render / rpms / libvirt

Forked from rpms/libvirt 10 months ago
Clone
3e5111
From 8767eb1b444bcd825f382f150cd064171fdcba81 Mon Sep 17 00:00:00 2001
3e5111
Message-Id: <8767eb1b444bcd825f382f150cd064171fdcba81@dist-git>
3e5111
From: Michal Privoznik <mprivozn@redhat.com>
3e5111
Date: Thu, 11 May 2017 15:38:41 +0200
3e5111
Subject: [PATCH] qemuDomainDetachDeviceUnlink: Don't unlink files we haven't
3e5111
 created
3e5111
3e5111
https://bugzilla.redhat.com/show_bug.cgi?id=1449510
3e5111
3e5111
Even though there are several checks before calling this function
3e5111
and for some scenarios we don't call it at all (e.g. on disk hot
3e5111
unplug), it may be possible to sneak in some weird files (e.g. if
3e5111
domain would have RNG with /dev/shm/some_file as its backend). No
3e5111
matter how improbable, we shouldn't unlink it as we would be
3e5111
unlinking a file from the host which we haven't created in the
3e5111
first place.
3e5111
3e5111
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
3e5111
Reviewed-by: Cedric Bosdonnat <cbosdonnat@suse.com>
3e5111
(cherry picked from commit 2f0b3b103b329b0b9656ac4fc8b5f94a5c2fa051)
3e5111
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
3e5111
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
3e5111
---
3e5111
 src/qemu/qemu_domain.c | 86 ++++++++++++++++++++++++++++++++++++++++++++------
3e5111
 1 file changed, 76 insertions(+), 10 deletions(-)
3e5111
3e5111
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
3e5111
index 671569f6f..5ef3d0577 100644
3e5111
--- a/src/qemu/qemu_domain.c
3e5111
+++ b/src/qemu/qemu_domain.c
3e5111
@@ -8471,14 +8471,32 @@ qemuDomainDetachDeviceUnlinkHelper(pid_t pid ATTRIBUTE_UNUSED,
3e5111
 static int
3e5111
 qemuDomainDetachDeviceUnlink(virQEMUDriverPtr driver ATTRIBUTE_UNUSED,
3e5111
                              virDomainObjPtr vm,
3e5111
-                             const char *file)
3e5111
+                             const char *file,
3e5111
+                             char * const *devMountsPath,
3e5111
+                             size_t ndevMountsPath)
3e5111
 {
3e5111
-    if (virProcessRunInMountNamespace(vm->pid,
3e5111
-                                      qemuDomainDetachDeviceUnlinkHelper,
3e5111
-                                      (void *)file) < 0)
3e5111
-        return -1;
3e5111
+    int ret = -1;
3e5111
+    size_t i;
3e5111
 
3e5111
-    return 0;
3e5111
+    if (STRPREFIX(file, DEVPREFIX)) {
3e5111
+        for (i = 0; i < ndevMountsPath; i++) {
3e5111
+            if (STREQ(devMountsPath[i], "/dev"))
3e5111
+                continue;
3e5111
+            if (STRPREFIX(file, devMountsPath[i]))
3e5111
+                break;
3e5111
+        }
3e5111
+
3e5111
+        if (i == ndevMountsPath) {
3e5111
+            if (virProcessRunInMountNamespace(vm->pid,
3e5111
+                                              qemuDomainDetachDeviceUnlinkHelper,
3e5111
+                                              (void *)file) < 0)
3e5111
+                goto cleanup;
3e5111
+        }
3e5111
+    }
3e5111
+
3e5111
+    ret = 0;
3e5111
+ cleanup:
3e5111
+    return ret;
3e5111
 }
3e5111
 
3e5111
 
3e5111
@@ -8597,6 +8615,9 @@ qemuDomainNamespaceTeardownHostdev(virQEMUDriverPtr driver,
3e5111
                                    virDomainObjPtr vm,
3e5111
                                    virDomainHostdevDefPtr hostdev)
3e5111
 {
3e5111
+    virQEMUDriverConfigPtr cfg = NULL;
3e5111
+    char **devMountsPath = NULL;
3e5111
+    size_t ndevMountsPath = 0;
3e5111
     int ret = -1;
3e5111
     char **path = NULL;
3e5111
     size_t i, npaths = 0;
3e5111
@@ -8608,8 +8629,15 @@ qemuDomainNamespaceTeardownHostdev(virQEMUDriverPtr driver,
3e5111
                                  &npaths, &path, NULL) < 0)
3e5111
         goto cleanup;
3e5111
 
3e5111
+    cfg = virQEMUDriverGetConfig(driver);
3e5111
+    if (qemuDomainGetPreservedMounts(cfg, vm,
3e5111
+                                     &devMountsPath, NULL,
3e5111
+                                     &ndevMountsPath) < 0)
3e5111
+        goto cleanup;
3e5111
+
3e5111
     for (i = 0; i < npaths; i++) {
3e5111
-        if (qemuDomainDetachDeviceUnlink(driver, vm, path[i]) < 0)
3e5111
+        if (qemuDomainDetachDeviceUnlink(driver, vm, path[i],
3e5111
+                                         devMountsPath, ndevMountsPath) < 0)
3e5111
             goto cleanup;
3e5111
     }
3e5111
 
3e5111
@@ -8618,6 +8646,8 @@ qemuDomainNamespaceTeardownHostdev(virQEMUDriverPtr driver,
3e5111
     for (i = 0; i < npaths; i++)
3e5111
         VIR_FREE(path[i]);
3e5111
     VIR_FREE(path);
3e5111
+    virStringListFreeCount(devMountsPath, ndevMountsPath);
3e5111
+    virObjectUnref(cfg);
3e5111
     return ret;
3e5111
 }
3e5111
 
3e5111
@@ -8660,6 +8690,9 @@ qemuDomainNamespaceTeardownMemory(virQEMUDriverPtr driver,
3e5111
                                   virDomainObjPtr vm,
3e5111
                                   virDomainMemoryDefPtr mem)
3e5111
 {
3e5111
+    virQEMUDriverConfigPtr cfg = NULL;
3e5111
+    char **devMountsPath = NULL;
3e5111
+    size_t ndevMountsPath = 0;
3e5111
     int ret = -1;
3e5111
 
3e5111
     if (mem->model != VIR_DOMAIN_MEMORY_MODEL_NVDIMM)
3e5111
@@ -8668,10 +8701,19 @@ qemuDomainNamespaceTeardownMemory(virQEMUDriverPtr driver,
3e5111
     if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
3e5111
         return 0;
3e5111
 
3e5111
-    if (qemuDomainDetachDeviceUnlink(driver, vm, mem->nvdimmPath) < 0)
3e5111
+    cfg = virQEMUDriverGetConfig(driver);
3e5111
+    if (qemuDomainGetPreservedMounts(cfg, vm,
3e5111
+                                     &devMountsPath, NULL,
3e5111
+                                     &ndevMountsPath) < 0)
3e5111
+        goto cleanup;
3e5111
+
3e5111
+    if (qemuDomainDetachDeviceUnlink(driver, vm, mem->nvdimmPath,
3e5111
+                                     devMountsPath, ndevMountsPath) < 0)
3e5111
         goto cleanup;
3e5111
     ret = 0;
3e5111
  cleanup:
3e5111
+    virStringListFreeCount(devMountsPath, ndevMountsPath);
3e5111
+    virObjectUnref(cfg);
3e5111
     return ret;
3e5111
 }
3e5111
 
3e5111
@@ -8719,6 +8761,9 @@ qemuDomainNamespaceTeardownChardev(virQEMUDriverPtr driver,
3e5111
                                    virDomainObjPtr vm,
3e5111
                                    virDomainChrDefPtr chr)
3e5111
 {
3e5111
+    virQEMUDriverConfigPtr cfg = NULL;
3e5111
+    char **devMountsPath = NULL;
3e5111
+    size_t ndevMountsPath = 0;
3e5111
     int ret = -1;
3e5111
     const char *path = NULL;
3e5111
 
3e5111
@@ -8730,11 +8775,20 @@ qemuDomainNamespaceTeardownChardev(virQEMUDriverPtr driver,
3e5111
 
3e5111
     path = chr->source->data.file.path;
3e5111
 
3e5111
-    if (qemuDomainDetachDeviceUnlink(driver, vm, path) < 0)
3e5111
+    cfg = virQEMUDriverGetConfig(driver);
3e5111
+    if (qemuDomainGetPreservedMounts(cfg, vm,
3e5111
+                                     &devMountsPath, NULL,
3e5111
+                                     &ndevMountsPath) < 0)
3e5111
+        goto cleanup;
3e5111
+
3e5111
+    if (qemuDomainDetachDeviceUnlink(driver, vm, path,
3e5111
+                                     devMountsPath, ndevMountsPath) < 0)
3e5111
         goto cleanup;
3e5111
 
3e5111
     ret = 0;
3e5111
  cleanup:
3e5111
+    virStringListFreeCount(devMountsPath, ndevMountsPath);
3e5111
+    virObjectUnref(cfg);
3e5111
     return ret;
3e5111
 }
3e5111
 
3e5111
@@ -8788,6 +8842,9 @@ qemuDomainNamespaceTeardownRNG(virQEMUDriverPtr driver,
3e5111
                                virDomainObjPtr vm,
3e5111
                                virDomainRNGDefPtr rng)
3e5111
 {
3e5111
+    virQEMUDriverConfigPtr cfg = NULL;
3e5111
+    char **devMountsPath = NULL;
3e5111
+    size_t ndevMountsPath = 0;
3e5111
     int ret = -1;
3e5111
     const char *path = NULL;
3e5111
 
3e5111
@@ -8805,11 +8862,20 @@ qemuDomainNamespaceTeardownRNG(virQEMUDriverPtr driver,
3e5111
         goto cleanup;
3e5111
     }
3e5111
 
3e5111
-    if (qemuDomainDetachDeviceUnlink(driver, vm, path) < 0)
3e5111
+    cfg = virQEMUDriverGetConfig(driver);
3e5111
+    if (qemuDomainGetPreservedMounts(cfg, vm,
3e5111
+                                     &devMountsPath, NULL,
3e5111
+                                     &ndevMountsPath) < 0)
3e5111
+        goto cleanup;
3e5111
+
3e5111
+    if (qemuDomainDetachDeviceUnlink(driver, vm, path,
3e5111
+                                     devMountsPath, ndevMountsPath) < 0)
3e5111
         goto cleanup;
3e5111
 
3e5111
     ret = 0;
3e5111
  cleanup:
3e5111
+    virStringListFreeCount(devMountsPath, ndevMountsPath);
3e5111
+    virObjectUnref(cfg);
3e5111
     return ret;
3e5111
 }
3e5111
 
3e5111
-- 
3e5111
2.13.0
3e5111