From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:49945) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RZ3XI-0001nE-Fh for qemu-devel@nongnu.org; Fri, 09 Dec 2011 11:43:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RZ3XH-0007wc-GG for qemu-devel@nongnu.org; Fri, 09 Dec 2011 11:43:00 -0500 Received: from e23smtp06.au.ibm.com ([202.81.31.148]:47695) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RZ3XG-0007wX-VF for qemu-devel@nongnu.org; Fri, 09 Dec 2011 11:42:59 -0500 Received: from /spool/local by e23smtp06.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 9 Dec 2011 16:40:26 +1000 Received: from d23av04.au.ibm.com (d23av04.au.ibm.com [9.190.235.139]) by d23relay04.au.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id pB9GcuWf2183272 for ; Sat, 10 Dec 2011 03:38:59 +1100 Received: from d23av04.au.ibm.com (loopback [127.0.0.1]) by d23av04.au.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id pB9GgY9D020354 for ; Sat, 10 Dec 2011 03:42:34 +1100 From: "M. Mohan Kumar" Date: Fri, 9 Dec 2011 22:12:17 +0530 References: <1323101930-27163-1-git-send-email-mohan@in.ibm.com> <1323101930-27163-5-git-send-email-mohan@in.ibm.com> <20111208183114.GC20998@stefanha-thinkpad.localdomain> In-Reply-To: <20111208183114.GC20998@stefanha-thinkpad.localdomain> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201112092212.20343.mohan@in.ibm.com> Subject: Re: [Qemu-devel] [PATCH V4 04/13] hw/9pfs: File system helper process for qemu 9p proxy FS List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Hajnoczi Cc: "M. Mohan Kumar" , qemu-devel@nongnu.org, aneesh.kumar@linux.vnet.ibm.com On Friday, December 09, 2011 12:01:14 AM Stefan Hajnoczi wrote: > On Mon, Dec 05, 2011 at 09:48:41PM +0530, M. Mohan Kumar wrote: > > +static int read_request(int sockfd, struct iovec *iovec, ProxyHeader > > *header) +{ > > + int retval; > > + > > + /* > > + * read the request header. > > + */ > > + iovec->iov_len = 0; > > + retval = socket_read(sockfd, iovec->iov_base, PROXY_HDR_SZ); > > + if (retval < 0) { > > + return retval; > > + } > > + iovec->iov_len = PROXY_HDR_SZ; > > + retval = proxy_unmarshal(iovec, 0, "dd", &header->type, > > &header->size); + if (retval < 0) { > > + return retval; > > + } > > + /* > > + * We can't process message.size > PROXY_MAX_IO_SZ, read the > > complete + * message from the socket and ignore it. This ensures > > that + * we can correctly handle the next request. We also return + > > * ENOBUFS as error to indicate we ran out of buffer space. + */ > > + if (header->size > PROXY_MAX_IO_SZ) { > > + int count, size; > > + size = header->size; > > + while (size > 0) { > > + count = MIN(PROXY_MAX_IO_SZ, size); > > + count = socket_read(sockfd, iovec->iov_base + PROXY_HDR_SZ, > > count); + if (count < 0) { > > + return count; > > + } > > + size -= count; > > + } > > I'm not sure recovery attempts are worthwhile here. The client is > buggy, perhaps just refuse further work. But whats the issue in trying to recover in this case? > > > + return -ENOBUFS; > > + } > > header->size is (signed) int and we didn't check for header->size < 0. > Please use an unsigned type. I will fix in next version > > > + if (chroot(rpath) < 0) { > > + do_perror("chroot"); > > + goto error; > > + } > > + umask(0); > > We haven't changed into the chroot yet, we need chdir("/"). Otherwise > the current working directory is outside the chroot (and allows trivial > escape). I will fix in next version