Merge remote-tracking branch 'origin/master' into HEAD

Resolve conflicts around apb.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging

- Aneesh no longer listed in MAINTAINERS,
- deprecation of the handle backend,
- improved error reporting, especially when

Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging

- Aneesh no longer listed in MAINTAINERS,
- deprecation of the handle backend,
- improved error reporting, especially when the local backend fails to
open the VirtFS root,
- virtio-9p-test to behave more like a real virtio guest driver: set
DRIVER_OK when ready to use the device and process the used ring
for completed requests,
- cosmetic fixes (mostly coding style related).

# gpg: Signature made Mon 08 Jan 2018 10:19:18 GMT
# gpg: using RSA key 0x71D4D5E5822F73D6
# gpg: Good signature from "Greg Kurz <groug@kaod.org>"
# gpg: aka "Gregory Kurz <gregory.kurz@free.fr>"
# gpg: aka "[jpeg image of size 3330]"
# Primary key fingerprint: B482 8BAF 9431 40CE F2A3 4910 71D4 D5E5 822F 73D6

* remotes/gkurz/tags/for-upstream:
MAINTAINERS: Drop Aneesh as 9pfs maintainer
9pfs: deprecate handle backend
fsdev: improve error handling of backend init
fsdev: improve error handling of backend opts parsing
tests: virtio-9p: set DRIVER_OK before using the device
tests: virtio-9p: fix ISR dependence
9pfs: make pdu_marshal() and pdu_unmarshal() static functions
9pfs: fix error path in pdu_submit()
9pfs: fix type in *_parse_opts declarations
9pfs: handle: fix type definition
9pfs: fix some type definitions
fsdev: fix some type definitions
9pfs: fix XattrOperations typedef
virtio-9p: move unrealize/realize after virtio_9p_transport definition

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

9pfs: fix XattrOperations typedef

To comply with the QEMU coding style.

Signed-off-by: Greg Kurz <groug@kaod.org>

9pfs: local: lremovexattr: don't follow symlinks

The local_lremovexattr() callback is vulnerable to symlink attacks because
it calls lremovexattr() which follows symbolic links in all path elements

9pfs: local: lremovexattr: don't follow symlinks

The local_lremovexattr() callback is vulnerable to symlink attacks because
it calls lremovexattr() which follows symbolic links in all path elements
but the rightmost one.

This patch introduces a helper to emulate the non-existing fremovexattrat()
function: it is implemented with /proc/self/fd which provides a trusted
path that can be safely passed to lremovexattr().

local_lremovexattr() is converted to use this helper and opendir_nofollow().

This partly fixes CVE-2016-9602.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...

9pfs: local: lsetxattr: don't follow symlinks

The local_lsetxattr() callback is vulnerable to symlink attacks because
it calls lsetxattr() which follows symbolic links in all path elements but
the r

9pfs: local: lsetxattr: don't follow symlinks

The local_lsetxattr() callback is vulnerable to symlink attacks because
it calls lsetxattr() which follows symbolic links in all path elements but
the rightmost one.

This patch introduces a helper to emulate the non-existing fsetxattrat()
function: it is implemented with /proc/self/fd which provides a trusted
path that can be safely passed to lsetxattr().

local_lsetxattr() is converted to use this helper and opendir_nofollow().

This partly fixes CVE-2016-9602.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...

9pfs: local: lgetxattr: don't follow symlinks

The local_lgetxattr() callback is vulnerable to symlink attacks because
it calls lgetxattr() which follows symbolic links in all path elements but
the r

9pfs: local: lgetxattr: don't follow symlinks

The local_lgetxattr() callback is vulnerable to symlink attacks because
it calls lgetxattr() which follows symbolic links in all path elements but
the rightmost one.

This patch introduces a helper to emulate the non-existing fgetxattrat()
function: it is implemented with /proc/self/fd which provides a trusted
path that can be safely passed to lgetxattr().

local_lgetxattr() is converted to use this helper and opendir_nofollow().

This partly fixes CVE-2016-9602.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...

9pfs: local: move xattr security ops to 9p-xattr.c

These functions are always called indirectly. It really doesn't make sense
for them to sit in a header file.

Signed-off-by: Greg Kurz <groug@kaod.

9pfs: local: move xattr security ops to 9p-xattr.c

These functions are always called indirectly. It really doesn't make sense
for them to sit in a header file.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...

Clean up ill-advised or unusual header guards

Cleaned up with scripts/clean-header-guards.pl.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>

9pfs: rename virtio-9p-xattr{,-user}.{c,h} to 9p-xattr{,-user}.{c,h}

These three files are not virtio specific. Rename them to generic
names.

Fix comments and header inclusion in various files.

Si

9pfs: rename virtio-9p-xattr{,-user}.{c,h} to 9p-xattr{,-user}.{c,h}

These three files are not virtio specific. Rename them to generic
names.

Fix comments and header inclusion in various files.

Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>

show more ...

hw/9pfs: use g_strdup_printf() instead of PATH_MAX limitation

When path is truncated by PATH_MAX limitation, it causes QEMU to access
incorrect file. So use original full path instead of PATH_MAX wi

hw/9pfs: use g_strdup_printf() instead of PATH_MAX limitation

When path is truncated by PATH_MAX limitation, it causes QEMU to access
incorrect file. So use original full path instead of PATH_MAX within
9pfs (need check/process ENOMEM for related memory allocation).

The related test:

- Environments (for qemu-devel):

- Host is under fedora17 desktop with ext4fs:

qemu-system-x86_64 -hda test.img -m 1024 \
-net nic,vlan=4,model=virtio,macaddr=00:16:35:AF:94:04 \
-net tap,vlan=4,ifname=tap4,script=no,downscript=no \
-device virtio-9p-pci,id=fs0,fsdev=fsdev0,mount_tag=hostshare \
-fsdev local,security_model=passthrough,id=fsdev0,\
path=/upstream/vm/data/share/1234567890abcdefghijklmnopqrstuvwxyz\
ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890acdefghijklmnopqrstuvwxyz\
ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890/111111111111111111111111111\
1111111111111111111111111111111111111111111111111111222222222222\
2222222222222222222222222222222222222222222222222222222222222222\
2222222222222222222222222222222222233333333333333333333333333333\
3333333333333333333333333333333333

- Guest is ubuntu12 server with 9pfs.

mount -t 9p -o trans=virtio,version=9p2000.L hostshare /share

- Limitations:

full path limitation is PATH_MAX (4096B include nul) under Linux.
file/dir node name maximized length is 256 (include nul) under ext4.

- Special test:

Under host, modify the file: "/upstream/vm/data/share/1234567890abcdefg\
hijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890acdefghijklmno\
pqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890/111111111111111111111\
111111111111111111111111111111111111111111111111111111111122222222222\
222222222222222222222222222222222222222222222222222222222222222222222\
222222222222222222222222222222233333333333333333333333333333333333333\
3333333333333333333333333/4444444444444444444444444444444444444444444\
444444444444444444444444444444444444444444444444444444444444444444444\
444444444444444444444444444444444444444444444444444444444444444444444\
444444444444444444444444444444444444444/55555555555555555555555555555\
555555555555555555555555555555555555555555555555555555555555555555555\
555555555555555555555555555555555555555555555555555555555555555555555\
555555555555555555555555555555555555555555555555555555555555555555555\
55555555/666666666666666666666666666666666666666666666666666666666666\
666666666666666666666666666666666666666666666666666666666666666666666\
666666666666666666666666666666666666666666666666666666666666666666666\
666666666666666666666/77777777777777777777777777777777777777777777777\
777777777777777777777777777777777777777777777777777777777777777777777\
777777777777777777777777777777777777777777777777777777777777777777777\
77777777777777777777777777777777777777777777777777777777777/888888888\
888888888888888888888888888888888888888888888888888888888888888888888\
888888888888888888888888888888888888888888888888888888888888888888888\
888888888888888888888888888888888888888888888888888888888888888888888\
888888888/99999999999999999999999999999999999999999999999999999999999\
999999999999999999999999999999999999999999999999999999999999999999999\
999999999999999999999999999999999999999999999999999999999999999999999\
99999999999999999999999999999999999999999/000000000000000000000000000\
000000000000000000000000000000000000000000000000000000000000000000000\
000000000000000000000000000000000000000000000000000000000000000000000\
000000000000000000000000000000000000000000000000/aaaaaaaaaaaaaaaaaaaa\
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbb\
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb\
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb\
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ccccccccc\
ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc\
ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc\
ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc\
cccccccccc/dddddddddddddddddddddddddddddddddddddddddddddddddddddddddd\
ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd\
ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd\
dddddddddddddddddddddd/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/fffffffffffffff\
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff/gggggggggg\
ggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggg\
ggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggg\
ggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggg\
ggggggggggggggggggggggg/iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii\
iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii\
iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii\
iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii/jjjjjjjjjjjjj\
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj\
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj/ppppppppppppppppppppp\
ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp\
ppppppppppppppppppppppppppppppppppppppp/test1234567890file.log"
(need enter dir firstly, then modify file, or can not open it).

Under guest, still allow modify "test1234567890file.log" (will generate
"test123456" file with contents).

After apply this patch, can not open "test1234567890file.log" under guest
(permission denied).

- Common test:

All are still OK after apply this path.

"mkdir -p", "create/open file/dir", "modify file/dir", "rm file/dir".
change various mount point paths under host and/or guest.

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>

show more ...

misc: move include files to include/qemu/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

configure: fix detection for xattr.h on modern distributions

Modern distributions place xattr.h in /usr/include/sys, and fold
libattr.so into libc. They also don't have an ENOATTR.

Make configure

configure: fix detection for xattr.h on modern distributions

Modern distributions place xattr.h in /usr/include/sys, and fold
libattr.so into libc. They also don't have an ENOATTR.

Make configure detect this, and add a qemu-xattr.h file that
directs the #include to the right place.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

show more ...

[virtio-9p] Make rpath thread safe

Current rpath inline function is heavily used in all system calls.
This function has a static buffer making it a non-thread safe function.
This patch introduces ne

[virtio-9p] Make rpath thread safe

Current rpath inline function is heavily used in all system calls.
This function has a static buffer making it a non-thread safe function.
This patch introduces new thread-safe routine and makes use of it.

Signed-off-by: Venkateswararao Jujjuri "<jvrao@linux.vnet.ibm.com>

show more ...

virtio-9p: move 9p files around

Now that we start adding more files related to 9pfs
it make sense to move them to a separate directory

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.c

virtio-9p: move 9p files around

Now that we start adding more files related to 9pfs
it make sense to move them to a separate directory

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>

show more ...

Delete useless 'extern' qualifiers for functions

'extern' qualifier is useless for function declarations. Delete
them.

Signed-off-by: Blue Swirl <blauwirbel@gmail.com>

virtio-9p: Support mapped posix acl

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>

virtio-9p: Use layered xattr approach

We would need this to make sure we handle the mapped
security model correctly for different xattr names.

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vn

virtio-9p: Use layered xattr approach

We would need this to make sure we handle the mapped
security model correctly for different xattr names.

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>

show more ...