* [PATCH] virtiofsd: Remove useless code about send_notify_iov
@ 2020-12-14 12:16 Alex Chen
2020-12-14 17:00 ` Stefan Hajnoczi
0 siblings, 1 reply; 3+ messages in thread
From: Alex Chen @ 2020-12-14 12:16 UTC (permalink / raw)
To: dgilbert, stefanha
Cc: alex.chen, qemu-trivial, qemu-devel, zhang.zhanghailiang
The 'ch' will be NULL in the following stack:
send_notify_iov()->fuse_send_msg()->virtio_send_msg(), and
this may lead to NULL pointer dereferenced in virtio_send_msg().
But send_notify_iov() was never called, so remove the useless code
about send_notify_iov() to fix this problem.
Signed-off-by: Alex Chen <alex.chen@huawei.com>
---
tools/virtiofsd/fuse_lowlevel.c | 98 ---------------------------------
1 file changed, 98 deletions(-)
diff --git a/tools/virtiofsd/fuse_lowlevel.c b/tools/virtiofsd/fuse_lowlevel.c
index d4119e92ab..e94b71110b 100644
--- a/tools/virtiofsd/fuse_lowlevel.c
+++ b/tools/virtiofsd/fuse_lowlevel.c
@@ -2143,104 +2143,6 @@ static void do_destroy(fuse_req_t req, fuse_ino_t nodeid,
send_reply_ok(req, NULL, 0);
}
-static int send_notify_iov(struct fuse_session *se, int notify_code,
- struct iovec *iov, int count)
-{
- struct fuse_out_header out = {
- .error = notify_code,
- };
-
- if (!se->got_init) {
- return -ENOTCONN;
- }
-
- iov[0].iov_base = &out;
- iov[0].iov_len = sizeof(struct fuse_out_header);
-
- return fuse_send_msg(se, NULL, iov, count);
-}
-
-int fuse_lowlevel_notify_poll(struct fuse_pollhandle *ph)
-{
- if (ph != NULL) {
- struct fuse_notify_poll_wakeup_out outarg = {
- .kh = ph->kh,
- };
- struct iovec iov[2];
-
- iov[1].iov_base = &outarg;
- iov[1].iov_len = sizeof(outarg);
-
- return send_notify_iov(ph->se, FUSE_NOTIFY_POLL, iov, 2);
- } else {
- return 0;
- }
-}
-
-int fuse_lowlevel_notify_inval_inode(struct fuse_session *se, fuse_ino_t ino,
- off_t off, off_t len)
-{
- struct fuse_notify_inval_inode_out outarg = {
- .ino = ino,
- .off = off,
- .len = len,
- };
- struct iovec iov[2];
-
- if (!se) {
- return -EINVAL;
- }
-
- iov[1].iov_base = &outarg;
- iov[1].iov_len = sizeof(outarg);
-
- return send_notify_iov(se, FUSE_NOTIFY_INVAL_INODE, iov, 2);
-}
-
-int fuse_lowlevel_notify_inval_entry(struct fuse_session *se, fuse_ino_t parent,
- const char *name, size_t namelen)
-{
- struct fuse_notify_inval_entry_out outarg = {
- .parent = parent,
- .namelen = namelen,
- };
- struct iovec iov[3];
-
- if (!se) {
- return -EINVAL;
- }
-
- iov[1].iov_base = &outarg;
- iov[1].iov_len = sizeof(outarg);
- iov[2].iov_base = (void *)name;
- iov[2].iov_len = namelen + 1;
-
- return send_notify_iov(se, FUSE_NOTIFY_INVAL_ENTRY, iov, 3);
-}
-
-int fuse_lowlevel_notify_delete(struct fuse_session *se, fuse_ino_t parent,
- fuse_ino_t child, const char *name,
- size_t namelen)
-{
- struct fuse_notify_delete_out outarg = {
- .parent = parent,
- .child = child,
- .namelen = namelen,
- };
- struct iovec iov[3];
-
- if (!se) {
- return -EINVAL;
- }
-
- iov[1].iov_base = &outarg;
- iov[1].iov_len = sizeof(outarg);
- iov[2].iov_base = (void *)name;
- iov[2].iov_len = namelen + 1;
-
- return send_notify_iov(se, FUSE_NOTIFY_DELETE, iov, 3);
-}
-
int fuse_lowlevel_notify_store(struct fuse_session *se, fuse_ino_t ino,
off_t offset, struct fuse_bufvec *bufv)
{
--
2.19.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] virtiofsd: Remove useless code about send_notify_iov
2020-12-14 12:16 [PATCH] virtiofsd: Remove useless code about send_notify_iov Alex Chen
@ 2020-12-14 17:00 ` Stefan Hajnoczi
2020-12-17 20:09 ` Dr. David Alan Gilbert
0 siblings, 1 reply; 3+ messages in thread
From: Stefan Hajnoczi @ 2020-12-14 17:00 UTC (permalink / raw)
To: Alex Chen; +Cc: qemu-trivial, zhang.zhanghailiang, dgilbert, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 584 bytes --]
On Mon, Dec 14, 2020 at 12:16:15PM +0000, Alex Chen wrote:
> The 'ch' will be NULL in the following stack:
> send_notify_iov()->fuse_send_msg()->virtio_send_msg(), and
> this may lead to NULL pointer dereferenced in virtio_send_msg().
> But send_notify_iov() was never called, so remove the useless code
> about send_notify_iov() to fix this problem.
>
> Signed-off-by: Alex Chen <alex.chen@huawei.com>
> ---
> tools/virtiofsd/fuse_lowlevel.c | 98 ---------------------------------
> 1 file changed, 98 deletions(-)
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] virtiofsd: Remove useless code about send_notify_iov
2020-12-14 17:00 ` Stefan Hajnoczi
@ 2020-12-17 20:09 ` Dr. David Alan Gilbert
0 siblings, 0 replies; 3+ messages in thread
From: Dr. David Alan Gilbert @ 2020-12-17 20:09 UTC (permalink / raw)
To: Stefan Hajnoczi; +Cc: Alex Chen, qemu-trivial, zhang.zhanghailiang, qemu-devel
* Stefan Hajnoczi (stefanha@redhat.com) wrote:
> On Mon, Dec 14, 2020 at 12:16:15PM +0000, Alex Chen wrote:
> > The 'ch' will be NULL in the following stack:
> > send_notify_iov()->fuse_send_msg()->virtio_send_msg(), and
> > this may lead to NULL pointer dereferenced in virtio_send_msg().
> > But send_notify_iov() was never called, so remove the useless code
> > about send_notify_iov() to fix this problem.
> >
> > Signed-off-by: Alex Chen <alex.chen@huawei.com>
> > ---
> > tools/virtiofsd/fuse_lowlevel.c | 98 ---------------------------------
> > 1 file changed, 98 deletions(-)
>
> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
I've picked this up in my current virtiofsd pull I'm doing.
Queued
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-12-17 20:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-12-14 12:16 [PATCH] virtiofsd: Remove useless code about send_notify_iov Alex Chen
2020-12-14 17:00 ` Stefan Hajnoczi
2020-12-17 20:09 ` Dr. David Alan Gilbert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).