2983660f65
CVE-2013-4377: Fix crash when unplugging virtio devices (bz #1012633, bz #1012641) Fix 'new snapshot' slowness after the first snap (bz #988436) Fix 9pfs xattrs on kernel 3.11 (bz #1013676) CVE-2013-4344: buffer overflow in scsi_target_emulate_report_luns (bz #1015274, bz #1007330)
69 lines
2.1 KiB
Diff
69 lines
2.1 KiB
Diff
From 6f7e1d2bddb5a0a1c65f6f02467460d6edbcc901 Mon Sep 17 00:00:00 2001
|
|
From: "Daniel P. Berrange" <berrange@redhat.com>
|
|
Date: Tue, 1 Oct 2013 12:28:17 +0100
|
|
Subject: [PATCH] hw/9pfs: Fix errno value for xattr functions
|
|
|
|
If there is no operation driver for the xattr type the
|
|
functions return '-1' and set errno to '-EOPNOTSUPP'.
|
|
When the calling code sets 'ret = -errno' this turns
|
|
into a large positive number.
|
|
|
|
In Linux 3.11, the kernel has switched to using 9p
|
|
version 9p2000.L, instead of 9p2000.u, which enables
|
|
support for xattr operations. This on its own is harmless,
|
|
but for another change which makes it request the xattr
|
|
with a name 'security.capability'.
|
|
|
|
The result is that the guest sees a succesful return
|
|
of 95 bytes of data, instead of a failure with errno
|
|
set to 95. Since the kernel expects a maximum of 20
|
|
bytes for an xattr return this gets translated to the
|
|
unexpected errno ERANGE.
|
|
|
|
This all means that when running a binary off a 9p fs
|
|
in 3.11 kernels you get a fun result of:
|
|
|
|
# ./date
|
|
sh: ./date: Numerical result out of range
|
|
|
|
The only workaround is to pass 'version=9p2000.u' when
|
|
mounting the 9p fs in the guest, to disable all use of
|
|
xattrs.
|
|
|
|
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
|
---
|
|
hw/9pfs/virtio-9p-xattr.c | 6 +++---
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/hw/9pfs/virtio-9p-xattr.c b/hw/9pfs/virtio-9p-xattr.c
|
|
index 90ae565..3fae557 100644
|
|
--- a/hw/9pfs/virtio-9p-xattr.c
|
|
+++ b/hw/9pfs/virtio-9p-xattr.c
|
|
@@ -36,7 +36,7 @@ ssize_t v9fs_get_xattr(FsContext *ctx, const char *path,
|
|
if (xops) {
|
|
return xops->getxattr(ctx, path, name, value, size);
|
|
}
|
|
- errno = -EOPNOTSUPP;
|
|
+ errno = EOPNOTSUPP;
|
|
return -1;
|
|
}
|
|
|
|
@@ -123,7 +123,7 @@ int v9fs_set_xattr(FsContext *ctx, const char *path, const char *name,
|
|
if (xops) {
|
|
return xops->setxattr(ctx, path, name, value, size, flags);
|
|
}
|
|
- errno = -EOPNOTSUPP;
|
|
+ errno = EOPNOTSUPP;
|
|
return -1;
|
|
|
|
}
|
|
@@ -135,7 +135,7 @@ int v9fs_remove_xattr(FsContext *ctx,
|
|
if (xops) {
|
|
return xops->removexattr(ctx, path, name);
|
|
}
|
|
- errno = -EOPNOTSUPP;
|
|
+ errno = EOPNOTSUPP;
|
|
return -1;
|
|
|
|
}
|