These five patches were sent by Olaf a while ago. Greg wanted these
re-submitted. I have tested these patches.
Olaf Hering (5):
Tools: hv: fix warnings in hv_vss_daemon
tools: hv: fix checks for origin of netlink message in hv_vss_daemon
tools: hv: use getmntent in hv_vss_daemon
tools: hv: use FIFREEZE/FITHAW in hv_vss_daemon
tools: hv: skip iso9660 mounts in hv_vss_daemon
tools/hv/hv_vss_daemon.c | 78 +++++++++++++++++++++++++++++++---------------
1 files changed, 53 insertions(+), 25 deletions(-)
--
1.7.4.1
From: Olaf Hering <[email protected]>
As suggested by Paolo Bonzini, use getmntent instead of parsing output
of mount(1).
Signed-off-by: Olaf Hering <[email protected]>
Signed-off-by: K. Y. Srinivasan <[email protected]>
---
tools/hv/hv_vss_daemon.c | 39 +++++++++++++++++++++------------------
1 files changed, 21 insertions(+), 18 deletions(-)
diff --git a/tools/hv/hv_vss_daemon.c b/tools/hv/hv_vss_daemon.c
index dc3eb1e..e37d86c 100644
--- a/tools/hv/hv_vss_daemon.c
+++ b/tools/hv/hv_vss_daemon.c
@@ -23,6 +23,7 @@
#include <sys/poll.h>
#include <linux/types.h>
#include <stdio.h>
+#include <mntent.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
@@ -47,11 +48,10 @@ static int vss_operate(int operation)
{
char *fs_op;
char cmd[512];
- char buf[512];
- FILE *file;
- char *p;
- char *x;
- int error = 0;
+ char match[] = "/dev/";
+ FILE *mounts;
+ struct mntent *ent;
+ int error = 0, root_seen = 0;
switch (operation) {
case VSS_OP_FREEZE:
@@ -64,25 +64,28 @@ static int vss_operate(int operation)
return -1;
}
- file = popen("mount | awk '/^\\/dev\\// { print $3}'", "r");
- if (file == NULL)
+ mounts = setmntent("/proc/mounts", "r");
+ if (mounts == NULL)
return -1;
- while ((p = fgets(buf, sizeof(buf), file)) != NULL) {
- x = strchr(p, '\n');
- *x = '\0';
- if (!strncmp(p, "/", sizeof("/")))
+ while((ent = getmntent(mounts))) {
+ if (strncmp(ent->mnt_fsname, match, strlen(match)))
continue;
-
- sprintf(cmd, "%s %s %s", "fsfreeze ", fs_op, p);
+ if (strcmp(ent->mnt_dir, "/") == 0) {
+ root_seen = 1;
+ continue;
+ }
+ snprintf(cmd, sizeof(cmd), "fsfreeze %s '%s'", fs_op, ent->mnt_dir);
syslog(LOG_INFO, "VSS cmd is %s\n", cmd);
- error = system(cmd);
+ error |= system(cmd);
}
- pclose(file);
+ endmntent(mounts);
- sprintf(cmd, "%s %s %s", "fsfreeze ", fs_op, "/");
- syslog(LOG_INFO, "VSS cmd is %s\n", cmd);
- error = system(cmd);
+ if (root_seen) {
+ sprintf(cmd, "fsfreeze %s /", fs_op);
+ syslog(LOG_INFO, "VSS cmd is %s\n", cmd);
+ error |= system(cmd);
+ }
return error;
}
--
1.7.4.1
From: Olaf Hering <[email protected]>
This change fixes a few compile errors:
hv_vss_daemon.c:64:15: warning: unknown escape sequence '\/'
hv_vss_daemon.c:64:15: warning: unknown escape sequence '\/'
hv_vss_daemon.c: In function 'vss_operate':
hv_vss_daemon.c:66: warning: 'return' with no value, in function returning non-void
hv_vss_daemon.c: In function 'main':
hv_vss_daemon.c:130: warning: ignoring return value of 'daemon', declared with attribute warn_unused_result
hv_vss_daemon.c: In function 'vss_operate':
hv_vss_daemon.c:47: warning: 'fs_op' may be used uninitialized in this function
Signed-off-by: Olaf Hering <[email protected]>
Signed-off-by: K. Y. Srinivasan <[email protected]>
---
tools/hv/hv_vss_daemon.c | 12 ++++++++----
1 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/tools/hv/hv_vss_daemon.c b/tools/hv/hv_vss_daemon.c
index 9526995..2a03d0b 100644
--- a/tools/hv/hv_vss_daemon.c
+++ b/tools/hv/hv_vss_daemon.c
@@ -51,7 +51,7 @@ static int vss_operate(int operation)
FILE *file;
char *p;
char *x;
- int error;
+ int error = 0;
switch (operation) {
case VSS_OP_FREEZE:
@@ -60,11 +60,13 @@ static int vss_operate(int operation)
case VSS_OP_THAW:
fs_op = "-u ";
break;
+ default:
+ return -1;
}
- file = popen("mount | awk '/^\/dev\// { print $3}'", "r");
+ file = popen("mount | awk '/^\\/dev\\// { print $3}'", "r");
if (file == NULL)
- return;
+ return -1;
while ((p = fgets(buf, sizeof(buf), file)) != NULL) {
x = strchr(p, '\n');
@@ -128,7 +130,9 @@ int main(void)
int op;
struct hv_vss_msg *vss_msg;
- daemon(1, 0);
+ if (daemon(1, 0))
+ return 1;
+
openlog("Hyper-V VSS", 0, LOG_USER);
syslog(LOG_INFO, "VSS starting; pid is:%d", getpid());
--
1.7.4.1
From: Olaf Hering <[email protected]>
Similar to what commit 95a69adab9acfc3981c504737a2b6578e4d846ef ("tools:
hv: Netlink source address validation allows DoS") does in
hv_kvp_daemon, improve checks for origin of netlink connector message.
Signed-off-by: Olaf Hering <[email protected]>
Signed-off-by: K. Y. Srinivasan <[email protected]>
---
tools/hv/hv_vss_daemon.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/tools/hv/hv_vss_daemon.c b/tools/hv/hv_vss_daemon.c
index 2a03d0b..dc3eb1e 100644
--- a/tools/hv/hv_vss_daemon.c
+++ b/tools/hv/hv_vss_daemon.c
@@ -186,13 +186,19 @@ int main(void)
len = recvfrom(fd, vss_recv_buffer, sizeof(vss_recv_buffer), 0,
addr_p, &addr_l);
- if (len < 0 || addr.nl_pid) {
+ if (len < 0) {
syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
addr.nl_pid, errno, strerror(errno));
close(fd);
return -1;
}
+ if (addr.nl_pid) {
+ syslog(LOG_WARNING, "Received packet from untrusted pid:%u",
+ addr.nl_pid);
+ continue;
+ }
+
incoming_msg = (struct nlmsghdr *)vss_recv_buffer;
if (incoming_msg->nlmsg_type != NLMSG_DONE)
--
1.7.4.1
From: Olaf Hering <[email protected]>
freeze does not work for iso9660 filesystems. A ENOSUPP may be caught
in the freeze case, but the subsequent thaw call would fail and leads to
a false error.
Signed-off-by: Olaf Hering <[email protected]>
Signed-off-by: K. Y. Srinivasan <[email protected]>
---
tools/hv/hv_vss_daemon.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/tools/hv/hv_vss_daemon.c b/tools/hv/hv_vss_daemon.c
index 830d606..f06cd8c 100644
--- a/tools/hv/hv_vss_daemon.c
+++ b/tools/hv/hv_vss_daemon.c
@@ -88,6 +88,8 @@ static int vss_operate(int operation)
while((ent = getmntent(mounts))) {
if (strncmp(ent->mnt_fsname, match, strlen(match)))
continue;
+ if (strcmp(ent->mnt_type, "iso9660") == 0)
+ continue;
if (strcmp(ent->mnt_dir, "/") == 0) {
root_seen = 1;
continue;
--
1.7.4.1
From: Olaf Hering <[email protected]>
As suggested by Paolo Bonzini, use ioctl instead of calling fsfreeze.
Signed-off-by: Olaf Hering <[email protected]>
Signed-off-by: K. Y. Srinivasan <[email protected]>
---
tools/hv/hv_vss_daemon.c | 31 ++++++++++++++++++++++---------
1 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/tools/hv/hv_vss_daemon.c b/tools/hv/hv_vss_daemon.c
index e37d86c..830d606 100644
--- a/tools/hv/hv_vss_daemon.c
+++ b/tools/hv/hv_vss_daemon.c
@@ -21,7 +21,9 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/poll.h>
+#include <sys/ioctl.h>
#include <linux/types.h>
+#include <fcntl.h>
#include <stdio.h>
#include <mntent.h>
#include <stdlib.h>
@@ -30,6 +32,7 @@
#include <ctype.h>
#include <errno.h>
#include <arpa/inet.h>
+#include <linux/fs.h>
#include <linux/connector.h>
#include <linux/hyperv.h>
#include <linux/netlink.h>
@@ -44,21 +47,35 @@ static struct sockaddr_nl addr;
#endif
+static int vss_do_freeze(char *dir, unsigned int cmd, char *fs_op)
+{
+ int ret, fd = open(dir, O_RDONLY);
+
+ if (fd < 0)
+ return 1;
+ ret = ioctl(fd, cmd, 0);
+ syslog(LOG_INFO, "VSS: %s of %s: %s\n", fs_op, dir, strerror(errno));
+ close(fd);
+ return !!ret;
+}
+
static int vss_operate(int operation)
{
char *fs_op;
- char cmd[512];
char match[] = "/dev/";
FILE *mounts;
struct mntent *ent;
+ unsigned int cmd;
int error = 0, root_seen = 0;
switch (operation) {
case VSS_OP_FREEZE:
- fs_op = "-f ";
+ cmd = FIFREEZE;
+ fs_op = "freeze";
break;
case VSS_OP_THAW:
- fs_op = "-u ";
+ cmd = FITHAW;
+ fs_op = "thaw";
break;
default:
return -1;
@@ -75,16 +92,12 @@ static int vss_operate(int operation)
root_seen = 1;
continue;
}
- snprintf(cmd, sizeof(cmd), "fsfreeze %s '%s'", fs_op, ent->mnt_dir);
- syslog(LOG_INFO, "VSS cmd is %s\n", cmd);
- error |= system(cmd);
+ error |= vss_do_freeze(ent->mnt_dir, cmd, fs_op);
}
endmntent(mounts);
if (root_seen) {
- sprintf(cmd, "fsfreeze %s /", fs_op);
- syslog(LOG_INFO, "VSS cmd is %s\n", cmd);
- error |= system(cmd);
+ error |= vss_do_freeze("/", cmd, fs_op);
}
return error;
--
1.7.4.1
On Tue, Apr 23, 2013 at 01:58:36PM -0700, K. Y. Srinivasan wrote:
> From: Olaf Hering <[email protected]>
Trailing space :(
But what's really causing me to reject all 5 of these is the Subject:
The third time's a charm?
greg k-h
> -----Original Message-----
> From: Greg KH [mailto:[email protected]]
> Sent: Tuesday, April 23, 2013 4:35 PM
> To: KY Srinivasan
> Cc: [email protected]; [email protected]; [email protected];
> [email protected]; [email protected]
> Subject: Re: [PATCH 1/5] [PATCH 1/3] Tools: hv: fix warnings in hv_vss_daemon
>
> On Tue, Apr 23, 2013 at 01:58:36PM -0700, K. Y. Srinivasan wrote:
> > From: Olaf Hering <[email protected]>
>
> Trailing space :(
Sorry about that.
>
> But what's really causing me to reject all 5 of these is the Subject:
>
> The third time's a charm?
I do hope third time is the charm.
Regards,
K. Y
>
> greg k-h
>