qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: "Dr. David Alan Gilbert (git)" <dgilbert@redhat.com>
To: qemu-devel@nongnu.org, stefanha@redhat.com,
	yavrahami@paloaltonetworks.com, mszeredi@redhat.com,
	mreitz@redhat.com
Subject: [PULL 0/6] virtiofs queue
Date: Fri,  1 May 2020 20:14:54 +0100	[thread overview]
Message-ID: <20200501191500.126432-1-dgilbert@redhat.com> (raw)

From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>

The following changes since commit 1c47613588ccff44422d4bdeea0dc36a0a308ec7:

  Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging (2020-04-30 19:25:41 +0100)

are available in the Git repository at:

  https://gitlab.com/dagrh/qemu.git tags/pull-virtiofs-20200501

for you to fetch changes up to 66502bbca37ca7a3bfa57e82cfc03b89a7a11eae:

  virtiofsd: drop all capabilities in the wait parent process (2020-05-01 20:05:37 +0100)

----------------------------------------------------------------
virtiofsd: Pull 2020-05-01 (includes CVE fix)

This set includes a security fix, other fixes and improvements.

Security fix:
The security fix is for CVE-2020-10717 where, on low RAM hosts,
the guest can potentially exceed the maximum fd limit.
This fix adds some more configuration so that the user
can explicitly set the limit.
Thank you to Yuval Avrahami for reporting this.

Fixes:

Recursive mounting of the exported directory is now used in
the sandbox, such that if there was a mount underneath present at
the time the virtiofsd was started, that mount is also
visible to the guest; in the existing code, only mounts that
happened after startup were visible.

Security improvements:

The jailing for /proc/self/fd is improved - but it's something
that shouldn't be accessible anyway.

Most capabilities are now dropped at startup; again this shouldn't
change any behaviour but is extra protection.

----------------------------------------------------------------
Max Reitz (1):
      virtiofsd: Show submounts

Miklos Szeredi (1):
      virtiofsd: jail lo->proc_self_fd

Stefan Hajnoczi (4):
      virtiofsd: add --rlimit-nofile=NUM option
      virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717)
      virtiofsd: only retain file system capabilities
      virtiofsd: drop all capabilities in the wait parent process

 tools/virtiofsd/fuse_lowlevel.h  |   1 +
 tools/virtiofsd/helper.c         |  47 ++++++++++++++++++
 tools/virtiofsd/passthrough_ll.c | 102 ++++++++++++++++++++++++++++++++-------
 3 files changed, 133 insertions(+), 17 deletions(-)



             reply	other threads:[~2020-05-01 19:16 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-01 19:14 Dr. David Alan Gilbert (git) [this message]
2020-05-01 19:14 ` [PULL 1/6] virtiofsd: add --rlimit-nofile=NUM option Dr. David Alan Gilbert (git)
2020-05-01 19:14 ` [PULL 2/6] virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717) Dr. David Alan Gilbert (git)
2020-05-01 19:14 ` [PULL 3/6] virtiofsd: jail lo->proc_self_fd Dr. David Alan Gilbert (git)
2020-05-01 19:14 ` [PULL 4/6] virtiofsd: Show submounts Dr. David Alan Gilbert (git)
2020-05-01 19:14 ` [PULL 5/6] virtiofsd: only retain file system capabilities Dr. David Alan Gilbert (git)
2020-05-01 19:15 ` [PULL 6/6] virtiofsd: drop all capabilities in the wait parent process Dr. David Alan Gilbert (git)
2020-05-01 19:28 ` [PULL 0/6] virtiofs queue Dr. David Alan Gilbert
2020-05-03 13:11 ` Peter Maydell
2020-05-04  8:13   ` Dr. David Alan Gilbert
  -- strict thread matches above, loose matches on Subject: below --
2021-02-16 18:37 Dr. David Alan Gilbert (git)
2021-02-17 19:18 ` Peter Maydell
2020-02-21 13:25 Dr. David Alan Gilbert (git)
2020-02-21 18:37 ` Peter Maydell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200501191500.126432-1-dgilbert@redhat.com \
    --to=dgilbert@redhat.com \
    --cc=mreitz@redhat.com \
    --cc=mszeredi@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@redhat.com \
    --cc=yavrahami@paloaltonetworks.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).