This change fixes a few compile errors:
hv_vss_daemon.c:64:15: warning: unknown escape sequence '\/'
hv_vss_daemon.c:64:15: warning: unknown escape sequence '\/'
hv_vss_daemon.c: In function 'vss_operate':
hv_vss_daemon.c:66: warning: 'return' with no value, in function returning non-void
hv_vss_daemon.c: In function 'main':
hv_vss_daemon.c:130: warning: ignoring return value of 'daemon', declared with attribute warn_unused_result
hv_vss_daemon.c: In function 'vss_operate':
hv_vss_daemon.c:47: warning: 'fs_op' may be used uninitialized in this function
Signed-off-by: Olaf Hering <[email protected]>
---
tools/hv/hv_vss_daemon.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/tools/hv/hv_vss_daemon.c b/tools/hv/hv_vss_daemon.c
index 9526995..2a03d0b 100644
--- a/tools/hv/hv_vss_daemon.c
+++ b/tools/hv/hv_vss_daemon.c
@@ -51,7 +51,7 @@ static int vss_operate(int operation)
FILE *file;
char *p;
char *x;
- int error;
+ int error = 0;
switch (operation) {
case VSS_OP_FREEZE:
@@ -60,11 +60,13 @@ static int vss_operate(int operation)
case VSS_OP_THAW:
fs_op = "-u ";
break;
+ default:
+ return -1;
}
- file = popen("mount | awk '/^\/dev\// { print $3}'", "r");
+ file = popen("mount | awk '/^\\/dev\\// { print $3}'", "r");
if (file == NULL)
- return;
+ return -1;
while ((p = fgets(buf, sizeof(buf), file)) != NULL) {
x = strchr(p, '\n');
@@ -128,7 +130,9 @@ int main(void)
int op;
struct hv_vss_msg *vss_msg;
- daemon(1, 0);
+ if (daemon(1, 0))
+ return 1;
+
openlog("Hyper-V VSS", 0, LOG_USER);
syslog(LOG_INFO, "VSS starting; pid is:%d", getpid());
Similar to what commit 95a69adab9acfc3981c504737a2b6578e4d846ef ("tools:
hv: Netlink source address validation allows DoS") does in
hv_kvp_daemon, improve checks for origin of netlink connector message.
Signed-off-by: Olaf Hering <[email protected]>
---
tools/hv/hv_vss_daemon.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/tools/hv/hv_vss_daemon.c b/tools/hv/hv_vss_daemon.c
index 2a03d0b..dc3eb1e 100644
--- a/tools/hv/hv_vss_daemon.c
+++ b/tools/hv/hv_vss_daemon.c
@@ -186,13 +186,19 @@ int main(void)
len = recvfrom(fd, vss_recv_buffer, sizeof(vss_recv_buffer), 0,
addr_p, &addr_l);
- if (len < 0 || addr.nl_pid) {
+ if (len < 0) {
syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
addr.nl_pid, errno, strerror(errno));
close(fd);
return -1;
}
+ if (addr.nl_pid) {
+ syslog(LOG_WARNING, "Received packet from untrusted pid:%u",
+ addr.nl_pid);
+ continue;
+ }
+
incoming_msg = (struct nlmsghdr *)vss_recv_buffer;
if (incoming_msg->nlmsg_type != NLMSG_DONE)
As suggested by Paolo Bonzini, use getmntent instead of parsing output
of mount(1).
Signed-off-by: Olaf Hering <[email protected]>
---
tools/hv/hv_vss_daemon.c | 39 +++++++++++++++++++++------------------
1 file changed, 21 insertions(+), 18 deletions(-)
diff --git a/tools/hv/hv_vss_daemon.c b/tools/hv/hv_vss_daemon.c
index dc3eb1e..e37d86c 100644
--- a/tools/hv/hv_vss_daemon.c
+++ b/tools/hv/hv_vss_daemon.c
@@ -23,6 +23,7 @@
#include <sys/poll.h>
#include <linux/types.h>
#include <stdio.h>
+#include <mntent.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
@@ -47,11 +48,10 @@ static int vss_operate(int operation)
{
char *fs_op;
char cmd[512];
- char buf[512];
- FILE *file;
- char *p;
- char *x;
- int error = 0;
+ char match[] = "/dev/";
+ FILE *mounts;
+ struct mntent *ent;
+ int error = 0, root_seen = 0;
switch (operation) {
case VSS_OP_FREEZE:
@@ -64,25 +64,28 @@ static int vss_operate(int operation)
return -1;
}
- file = popen("mount | awk '/^\\/dev\\// { print $3}'", "r");
- if (file == NULL)
+ mounts = setmntent("/proc/mounts", "r");
+ if (mounts == NULL)
return -1;
- while ((p = fgets(buf, sizeof(buf), file)) != NULL) {
- x = strchr(p, '\n');
- *x = '\0';
- if (!strncmp(p, "/", sizeof("/")))
+ while((ent = getmntent(mounts))) {
+ if (strncmp(ent->mnt_fsname, match, strlen(match)))
continue;
-
- sprintf(cmd, "%s %s %s", "fsfreeze ", fs_op, p);
+ if (strcmp(ent->mnt_dir, "/") == 0) {
+ root_seen = 1;
+ continue;
+ }
+ snprintf(cmd, sizeof(cmd), "fsfreeze %s '%s'", fs_op, ent->mnt_dir);
syslog(LOG_INFO, "VSS cmd is %s\n", cmd);
- error = system(cmd);
+ error |= system(cmd);
}
- pclose(file);
+ endmntent(mounts);
- sprintf(cmd, "%s %s %s", "fsfreeze ", fs_op, "/");
- syslog(LOG_INFO, "VSS cmd is %s\n", cmd);
- error = system(cmd);
+ if (root_seen) {
+ sprintf(cmd, "fsfreeze %s /", fs_op);
+ syslog(LOG_INFO, "VSS cmd is %s\n", cmd);
+ error |= system(cmd);
+ }
return error;
}
> -----Original Message-----
> From: Olaf Hering [mailto:[email protected]]
> Sent: Tuesday, March 26, 2013 11:28 AM
> To: KY Srinivasan; [email protected]
> Cc: [email protected]; Olaf Hering
> Subject: [PATCH 3/3] tools: hv: use getmntent in hv_vss_daemon
>
> As suggested by Paolo Bonzini, use getmntent instead of parsing output
> of mount(1).
>
> Signed-off-by: Olaf Hering <[email protected]>
Thanks for addressing this.
Acked by: K. Y. Srinivasan <[email protected]>
> ---
> tools/hv/hv_vss_daemon.c | 39 +++++++++++++++++++++------------------
> 1 file changed, 21 insertions(+), 18 deletions(-)
>
> diff --git a/tools/hv/hv_vss_daemon.c b/tools/hv/hv_vss_daemon.c
> index dc3eb1e..e37d86c 100644
> --- a/tools/hv/hv_vss_daemon.c
> +++ b/tools/hv/hv_vss_daemon.c
> @@ -23,6 +23,7 @@
> #include <sys/poll.h>
> #include <linux/types.h>
> #include <stdio.h>
> +#include <mntent.h>
> #include <stdlib.h>
> #include <unistd.h>
> #include <string.h>
> @@ -47,11 +48,10 @@ static int vss_operate(int operation)
> {
> char *fs_op;
> char cmd[512];
> - char buf[512];
> - FILE *file;
> - char *p;
> - char *x;
> - int error = 0;
> + char match[] = "/dev/";
> + FILE *mounts;
> + struct mntent *ent;
> + int error = 0, root_seen = 0;
>
> switch (operation) {
> case VSS_OP_FREEZE:
> @@ -64,25 +64,28 @@ static int vss_operate(int operation)
> return -1;
> }
>
> - file = popen("mount | awk '/^\\/dev\\// { print $3}'", "r");
> - if (file == NULL)
> + mounts = setmntent("/proc/mounts", "r");
> + if (mounts == NULL)
> return -1;
>
> - while ((p = fgets(buf, sizeof(buf), file)) != NULL) {
> - x = strchr(p, '\n');
> - *x = '\0';
> - if (!strncmp(p, "/", sizeof("/")))
> + while((ent = getmntent(mounts))) {
> + if (strncmp(ent->mnt_fsname, match, strlen(match)))
> continue;
> -
> - sprintf(cmd, "%s %s %s", "fsfreeze ", fs_op, p);
> + if (strcmp(ent->mnt_dir, "/") == 0) {
> + root_seen = 1;
> + continue;
> + }
> + snprintf(cmd, sizeof(cmd), "fsfreeze %s '%s'", fs_op, ent-
> >mnt_dir);
> syslog(LOG_INFO, "VSS cmd is %s\n", cmd);
> - error = system(cmd);
> + error |= system(cmd);
> }
> - pclose(file);
> + endmntent(mounts);
>
> - sprintf(cmd, "%s %s %s", "fsfreeze ", fs_op, "/");
> - syslog(LOG_INFO, "VSS cmd is %s\n", cmd);
> - error = system(cmd);
> + if (root_seen) {
> + sprintf(cmd, "fsfreeze %s /", fs_op);
> + syslog(LOG_INFO, "VSS cmd is %s\n", cmd);
> + error |= system(cmd);
> + }
>
> return error;
> }
>
> -----Original Message-----
> From: Olaf Hering [mailto:[email protected]]
> Sent: Tuesday, March 26, 2013 11:28 AM
> To: KY Srinivasan; [email protected]
> Cc: [email protected]; Olaf Hering
> Subject: [PATCH 1/3] Tools: hv: fix warnings in hv_vss_daemon
>
> This change fixes a few compile errors:
>
> hv_vss_daemon.c:64:15: warning: unknown escape sequence '\/'
> hv_vss_daemon.c:64:15: warning: unknown escape sequence '\/'
> hv_vss_daemon.c: In function 'vss_operate':
> hv_vss_daemon.c:66: warning: 'return' with no value, in function returning non-
> void
> hv_vss_daemon.c: In function 'main':
> hv_vss_daemon.c:130: warning: ignoring return value of 'daemon', declared with
> attribute warn_unused_result
> hv_vss_daemon.c: In function 'vss_operate':
> hv_vss_daemon.c:47: warning: 'fs_op' may be used uninitialized in this function
>
> Signed-off-by: Olaf Hering <[email protected]>
Thanks for fixing this.
Acked by: K. Y. Srinivasan <[email protected]>
> ---
> tools/hv/hv_vss_daemon.c | 12 ++++++++----
> 1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/tools/hv/hv_vss_daemon.c b/tools/hv/hv_vss_daemon.c
> index 9526995..2a03d0b 100644
> --- a/tools/hv/hv_vss_daemon.c
> +++ b/tools/hv/hv_vss_daemon.c
> @@ -51,7 +51,7 @@ static int vss_operate(int operation)
> FILE *file;
> char *p;
> char *x;
> - int error;
> + int error = 0;
>
> switch (operation) {
> case VSS_OP_FREEZE:
> @@ -60,11 +60,13 @@ static int vss_operate(int operation)
> case VSS_OP_THAW:
> fs_op = "-u ";
> break;
> + default:
> + return -1;
> }
>
> - file = popen("mount | awk '/^\/dev\// { print $3}'", "r");
> + file = popen("mount | awk '/^\\/dev\\// { print $3}'", "r");
> if (file == NULL)
> - return;
> + return -1;
>
> while ((p = fgets(buf, sizeof(buf), file)) != NULL) {
> x = strchr(p, '\n');
> @@ -128,7 +130,9 @@ int main(void)
> int op;
> struct hv_vss_msg *vss_msg;
>
> - daemon(1, 0);
> + if (daemon(1, 0))
> + return 1;
> +
> openlog("Hyper-V VSS", 0, LOG_USER);
> syslog(LOG_INFO, "VSS starting; pid is:%d", getpid());
>
>
> -----Original Message-----
> From: Olaf Hering [mailto:[email protected]]
> Sent: Tuesday, March 26, 2013 11:28 AM
> To: KY Srinivasan; [email protected]
> Cc: [email protected]; Olaf Hering
> Subject: [PATCH 2/3] tools: hv: fix checks for origin of netlink message in
> hv_vss_daemon
>
> Similar to what commit 95a69adab9acfc3981c504737a2b6578e4d846ef ("tools:
> hv: Netlink source address validation allows DoS") does in
> hv_kvp_daemon, improve checks for origin of netlink connector message.
>
> Signed-off-by: Olaf Hering <[email protected]>
Acked by: K. Y. Srinivasan <[email protected]>
> ---
> tools/hv/hv_vss_daemon.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/tools/hv/hv_vss_daemon.c b/tools/hv/hv_vss_daemon.c
> index 2a03d0b..dc3eb1e 100644
> --- a/tools/hv/hv_vss_daemon.c
> +++ b/tools/hv/hv_vss_daemon.c
> @@ -186,13 +186,19 @@ int main(void)
> len = recvfrom(fd, vss_recv_buffer, sizeof(vss_recv_buffer), 0,
> addr_p, &addr_l);
>
> - if (len < 0 || addr.nl_pid) {
> + if (len < 0) {
> syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
> addr.nl_pid, errno, strerror(errno));
> close(fd);
> return -1;
> }
>
> + if (addr.nl_pid) {
> + syslog(LOG_WARNING, "Received packet from untrusted
> pid:%u",
> + addr.nl_pid);
> + continue;
> + }
> +
> incoming_msg = (struct nlmsghdr *)vss_recv_buffer;
>
> if (incoming_msg->nlmsg_type != NLMSG_DONE)
>
On Tue, Mar 26, 2013 at 04:28:27PM +0100, Olaf Hering wrote:
> This change fixes a few compile errors:
>
> hv_vss_daemon.c:64:15: warning: unknown escape sequence '\/'
> hv_vss_daemon.c:64:15: warning: unknown escape sequence '\/'
> hv_vss_daemon.c: In function 'vss_operate':
> hv_vss_daemon.c:66: warning: 'return' with no value, in function returning non-void
> hv_vss_daemon.c: In function 'main':
> hv_vss_daemon.c:130: warning: ignoring return value of 'daemon', declared with attribute warn_unused_result
> hv_vss_daemon.c: In function 'vss_operate':
> hv_vss_daemon.c:47: warning: 'fs_op' may be used uninitialized in this function
>
> Signed-off-by: Olaf Hering <[email protected]>
For some reason, all of your hv tools patches ended up in my spam
filter. KY, can you resend me any that I didn't apply, and you have
tested?
thanks,
greg k-h
> -----Original Message-----
> From: Greg KH [mailto:[email protected]]
> Sent: Friday, April 19, 2013 7:24 PM
> To: Olaf Hering
> Cc: KY Srinivasan; [email protected]
> Subject: Re: [PATCH 1/3] Tools: hv: fix warnings in hv_vss_daemon
>
> On Tue, Mar 26, 2013 at 04:28:27PM +0100, Olaf Hering wrote:
> > This change fixes a few compile errors:
> >
> > hv_vss_daemon.c:64:15: warning: unknown escape sequence '\/'
> > hv_vss_daemon.c:64:15: warning: unknown escape sequence '\/'
> > hv_vss_daemon.c: In function 'vss_operate':
> > hv_vss_daemon.c:66: warning: 'return' with no value, in function returning
> non-void
> > hv_vss_daemon.c: In function 'main':
> > hv_vss_daemon.c:130: warning: ignoring return value of 'daemon', declared
> with attribute warn_unused_result
> > hv_vss_daemon.c: In function 'vss_operate':
> > hv_vss_daemon.c:47: warning: 'fs_op' may be used uninitialized in this function
> >
> > Signed-off-by: Olaf Hering <[email protected]>
>
> For some reason, all of your hv tools patches ended up in my spam
> filter. KY, can you resend me any that I didn't apply, and you have
> tested?
Greg,
I forwarded some patches from Olaf (I think Olaf is on vacation) that have not been applied. I had acked all these patches when Olaf sent them out initially.
Regards,
K. Y
>
> thanks,
>
> greg k-h
>
On Sun, Apr 21, 2013 at 10:32:45PM +0000, KY Srinivasan wrote:
>
> > -----Original Message-----
> > From: Greg KH [mailto:[email protected]]
> > Sent: Friday, April 19, 2013 7:24 PM
> > To: Olaf Hering
> > Cc: KY Srinivasan; [email protected]
> > Subject: Re: [PATCH 1/3] Tools: hv: fix warnings in hv_vss_daemon
> >
> > On Tue, Mar 26, 2013 at 04:28:27PM +0100, Olaf Hering wrote:
> > > This change fixes a few compile errors:
> > >
> > > hv_vss_daemon.c:64:15: warning: unknown escape sequence '\/'
> > > hv_vss_daemon.c:64:15: warning: unknown escape sequence '\/'
> > > hv_vss_daemon.c: In function 'vss_operate':
> > > hv_vss_daemon.c:66: warning: 'return' with no value, in function returning
> > non-void
> > > hv_vss_daemon.c: In function 'main':
> > > hv_vss_daemon.c:130: warning: ignoring return value of 'daemon', declared
> > with attribute warn_unused_result
> > > hv_vss_daemon.c: In function 'vss_operate':
> > > hv_vss_daemon.c:47: warning: 'fs_op' may be used uninitialized in this function
> > >
> > > Signed-off-by: Olaf Hering <[email protected]>
> >
> > For some reason, all of your hv tools patches ended up in my spam
> > filter. KY, can you resend me any that I didn't apply, and you have
> > tested?
>
> Greg,
>
> I forwarded some patches from Olaf (I think Olaf is on vacation) that
> have not been applied. I had acked all these patches when Olaf sent
> them out initially.
Can you please resend them in a format that I can apply them in (hint,
I should never have to edit the patch by hand from you.)
thanks,
greg k-h
> -----Original Message-----
> From: Greg KH [mailto:[email protected]]
> Sent: Sunday, April 21, 2013 9:13 PM
> To: KY Srinivasan
> Cc: Olaf Hering; [email protected]
> Subject: Re: [PATCH 1/3] Tools: hv: fix warnings in hv_vss_daemon
>
> On Sun, Apr 21, 2013 at 10:32:45PM +0000, KY Srinivasan wrote:
> >
> > > -----Original Message-----
> > > From: Greg KH [mailto:[email protected]]
> > > Sent: Friday, April 19, 2013 7:24 PM
> > > To: Olaf Hering
> > > Cc: KY Srinivasan; [email protected]
> > > Subject: Re: [PATCH 1/3] Tools: hv: fix warnings in hv_vss_daemon
> > >
> > > On Tue, Mar 26, 2013 at 04:28:27PM +0100, Olaf Hering wrote:
> > > > This change fixes a few compile errors:
> > > >
> > > > hv_vss_daemon.c:64:15: warning: unknown escape sequence '\/'
> > > > hv_vss_daemon.c:64:15: warning: unknown escape sequence '\/'
> > > > hv_vss_daemon.c: In function 'vss_operate':
> > > > hv_vss_daemon.c:66: warning: 'return' with no value, in function returning
> > > non-void
> > > > hv_vss_daemon.c: In function 'main':
> > > > hv_vss_daemon.c:130: warning: ignoring return value of 'daemon', declared
> > > with attribute warn_unused_result
> > > > hv_vss_daemon.c: In function 'vss_operate':
> > > > hv_vss_daemon.c:47: warning: 'fs_op' may be used uninitialized in this
> function
> > > >
> > > > Signed-off-by: Olaf Hering <[email protected]>
> > >
> > > For some reason, all of your hv tools patches ended up in my spam
> > > filter. KY, can you resend me any that I didn't apply, and you have
> > > tested?
> >
> > Greg,
> >
> > I forwarded some patches from Olaf (I think Olaf is on vacation) that
> > have not been applied. I had acked all these patches when Olaf sent
> > them out initially.
>
> Can you please resend them in a format that I can apply them in (hint,
> I should never have to edit the patch by hand from you.)
Done.
K. Y
>
> thanks,
>
> greg k-h
>