Commit 7b751570 authored by Peter Maydell's avatar Peter Maydell
Browse files

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging 



Block layer patches:

- qemu-img convert: Don't pre-zero images (removes nowadays
  counterproductive optimisation)
- qemu-storage-daemon: Fix object-del, cleaner shutdown
- vvfat: Check that the guest doesn't escape the given host directory
  with read-write vvfat drives
- vvfat: Fix crash by out-of-bounds array writes for read-write drives
- iotests fixes

# gpg: Signature made Fri 03 Jul 2020 10:20:46 BST
# gpg:                using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg:                issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  iotests: Fix 051 output after qdev_init_nofail() removal
  iotests.py: Do not wait() before communicate()
  vvfat: Fix array_remove_slice()
  vvfat: Check that updated filenames are valid
  qemu-storage-daemon: add missing cleanup calls
  qemu-storage-daemon: remember to add qemu_object_opts
  qemu-img convert: Don't pre-zero images

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
parents 5f42c337 4f071a94

block/vvfat.c

+29 −38
Original line number Diff line number Diff line
@@ -140,48 +140,16 @@ static inline void* array_insert(array_t* array,unsigned int index,unsigned int 
    return array->pointer+index*array->item_size;

}



/* this performs a "roll", so that the element which was at index_from becomes

 * index_to, but the order of all other elements is preserved. */

static inline int array_roll(array_t* array,int index_to,int index_from,int count)

{

    char* buf;

    char* from;

    char* to;

    int is;



    if(!array ||

            index_to<0 || index_to>=array->next ||

            index_from<0 || index_from>=array->next)

        return -1;



    if(index_to==index_from)

        return 0;



    is=array->item_size;

    from=array->pointer+index_from*is;

    to=array->pointer+index_to*is;

    buf=g_malloc(is*count);

    memcpy(buf,from,is*count);



    if(index_to<index_from)

        memmove(to+is*count,to,from-to);

    else

        memmove(from,from+is*count,to-from);



    memcpy(to,buf,is*count);



    g_free(buf);



    return 0;

}



static inline int array_remove_slice(array_t* array,int index, int count)

{

    assert(index >=0);

    assert(count > 0);

    assert(index + count <= array->next);

    if(array_roll(array,array->next-1,index,count))

        return -1;



    memmove(array->pointer + index * array->item_size,

            array->pointer + (index + count) * array->item_size,

            (array->next - index - count) * array->item_size);



    array->next -= count;

    return 0;

}
@@ -520,12 +488,31 @@ static void set_begin_of_direntry(direntry_t* direntry, uint32_t begin) 
    direntry->begin_hi = cpu_to_le16((begin >> 16) & 0xffff);

}



static bool valid_filename(const unsigned char *name)

{

    unsigned char c;

    if (!strcmp((const char*)name, ".") || !strcmp((const char*)name, "..")) {

        return false;

    }

    for (; (c = *name); name++) {

        if (!((c >= '0' && c <= '9') ||

              (c >= 'A' && c <= 'Z') ||

              (c >= 'a' && c <= 'z') ||

              c > 127 ||

              strchr("$%'-_@~`!(){}^#&.+,;=[]", c) != NULL))

        {

            return false;

        }

    }

    return true;

}



static uint8_t to_valid_short_char(gunichar c)

{

    c = g_unichar_toupper(c);

    if ((c >= '0' && c <= '9') ||

        (c >= 'A' && c <= 'Z') ||

        strchr("$%'-_@~`!(){}^#&", c) != 0) {

        strchr("$%'-_@~`!(){}^#&", c) != NULL) {

        return c;

    } else {

        return 0;
@@ -2098,6 +2085,10 @@ DLOG(fprintf(stderr, "check direntry %d:\n", i); print_direntry(direntries + i)) 
            }

            lfn.checksum = 0x100; /* cannot use long name twice */



            if (!valid_filename(lfn.name)) {

                fprintf(stderr, "Invalid file name\n");

                goto fail;

            }

            if (path_len + 1 + lfn.len >= PATH_MAX) {

                fprintf(stderr, "Name too long: %s/%s\n", path, lfn.name);

                goto fail;

qemu-img.c

+0 −9
Original line number Diff line number Diff line
@@ -2084,15 +2084,6 @@ static int convert_do_copy(ImgConvertState *s) 
        s->has_zero_init = bdrv_has_zero_init(blk_bs(s->target));

    }



    if (!s->has_zero_init && !s->target_has_backing &&

        bdrv_can_write_zeroes_with_unmap(blk_bs(s->target)))

    {

        ret = blk_make_zero(s->target, BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK);

        if (ret == 0) {

            s->has_zero_init = true;

        }

    }



    /* Allocate buffer for copied data. For compressed images, only one cluster

     * can be copied at a time. */

    if (s->compressed) {

qemu-storage-daemon.c

+5 −0
Original line number Diff line number Diff line
@@ -316,6 +316,7 @@ int main(int argc, char *argv[]) 


    module_call_init(MODULE_INIT_QOM);

    module_call_init(MODULE_INIT_TRACE);

    qemu_add_opts(&qemu_object_opts);

    qemu_add_opts(&qemu_trace_opts);

    qcrypto_init(&error_fatal);

    bdrv_init();
@@ -334,5 +335,9 @@ int main(int argc, char *argv[]) 
        main_loop_wait(false);

    }



    monitor_cleanup();

    qemu_chr_cleanup();

    user_creatable_cleanup();



    return EXIT_SUCCESS;

}

tests/qemu-iotests/iotests.py

+17 −17
Original line number Diff line number Diff line
@@ -146,11 +146,12 @@ def qemu_img_pipe(*args): 
                            stdout=subprocess.PIPE,

                            stderr=subprocess.STDOUT,

                            universal_newlines=True)

    exitcode = subp.wait()

    if exitcode < 0:

    output = subp.communicate()[0]

    if subp.returncode < 0:

        sys.stderr.write('qemu-img received signal %i: %s\n'

                         % (-exitcode, ' '.join(qemu_img_args + list(args))))

    return subp.communicate()[0]

                         % (-subp.returncode,

                            ' '.join(qemu_img_args + list(args))))

    return output



def qemu_img_log(*args):

    result = qemu_img_pipe(*args)
@@ -177,11 +178,11 @@ def qemu_io(*args): 
    subp = subprocess.Popen(args, stdout=subprocess.PIPE,

                            stderr=subprocess.STDOUT,

                            universal_newlines=True)

    exitcode = subp.wait()

    if exitcode < 0:

    output = subp.communicate()[0]

    if subp.returncode < 0:

        sys.stderr.write('qemu-io received signal %i: %s\n'

                         % (-exitcode, ' '.join(args)))

    return subp.communicate()[0]

                         % (-subp.returncode, ' '.join(args)))

    return output



def qemu_io_log(*args):

    result = qemu_io(*args)
@@ -257,15 +258,14 @@ def qemu_nbd_early_pipe(*args): 
       and its output in case of an error'''

    subp = subprocess.Popen(qemu_nbd_args + ['--fork'] + list(args),

                            stdout=subprocess.PIPE,

                            stderr=subprocess.STDOUT,

                            universal_newlines=True)

    exitcode = subp.wait()

    if exitcode < 0:

    output = subp.communicate()[0]

    if subp.returncode < 0:

        sys.stderr.write('qemu-nbd received signal %i: %s\n' %

                         (-exitcode,

                         (-subp.returncode,

                          ' '.join(qemu_nbd_args + ['--fork'] + list(args))))



    return exitcode, subp.communicate()[0] if exitcode else ''

    return subp.returncode, output if subp.returncode else ''



def qemu_nbd_popen(*args):

    '''Run qemu-nbd in daemon mode and return the parent's exit code'''
@@ -1062,11 +1062,11 @@ def qemu_pipe(*args): 
    subp = subprocess.Popen(args, stdout=subprocess.PIPE,

                            stderr=subprocess.STDOUT,

                            universal_newlines=True)

    exitcode = subp.wait()

    if exitcode < 0:

    output = subp.communicate()[0]

    if subp.returncode < 0:

        sys.stderr.write('qemu received signal %i: %s\n' %

                         (-exitcode, ' '.join(args)))

    return subp.communicate()[0]

                         (-subp.returncode, ' '.join(args)))

    return output



def supported_formats(read_only=False):

    '''Set 'read_only' to True to check ro-whitelist