From: Greg Kurz <groug@kaod.org>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: G 3 <programmingkidx@gmail.com>,
Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>,
qemu-devel qemu-devel <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] git master build failure in 9pfs
Date: Fri, 3 Mar 2017 17:43:53 +0100 [thread overview]
Message-ID: <20170303174353.676c1a7b@bahia.lan> (raw)
In-Reply-To: <20170303162128.GD13631@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 5432 bytes --]
On Fri, 3 Mar 2017 16:21:28 +0000
"Daniel P. Berrange" <berrange@redhat.com> wrote:
> On Fri, Mar 03, 2017 at 10:55:01AM -0500, G 3 wrote:
> >
> > On Mar 3, 2017, at 10:44 AM, Greg Kurz wrote:
> >
> > > On Fri, 3 Mar 2017 10:28:00 -0500
> > > G 3 <programmingkidx@gmail.com> wrote:
> > >
> > > > On Mar 3, 2017, at 9:59 AM, qemu-devel-request@nongnu.org wrote:
> > > > > On 02/03/17 17:40, Daniel P. Berrange wrote:
> > > > >
> > > > > > On Thu, Mar 02, 2017 at 05:28:24PM +0000, Mark Cave-Ayland wrote:
> > > > > > > Does anyone else see the following error when trying to build git
> > > > > > > master?
> > > > > > >
> > > > > > > cc -I/home/build/src/qemu/git/qemu/hw/9pfs -Ihw/9pfs
> > > > > > > -I/home/build/src/qemu/git/qemu/tcg
> > > > > > > -I/home/build/src/qemu/git/qemu/tcg/i386
> > > > > > > -I/home/build/src/qemu/git/qemu/linux-headers
> > > > > > > -I/home/build/src/qemu/git/qemu/linux-headers -I.
> > > > > > > -I/home/build/src/qemu/git/qemu -I/home/build/src/qemu/git/qemu/
> > > > > > > include
> > > > > > > -I/usr/include/pixman-1
> > > > > > > -I/home/build/src/qemu/git/qemu/dtc/libfdt
> > > > > > > -Werror -pthread -I/usr/include/glib-2.0
> > > > > > > -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -m64 -mcx16 -
> > > > > > > D_GNU_SOURCE
> > > > > > > -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes
> > > > > > > -Wredundant-decls -Wall -Wundef -Wwrite-strings
> > > > > > > -Wmissing-prototypes
> > > > > > > -fno-strict-aliasing -fno-common -fwrapv -Wendif-labels
> > > > > > > -Wno-missing-include-dirs -Wempty-body -Wnested-externs
> > > > > > > -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers
> > > > > > > -Wold-style-declaration -Wold-style-definition -Wtype-limits
> > > > > > > -fstack-protector-all -I/usr/include/p11-kit-1
> > > > > > > -I/usr/include/libpng12 -I/home/build/src/qemu/git/qemu/tests -
> > > > > > > MMD -MP
> > > > > > > -MT hw/9pfs/9p-util.o -MF hw/9pfs/9p-util.d -O2 -U_FORTIFY_SOURCE
> > > > > > > -D_FORTIFY_SOURCE=2 -g -c -o hw/9pfs/9p-util.o hw/9pfs/9p-util.c
> > > > > > > In file included from hw/9pfs/9p-util.c:15:0:
> > > > > > > hw/9pfs/9p-util.h: In function ?openat_dir?:
> > > > > > > hw/9pfs/9p-util.h:25:57: error: ?O_PATH? undeclared (first use in
> > > > > > > this
> > > > > > > function)
> > > > > > > hw/9pfs/9p-util.h:25:57: note: each undeclared identifier is
> > > > > > > reported
> > > > > > > only once for each function it appears in
> > > > > > > hw/9pfs/9p-util.h:26:1: error: control reaches end of non-void
> > > > > > > function
> > > > > > > [-Werror=return-type]
> > > > > > >
> > > > > > > Build platform is Debian Wheezy on an x86_64 host.
> > > > > >
> > > > > > IIUC, O_PATH was introduced in glibc 2.14 and Wheezy only has 2.13.
> > > > > >
> > > > > > So unless we want to make this 9pfs code a configurable
> > > > > > option, this
> > > > > > means Debian Wheezy is no longer a supportable platform for QEMU.
> > > > >
> > > > > Oh sure, I appreciate that wheezy is getting towards then end of its
> > > > > lifetime - it's just a little bit inconvenient to break my
> > > > > development
> > > > > environment just as we enter 2.9 freeze ;)
> > > > >
> > > > > If everyone agrees that wheezy is no longer supported after 2.9
> > > > > then I
> > > > > can look to upgrading, however my QEMU development is done on my
> > > > > laptop
> > > > > which is also setup for my day job so it's not a simple case of just
> > > > > switching the repository and running dist-upgrade to get me going
> > > > > again...
> > > >
> > > > I remember years ago something like O_PATH was not defined on Mac OS
> > > > X,
> > > > so the solution was to define the constant as zero. Something like
> > > > this:
> > > >
> > > > #ifndef O_PATH
> > > > #define O_PATH 0
> > > > #endif
> > > >
> > > > Maybe this might work in 9p-util.h.
> > > >
> > >
> > > Yes. Please send a patch and I'll merge it.
> > >
> > > Cheers.
> > >
> > > --
> > > Greg
> >
> >
> > Here is the patch. I think we should let Mark or some else test it to see if
> > it does fix the problem before a real patch is submitted.
> >
> > ---
> > hw/9pfs/9p-util.h | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> > diff --git a/hw/9pfs/9p-util.h b/hw/9pfs/9p-util.h
> > index 091f3ce..254d2a9 100644
> > --- a/hw/9pfs/9p-util.h
> > +++ b/hw/9pfs/9p-util.h
> > @@ -13,6 +13,10 @@
> > #ifndef QEMU_9P_UTIL_H
> > #define QEMU_9P_UTIL_H
> >
> > +#ifndef O_PATH
> > + #define O_PATH 0
> > +#endif
>
> Isn't the use of O_PATH required in order to fix the recent
> security vulnerability in 9p ? If so, then defining it to
> 0 means the QEMU is silently becoming vulnerable once again
> which I don't think is a good idea.
>
O_PATH was supposed to be used as an optimization here, since fds returned by
this function are only passed to openat()... but your comment makes me realize
I inadvertently dropped O_NOFOLLOW between v1 and v2 of the patchset. And this
IS an actual vulnerability issue :) And reading the openat() manpage, I see
that O_PATH | O_NOFOLLOW doesn't cause openat() to fail, but to return a fd
pointing to the symlink which is certainly not what I want :)
I guess I'll just stop using O_PATH then. I'll send a patch.
>
> Regards,
> Daniel
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next prev parent reply other threads:[~2017-03-03 16:44 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <mailman.56273.1488553194.22740.qemu-devel@nongnu.org>
2017-03-03 15:28 ` [Qemu-devel] git master build failure in 9pfs G 3
2017-03-03 15:44 ` Greg Kurz
2017-03-03 15:55 ` G 3
2017-03-03 15:58 ` Peter Maydell
2017-03-03 16:02 ` G 3
2017-03-03 16:14 ` Greg Kurz
2017-03-03 16:21 ` Daniel P. Berrange
2017-03-03 16:38 ` G 3
2017-03-03 16:40 ` Eric Blake
2017-03-03 16:42 ` Daniel P. Berrange
2017-03-03 16:45 ` Eric Blake
2017-03-03 16:43 ` Greg Kurz [this message]
2017-03-03 18:11 ` Eric Blake
2017-03-03 18:15 ` Greg Kurz
2017-03-03 18:28 ` Eric Blake
2017-03-04 10:57 ` Greg Kurz
[not found] <mailman.56353.1488479169.22739.qemu-devel@nongnu.org>
2017-03-03 0:30 ` Programmingkid
2017-03-02 17:28 Mark Cave-Ayland
2017-03-02 17:40 ` Daniel P. Berrange
2017-03-02 18:10 ` Peter Maydell
2017-03-03 15:41 ` Greg Kurz
2017-03-03 14:43 ` Mark Cave-Ayland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170303174353.676c1a7b@bahia.lan \
--to=groug@kaod.org \
--cc=berrange@redhat.com \
--cc=mark.cave-ayland@ilande.co.uk \
--cc=programmingkidx@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).