| Message ID | 20191212163904.159893-71-dgilbert@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | virtiofs daemon [all] | expand |
Looks good to me. Reviewed-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com> > --- > tools/virtiofsd/passthrough_ll.c | 14 ++++++++++++-- > 1 file changed, 12 insertions(+), 2 deletions(-) > > diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c > index 1618db5a92..ef8b88e3d1 100644 > --- a/tools/virtiofsd/passthrough_ll.c > +++ b/tools/virtiofsd/passthrough_ll.c > @@ -778,6 +778,15 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, > struct lo_data *lo = lo_data(req); > struct lo_inode *inode, *dir = lo_inode(req, parent); > > + /* > + * name_to_handle_at() and open_by_handle_at() can reach here with fuse > + * mount point in guest, but we don't have its inode info in the > + * ino_map. > + */ > + if (!dir) { > + return ENOENT; > + } > + > memset(e, 0, sizeof(*e)); > e->attr_timeout = lo->timeout; > e->entry_timeout = lo->timeout; > @@ -787,7 +796,7 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, > name = "."; > } > > - newfd = openat(lo_fd(req, parent), name, O_PATH | O_NOFOLLOW); > + newfd = openat(dir->fd, name, O_PATH | O_NOFOLLOW); > if (newfd == -1) { > goto out_err; > } > @@ -797,7 +806,7 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, > goto out_err; > } > > - inode = lo_find(lo_data(req), &e->attr); > + inode = lo_find(lo, &e->attr); > if (inode) { > close(newfd); > newfd = -1; > @@ -813,6 +822,7 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, > inode->is_symlink = S_ISLNK(e->attr.st_mode); > inode->refcount = 1; > inode->fd = newfd; > + newfd = -1; > inode->ino = e->attr.st_ino; > inode->dev = e->attr.st_dev;
Dr. David Alan Gilbert (git) <dgilbert@redhat.com> writes: > From: Miklos Szeredi <mszeredi@redhat.com> > > The Linux file handle APIs (struct export_operations) can access inodes > that are not attached to parents because path name traversal is not > performed. Refuse if there is no parent in lo_do_lookup(). > > Also clean up lo_do_lookup() while we're here. > > Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> > --- > tools/virtiofsd/passthrough_ll.c | 14 ++++++++++++-- > 1 file changed, 12 insertions(+), 2 deletions(-) Reviewed-by: Sergio Lopez <slp@redhat.com>
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c index 1618db5a92..ef8b88e3d1 100644 --- a/tools/virtiofsd/passthrough_ll.c +++ b/tools/virtiofsd/passthrough_ll.c @@ -778,6 +778,15 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, struct lo_data *lo = lo_data(req); struct lo_inode *inode, *dir = lo_inode(req, parent); + /* + * name_to_handle_at() and open_by_handle_at() can reach here with fuse + * mount point in guest, but we don't have its inode info in the + * ino_map. + */ + if (!dir) { + return ENOENT; + } + memset(e, 0, sizeof(*e)); e->attr_timeout = lo->timeout; e->entry_timeout = lo->timeout; @@ -787,7 +796,7 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, name = "."; } - newfd = openat(lo_fd(req, parent), name, O_PATH | O_NOFOLLOW); + newfd = openat(dir->fd, name, O_PATH | O_NOFOLLOW); if (newfd == -1) { goto out_err; } @@ -797,7 +806,7 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, goto out_err; } - inode = lo_find(lo_data(req), &e->attr); + inode = lo_find(lo, &e->attr); if (inode) { close(newfd); newfd = -1; @@ -813,6 +822,7 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, inode->is_symlink = S_ISLNK(e->attr.st_mode); inode->refcount = 1; inode->fd = newfd; + newfd = -1; inode->ino = e->attr.st_ino; inode->dev = e->attr.st_dev;