mbox

[PULL,0/5] virtiofs queue: Security fix

Message ID 20210204183439.546918-1-dgilbert@redhat.com (mailing list archive)
State New, archived
Headers show

Pull-request

https://gitlab.com/dagrh/qemu.git tags/pull-virtiofs-20210204

Message

Dr. David Alan Gilbert Feb. 4, 2021, 6:34 p.m. UTC 
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>

The following changes since commit 1ba089f2255bfdb071be3ce6ac6c3069e8012179:

  Merge remote-tracking branch 'remotes/armbru/tags/pull-qmp-2021-02-04' into staging (2021-02-04 14:15:35 +0000)

are available in the Git repository at:

  https://gitlab.com/dagrh/qemu.git tags/pull-virtiofs-20210204

for you to fetch changes up to cf269ff8032392bbdd700e7bfd21823ad9eee3a9:

  virtiofsd: Add restart_syscall to the seccomp whitelist (2021-02-04 17:50:08 +0000)

----------------------------------------------------------------
virtiofs: Security pull 2021-02-04

This contains an important CVE fix for virtiofsd,
together with two fixes for over-eager seccomp rules.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

----------------------------------------------------------------
Greg Kurz (2):
      virtiofsd: Add _llseek to the seccomp whitelist
      virtiofsd: Add restart_syscall to the seccomp whitelist

Stefan Hajnoczi (3):
      virtiofsd: extract lo_do_open() from lo_open()
      virtiofsd: optionally return inode pointer from lo_do_lookup()
      virtiofsd: prevent opening of special files (CVE-2020-35517)

 tools/virtiofsd/passthrough_ll.c      | 224 ++++++++++++++++++++++------------
 tools/virtiofsd/passthrough_seccomp.c |   2 +
 2 files changed, 150 insertions(+), 76 deletions(-)

Comments

no-reply@patchew.org Feb. 4, 2021, 7:24 p.m. UTC | #1 
Patchew URL: https://patchew.org/QEMU/20210204183439.546918-1-dgilbert@redhat.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20210204183439.546918-1-dgilbert@redhat.com
Subject: [PULL 0/5] virtiofs queue: Security fix

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]         patchew/20210204183439.546918-1-dgilbert@redhat.com -> patchew/20210204183439.546918-1-dgilbert@redhat.com
Switched to a new branch 'test'
cc58a0c virtiofsd: Add restart_syscall to the seccomp whitelist
bc881ed virtiofsd: Add _llseek to the seccomp whitelist
449b30f virtiofsd: prevent opening of special files (CVE-2020-35517)
5da12fe virtiofsd: optionally return inode pointer from lo_do_lookup()
3690387 virtiofsd: extract lo_do_open() from lo_open()

=== OUTPUT BEGIN ===
1/5 Checking commit 3690387a3bc2 (virtiofsd: extract lo_do_open() from lo_open())
ERROR: return of an errno should typically be -ve (return -ENOMEM)
#72: FILE: tools/virtiofsd/passthrough_ll.c:1674:
+        return ENOMEM;

total: 1 errors, 0 warnings, 114 lines checked

Patch 1/5 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

2/5 Checking commit 5da12fe61f50 (virtiofsd: optionally return inode pointer from lo_do_lookup())
3/5 Checking commit 449b30fcc7be (virtiofsd: prevent opening of special files (CVE-2020-35517))
4/5 Checking commit bc881ed54ee8 (virtiofsd: Add _llseek to the seccomp whitelist)
5/5 Checking commit cc58a0c7f1a0 (virtiofsd: Add restart_syscall to the seccomp whitelist)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20210204183439.546918-1-dgilbert@redhat.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
Dr. David Alan Gilbert Feb. 4, 2021, 7:39 p.m. UTC | #2 
* no-reply@patchew.org (no-reply@patchew.org) wrote:
> Patchew URL: https://patchew.org/QEMU/20210204183439.546918-1-dgilbert@redhat.com/
> 
> 
> 
> Hi,
> 
> This series seems to have some coding style problems. See output below for
> more information:
> 
> Type: series
> Message-id: 20210204183439.546918-1-dgilbert@redhat.com
> Subject: [PULL 0/5] virtiofs queue: Security fix
> 
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> git rev-parse base > /dev/null || exit 0
> git config --local diff.renamelimit 0
> git config --local diff.renames True
> git config --local diff.algorithm histogram
> ./scripts/checkpatch.pl --mailback base..
> === TEST SCRIPT END ===
> 
> Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
> From https://github.com/patchew-project/qemu
>  * [new tag]         patchew/20210204183439.546918-1-dgilbert@redhat.com -> patchew/20210204183439.546918-1-dgilbert@redhat.com
> Switched to a new branch 'test'
> cc58a0c virtiofsd: Add restart_syscall to the seccomp whitelist
> bc881ed virtiofsd: Add _llseek to the seccomp whitelist
> 449b30f virtiofsd: prevent opening of special files (CVE-2020-35517)
> 5da12fe virtiofsd: optionally return inode pointer from lo_do_lookup()
> 3690387 virtiofsd: extract lo_do_open() from lo_open()
> 
> === OUTPUT BEGIN ===
> 1/5 Checking commit 3690387a3bc2 (virtiofsd: extract lo_do_open() from lo_open())
> ERROR: return of an errno should typically be -ve (return -ENOMEM)
> #72: FILE: tools/virtiofsd/passthrough_ll.c:1674:
> +        return ENOMEM;

That's expected and OK.

> total: 1 errors, 0 warnings, 114 lines checked
> 
> Patch 1/5 has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> 
> 2/5 Checking commit 5da12fe61f50 (virtiofsd: optionally return inode pointer from lo_do_lookup())
> 3/5 Checking commit 449b30fcc7be (virtiofsd: prevent opening of special files (CVE-2020-35517))
> 4/5 Checking commit bc881ed54ee8 (virtiofsd: Add _llseek to the seccomp whitelist)
> 5/5 Checking commit cc58a0c7f1a0 (virtiofsd: Add restart_syscall to the seccomp whitelist)
> === OUTPUT END ===
> 
> Test command exited with code: 1
> 
> 
> The full log is available at
> http://patchew.org/logs/20210204183439.546918-1-dgilbert@redhat.com/testing.checkpatch/?type=message.
> ---
> Email generated automatically by Patchew [https://patchew.org/].
> Please send your feedback to patchew-devel@redhat.com
Peter Maydell Feb. 5, 2021, 10:08 a.m. UTC | #3 
On Thu, 4 Feb 2021 at 19:14, Dr. David Alan Gilbert (git)
<dgilbert@redhat.com> wrote:
>
> From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
>
> The following changes since commit 1ba089f2255bfdb071be3ce6ac6c3069e8012179:
>
>   Merge remote-tracking branch 'remotes/armbru/tags/pull-qmp-2021-02-04' into staging (2021-02-04 14:15:35 +0000)
>
> are available in the Git repository at:
>
>   https://gitlab.com/dagrh/qemu.git tags/pull-virtiofs-20210204
>
> for you to fetch changes up to cf269ff8032392bbdd700e7bfd21823ad9eee3a9:
>
>   virtiofsd: Add restart_syscall to the seccomp whitelist (2021-02-04 17:50:08 +0000)
>
> ----------------------------------------------------------------
> virtiofs: Security pull 2021-02-04
>
> This contains an important CVE fix for virtiofsd,
> together with two fixes for over-eager seccomp rules.
>
> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
>
> ----------------------------------------------------------------



Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/6.0
for any user-visible changes.

-- PMM