bwlp/qemu.git/hw/9pfs/Makefile.objs, branch spice_video_codecs

meson: convert hw/9pfs, cleanup

2020-08-21T10:30:33+00:00

hw/Makefile.objs is gone so there is more code that can be removed. Signed-off-by: Marc-André Lureau Signed-off-by: Paolo Bonzini

9pfs: remove unnecessary conditionals

2019-03-07T20:45:53+00:00

The VIRTIO_9P || VIRTFS && XEN condition can be computed in hw/Makefile.objs, removing an "if" from hw/9pfs/Makefile.objs. Signed-off-by: Paolo Bonzini

9p: remove support for the "handle" backend

2018-12-12T13:18:10+00:00

The "handle" fsdev backend was deprecated in QEMU 2.12.0 with: commit db3b3c7281ca82e2647e072a1f97db111313dd73 Author: Greg Kurz Date: Mon Jan 8 11:18:23 2018 +0100 9pfs: deprecate handle backend This backend raise some concerns: - doesn't support symlinks - fails +100 tests in the PJD POSIX file system test suite [1] - requires the QEMU process to run with the CAP_DAC_READ_SEARCH capability, which isn't recommended for security reasons This backend should not be used and wil be removed. The 'local' backend is the recommended alternative. [1] https://www.tuxera.com/community/posix-test-suite/ Signed-off-by: Greg Kurz Reviewed-by: Daniel P. Berrange Reviewed-by: Aneesh Kumar K.V It has passed the two release cooling period without any complaint. Remove it now. Signed-off-by: Greg Kurz Reviewed-by: Thomas Huth

hw: make virtio devices configurable via default-configs/

2018-06-01T13:14:31+00:00

This is only half of the work, because the proxy devices (virtio-*-pci, virtio-*-ccw, etc.) are still included unconditionally. It is still a move in the right direction. Based-on: <20180522194943.24871-1-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini

9pfs: fix dependencies

2017-08-30T16:23:25+00:00

Nothing in fsdev/ or hw/9pfs/ depends on pci; it should rather depend on CONFIG_VIRTFS and CONFIG_VIRTIO/CONFIG_XEN only. Acked-by: Greg Kurz Reviewed-by: Thomas Huth Acked-by: Christian Borntraeger Signed-off-by: Cornelia Huck

xen/9pfs: build and register Xen 9pfs backend

2017-04-25T18:04:33+00:00

Signed-off-by: Stefano Stabellini Reviewed-by: Greg Kurz CC: anthony.perard@citrix.com CC: jgross@suse.com CC: Aneesh Kumar K.V CC: Greg Kurz

9pfs: introduce relative_openat_nofollow() helper

2017-02-28T10:21:15+00:00

When using the passthrough security mode, symbolic links created by the guest are actual symbolic links on the host file system. Since the resolution of symbolic links during path walk is supposed to occur on the client side. The server should hence never receive any path pointing to an actual symbolic link. This isn't guaranteed by the protocol though, and malicious code in the guest can trick the server to issue various syscalls on paths whose one or more elements are symbolic links. In the case of the "local" backend using the "passthrough" or "none" security modes, the guest can directly create symbolic links to arbitrary locations on the host (as per spec). The "mapped-xattr" and "mapped-file" security modes are also affected to a lesser extent as they require some help from an external entity to create actual symbolic links on the host, i.e. another guest using "passthrough" mode for example. The current code hence relies on O_NOFOLLOW and "l*()" variants of system calls. Unfortunately, this only applies to the rightmost path component. A guest could maliciously replace any component in a trusted path with a symbolic link. This could allow any guest to escape a virtfs shared folder. This patch introduces a variant of the openat() syscall that successively opens each path element with O_NOFOLLOW. When passing a file descriptor pointing to a trusted directory, one is guaranteed to be returned a file descriptor pointing to a path which is beneath the trusted directory. This will be used by subsequent patches to implement symlink-safe path walk for any access to the backend. Symbolic links aren't the only threats actually: a malicious guest could change a path element to point to other types of file with undesirable effects: - a named pipe or any other thing that would cause openat() to block - a terminal device which would become QEMU's controlling terminal These issues can be addressed with O_NONBLOCK and O_NOCTTY. Two helpers are introduced: one to open intermediate path elements and one to open the rightmost path element. Suggested-by: Jann Horn Signed-off-by: Greg Kurz Reviewed-by: Stefan Hajnoczi (renamed openat_nofollow() to relative_openat_nofollow(), assert path is relative and doesn't contain '//', fixed side-effect in assert, Greg Kurz) Signed-off-by: Greg Kurz

9pfs: rename virtio-9p.c to 9p.c

2016-01-08T10:02:13+00:00

Now that file only contains generic code. Signed-off-by: Wei Liu Signed-off-by: Aneesh Kumar K.V

9pfs: rename virtio-9p-xattr{,-user}.{c,h} to 9p-xattr{,-user}.{c,h}

2016-01-08T07:17:35+00:00

These three files are not virtio specific. Rename them to generic names. Fix comments and header inclusion in various files. Signed-off-by: Wei Liu Signed-off-by: Aneesh Kumar K.V

9pfs: rename virtio-9p-synth.{c,h} to 9p-synth.{c,h}

2016-01-08T07:10:55+00:00

These two files are not virtio specific. Rename them to use generic names. Fix includes in various C files. Change define guards and comments in header files. Signed-off-by: Wei Liu Signed-off-by: Aneesh Kumar K.V