summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_1.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2020-35517_1.patch')
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2020-35517_1.patch153
1 files changed, 0 insertions, 153 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_1.patch
deleted file mode 100644
index 73a4cb2064..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2020-35517_1.patch
+++ /dev/null
@@ -1,153 +0,0 @@
-From 8afaaee976965b7fb90ec225a51d60f35c5f173c Mon Sep 17 00:00:00 2001
-From: Stefan Hajnoczi <stefanha@redhat.com>
-Date: Thu, 4 Feb 2021 15:02:06 +0000
-Subject: [PATCH] virtiofsd: extract lo_do_open() from lo_open()
-
-Both lo_open() and lo_create() have similar code to open a file. Extract
-a common lo_do_open() function from lo_open() that will be used by
-lo_create() in a later commit.
-
-Since lo_do_open() does not otherwise need fuse_req_t req, convert
-lo_add_fd_mapping() to use struct lo_data *lo instead.
-
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Message-Id: <20210204150208.367837-2-stefanha@redhat.com>
-Reviewed-by: Greg Kurz <groug@kaod.org>
-Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
-
-Upstream-Status: Backport
-[https://github.com/qemu/qemu/commit/8afaaee976965b7fb90ec225a51d60f35c5f173c]
-
-CVE: CVE-2020-35517
-
-Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
-Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
----
- tools/virtiofsd/passthrough_ll.c | 73 +++++++++++++++++++++++++---------------
- 1 file changed, 46 insertions(+), 27 deletions(-)
-
-diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
-index 5fb36d9..f14fa51 100644
---- a/tools/virtiofsd/passthrough_ll.c
-+++ b/tools/virtiofsd/passthrough_ll.c
-@@ -459,17 +459,17 @@ static void lo_map_remove(struct lo_map *map, size_t key)
- }
-
- /* Assumes lo->mutex is held */
--static ssize_t lo_add_fd_mapping(fuse_req_t req, int fd)
-+static ssize_t lo_add_fd_mapping(struct lo_data *lo, int fd)
- {
- struct lo_map_elem *elem;
-
-- elem = lo_map_alloc_elem(&lo_data(req)->fd_map);
-+ elem = lo_map_alloc_elem(&lo->fd_map);
- if (!elem) {
- return -1;
- }
-
- elem->fd = fd;
-- return elem - lo_data(req)->fd_map.elems;
-+ return elem - lo->fd_map.elems;
- }
-
- /* Assumes lo->mutex is held */
-@@ -1651,6 +1651,38 @@ static void update_open_flags(int writeback, int allow_direct_io,
- }
- }
-
-+static int lo_do_open(struct lo_data *lo, struct lo_inode *inode,
-+ struct fuse_file_info *fi)
-+{
-+ char buf[64];
-+ ssize_t fh;
-+ int fd;
-+
-+ update_open_flags(lo->writeback, lo->allow_direct_io, fi);
-+
-+ sprintf(buf, "%i", inode->fd);
-+ fd = openat(lo->proc_self_fd, buf, fi->flags & ~O_NOFOLLOW);
-+ if (fd == -1) {
-+ return errno;
-+ }
-+
-+ pthread_mutex_lock(&lo->mutex);
-+ fh = lo_add_fd_mapping(lo, fd);
-+ pthread_mutex_unlock(&lo->mutex);
-+ if (fh == -1) {
-+ close(fd);
-+ return ENOMEM;
-+ }
-+
-+ fi->fh = fh;
-+ if (lo->cache == CACHE_NONE) {
-+ fi->direct_io = 1;
-+ } else if (lo->cache == CACHE_ALWAYS) {
-+ fi->keep_cache = 1;
-+ }
-+ return 0;
-+}
-+
- static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name,
- mode_t mode, struct fuse_file_info *fi)
- {
-@@ -1691,7 +1723,7 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name,
- ssize_t fh;
-
- pthread_mutex_lock(&lo->mutex);
-- fh = lo_add_fd_mapping(req, fd);
-+ fh = lo_add_fd_mapping(lo, fd);
- pthread_mutex_unlock(&lo->mutex);
- if (fh == -1) {
- close(fd);
-@@ -1892,38 +1924,25 @@ static void lo_fsyncdir(fuse_req_t req, fuse_ino_t ino, int datasync,
-
- static void lo_open(fuse_req_t req, fuse_ino_t ino, struct fuse_file_info *fi)
- {
-- int fd;
-- ssize_t fh;
-- char buf[64];
- struct lo_data *lo = lo_data(req);
-+ struct lo_inode *inode = lo_inode(req, ino);
-+ int err;
-
- fuse_log(FUSE_LOG_DEBUG, "lo_open(ino=%" PRIu64 ", flags=%d)\n", ino,
- fi->flags);
-
-- update_open_flags(lo->writeback, lo->allow_direct_io, fi);
--
-- sprintf(buf, "%i", lo_fd(req, ino));
-- fd = openat(lo->proc_self_fd, buf, fi->flags & ~O_NOFOLLOW);
-- if (fd == -1) {
-- return (void)fuse_reply_err(req, errno);
-- }
--
-- pthread_mutex_lock(&lo->mutex);
-- fh = lo_add_fd_mapping(req, fd);
-- pthread_mutex_unlock(&lo->mutex);
-- if (fh == -1) {
-- close(fd);
-- fuse_reply_err(req, ENOMEM);
-+ if (!inode) {
-+ fuse_reply_err(req, EBADF);
- return;
- }
-
-- fi->fh = fh;
-- if (lo->cache == CACHE_NONE) {
-- fi->direct_io = 1;
-- } else if (lo->cache == CACHE_ALWAYS) {
-- fi->keep_cache = 1;
-+ err = lo_do_open(lo, inode, fi);
-+ lo_inode_put(lo, &inode);
-+ if (err) {
-+ fuse_reply_err(req, err);
-+ } else {
-+ fuse_reply_open(req, fi);
- }
-- fuse_reply_open(req, fi);
- }
-
- static void lo_release(fuse_req_t req, fuse_ino_t ino,
---
-1.8.3.1
-
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-02 07:03:31 +0000