[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH] 9pfs: local: fix unlink of alien files in mapped-f
From: |
Greg Kurz |
Subject: |
[Qemu-stable] [PATCH] 9pfs: local: fix unlink of alien files in mapped-file mode |
Date: |
Fri, 28 Apr 2017 10:54:42 +0200 |
User-agent: |
StGit/0.17.1-20-gc0b1b-dirty |
When trying to remove a file from a directory, both created in non-mapped
mode, the file remains and EBADF is returned to the guest.
This is a regression introduced by commit "df4938a6651b 9pfs: local:
unlinkat: don't follow symlinks" when fixing CVE-2016-9602. It changed the
way we unlink the metadata file from
ret = remove("$dir/.virtfs_metadata/$name");
if (ret < 0 && errno != ENOENT) {
/* Error out */
}
/* Ignore absence of metadata */
to
fd = openat("$dir/.virtfs_metadata")
unlinkat(fd, "$name")
if (ret < 0 && errno != ENOENT) {
/* Error out */
}
/* Ignore absence of metadata */
If $dir was created in non-mapped mode, openat() fails with ENOENT and
we pass -1 to unlinkat(), which fails in turn with EBADF.
We just need to check the return of openat() and ignore ENOENT, in order
to restore the behaviour we had with remove().
Signed-off-by: Greg Kurz <address@hidden>
---
hw/9pfs/9p-local.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
index f3ebca4f7a56..4e9823b08e74 100644
--- a/hw/9pfs/9p-local.c
+++ b/hw/9pfs/9p-local.c
@@ -983,12 +983,20 @@ static int local_unlinkat_common(FsContext *ctx, int
dirfd, const char *name,
* .virtfs_metadata directory.
*/
map_dirfd = openat_dir(dirfd, VIRTFS_META_DIR);
- ret = unlinkat(map_dirfd, name, 0);
- close_preserve_errno(map_dirfd);
- if (ret < 0 && errno != ENOENT) {
+ if (map_dirfd != -1) {
+ ret = unlinkat(map_dirfd, name, 0);
+ close_preserve_errno(map_dirfd);
+ if (ret < 0 && errno != ENOENT) {
+ /*
+ * We didn't had the .virtfs_metadata file. May be file created
+ * in non-mapped mode ?. Ignore ENOENT.
+ */
+ goto err_out;
+ }
+ } else if (errno != ENOENT) {
/*
- * We didn't had the .virtfs_metadata file. May be file created
- * in non-mapped mode ?. Ignore ENOENT.
+ * We didn't had the parent .virtfs_metadata directory. May be
+ * file created in non-mapped mode ?. Ignore ENOENT.
*/
goto err_out;
}
- [Qemu-stable] [PATCH] 9pfs: local: fix unlink of alien files in mapped-file mode,
Greg Kurz <=