Re: [PATCH] tools: hv: Fix how ifcfg-* file is created
- Original Message - > On Sun, Jan 13, Tomas Hozza wrote: > > > -# IPADDR=ipaddr1 > > -# IPADDR_1=ipaddr2 > > -# IPADDR_x=ipaddry (where y = x + 1) > > +# IPADDR0=ipaddr1 > > +# IPADDR1=ipaddr2 > > +# IPADDRx=ipaddry (where y = x + 1) > > Before this change it was IPADDR=, now its IPADDR0=. > Furthermore, IPADDR_n was changed to IPADDRn. >From initscripts (ifcfg-* part) documentation: Base items: NAME= Most important for PPP. Only used in front ends. DEVICE=PPP devices where it is the "logical name")> IPADDRn= PREFIXn= Network prefix. It is used for all configurations except aliases and ippp devices. It takes precedence over NETMASK when both PREFIX and NETMASK are set. NETMASKn= Subnet mask; just useful for aliases and ippp devices. For all other configurations, use PREFIX instead. The "n" is expected to be consecutive positive integers starting from 0. It can be omitted if there is only one address being configured. So I think this explains a lot. In hyperv KVP daemon source there is no logic to determine if we are going to set more than SINGLE IP address to the interface. Therefore we have to set the first one as IPADDR0. This is completely OK and in compliance with the documentation. > Does that match what the tools consuming the ifcfg-* files expect? Since the current format looks the same as described in documentation I assume tools consuming ifcfg-* files expect exactly this. I also checked scripts handling those ifcfg-* files and they did not expect it to be IPADDR_n for some "n". We also tested the daemon and it worked just fine. > Why did it work before this change? For single IPADDR this should work just fine and it is expected to. But did you try also to set more than just a single IP address to the interface? Regards, Tomas Hozza -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] tools: hv: Fix how ifcfg-* file is created
- Original Message - On Sun, Jan 13, Tomas Hozza wrote: -# IPADDR=ipaddr1 -# IPADDR_1=ipaddr2 -# IPADDR_x=ipaddry (where y = x + 1) +# IPADDR0=ipaddr1 +# IPADDR1=ipaddr2 +# IPADDRx=ipaddry (where y = x + 1) Before this change it was IPADDR=, now its IPADDR0=. Furthermore, IPADDR_n was changed to IPADDRn. From initscripts (ifcfg-* part) documentation: Base items: NAME= Most important for PPP. Only used in front ends. DEVICE=PPP devices where it is the logical name) IPADDRn= PREFIXn= Network prefix. It is used for all configurations except aliases and ippp devices. It takes precedence over NETMASK when both PREFIX and NETMASK are set. NETMASKn= Subnet mask; just useful for aliases and ippp devices. For all other configurations, use PREFIX instead. The n is expected to be consecutive positive integers starting from 0. It can be omitted if there is only one address being configured. So I think this explains a lot. In hyperv KVP daemon source there is no logic to determine if we are going to set more than SINGLE IP address to the interface. Therefore we have to set the first one as IPADDR0. This is completely OK and in compliance with the documentation. Does that match what the tools consuming the ifcfg-* files expect? Since the current format looks the same as described in documentation I assume tools consuming ifcfg-* files expect exactly this. I also checked scripts handling those ifcfg-* files and they did not expect it to be IPADDR_n for some n. We also tested the daemon and it worked just fine. Why did it work before this change? For single IPADDR this should work just fine and it is expected to. But did you try also to set more than just a single IP address to the interface? Regards, Tomas Hozza -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] tools: hv: Use CLOEXEC when opening kvp_pool files
Use CLOEXEC flag when opening kvp_pool_x files to prevent file descriptor leakage. Not using it was causing a problem when SELinux was enabled. Signed-off-by: Tomas Hozza --- tools/hv/hv_kvp_daemon.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 3840517..c800ea4 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -151,7 +151,7 @@ static void kvp_update_file(int pool) */ kvp_acquire_lock(pool); - filep = fopen(kvp_file_info[pool].fname, "w"); + filep = fopen(kvp_file_info[pool].fname, "we"); if (!filep) { kvp_release_lock(pool); syslog(LOG_ERR, "Failed to open file, pool: %d", pool); @@ -182,7 +182,7 @@ static void kvp_update_mem_state(int pool) kvp_acquire_lock(pool); - filep = fopen(kvp_file_info[pool].fname, "r"); + filep = fopen(kvp_file_info[pool].fname, "re"); if (!filep) { kvp_release_lock(pool); syslog(LOG_ERR, "Failed to open file, pool: %d", pool); @@ -246,13 +246,13 @@ static int kvp_file_init(void) records_read = 0; num_blocks = 1; sprintf(fname, "%s/.kvp_pool_%d", KVP_CONFIG_LOC, i); - fd = open(fname, O_RDWR | O_CREAT, 0644 /* rw-r--r-- */); + fd = open(fname, O_RDWR | O_CREAT | O_CLOEXEC, 0644 /* rw-r--r-- */); if (fd == -1) return 1; - filep = fopen(fname, "r"); + filep = fopen(fname, "re"); if (!filep) return 1; -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] tools: hv: Use CLOEXEC when opening kvp_pool files
Use CLOEXEC flag when opening kvp_pool_x files to prevent file descriptor leakage. Not using it was causing a problem when SELinux was enabled. Signed-off-by: Tomas Hozza tho...@redhat.com --- tools/hv/hv_kvp_daemon.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 3840517..c800ea4 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -151,7 +151,7 @@ static void kvp_update_file(int pool) */ kvp_acquire_lock(pool); - filep = fopen(kvp_file_info[pool].fname, w); + filep = fopen(kvp_file_info[pool].fname, we); if (!filep) { kvp_release_lock(pool); syslog(LOG_ERR, Failed to open file, pool: %d, pool); @@ -182,7 +182,7 @@ static void kvp_update_mem_state(int pool) kvp_acquire_lock(pool); - filep = fopen(kvp_file_info[pool].fname, r); + filep = fopen(kvp_file_info[pool].fname, re); if (!filep) { kvp_release_lock(pool); syslog(LOG_ERR, Failed to open file, pool: %d, pool); @@ -246,13 +246,13 @@ static int kvp_file_init(void) records_read = 0; num_blocks = 1; sprintf(fname, %s/.kvp_pool_%d, KVP_CONFIG_LOC, i); - fd = open(fname, O_RDWR | O_CREAT, 0644 /* rw-r--r-- */); + fd = open(fname, O_RDWR | O_CREAT | O_CLOEXEC, 0644 /* rw-r--r-- */); if (fd == -1) return 1; - filep = fopen(fname, r); + filep = fopen(fname, re); if (!filep) return 1; -- 1.7.11.7 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] tools: hv: Fix how ifcfg-* file is created
Fix for the daemon code and for hv_set_ifconfig.sh script, so that the created ifcfg-* file is consistent with initscripts documentation. Signed-off-by: Tomas Hozza --- tools/hv/hv_kvp_daemon.c| 59 ++--- tools/hv/hv_set_ifconfig.sh | 22 +++-- 2 files changed, 38 insertions(+), 43 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index d25a469..e6fe8d5 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -1162,16 +1162,13 @@ static int process_ip_string(FILE *f, char *ip_string, int type) snprintf(str, sizeof(str), "%s", "DNS"); break; } - if (i != 0) { - if (type != DNS) { - snprintf(sub_str, sizeof(sub_str), - "_%d", i++); - } else { - snprintf(sub_str, sizeof(sub_str), - "%d", ++i); - } - } else if (type == DNS) { + + if (type == DNS) { snprintf(sub_str, sizeof(sub_str), "%d", ++i); + } else if (type == GATEWAY && i == 0) { + ++i; + } else { + snprintf(sub_str, sizeof(sub_str), "%d", i++); } @@ -1191,17 +1188,13 @@ static int process_ip_string(FILE *f, char *ip_string, int type) snprintf(str, sizeof(str), "%s", "DNS"); break; } - if ((j != 0) || (type == DNS)) { - if (type != DNS) { - snprintf(sub_str, sizeof(sub_str), - "_%d", j++); - } else { - snprintf(sub_str, sizeof(sub_str), - "%d", ++i); - } - } else if (type == DNS) { - snprintf(sub_str, sizeof(sub_str), - "%d", ++i); + + if (type == DNS) { + snprintf(sub_str, sizeof(sub_str), "%d", ++i); + } else if (j == 0) { + ++j; + } else { + snprintf(sub_str, sizeof(sub_str), "_%d", j++); } } else { return HV_INVALIDARG; @@ -1244,18 +1237,19 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) * Here is the format of the ip configuration file: * * HWADDR=macaddr -* IF_NAME=interface name -* DHCP=yes (This is optional; if yes, DHCP is configured) +* DEVICE=interface name +* BOOTPROTO= (where is "dhcp" if DHCP is configured +* or "none" if no boot-time protocol should be used) * -* IPADDR=ipaddr1 -* IPADDR_1=ipaddr2 -* IPADDR_x=ipaddry (where y = x + 1) +* IPADDR0=ipaddr1 +* IPADDR1=ipaddr2 +* IPADDRx=ipaddry (where y = x + 1) * -* NETMASK=netmask1 -* NETMASK_x=netmasky (where y = x + 1) +* NETMASK0=netmask1 +* NETMASKx=netmasky (where y = x + 1) * * GATEWAY=ipaddr1 -* GATEWAY_x=ipaddry (where y = x + 1) +* GATEWAYx=ipaddry (where y = x + 1) * * DNSx=ipaddrx (where first DNS address is tagged as DNS1 etc) * @@ -1294,12 +1288,12 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) if (error) goto setval_error; - error = kvp_write_file(file, "IF_NAME", "", if_name); + error = kvp_write_file(file, "DEVICE", "", if_name); if (error) goto setval_error; if (new_val->dhcp_enabled) { - error = kvp_write_file(file, "DHCP", "", "yes"); + error = kvp_write_file(file, "BOOTPROTO", "", "dhcp"); if (error) goto setval_error; @@ -1307,6 +1301,11 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) * We are done!. */ goto setval_done; + + } els
[PATCH] tools: hv: Fix how ifcfg-* file is created
Fix for the daemon code and for hv_set_ifconfig.sh script, so that the created ifcfg-* file is consistent with initscripts documentation. Signed-off-by: Tomas Hozza tho...@redhat.com --- tools/hv/hv_kvp_daemon.c| 59 ++--- tools/hv/hv_set_ifconfig.sh | 22 +++-- 2 files changed, 38 insertions(+), 43 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index d25a469..e6fe8d5 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -1162,16 +1162,13 @@ static int process_ip_string(FILE *f, char *ip_string, int type) snprintf(str, sizeof(str), %s, DNS); break; } - if (i != 0) { - if (type != DNS) { - snprintf(sub_str, sizeof(sub_str), - _%d, i++); - } else { - snprintf(sub_str, sizeof(sub_str), - %d, ++i); - } - } else if (type == DNS) { + + if (type == DNS) { snprintf(sub_str, sizeof(sub_str), %d, ++i); + } else if (type == GATEWAY i == 0) { + ++i; + } else { + snprintf(sub_str, sizeof(sub_str), %d, i++); } @@ -1191,17 +1188,13 @@ static int process_ip_string(FILE *f, char *ip_string, int type) snprintf(str, sizeof(str), %s, DNS); break; } - if ((j != 0) || (type == DNS)) { - if (type != DNS) { - snprintf(sub_str, sizeof(sub_str), - _%d, j++); - } else { - snprintf(sub_str, sizeof(sub_str), - %d, ++i); - } - } else if (type == DNS) { - snprintf(sub_str, sizeof(sub_str), - %d, ++i); + + if (type == DNS) { + snprintf(sub_str, sizeof(sub_str), %d, ++i); + } else if (j == 0) { + ++j; + } else { + snprintf(sub_str, sizeof(sub_str), _%d, j++); } } else { return HV_INVALIDARG; @@ -1244,18 +1237,19 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) * Here is the format of the ip configuration file: * * HWADDR=macaddr -* IF_NAME=interface name -* DHCP=yes (This is optional; if yes, DHCP is configured) +* DEVICE=interface name +* BOOTPROTO=protocol (where protocol is dhcp if DHCP is configured +* or none if no boot-time protocol should be used) * -* IPADDR=ipaddr1 -* IPADDR_1=ipaddr2 -* IPADDR_x=ipaddry (where y = x + 1) +* IPADDR0=ipaddr1 +* IPADDR1=ipaddr2 +* IPADDRx=ipaddry (where y = x + 1) * -* NETMASK=netmask1 -* NETMASK_x=netmasky (where y = x + 1) +* NETMASK0=netmask1 +* NETMASKx=netmasky (where y = x + 1) * * GATEWAY=ipaddr1 -* GATEWAY_x=ipaddry (where y = x + 1) +* GATEWAYx=ipaddry (where y = x + 1) * * DNSx=ipaddrx (where first DNS address is tagged as DNS1 etc) * @@ -1294,12 +1288,12 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) if (error) goto setval_error; - error = kvp_write_file(file, IF_NAME, , if_name); + error = kvp_write_file(file, DEVICE, , if_name); if (error) goto setval_error; if (new_val-dhcp_enabled) { - error = kvp_write_file(file, DHCP, , yes); + error = kvp_write_file(file, BOOTPROTO, , dhcp); if (error) goto setval_error; @@ -1307,6 +1301,11 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) * We are done!. */ goto setval_done; + + } else { + error = kvp_write_file(file, BOOTPROTO, , none); + if (error) + goto setval_error; } /* diff --git a/tools/hv/hv_set_ifconfig.sh b/tools/hv/hv_set_ifconfig.sh index 3e9427e..00b66be 100755 --- a/tools/hv
Re: [PATCH 1/2] tools: hv: Fix how ifcfg-* file is created
There is a mistake in this Patch. Sorry for this. I'll send corrected one ASAP after testing it! - Original Message - > > > > -Original Message- > > From: Tomas Hozza [mailto:tho...@redhat.com] > > Sent: Tuesday, January 08, 2013 6:27 AM > > To: gre...@linuxfoundation.org > > Cc: KY Srinivasan; jasow...@redhat.com; Haiyang Zhang; linux- > > ker...@vger.kernel.org; Hashir Abdi; Tomas Hozza > > Subject: [PATCH 1/2] tools: hv: Fix how ifcfg-* file is created > > > > Fix for the daemon code and for hv_set_ifconfig.sh script, so > > that the created ifcfg-* file is consistent with initscripts > > documentation. > > > > Signed-off-by: Tomas Hozza > Acked-by: K. Y. Srinivasan > > > --- > > tools/hv/hv_kvp_daemon.c| 73 > > ++- > > -- > > tools/hv/hv_set_ifconfig.sh | 22 ++ > > 2 files changed, 44 insertions(+), 51 deletions(-) > > > > diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c > > index d25a469..6b56b75 100644 > > --- a/tools/hv/hv_kvp_daemon.c > > +++ b/tools/hv/hv_kvp_daemon.c > > @@ -1162,16 +1162,13 @@ static int process_ip_string(FILE *f, char > > *ip_string, int > > type) > > snprintf(str, sizeof(str), "%s", "DNS"); > > break; > > } > > - if (i != 0) { > > - if (type != DNS) { > > - snprintf(sub_str, sizeof(sub_str), > > - "_%d", i++); > > - } else { > > - snprintf(sub_str, sizeof(sub_str), > > - "%d", ++i); > > - } > > - } else if (type == DNS) { > > + > > + if (type == DNS) { > > snprintf(sub_str, sizeof(sub_str), "%d", ++i); > > + } else if (type == GATEWAY && i == 0) { > > + ++i; > > + } else { > > + snprintf(sub_str, sizeof(sub_str), "%d", i++); > > } > > > > > > @@ -1191,17 +1188,13 @@ static int process_ip_string(FILE *f, char > > *ip_string, int > > type) > > snprintf(str, sizeof(str), "%s", "DNS"); > > break; > > } > > - if ((j != 0) || (type == DNS)) { > > - if (type != DNS) { > > - snprintf(sub_str, sizeof(sub_str), > > - "_%d", j++); > > - } else { > > - snprintf(sub_str, sizeof(sub_str), > > - "%d", ++i); > > - } > > - } else if (type == DNS) { > > - snprintf(sub_str, sizeof(sub_str), > > - "%d", ++i); > > + > > + if (type == DNS) { > > + snprintf(sub_str, sizeof(sub_str), "%d", ++i); > > + } else if (j == 0) { > > + ++j; > > + } else { > > + snprintf(sub_str, sizeof(sub_str), "_%d", j++); > > } > > } else { > > return HV_INVALIDARG; > > @@ -1244,18 +1237,19 @@ static int kvp_set_ip_info(char *if_name, > > struct > > hv_kvp_ipaddr_value *new_val) > > * Here is the format of the ip configuration file: > > * > > * HWADDR=macaddr > > -* IF_NAME=interface name > > -* DHCP=yes (This is optional; if yes, DHCP is configured) > > +* DEVICE=interface name > > +* BOOTPROTO= (where is "dhcp" if DHCP is > > configured > > +* or "none" if no boot-time protocol > > should be used) > > * > > -* IPADDR=ipaddr1 > > -* IPADDR_1=ipaddr2 > > -* IPADDR_x=ipaddry (where y = x + 1) > > +* IPADDR0=ipaddr1 > > +* IPADDR1=ipaddr2 > > +* IPADDRx=ipaddry (where y = x + 1) > > * > > -* NETMASK=netmask1 >
Re: [PATCH 1/2] tools: hv: Fix how ifcfg-* file is created
There is a mistake in this Patch. Sorry for this. I'll send corrected one ASAP after testing it! - Original Message - -Original Message- From: Tomas Hozza [mailto:tho...@redhat.com] Sent: Tuesday, January 08, 2013 6:27 AM To: gre...@linuxfoundation.org Cc: KY Srinivasan; jasow...@redhat.com; Haiyang Zhang; linux- ker...@vger.kernel.org; Hashir Abdi; Tomas Hozza Subject: [PATCH 1/2] tools: hv: Fix how ifcfg-* file is created Fix for the daemon code and for hv_set_ifconfig.sh script, so that the created ifcfg-* file is consistent with initscripts documentation. Signed-off-by: Tomas Hozza tho...@redhat.com Acked-by: K. Y. Srinivasan k...@microsoft.com --- tools/hv/hv_kvp_daemon.c| 73 ++- -- tools/hv/hv_set_ifconfig.sh | 22 ++ 2 files changed, 44 insertions(+), 51 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index d25a469..6b56b75 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -1162,16 +1162,13 @@ static int process_ip_string(FILE *f, char *ip_string, int type) snprintf(str, sizeof(str), %s, DNS); break; } - if (i != 0) { - if (type != DNS) { - snprintf(sub_str, sizeof(sub_str), - _%d, i++); - } else { - snprintf(sub_str, sizeof(sub_str), - %d, ++i); - } - } else if (type == DNS) { + + if (type == DNS) { snprintf(sub_str, sizeof(sub_str), %d, ++i); + } else if (type == GATEWAY i == 0) { + ++i; + } else { + snprintf(sub_str, sizeof(sub_str), %d, i++); } @@ -1191,17 +1188,13 @@ static int process_ip_string(FILE *f, char *ip_string, int type) snprintf(str, sizeof(str), %s, DNS); break; } - if ((j != 0) || (type == DNS)) { - if (type != DNS) { - snprintf(sub_str, sizeof(sub_str), - _%d, j++); - } else { - snprintf(sub_str, sizeof(sub_str), - %d, ++i); - } - } else if (type == DNS) { - snprintf(sub_str, sizeof(sub_str), - %d, ++i); + + if (type == DNS) { + snprintf(sub_str, sizeof(sub_str), %d, ++i); + } else if (j == 0) { + ++j; + } else { + snprintf(sub_str, sizeof(sub_str), _%d, j++); } } else { return HV_INVALIDARG; @@ -1244,18 +1237,19 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) * Here is the format of the ip configuration file: * * HWADDR=macaddr -* IF_NAME=interface name -* DHCP=yes (This is optional; if yes, DHCP is configured) +* DEVICE=interface name +* BOOTPROTO=protocol (where protocol is dhcp if DHCP is configured +* or none if no boot-time protocol should be used) * -* IPADDR=ipaddr1 -* IPADDR_1=ipaddr2 -* IPADDR_x=ipaddry (where y = x + 1) +* IPADDR0=ipaddr1 +* IPADDR1=ipaddr2 +* IPADDRx=ipaddry (where y = x + 1) * -* NETMASK=netmask1 -* NETMASK_x=netmasky (where y = x + 1) +* NETMASK0=netmask1 +* NETMASKx=netmasky (where y = x + 1) * * GATEWAY=ipaddr1 -* GATEWAY_x=ipaddry (where y = x + 1) +* GATEWAYx=ipaddry (where y = x + 1) * * DNSx=ipaddrx (where first DNS address is tagged as DNS1 etc) * @@ -1294,20 +1288,23 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) if (error) goto setval_error; - error = kvp_write_file(file, IF_NAME, , if_name); + error = kvp_write_file(file, DEVICE, , if_name); if (error) goto setval_error; - if (new_val-dhcp_enabled) { - error = kvp_write_file(file, DHCP, , yes); - if (error) - goto setval_error; + if (new_val-dhcp_enabled) + error = kvp_write_file(file, BOOTPROTO, , dhcp); + else + error
[PATCH 2/2] tools: hv: Use CLOEXEC when opening kvp_pool files
Use CLOEXEC flag when opening kvp_pool_x files to prevent file descriptor leakage. Not using it was causing a problem when SELinux was enabled. Signed-off-by: Tomas Hozza --- tools/hv/hv_kvp_daemon.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 6b56b75..31f839cc 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -151,7 +151,7 @@ static void kvp_update_file(int pool) */ kvp_acquire_lock(pool); - filep = fopen(kvp_file_info[pool].fname, "w"); + filep = fopen(kvp_file_info[pool].fname, "we"); if (!filep) { kvp_release_lock(pool); syslog(LOG_ERR, "Failed to open file, pool: %d", pool); @@ -182,7 +182,7 @@ static void kvp_update_mem_state(int pool) kvp_acquire_lock(pool); - filep = fopen(kvp_file_info[pool].fname, "r"); + filep = fopen(kvp_file_info[pool].fname, "re"); if (!filep) { kvp_release_lock(pool); syslog(LOG_ERR, "Failed to open file, pool: %d", pool); @@ -246,13 +246,13 @@ static int kvp_file_init(void) records_read = 0; num_blocks = 1; sprintf(fname, "/var/opt/hyperv/.kvp_pool_%d", i); - fd = open(fname, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IROTH); + fd = open(fname, O_RDWR | O_CREAT | O_CLOEXEC, S_IRUSR | S_IWUSR | S_IROTH); if (fd == -1) return 1; - filep = fopen(fname, "r"); + filep = fopen(fname, "re"); if (!filep) return 1; -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 1/2] tools: hv: Fix how ifcfg-* file is created
Fix for the daemon code and for hv_set_ifconfig.sh script, so that the created ifcfg-* file is consistent with initscripts documentation. Signed-off-by: Tomas Hozza --- tools/hv/hv_kvp_daemon.c| 73 ++--- tools/hv/hv_set_ifconfig.sh | 22 ++ 2 files changed, 44 insertions(+), 51 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index d25a469..6b56b75 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -1162,16 +1162,13 @@ static int process_ip_string(FILE *f, char *ip_string, int type) snprintf(str, sizeof(str), "%s", "DNS"); break; } - if (i != 0) { - if (type != DNS) { - snprintf(sub_str, sizeof(sub_str), - "_%d", i++); - } else { - snprintf(sub_str, sizeof(sub_str), - "%d", ++i); - } - } else if (type == DNS) { + + if (type == DNS) { snprintf(sub_str, sizeof(sub_str), "%d", ++i); + } else if (type == GATEWAY && i == 0) { + ++i; + } else { + snprintf(sub_str, sizeof(sub_str), "%d", i++); } @@ -1191,17 +1188,13 @@ static int process_ip_string(FILE *f, char *ip_string, int type) snprintf(str, sizeof(str), "%s", "DNS"); break; } - if ((j != 0) || (type == DNS)) { - if (type != DNS) { - snprintf(sub_str, sizeof(sub_str), - "_%d", j++); - } else { - snprintf(sub_str, sizeof(sub_str), - "%d", ++i); - } - } else if (type == DNS) { - snprintf(sub_str, sizeof(sub_str), - "%d", ++i); + + if (type == DNS) { + snprintf(sub_str, sizeof(sub_str), "%d", ++i); + } else if (j == 0) { + ++j; + } else { + snprintf(sub_str, sizeof(sub_str), "_%d", j++); } } else { return HV_INVALIDARG; @@ -1244,18 +1237,19 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) * Here is the format of the ip configuration file: * * HWADDR=macaddr -* IF_NAME=interface name -* DHCP=yes (This is optional; if yes, DHCP is configured) +* DEVICE=interface name +* BOOTPROTO= (where is "dhcp" if DHCP is configured +* or "none" if no boot-time protocol should be used) * -* IPADDR=ipaddr1 -* IPADDR_1=ipaddr2 -* IPADDR_x=ipaddry (where y = x + 1) +* IPADDR0=ipaddr1 +* IPADDR1=ipaddr2 +* IPADDRx=ipaddry (where y = x + 1) * -* NETMASK=netmask1 -* NETMASK_x=netmasky (where y = x + 1) +* NETMASK0=netmask1 +* NETMASKx=netmasky (where y = x + 1) * * GATEWAY=ipaddr1 -* GATEWAY_x=ipaddry (where y = x + 1) +* GATEWAYx=ipaddry (where y = x + 1) * * DNSx=ipaddrx (where first DNS address is tagged as DNS1 etc) * @@ -1294,20 +1288,23 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) if (error) goto setval_error; - error = kvp_write_file(file, "IF_NAME", "", if_name); + error = kvp_write_file(file, "DEVICE", "", if_name); if (error) goto setval_error; - if (new_val->dhcp_enabled) { - error = kvp_write_file(file, "DHCP", "", "yes"); - if (error) - goto setval_error; + if (new_val->dhcp_enabled) + error = kvp_write_file(file, "BOOTPROTO", "", "dhcp"); + else + error = kvp_write_file(file, "BOOTPROTO", "", "none"); + +
[PATCH 1/2] tools: hv: Fix how ifcfg-* file is created
Fix for the daemon code and for hv_set_ifconfig.sh script, so that the created ifcfg-* file is consistent with initscripts documentation. Signed-off-by: Tomas Hozza tho...@redhat.com --- tools/hv/hv_kvp_daemon.c| 73 ++--- tools/hv/hv_set_ifconfig.sh | 22 ++ 2 files changed, 44 insertions(+), 51 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index d25a469..6b56b75 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -1162,16 +1162,13 @@ static int process_ip_string(FILE *f, char *ip_string, int type) snprintf(str, sizeof(str), %s, DNS); break; } - if (i != 0) { - if (type != DNS) { - snprintf(sub_str, sizeof(sub_str), - _%d, i++); - } else { - snprintf(sub_str, sizeof(sub_str), - %d, ++i); - } - } else if (type == DNS) { + + if (type == DNS) { snprintf(sub_str, sizeof(sub_str), %d, ++i); + } else if (type == GATEWAY i == 0) { + ++i; + } else { + snprintf(sub_str, sizeof(sub_str), %d, i++); } @@ -1191,17 +1188,13 @@ static int process_ip_string(FILE *f, char *ip_string, int type) snprintf(str, sizeof(str), %s, DNS); break; } - if ((j != 0) || (type == DNS)) { - if (type != DNS) { - snprintf(sub_str, sizeof(sub_str), - _%d, j++); - } else { - snprintf(sub_str, sizeof(sub_str), - %d, ++i); - } - } else if (type == DNS) { - snprintf(sub_str, sizeof(sub_str), - %d, ++i); + + if (type == DNS) { + snprintf(sub_str, sizeof(sub_str), %d, ++i); + } else if (j == 0) { + ++j; + } else { + snprintf(sub_str, sizeof(sub_str), _%d, j++); } } else { return HV_INVALIDARG; @@ -1244,18 +1237,19 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) * Here is the format of the ip configuration file: * * HWADDR=macaddr -* IF_NAME=interface name -* DHCP=yes (This is optional; if yes, DHCP is configured) +* DEVICE=interface name +* BOOTPROTO=protocol (where protocol is dhcp if DHCP is configured +* or none if no boot-time protocol should be used) * -* IPADDR=ipaddr1 -* IPADDR_1=ipaddr2 -* IPADDR_x=ipaddry (where y = x + 1) +* IPADDR0=ipaddr1 +* IPADDR1=ipaddr2 +* IPADDRx=ipaddry (where y = x + 1) * -* NETMASK=netmask1 -* NETMASK_x=netmasky (where y = x + 1) +* NETMASK0=netmask1 +* NETMASKx=netmasky (where y = x + 1) * * GATEWAY=ipaddr1 -* GATEWAY_x=ipaddry (where y = x + 1) +* GATEWAYx=ipaddry (where y = x + 1) * * DNSx=ipaddrx (where first DNS address is tagged as DNS1 etc) * @@ -1294,20 +1288,23 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) if (error) goto setval_error; - error = kvp_write_file(file, IF_NAME, , if_name); + error = kvp_write_file(file, DEVICE, , if_name); if (error) goto setval_error; - if (new_val-dhcp_enabled) { - error = kvp_write_file(file, DHCP, , yes); - if (error) - goto setval_error; + if (new_val-dhcp_enabled) + error = kvp_write_file(file, BOOTPROTO, , dhcp); + else + error = kvp_write_file(file, BOOTPROTO, , none); + + if (error) + goto setval_error; + + /* +* We are done!. +*/ + goto setval_done; - /* -* We are done!. -*/ - goto setval_done; - } /* * Write the configuration for ipaddress, netmask, gateway
[PATCH 2/2] tools: hv: Use CLOEXEC when opening kvp_pool files
Use CLOEXEC flag when opening kvp_pool_x files to prevent file descriptor leakage. Not using it was causing a problem when SELinux was enabled. Signed-off-by: Tomas Hozza tho...@redhat.com --- tools/hv/hv_kvp_daemon.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 6b56b75..31f839cc 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -151,7 +151,7 @@ static void kvp_update_file(int pool) */ kvp_acquire_lock(pool); - filep = fopen(kvp_file_info[pool].fname, w); + filep = fopen(kvp_file_info[pool].fname, we); if (!filep) { kvp_release_lock(pool); syslog(LOG_ERR, Failed to open file, pool: %d, pool); @@ -182,7 +182,7 @@ static void kvp_update_mem_state(int pool) kvp_acquire_lock(pool); - filep = fopen(kvp_file_info[pool].fname, r); + filep = fopen(kvp_file_info[pool].fname, re); if (!filep) { kvp_release_lock(pool); syslog(LOG_ERR, Failed to open file, pool: %d, pool); @@ -246,13 +246,13 @@ static int kvp_file_init(void) records_read = 0; num_blocks = 1; sprintf(fname, /var/opt/hyperv/.kvp_pool_%d, i); - fd = open(fname, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IROTH); + fd = open(fname, O_RDWR | O_CREAT | O_CLOEXEC, S_IRUSR | S_IWUSR | S_IROTH); if (fd == -1) return 1; - filep = fopen(fname, r); + filep = fopen(fname, re); if (!filep) return 1; -- 1.7.11.7 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 1/3] tools/hv: Fix for long file names from readdir
- Original Message - > > This is just for sanity. The value PATH_MAX was chosen after > > discussion > > with K. Y. Srinivasan and Olaf Hering instead of some "magic" > > number like > > 256 or 512. > > PATH_MAX is a magic name. It is defined in "limits.h". I would welcome some more constructive argumentation and critics. > > > Using snprintf() is a good idea, but you need to check the return > > > value and handle the truncation case somehow. > > > > By using PATH_MAX sized buffer there is no need for handling the > > truncation > > case. > > You are claiming two contradictory things: sprintf() may overrun the > buffer, so we need the length check provided by snprintf(), but there > is no need to check for truncation because we know the length is > sufficient. So what do you propose? How should it be solved? Thank you. Regards, Tomas Hozza -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 1/3] tools/hv: Fix for long file names from readdir
- Original Message - This is just for sanity. The value PATH_MAX was chosen after discussion with K. Y. Srinivasan and Olaf Hering instead of some magic number like 256 or 512. PATH_MAX is a magic name. It is defined in limits.h. I would welcome some more constructive argumentation and critics. Using snprintf() is a good idea, but you need to check the return value and handle the truncation case somehow. By using PATH_MAX sized buffer there is no need for handling the truncation case. You are claiming two contradictory things: sprintf() may overrun the buffer, so we need the length check provided by snprintf(), but there is no need to check for truncation because we know the length is sufficient. So what do you propose? How should it be solved? Thank you. Regards, Tomas Hozza -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 1/3] tools/hv: Fix for long file names from readdir
- Original Message - > On Tue, 2012-11-27 at 08:56 +0100, Tomas Hozza wrote: > > kvp_get_if_name and kvp_mac_to_if_name copy strings into statically > > sized buffers which could be too small to store really long names. > > > > Buffer sizes have been changed to PATH_MAX, include "limits.h" > > where > > PATH_MAX is defined was added and length checks ware added via > > snprintf. > [...] > > PATH_MAX has nothing to do with any actual kernel limit; it's no more > meaningful than the current value of 256. Network interface names > are > limited to 15 characters, thus the current array is more than long > enough. So I think this is entirely unnecessary. This is just for sanity. The value PATH_MAX was chosen after discussion with K. Y. Srinivasan and Olaf Hering instead of some "magic" number like 256 or 512. > Using snprintf() is a good idea, but you need to check the return > value and handle the truncation case somehow. By using PATH_MAX sized buffer there is no need for handling the truncation case. Tomas Hozza -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 1/3] tools/hv: Fix for long file names from readdir
- Original Message - On Tue, 2012-11-27 at 08:56 +0100, Tomas Hozza wrote: kvp_get_if_name and kvp_mac_to_if_name copy strings into statically sized buffers which could be too small to store really long names. Buffer sizes have been changed to PATH_MAX, include limits.h where PATH_MAX is defined was added and length checks ware added via snprintf. [...] PATH_MAX has nothing to do with any actual kernel limit; it's no more meaningful than the current value of 256. Network interface names are limited to 15 characters, thus the current array is more than long enough. So I think this is entirely unnecessary. This is just for sanity. The value PATH_MAX was chosen after discussion with K. Y. Srinivasan and Olaf Hering instead of some magic number like 256 or 512. Using snprintf() is a good idea, but you need to check the return value and handle the truncation case somehow. By using PATH_MAX sized buffer there is no need for handling the truncation case. Tomas Hozza -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 3/3] tools/hv: Fix permissions of created directory and files
From: Ben Hutchings It's silly to create directories without execute permission, or to give permissions to 'other' but not the group-owner. Write the permissions in octal and 'ls -l' format since these are much easier to read than the named macros. Signed-off-by: Ben Hutchings Signed-off-by: Tomas Hozza --- tools/hv/hv_kvp_daemon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index e266251..7105c7b 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -236,7 +236,7 @@ static int kvp_file_init(void) int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK; if (access(KVP_CONFIG_LOC, F_OK)) { - if (mkdir(KVP_CONFIG_LOC, S_IRUSR | S_IWUSR | S_IROTH)) { + if (mkdir(KVP_CONFIG_LOC, 0755 /* rwxr-xr-x */)) { syslog(LOG_ERR, " Failed to create %s", KVP_CONFIG_LOC); exit(EXIT_FAILURE); } @@ -247,7 +247,7 @@ static int kvp_file_init(void) records_read = 0; num_blocks = 1; sprintf(fname, "%s/.kvp_pool_%d", KVP_CONFIG_LOC, i); - fd = open(fname, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IROTH); + fd = open(fname, O_RDWR | O_CREAT, 0644 /* rw-r--r-- */); if (fd == -1) return 1; -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 2/3] tools/hv: Fix /var subdirectory
Initial patch by Ben Hutchings We will install this in /usr, so it must use /var/lib for its state. Only programs installed under /opt should use /var/opt. Signed-off-by: Tomas Hozza --- tools/hv/hv_kvp_daemon.c | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 90f1f07..e266251 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -98,7 +98,7 @@ static struct utsname uts_buf; * The location of the interface configuration file. */ -#define KVP_CONFIG_LOC "/var/opt/" +#define KVP_CONFIG_LOC "/var/lib/hyperv" #define MAX_FILE_NAME 100 #define ENTRIES_PER_BLOCK 50 @@ -235,9 +235,9 @@ static int kvp_file_init(void) int i; int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK; - if (access("/var/opt/hyperv", F_OK)) { - if (mkdir("/var/opt/hyperv", S_IRUSR | S_IWUSR | S_IROTH)) { - syslog(LOG_ERR, " Failed to create /var/opt/hyperv"); + if (access(KVP_CONFIG_LOC, F_OK)) { + if (mkdir(KVP_CONFIG_LOC, S_IRUSR | S_IWUSR | S_IROTH)) { + syslog(LOG_ERR, " Failed to create %s", KVP_CONFIG_LOC); exit(EXIT_FAILURE); } } @@ -246,7 +246,7 @@ static int kvp_file_init(void) fname = kvp_file_info[i].fname; records_read = 0; num_blocks = 1; - sprintf(fname, "/var/opt/hyperv/.kvp_pool_%d", i); + sprintf(fname, "%s/.kvp_pool_%d", KVP_CONFIG_LOC, i); fd = open(fname, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IROTH); if (fd == -1) @@ -1263,7 +1263,7 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) */ snprintf(if_file, sizeof(if_file), "%s%s%s", KVP_CONFIG_LOC, - "hyperv/ifcfg-", if_name); + "/ifcfg-", if_name); file = fopen(if_file, "w"); -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 1/3] tools/hv: Fix for long file names from readdir
kvp_get_if_name and kvp_mac_to_if_name copy strings into statically sized buffers which could be too small to store really long names. Buffer sizes have been changed to PATH_MAX, include "limits.h" where PATH_MAX is defined was added and length checks ware added via snprintf. Signed-off-by: Tomas Hozza --- tools/hv/hv_kvp_daemon.c | 26 +- 1 file changed, 9 insertions(+), 17 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index d25a469..90f1f07 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -44,6 +44,7 @@ #include #include #include +#include /* * KVP protocol: The user mode component first registers with the @@ -592,26 +593,22 @@ static char *kvp_get_if_name(char *guid) DIR *dir; struct dirent *entry; FILE*file; - char*p, *q, *x; + char*p, *x; char*if_name = NULL; charbuf[256]; char *kvp_net_dir = "/sys/class/net/"; - char dev_id[256]; + char dev_id[PATH_MAX]; dir = opendir(kvp_net_dir); if (dir == NULL) return NULL; - snprintf(dev_id, sizeof(dev_id), "%s", kvp_net_dir); - q = dev_id + strlen(kvp_net_dir); - while ((entry = readdir(dir)) != NULL) { /* * Set the state for the next pass. */ - *q = '\0'; - strcat(dev_id, entry->d_name); - strcat(dev_id, "/device/device_id"); + snprintf(dev_id, sizeof(dev_id), "%s%s/device/device_id", kvp_net_dir, + entry->d_name); file = fopen(dev_id, "r"); if (file == NULL) @@ -684,28 +681,23 @@ static char *kvp_mac_to_if_name(char *mac) DIR *dir; struct dirent *entry; FILE*file; - char*p, *q, *x; + char*p, *x; char*if_name = NULL; charbuf[256]; char *kvp_net_dir = "/sys/class/net/"; - char dev_id[256]; + char dev_id[PATH_MAX]; int i; dir = opendir(kvp_net_dir); if (dir == NULL) return NULL; - snprintf(dev_id, sizeof(dev_id), kvp_net_dir); - q = dev_id + strlen(kvp_net_dir); - while ((entry = readdir(dir)) != NULL) { /* * Set the state for the next pass. */ - *q = '\0'; - - strcat(dev_id, entry->d_name); - strcat(dev_id, "/address"); + snprintf(dev_id, sizeof(dev_id), "%s%s/address", kvp_net_dir, +entry->d_name); file = fopen(dev_id, "r"); if (file == NULL) -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 1/3] tools/hv: Fix for long file names from readdir
kvp_get_if_name and kvp_mac_to_if_name copy strings into statically sized buffers which could be too small to store really long names. Buffer sizes have been changed to PATH_MAX, include limits.h where PATH_MAX is defined was added and length checks ware added via snprintf. Signed-off-by: Tomas Hozza tho...@redhat.com --- tools/hv/hv_kvp_daemon.c | 26 +- 1 file changed, 9 insertions(+), 17 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index d25a469..90f1f07 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -44,6 +44,7 @@ #include fcntl.h #include dirent.h #include net/if.h +#include limits.h /* * KVP protocol: The user mode component first registers with the @@ -592,26 +593,22 @@ static char *kvp_get_if_name(char *guid) DIR *dir; struct dirent *entry; FILE*file; - char*p, *q, *x; + char*p, *x; char*if_name = NULL; charbuf[256]; char *kvp_net_dir = /sys/class/net/; - char dev_id[256]; + char dev_id[PATH_MAX]; dir = opendir(kvp_net_dir); if (dir == NULL) return NULL; - snprintf(dev_id, sizeof(dev_id), %s, kvp_net_dir); - q = dev_id + strlen(kvp_net_dir); - while ((entry = readdir(dir)) != NULL) { /* * Set the state for the next pass. */ - *q = '\0'; - strcat(dev_id, entry-d_name); - strcat(dev_id, /device/device_id); + snprintf(dev_id, sizeof(dev_id), %s%s/device/device_id, kvp_net_dir, + entry-d_name); file = fopen(dev_id, r); if (file == NULL) @@ -684,28 +681,23 @@ static char *kvp_mac_to_if_name(char *mac) DIR *dir; struct dirent *entry; FILE*file; - char*p, *q, *x; + char*p, *x; char*if_name = NULL; charbuf[256]; char *kvp_net_dir = /sys/class/net/; - char dev_id[256]; + char dev_id[PATH_MAX]; int i; dir = opendir(kvp_net_dir); if (dir == NULL) return NULL; - snprintf(dev_id, sizeof(dev_id), kvp_net_dir); - q = dev_id + strlen(kvp_net_dir); - while ((entry = readdir(dir)) != NULL) { /* * Set the state for the next pass. */ - *q = '\0'; - - strcat(dev_id, entry-d_name); - strcat(dev_id, /address); + snprintf(dev_id, sizeof(dev_id), %s%s/address, kvp_net_dir, +entry-d_name); file = fopen(dev_id, r); if (file == NULL) -- 1.7.11.7 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 2/3] tools/hv: Fix /var subdirectory
Initial patch by Ben Hutchings b...@decadent.org.uk We will install this in /usr, so it must use /var/lib for its state. Only programs installed under /opt should use /var/opt. Signed-off-by: Tomas Hozza tho...@redhat.com --- tools/hv/hv_kvp_daemon.c | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 90f1f07..e266251 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -98,7 +98,7 @@ static struct utsname uts_buf; * The location of the interface configuration file. */ -#define KVP_CONFIG_LOC /var/opt/ +#define KVP_CONFIG_LOC /var/lib/hyperv #define MAX_FILE_NAME 100 #define ENTRIES_PER_BLOCK 50 @@ -235,9 +235,9 @@ static int kvp_file_init(void) int i; int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK; - if (access(/var/opt/hyperv, F_OK)) { - if (mkdir(/var/opt/hyperv, S_IRUSR | S_IWUSR | S_IROTH)) { - syslog(LOG_ERR, Failed to create /var/opt/hyperv); + if (access(KVP_CONFIG_LOC, F_OK)) { + if (mkdir(KVP_CONFIG_LOC, S_IRUSR | S_IWUSR | S_IROTH)) { + syslog(LOG_ERR, Failed to create %s, KVP_CONFIG_LOC); exit(EXIT_FAILURE); } } @@ -246,7 +246,7 @@ static int kvp_file_init(void) fname = kvp_file_info[i].fname; records_read = 0; num_blocks = 1; - sprintf(fname, /var/opt/hyperv/.kvp_pool_%d, i); + sprintf(fname, %s/.kvp_pool_%d, KVP_CONFIG_LOC, i); fd = open(fname, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IROTH); if (fd == -1) @@ -1263,7 +1263,7 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) */ snprintf(if_file, sizeof(if_file), %s%s%s, KVP_CONFIG_LOC, - hyperv/ifcfg-, if_name); + /ifcfg-, if_name); file = fopen(if_file, w); -- 1.7.11.7 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 3/3] tools/hv: Fix permissions of created directory and files
From: Ben Hutchings b...@decadent.org.uk It's silly to create directories without execute permission, or to give permissions to 'other' but not the group-owner. Write the permissions in octal and 'ls -l' format since these are much easier to read than the named macros. Signed-off-by: Ben Hutchings b...@decadent.org.uk Signed-off-by: Tomas Hozza tho...@redhat.com --- tools/hv/hv_kvp_daemon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index e266251..7105c7b 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -236,7 +236,7 @@ static int kvp_file_init(void) int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK; if (access(KVP_CONFIG_LOC, F_OK)) { - if (mkdir(KVP_CONFIG_LOC, S_IRUSR | S_IWUSR | S_IROTH)) { + if (mkdir(KVP_CONFIG_LOC, 0755 /* rwxr-xr-x */)) { syslog(LOG_ERR, Failed to create %s, KVP_CONFIG_LOC); exit(EXIT_FAILURE); } @@ -247,7 +247,7 @@ static int kvp_file_init(void) records_read = 0; num_blocks = 1; sprintf(fname, %s/.kvp_pool_%d, KVP_CONFIG_LOC, i); - fd = open(fname, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IROTH); + fd = open(fname, O_RDWR | O_CREAT, 0644 /* rw-r--r-- */); if (fd == -1) return 1; -- 1.7.11.7 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] tools: hv: Netlink source address validation allows DoS
Hello. Just FYI there is already a CVE name CVE-2012-5532 for this issue. Regards, Tomas Hozza - Original Message - > On Thu, Nov 08, 2012 at 10:53:29AM +0100, Tomas Hozza wrote: > > The source code without this patch caused hypervkvpd to exit when > > it processed > > a spoofed Netlink packet which has been sent from an untrusted > > local user. > > Now Netlink messages with a non-zero nl_pid source address are > > ignored > > and a warning is printed into the syslog. > > > > Signed-off-by: Tomas Hozza > > Acked-by: K. Y. Srinivasan > > --- > > tools/hv/hv_kvp_daemon.c | 8 +++- > > 1 file changed, 7 insertions(+), 1 deletion(-) > > > > diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c > > index 13c2a14..c1d9102 100755 > > Why are you setting a .c file to executable permissions? Something > is > really wrong here... > > greg k-h > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] tools: hv: Netlink source address validation allows DoS
Hello. Just FYI there is already a CVE name CVE-2012-5532 for this issue. Regards, Tomas Hozza - Original Message - On Thu, Nov 08, 2012 at 10:53:29AM +0100, Tomas Hozza wrote: The source code without this patch caused hypervkvpd to exit when it processed a spoofed Netlink packet which has been sent from an untrusted local user. Now Netlink messages with a non-zero nl_pid source address are ignored and a warning is printed into the syslog. Signed-off-by: Tomas Hozza tho...@redhat.com Acked-by: K. Y. Srinivasan k...@microsoft.com --- tools/hv/hv_kvp_daemon.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 13c2a14..c1d9102 100755 Why are you setting a .c file to executable permissions? Something is really wrong here... greg k-h -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] tools: hv: Netlink source address validation allows DoS
- Original Message - > On Thu, Nov 08, 2012 at 10:53:29AM +0100, Tomas Hozza wrote: > > The source code without this patch caused hypervkvpd to exit when > > it processed > > a spoofed Netlink packet which has been sent from an untrusted > > local user. > > Now Netlink messages with a non-zero nl_pid source address are > > ignored > > and a warning is printed into the syslog. > > > > Signed-off-by: Tomas Hozza > > Acked-by: K. Y. Srinivasan > > --- > > tools/hv/hv_kvp_daemon.c | 8 +++- > > 1 file changed, 7 insertions(+), 1 deletion(-) > > > > diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c > > index 13c2a14..c1d9102 100755 > > Why are you setting a .c file to executable permissions? Something > is really wrong here... I'm sorry, this is a mistake and unfortunately I missed it. Permissions should be 0644. Will check more carefully next time. Regards, Tomas Hozza -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] tools: hv: Netlink source address validation allows DoS
- Original Message - On Thu, Nov 08, 2012 at 10:53:29AM +0100, Tomas Hozza wrote: The source code without this patch caused hypervkvpd to exit when it processed a spoofed Netlink packet which has been sent from an untrusted local user. Now Netlink messages with a non-zero nl_pid source address are ignored and a warning is printed into the syslog. Signed-off-by: Tomas Hozza tho...@redhat.com Acked-by: K. Y. Srinivasan k...@microsoft.com --- tools/hv/hv_kvp_daemon.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 13c2a14..c1d9102 100755 Why are you setting a .c file to executable permissions? Something is really wrong here... I'm sorry, this is a mistake and unfortunately I missed it. Permissions should be 0644. Will check more carefully next time. Regards, Tomas Hozza -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 3/3] tools/hv: Fix permissions of created directory and files
From: Ben Hutchings It's silly to create directories without execute permission, or to give permissions to 'other' but not the group-owner. Write the permissions in octal and 'ls -l' format since these are much easier to read than the named macros. Signed-off-by: Ben Hutchings Signed-off-by: Tomas Hozza --- tools/hv/hv_kvp_daemon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index a581b3f..17703c7 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -236,7 +236,7 @@ static int kvp_file_init(void) int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK; if (access(KVP_CONFIG_LOC, F_OK)) { - if (mkdir(KVP_CONFIG_LOC, S_IRUSR | S_IWUSR | S_IROTH)) { + if (mkdir(KVP_CONFIG_LOC, 0755 /* rwxr-xr-x */)) { syslog(LOG_ERR, " Failed to create %s", KVP_CONFIG_LOC); exit(EXIT_FAILURE); } @@ -247,7 +247,7 @@ static int kvp_file_init(void) records_read = 0; num_blocks = 1; sprintf(fname, "%s/.kvp_pool_%d", KVP_CONFIG_LOC, i); - fd = open(fname, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IROTH); + fd = open(fname, O_RDWR | O_CREAT, 0644 /* rw-r--r-- */); if (fd == -1) return 1; -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 1/3] tools/hv: Fix /var subdirectory
Initial patch by Ben Hutchings We will install this in /usr, so it must use /var/lib for its state. Only programs installed under /opt should use /var/opt. Signed-off-by: Tomas Hozza --- tools/hv/hv_kvp_daemon.c | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 54ecb95..d80a612 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -98,7 +98,7 @@ static struct utsname uts_buf; * The location of the interface configuration file. */ -#define KVP_CONFIG_LOC "/var/opt/" +#define KVP_CONFIG_LOC "/var/lib/hyperv" #define MAX_FILE_NAME 100 #define ENTRIES_PER_BLOCK 50 @@ -235,9 +235,9 @@ static int kvp_file_init(void) int i; int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK; - if (access("/var/opt/hyperv", F_OK)) { - if (mkdir("/var/opt/hyperv", S_IRUSR | S_IWUSR | S_IROTH)) { - syslog(LOG_ERR, " Failed to create /var/opt/hyperv"); + if (access(KVP_CONFIG_LOC, F_OK)) { + if (mkdir(KVP_CONFIG_LOC, S_IRUSR | S_IWUSR | S_IROTH)) { + syslog(LOG_ERR, " Failed to create %s", KVP_CONFIG_LOC); exit(EXIT_FAILURE); } } @@ -246,7 +246,7 @@ static int kvp_file_init(void) fname = kvp_file_info[i].fname; records_read = 0; num_blocks = 1; - sprintf(fname, "/var/opt/hyperv/.kvp_pool_%d", i); + sprintf(fname, "%s/.kvp_pool_%d", KVP_CONFIG_LOC, i); fd = open(fname, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IROTH); if (fd == -1) @@ -1263,7 +1263,7 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) */ snprintf(if_file, sizeof(if_file), "%s%s%s", KVP_CONFIG_LOC, - "hyperv/ifcfg-", if_name); + "/ifcfg-", if_name); file = fopen(if_file, "w"); -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 1/3] tools/hv: Fix /var subdirectory
Initial patch by Ben Hutchings b...@decadent.org.uk We will install this in /usr, so it must use /var/lib for its state. Only programs installed under /opt should use /var/opt. Signed-off-by: Tomas Hozza tho...@redhat.com --- tools/hv/hv_kvp_daemon.c | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 54ecb95..d80a612 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -98,7 +98,7 @@ static struct utsname uts_buf; * The location of the interface configuration file. */ -#define KVP_CONFIG_LOC /var/opt/ +#define KVP_CONFIG_LOC /var/lib/hyperv #define MAX_FILE_NAME 100 #define ENTRIES_PER_BLOCK 50 @@ -235,9 +235,9 @@ static int kvp_file_init(void) int i; int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK; - if (access(/var/opt/hyperv, F_OK)) { - if (mkdir(/var/opt/hyperv, S_IRUSR | S_IWUSR | S_IROTH)) { - syslog(LOG_ERR, Failed to create /var/opt/hyperv); + if (access(KVP_CONFIG_LOC, F_OK)) { + if (mkdir(KVP_CONFIG_LOC, S_IRUSR | S_IWUSR | S_IROTH)) { + syslog(LOG_ERR, Failed to create %s, KVP_CONFIG_LOC); exit(EXIT_FAILURE); } } @@ -246,7 +246,7 @@ static int kvp_file_init(void) fname = kvp_file_info[i].fname; records_read = 0; num_blocks = 1; - sprintf(fname, /var/opt/hyperv/.kvp_pool_%d, i); + sprintf(fname, %s/.kvp_pool_%d, KVP_CONFIG_LOC, i); fd = open(fname, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IROTH); if (fd == -1) @@ -1263,7 +1263,7 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) */ snprintf(if_file, sizeof(if_file), %s%s%s, KVP_CONFIG_LOC, - hyperv/ifcfg-, if_name); + /ifcfg-, if_name); file = fopen(if_file, w); -- 1.7.11.7 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 3/3] tools/hv: Fix permissions of created directory and files
From: Ben Hutchings b...@decadent.org.uk It's silly to create directories without execute permission, or to give permissions to 'other' but not the group-owner. Write the permissions in octal and 'ls -l' format since these are much easier to read than the named macros. Signed-off-by: Ben Hutchings b...@decadent.org.uk Signed-off-by: Tomas Hozza tho...@redhat.com --- tools/hv/hv_kvp_daemon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index a581b3f..17703c7 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -236,7 +236,7 @@ static int kvp_file_init(void) int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK; if (access(KVP_CONFIG_LOC, F_OK)) { - if (mkdir(KVP_CONFIG_LOC, S_IRUSR | S_IWUSR | S_IROTH)) { + if (mkdir(KVP_CONFIG_LOC, 0755 /* rwxr-xr-x */)) { syslog(LOG_ERR, Failed to create %s, KVP_CONFIG_LOC); exit(EXIT_FAILURE); } @@ -247,7 +247,7 @@ static int kvp_file_init(void) records_read = 0; num_blocks = 1; sprintf(fname, %s/.kvp_pool_%d, KVP_CONFIG_LOC, i); - fd = open(fname, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IROTH); + fd = open(fname, O_RDWR | O_CREAT, 0644 /* rw-r--r-- */); if (fd == -1) return 1; -- 1.7.11.7 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 2/3] tools/hv: Fix string types
Initial patch by Ben Hutchings Standard C strings are arrays of char, not __u8 (unsigned char). Declare variables and parameters accordingly, and add the necessary casts. Signed-off-by: Tomas Hozza --- tools/hv/hv_kvp_daemon.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index d9b3a74..573b9aa 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -300,7 +300,7 @@ static int kvp_file_init(void) return 0; } -static int kvp_key_delete(int pool, __u8 *key, int key_size) +static int kvp_key_delete(int pool, const char *key, int key_size) { int i; int j, k; @@ -343,7 +343,7 @@ static int kvp_key_delete(int pool, __u8 *key, int key_size) return 1; } -static int kvp_key_add_or_modify(int pool, __u8 *key, int key_size, __u8 *value, +static int kvp_key_add_or_modify(int pool, const char *key, int key_size, const char *value, int value_size) { int i; @@ -397,7 +397,7 @@ static int kvp_key_add_or_modify(int pool, __u8 *key, int key_size, __u8 *value, return 0; } -static int kvp_get_value(int pool, __u8 *key, int key_size, __u8 *value, +static int kvp_get_value(int pool, const char *key, int key_size, char *value, int value_size) { int i; @@ -429,8 +429,8 @@ static int kvp_get_value(int pool, __u8 *key, int key_size, __u8 *value, return 1; } -static int kvp_pool_enumerate(int pool, int index, __u8 *key, int key_size, - __u8 *value, int value_size) +static int kvp_pool_enumerate(int pool, int index, char *key, int key_size, + char *value, int value_size) { struct kvp_record *record; -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 1/3] tools/hv: Fix /var subdirectory
Initial patch by Ben Hutchings We will install this in /usr, so it must use /var/lib for its state. Only programs installed under /opt should use /var/opt. Signed-off-by: Tomas Hozza --- tools/hv/hv_kvp_daemon.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 54ecb95..d9b3a74 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -98,7 +98,7 @@ static struct utsname uts_buf; * The location of the interface configuration file. */ -#define KVP_CONFIG_LOC "/var/opt/" +#define KVP_CONFIG_LOC "/var/lib/" #define MAX_FILE_NAME 100 #define ENTRIES_PER_BLOCK 50 @@ -235,9 +235,9 @@ static int kvp_file_init(void) int i; int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK; - if (access("/var/opt/hyperv", F_OK)) { - if (mkdir("/var/opt/hyperv", S_IRUSR | S_IWUSR | S_IROTH)) { - syslog(LOG_ERR, " Failed to create /var/opt/hyperv"); + if (access("/var/lib/hyperv", F_OK)) { + if (mkdir("/var/lib/hyperv", S_IRUSR | S_IWUSR | S_IROTH)) { + syslog(LOG_ERR, " Failed to create /var/lib/hyperv"); exit(EXIT_FAILURE); } } @@ -246,7 +246,7 @@ static int kvp_file_init(void) fname = kvp_file_info[i].fname; records_read = 0; num_blocks = 1; - sprintf(fname, "/var/opt/hyperv/.kvp_pool_%d", i); + sprintf(fname, "/var/lib/hyperv/.kvp_pool_%d", i); fd = open(fname, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IROTH); if (fd == -1) -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 3/3] tools/hv: Fix permissions of created directory and files
From: Ben Hutchings It's silly to create directories without execute permission, or to give permissions to 'other' but not the group-owner. Write the permissions in octal and 'ls -l' format since these are much easier to read than the named macros. Signed-off-by: Ben Hutchings Signed-off-by: Tomas Hozza --- tools/hv/hv_kvp_daemon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 573b9aa..9609858 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -236,7 +236,7 @@ static int kvp_file_init(void) int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK; if (access("/var/lib/hyperv", F_OK)) { - if (mkdir("/var/lib/hyperv", S_IRUSR | S_IWUSR | S_IROTH)) { + if (mkdir("/var/lib/hyperv", 0755 /* rwxr-xr-x */)) { syslog(LOG_ERR, " Failed to create /var/lib/hyperv"); exit(EXIT_FAILURE); } @@ -247,7 +247,7 @@ static int kvp_file_init(void) records_read = 0; num_blocks = 1; sprintf(fname, "/var/lib/hyperv/.kvp_pool_%d", i); - fd = open(fname, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IROTH); + fd = open(fname, O_RDWR | O_CREAT, 0644 /* rw-r--r-- */); if (fd == -1) return 1; -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] Tools: hv: Fix for long file names from readdir
kvp_get_if_name and kvp_mac_to_if_name copy strings into statically sized buffers which could be too small to store really long names. Buffer sizes have been changed to PATH_MAX, include "limits.h" where PATH_MAX is defined was added and length checks ware added via snprintf. Signed-off-by: Tomas Hozza --- tools/hv/hv_kvp_daemon.c | 26 +- 1 file changed, 9 insertions(+), 17 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 13c2a14..54ecb95 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -44,6 +44,7 @@ #include #include #include +#include /* * KVP protocol: The user mode component first registers with the @@ -592,26 +593,22 @@ static char *kvp_get_if_name(char *guid) DIR *dir; struct dirent *entry; FILE*file; - char*p, *q, *x; + char*p, *x; char*if_name = NULL; charbuf[256]; char *kvp_net_dir = "/sys/class/net/"; - char dev_id[256]; + char dev_id[PATH_MAX]; dir = opendir(kvp_net_dir); if (dir == NULL) return NULL; - snprintf(dev_id, sizeof(dev_id), "%s", kvp_net_dir); - q = dev_id + strlen(kvp_net_dir); - while ((entry = readdir(dir)) != NULL) { /* * Set the state for the next pass. */ - *q = '\0'; - strcat(dev_id, entry->d_name); - strcat(dev_id, "/device/device_id"); + snprintf(dev_id, sizeof(dev_id), "%s%s/device/device_id", kvp_net_dir, + entry->d_name); file = fopen(dev_id, "r"); if (file == NULL) @@ -684,28 +681,23 @@ static char *kvp_mac_to_if_name(char *mac) DIR *dir; struct dirent *entry; FILE*file; - char*p, *q, *x; + char*p, *x; char*if_name = NULL; charbuf[256]; char *kvp_net_dir = "/sys/class/net/"; - char dev_id[256]; + char dev_id[PATH_MAX]; int i; dir = opendir(kvp_net_dir); if (dir == NULL) return NULL; - snprintf(dev_id, sizeof(dev_id), kvp_net_dir); - q = dev_id + strlen(kvp_net_dir); - while ((entry = readdir(dir)) != NULL) { /* * Set the state for the next pass. */ - *q = '\0'; - - strcat(dev_id, entry->d_name); - strcat(dev_id, "/address"); + snprintf(dev_id, sizeof(dev_id), "%s%s/address", kvp_net_dir, +entry->d_name); file = fopen(dev_id, "r"); if (file == NULL) -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] Tools: hv: Fix for long file names from readdir
kvp_get_if_name and kvp_mac_to_if_name copy strings into statically sized buffers which could be too small to store really long names. Buffer sizes have been changed to PATH_MAX, include limits.h where PATH_MAX is defined was added and length checks ware added via snprintf. Signed-off-by: Tomas Hozza tho...@redhat.com --- tools/hv/hv_kvp_daemon.c | 26 +- 1 file changed, 9 insertions(+), 17 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 13c2a14..54ecb95 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -44,6 +44,7 @@ #include fcntl.h #include dirent.h #include net/if.h +#include limits.h /* * KVP protocol: The user mode component first registers with the @@ -592,26 +593,22 @@ static char *kvp_get_if_name(char *guid) DIR *dir; struct dirent *entry; FILE*file; - char*p, *q, *x; + char*p, *x; char*if_name = NULL; charbuf[256]; char *kvp_net_dir = /sys/class/net/; - char dev_id[256]; + char dev_id[PATH_MAX]; dir = opendir(kvp_net_dir); if (dir == NULL) return NULL; - snprintf(dev_id, sizeof(dev_id), %s, kvp_net_dir); - q = dev_id + strlen(kvp_net_dir); - while ((entry = readdir(dir)) != NULL) { /* * Set the state for the next pass. */ - *q = '\0'; - strcat(dev_id, entry-d_name); - strcat(dev_id, /device/device_id); + snprintf(dev_id, sizeof(dev_id), %s%s/device/device_id, kvp_net_dir, + entry-d_name); file = fopen(dev_id, r); if (file == NULL) @@ -684,28 +681,23 @@ static char *kvp_mac_to_if_name(char *mac) DIR *dir; struct dirent *entry; FILE*file; - char*p, *q, *x; + char*p, *x; char*if_name = NULL; charbuf[256]; char *kvp_net_dir = /sys/class/net/; - char dev_id[256]; + char dev_id[PATH_MAX]; int i; dir = opendir(kvp_net_dir); if (dir == NULL) return NULL; - snprintf(dev_id, sizeof(dev_id), kvp_net_dir); - q = dev_id + strlen(kvp_net_dir); - while ((entry = readdir(dir)) != NULL) { /* * Set the state for the next pass. */ - *q = '\0'; - - strcat(dev_id, entry-d_name); - strcat(dev_id, /address); + snprintf(dev_id, sizeof(dev_id), %s%s/address, kvp_net_dir, +entry-d_name); file = fopen(dev_id, r); if (file == NULL) -- 1.7.11.7 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 3/3] tools/hv: Fix permissions of created directory and files
From: Ben Hutchings b...@decadent.org.uk It's silly to create directories without execute permission, or to give permissions to 'other' but not the group-owner. Write the permissions in octal and 'ls -l' format since these are much easier to read than the named macros. Signed-off-by: Ben Hutchings b...@decadent.org.uk Signed-off-by: Tomas Hozza tho...@redhat.com --- tools/hv/hv_kvp_daemon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 573b9aa..9609858 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -236,7 +236,7 @@ static int kvp_file_init(void) int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK; if (access(/var/lib/hyperv, F_OK)) { - if (mkdir(/var/lib/hyperv, S_IRUSR | S_IWUSR | S_IROTH)) { + if (mkdir(/var/lib/hyperv, 0755 /* rwxr-xr-x */)) { syslog(LOG_ERR, Failed to create /var/lib/hyperv); exit(EXIT_FAILURE); } @@ -247,7 +247,7 @@ static int kvp_file_init(void) records_read = 0; num_blocks = 1; sprintf(fname, /var/lib/hyperv/.kvp_pool_%d, i); - fd = open(fname, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IROTH); + fd = open(fname, O_RDWR | O_CREAT, 0644 /* rw-r--r-- */); if (fd == -1) return 1; -- 1.7.11.7 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 1/3] tools/hv: Fix /var subdirectory
Initial patch by Ben Hutchings b...@decadent.org.uk We will install this in /usr, so it must use /var/lib for its state. Only programs installed under /opt should use /var/opt. Signed-off-by: Tomas Hozza tho...@redhat.com --- tools/hv/hv_kvp_daemon.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 54ecb95..d9b3a74 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -98,7 +98,7 @@ static struct utsname uts_buf; * The location of the interface configuration file. */ -#define KVP_CONFIG_LOC /var/opt/ +#define KVP_CONFIG_LOC /var/lib/ #define MAX_FILE_NAME 100 #define ENTRIES_PER_BLOCK 50 @@ -235,9 +235,9 @@ static int kvp_file_init(void) int i; int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK; - if (access(/var/opt/hyperv, F_OK)) { - if (mkdir(/var/opt/hyperv, S_IRUSR | S_IWUSR | S_IROTH)) { - syslog(LOG_ERR, Failed to create /var/opt/hyperv); + if (access(/var/lib/hyperv, F_OK)) { + if (mkdir(/var/lib/hyperv, S_IRUSR | S_IWUSR | S_IROTH)) { + syslog(LOG_ERR, Failed to create /var/lib/hyperv); exit(EXIT_FAILURE); } } @@ -246,7 +246,7 @@ static int kvp_file_init(void) fname = kvp_file_info[i].fname; records_read = 0; num_blocks = 1; - sprintf(fname, /var/opt/hyperv/.kvp_pool_%d, i); + sprintf(fname, /var/lib/hyperv/.kvp_pool_%d, i); fd = open(fname, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IROTH); if (fd == -1) -- 1.7.11.7 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 2/3] tools/hv: Fix string types
Initial patch by Ben Hutchings b...@decadent.org.uk Standard C strings are arrays of char, not __u8 (unsigned char). Declare variables and parameters accordingly, and add the necessary casts. Signed-off-by: Tomas Hozza tho...@redhat.com --- tools/hv/hv_kvp_daemon.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index d9b3a74..573b9aa 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -300,7 +300,7 @@ static int kvp_file_init(void) return 0; } -static int kvp_key_delete(int pool, __u8 *key, int key_size) +static int kvp_key_delete(int pool, const char *key, int key_size) { int i; int j, k; @@ -343,7 +343,7 @@ static int kvp_key_delete(int pool, __u8 *key, int key_size) return 1; } -static int kvp_key_add_or_modify(int pool, __u8 *key, int key_size, __u8 *value, +static int kvp_key_add_or_modify(int pool, const char *key, int key_size, const char *value, int value_size) { int i; @@ -397,7 +397,7 @@ static int kvp_key_add_or_modify(int pool, __u8 *key, int key_size, __u8 *value, return 0; } -static int kvp_get_value(int pool, __u8 *key, int key_size, __u8 *value, +static int kvp_get_value(int pool, const char *key, int key_size, char *value, int value_size) { int i; @@ -429,8 +429,8 @@ static int kvp_get_value(int pool, __u8 *key, int key_size, __u8 *value, return 1; } -static int kvp_pool_enumerate(int pool, int index, __u8 *key, int key_size, - __u8 *value, int value_size) +static int kvp_pool_enumerate(int pool, int index, char *key, int key_size, + char *value, int value_size) { struct kvp_record *record; -- 1.7.11.7 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] tools: hv: Netlink source address validation allows DoS
The source code without this patch caused hypervkvpd to exit when it processed a spoofed Netlink packet which has been sent from an untrusted local user. Now Netlink messages with a non-zero nl_pid source address are ignored and a warning is printed into the syslog. Signed-off-by: Tomas Hozza --- tools/hv/hv_kvp_daemon.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 13c2a14..c1d9102 100755 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -1486,13 +1486,19 @@ int main(void) len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0, addr_p, _l); - if (len < 0 || addr.nl_pid) { + if (len < 0) { syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s", addr.nl_pid, errno, strerror(errno)); close(fd); return -1; } + if (addr.nl_pid) { + syslog(LOG_WARNING, "Received packet from untrusted pid:%u", + addr.nl_pid); + continue; + } + incoming_msg = (struct nlmsghdr *)kvp_recv_buffer; incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg); hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data; -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Tools: hv: Fix for long file names from readdir
> > -char dev_id[256]; > > +char dev_id[512]; > > Shouldnt that be PATH_MAX or similar? dirent->d_name should be PATH_MAX, but it is mostly not guaranteed. And then the dev_id is concatenated with two strings so it can exceed 256 bytes. After discussion with K. Y. Srinivasan I just doubled the size and added size checks for sanity. Tomas -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] Tools: hv: Fix for long file names from readdir
kvp_get_if_name and kvp_mac_to_if_name copy strings into statically sized buffers which could be too small to store really long names. Buffer sizes have been increased and length checks added via snprintf. Signed-off-by: Tomas Hozza --- tools/hv/hv_kvp_daemon.c | 25 - 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 13c2a14..bbd426c 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -592,26 +592,22 @@ static char *kvp_get_if_name(char *guid) DIR *dir; struct dirent *entry; FILE*file; - char*p, *q, *x; + char*p, *x; char*if_name = NULL; charbuf[256]; char *kvp_net_dir = "/sys/class/net/"; - char dev_id[256]; + char dev_id[512]; dir = opendir(kvp_net_dir); if (dir == NULL) return NULL; - snprintf(dev_id, sizeof(dev_id), "%s", kvp_net_dir); - q = dev_id + strlen(kvp_net_dir); - while ((entry = readdir(dir)) != NULL) { /* * Set the state for the next pass. */ - *q = '\0'; - strcat(dev_id, entry->d_name); - strcat(dev_id, "/device/device_id"); + snprintf(dev_id, sizeof(dev_id), "%s%s/device/device_id", kvp_net_dir, + entry->d_name); file = fopen(dev_id, "r"); if (file == NULL) @@ -684,28 +680,23 @@ static char *kvp_mac_to_if_name(char *mac) DIR *dir; struct dirent *entry; FILE*file; - char*p, *q, *x; + char*p, *x; char*if_name = NULL; charbuf[256]; char *kvp_net_dir = "/sys/class/net/"; - char dev_id[256]; + char dev_id[512]; int i; dir = opendir(kvp_net_dir); if (dir == NULL) return NULL; - snprintf(dev_id, sizeof(dev_id), kvp_net_dir); - q = dev_id + strlen(kvp_net_dir); - while ((entry = readdir(dir)) != NULL) { /* * Set the state for the next pass. */ - *q = '\0'; - - strcat(dev_id, entry->d_name); - strcat(dev_id, "/address"); + snprintf(dev_id, sizeof(dev_id), "%s%s/address", kvp_net_dir, +entry->d_name); file = fopen(dev_id, "r"); if (file == NULL) -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] tools: hv: Netlink source address validation allows DoS
The source code without this patch caused hypervkvpd to exit when it processed a spoofed Netlink packet which has been sent from an untrusted local user. Now Netlink messages with a non-zero nl_pid source address are ignored and a warning is printed into the syslog. Signed-off-by: Tomas Hozza --- tools/hv/hv_kvp_daemon.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 13c2a14..c1d9102 100755 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -1486,13 +1486,19 @@ int main(void) len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0, addr_p, _l); - if (len < 0 || addr.nl_pid) { + if (len < 0) { syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s", addr.nl_pid, errno, strerror(errno)); close(fd); return -1; } + if (addr.nl_pid) { + syslog(LOG_WARNING, "Received packet from untrusted pid:%u", + addr.nl_pid); + continue; + } + incoming_msg = (struct nlmsghdr *)kvp_recv_buffer; incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg); hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data; -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] tools: hv: Netlink source address validation allows DoS
The source code without this patch caused hypervkvpd to exit when it processed a spoofed Netlink packet which has been sent from an untrusted local user. Now Netlink messages with a non-zero nl_pid source address are ignored and a warning is printed into the syslog. Signed-off-by: Tomas Hozza tho...@redhat.com --- tools/hv/hv_kvp_daemon.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 13c2a14..c1d9102 100755 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -1486,13 +1486,19 @@ int main(void) len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0, addr_p, addr_l); - if (len 0 || addr.nl_pid) { + if (len 0) { syslog(LOG_ERR, recvfrom failed; pid:%u error:%d %s, addr.nl_pid, errno, strerror(errno)); close(fd); return -1; } + if (addr.nl_pid) { + syslog(LOG_WARNING, Received packet from untrusted pid:%u, + addr.nl_pid); + continue; + } + incoming_msg = (struct nlmsghdr *)kvp_recv_buffer; incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg); hv_msg = (struct hv_kvp_msg *)incoming_cn_msg-data; -- 1.7.11.7 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] Tools: hv: Fix for long file names from readdir
kvp_get_if_name and kvp_mac_to_if_name copy strings into statically sized buffers which could be too small to store really long names. Buffer sizes have been increased and length checks added via snprintf. Signed-off-by: Tomas Hozza tho...@redhat.com --- tools/hv/hv_kvp_daemon.c | 25 - 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 13c2a14..bbd426c 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -592,26 +592,22 @@ static char *kvp_get_if_name(char *guid) DIR *dir; struct dirent *entry; FILE*file; - char*p, *q, *x; + char*p, *x; char*if_name = NULL; charbuf[256]; char *kvp_net_dir = /sys/class/net/; - char dev_id[256]; + char dev_id[512]; dir = opendir(kvp_net_dir); if (dir == NULL) return NULL; - snprintf(dev_id, sizeof(dev_id), %s, kvp_net_dir); - q = dev_id + strlen(kvp_net_dir); - while ((entry = readdir(dir)) != NULL) { /* * Set the state for the next pass. */ - *q = '\0'; - strcat(dev_id, entry-d_name); - strcat(dev_id, /device/device_id); + snprintf(dev_id, sizeof(dev_id), %s%s/device/device_id, kvp_net_dir, + entry-d_name); file = fopen(dev_id, r); if (file == NULL) @@ -684,28 +680,23 @@ static char *kvp_mac_to_if_name(char *mac) DIR *dir; struct dirent *entry; FILE*file; - char*p, *q, *x; + char*p, *x; char*if_name = NULL; charbuf[256]; char *kvp_net_dir = /sys/class/net/; - char dev_id[256]; + char dev_id[512]; int i; dir = opendir(kvp_net_dir); if (dir == NULL) return NULL; - snprintf(dev_id, sizeof(dev_id), kvp_net_dir); - q = dev_id + strlen(kvp_net_dir); - while ((entry = readdir(dir)) != NULL) { /* * Set the state for the next pass. */ - *q = '\0'; - - strcat(dev_id, entry-d_name); - strcat(dev_id, /address); + snprintf(dev_id, sizeof(dev_id), %s%s/address, kvp_net_dir, +entry-d_name); file = fopen(dev_id, r); if (file == NULL) -- 1.7.11.7 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Tools: hv: Fix for long file names from readdir
-char dev_id[256]; +char dev_id[512]; Shouldnt that be PATH_MAX or similar? dirent-d_name should be PATH_MAX, but it is mostly not guaranteed. And then the dev_id is concatenated with two strings so it can exceed 256 bytes. After discussion with K. Y. Srinivasan I just doubled the size and added size checks for sanity. Tomas -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] tools: hv: Netlink source address validation allows DoS
The source code without this patch caused hypervkvpd to exit when it processed a spoofed Netlink packet which has been sent from an untrusted local user. Now Netlink messages with a non-zero nl_pid source address are ignored and a warning is printed into the syslog. Signed-off-by: Tomas Hozza tho...@redhat.com --- tools/hv/hv_kvp_daemon.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 13c2a14..c1d9102 100755 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -1486,13 +1486,19 @@ int main(void) len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0, addr_p, addr_l); - if (len 0 || addr.nl_pid) { + if (len 0) { syslog(LOG_ERR, recvfrom failed; pid:%u error:%d %s, addr.nl_pid, errno, strerror(errno)); close(fd); return -1; } + if (addr.nl_pid) { + syslog(LOG_WARNING, Received packet from untrusted pid:%u, + addr.nl_pid); + continue; + } + incoming_msg = (struct nlmsghdr *)kvp_recv_buffer; incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg); hv_msg = (struct hv_kvp_msg *)incoming_cn_msg-data; -- 1.7.11.7 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] tools/hv/hv_kvp_daemon.c: Netlink source address validation allows DoS
>From 6199072f8131056efce208f04e6985d1f9968d8e Mon Sep 17 00:00:00 2001 From: Tomas Hozza Date: Mon, 5 Nov 2012 10:08:16 +0100 Subject: [PATCH] Netlink source address validation allows DoS The source code without this patch caused hypervkvpd to exit when it processed a spoofed Netlink packet which has been sent from an untrusted local user. Netlink messages with a non-zero nl_pid source address should just be ignored. --- tools/hv/hv_kvp_daemon.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 3ea3af2..7d74497 100755 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -1478,13 +1478,19 @@ int main(void) len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0, addr_p, _l); - if (len < 0 || addr.nl_pid) { + if (len < 0) { syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s", addr.nl_pid, errno, strerror(errno)); close(fd); return -1; } + if (addr.nl_pid) { + syslog(LOG_WARNING, "Received packet from untrusted pid:%u", + addr.nl_pid); + continue; + } + incoming_msg = (struct nlmsghdr *)kvp_recv_buffer; incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg); hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data; -- 1.7.11.7 - Original Message - > > > > -Original Message- > > From: Tomas Hozza [mailto:tho...@redhat.com] > > Sent: Tuesday, November 06, 2012 10:21 AM > > To: gre...@linuxfoundation.org; linux-kernel@vger.kernel.org; > > de...@linuxdriverproject.org; a...@canonical.com; > > jasow...@redhat.com > > Cc: Olaf Hering; KY Srinivasan > > Subject: [PATCH] tools/hv/hv_kvp_daemon.c: Netlink source address > > validation > > allows DoS > > > > Hi. > > > > After discussion with KY Srinivasan and Olaf Hering I'm sending you > > a patch for the HyperV KVP daemon distributed in linux kernel > > "tools/hv/hv_kvp_daemon.c". > > > > There is an issue in the current daemon source causing hyperv kvp > > daemon > > to exit when it processes a spoofed Netlink packet which has been > > sent > > from an untrusted local user. > > > > This patch is fixing this, so now the Netlink messages with a > > non-zero > > nl_pid source address are just ignored. > > You don't want to send the patch as an attachment. Please send the > patch > as part of the mail. > > Regards, > > K. Y > > > > > > Regards, > > > > Tomas Hozza > > Associate Software Engineer > > BaseOS - Brno, CZ > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] tools/hv/hv_kvp_daemon.c: Netlink source address validation allows DoS
Hi. After discussion with KY Srinivasan and Olaf Hering I'm sending you a patch for the HyperV KVP daemon distributed in linux kernel "tools/hv/hv_kvp_daemon.c". There is an issue in the current daemon source causing hyperv kvp daemon to exit when it processes a spoofed Netlink packet which has been sent from an untrusted local user. This patch is fixing this, so now the Netlink messages with a non-zero nl_pid source address are just ignored. Regards, Tomas Hozza Associate Software Engineer BaseOS - Brno, CZ From 6199072f8131056efce208f04e6985d1f9968d8e Mon Sep 17 00:00:00 2001 From: Tomas Hozza Date: Mon, 5 Nov 2012 10:08:16 +0100 Subject: [PATCH] Netlink source address validation allows DoS The source code without this patch caused hypervkvpd to exit when it processed a spoofed Netlink packet which has been sent from an untrusted local user. Netlink messages with a non-zero nl_pid source address should just be ignored. --- tools/hv/hv_kvp_daemon.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 3ea3af2..7d74497 100755 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -1478,13 +1478,19 @@ int main(void) len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0, addr_p, _l); - if (len < 0 || addr.nl_pid) { + if (len < 0) { syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s", addr.nl_pid, errno, strerror(errno)); close(fd); return -1; } + if (addr.nl_pid) { + syslog(LOG_WARNING, "Received packet from untrusted pid:%u", + addr.nl_pid); + continue; + } + incoming_msg = (struct nlmsghdr *)kvp_recv_buffer; incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg); hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data; -- 1.7.11.7
[PATCH] tools/hv/hv_kvp_daemon.c: Netlink source address validation allows DoS
Hi. After discussion with KY Srinivasan and Olaf Hering I'm sending you a patch for the HyperV KVP daemon distributed in linux kernel tools/hv/hv_kvp_daemon.c. There is an issue in the current daemon source causing hyperv kvp daemon to exit when it processes a spoofed Netlink packet which has been sent from an untrusted local user. This patch is fixing this, so now the Netlink messages with a non-zero nl_pid source address are just ignored. Regards, Tomas Hozza Associate Software Engineer BaseOS - Brno, CZ From 6199072f8131056efce208f04e6985d1f9968d8e Mon Sep 17 00:00:00 2001 From: Tomas Hozza tho...@redhat.com Date: Mon, 5 Nov 2012 10:08:16 +0100 Subject: [PATCH] Netlink source address validation allows DoS The source code without this patch caused hypervkvpd to exit when it processed a spoofed Netlink packet which has been sent from an untrusted local user. Netlink messages with a non-zero nl_pid source address should just be ignored. --- tools/hv/hv_kvp_daemon.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 3ea3af2..7d74497 100755 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -1478,13 +1478,19 @@ int main(void) len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0, addr_p, addr_l); - if (len 0 || addr.nl_pid) { + if (len 0) { syslog(LOG_ERR, recvfrom failed; pid:%u error:%d %s, addr.nl_pid, errno, strerror(errno)); close(fd); return -1; } + if (addr.nl_pid) { + syslog(LOG_WARNING, Received packet from untrusted pid:%u, + addr.nl_pid); + continue; + } + incoming_msg = (struct nlmsghdr *)kvp_recv_buffer; incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg); hv_msg = (struct hv_kvp_msg *)incoming_cn_msg-data; -- 1.7.11.7
Re: [PATCH] tools/hv/hv_kvp_daemon.c: Netlink source address validation allows DoS
From 6199072f8131056efce208f04e6985d1f9968d8e Mon Sep 17 00:00:00 2001 From: Tomas Hozza tho...@redhat.com Date: Mon, 5 Nov 2012 10:08:16 +0100 Subject: [PATCH] Netlink source address validation allows DoS The source code without this patch caused hypervkvpd to exit when it processed a spoofed Netlink packet which has been sent from an untrusted local user. Netlink messages with a non-zero nl_pid source address should just be ignored. --- tools/hv/hv_kvp_daemon.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index 3ea3af2..7d74497 100755 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -1478,13 +1478,19 @@ int main(void) len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0, addr_p, addr_l); - if (len 0 || addr.nl_pid) { + if (len 0) { syslog(LOG_ERR, recvfrom failed; pid:%u error:%d %s, addr.nl_pid, errno, strerror(errno)); close(fd); return -1; } + if (addr.nl_pid) { + syslog(LOG_WARNING, Received packet from untrusted pid:%u, + addr.nl_pid); + continue; + } + incoming_msg = (struct nlmsghdr *)kvp_recv_buffer; incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg); hv_msg = (struct hv_kvp_msg *)incoming_cn_msg-data; -- 1.7.11.7 - Original Message - -Original Message- From: Tomas Hozza [mailto:tho...@redhat.com] Sent: Tuesday, November 06, 2012 10:21 AM To: gre...@linuxfoundation.org; linux-kernel@vger.kernel.org; de...@linuxdriverproject.org; a...@canonical.com; jasow...@redhat.com Cc: Olaf Hering; KY Srinivasan Subject: [PATCH] tools/hv/hv_kvp_daemon.c: Netlink source address validation allows DoS Hi. After discussion with KY Srinivasan and Olaf Hering I'm sending you a patch for the HyperV KVP daemon distributed in linux kernel tools/hv/hv_kvp_daemon.c. There is an issue in the current daemon source causing hyperv kvp daemon to exit when it processes a spoofed Netlink packet which has been sent from an untrusted local user. This patch is fixing this, so now the Netlink messages with a non-zero nl_pid source address are just ignored. You don't want to send the patch as an attachment. Please send the patch as part of the mail. Regards, K. Y Regards, Tomas Hozza Associate Software Engineer BaseOS - Brno, CZ -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/