motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2026-01-06 06:27:41 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions
qemu/tools/virtiofsd
History
Stefan Hajnoczi 8c1d353d10 virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717) 
The system-wide fs.file-max sysctl value determines how many files can
be open.  It defaults to a value calculated based on the machine's RAM
size.  Previously virtiofsd would try to set RLIMIT_NOFILE to 1,000,000
and this allowed the FUSE client to exhaust the number of open files
system-wide on Linux hosts with less than 10 GB of RAM!

Take fs.file-max into account when choosing the default RLIMIT_NOFILE
value.

Fixes: CVE-2020-10717
Reported-by: Yuval Avrahami <yavrahami@paloaltonetworks.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20200501140644.220940-3-stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-05-01 18:41:56 +01:00
..
50-qemu-virtiofsd.json.in virtiofsd: add vhost-user.json file 2020-01-23 16:41:36 +00:00
buffer.c virtiofsd: use fuse_buf_writev to replace fuse_buf_write for better performance 2020-01-23 16:41:37 +00:00
fuse_common.h virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV 2020-01-23 16:41:37 +00:00
fuse_i.h virtiofsd: Remove fuse.h and struct fuse_module 2020-02-21 12:53:17 +00:00
fuse_log.c virtiofsd: Fix common header and define for QEMU builds 2020-01-23 16:41:36 +00:00
fuse_log.h virtiofsd: Format imported files to qemu style 2020-01-23 16:41:36 +00:00
fuse_lowlevel.c tools/virtiofsd/fuse_lowlevel: Fix fuse_out_header::error value 2020-02-21 12:53:17 +00:00
fuse_lowlevel.h virtiofsd: add --rlimit-nofile=NUM option 2020-05-01 18:41:55 +01:00
fuse_misc.h virtiofsd: support nanosecond resolution for file timestamp 2020-01-23 16:41:37 +00:00
fuse_opt.c virtiofsd: Fix common header and define for QEMU builds 2020-01-23 16:41:36 +00:00
fuse_opt.h virtiofsd: Format imported files to qemu style 2020-01-23 16:41:36 +00:00
fuse_signals.c virtiofsd: convert more fprintf and perror to use fuse log infra 2020-01-23 16:41:37 +00:00
fuse_virtio.c virtiofsd: Fix xattr operations 2020-03-03 15:13:24 +00:00
fuse_virtio.h virtiofsd: cleanup allocated resource in se 2020-01-23 16:41:37 +00:00
helper.c virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717) 2020-05-01 18:41:56 +01:00
Makefile.objs virtiofsd: add seccomp whitelist 2020-01-23 16:41:37 +00:00
passthrough_helpers.h virtiofsd: Format imported files to qemu style 2020-01-23 16:41:36 +00:00
passthrough_ll.c virtiofsd: add --rlimit-nofile=NUM option 2020-05-01 18:41:55 +01:00
seccomp.c virtiofsd: Fix xattr operations 2020-03-03 15:13:24 +00:00
seccomp.h virtiofsd: add --syslog command-line option 2020-01-23 16:41:37 +00:00