Block layer patches:

- qemu-img convert: Don't pre-zero images (removes nowadays counterproductive optimisation) - qemu-storage-daemon: Fix object-del, cleaner shutdown - vvfat: Check that the guest doesn't escape the given host directory with read-write vvfat drives - vvfat: Fix crash by out-of-bounds array writes for read-write drives - iotests fixes -----BEGIN PGP SIGNATURE----- iQJFBAABCAAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAl7++G4RHGt3b2xmQHJl ZGhhdC5jb20ACgkQfwmycsiPL9Yn1A/+JKzLEHRGt8VGnR6zPsnHfQvhnRsqk5kF G9z/c68Jk+Q/sg2mdMZNs1Jkb1oJPTlGSMkNmWJTah5zEPsbfoBS5wvVMhK8OcQR mGgy8r2Abht6rYbtDqkFARldNtBG1T6V3uHiXw1a1qIqNEpp2ogUO/iw2L+wIxcH i3wsX4idjrGZG+/eEfzXIo9wqy6QF6TRwR7bEPyFIo6ywRF5u4/mcDF1ujH8WogS vJ1GF1JnSchXgY1rKyyBa45aUPS7s0hE7c0qkMZF4d41qBYE1+P5lMbAoKtB5ZW4 EEnqZyv+Pt0Kf8iXWZ5eEDBXItN/eFam5AeiibzIBhb8IXJUJ6aU9S0bpYaQmHBJ YCcOHdE5FPo+Dj4G9MMhTidJ2KKAHrTZZJwVxhs/SXbVp2+z7odycNZBQRepjlNX EJ/HzYoaJiBkXK/g4Zc0mYisKEAidYOriyb6Kf8MDZxk3Up6ZcaOY7DWukK2rwjg 9/YPJ8EIRqP6RSgVQvHscIhrasngw49ENiDigCLByNQsVJeE5m3kP7GU5yaS+kN2 tUSdtvUzASvoLHtGY35fjVZL6OIQWEAYAWHYPzhJTX9fwCwXlMmVkYMwiTtxjjDD KLwFyqKUop0DUUfXlCrjVk9GK92HHx9IDEOrcTeooQHj2lNXvLdg8BpGDTBZ98b0 ZRUP2w9IHZA= =RCvS -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging Block layer patches: - qemu-img convert: Don't pre-zero images (removes nowadays counterproductive optimisation) - qemu-storage-daemon: Fix object-del, cleaner shutdown - vvfat: Check that the guest doesn't escape the given host directory with read-write vvfat drives - vvfat: Fix crash by out-of-bounds array writes for read-write drives - iotests fixes # gpg: Signature made Fri 03 Jul 2020 10:20:46 BST # gpg: using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6 # gpg: issuer "kwolf@redhat.com" # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full] # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: iotests: Fix 051 output after qdev_init_nofail() removal iotests.py: Do not wait() before communicate() vvfat: Fix array_remove_slice() vvfat: Check that updated filenames are valid qemu-storage-daemon: add missing cleanup calls qemu-storage-daemon: remember to add qemu_object_opts qemu-img convert: Don't pre-zero images Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-03 17:55:31 +01:00 · 2020-07-03 17:55:31 +01:00 · 7b75157020
parent 5f42c3375d 4f071a9460
commit 7b75157020
4 changed files with 51 additions and 64 deletions
--- a/block/vvfat.c
+++ b/block/vvfat.c
@ -140,48 +140,16 @@ static inline void* array_insert(array_t* array,unsigned int index,unsigned int
    return array->pointer+index*array->item_size;
 }

-/* this performs a "roll", so that the element which was at index_from becomes
- * index_to, but the order of all other elements is preserved. */
-static inline int array_roll(array_t* array,int index_to,int index_from,int count)
-{
-    char* buf;
-    char* from;
-    char* to;
-    int is;
-
-    if(!array ||
-            index_to<0 || index_to>=array->next ||
-            index_from<0 || index_from>=array->next)
-        return -1;
-
-    if(index_to==index_from)
-        return 0;
-
-    is=array->item_size;
-    from=array->pointer+index_from*is;
-    to=array->pointer+index_to*is;
-    buf=g_malloc(is*count);
-    memcpy(buf,from,is*count);
-
-    if(index_to<index_from)
-        memmove(to+is*count,to,from-to);
-    else
-        memmove(from,from+is*count,to-from);
-
-    memcpy(to,buf,is*count);
-
-    g_free(buf);
-
-    return 0;
-}
-
 static inline int array_remove_slice(array_t* array,int index, int count)
 {
    assert(index >=0);
    assert(count > 0);
    assert(index + count <= array->next);
-    if(array_roll(array,array->next-1,index,count))
-        return -1;
+
+    memmove(array->pointer + index * array->item_size,
+            array->pointer + (index + count) * array->item_size,
+            (array->next - index - count) * array->item_size);
+
    array->next -= count;
    return 0;
 }
@ -520,12 +488,31 @@ static void set_begin_of_direntry(direntry_t* direntry, uint32_t begin)
    direntry->begin_hi = cpu_to_le16((begin >> 16) & 0xffff);
 }

+static bool valid_filename(const unsigned char *name)
+{
+    unsigned char c;
+    if (!strcmp((const char*)name, ".") || !strcmp((const char*)name, "..")) {
+        return false;
+    }
+    for (; (c = *name); name++) {
+        if (!((c >= '0' && c <= '9') ||
+              (c >= 'A' && c <= 'Z') ||
+              (c >= 'a' && c <= 'z') ||
+              c > 127 ||
+              strchr("$%'-_@~`!(){}^#&.+,;=[]", c) != NULL))
+        {
+            return false;
+        }
+    }
+    return true;
+}
+
 static uint8_t to_valid_short_char(gunichar c)
 {
    c = g_unichar_toupper(c);
    if ((c >= '0' && c <= '9') ||
        (c >= 'A' && c <= 'Z') ||
-        strchr("$%'-_@~`!(){}^#&", c) != 0) {
+        strchr("$%'-_@~`!(){}^#&", c) != NULL) {
        return c;
    } else {
        return 0;
@ -2098,6 +2085,10 @@ DLOG(fprintf(stderr, "check direntry %d:\n", i); print_direntry(direntries + i))
            }
            lfn.checksum = 0x100; /* cannot use long name twice */

+            if (!valid_filename(lfn.name)) {
+                fprintf(stderr, "Invalid file name\n");
+                goto fail;
+            }
            if (path_len + 1 + lfn.len >= PATH_MAX) {
                fprintf(stderr, "Name too long: %s/%s\n", path, lfn.name);
                goto fail;
--- a/qemu-img.c
+++ b/qemu-img.c
@ -2084,15 +2084,6 @@ static int convert_do_copy(ImgConvertState *s)
        s->has_zero_init = bdrv_has_zero_init(blk_bs(s->target));
    }

-    if (!s->has_zero_init && !s->target_has_backing &&
-        bdrv_can_write_zeroes_with_unmap(blk_bs(s->target)))
-    {
-        ret = blk_make_zero(s->target, BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK);
-        if (ret == 0) {
-            s->has_zero_init = true;
-        }
-    }
-
    /* Allocate buffer for copied data. For compressed images, only one cluster
     * can be copied at a time. */
    if (s->compressed) {
--- a/qemu-storage-daemon.c
+++ b/qemu-storage-daemon.c
@ -316,6 +316,7 @@ int main(int argc, char *argv[])

    module_call_init(MODULE_INIT_QOM);
    module_call_init(MODULE_INIT_TRACE);
+    qemu_add_opts(&qemu_object_opts);
    qemu_add_opts(&qemu_trace_opts);
    qcrypto_init(&error_fatal);
    bdrv_init();
@ -334,5 +335,9 @@ int main(int argc, char *argv[])
        main_loop_wait(false);
    }

+    monitor_cleanup();
+    qemu_chr_cleanup();
+    user_creatable_cleanup();
+
    return EXIT_SUCCESS;
 }
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@ -146,11 +146,12 @@ def qemu_img_pipe(*args):
                            stdout=subprocess.PIPE,
                            stderr=subprocess.STDOUT,
                            universal_newlines=True)
-    exitcode = subp.wait()
-    if exitcode < 0:
+    output = subp.communicate()[0]
+    if subp.returncode < 0:
        sys.stderr.write('qemu-img received signal %i: %s\n'
-                         % (-exitcode, ' '.join(qemu_img_args + list(args))))
-    return subp.communicate()[0]
+                         % (-subp.returncode,
+                            ' '.join(qemu_img_args + list(args))))
+    return output

 def qemu_img_log(*args):
    result = qemu_img_pipe(*args)
@ -177,11 +178,11 @@ def qemu_io(*args):
    subp = subprocess.Popen(args, stdout=subprocess.PIPE,
                            stderr=subprocess.STDOUT,
                            universal_newlines=True)
-    exitcode = subp.wait()
-    if exitcode < 0:
+    output = subp.communicate()[0]
+    if subp.returncode < 0:
        sys.stderr.write('qemu-io received signal %i: %s\n'
-                         % (-exitcode, ' '.join(args)))
-    return subp.communicate()[0]
+                         % (-subp.returncode, ' '.join(args)))
+    return output

 def qemu_io_log(*args):
    result = qemu_io(*args)
@ -257,15 +258,14 @@ def qemu_nbd_early_pipe(*args):
       and its output in case of an error'''
    subp = subprocess.Popen(qemu_nbd_args + ['--fork'] + list(args),
                            stdout=subprocess.PIPE,
-                            stderr=subprocess.STDOUT,
                            universal_newlines=True)
-    exitcode = subp.wait()
-    if exitcode < 0:
+    output = subp.communicate()[0]
+    if subp.returncode < 0:
        sys.stderr.write('qemu-nbd received signal %i: %s\n' %
-                         (-exitcode,
+                         (-subp.returncode,
                          ' '.join(qemu_nbd_args + ['--fork'] + list(args))))

-    return exitcode, subp.communicate()[0] if exitcode else ''
+    return subp.returncode, output if subp.returncode else ''

 def qemu_nbd_popen(*args):
    '''Run qemu-nbd in daemon mode and return the parent's exit code'''
@ -1062,11 +1062,11 @@ def qemu_pipe(*args):
    subp = subprocess.Popen(args, stdout=subprocess.PIPE,
                            stderr=subprocess.STDOUT,
                            universal_newlines=True)
-    exitcode = subp.wait()
-    if exitcode < 0:
+    output = subp.communicate()[0]
+    if subp.returncode < 0:
        sys.stderr.write('qemu received signal %i: %s\n' %
-                         (-exitcode, ' '.join(args)))
-    return subp.communicate()[0]
+                         (-subp.returncode, ' '.join(args)))
+    return output

 def supported_formats(read_only=False):
    '''Set 'read_only' to True to check ro-whitelist