hw/9pfs: spelling fixes

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>

9pfs: prevent opening special files (CVE-2023-2861)

The 9p protocol does not specifically define how server shall behave when
client tries to open a special file, however from security POV it does
m

9pfs: prevent opening special files (CVE-2023-2861)

The 9p protocol does not specifically define how server shall behave when
client tries to open a special file, however from security POV it does
make sense for 9p server to prohibit opening any special file on host side
in general. A sane Linux 9p client for instance would never attempt to
open a special file on host side, it would always handle those exclusively
on its guest side. A malicious client however could potentially escape
from the exported 9p tree by creating and opening a device file on host
side.

With QEMU this could only be exploited in the following unsafe setups:

- Running QEMU binary as root AND 9p 'local' fs driver AND 'passthrough'
security model.

or

- Using 9p 'proxy' fs driver (which is running its helper daemon as
root).

These setups were already discouraged for safety reasons before,
however for obvious reasons we are now tightening behaviour on this.

Fixes: CVE-2023-2861
Reported-by: Yanwu Shen <ywsPlz@gmail.com>
Reported-by: Jietao Xiao <shawtao1125@gmail.com>
Reported-by: Jinku Li <jkli@xidian.edu.cn>
Reported-by: Wenbo Shen <shenwenbo@zju.edu.cn>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Message-Id: <E1q6w7r-0000Q0-NM@lizzy.crudebyte.com>

show more ...

hw/9pfs: Replace the direct call to xxxat() APIs with a wrapper

xxxat() APIs are only available on POSIX platforms. For future
extension to Windows, let's replace the direct call to xxxat()
APIs wit

hw/9pfs: Replace the direct call to xxxat() APIs with a wrapper

xxxat() APIs are only available on POSIX platforms. For future
extension to Windows, let's replace the direct call to xxxat()
APIs with a wrapper.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Message-Id: <20221219102022.2167736-4-bin.meng@windriver.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>

show more ...

hw/9pfs: Drop unnecessary *xattr wrapper API declarations

These are not used anywhere in the source tree. Drop them.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Greg Kurz <groug@k

hw/9pfs: Drop unnecessary *xattr wrapper API declarations

These are not used anywhere in the source tree. Drop them.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <20221219102022.2167736-3-bin.meng@windriver.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>

show more ...

9pfs: fix wrong errno being sent to Linux client on macOS host

Linux and macOS only share some errno definitions with equal macro
name and value. In fact most mappings for errno are completely
diffe

9pfs: fix wrong errno being sent to Linux client on macOS host

Linux and macOS only share some errno definitions with equal macro
name and value. In fact most mappings for errno are completely
different on the two systems.

This patch converts some important errno values from macOS host to
corresponding Linux errno values before eventually sending such error
codes along with 'Rlerror' replies (if 9p2000.L is used that is). Not
having translated errnos before violated the 9p2000.L protocol spec,
which says:

"
size[4] Rlerror tag[2] ecode[4]

... ecode is a numerical Linux errno.
"

https://github.com/chaos/diod/wiki/protocol#lerror----return-error-code

This patch fixes a bunch of misbehaviours when running a Linux client
on macOS host. For instance this patch fixes:

mount -t 9p -o posixacl ...

on Linux guest if security_mode=mapped was used for 9p server, which
refused to mount successfully, because macOS returned ENOATTR==93
when client tried to retrieve POSIX ACL xattrs, because errno 93
is defined as EPROTONOSUPPORT==93 on Linux, so Linux client believed
that xattrs were not supported by filesystem on host in general.

Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Link: https://lore.kernel.org/qemu-devel/20220421124835.3e664669@bahia/
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <b322ab298a62069e527d2b032028bdc9115afacd.1651228001.git.qemu_oss@crudebyte.com>

show more ...

9pfs: fix wrong encoding of rdev field in Rgetattr on macOS

The 'rdev' field in 9p reponse 'Rgetattr' is of type dev_t,
which is actually a system dependant type and therefore both the
size and enco

9pfs: fix wrong encoding of rdev field in Rgetattr on macOS

The 'rdev' field in 9p reponse 'Rgetattr' is of type dev_t,
which is actually a system dependant type and therefore both the
size and encoding of dev_t differ between macOS and Linux.

So far we have sent 'rdev' to guest in host's dev_t format as-is,
which caused devices to appear with wrong device numbers on
guests running on macOS hosts, eventually leading to various
misbehaviours on guest in conjunction with device files.

This patch fixes this issue by converting the device number from
host's dev_t format to Linux dev_t format. As 9p request
'Tgettattr' is exclusive to protocol version 9p2000.L, it should
be fair to assume that 'rdev' field is assumed to be in Linux dev_t
format by client as well.

Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Link: https://lore.kernel.org/qemu-devel/20220421093056.5ab1e7ed@bahia/
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <b3a430c2c382ba69a7405e04c0b090ab0d86f17e.1651228001.git.qemu_oss@crudebyte.com>

show more ...

9pfs/9p-util.h: convert Doxygen -> kerneldoc format

API doc comments in QEMU are supposed to be in kerneldoc format, so
convert API doc comments from Doxygen format to kerneldoc format.

Signed-off-

9pfs/9p-util.h: convert Doxygen -> kerneldoc format

API doc comments in QEMU are supposed to be in kerneldoc format, so
convert API doc comments from Doxygen format to kerneldoc format.

Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <dc1c4a85e233f5884ee5f6ec96b87db286083df7.1646314856.git.qemu_oss@crudebyte.com>

show more ...

9pfs: drop Doxygen format from qemu_dirent_dup() API comment

API doc comments in QEMU are supposed to be in kerneldoc format, so drop
occurrences of "@c" which is Doxygen format for fixed-width text

9pfs: drop Doxygen format from qemu_dirent_dup() API comment

API doc comments in QEMU are supposed to be in kerneldoc format, so drop
occurrences of "@c" which is Doxygen format for fixed-width text.

Link: https://lore.kernel.org/qemu-devel/CAFEAcA89+ENOM6x19OEF53Kd2DWkhN5SN21Va0D7yepJSa3Jyg@mail.gmail.com/
Based-on: <E1nP9Oz-00043L-KJ@lizzy.crudebyte.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <E1nPTwO-0006pl-Np@lizzy.crudebyte.com>

show more ...

9pfs: move qemu_dirent_dup() from osdep -> 9p-util

Function qemu_dirent_dup() is currently only used by 9pfs server, so move
it from project global header osdep.h to 9pfs specific header 9p-util.h.

9pfs: move qemu_dirent_dup() from osdep -> 9p-util

Function qemu_dirent_dup() is currently only used by 9pfs server, so move
it from project global header osdep.h to 9pfs specific header 9p-util.h.

Link: https://lore.kernel.org/qemu-devel/CAFEAcA_=HAUNomKD2wurSVaAHa5mrk22A1oHKLWUDjk7v6Khmg@mail.gmail.com/
Based-on: <20220227223522.91937-12-wwcohen@gmail.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <E1nP9Oz-00043L-KJ@lizzy.crudebyte.com>

show more ...

9p: darwin: Implement compatibility for mknodat

Darwin does not support mknodat. However, to avoid race conditions
with later setting the permissions, we must avoid using mknod on
the full path inst

9p: darwin: Implement compatibility for mknodat

Darwin does not support mknodat. However, to avoid race conditions
with later setting the permissions, we must avoid using mknod on
the full path instead. We could try to fchdir, but that would cause
problems if multiple threads try to call mknodat at the same time.
However, luckily there is a solution: Darwin includes a function
that sets the cwd for the current thread only.
This should suffice to use mknod safely.

This function (pthread_fchdir_np) is protected by a check in
meson in a patch later in this series.

Signed-off-by: Keno Fischer <keno@juliacomputing.com>
Signed-off-by: Michael Roitzsch <reactorcontrol@icloud.com>
[Will Cohen: - Adjust coding style
- Replace clang references with gcc
- Note radar filed with Apple for missing syscall
- Replace direct syscall with pthread_fchdir_np and
adjust patch notes accordingly
- Declare pthread_fchdir_np with
- __attribute__((weak_import)) to allow checking for
its presence before usage
- Move declarations above cplusplus guard
- Add CONFIG_PTHREAD_FCHDIR_NP to meson and check for
presence in 9p-util
- Rebase to apply cleanly on top of the 2022-02-10
changes to 9pfs
- Fix line over 90 characters formatting error]
Signed-off-by: Will Cohen <wwcohen@gmail.com>
Message-Id: <20220227223522.91937-10-wwcohen@gmail.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>

show more ...

9p: darwin: Compatibility for f/l*xattr

On darwin `fgetxattr` takes two extra optional arguments,
and the l* variants are not defined (in favor of an extra
flag to the regular variants.

Signed-off-

9p: darwin: Compatibility for f/l*xattr

On darwin `fgetxattr` takes two extra optional arguments,
and the l* variants are not defined (in favor of an extra
flag to the regular variants.

Signed-off-by: Keno Fischer <keno@juliacomputing.com>
[Michael Roitzsch: - Rebase for NixOS]
Signed-off-by: Michael Roitzsch <reactorcontrol@icloud.com>
Signed-off-by: Will Cohen <wwcohen@gmail.com>
Message-Id: <20220227223522.91937-9-wwcohen@gmail.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Acked-by: Christian Schoenebeck <qemu_oss@crudebyte.com>

show more ...

9p: darwin: Ignore O_{NOATIME, DIRECT}

Darwin doesn't have either of these flags. Darwin does have
F_NOCACHE, which is similar to O_DIRECT, but has different
enough semantics that other projects don

9p: darwin: Ignore O_{NOATIME, DIRECT}

Darwin doesn't have either of these flags. Darwin does have
F_NOCACHE, which is similar to O_DIRECT, but has different
enough semantics that other projects don't generally map
them automatically. In any case, we don't support O_DIRECT
on Linux at the moment either.

Signed-off-by: Keno Fischer <keno@juliacomputing.com>
[Michael Roitzsch: - Rebase for NixOS]
Signed-off-by: Michael Roitzsch <reactorcontrol@icloud.com>
[Will Cohen: - Adjust coding style]
Signed-off-by: Will Cohen <wwcohen@gmail.com>
Message-Id: <20220227223522.91937-6-wwcohen@gmail.com>
[C.S.: - Fix compiler warning "unused label 'again'". ]
Link: https://lore.kernel.org/qemu-devel/11201492.CjeqJxXfGd@silver/
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>

show more ...

9p: darwin: Handle struct dirent differences

On darwin d_seekoff exists, but is optional and does not seem to
be commonly used by file systems. Use `telldir` instead to obtain
the seek offset and in

9p: darwin: Handle struct dirent differences

On darwin d_seekoff exists, but is optional and does not seem to
be commonly used by file systems. Use `telldir` instead to obtain
the seek offset and inject it into d_seekoff, and create a
qemu_dirent_off helper to call it appropriately when appropriate.

Signed-off-by: Keno Fischer <keno@juliacomputing.com>
[Michael Roitzsch: - Rebase for NixOS]
Signed-off-by: Michael Roitzsch <reactorcontrol@icloud.com>
[Will Cohen: - Adjust to pass testing
- Ensure that d_seekoff is filled using telldir
on darwin, and create qemu_dirent_off helper
to decide which to access]
[Fabian Franz: - Add telldir error handling for darwin]
Signed-off-by: Fabian Franz <fabianfranz.oss@gmail.com>
[Will Cohen: - Ensure that telldir error handling uses
signed int
- Cleanup of telldir error handling
- Remove superfluous error handling for
qemu_dirent_off
- Adjust formatting
- Use qemu_dirent_off in codir.c
- Declare qemu_dirent_off as static to prevent
linker error
- Move qemu_dirent_off above the end-of-file
endif to fix compilation]
Signed-off-by: Will Cohen <wwcohen@gmail.com>
Message-Id: <20220227223522.91937-5-wwcohen@gmail.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>

show more ...

Merge remote-tracking branch 'remotes/xtensa/tags/20200625-xtensa' into staging

target/xtensa fixes for 5.1:

- fix access to special registers missing in the core configuration;

Merge remote-tracking branch 'remotes/xtensa/tags/20200625-xtensa' into staging

target/xtensa fixes for 5.1:

- fix access to special registers missing in the core configuration;
- fix simcall opcode behavior for new hardware;
- drop gen_io_end call from xtensa translator.

# gpg: Signature made Thu 25 Jun 2020 09:08:58 BST
# gpg: using RSA key 2B67854B98E5327DCDEB17D851F9CC91F83FA044
# gpg: issuer "jcmvbkbc@gmail.com"
# gpg: Good signature from "Max Filippov <filippov@cadence.com>" [unknown]
# gpg: aka "Max Filippov <max.filippov@cogentembedded.com>" [full]
# gpg: aka "Max Filippov <jcmvbkbc@gmail.com>" [full]
# Primary key fingerprint: 2B67 854B 98E5 327D CDEB 17D8 51F9 CC91 F83F A044

* remotes/xtensa/tags/20200625-xtensa:
target/xtensa: drop gen_io_end call
target/xtensa: fix simcall for newer hardware
target/xtensa: fetch HW version from configuration overlay
target/xtensa: work around missing SR definitions

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging

machine queue, 2020-05-13

Bug fixes:
* hostmem: don't use mbind() if host-nodes is em

Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging

machine queue, 2020-05-13

Bug fixes:
* hostmem: don't use mbind() if host-nodes is empty (Igor Mammedov)

# gpg: Signature made Wed 13 May 2020 15:00:25 BST
# gpg: using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6
# gpg: issuer "ehabkost@redhat.com"
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/machine-next-pull-request:
hostmem: don't use mbind() if host-nodes is empty

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20200515-pull-request' into staging

ui: sdl bugfix, -show-cursor deprecation message

# gpg: Signature made Fri 15 May 2020 09:21

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20200515-pull-request' into staging

ui: sdl bugfix, -show-cursor deprecation message

# gpg: Signature made Fri 15 May 2020 09:21:29 BST
# gpg: using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20200515-pull-request:
ui/sdl2: fix segment fault caused by null pointer dereference
ui: improve -show-cursor deprecation message

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Merge remote-tracking branch 'remotes/gkurz/tags/9p-next-2020-05-14' into staging

Changes:
- Christian Schoenebeck is now co-maintainer for 9pfs
- relax checks for O_NOATIME
- mi

Merge remote-tracking branch 'remotes/gkurz/tags/9p-next-2020-05-14' into staging

Changes:
- Christian Schoenebeck is now co-maintainer for 9pfs
- relax checks for O_NOATIME
- minor documentation updates

# gpg: Signature made Thu 14 May 2020 08:14:37 BST
# gpg: using RSA key B4828BAF943140CEF2A3491071D4D5E5822F73D6
# gpg: Good signature from "Greg Kurz <groug@kaod.org>" [full]
# gpg: aka "Gregory Kurz <gregory.kurz@free.fr>" [full]
# gpg: aka "[jpeg image of size 3330]" [full]
# Primary key fingerprint: B482 8BAF 9431 40CE F2A3 4910 71D4 D5E5 822F 73D6

* remotes/gkurz/tags/9p-next-2020-05-14:
xen-9pfs: Fix log messages of reply errors
9pfs: local: ignore O_NOATIME if we don't have permissions
qemu-options.hx: 9p: clarify -virtfs vs. -fsdev
MAINTAINERS: Upgrade myself as 9pfs co-maintainer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

9pfs: local: ignore O_NOATIME if we don't have permissions

QEMU's local 9pfs server passes through O_NOATIME from the client. If
the QEMU process doesn't have permissions to use O_NOATIM

9pfs: local: ignore O_NOATIME if we don't have permissions

QEMU's local 9pfs server passes through O_NOATIME from the client. If
the QEMU process doesn't have permissions to use O_NOATIME (namely, it
does not own the file nor have the CAP_FOWNER capability), the open will
fail. This causes issues when from the client's point of view, it
believes it has permissions to use O_NOATIME (e.g., a process running as
root in the virtual machine). Additionally, overlayfs on Linux opens
files on the lower layer using O_NOATIME, so in this case a 9pfs mount
can't be used as a lower layer for overlayfs (cf.
https://github.com/osandov/drgn/blob/dabfe1971951701da13863dbe6d8a1d172ad9650/vmtest/onoatimehack.c
and https://github.com/NixOS/nixpkgs/issues/54509).

Luckily, O_NOATIME is effectively a hint, and is often ignored by, e.g.,
network filesystems. open(2) notes that O_NOATIME "may not be effective
on all filesystems. One example is NFS, where the server maintains the
access time." This means that we can honor it when possible but fall
back to ignoring it.

Acked-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Signed-off-by: Omar Sandoval <osandov@fb.com>
Message-Id: <e9bee604e8df528584693a4ec474ded6295ce8ad.1587149256.git.osandov@fb.com>
Signed-off-by: Greg Kurz <groug@kaod.org>

show more ...

Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into staging

slirp updates

Prasad J Pandit (2):
slirp: Fix buffer overflow on packet reassembling

Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into staging

slirp updates

Prasad J Pandit (2):
slirp: Fix buffer overflow on packet reassembling

Samuel Thibault (3):
slirp: Add Samuel Thibault's staging tree for slirp
slirp: fix domainname version availability

# gpg: Signature made Fri 08 Jun 2018 07:12:24 BST
# gpg: using RSA key 996849C1CF560478
# gpg: Good signature from "Samuel Thibault <samuel.thibault@aquilenet.fr>"
# gpg: aka "Samuel Thibault <sthibault@debian.org>"
# gpg: aka "Samuel Thibault <samuel.thibault@gnu.org>"
# gpg: aka "Samuel Thibault <samuel.thibault@inria.fr>"
# gpg: aka "Samuel Thibault <samuel.thibault@labri.fr>"
# gpg: aka "Samuel Thibault <samuel.thibault@ens-lyon.org>"
# gpg: aka "Samuel Thibault <samuel.thibault@u-bordeaux.fr>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 900C B024 B679 31D4 0F82 304B D017 8C76 7D06 9EE6
# Subkey fingerprint: 3A3A 5D46 4660 E867 610C A427 9968 49C1 CF56 0478

* remotes/thibault/tags/samuel-thibault:
slirp: reformat m_inc routine
slirp: correct size computation while concatenating mbuf
slirp: fix domainname version availability
slirp: Add Samuel Thibault's staging tree for slirp
slirp: Fix spurious error report when sending directly

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging

Mostly bug fixes and code sanitization motivated by the upcoming
support for Darwin hosts. Thanks to Keno Fisc

Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging

Mostly bug fixes and code sanitization motivated by the upcoming
support for Darwin hosts. Thanks to Keno Fischer.

# gpg: Signature made Thu 07 Jun 2018 11:30:56 BST
# gpg: using RSA key 71D4D5E5822F73D6
# gpg: Good signature from "Greg Kurz <groug@kaod.org>"
# gpg: aka "Gregory Kurz <gregory.kurz@free.fr>"
# gpg: aka "[jpeg image of size 3330]"
# Primary key fingerprint: B482 8BAF 9431 40CE F2A3 4910 71D4 D5E5 822F 73D6

* remotes/gkurz/tags/for-upstream:
9p: xattr: Properly translate xattrcreate flags
9p: Properly check/translate flags in unlinkat
9p: local: Avoid warning if FS_IOC_GETVERSION is not defined
9p: xattr: Fix crashes due to free of uninitialized value
9p: Move a couple xattr functions to 9p-util
9p: local: Properly set errp in fstatfs error path
9p: proxy: Fix size passed to `connect`

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

9p: Move a couple xattr functions to 9p-util

These functions will need custom implementations on Darwin. Since the
implementation is very similar among all of them, and 9p-util already

9p: Move a couple xattr functions to 9p-util

These functions will need custom implementations on Darwin. Since the
implementation is very similar among all of them, and 9p-util already
has the _nofollow version of fgetxattrat, let's move them all there.

Signed-off-by: Keno Fischer <keno@juliacomputing.com>
Signed-off-by: Greg Kurz <groug@kaod.org>

show more ...

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

# gpg: Signature made Thu 10 Aug 2017 18:48:13 BST
# gpg: using RSA key 0x9CA4ABB381AB

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

# gpg: Signature made Thu 10 Aug 2017 18:48:13 BST
# gpg: using RSA key 0x9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/block-pull-request:
virtio-blk: handle blk_getlength() errors
IDE: test flush on empty CDROM
IDE: Do not flush empty CDROM drives

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

9pfs: local: fix fchmodat_nofollow() limitations

This function has to ensure it doesn't follow a symlink that could be used
to escape the virtfs directory. This could be easily achieved

9pfs: local: fix fchmodat_nofollow() limitations

This function has to ensure it doesn't follow a symlink that could be used
to escape the virtfs directory. This could be easily achieved if fchmodat()
on linux honored the AT_SYMLINK_NOFOLLOW flag as described in POSIX, but
it doesn't. There was a tentative to implement a new fchmodat2() syscall
with the correct semantics:

https://patchwork.kernel.org/patch/9596301/

but it didn't gain much momentum. Also it was suggested to look at an O_PATH
based solution in the first place.

The current implementation covers most use-cases, but it notably fails if:
- the target path has access rights equal to 0000 (openat() returns EPERM),
=> once you've done chmod(0000) on a file, you can never chmod() again
- the target path is UNIX domain socket (openat() returns ENXIO)
=> bind() of UNIX domain sockets fails if the file is on 9pfs

The solution is to use O_PATH: openat() now succeeds in both cases, and we
can ensure the path isn't a symlink with fstat(). The associated entry in
"/proc/self/fd" can hence be safely passed to the regular chmod() syscall.

The previous behavior is kept for older systems that don't have O_PATH.

Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Tested-by: Zhi Yong Wu <zhiyong.wu@ucloud.cn>
Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

show more ...

Merge remote-tracking branch 'remotes/berrange/tags/pull-qio-2017-07-18-1' into staging

Merge I/O 2017/07/18 v1

# gpg: Signature made Tue 18 Jul 2017 11:31:53 BST
# gpg:

Merge remote-tracking branch 'remotes/berrange/tags/pull-qio-2017-07-18-1' into staging

Merge I/O 2017/07/18 v1

# gpg: Signature made Tue 18 Jul 2017 11:31:53 BST
# gpg: using RSA key 0xBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/pull-qio-2017-07-18-1:
io: simplify qio_channel_attach_aio_context

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20170608' into staging

s390x: misc fixes

bunch of fixes
- reject MIDA accesses for CCWs
- cpumodel fixes
- c

Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20170608' into staging

s390x: misc fixes

bunch of fixes
- reject MIDA accesses for CCWs
- cpumodel fixes
- cross-build fix for bios
- migration improvements

# gpg: Signature made Thu 08 Jun 2017 14:10:29 BST
# gpg: using RSA key 0x117BBC80B5A61C7C
# gpg: Good signature from "Christian Borntraeger (IBM) <borntraeger@de.ibm.com>"
# Primary key fingerprint: F922 9381 A334 08F9 DBAB FBCA 117B BC80 B5A6 1C7C

* remotes/borntraeger/tags/s390x-20170608:
s390x/cpumodel: improve defintion search without an IBC
s390x/cpumodel: take care of the cpuid format bit for KVM
pc-bios/s390-ccw: use STRIP variable in Makefile
s390x/css: fence off MIDA
s390x/css: catch section mismatch on load

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...