[PATCH] vfio/iommufd: Remove the use of stat() to check file existence

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] vfio/iommufd: Remove the use of stat() to check file existence
@ 2023-12-21  8:09 Cédric Le Goater
  2023-12-21  8:55 ` Duan, Zhenzhong
  2024-01-02  8:10 ` Cédric Le Goater
  0 siblings, 2 replies; 5+ messages in thread
From: Cédric Le Goater @ 2023-12-21  8:09 UTC (permalink / raw)
  To: qemu-devel
  Cc: Eric Auger, Zhenzhong Duan, Alex Williamson,
	Cédric Le Goater

Using stat() before opening a file or a directory can lead to a
time-of-check to time-of-use (TOCTOU) filesystem race, which is
reported by coverity as a Security best practices violations. The
sequence could be replaced by open and fdopendir but it doesn't add
much in this case. Simply use opendir to avoid the race.

Fixes: CID 1531551
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 hw/vfio/iommufd.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c
index d4c586e842def8f04d3a914843f5eece2c75ea30..9bfddc1360895413176a9f170e29e89027384a66 100644
--- a/hw/vfio/iommufd.c
+++ b/hw/vfio/iommufd.c
@@ -121,17 +121,11 @@ static int iommufd_cdev_getfd(const char *sysfs_path, Error **errp)
     DIR *dir = NULL;
     struct dirent *dent;
     gchar *contents;
-    struct stat st;
     gsize length;
     int major, minor;
     dev_t vfio_devt;
 
     path = g_strdup_printf("%s/vfio-dev", sysfs_path);
-    if (stat(path, &st) < 0) {
-        error_setg_errno(errp, errno, "no such host device");
-        goto out_free_path;
-    }
-
     dir = opendir(path);
     if (!dir) {
         error_setg_errno(errp, errno, "couldn't open directory %s", path);
-- 
2.43.0



^ permalink raw reply related	[flat|nested] 5+ messages in thread

* RE: [PATCH] vfio/iommufd: Remove the use of stat() to check file existence
  2023-12-21  8:09 [PATCH] vfio/iommufd: Remove the use of stat() to check file existence Cédric Le Goater
@ 2023-12-21  8:55 ` Duan, Zhenzhong
  2023-12-21  9:15   ` Cédric Le Goater
  2024-01-02  8:10 ` Cédric Le Goater
  1 sibling, 1 reply; 5+ messages in thread
From: Duan, Zhenzhong @ 2023-12-21  8:55 UTC (permalink / raw)
  To: Cédric Le Goater, qemu-devel@nongnu.org; +Cc: Eric Auger, Alex Williamson



>-----Original Message-----
>From: Cédric Le Goater <clg@redhat.com>
>Sent: Thursday, December 21, 2023 4:10 PM
>Subject: [PATCH] vfio/iommufd: Remove the use of stat() to check file
>existence
>
>Using stat() before opening a file or a directory can lead to a
>time-of-check to time-of-use (TOCTOU) filesystem race, which is
>reported by coverity as a Security best practices violations. The
>sequence could be replaced by open and fdopendir but it doesn't add
>much in this case. Simply use opendir to avoid the race.
>
>Fixes: CID 1531551
>Signed-off-by: Cédric Le Goater <clg@redhat.com>

Thanks for fixing, Reviewed-by: Zhenzhong Duan <Zhenzhong.duan@intel.com>

BRs.
Zhenzhong

>---
> hw/vfio/iommufd.c | 6 ------
> 1 file changed, 6 deletions(-)
>
>diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c
>index
>d4c586e842def8f04d3a914843f5eece2c75ea30..9bfddc1360895413176a9f
>170e29e89027384a66 100644
>--- a/hw/vfio/iommufd.c
>+++ b/hw/vfio/iommufd.c
>@@ -121,17 +121,11 @@ static int iommufd_cdev_getfd(const char
>*sysfs_path, Error **errp)
>     DIR *dir = NULL;
>     struct dirent *dent;
>     gchar *contents;
>-    struct stat st;
>     gsize length;
>     int major, minor;
>     dev_t vfio_devt;
>
>     path = g_strdup_printf("%s/vfio-dev", sysfs_path);
>-    if (stat(path, &st) < 0) {
>-        error_setg_errno(errp, errno, "no such host device");
>-        goto out_free_path;
>-    }
>-
>     dir = opendir(path);
>     if (!dir) {
>         error_setg_errno(errp, errno, "couldn't open directory %s", path);
>--
>2.43.0


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] vfio/iommufd: Remove the use of stat() to check file existence
  2023-12-21  8:55 ` Duan, Zhenzhong
@ 2023-12-21  9:15   ` Cédric Le Goater
  2023-12-21  9:23     ` Duan, Zhenzhong
  0 siblings, 1 reply; 5+ messages in thread
From: Cédric Le Goater @ 2023-12-21  9:15 UTC (permalink / raw)
  To: Duan, Zhenzhong, qemu-devel@nongnu.org; +Cc: Eric Auger, Alex Williamson

Hello Zhenzhong

On 12/21/23 09:55, Duan, Zhenzhong wrote:
> 
> 
>> -----Original Message-----
>> From: Cédric Le Goater <clg@redhat.com>
>> Sent: Thursday, December 21, 2023 4:10 PM
>> Subject: [PATCH] vfio/iommufd: Remove the use of stat() to check file
>> existence
>>
>> Using stat() before opening a file or a directory can lead to a
>> time-of-check to time-of-use (TOCTOU) filesystem race, which is
>> reported by coverity as a Security best practices violations. The
>> sequence could be replaced by open and fdopendir but it doesn't add
>> much in this case. Simply use opendir to avoid the race.
>>
>> Fixes: CID 1531551
>> Signed-off-by: Cédric Le Goater <clg@redhat.com>
> 
> Thanks for fixing, Reviewed-by: Zhenzhong Duan <Zhenzhong.duan@intel.com>

It seems that tools like b4 need the R-b tag, and probably other
tags, to be at the beginning of a new line. So, just repeating :

Reviewed-by: Zhenzhong Duan <Zhenzhong.duan@intel.com>


Thanks,

C.



> 
> BRs.
> Zhenzhong
> 
>> ---
>> hw/vfio/iommufd.c | 6 ------
>> 1 file changed, 6 deletions(-)
>>
>> diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c
>> index
>> d4c586e842def8f04d3a914843f5eece2c75ea30..9bfddc1360895413176a9f
>> 170e29e89027384a66 100644
>> --- a/hw/vfio/iommufd.c
>> +++ b/hw/vfio/iommufd.c
>> @@ -121,17 +121,11 @@ static int iommufd_cdev_getfd(const char
>> *sysfs_path, Error **errp)
>>      DIR *dir = NULL;
>>      struct dirent *dent;
>>      gchar *contents;
>> -    struct stat st;
>>      gsize length;
>>      int major, minor;
>>      dev_t vfio_devt;
>>
>>      path = g_strdup_printf("%s/vfio-dev", sysfs_path);
>> -    if (stat(path, &st) < 0) {
>> -        error_setg_errno(errp, errno, "no such host device");
>> -        goto out_free_path;
>> -    }
>> -
>>      dir = opendir(path);
>>      if (!dir) {
>>          error_setg_errno(errp, errno, "couldn't open directory %s", path);
>> --
>> 2.43.0
> 



^ permalink raw reply	[flat|nested] 5+ messages in thread

* RE: [PATCH] vfio/iommufd: Remove the use of stat() to check file existence
  2023-12-21  9:15   ` Cédric Le Goater
@ 2023-12-21  9:23     ` Duan, Zhenzhong
  0 siblings, 0 replies; 5+ messages in thread
From: Duan, Zhenzhong @ 2023-12-21  9:23 UTC (permalink / raw)
  To: Cédric Le Goater, qemu-devel@nongnu.org; +Cc: Eric Auger, Alex Williamson



>-----Original Message-----
>From: Cédric Le Goater <clg@redhat.com>
>Sent: Thursday, December 21, 2023 5:16 PM
>Subject: Re: [PATCH] vfio/iommufd: Remove the use of stat() to check file
>existence
>
>Hello Zhenzhong
>
>On 12/21/23 09:55, Duan, Zhenzhong wrote:
>>
>>
>>> -----Original Message-----
>>> From: Cédric Le Goater <clg@redhat.com>
>>> Sent: Thursday, December 21, 2023 4:10 PM
>>> Subject: [PATCH] vfio/iommufd: Remove the use of stat() to check file
>>> existence
>>>
>>> Using stat() before opening a file or a directory can lead to a
>>> time-of-check to time-of-use (TOCTOU) filesystem race, which is
>>> reported by coverity as a Security best practices violations. The
>>> sequence could be replaced by open and fdopendir but it doesn't add
>>> much in this case. Simply use opendir to avoid the race.
>>>
>>> Fixes: CID 1531551
>>> Signed-off-by: Cédric Le Goater <clg@redhat.com>
>>
>> Thanks for fixing, Reviewed-by: Zhenzhong Duan
><Zhenzhong.duan@intel.com>
>
>It seems that tools like b4 need the R-b tag, and probably other
>tags, to be at the beginning of a new line. So, just repeating :
>
>Reviewed-by: Zhenzhong Duan <Zhenzhong.duan@intel.com>

Got it, will follow that rule in the future.

Thanks
Zhenzhong

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] vfio/iommufd: Remove the use of stat() to check file existence
  2023-12-21  8:09 [PATCH] vfio/iommufd: Remove the use of stat() to check file existence Cédric Le Goater
  2023-12-21  8:55 ` Duan, Zhenzhong
@ 2024-01-02  8:10 ` Cédric Le Goater
  1 sibling, 0 replies; 5+ messages in thread
From: Cédric Le Goater @ 2024-01-02  8:10 UTC (permalink / raw)
  To: qemu-devel; +Cc: Eric Auger, Zhenzhong Duan, Alex Williamson

On 12/21/23 09:09, Cédric Le Goater wrote:
> Using stat() before opening a file or a directory can lead to a
> time-of-check to time-of-use (TOCTOU) filesystem race, which is
> reported by coverity as a Security best practices violations. The
> sequence could be replaced by open and fdopendir but it doesn't add
> much in this case. Simply use opendir to avoid the race.
> 
> Fixes: CID 1531551
> Signed-off-by: Cédric Le Goater <clg@redhat.com>


Applied to vfio-next.

Thanks,

C.





^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2024-01-02  8:12 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-12-21  8:09 [PATCH] vfio/iommufd: Remove the use of stat() to check file existence Cédric Le Goater
2023-12-21  8:55 ` Duan, Zhenzhong
2023-12-21  9:15   ` Cédric Le Goater
2023-12-21  9:23     ` Duan, Zhenzhong
2024-01-02  8:10 ` Cédric Le Goater

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).