From: "Dr. David Alan Gilbert (git)" <dgilbert@redhat.com>
To: qemu-devel@nongnu.org, stefanha@redhat.com, vgoyal@redhat.com,
berrange@redhat.com, slp@redhat.com, philmd@redhat.com
Cc: m.mizuma@jp.fujitsu.com, misono.tomohiro@jp.fujitsu.com
Subject: [PATCH v2 044/109] virtiofsd: check input buffer size in fuse_lowlevel.c ops
Date: Tue, 21 Jan 2020 12:23:28 +0000 [thread overview]
Message-ID: <20200121122433.50803-45-dgilbert@redhat.com> (raw)
In-Reply-To: <20200121122433.50803-1-dgilbert@redhat.com>
From: Stefan Hajnoczi <stefanha@redhat.com>
Each FUSE operation involves parsing the input buffer. Currently the
code assumes the input buffer is large enough for the expected
arguments. This patch uses fuse_mbuf_iter to check the size.
Most operations are simple to convert. Some are more complicated due to
variable-length inputs or different sizes depending on the protocol
version.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Sergio Lopez <slp@redhat.com>
---
tools/virtiofsd/fuse_lowlevel.c | 581 +++++++++++++++++++++++++-------
1 file changed, 456 insertions(+), 125 deletions(-)
diff --git a/tools/virtiofsd/fuse_lowlevel.c b/tools/virtiofsd/fuse_lowlevel.c
index 5ae94cf56b..f3e7f46008 100644
--- a/tools/virtiofsd/fuse_lowlevel.c
+++ b/tools/virtiofsd/fuse_lowlevel.c
@@ -18,6 +18,7 @@
#include <assert.h>
#include <errno.h>
#include <limits.h>
+#include <stdbool.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
@@ -26,7 +27,6 @@
#include <unistd.h>
-#define PARAM(inarg) (((char *)(inarg)) + sizeof(*(inarg)))
#define OFFSET_MAX 0x7fffffffffffffffLL
struct fuse_pollhandle {
@@ -707,9 +707,14 @@ int fuse_reply_lseek(fuse_req_t req, off_t off)
return send_reply_ok(req, &arg, sizeof(arg));
}
-static void do_lookup(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_lookup(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- char *name = (char *)inarg;
+ const char *name = fuse_mbuf_iter_advance_str(iter);
+ if (!name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.lookup) {
req->se->op.lookup(req, nodeid, name);
@@ -718,9 +723,16 @@ static void do_lookup(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_forget(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_forget(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_forget_in *arg = (struct fuse_forget_in *)inarg;
+ struct fuse_forget_in *arg;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.forget) {
req->se->op.forget(req, nodeid, arg->nlookup);
@@ -730,20 +742,48 @@ static void do_forget(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
static void do_batch_forget(fuse_req_t req, fuse_ino_t nodeid,
- const void *inarg)
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_batch_forget_in *arg = (void *)inarg;
- struct fuse_forget_one *param = (void *)PARAM(arg);
- unsigned int i;
+ struct fuse_batch_forget_in *arg;
+ struct fuse_forget_data *forgets;
+ size_t scount;
(void)nodeid;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_none(req);
+ return;
+ }
+
+ /*
+ * Prevent integer overflow. The compiler emits the following warning
+ * unless we use the scount local variable:
+ *
+ * error: comparison is always false due to limited range of data type
+ * [-Werror=type-limits]
+ *
+ * This may be true on 64-bit hosts but we need this check for 32-bit
+ * hosts.
+ */
+ scount = arg->count;
+ if (scount > SIZE_MAX / sizeof(forgets[0])) {
+ fuse_reply_none(req);
+ return;
+ }
+
+ forgets = fuse_mbuf_iter_advance(iter, arg->count * sizeof(forgets[0]));
+ if (!forgets) {
+ fuse_reply_none(req);
+ return;
+ }
+
if (req->se->op.forget_multi) {
- req->se->op.forget_multi(req, arg->count,
- (struct fuse_forget_data *)param);
+ req->se->op.forget_multi(req, arg->count, forgets);
} else if (req->se->op.forget) {
+ unsigned int i;
+
for (i = 0; i < arg->count; i++) {
- struct fuse_forget_one *forget = ¶m[i];
struct fuse_req *dummy_req;
dummy_req = fuse_ll_alloc_req(req->se);
@@ -755,7 +795,7 @@ static void do_batch_forget(fuse_req_t req, fuse_ino_t nodeid,
dummy_req->ctx = req->ctx;
dummy_req->ch = NULL;
- req->se->op.forget(dummy_req, forget->nodeid, forget->nlookup);
+ req->se->op.forget(dummy_req, forgets[i].ino, forgets[i].nlookup);
}
fuse_reply_none(req);
} else {
@@ -763,12 +803,19 @@ static void do_batch_forget(fuse_req_t req, fuse_ino_t nodeid,
}
}
-static void do_getattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_getattr(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
struct fuse_file_info *fip = NULL;
struct fuse_file_info fi;
- struct fuse_getattr_in *arg = (struct fuse_getattr_in *)inarg;
+ struct fuse_getattr_in *arg;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (arg->getattr_flags & FUSE_GETATTR_FH) {
memset(&fi, 0, sizeof(fi));
@@ -783,14 +830,21 @@ static void do_getattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_setattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_setattr(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_setattr_in *arg = (struct fuse_setattr_in *)inarg;
-
if (req->se->op.setattr) {
+ struct fuse_setattr_in *arg;
struct fuse_file_info *fi = NULL;
struct fuse_file_info fi_store;
struct stat stbuf;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&stbuf, 0, sizeof(stbuf));
convert_attr(arg, &stbuf);
if (arg->valid & FATTR_FH) {
@@ -811,9 +865,16 @@ static void do_setattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_access(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_access(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_access_in *arg = (struct fuse_access_in *)inarg;
+ struct fuse_access_in *arg;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.access) {
req->se->op.access(req, nodeid, arg->mask);
@@ -822,9 +883,10 @@ static void do_access(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_readlink(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_readlink(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- (void)inarg;
+ (void)iter;
if (req->se->op.readlink) {
req->se->op.readlink(req, nodeid);
@@ -833,10 +895,18 @@ static void do_readlink(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_mknod(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_mknod(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_mknod_in *arg = (struct fuse_mknod_in *)inarg;
- char *name = PARAM(arg);
+ struct fuse_mknod_in *arg;
+ const char *name;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ name = fuse_mbuf_iter_advance_str(iter);
+ if (!arg || !name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
req->ctx.umask = arg->umask;
@@ -847,22 +917,37 @@ static void do_mknod(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_mkdir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_mkdir(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_mkdir_in *arg = (struct fuse_mkdir_in *)inarg;
+ struct fuse_mkdir_in *arg;
+ const char *name;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ name = fuse_mbuf_iter_advance_str(iter);
+ if (!arg || !name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
req->ctx.umask = arg->umask;
if (req->se->op.mkdir) {
- req->se->op.mkdir(req, nodeid, PARAM(arg), arg->mode);
+ req->se->op.mkdir(req, nodeid, name, arg->mode);
} else {
fuse_reply_err(req, ENOSYS);
}
}
-static void do_unlink(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_unlink(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- char *name = (char *)inarg;
+ const char *name = fuse_mbuf_iter_advance_str(iter);
+
+ if (!name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.unlink) {
req->se->op.unlink(req, nodeid, name);
@@ -871,9 +956,15 @@ static void do_unlink(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_rmdir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_rmdir(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- char *name = (char *)inarg;
+ const char *name = fuse_mbuf_iter_advance_str(iter);
+
+ if (!name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.rmdir) {
req->se->op.rmdir(req, nodeid, name);
@@ -882,10 +973,16 @@ static void do_rmdir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_symlink(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_symlink(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- char *name = (char *)inarg;
- char *linkname = ((char *)inarg) + strlen((char *)inarg) + 1;
+ const char *name = fuse_mbuf_iter_advance_str(iter);
+ const char *linkname = fuse_mbuf_iter_advance_str(iter);
+
+ if (!name || !linkname) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.symlink) {
req->se->op.symlink(req, linkname, nodeid, name);
@@ -894,11 +991,20 @@ static void do_symlink(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_rename(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_rename(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_rename_in *arg = (struct fuse_rename_in *)inarg;
- char *oldname = PARAM(arg);
- char *newname = oldname + strlen(oldname) + 1;
+ struct fuse_rename_in *arg;
+ const char *oldname;
+ const char *newname;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ oldname = fuse_mbuf_iter_advance_str(iter);
+ newname = fuse_mbuf_iter_advance_str(iter);
+ if (!arg || !oldname || !newname) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.rename) {
req->se->op.rename(req, nodeid, oldname, arg->newdir, newname, 0);
@@ -907,11 +1013,20 @@ static void do_rename(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_rename2(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_rename2(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_rename2_in *arg = (struct fuse_rename2_in *)inarg;
- char *oldname = PARAM(arg);
- char *newname = oldname + strlen(oldname) + 1;
+ struct fuse_rename2_in *arg;
+ const char *oldname;
+ const char *newname;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ oldname = fuse_mbuf_iter_advance_str(iter);
+ newname = fuse_mbuf_iter_advance_str(iter);
+ if (!arg || !oldname || !newname) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.rename) {
req->se->op.rename(req, nodeid, oldname, arg->newdir, newname,
@@ -921,24 +1036,38 @@ static void do_rename2(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_link(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_link(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_link_in *arg = (struct fuse_link_in *)inarg;
+ struct fuse_link_in *arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ const char *name = fuse_mbuf_iter_advance_str(iter);
+
+ if (!arg || !name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.link) {
- req->se->op.link(req, arg->oldnodeid, nodeid, PARAM(arg));
+ req->se->op.link(req, arg->oldnodeid, nodeid, name);
} else {
fuse_reply_err(req, ENOSYS);
}
}
-static void do_create(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_create(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_create_in *arg = (struct fuse_create_in *)inarg;
-
if (req->se->op.create) {
+ struct fuse_create_in *arg;
struct fuse_file_info fi;
- char *name = PARAM(arg);
+ const char *name;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ name = fuse_mbuf_iter_advance_str(iter);
+ if (!arg || !name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
memset(&fi, 0, sizeof(fi));
fi.flags = arg->flags;
@@ -951,11 +1080,18 @@ static void do_create(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_open(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_open(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_open_in *arg = (struct fuse_open_in *)inarg;
+ struct fuse_open_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.flags = arg->flags;
@@ -966,13 +1102,15 @@ static void do_open(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_read(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_read(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_read_in *arg = (struct fuse_read_in *)inarg;
-
if (req->se->op.read) {
+ struct fuse_read_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
fi.lock_owner = arg->lock_owner;
@@ -983,11 +1121,24 @@ static void do_read(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_write(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_write(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_write_in *arg = (struct fuse_write_in *)inarg;
+ struct fuse_write_in *arg;
struct fuse_file_info fi;
- char *param;
+ const char *param;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
+ param = fuse_mbuf_iter_advance(iter, arg->size);
+ if (!param) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
@@ -995,7 +1146,6 @@ static void do_write(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
fi.lock_owner = arg->lock_owner;
fi.flags = arg->flags;
- param = PARAM(arg);
if (req->se->op.write) {
req->se->op.write(req, nodeid, param, arg->size, arg->offset, &fi);
@@ -1053,11 +1203,18 @@ static void do_write_buf(fuse_req_t req, fuse_ino_t nodeid,
se->op.write_buf(req, nodeid, pbufv, arg->offset, &fi);
}
-static void do_flush(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_flush(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_flush_in *arg = (struct fuse_flush_in *)inarg;
+ struct fuse_flush_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
fi.flush = 1;
@@ -1070,19 +1227,26 @@ static void do_flush(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_release(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_release(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_release_in *arg = (struct fuse_release_in *)inarg;
+ struct fuse_release_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.flags = arg->flags;
fi.fh = arg->fh;
fi.flush = (arg->release_flags & FUSE_RELEASE_FLUSH) ? 1 : 0;
fi.lock_owner = arg->lock_owner;
+
if (arg->release_flags & FUSE_RELEASE_FLOCK_UNLOCK) {
fi.flock_release = 1;
- fi.lock_owner = arg->lock_owner;
}
if (req->se->op.release) {
@@ -1092,11 +1256,19 @@ static void do_release(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_fsync(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_fsync(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_fsync_in *arg = (struct fuse_fsync_in *)inarg;
+ struct fuse_fsync_in *arg;
struct fuse_file_info fi;
- int datasync = arg->fsync_flags & 1;
+ int datasync;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+ datasync = arg->fsync_flags & 1;
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
@@ -1112,11 +1284,18 @@ static void do_fsync(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_opendir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_opendir(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_open_in *arg = (struct fuse_open_in *)inarg;
+ struct fuse_open_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.flags = arg->flags;
@@ -1127,11 +1306,18 @@ static void do_opendir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_readdir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_readdir(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_read_in *arg = (struct fuse_read_in *)inarg;
+ struct fuse_read_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
@@ -1142,11 +1328,18 @@ static void do_readdir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_readdirplus(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_readdirplus(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_read_in *arg = (struct fuse_read_in *)inarg;
+ struct fuse_read_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
@@ -1157,11 +1350,18 @@ static void do_readdirplus(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_releasedir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_releasedir(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_release_in *arg = (struct fuse_release_in *)inarg;
+ struct fuse_release_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.flags = arg->flags;
fi.fh = arg->fh;
@@ -1173,11 +1373,19 @@ static void do_releasedir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_fsyncdir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_fsyncdir(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_fsync_in *arg = (struct fuse_fsync_in *)inarg;
+ struct fuse_fsync_in *arg;
struct fuse_file_info fi;
- int datasync = arg->fsync_flags & 1;
+ int datasync;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+ datasync = arg->fsync_flags & 1;
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
@@ -1189,10 +1397,11 @@ static void do_fsyncdir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_statfs(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_statfs(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
(void)nodeid;
- (void)inarg;
+ (void)iter;
if (req->se->op.statfs) {
req->se->op.statfs(req, nodeid);
@@ -1205,11 +1414,25 @@ static void do_statfs(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_setxattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_setxattr(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_setxattr_in *arg = (struct fuse_setxattr_in *)inarg;
- char *name = PARAM(arg);
- char *value = name + strlen(name) + 1;
+ struct fuse_setxattr_in *arg;
+ const char *name;
+ const char *value;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ name = fuse_mbuf_iter_advance_str(iter);
+ if (!arg || !name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
+ value = fuse_mbuf_iter_advance(iter, arg->size);
+ if (!value) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.setxattr) {
req->se->op.setxattr(req, nodeid, name, value, arg->size, arg->flags);
@@ -1218,20 +1441,36 @@ static void do_setxattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_getxattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_getxattr(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_getxattr_in *arg = (struct fuse_getxattr_in *)inarg;
+ struct fuse_getxattr_in *arg;
+ const char *name;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ name = fuse_mbuf_iter_advance_str(iter);
+ if (!arg || !name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.getxattr) {
- req->se->op.getxattr(req, nodeid, PARAM(arg), arg->size);
+ req->se->op.getxattr(req, nodeid, name, arg->size);
} else {
fuse_reply_err(req, ENOSYS);
}
}
-static void do_listxattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_listxattr(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_getxattr_in *arg = (struct fuse_getxattr_in *)inarg;
+ struct fuse_getxattr_in *arg;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.listxattr) {
req->se->op.listxattr(req, nodeid, arg->size);
@@ -1240,9 +1479,15 @@ static void do_listxattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_removexattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_removexattr(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- char *name = (char *)inarg;
+ const char *name = fuse_mbuf_iter_advance_str(iter);
+
+ if (!name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.removexattr) {
req->se->op.removexattr(req, nodeid, name);
@@ -1266,12 +1511,19 @@ static void convert_fuse_file_lock(struct fuse_file_lock *fl,
flock->l_pid = fl->pid;
}
-static void do_getlk(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_getlk(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_lk_in *arg = (struct fuse_lk_in *)inarg;
+ struct fuse_lk_in *arg;
struct fuse_file_info fi;
struct flock flock;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
fi.lock_owner = arg->owner;
@@ -1285,12 +1537,18 @@ static void do_getlk(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
static void do_setlk_common(fuse_req_t req, fuse_ino_t nodeid,
- const void *inarg, int sleep)
+ struct fuse_mbuf_iter *iter, int sleep)
{
- struct fuse_lk_in *arg = (struct fuse_lk_in *)inarg;
+ struct fuse_lk_in *arg;
struct fuse_file_info fi;
struct flock flock;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
fi.lock_owner = arg->owner;
@@ -1328,14 +1586,16 @@ static void do_setlk_common(fuse_req_t req, fuse_ino_t nodeid,
}
}
-static void do_setlk(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_setlk(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- do_setlk_common(req, nodeid, inarg, 0);
+ do_setlk_common(req, nodeid, iter, 0);
}
-static void do_setlkw(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_setlkw(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- do_setlk_common(req, nodeid, inarg, 1);
+ do_setlk_common(req, nodeid, iter, 1);
}
static int find_interrupted(struct fuse_session *se, struct fuse_req *req)
@@ -1380,12 +1640,20 @@ static int find_interrupted(struct fuse_session *se, struct fuse_req *req)
return 0;
}
-static void do_interrupt(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_interrupt(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_interrupt_in *arg = (struct fuse_interrupt_in *)inarg;
+ struct fuse_interrupt_in *arg;
struct fuse_session *se = req->se;
(void)nodeid;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
if (se->debug) {
fuse_log(FUSE_LOG_DEBUG, "INTERRUPT: %llu\n",
(unsigned long long)arg->unique);
@@ -1426,9 +1694,15 @@ static struct fuse_req *check_interrupt(struct fuse_session *se,
}
}
-static void do_bmap(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_bmap(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_bmap_in *arg = (struct fuse_bmap_in *)inarg;
+ struct fuse_bmap_in *arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.bmap) {
req->se->op.bmap(req, nodeid, arg->blocksize, arg->block);
@@ -1437,18 +1711,34 @@ static void do_bmap(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_ioctl(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_ioctl(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_ioctl_in *arg = (struct fuse_ioctl_in *)inarg;
- unsigned int flags = arg->flags;
- void *in_buf = arg->in_size ? PARAM(arg) : NULL;
+ struct fuse_ioctl_in *arg;
+ unsigned int flags;
+ void *in_buf = NULL;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
+ flags = arg->flags;
if (flags & FUSE_IOCTL_DIR && !(req->se->conn.want & FUSE_CAP_IOCTL_DIR)) {
fuse_reply_err(req, ENOTTY);
return;
}
+ if (arg->in_size) {
+ in_buf = fuse_mbuf_iter_advance(iter, arg->in_size);
+ if (!in_buf) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+ }
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
@@ -1469,11 +1759,18 @@ void fuse_pollhandle_destroy(struct fuse_pollhandle *ph)
free(ph);
}
-static void do_poll(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_poll(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_poll_in *arg = (struct fuse_poll_in *)inarg;
+ struct fuse_poll_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
fi.poll_events = arg->events;
@@ -1497,11 +1794,18 @@ static void do_poll(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_fallocate(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_fallocate(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_fallocate_in *arg = (struct fuse_fallocate_in *)inarg;
+ struct fuse_fallocate_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
@@ -1514,12 +1818,17 @@ static void do_fallocate(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
static void do_copy_file_range(fuse_req_t req, fuse_ino_t nodeid_in,
- const void *inarg)
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_copy_file_range_in *arg =
- (struct fuse_copy_file_range_in *)inarg;
+ struct fuse_copy_file_range_in *arg;
struct fuse_file_info fi_in, fi_out;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi_in, 0, sizeof(fi_in));
fi_in.fh = arg->fh_in;
@@ -1536,11 +1845,17 @@ static void do_copy_file_range(fuse_req_t req, fuse_ino_t nodeid_in,
}
}
-static void do_lseek(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_lseek(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_lseek_in *arg = (struct fuse_lseek_in *)inarg;
+ struct fuse_lseek_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
@@ -1551,15 +1866,33 @@ static void do_lseek(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_init(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_init(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_init_in *arg = (struct fuse_init_in *)inarg;
+ size_t compat_size = offsetof(struct fuse_init_in, max_readahead);
+ struct fuse_init_in *arg;
struct fuse_init_out outarg;
struct fuse_session *se = req->se;
size_t bufsize = se->bufsize;
size_t outargsize = sizeof(outarg);
(void)nodeid;
+
+ /* First consume the old fields... */
+ arg = fuse_mbuf_iter_advance(iter, compat_size);
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
+ /* ...and now consume the new fields. */
+ if (arg->major == 7 && arg->minor >= 6) {
+ if (!fuse_mbuf_iter_advance(iter, sizeof(*arg) - compat_size)) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+ }
+
if (se->debug) {
fuse_log(FUSE_LOG_DEBUG, "INIT: %u.%u\n", arg->major, arg->minor);
if (arg->major == 7 && arg->minor >= 6) {
@@ -1792,12 +2125,13 @@ static void do_init(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
send_reply_ok(req, &outarg, outargsize);
}
-static void do_destroy(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_destroy(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
struct fuse_session *se = req->se;
(void)nodeid;
- (void)inarg;
+ (void)iter;
se->got_destroy = 1;
if (se->op.destroy) {
@@ -1978,7 +2312,7 @@ int fuse_req_interrupted(fuse_req_t req)
}
static struct {
- void (*func)(fuse_req_t, fuse_ino_t, const void *);
+ void (*func)(fuse_req_t, fuse_ino_t, struct fuse_mbuf_iter *);
const char *name;
} fuse_ll_ops[] = {
[FUSE_LOOKUP] = { do_lookup, "LOOKUP" },
@@ -2062,7 +2396,6 @@ void fuse_session_process_buf_int(struct fuse_session *se,
const struct fuse_buf *buf = bufv->buf;
struct fuse_mbuf_iter iter = FUSE_MBUF_ITER_INIT(buf);
struct fuse_in_header *in;
- const void *inarg;
struct fuse_req *req;
int err;
@@ -2140,13 +2473,11 @@ void fuse_session_process_buf_int(struct fuse_session *se,
}
}
- inarg = (void *)&in[1];
if (in->opcode == FUSE_WRITE && se->op.write_buf) {
do_write_buf(req, in->nodeid, &iter, bufv);
} else {
- fuse_ll_ops[in->opcode].func(req, in->nodeid, inarg);
+ fuse_ll_ops[in->opcode].func(req, in->nodeid, &iter);
}
-
return;
reply_err:
--
2.24.1
next prev parent reply other threads:[~2020-01-21 12:46 UTC|newest]
Thread overview: 141+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-21 12:22 [PATCH v2 000/109] virtiofs daemon [all] Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 001/109] virtiofsd: Pull in upstream headers Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 002/109] virtiofsd: Pull in kernel's fuse.h Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 003/109] virtiofsd: Add auxiliary .c's Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 004/109] virtiofsd: Add fuse_lowlevel.c Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 005/109] virtiofsd: Add passthrough_ll Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 006/109] virtiofsd: Trim down imported files Dr. David Alan Gilbert (git)
2020-01-22 2:48 ` Xiao Yang
2020-01-22 10:41 ` Dr. David Alan Gilbert
2020-01-21 12:22 ` [PATCH v2 007/109] virtiofsd: Format imported files to qemu style Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 008/109] virtiofsd: remove mountpoint dummy argument Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 009/109] virtiofsd: remove unused notify reply support Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 010/109] virtiofsd: Fix fuse_daemonize ignored return values Dr. David Alan Gilbert (git)
2020-01-21 15:24 ` Philippe Mathieu-Daudé
2020-01-21 12:22 ` [PATCH v2 011/109] virtiofsd: Fix common header and define for QEMU builds Dr. David Alan Gilbert (git)
2020-01-21 15:24 ` Philippe Mathieu-Daudé
2020-01-22 15:32 ` Philippe Mathieu-Daudé
2020-01-22 16:52 ` Dr. David Alan Gilbert
2020-01-21 12:22 ` [PATCH v2 012/109] virtiofsd: Trim out compatibility code Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 013/109] vitriofsd/passthrough_ll: fix fallocate() ifdefs Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 014/109] virtiofsd: Make fsync work even if only inode is passed in Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 015/109] virtiofsd: Add options for virtio Dr. David Alan Gilbert (git)
2020-01-22 6:53 ` Misono Tomohiro
2020-01-21 12:23 ` [PATCH v2 016/109] virtiofsd: add -o source=PATH to help output Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 017/109] virtiofsd: Open vhost connection instead of mounting Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 018/109] virtiofsd: Start wiring up vhost-user Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 019/109] virtiofsd: Add main virtio loop Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 020/109] virtiofsd: get/set features callbacks Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 021/109] virtiofsd: Start queue threads Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 022/109] virtiofsd: Poll kick_fd for queue Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 023/109] virtiofsd: Start reading commands from queue Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 024/109] virtiofsd: Send replies to messages Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 025/109] virtiofsd: Keep track of replies Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 026/109] virtiofsd: Add Makefile wiring for virtiofsd contrib Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 027/109] virtiofsd: Fast path for virtio read Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 028/109] virtiofsd: add --fd=FDNUM fd passing option Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 029/109] virtiofsd: make -f (foreground) the default Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 030/109] virtiofsd: add vhost-user.json file Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 031/109] virtiofsd: add --print-capabilities option Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 032/109] virtiofs: Add maintainers entry Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 033/109] virtiofsd: passthrough_ll: create new files in caller's context Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 034/109] virtiofsd: passthrough_ll: add lo_map for ino/fh indirection Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 035/109] virtiofsd: passthrough_ll: add ino_map to hide lo_inode pointers Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 036/109] virtiofsd: passthrough_ll: add dirp_map to hide lo_dirp pointers Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 037/109] virtiofsd: passthrough_ll: add fd_map to hide file descriptors Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 038/109] virtiofsd: passthrough_ll: add fallback for racy ops Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 039/109] virtiofsd: validate path components Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 040/109] virtiofsd: Plumb fuse_bufvec through to do_write_buf Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 041/109] virtiofsd: Pass write iov's all the way through Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 042/109] virtiofsd: add fuse_mbuf_iter API Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 043/109] virtiofsd: validate input buffer sizes in do_write_buf() Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` Dr. David Alan Gilbert (git) [this message]
2020-01-21 12:23 ` [PATCH v2 045/109] virtiofsd: prevent ".." escape in lo_do_lookup() Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 046/109] virtiofsd: prevent ".." escape in lo_do_readdir() Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 047/109] virtiofsd: use /proc/self/fd/ O_PATH file descriptor Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 048/109] virtiofsd: sandbox mount namespace Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 049/109] virtiofsd: move to an empty network namespace Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 050/109] virtiofsd: move to a new pid namespace Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 051/109] virtiofsd: add seccomp whitelist Dr. David Alan Gilbert (git)
2020-01-21 15:54 ` Philippe Mathieu-Daudé
2020-01-21 19:49 ` Dr. David Alan Gilbert
2020-01-21 20:53 ` Philippe Mathieu-Daudé
2020-01-24 9:46 ` Florian Weimer
2020-01-24 9:51 ` Dr. David Alan Gilbert
2020-01-24 9:57 ` Dr. David Alan Gilbert
2020-01-24 10:06 ` Florian Weimer
2020-01-21 12:23 ` [PATCH v2 052/109] virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 053/109] virtiofsd: cap-ng helpers Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 054/109] virtiofsd: Drop CAP_FSETID if client asked for it Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 055/109] virtiofsd: set maximum RLIMIT_NOFILE limit Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 056/109] virtiofsd: fix libfuse information leaks Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 057/109] docs: Add docs/tools Dr. David Alan Gilbert (git)
2020-01-22 15:19 ` Philippe Mathieu-Daudé
2020-01-21 12:23 ` [PATCH v2 058/109] virtiofsd: add security guide document Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 059/109] virtiofsd: add --syslog command-line option Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 060/109] virtiofsd: print log only when priority is high enough Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 061/109] virtiofsd: Add ID to the log with FUSE_LOG_DEBUG level Dr. David Alan Gilbert (git)
2020-01-22 15:27 ` Philippe Mathieu-Daudé
2020-01-21 12:23 ` [PATCH v2 062/109] virtiofsd: Add timestamp " Dr. David Alan Gilbert (git)
2020-01-22 15:36 ` Philippe Mathieu-Daudé
2020-01-22 15:57 ` Dr. David Alan Gilbert
2020-01-21 12:23 ` [PATCH v2 063/109] virtiofsd: Handle reinit Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 064/109] virtiofsd: Handle hard reboot Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 065/109] virtiofsd: Kill threads when queues are stopped Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 066/109] vhost-user: Print unexpected slave message types Dr. David Alan Gilbert (git)
2020-01-22 15:41 ` Philippe Mathieu-Daudé
2020-01-22 16:00 ` Dr. David Alan Gilbert
2020-01-21 12:23 ` [PATCH v2 067/109] contrib/libvhost-user: Protect slave fd with mutex Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 068/109] virtiofsd: passthrough_ll: add renameat2 support Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 069/109] virtiofsd: passthrough_ll: disable readdirplus on cache=never Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 070/109] virtiofsd: passthrough_ll: control readdirplus Dr. David Alan Gilbert (git)
2020-01-22 3:11 ` Misono Tomohiro
2020-01-22 17:42 ` Dr. David Alan Gilbert
2020-01-21 12:23 ` [PATCH v2 071/109] virtiofsd: rename unref_inode() to unref_inode_lolocked() Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 072/109] virtiofsd: fail when parent inode isn't known in lo_do_lookup() Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 073/109] virtiofsd: extract root inode init into setup_root() Dr. David Alan Gilbert (git)
2020-01-22 1:31 ` Misono Tomohiro
2020-01-21 12:23 ` [PATCH v2 074/109] virtiofsd: passthrough_ll: clean up cache related options Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 075/109] virtiofsd: passthrough_ll: use hashtable Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 076/109] virtiofsd: Clean up inodes on destroy Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 077/109] virtiofsd: support nanosecond resolution for file timestamp Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 078/109] virtiofsd: fix error handling in main() Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 079/109] virtiofsd: cleanup allocated resource in se Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 080/109] virtiofsd: fix memory leak on lo.source Dr. David Alan Gilbert (git)
2020-01-22 1:54 ` Misono Tomohiro
2020-01-21 12:24 ` [PATCH v2 081/109] virtiofsd: add helper for lo_data cleanup Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 082/109] virtiofsd: Prevent multiply running with same vhost_user_socket Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 083/109] virtiofsd: enable PARALLEL_DIROPS during INIT Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 084/109] virtiofsd: fix incorrect error handling in lo_do_lookup Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 085/109] Virtiofsd: fix memory leak on fuse queueinfo Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 086/109] virtiofsd: Support remote posix locks Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 087/109] virtiofsd: use fuse_lowlevel_is_virtio() in fuse_session_destroy() Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 088/109] virtiofsd: prevent fv_queue_thread() vs virtio_loop() races Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 089/109] virtiofsd: make lo_release() atomic Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 090/109] virtiofsd: prevent races with lo_dirp_put() Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 091/109] virtiofsd: rename inode->refcount to inode->nlookup Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 092/109] libvhost-user: Fix some memtable remap cases Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 093/109] virtiofsd: add man page Dr. David Alan Gilbert (git)
2020-01-21 15:20 ` Philippe Mathieu-Daudé
2020-01-21 12:24 ` [PATCH v2 094/109] virtiofsd: passthrough_ll: fix refcounting on remove/rename Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 095/109] virtiofsd: introduce inode refcount to prevent use-after-free Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 096/109] virtiofsd: do not always set FUSE_FLOCK_LOCKS Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 097/109] virtiofsd: convert more fprintf and perror to use fuse log infra Dr. David Alan Gilbert (git)
2020-01-22 15:44 ` Philippe Mathieu-Daudé
2020-01-21 12:24 ` [PATCH v2 098/109] virtiofsd: Reset O_DIRECT flag during file open Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 099/109] virtiofsd: Fix data corruption with O_APPEND write in writeback mode Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 100/109] virtiofsd: add definition of fuse_buf_writev() Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 101/109] virtiofsd: use fuse_buf_writev to replace fuse_buf_write for better performance Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 102/109] virtiofsd: process requests in a thread pool Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 103/109] virtiofsd: prevent FUSE_INIT/FUSE_DESTROY races Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 104/109] virtiofsd: fix lo_destroy() resource leaks Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 105/109] virtiofsd: add --thread-pool-size=NUM option Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 106/109] virtiofsd: Convert lo_destroy to take the lo->mutex lock itself Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 107/109] virtiofsd/passthrough_ll: Pass errno to fuse_reply_err() Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 108/109] virtiofsd: stop all queue threads on exit in virtio_loop() Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 109/109] virtiofsd: add some options to the help message Dr. David Alan Gilbert (git)
2020-01-22 6:35 ` Misono Tomohiro
2020-01-22 18:11 ` Dr. David Alan Gilbert
2020-01-21 14:56 ` [PATCH v2 000/109] virtiofs daemon [all] no-reply
2020-01-21 15:41 ` Philippe Mathieu-Daudé
2020-01-21 17:01 ` Dr. David Alan Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200121122433.50803-45-dgilbert@redhat.com \
--to=dgilbert@redhat.com \
--cc=berrange@redhat.com \
--cc=m.mizuma@jp.fujitsu.com \
--cc=misono.tomohiro@jp.fujitsu.com \
--cc=philmd@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=slp@redhat.com \
--cc=stefanha@redhat.com \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).