Bug 1192400 - qemu: reject '/' in <shmem name=XXX/>
Summary: qemu: reject '/' in <shmem name=XXX/>
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Virtualization Tools
Classification: Community
Component: libvirt
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Libvirt Maintainers
QA Contact:
URL:
Whiteboard: LibvirtFirstBug
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-02-13 09:56 UTC by Andrew Jones
Modified: 2019-03-26 20:08 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-03-26 20:08:01 UTC


Attachments (Terms of Use)

Description Andrew Jones 2015-02-13 09:56:42 UTC
Some XML name elements will be used as part of a path. These types of names should never include '/', nor be '.' or '..'. Possibly other names should be avoided as well. One example of such a name element is

<shmem name='NAME'>

which will use NAME in the patch /dev/shm/NAME, but there are likely others to check as well.

Comment 1 Andrew Jones 2015-02-13 13:11:17 UTC
Actually for the example in the description (shmem). A single '/' could be allowed, as long as it's the first character of the name. Knowing how shmem-name is used (by shm_open), we see that "/NAME" is POSIX compliant, and is even required on some systems to allow opening a pre-existing object of the same name. The behavior of opening a pre-existing object without the slash is implementation defined per POSIX. But, this complicates libvirt, and allows some QEMU internals knowledge to leak into it (we have to know that QEMU uses shm_open on this particular name element), so I'm not sure if it should be considered. Linux doesn't care if the slash is there or not, pre-existing objects are opened as if it was.

Comment 2 Daniel Berrangé 2015-02-13 14:26:30 UTC
I think that's probably obscure enough that we can just unconditionally block use of '/' in names and not cause problems for apps/users.

Comment 3 Cole Robinson 2016-04-26 19:23:20 UTC
This should probably be fine to validate in qemuDomainPostParse, since presumably there isn't any previous configs we need to worry about. Tagging as LibvirtFirstBug

Comment 4 Simon Kobyda 2018-07-10 11:45:45 UTC
Patch proposed upstream: 
https://www.redhat.com/archives/libvir-list/2018-July/msg00586.html

Comment 5 Cole Robinson 2019-03-26 20:08:01 UTC
commit 9ff956b26aba64e1519a338197891ac53f033e7f
Author: Simon Kobyda <skobyda@redhat.com>
Date:   Wed Aug 1 17:50:03 2018 +0200

    conf: virDomainDefValidateInternal prohibit some characters in shmem name


Note You need to log in before you can comment on or make changes to this bug.