aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2020-07-03 17:55:31 +0100
committerPeter Maydell <peter.maydell@linaro.org>2020-07-03 17:55:31 +0100
commit7b7515702012219410802a168ae4aa45b72a44df (patch)
tree2a2335b0e0d4737ca5fd38d210c9b9588b29d203
parent5f42c3375d45108cf14f50ac8ba57c2865e75e9c (diff)
parent4f071a9460886667fde061c05b79dc786cc22e3c (diff)
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches: - qemu-img convert: Don't pre-zero images (removes nowadays counterproductive optimisation) - qemu-storage-daemon: Fix object-del, cleaner shutdown - vvfat: Check that the guest doesn't escape the given host directory with read-write vvfat drives - vvfat: Fix crash by out-of-bounds array writes for read-write drives - iotests fixes # gpg: Signature made Fri 03 Jul 2020 10:20:46 BST # gpg: using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6 # gpg: issuer "kwolf@redhat.com" # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full] # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: iotests: Fix 051 output after qdev_init_nofail() removal iotests.py: Do not wait() before communicate() vvfat: Fix array_remove_slice() vvfat: Check that updated filenames are valid qemu-storage-daemon: add missing cleanup calls qemu-storage-daemon: remember to add qemu_object_opts qemu-img convert: Don't pre-zero images Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-rw-r--r--block/vvfat.c67
-rw-r--r--qemu-img.c9
-rw-r--r--qemu-storage-daemon.c5
-rw-r--r--tests/qemu-iotests/iotests.py34
4 files changed, 51 insertions, 64 deletions
diff --git a/block/vvfat.c b/block/vvfat.c
index c65a98e3ee..2eb8cbb19f 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -140,48 +140,16 @@ static inline void* array_insert(array_t* array,unsigned int index,unsigned int
return array->pointer+index*array->item_size;
}
-/* this performs a "roll", so that the element which was at index_from becomes
- * index_to, but the order of all other elements is preserved. */
-static inline int array_roll(array_t* array,int index_to,int index_from,int count)
-{
- char* buf;
- char* from;
- char* to;
- int is;
-
- if(!array ||
- index_to<0 || index_to>=array->next ||
- index_from<0 || index_from>=array->next)
- return -1;
-
- if(index_to==index_from)
- return 0;
-
- is=array->item_size;
- from=array->pointer+index_from*is;
- to=array->pointer+index_to*is;
- buf=g_malloc(is*count);
- memcpy(buf,from,is*count);
-
- if(index_to<index_from)
- memmove(to+is*count,to,from-to);
- else
- memmove(from,from+is*count,to-from);
-
- memcpy(to,buf,is*count);
-
- g_free(buf);
-
- return 0;
-}
-
static inline int array_remove_slice(array_t* array,int index, int count)
{
assert(index >=0);
assert(count > 0);
assert(index + count <= array->next);
- if(array_roll(array,array->next-1,index,count))
- return -1;
+
+ memmove(array->pointer + index * array->item_size,
+ array->pointer + (index + count) * array->item_size,
+ (array->next - index - count) * array->item_size);
+
array->next -= count;
return 0;
}
@@ -520,12 +488,31 @@ static void set_begin_of_direntry(direntry_t* direntry, uint32_t begin)
direntry->begin_hi = cpu_to_le16((begin >> 16) & 0xffff);
}
+static bool valid_filename(const unsigned char *name)
+{
+ unsigned char c;
+ if (!strcmp((const char*)name, ".") || !strcmp((const char*)name, "..")) {
+ return false;
+ }
+ for (; (c = *name); name++) {
+ if (!((c >= '0' && c <= '9') ||
+ (c >= 'A' && c <= 'Z') ||
+ (c >= 'a' && c <= 'z') ||
+ c > 127 ||
+ strchr("$%'-_@~`!(){}^#&.+,;=[]", c) != NULL))
+ {
+ return false;
+ }
+ }
+ return true;
+}
+
static uint8_t to_valid_short_char(gunichar c)
{
c = g_unichar_toupper(c);
if ((c >= '0' && c <= '9') ||
(c >= 'A' && c <= 'Z') ||
- strchr("$%'-_@~`!(){}^#&", c) != 0) {
+ strchr("$%'-_@~`!(){}^#&", c) != NULL) {
return c;
} else {
return 0;
@@ -2098,6 +2085,10 @@ DLOG(fprintf(stderr, "check direntry %d:\n", i); print_direntry(direntries + i))
}
lfn.checksum = 0x100; /* cannot use long name twice */
+ if (!valid_filename(lfn.name)) {
+ fprintf(stderr, "Invalid file name\n");
+ goto fail;
+ }
if (path_len + 1 + lfn.len >= PATH_MAX) {
fprintf(stderr, "Name too long: %s/%s\n", path, lfn.name);
goto fail;
diff --git a/qemu-img.c b/qemu-img.c
index d7e846e607..bdb9f6aa46 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -2084,15 +2084,6 @@ static int convert_do_copy(ImgConvertState *s)
s->has_zero_init = bdrv_has_zero_init(blk_bs(s->target));
}
- if (!s->has_zero_init && !s->target_has_backing &&
- bdrv_can_write_zeroes_with_unmap(blk_bs(s->target)))
- {
- ret = blk_make_zero(s->target, BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK);
- if (ret == 0) {
- s->has_zero_init = true;
- }
- }
-
/* Allocate buffer for copied data. For compressed images, only one cluster
* can be copied at a time. */
if (s->compressed) {
diff --git a/qemu-storage-daemon.c b/qemu-storage-daemon.c
index 9e7adfe3a6..7e9b0e0d3f 100644
--- a/qemu-storage-daemon.c
+++ b/qemu-storage-daemon.c
@@ -316,6 +316,7 @@ int main(int argc, char *argv[])
module_call_init(MODULE_INIT_QOM);
module_call_init(MODULE_INIT_TRACE);
+ qemu_add_opts(&qemu_object_opts);
qemu_add_opts(&qemu_trace_opts);
qcrypto_init(&error_fatal);
bdrv_init();
@@ -334,5 +335,9 @@ int main(int argc, char *argv[])
main_loop_wait(false);
}
+ monitor_cleanup();
+ qemu_chr_cleanup();
+ user_creatable_cleanup();
+
return EXIT_SUCCESS;
}
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 5ea4c4df8b..ef739dd1e3 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -146,11 +146,12 @@ def qemu_img_pipe(*args):
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
universal_newlines=True)
- exitcode = subp.wait()
- if exitcode < 0:
+ output = subp.communicate()[0]
+ if subp.returncode < 0:
sys.stderr.write('qemu-img received signal %i: %s\n'
- % (-exitcode, ' '.join(qemu_img_args + list(args))))
- return subp.communicate()[0]
+ % (-subp.returncode,
+ ' '.join(qemu_img_args + list(args))))
+ return output
def qemu_img_log(*args):
result = qemu_img_pipe(*args)
@@ -177,11 +178,11 @@ def qemu_io(*args):
subp = subprocess.Popen(args, stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
universal_newlines=True)
- exitcode = subp.wait()
- if exitcode < 0:
+ output = subp.communicate()[0]
+ if subp.returncode < 0:
sys.stderr.write('qemu-io received signal %i: %s\n'
- % (-exitcode, ' '.join(args)))
- return subp.communicate()[0]
+ % (-subp.returncode, ' '.join(args)))
+ return output
def qemu_io_log(*args):
result = qemu_io(*args)
@@ -257,15 +258,14 @@ def qemu_nbd_early_pipe(*args):
and its output in case of an error'''
subp = subprocess.Popen(qemu_nbd_args + ['--fork'] + list(args),
stdout=subprocess.PIPE,
- stderr=subprocess.STDOUT,
universal_newlines=True)
- exitcode = subp.wait()
- if exitcode < 0:
+ output = subp.communicate()[0]
+ if subp.returncode < 0:
sys.stderr.write('qemu-nbd received signal %i: %s\n' %
- (-exitcode,
+ (-subp.returncode,
' '.join(qemu_nbd_args + ['--fork'] + list(args))))
- return exitcode, subp.communicate()[0] if exitcode else ''
+ return subp.returncode, output if subp.returncode else ''
def qemu_nbd_popen(*args):
'''Run qemu-nbd in daemon mode and return the parent's exit code'''
@@ -1062,11 +1062,11 @@ def qemu_pipe(*args):
subp = subprocess.Popen(args, stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
universal_newlines=True)
- exitcode = subp.wait()
- if exitcode < 0:
+ output = subp.communicate()[0]
+ if subp.returncode < 0:
sys.stderr.write('qemu received signal %i: %s\n' %
- (-exitcode, ' '.join(args)))
- return subp.communicate()[0]
+ (-subp.returncode, ' '.join(args)))
+ return output
def supported_formats(read_only=False):
'''Set 'read_only' to True to check ro-whitelist