[PATCH for-4.22] tools/libfsimage: Remove the XEN_FSIMAGE_FSDIR environment variable

Andrew Cooper posted 1 patch 2 days, 5 hours ago
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/20260702150301.825883-1-andrew.cooper3@citrix.com
CHANGELOG.md                             | 1 +
tools/libfsimage/common/fsimage_plugin.c | 5 +----
2 files changed, 2 insertions(+), 4 deletions(-)
[PATCH for-4.22] tools/libfsimage: Remove the XEN_FSIMAGE_FSDIR environment variable
Posted by Andrew Cooper 2 days, 5 hours ago
This was reported to the security team, demonstrating that code execution
could be achieved, but without a demonstration of a priviliege boundary being
bypassed.

Still, it's a high risk path with no obvious evidence of having been used even
for debugging, so remove the environment variable and use the build time
$(libdir)/xenfsimage path only.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Anthony PERARD <anthony.perard@vates.tech>
CC: Michal Orzel <michal.orzel@amd.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Julien Grall <julien@xen.org>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Oleksii Kurochko <oleksii.kurochko@gmail.com>

For 4.22.  This was supposed to be posted earlier but fell through the cracks.
Given it's borderline-security aspect, we don't want to delay it any further.
---
 CHANGELOG.md                             | 1 +
 tools/libfsimage/common/fsimage_plugin.c | 5 +----
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ef4e6ae9c459..0a4e5f013cb1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -63,6 +63,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 
  - Removed xenpm tool on non-x86 platforms as it doesn't actually provide
    anything useful outside of x86.
+ - Removed the XEN_FSIMAGE_FSDIR environment variable.
 
 ## [4.21.0](https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.21.0) - 2025-11-19
 
diff --git a/tools/libfsimage/common/fsimage_plugin.c b/tools/libfsimage/common/fsimage_plugin.c
index d0cb9e96a654..539dc247356a 100644
--- a/tools/libfsimage/common/fsimage_plugin.c
+++ b/tools/libfsimage/common/fsimage_plugin.c
@@ -121,7 +121,7 @@ static int init_plugin(const char *lib)
 
 int fsi_init(void)
 {
-	const char *fsdir = getenv("XEN_FSIMAGE_FSDIR");
+	const char *fsdir = FSIMAGE_FSDIR;
 	struct dirent *dp = NULL;
 	DIR *dir = NULL;
 	char *tmp = NULL;
@@ -129,9 +129,6 @@ int fsi_init(void)
 	int err;
 	int ret = -1;
 
-	if (fsdir == NULL)
-		fsdir = FSIMAGE_FSDIR;
-
 	if ((name_max = pathconf(fsdir, _PC_NAME_MAX)) == -1)
 		goto fail;
 

base-commit: ad9f564a5d840389cbf1b230086e1dd8257d8820
-- 
2.39.5


Re: [PATCH for-4.22] tools/libfsimage: Remove the XEN_FSIMAGE_FSDIR environment variable
Posted by Anthony PERARD 1 day, 6 hours ago
On Thu, Jul 02, 2026 at 04:03:01PM +0100, Andrew Cooper wrote:
> This was reported to the security team, demonstrating that code execution
> could be achieved, but without a demonstration of a priviliege boundary being
> bypassed.
> 
> Still, it's a high risk path with no obvious evidence of having been used even
> for debugging, so remove the environment variable and use the build time
> $(libdir)/xenfsimage path only.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Acked-by: Anthony PERARD <anthony.perard@vates.tech>

Thanks,


-- 
Anthony Perard | Vates XCP-ng Developer

XCP-ng & Xen Orchestra - Vates solutions

web: https://vates.tech
Re: [PATCH for-4.22] tools/libfsimage: Remove the XEN_FSIMAGE_FSDIR environment variable
Posted by Oleksii Kurochko 1 day, 9 hours ago

On 7/2/26 5:03 PM, Andrew Cooper wrote:
> This was reported to the security team, demonstrating that code execution
> could be achieved, but without a demonstration of a priviliege boundary being
> bypassed.
> 
> Still, it's a high risk path with no obvious evidence of having been used even
> for debugging, so remove the environment variable and use the build time
> $(libdir)/xenfsimage path only.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> ---
> CC: Anthony PERARD <anthony.perard@vates.tech>
> CC: Michal Orzel <michal.orzel@amd.com>
> CC: Jan Beulich <jbeulich@suse.com>
> CC: Julien Grall <julien@xen.org>
> CC: Roger Pau Monné <roger.pau@citrix.com>
> CC: Stefano Stabellini <sstabellini@kernel.org>
> CC: Oleksii Kurochko <oleksii.kurochko@gmail.com>
> 
> For 4.22.  This was supposed to be posted earlier but fell through the cracks.
> Given it's borderline-security aspect, we don't want to delay it any further.
> ---

Release-Acked-by: Oleksii Kurochko <oleksii.kurochko@gmail.com>

>   CHANGELOG.md                             | 1 +
>   tools/libfsimage/common/fsimage_plugin.c | 5 +----
>   2 files changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/CHANGELOG.md b/CHANGELOG.md
> index ef4e6ae9c459..0a4e5f013cb1 100644
> --- a/CHANGELOG.md
> +++ b/CHANGELOG.md
> @@ -63,6 +63,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
>   
>    - Removed xenpm tool on non-x86 platforms as it doesn't actually provide
>      anything useful outside of x86.
> + - Removed the XEN_FSIMAGE_FSDIR environment variable.
>   
>   ## [4.21.0](https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.21.0) - 2025-11-19
>   

Acked-by: Oleksii Kurochko <oleksii.kurochko@gmail.com>


> diff --git a/tools/libfsimage/common/fsimage_plugin.c b/tools/libfsimage/common/fsimage_plugin.c
> index d0cb9e96a654..539dc247356a 100644
> --- a/tools/libfsimage/common/fsimage_plugin.c
> +++ b/tools/libfsimage/common/fsimage_plugin.c
> @@ -121,7 +121,7 @@ static int init_plugin(const char *lib)
>   
>   int fsi_init(void)
>   {
> -	const char *fsdir = getenv("XEN_FSIMAGE_FSDIR");
> +	const char *fsdir = FSIMAGE_FSDIR;
>   	struct dirent *dp = NULL;
>   	DIR *dir = NULL;
>   	char *tmp = NULL;
> @@ -129,9 +129,6 @@ int fsi_init(void)
>   	int err;
>   	int ret = -1;
>   
> -	if (fsdir == NULL)
> -		fsdir = FSIMAGE_FSDIR;
> -
>   	if ((name_max = pathconf(fsdir, _PC_NAME_MAX)) == -1)
>   		goto fail;
>   
> 
> base-commit: ad9f564a5d840389cbf1b230086e1dd8257d8820


~ Oleksii


Re: [PATCH for-4.22] tools/libfsimage: Remove the XEN_FSIMAGE_FSDIR environment variable
Posted by Roger Pau Monné 2 days, 4 hours ago
On Thu, Jul 02, 2026 at 04:03:01PM +0100, Andrew Cooper wrote:
> This was reported to the security team, demonstrating that code execution
> could be achieved, but without a demonstration of a priviliege boundary being
> bypassed.
> 
> Still, it's a high risk path with no obvious evidence of having been used even
> for debugging, so remove the environment variable and use the build time
> $(libdir)/xenfsimage path only.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

Thanks, Roger.