[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 062/104] virtiofsd: Handle hard reboot
From: |
Dr. David Alan Gilbert |
Subject: |
Re: [PATCH 062/104] virtiofsd: Handle hard reboot |
Date: |
Fri, 10 Jan 2020 15:43:59 +0000 |
User-agent: |
Mutt/1.13.0 (2019-11-30) |
* Daniel P. Berrangé (address@hidden) wrote:
> On Thu, Dec 12, 2019 at 04:38:22PM +0000, Dr. David Alan Gilbert (git) wrote:
> > From: "Dr. David Alan Gilbert" <address@hidden>
> >
> > Handle a
> > mount
> > hard reboot (without unmount)
> > mount
> >
> > we get another 'init' which FUSE doesn't normally expect.
> >
> > Signed-off-by: Dr. David Alan Gilbert <address@hidden>
> > ---
> > tools/virtiofsd/fuse_lowlevel.c | 16 +++++++++++++++-
> > 1 file changed, 15 insertions(+), 1 deletion(-)
> >
> > diff --git a/tools/virtiofsd/fuse_lowlevel.c
> > b/tools/virtiofsd/fuse_lowlevel.c
> > index 2d1d1a2e59..45125ef66a 100644
> > --- a/tools/virtiofsd/fuse_lowlevel.c
> > +++ b/tools/virtiofsd/fuse_lowlevel.c
> > @@ -2436,7 +2436,21 @@ void fuse_session_process_buf_int(struct
> > fuse_session *se,
> > goto reply_err;
> > }
> > } else if (in->opcode == FUSE_INIT || in->opcode == CUSE_INIT) {
> > - goto reply_err;
> > + if (fuse_lowlevel_is_virtio(se)) {
> > + /*
> > + * TODO: This is after a hard reboot typically, we need to do
> > + * a destroy, but we can't reply to this request yet so
> > + * we can't use do_destroy
> > + */
> > + fuse_log(FUSE_LOG_DEBUG, "%s: reinit\n", __func__);
> > + se->got_destroy = 1;
> > + se->got_init = 0;
> > + if (se->op.destroy) {
> > + se->op.destroy(se->userdata);
> > + }
> > + } else {
> > + goto reply_err;
> > + }
>
> In doing this, is there any danger we're exposed to from a malicious
> guest which does
>
> mount
> mount
>
> without a reboot in between ?
I don't think so - or at least not from the daemon side of things; if it
were to do that (and get two FUSE_INIT's) then the state of it's first
mount would be rather messed up; but the only thing to suffer would be
the kernel doing that odd re-init, so I don't think the maliciousness
should break anyone else.
> I'm thinking not so if its ok, then
>
> Reviewed-by: Daniel P. Berrangé <address@hidden>
Thanks.
>
> Regards,
> Daniel
> --
> |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org -o- https://fstop138.berrange.com :|
> |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK