From: "Dr. David Alan Gilbert (git)" <dgilbert@redhat.com>
To: qemu-devel@nongnu.org, stefanha@redhat.com, vgoyal@redhat.com,
berrange@redhat.com, slp@redhat.com, philmd@redhat.com
Cc: m.mizuma@jp.fujitsu.com, misono.tomohiro@jp.fujitsu.com
Subject: [PATCH v2 044/109] virtiofsd: check input buffer size in fuse_lowlevel.c ops
Date: Tue, 21 Jan 2020 12:23:28 +0000 [thread overview]
Message-ID: <20200121122433.50803-45-dgilbert@redhat.com> (raw)
In-Reply-To: <20200121122433.50803-1-dgilbert@redhat.com>
From: Stefan Hajnoczi <stefanha@redhat.com>
Each FUSE operation involves parsing the input buffer. Currently the
code assumes the input buffer is large enough for the expected
arguments. This patch uses fuse_mbuf_iter to check the size.
Most operations are simple to convert. Some are more complicated due to
variable-length inputs or different sizes depending on the protocol
version.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Sergio Lopez <slp@redhat.com>
---
tools/virtiofsd/fuse_lowlevel.c | 581 +++++++++++++++++++++++++-------
1 file changed, 456 insertions(+), 125 deletions(-)
diff --git a/tools/virtiofsd/fuse_lowlevel.c b/tools/virtiofsd/fuse_lowlevel.c
index 5ae94cf56b..f3e7f46008 100644
--- a/tools/virtiofsd/fuse_lowlevel.c
+++ b/tools/virtiofsd/fuse_lowlevel.c
@@ -18,6 +18,7 @@
#include <assert.h>
#include <errno.h>
#include <limits.h>
+#include <stdbool.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
@@ -26,7 +27,6 @@
#include <unistd.h>
-#define PARAM(inarg) (((char *)(inarg)) + sizeof(*(inarg)))
#define OFFSET_MAX 0x7fffffffffffffffLL
struct fuse_pollhandle {
@@ -707,9 +707,14 @@ int fuse_reply_lseek(fuse_req_t req, off_t off)
return send_reply_ok(req, &arg, sizeof(arg));
}
-static void do_lookup(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_lookup(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- char *name = (char *)inarg;
+ const char *name = fuse_mbuf_iter_advance_str(iter);
+ if (!name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.lookup) {
req->se->op.lookup(req, nodeid, name);
@@ -718,9 +723,16 @@ static void do_lookup(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_forget(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_forget(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_forget_in *arg = (struct fuse_forget_in *)inarg;
+ struct fuse_forget_in *arg;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.forget) {
req->se->op.forget(req, nodeid, arg->nlookup);
@@ -730,20 +742,48 @@ static void do_forget(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
static void do_batch_forget(fuse_req_t req, fuse_ino_t nodeid,
- const void *inarg)
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_batch_forget_in *arg = (void *)inarg;
- struct fuse_forget_one *param = (void *)PARAM(arg);
- unsigned int i;
+ struct fuse_batch_forget_in *arg;
+ struct fuse_forget_data *forgets;
+ size_t scount;
(void)nodeid;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_none(req);
+ return;
+ }
+
+ /*
+ * Prevent integer overflow. The compiler emits the following warning
+ * unless we use the scount local variable:
+ *
+ * error: comparison is always false due to limited range of data type
+ * [-Werror=type-limits]
+ *
+ * This may be true on 64-bit hosts but we need this check for 32-bit
+ * hosts.
+ */
+ scount = arg->count;
+ if (scount > SIZE_MAX / sizeof(forgets[0])) {
+ fuse_reply_none(req);
+ return;
+ }
+
+ forgets = fuse_mbuf_iter_advance(iter, arg->count * sizeof(forgets[0]));
+ if (!forgets) {
+ fuse_reply_none(req);
+ return;
+ }
+
if (req->se->op.forget_multi) {
- req->se->op.forget_multi(req, arg->count,
- (struct fuse_forget_data *)param);
+ req->se->op.forget_multi(req, arg->count, forgets);
} else if (req->se->op.forget) {
+ unsigned int i;
+
for (i = 0; i < arg->count; i++) {
- struct fuse_forget_one *forget = ¶m[i];
struct fuse_req *dummy_req;
dummy_req = fuse_ll_alloc_req(req->se);
@@ -755,7 +795,7 @@ static void do_batch_forget(fuse_req_t req, fuse_ino_t nodeid,
dummy_req->ctx = req->ctx;
dummy_req->ch = NULL;
- req->se->op.forget(dummy_req, forget->nodeid, forget->nlookup);
+ req->se->op.forget(dummy_req, forgets[i].ino, forgets[i].nlookup);
}
fuse_reply_none(req);
} else {
@@ -763,12 +803,19 @@ static void do_batch_forget(fuse_req_t req, fuse_ino_t nodeid,
}
}
-static void do_getattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_getattr(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
struct fuse_file_info *fip = NULL;
struct fuse_file_info fi;
- struct fuse_getattr_in *arg = (struct fuse_getattr_in *)inarg;
+ struct fuse_getattr_in *arg;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (arg->getattr_flags & FUSE_GETATTR_FH) {
memset(&fi, 0, sizeof(fi));
@@ -783,14 +830,21 @@ static void do_getattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_setattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_setattr(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_setattr_in *arg = (struct fuse_setattr_in *)inarg;
-
if (req->se->op.setattr) {
+ struct fuse_setattr_in *arg;
struct fuse_file_info *fi = NULL;
struct fuse_file_info fi_store;
struct stat stbuf;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&stbuf, 0, sizeof(stbuf));
convert_attr(arg, &stbuf);
if (arg->valid & FATTR_FH) {
@@ -811,9 +865,16 @@ static void do_setattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_access(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_access(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_access_in *arg = (struct fuse_access_in *)inarg;
+ struct fuse_access_in *arg;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.access) {
req->se->op.access(req, nodeid, arg->mask);
@@ -822,9 +883,10 @@ static void do_access(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_readlink(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_readlink(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- (void)inarg;
+ (void)iter;
if (req->se->op.readlink) {
req->se->op.readlink(req, nodeid);
@@ -833,10 +895,18 @@ static void do_readlink(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_mknod(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_mknod(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_mknod_in *arg = (struct fuse_mknod_in *)inarg;
- char *name = PARAM(arg);
+ struct fuse_mknod_in *arg;
+ const char *name;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ name = fuse_mbuf_iter_advance_str(iter);
+ if (!arg || !name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
req->ctx.umask = arg->umask;
@@ -847,22 +917,37 @@ static void do_mknod(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_mkdir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_mkdir(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_mkdir_in *arg = (struct fuse_mkdir_in *)inarg;
+ struct fuse_mkdir_in *arg;
+ const char *name;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ name = fuse_mbuf_iter_advance_str(iter);
+ if (!arg || !name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
req->ctx.umask = arg->umask;
if (req->se->op.mkdir) {
- req->se->op.mkdir(req, nodeid, PARAM(arg), arg->mode);
+ req->se->op.mkdir(req, nodeid, name, arg->mode);
} else {
fuse_reply_err(req, ENOSYS);
}
}
-static void do_unlink(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_unlink(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- char *name = (char *)inarg;
+ const char *name = fuse_mbuf_iter_advance_str(iter);
+
+ if (!name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.unlink) {
req->se->op.unlink(req, nodeid, name);
@@ -871,9 +956,15 @@ static void do_unlink(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_rmdir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_rmdir(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- char *name = (char *)inarg;
+ const char *name = fuse_mbuf_iter_advance_str(iter);
+
+ if (!name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.rmdir) {
req->se->op.rmdir(req, nodeid, name);
@@ -882,10 +973,16 @@ static void do_rmdir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_symlink(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_symlink(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- char *name = (char *)inarg;
- char *linkname = ((char *)inarg) + strlen((char *)inarg) + 1;
+ const char *name = fuse_mbuf_iter_advance_str(iter);
+ const char *linkname = fuse_mbuf_iter_advance_str(iter);
+
+ if (!name || !linkname) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.symlink) {
req->se->op.symlink(req, linkname, nodeid, name);
@@ -894,11 +991,20 @@ static void do_symlink(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_rename(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_rename(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_rename_in *arg = (struct fuse_rename_in *)inarg;
- char *oldname = PARAM(arg);
- char *newname = oldname + strlen(oldname) + 1;
+ struct fuse_rename_in *arg;
+ const char *oldname;
+ const char *newname;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ oldname = fuse_mbuf_iter_advance_str(iter);
+ newname = fuse_mbuf_iter_advance_str(iter);
+ if (!arg || !oldname || !newname) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.rename) {
req->se->op.rename(req, nodeid, oldname, arg->newdir, newname, 0);
@@ -907,11 +1013,20 @@ static void do_rename(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_rename2(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_rename2(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_rename2_in *arg = (struct fuse_rename2_in *)inarg;
- char *oldname = PARAM(arg);
- char *newname = oldname + strlen(oldname) + 1;
+ struct fuse_rename2_in *arg;
+ const char *oldname;
+ const char *newname;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ oldname = fuse_mbuf_iter_advance_str(iter);
+ newname = fuse_mbuf_iter_advance_str(iter);
+ if (!arg || !oldname || !newname) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.rename) {
req->se->op.rename(req, nodeid, oldname, arg->newdir, newname,
@@ -921,24 +1036,38 @@ static void do_rename2(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_link(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_link(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_link_in *arg = (struct fuse_link_in *)inarg;
+ struct fuse_link_in *arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ const char *name = fuse_mbuf_iter_advance_str(iter);
+
+ if (!arg || !name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.link) {
- req->se->op.link(req, arg->oldnodeid, nodeid, PARAM(arg));
+ req->se->op.link(req, arg->oldnodeid, nodeid, name);
} else {
fuse_reply_err(req, ENOSYS);
}
}
-static void do_create(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_create(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_create_in *arg = (struct fuse_create_in *)inarg;
-
if (req->se->op.create) {
+ struct fuse_create_in *arg;
struct fuse_file_info fi;
- char *name = PARAM(arg);
+ const char *name;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ name = fuse_mbuf_iter_advance_str(iter);
+ if (!arg || !name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
memset(&fi, 0, sizeof(fi));
fi.flags = arg->flags;
@@ -951,11 +1080,18 @@ static void do_create(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_open(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_open(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_open_in *arg = (struct fuse_open_in *)inarg;
+ struct fuse_open_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.flags = arg->flags;
@@ -966,13 +1102,15 @@ static void do_open(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_read(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_read(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_read_in *arg = (struct fuse_read_in *)inarg;
-
if (req->se->op.read) {
+ struct fuse_read_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
fi.lock_owner = arg->lock_owner;
@@ -983,11 +1121,24 @@ static void do_read(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_write(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_write(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_write_in *arg = (struct fuse_write_in *)inarg;
+ struct fuse_write_in *arg;
struct fuse_file_info fi;
- char *param;
+ const char *param;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
+ param = fuse_mbuf_iter_advance(iter, arg->size);
+ if (!param) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
@@ -995,7 +1146,6 @@ static void do_write(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
fi.lock_owner = arg->lock_owner;
fi.flags = arg->flags;
- param = PARAM(arg);
if (req->se->op.write) {
req->se->op.write(req, nodeid, param, arg->size, arg->offset, &fi);
@@ -1053,11 +1203,18 @@ static void do_write_buf(fuse_req_t req, fuse_ino_t nodeid,
se->op.write_buf(req, nodeid, pbufv, arg->offset, &fi);
}
-static void do_flush(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_flush(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_flush_in *arg = (struct fuse_flush_in *)inarg;
+ struct fuse_flush_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
fi.flush = 1;
@@ -1070,19 +1227,26 @@ static void do_flush(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_release(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_release(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_release_in *arg = (struct fuse_release_in *)inarg;
+ struct fuse_release_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.flags = arg->flags;
fi.fh = arg->fh;
fi.flush = (arg->release_flags & FUSE_RELEASE_FLUSH) ? 1 : 0;
fi.lock_owner = arg->lock_owner;
+
if (arg->release_flags & FUSE_RELEASE_FLOCK_UNLOCK) {
fi.flock_release = 1;
- fi.lock_owner = arg->lock_owner;
}
if (req->se->op.release) {
@@ -1092,11 +1256,19 @@ static void do_release(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_fsync(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_fsync(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_fsync_in *arg = (struct fuse_fsync_in *)inarg;
+ struct fuse_fsync_in *arg;
struct fuse_file_info fi;
- int datasync = arg->fsync_flags & 1;
+ int datasync;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+ datasync = arg->fsync_flags & 1;
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
@@ -1112,11 +1284,18 @@ static void do_fsync(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_opendir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_opendir(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_open_in *arg = (struct fuse_open_in *)inarg;
+ struct fuse_open_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.flags = arg->flags;
@@ -1127,11 +1306,18 @@ static void do_opendir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_readdir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_readdir(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_read_in *arg = (struct fuse_read_in *)inarg;
+ struct fuse_read_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
@@ -1142,11 +1328,18 @@ static void do_readdir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_readdirplus(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_readdirplus(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_read_in *arg = (struct fuse_read_in *)inarg;
+ struct fuse_read_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
@@ -1157,11 +1350,18 @@ static void do_readdirplus(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_releasedir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_releasedir(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_release_in *arg = (struct fuse_release_in *)inarg;
+ struct fuse_release_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.flags = arg->flags;
fi.fh = arg->fh;
@@ -1173,11 +1373,19 @@ static void do_releasedir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_fsyncdir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_fsyncdir(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_fsync_in *arg = (struct fuse_fsync_in *)inarg;
+ struct fuse_fsync_in *arg;
struct fuse_file_info fi;
- int datasync = arg->fsync_flags & 1;
+ int datasync;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+ datasync = arg->fsync_flags & 1;
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
@@ -1189,10 +1397,11 @@ static void do_fsyncdir(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_statfs(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_statfs(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
(void)nodeid;
- (void)inarg;
+ (void)iter;
if (req->se->op.statfs) {
req->se->op.statfs(req, nodeid);
@@ -1205,11 +1414,25 @@ static void do_statfs(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_setxattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_setxattr(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_setxattr_in *arg = (struct fuse_setxattr_in *)inarg;
- char *name = PARAM(arg);
- char *value = name + strlen(name) + 1;
+ struct fuse_setxattr_in *arg;
+ const char *name;
+ const char *value;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ name = fuse_mbuf_iter_advance_str(iter);
+ if (!arg || !name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
+ value = fuse_mbuf_iter_advance(iter, arg->size);
+ if (!value) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.setxattr) {
req->se->op.setxattr(req, nodeid, name, value, arg->size, arg->flags);
@@ -1218,20 +1441,36 @@ static void do_setxattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_getxattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_getxattr(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_getxattr_in *arg = (struct fuse_getxattr_in *)inarg;
+ struct fuse_getxattr_in *arg;
+ const char *name;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ name = fuse_mbuf_iter_advance_str(iter);
+ if (!arg || !name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.getxattr) {
- req->se->op.getxattr(req, nodeid, PARAM(arg), arg->size);
+ req->se->op.getxattr(req, nodeid, name, arg->size);
} else {
fuse_reply_err(req, ENOSYS);
}
}
-static void do_listxattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_listxattr(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_getxattr_in *arg = (struct fuse_getxattr_in *)inarg;
+ struct fuse_getxattr_in *arg;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.listxattr) {
req->se->op.listxattr(req, nodeid, arg->size);
@@ -1240,9 +1479,15 @@ static void do_listxattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_removexattr(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_removexattr(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- char *name = (char *)inarg;
+ const char *name = fuse_mbuf_iter_advance_str(iter);
+
+ if (!name) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.removexattr) {
req->se->op.removexattr(req, nodeid, name);
@@ -1266,12 +1511,19 @@ static void convert_fuse_file_lock(struct fuse_file_lock *fl,
flock->l_pid = fl->pid;
}
-static void do_getlk(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_getlk(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_lk_in *arg = (struct fuse_lk_in *)inarg;
+ struct fuse_lk_in *arg;
struct fuse_file_info fi;
struct flock flock;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
fi.lock_owner = arg->owner;
@@ -1285,12 +1537,18 @@ static void do_getlk(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
static void do_setlk_common(fuse_req_t req, fuse_ino_t nodeid,
- const void *inarg, int sleep)
+ struct fuse_mbuf_iter *iter, int sleep)
{
- struct fuse_lk_in *arg = (struct fuse_lk_in *)inarg;
+ struct fuse_lk_in *arg;
struct fuse_file_info fi;
struct flock flock;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
fi.lock_owner = arg->owner;
@@ -1328,14 +1586,16 @@ static void do_setlk_common(fuse_req_t req, fuse_ino_t nodeid,
}
}
-static void do_setlk(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_setlk(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- do_setlk_common(req, nodeid, inarg, 0);
+ do_setlk_common(req, nodeid, iter, 0);
}
-static void do_setlkw(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_setlkw(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- do_setlk_common(req, nodeid, inarg, 1);
+ do_setlk_common(req, nodeid, iter, 1);
}
static int find_interrupted(struct fuse_session *se, struct fuse_req *req)
@@ -1380,12 +1640,20 @@ static int find_interrupted(struct fuse_session *se, struct fuse_req *req)
return 0;
}
-static void do_interrupt(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_interrupt(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_interrupt_in *arg = (struct fuse_interrupt_in *)inarg;
+ struct fuse_interrupt_in *arg;
struct fuse_session *se = req->se;
(void)nodeid;
+
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
if (se->debug) {
fuse_log(FUSE_LOG_DEBUG, "INTERRUPT: %llu\n",
(unsigned long long)arg->unique);
@@ -1426,9 +1694,15 @@ static struct fuse_req *check_interrupt(struct fuse_session *se,
}
}
-static void do_bmap(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_bmap(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_bmap_in *arg = (struct fuse_bmap_in *)inarg;
+ struct fuse_bmap_in *arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
if (req->se->op.bmap) {
req->se->op.bmap(req, nodeid, arg->blocksize, arg->block);
@@ -1437,18 +1711,34 @@ static void do_bmap(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_ioctl(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_ioctl(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_ioctl_in *arg = (struct fuse_ioctl_in *)inarg;
- unsigned int flags = arg->flags;
- void *in_buf = arg->in_size ? PARAM(arg) : NULL;
+ struct fuse_ioctl_in *arg;
+ unsigned int flags;
+ void *in_buf = NULL;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
+ flags = arg->flags;
if (flags & FUSE_IOCTL_DIR && !(req->se->conn.want & FUSE_CAP_IOCTL_DIR)) {
fuse_reply_err(req, ENOTTY);
return;
}
+ if (arg->in_size) {
+ in_buf = fuse_mbuf_iter_advance(iter, arg->in_size);
+ if (!in_buf) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+ }
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
@@ -1469,11 +1759,18 @@ void fuse_pollhandle_destroy(struct fuse_pollhandle *ph)
free(ph);
}
-static void do_poll(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_poll(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_poll_in *arg = (struct fuse_poll_in *)inarg;
+ struct fuse_poll_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
fi.poll_events = arg->events;
@@ -1497,11 +1794,18 @@ static void do_poll(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_fallocate(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_fallocate(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_fallocate_in *arg = (struct fuse_fallocate_in *)inarg;
+ struct fuse_fallocate_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
@@ -1514,12 +1818,17 @@ static void do_fallocate(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
static void do_copy_file_range(fuse_req_t req, fuse_ino_t nodeid_in,
- const void *inarg)
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_copy_file_range_in *arg =
- (struct fuse_copy_file_range_in *)inarg;
+ struct fuse_copy_file_range_in *arg;
struct fuse_file_info fi_in, fi_out;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
memset(&fi_in, 0, sizeof(fi_in));
fi_in.fh = arg->fh_in;
@@ -1536,11 +1845,17 @@ static void do_copy_file_range(fuse_req_t req, fuse_ino_t nodeid_in,
}
}
-static void do_lseek(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_lseek(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_lseek_in *arg = (struct fuse_lseek_in *)inarg;
+ struct fuse_lseek_in *arg;
struct fuse_file_info fi;
+ arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
memset(&fi, 0, sizeof(fi));
fi.fh = arg->fh;
@@ -1551,15 +1866,33 @@ static void do_lseek(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
}
}
-static void do_init(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_init(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
- struct fuse_init_in *arg = (struct fuse_init_in *)inarg;
+ size_t compat_size = offsetof(struct fuse_init_in, max_readahead);
+ struct fuse_init_in *arg;
struct fuse_init_out outarg;
struct fuse_session *se = req->se;
size_t bufsize = se->bufsize;
size_t outargsize = sizeof(outarg);
(void)nodeid;
+
+ /* First consume the old fields... */
+ arg = fuse_mbuf_iter_advance(iter, compat_size);
+ if (!arg) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+
+ /* ...and now consume the new fields. */
+ if (arg->major == 7 && arg->minor >= 6) {
+ if (!fuse_mbuf_iter_advance(iter, sizeof(*arg) - compat_size)) {
+ fuse_reply_err(req, EINVAL);
+ return;
+ }
+ }
+
if (se->debug) {
fuse_log(FUSE_LOG_DEBUG, "INIT: %u.%u\n", arg->major, arg->minor);
if (arg->major == 7 && arg->minor >= 6) {
@@ -1792,12 +2125,13 @@ static void do_init(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
send_reply_ok(req, &outarg, outargsize);
}
-static void do_destroy(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
+static void do_destroy(fuse_req_t req, fuse_ino_t nodeid,
+ struct fuse_mbuf_iter *iter)
{
struct fuse_session *se = req->se;
(void)nodeid;
- (void)inarg;
+ (void)iter;
se->got_destroy = 1;
if (se->op.destroy) {
@@ -1978,7 +2312,7 @@ int fuse_req_interrupted(fuse_req_t req)
}
static struct {
- void (*func)(fuse_req_t, fuse_ino_t, const void *);
+ void (*func)(fuse_req_t, fuse_ino_t, struct fuse_mbuf_iter *);
const char *name;
} fuse_ll_ops[] = {
[FUSE_LOOKUP] = { do_lookup, "LOOKUP" },
@@ -2062,7 +2396,6 @@ void fuse_session_process_buf_int(struct fuse_session *se,
const struct fuse_buf *buf = bufv->buf;
struct fuse_mbuf_iter iter = FUSE_MBUF_ITER_INIT(buf);
struct fuse_in_header *in;
- const void *inarg;
struct fuse_req *req;
int err;
@@ -2140,13 +2473,11 @@ void fuse_session_process_buf_int(struct fuse_session *se,
}
}
- inarg = (void *)&in[1];
if (in->opcode == FUSE_WRITE && se->op.write_buf) {
do_write_buf(req, in->nodeid, &iter, bufv);
} else {
- fuse_ll_ops[in->opcode].func(req, in->nodeid, inarg);
+ fuse_ll_ops[in->opcode].func(req, in->nodeid, &iter);
}
-
return;
reply_err:
--
2.24.1
next prev parent reply other threads:[~2020-01-21 12:46 UTC|newest]
Thread overview: 141+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-21 12:22 [PATCH v2 000/109] virtiofs daemon [all] Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 001/109] virtiofsd: Pull in upstream headers Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 002/109] virtiofsd: Pull in kernel's fuse.h Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 003/109] virtiofsd: Add auxiliary .c's Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 004/109] virtiofsd: Add fuse_lowlevel.c Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 005/109] virtiofsd: Add passthrough_ll Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 006/109] virtiofsd: Trim down imported files Dr. David Alan Gilbert (git)
2020-01-22 2:48 ` Xiao Yang
2020-01-22 10:41 ` Dr. David Alan Gilbert
2020-01-21 12:22 ` [PATCH v2 007/109] virtiofsd: Format imported files to qemu style Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 008/109] virtiofsd: remove mountpoint dummy argument Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 009/109] virtiofsd: remove unused notify reply support Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 010/109] virtiofsd: Fix fuse_daemonize ignored return values Dr. David Alan Gilbert (git)
2020-01-21 15:24 ` Philippe Mathieu-Daudé
2020-01-21 12:22 ` [PATCH v2 011/109] virtiofsd: Fix common header and define for QEMU builds Dr. David Alan Gilbert (git)
2020-01-21 15:24 ` Philippe Mathieu-Daudé
2020-01-22 15:32 ` Philippe Mathieu-Daudé
2020-01-22 16:52 ` Dr. David Alan Gilbert
2020-01-21 12:22 ` [PATCH v2 012/109] virtiofsd: Trim out compatibility code Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 013/109] vitriofsd/passthrough_ll: fix fallocate() ifdefs Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 014/109] virtiofsd: Make fsync work even if only inode is passed in Dr. David Alan Gilbert (git)
2020-01-21 12:22 ` [PATCH v2 015/109] virtiofsd: Add options for virtio Dr. David Alan Gilbert (git)
2020-01-22 6:53 ` Misono Tomohiro
2020-01-21 12:23 ` [PATCH v2 016/109] virtiofsd: add -o source=PATH to help output Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 017/109] virtiofsd: Open vhost connection instead of mounting Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 018/109] virtiofsd: Start wiring up vhost-user Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 019/109] virtiofsd: Add main virtio loop Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 020/109] virtiofsd: get/set features callbacks Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 021/109] virtiofsd: Start queue threads Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 022/109] virtiofsd: Poll kick_fd for queue Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 023/109] virtiofsd: Start reading commands from queue Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 024/109] virtiofsd: Send replies to messages Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 025/109] virtiofsd: Keep track of replies Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 026/109] virtiofsd: Add Makefile wiring for virtiofsd contrib Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 027/109] virtiofsd: Fast path for virtio read Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 028/109] virtiofsd: add --fd=FDNUM fd passing option Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 029/109] virtiofsd: make -f (foreground) the default Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 030/109] virtiofsd: add vhost-user.json file Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 031/109] virtiofsd: add --print-capabilities option Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 032/109] virtiofs: Add maintainers entry Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 033/109] virtiofsd: passthrough_ll: create new files in caller's context Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 034/109] virtiofsd: passthrough_ll: add lo_map for ino/fh indirection Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 035/109] virtiofsd: passthrough_ll: add ino_map to hide lo_inode pointers Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 036/109] virtiofsd: passthrough_ll: add dirp_map to hide lo_dirp pointers Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 037/109] virtiofsd: passthrough_ll: add fd_map to hide file descriptors Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 038/109] virtiofsd: passthrough_ll: add fallback for racy ops Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 039/109] virtiofsd: validate path components Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 040/109] virtiofsd: Plumb fuse_bufvec through to do_write_buf Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 041/109] virtiofsd: Pass write iov's all the way through Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 042/109] virtiofsd: add fuse_mbuf_iter API Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 043/109] virtiofsd: validate input buffer sizes in do_write_buf() Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` Dr. David Alan Gilbert (git) [this message]
2020-01-21 12:23 ` [PATCH v2 045/109] virtiofsd: prevent ".." escape in lo_do_lookup() Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 046/109] virtiofsd: prevent ".." escape in lo_do_readdir() Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 047/109] virtiofsd: use /proc/self/fd/ O_PATH file descriptor Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 048/109] virtiofsd: sandbox mount namespace Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 049/109] virtiofsd: move to an empty network namespace Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 050/109] virtiofsd: move to a new pid namespace Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 051/109] virtiofsd: add seccomp whitelist Dr. David Alan Gilbert (git)
2020-01-21 15:54 ` Philippe Mathieu-Daudé
2020-01-21 19:49 ` Dr. David Alan Gilbert
2020-01-21 20:53 ` Philippe Mathieu-Daudé
2020-01-24 9:46 ` Florian Weimer
2020-01-24 9:51 ` Dr. David Alan Gilbert
2020-01-24 9:57 ` Dr. David Alan Gilbert
2020-01-24 10:06 ` Florian Weimer
2020-01-21 12:23 ` [PATCH v2 052/109] virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 053/109] virtiofsd: cap-ng helpers Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 054/109] virtiofsd: Drop CAP_FSETID if client asked for it Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 055/109] virtiofsd: set maximum RLIMIT_NOFILE limit Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 056/109] virtiofsd: fix libfuse information leaks Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 057/109] docs: Add docs/tools Dr. David Alan Gilbert (git)
2020-01-22 15:19 ` Philippe Mathieu-Daudé
2020-01-21 12:23 ` [PATCH v2 058/109] virtiofsd: add security guide document Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 059/109] virtiofsd: add --syslog command-line option Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 060/109] virtiofsd: print log only when priority is high enough Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 061/109] virtiofsd: Add ID to the log with FUSE_LOG_DEBUG level Dr. David Alan Gilbert (git)
2020-01-22 15:27 ` Philippe Mathieu-Daudé
2020-01-21 12:23 ` [PATCH v2 062/109] virtiofsd: Add timestamp " Dr. David Alan Gilbert (git)
2020-01-22 15:36 ` Philippe Mathieu-Daudé
2020-01-22 15:57 ` Dr. David Alan Gilbert
2020-01-21 12:23 ` [PATCH v2 063/109] virtiofsd: Handle reinit Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 064/109] virtiofsd: Handle hard reboot Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 065/109] virtiofsd: Kill threads when queues are stopped Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 066/109] vhost-user: Print unexpected slave message types Dr. David Alan Gilbert (git)
2020-01-22 15:41 ` Philippe Mathieu-Daudé
2020-01-22 16:00 ` Dr. David Alan Gilbert
2020-01-21 12:23 ` [PATCH v2 067/109] contrib/libvhost-user: Protect slave fd with mutex Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 068/109] virtiofsd: passthrough_ll: add renameat2 support Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 069/109] virtiofsd: passthrough_ll: disable readdirplus on cache=never Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 070/109] virtiofsd: passthrough_ll: control readdirplus Dr. David Alan Gilbert (git)
2020-01-22 3:11 ` Misono Tomohiro
2020-01-22 17:42 ` Dr. David Alan Gilbert
2020-01-21 12:23 ` [PATCH v2 071/109] virtiofsd: rename unref_inode() to unref_inode_lolocked() Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 072/109] virtiofsd: fail when parent inode isn't known in lo_do_lookup() Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 073/109] virtiofsd: extract root inode init into setup_root() Dr. David Alan Gilbert (git)
2020-01-22 1:31 ` Misono Tomohiro
2020-01-21 12:23 ` [PATCH v2 074/109] virtiofsd: passthrough_ll: clean up cache related options Dr. David Alan Gilbert (git)
2020-01-21 12:23 ` [PATCH v2 075/109] virtiofsd: passthrough_ll: use hashtable Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 076/109] virtiofsd: Clean up inodes on destroy Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 077/109] virtiofsd: support nanosecond resolution for file timestamp Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 078/109] virtiofsd: fix error handling in main() Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 079/109] virtiofsd: cleanup allocated resource in se Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 080/109] virtiofsd: fix memory leak on lo.source Dr. David Alan Gilbert (git)
2020-01-22 1:54 ` Misono Tomohiro
2020-01-21 12:24 ` [PATCH v2 081/109] virtiofsd: add helper for lo_data cleanup Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 082/109] virtiofsd: Prevent multiply running with same vhost_user_socket Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 083/109] virtiofsd: enable PARALLEL_DIROPS during INIT Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 084/109] virtiofsd: fix incorrect error handling in lo_do_lookup Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 085/109] Virtiofsd: fix memory leak on fuse queueinfo Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 086/109] virtiofsd: Support remote posix locks Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 087/109] virtiofsd: use fuse_lowlevel_is_virtio() in fuse_session_destroy() Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 088/109] virtiofsd: prevent fv_queue_thread() vs virtio_loop() races Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 089/109] virtiofsd: make lo_release() atomic Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 090/109] virtiofsd: prevent races with lo_dirp_put() Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 091/109] virtiofsd: rename inode->refcount to inode->nlookup Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 092/109] libvhost-user: Fix some memtable remap cases Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 093/109] virtiofsd: add man page Dr. David Alan Gilbert (git)
2020-01-21 15:20 ` Philippe Mathieu-Daudé
2020-01-21 12:24 ` [PATCH v2 094/109] virtiofsd: passthrough_ll: fix refcounting on remove/rename Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 095/109] virtiofsd: introduce inode refcount to prevent use-after-free Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 096/109] virtiofsd: do not always set FUSE_FLOCK_LOCKS Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 097/109] virtiofsd: convert more fprintf and perror to use fuse log infra Dr. David Alan Gilbert (git)
2020-01-22 15:44 ` Philippe Mathieu-Daudé
2020-01-21 12:24 ` [PATCH v2 098/109] virtiofsd: Reset O_DIRECT flag during file open Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 099/109] virtiofsd: Fix data corruption with O_APPEND write in writeback mode Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 100/109] virtiofsd: add definition of fuse_buf_writev() Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 101/109] virtiofsd: use fuse_buf_writev to replace fuse_buf_write for better performance Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 102/109] virtiofsd: process requests in a thread pool Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 103/109] virtiofsd: prevent FUSE_INIT/FUSE_DESTROY races Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 104/109] virtiofsd: fix lo_destroy() resource leaks Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 105/109] virtiofsd: add --thread-pool-size=NUM option Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 106/109] virtiofsd: Convert lo_destroy to take the lo->mutex lock itself Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 107/109] virtiofsd/passthrough_ll: Pass errno to fuse_reply_err() Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 108/109] virtiofsd: stop all queue threads on exit in virtio_loop() Dr. David Alan Gilbert (git)
2020-01-21 12:24 ` [PATCH v2 109/109] virtiofsd: add some options to the help message Dr. David Alan Gilbert (git)
2020-01-22 6:35 ` Misono Tomohiro
2020-01-22 18:11 ` Dr. David Alan Gilbert
2020-01-21 14:56 ` [PATCH v2 000/109] virtiofs daemon [all] no-reply
2020-01-21 15:41 ` Philippe Mathieu-Daudé
2020-01-21 17:01 ` Dr. David Alan Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200121122433.50803-45-dgilbert@redhat.com \
--to=dgilbert@redhat.com \
--cc=berrange@redhat.com \
--cc=m.mizuma@jp.fujitsu.com \
--cc=misono.tomohiro@jp.fujitsu.com \
--cc=philmd@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=slp@redhat.com \
--cc=stefanha@redhat.com \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.