Bug 1192400

Summary: qemu: reject '/' in <shmem name=XXX/>
Product: [Community] Virtualization Tools Reporter: Andrew Jones <drjones>
Component: libvirtAssignee: Libvirt Maintainers <libvirt-maint>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: berrange, crobinso, skobyda
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: LibvirtFirstBug
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-03-26 20:08:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andrew Jones 2015-02-13 09:56:42 UTC
Some XML name elements will be used as part of a path. These types of names should never include '/', nor be '.' or '..'. Possibly other names should be avoided as well. One example of such a name element is

<shmem name='NAME'>

which will use NAME in the patch /dev/shm/NAME, but there are likely others to check as well.

Comment 1 Andrew Jones 2015-02-13 13:11:17 UTC
Actually for the example in the description (shmem). A single '/' could be allowed, as long as it's the first character of the name. Knowing how shmem-name is used (by shm_open), we see that "/NAME" is POSIX compliant, and is even required on some systems to allow opening a pre-existing object of the same name. The behavior of opening a pre-existing object without the slash is implementation defined per POSIX. But, this complicates libvirt, and allows some QEMU internals knowledge to leak into it (we have to know that QEMU uses shm_open on this particular name element), so I'm not sure if it should be considered. Linux doesn't care if the slash is there or not, pre-existing objects are opened as if it was.

Comment 2 Daniel Berrangé 2015-02-13 14:26:30 UTC
I think that's probably obscure enough that we can just unconditionally block use of '/' in names and not cause problems for apps/users.

Comment 3 Cole Robinson 2016-04-26 19:23:20 UTC
This should probably be fine to validate in qemuDomainPostParse, since presumably there isn't any previous configs we need to worry about. Tagging as LibvirtFirstBug

Comment 4 Simon Kobyda 2018-07-10 11:45:45 UTC
Patch proposed upstream: 
https://www.redhat.com/archives/libvir-list/2018-July/msg00586.html

Comment 5 Cole Robinson 2019-03-26 20:08:01 UTC
commit 9ff956b26aba64e1519a338197891ac53f033e7f
Author: Simon Kobyda <skobyda>
Date:   Wed Aug 1 17:50:03 2018 +0200

    conf: virDomainDefValidateInternal prohibit some characters in shmem name