diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2018-11-26 11:46:03 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2018-11-26 11:46:04 +0000 |
| commit | 72138f9bf5d8c316043b0d2cc7a674f70930cf95 (patch) | |
| tree | e6c6b9dfb3c69e6b67b4ee1574ff7dcca0884f01 /hw | |
| parent | b05730a876e899e8159878ba1c88fe5d1a3e8838 (diff) | |
| parent | 1d20398694a3b67a388d955b7a945ba4aa90a8a8 (diff) | |
Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging
Fixes a QEMU crash triggerable by guest userspace (CVE-2018-19489).
# gpg: Signature made Mon 26 Nov 2018 07:25:01 GMT
# gpg: using RSA key 71D4D5E5822F73D6
# gpg: Good signature from "Greg Kurz <groug@kaod.org>"
# gpg: aka "Gregory Kurz <gregory.kurz@free.fr>"
# gpg: aka "[jpeg image of size 3330]"
# Primary key fingerprint: B482 8BAF 9431 40CE F2A3 4910 71D4 D5E5 822F 73D6
* remotes/gkurz/tags/for-upstream:
9p: fix QEMU crash when renaming files
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw')
| -rw-r--r-- | hw/9pfs/9p.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index 267a25533b..bdf7919abf 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -2855,6 +2855,7 @@ static void coroutine_fn v9fs_wstat(void *opaque) struct stat stbuf; V9fsFidState *fidp; V9fsPDU *pdu = opaque; + V9fsState *s = pdu->s; v9fs_stat_init(&v9stat); err = pdu_unmarshal(pdu, offset, "dwS", &fid, &unused, &v9stat); @@ -2920,7 +2921,9 @@ static void coroutine_fn v9fs_wstat(void *opaque) } } if (v9stat.name.size != 0) { + v9fs_path_write_lock(s); err = v9fs_complete_rename(pdu, fidp, -1, &v9stat.name); + v9fs_path_unlock(s); if (err < 0) { goto out; } |