v9fs_path_free(&path); @@ -2227,7 +2226,7 @@ static void v9fs_symlink(void *opaque) out: put_fid(pdu, dfidp); out_nofid: - complete_pdu(pdu->s, pdu, err); + complete_pdu(pdu, err); v9fs_string_free(&name); v9fs_string_free(&symname); } @@ -2243,7 +2242,7 @@ static void v9fs_flush(void *opaque) err = pdu_unmarshal(pdu, offset, "w", &tag); if (err < 0) { - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); return; } trace_v9fs_flush(pdu->tag, pdu->id, tag); @@ -2260,15 +2259,14 @@ static void v9fs_flush(void *opaque) */ qemu_co_queue_wait(&cancel_pdu->complete); cancel_pdu->cancelled = 0; - free_pdu(pdu->s, cancel_pdu); + free_pdu(cancel_pdu); } - complete_pdu(s, pdu, 7); + complete_pdu(pdu, 7); } static void v9fs_link(void *opaque) { V9fsPDU *pdu = opaque; - V9fsState *s = pdu->s; int32_t dfid, oldfid; V9fsFidState *dfidp, *oldfidp; V9fsString name; @@ -2301,7 +2299,7 @@ out: put_fid(pdu, dfidp); out_nofid: v9fs_string_free(&name); - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); } /* Only works with path name based fid */ @@ -2346,7 +2344,7 @@ out_err: clunk_fid(pdu->s, fidp->fid); put_fid(pdu, fidp); out_nofid: - complete_pdu(pdu->s, pdu, err); + complete_pdu(pdu, err); } static void v9fs_unlinkat(void *opaque) @@ -2390,7 +2388,7 @@ out_err: put_fid(pdu, dfidp); v9fs_path_free(&path); out_nofid: - complete_pdu(pdu->s, pdu, err); + complete_pdu(pdu, err); v9fs_string_free(&name); } @@ -2490,7 +2488,7 @@ static void v9fs_rename(void *opaque) out: put_fid(pdu, fidp); out_nofid: - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); v9fs_string_free(&name); } @@ -2591,7 +2589,7 @@ static void v9fs_renameat(void *opaque) } out_err: - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); v9fs_string_free(&old_name); v9fs_string_free(&new_name); } @@ -2606,7 +2604,6 @@ static void v9fs_wstat(void *opaque) struct stat stbuf; V9fsFidState *fidp; V9fsPDU *pdu = opaque; - V9fsState *s = pdu->s; v9fs_stat_init(&v9stat); err = pdu_unmarshal(pdu, offset, "dwS", &fid, &unused, &v9stat); @@ -2688,7 +2685,7 @@ out: put_fid(pdu, fidp); out_nofid: v9fs_stat_free(&v9stat); - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); } static int v9fs_fill_statfs(V9fsState *s, V9fsPDU *pdu, struct statfs *stbuf) @@ -2767,7 +2764,7 @@ static void v9fs_statfs(void *opaque) out: put_fid(pdu, fidp); out_nofid: - complete_pdu(s, pdu, retval); + complete_pdu(pdu, retval); } static void v9fs_mknod(void *opaque) @@ -2784,7 +2781,6 @@ static void v9fs_mknod(void *opaque) struct stat stbuf; V9fsFidState *fidp; V9fsPDU *pdu = opaque; - V9fsState *s = pdu->s; v9fs_string_init(&name); err = pdu_unmarshal(pdu, offset, "dsdddd", &fid, &name, &mode, @@ -2815,7 +2811,7 @@ static void v9fs_mknod(void *opaque) out: put_fid(pdu, fidp); out_nofid: - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); v9fs_string_free(&name); } @@ -2836,7 +2832,6 @@ static void v9fs_lock(void *opaque) V9fsFidState *fidp; int32_t fid, err = 0; V9fsPDU *pdu = opaque; - V9fsState *s = pdu->s; status = P9_LOCK_ERROR; v9fs_string_init(&flock.client_id); @@ -2873,7 +2868,7 @@ out_nofid: err += offset; } trace_v9fs_lock_return(pdu->tag, pdu->id, status); - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); v9fs_string_free(&flock.client_id); } @@ -2889,7 +2884,6 @@ static void v9fs_getlock(void *opaque) V9fsGetlock glock; int32_t fid, err = 0; V9fsPDU *pdu = opaque; - V9fsState *s = pdu->s; v9fs_string_init(&glock.client_id); err = pdu_unmarshal(pdu, offset, "dbqqds", &fid, &glock.type, @@ -2923,7 +2917,7 @@ static void v9fs_getlock(void *opaque) out: put_fid(pdu, fidp); out_nofid: - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); v9fs_string_free(&glock.client_id); } @@ -2967,7 +2961,7 @@ static void v9fs_mkdir(void *opaque) out: put_fid(pdu, fidp); out_nofid: - complete_pdu(pdu->s, pdu, err); + complete_pdu(pdu, err); v9fs_string_free(&name); } @@ -3073,7 +3067,7 @@ out: put_fid(pdu, xattr_fidp); } out_nofid: - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); v9fs_string_free(&name); } @@ -3088,7 +3082,6 @@ static void v9fs_xattrcreate(void *opaque) V9fsFidState *file_fidp; V9fsFidState *xattr_fidp; V9fsPDU *pdu = opaque; - V9fsState *s = pdu->s; v9fs_string_init(&name); err = pdu_unmarshal(pdu, offset, "dsqd", &fid, &name, &size, &flags); @@ -3114,7 +3107,7 @@ static void v9fs_xattrcreate(void *opaque) err = offset; put_fid(pdu, file_fidp); out_nofid: - complete_pdu(s, pdu, err); + complete_pdu(pdu, err); v9fs_string_free(&name); } @@ -3154,7 +3147,7 @@ static void v9fs_readlink(void *opaque) out: put_fid(pdu, fidp); out_nofid: - complete_pdu(pdu->s, pdu, err); + complete_pdu(pdu, err); } static CoroutineEntry *pdu_co_handlers[] = { @@ -3197,13 +3190,13 @@ static CoroutineEntry *pdu_co_handlers[] = { static void v9fs_op_not_supp(void *opaque) { V9fsPDU *pdu = opaque; - complete_pdu(pdu->s, pdu, -EOPNOTSUPP); + complete_pdu(pdu, -EOPNOTSUPP); } static void v9fs_fs_ro(void *opaque) { V9fsPDU *pdu = opaque; - complete_pdu(pdu->s, pdu, -EROFS); + complete_pdu(pdu, -EROFS); } static inline bool is_read_only_op(V9fsPDU *pdu) @@ -3233,10 +3226,11 @@ static inline bool is_read_only_op(V9fsPDU *pdu) } } -static void submit_pdu(V9fsState *s, V9fsPDU *pdu) +static void submit_pdu(V9fsPDU *pdu) { Coroutine *co; CoroutineEntry *handler; + V9fsState *s = pdu->s; if (pdu->id >= ARRAY_SIZE(pdu_co_handlers) || (pdu_co_handlers[pdu->id] == NULL)) { @@ -3261,7 +3255,6 @@ void handle_9p_output(VirtIODevice *vdev, VirtQueue *vq) while ((pdu = alloc_pdu(s)) && (len = virtqueue_pop(vq, &pdu->elem)) != 0) { uint8_t *ptr; - pdu->s = s; BUG_ON(pdu->elem.out_num == 0 || pdu->elem.in_num == 0); BUG_ON(pdu->elem.out_sg[0].iov_len < 7); @@ -3271,9 +3264,9 @@ void handle_9p_output(VirtIODevice *vdev, VirtQueue *vq) pdu->id = ptr[4]; pdu->tag = le16_to_cpu(*(uint16_t *)(ptr + 5)); qemu_co_queue_init(&pdu->complete); - submit_pdu(s, pdu); + submit_pdu(pdu); } - free_pdu(s, pdu); + free_pdu(pdu); } static void __attribute__((__constructor__)) virtio_9p_set_fd_limit(void)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor