1. Patchew
  2. QEMU
  3. [Qemu-devel] [PATCH v2 0/2] 9pfs: fix vulnerability and build break
  4. View patch

[Qemu-devel] [PATCH v2 1/2] 9pfs: fix O_PATH build break with older glibc versions

Greg Kurz posted 2 patches 8 years, 8 months ago
[Qemu-devel] [PATCH v2 1/2] 9pfs: fix O_PATH build break with older glibc versions
Posted by Greg Kurz 8 years, 8 months ago 
When O_PATH is used with O_DIRECTORY, it only acts as an optimization: the
openat() syscall simply finds the name in the VFS, and doesn't trigger the
underlying filesystem.

On systems that don't define O_PATH, because they have glibc version 2.13
or older for example, we can safely omit it. We don't want to deactivate
O_PATH globally though, in case it is used without O_DIRECTORY. The is done
with a dedicated macro.

Signed-off-by: Greg Kurz <groug@kaod.org>
---
 hw/9pfs/9p-util.h |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/9pfs/9p-util.h b/hw/9pfs/9p-util.h
index 091f3ce88e15..cb7b2072d3ac 100644
--- a/hw/9pfs/9p-util.h
+++ b/hw/9pfs/9p-util.h
@@ -22,7 +22,12 @@ static inline void close_preserve_errno(int fd)
 
 static inline int openat_dir(int dirfd, const char *name)
 {
-    return openat(dirfd, name, O_DIRECTORY | O_RDONLY | O_PATH);
+#ifdef O_PATH
+#define OPENAT_DIR_O_PATH O_PATH
+#else
+#define OPENAT_DIR_O_PATH 0
+#endif
+    return openat(dirfd, name, O_DIRECTORY | O_RDONLY | OPENAT_DIR_O_PATH);
 }
 
 static inline int openat_file(int dirfd, const char *name, int flags,
Re: [Qemu-devel] [PATCH v2 1/2] 9pfs: fix O_PATH build break with older glibc versions
Posted by Eric Blake 8 years, 8 months ago 
On 03/06/2017 02:29 AM, Greg Kurz wrote:
> When O_PATH is used with O_DIRECTORY, it only acts as an optimization: the
> openat() syscall simply finds the name in the VFS, and doesn't trigger the
> underlying filesystem.
> 
> On systems that don't define O_PATH, because they have glibc version 2.13
> or older for example, we can safely omit it. We don't want to deactivate
> O_PATH globally though, in case it is used without O_DIRECTORY. The is done
> with a dedicated macro.

May be worth adding:

Systems without O_PATH may thus fail to resolve names that involve
unreadable directories, compared to newer systems succeeding, but such
corner case failure is our only option on those older systems to avoid
the security hole of chasing symlinks inappropriately.

> 
> Signed-off-by: Greg Kurz <groug@kaod.org>
> ---
>  hw/9pfs/9p-util.h |    7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)

Reviewed-by: Eric Blake <eblake@redhat.com>

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.