Re: [PATCH v4 3/3] virtiofsd: prevent opening of special files (CVE-2020

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 3/3] virtiofsd: prevent opening of special files (CVE-2020

From:	Vivek Goyal
Subject:	Re: [PATCH v4 3/3] virtiofsd: prevent opening of special files (CVE-2020-35517)
Date:	Wed, 3 Feb 2021 10:28:50 -0500

On Wed, Feb 03, 2021 at 11:37:19AM +0000, Stefan Hajnoczi wrote:

[..]
> @@ -1727,36 +1764,38 @@ static void lo_create(fuse_req_t req, fuse_ino_t 
> parent, const char *name,
>  
>      update_open_flags(lo->writeback, lo->allow_direct_io, fi);
>  
> -    fd = openat(parent_inode->fd, name, (fi->flags | O_CREAT) & ~O_NOFOLLOW,
> -                mode);
> +    /* Try to create a new file but don't open existing files */
> +    fd = openat(parent_inode->fd, name, fi->flags | O_CREAT | O_EXCL, mode);
>      err = fd == -1 ? errno : 0;
> +
>      lo_restore_cred(&old);
>  
> -    if (!err) {
> -        ssize_t fh;
> -
> -        pthread_mutex_lock(&lo->mutex);
> -        fh = lo_add_fd_mapping(lo, fd);
> -        pthread_mutex_unlock(&lo->mutex);
> -        if (fh == -1) {
> -            close(fd);
> -            err = ENOMEM;
> -            goto out;
> -        }
> +    /* Ignore the error if file exists and O_EXCL was not given */
> +    if (err && !(err == EEXIST && !(fi->flags & O_EXCL))) {

Can this check be simplified to.
       if (err && (err == EEXIST && (fi->flags & O_EXCL)) {
           goto out;
       }
> +        goto out;
> +    }


Vivek

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH v4 1/3] virtiofsd: extract lo_do_open() from lo_open(), (continued)
- [PATCH v4 2/3] virtiofsd: optionally return inode pointer from lo_do_lookup(), Stefan Hajnoczi, 2021/02/03
  - Re: [PATCH v4 2/3] virtiofsd: optionally return inode pointer from lo_do_lookup(), Greg Kurz, 2021/02/03
    - Re: [PATCH v4 2/3] virtiofsd: optionally return inode pointer from lo_do_lookup(), Stefan Hajnoczi, 2021/02/03
    - Re: [PATCH v4 2/3] virtiofsd: optionally return inode pointer from lo_do_lookup(), Greg Kurz, 2021/02/04
    - Re: [PATCH v4 2/3] virtiofsd: optionally return inode pointer from lo_do_lookup(), Stefan Hajnoczi, 2021/02/04
    - Re: [PATCH v4 2/3] virtiofsd: optionally return inode pointer from lo_do_lookup(), Greg Kurz, 2021/02/04
- [PATCH v4 3/3] virtiofsd: prevent opening of special files (CVE-2020-35517), Stefan Hajnoczi, 2021/02/03
  - Re: [PATCH v4 3/3] virtiofsd: prevent opening of special files (CVE-2020-35517), Vivek Goyal <=
    - Re: [PATCH v4 3/3] virtiofsd: prevent opening of special files (CVE-2020-35517), Greg Kurz, 2021/02/03
    - Re: [PATCH v4 3/3] virtiofsd: prevent opening of special files (CVE-2020-35517), Vivek Goyal, 2021/02/03
    - Re: [PATCH v4 3/3] virtiofsd: prevent opening of special files (CVE-2020-35517), Stefan Hajnoczi, 2021/02/03
    - Re: [PATCH v4 3/3] virtiofsd: prevent opening of special files (CVE-2020-35517), Dr. David Alan Gilbert, 2021/02/03
    - Re: [PATCH v4 3/3] virtiofsd: prevent opening of special files (CVE-2020-35517), Vivek Goyal, 2021/02/03
    - Re: [PATCH v4 3/3] virtiofsd: prevent opening of special files (CVE-2020-35517), Stefan Hajnoczi, 2021/02/04
  - Re: [PATCH v4 3/3] virtiofsd: prevent opening of special files (CVE-2020-35517), Greg Kurz, 2021/02/03
    - Re: [PATCH v4 3/3] virtiofsd: prevent opening of special files (CVE-2020-35517), Stefan Hajnoczi, 2021/02/03
- Re: [PATCH v4 0/3] virtiofsd: prevent opening of special files (CVE-2020-35517), no-reply, 2021/02/03

Prev by Date: Re: ARM Snapshots Not Backwards-Compatible
Next by Date: Re: [PATCH v4 01/23] tcg: Introduce target-specific page data for user-only
Previous by thread: [PATCH v4 3/3] virtiofsd: prevent opening of special files (CVE-2020-35517)
Next by thread: Re: [PATCH v4 3/3] virtiofsd: prevent opening of special files (CVE-2020-35517)
Index(es):
- Date
- Thread