From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:49978) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UFhVI-00056x-Uh for qemu-devel@nongnu.org; Wed, 13 Mar 2013 04:57:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1UFhVG-0003KP-68 for qemu-devel@nongnu.org; Wed, 13 Mar 2013 04:57:44 -0400 Received: from e23smtp07.au.ibm.com ([202.81.31.140]:34635) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UFhVE-0003K1-Is for qemu-devel@nongnu.org; Wed, 13 Mar 2013 04:57:42 -0400 Received: from /spool/local by e23smtp07.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 13 Mar 2013 18:49:25 +1000 Received: from d23relay05.au.ibm.com (d23relay05.au.ibm.com [9.190.235.152]) by d23dlp01.au.ibm.com (Postfix) with ESMTP id 8FBC02CE804A for ; Wed, 13 Mar 2013 19:57:10 +1100 (EST) Received: from d23av02.au.ibm.com (d23av02.au.ibm.com [9.190.235.138]) by d23relay05.au.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id r2D8iFLi5701934 for ; Wed, 13 Mar 2013 19:44:16 +1100 Received: from d23av02.au.ibm.com (loopback [127.0.0.1]) by d23av02.au.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id r2D8v8HJ013813 for ; Wed, 13 Mar 2013 19:57:08 +1100 Message-ID: <51403F58.8070702@linux.vnet.ibm.com> Date: Wed, 13 Mar 2013 16:56:56 +0800 From: Lei Li MIME-Version: 1.0 References: <1363079306-27589-1-git-send-email-lilei@linux.vnet.ibm.com> <1363079306-27589-3-git-send-email-lilei@linux.vnet.ibm.com> <513F441E.1010509@redhat.com> In-Reply-To: <513F441E.1010509@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH 2/2] qga: add windows implementation for guest-set-time List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Eric Blake Cc: aliguori@us.ibm.com, qemu-devel@nongnu.org, mdroth@linux.vnet.ibm.com On 03/12/2013 11:05 PM, Eric Blake wrote: > On 03/12/2013 03:08 AM, Lei Li wrote: >> Signed-off-by: Lei Li >> --- >> qga/commands-win32.c | 34 ++++++++++++++++++++++++++++++++++ >> 1 file changed, 34 insertions(+) >> >> +void qmp_guest_set_time(int64_t time_ns, Error **errp) >> +{ >> + SYSTEMTIME ts; >> + FILETIME tf; >> + LONGLONG time; >> + >> + acquire_privilege(SE_SYSTEMTIME_NAME, errp); >> + if (error_is_set(errp)) { >> + error_setg(errp, "Failed to acquire privilege"); >> + return; >> + } > Earlier, you told me that acquire_privilege is auto-dropped after a > successful SetSystemTime. But here, you acquire the privilege... > >> + >> + if (time_ns < 0 || time_ns / 100 > INT64_MAX - W32_FT_OFFSET) { >> + error_setg(errp, "Time %" PRId64 "is invalid", time_ns); >> + return; > ...then return early without ever relinquishing it. > >> + } >> + >> + time = time_ns / 100 + W32_FT_OFFSET; >> + >> + tf.dwLowDateTime = (DWORD) time; >> + tf.dwHighDateTime = (DWORD) (time >> 32); >> + >> + if (!FileTimeToSystemTime(&tf, &ts)) { >> + error_setg(errp, "Failed to convert system time"); >> + return; >> + } > I would reorder the acquire_privilege to here, to give us the best > possible chance of avoiding a leak of privileges when the user passes > bogus data. It make sense, I should thought about this, thank you! >> + >> + if (!SetSystemTime(&ts)) { >> + slog("guest-set-time failed: %d", GetLastError()); >> + error_setg_errno(errp, errno, "Failed to set time to guest"); >> + return; >> + } >> +} >> + >> int64_t qmp_guest_file_open(const char *path, bool has_mode, const char *mode, Error **err) >> { >> error_set(err, QERR_UNSUPPORTED); >> -- Lei