Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / refs/heads/dunfell / . / meta-openembedded / meta-oe / recipes-support / multipath-tools / files / CVE-2022-41973.patch
blob: d06ef44f68de5c3cb5e7c8554b7cc49ae784f50b [file] [log] [blame]
From cb57b930fa690ab79b3904846634681685e3470f Mon Sep 17 00:00:00 2001
From: Martin Wilck <mwilck@suse.com>
Date: Thu, 1 Sep 2022 19:21:30 +0200
Subject: [PATCH] multipath-tools: use /run instead of /dev/shm
/dev/shm may have unsafe permissions. Use /run instead.
Use systemd's tmpfiles.d mechanism to create /run/multipath
early during boot.
For backward compatibilty, make the runtime directory configurable
via the "runtimedir" make variable.
Signed-off-by: Martin Wilck <mwilck@suse.com>
Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
CVE: CVE-2022-41973
Upstream-Status: Backport [https://github.com/opensvc/multipath-tools/commit/cb57b930fa690ab79b3904846634681685e3470f]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
.gitignore | 2 ++
Makefile.inc | 7 ++++++-
libmultipath/defaults.h | 3 +--
multipath/Makefile | 11 ++++++++---
multipath/{multipath.rules => multipath.rules.in} | 4 ++--
multipath/tmpfiles.conf.in | 1 +
6 files changed, 20 insertions(+), 8 deletions(-)
rename multipath/{multipath.rules => multipath.rules.in} (95%)
create mode 100644 multipath/tmpfiles.conf.in
diff --git a/.gitignore b/.gitignore
index 9926756b..f90b0350 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,8 @@
*.d
kpartx/kpartx
multipath/multipath
+multipath/multipath.rules
+multipath/tmpfiles.conf
multipathd/multipathd
mpathpersist/mpathpersist
.nfs*
diff --git a/Makefile.inc b/Makefile.inc
index 4eb08eed..648f91b4 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -44,6 +44,7 @@ exec_prefix = $(prefix)
usr_prefix = $(prefix)
bindir = $(exec_prefix)/usr/sbin
libudevdir = $(prefix)/$(SYSTEMDPATH)/udev
+tmpfilesdir = $(prefix)/$(SYSTEMDPATH)/tmpfiles.d
udevrulesdir = $(libudevdir)/rules.d
multipathdir = $(TOPDIR)/libmultipath
man8dir = $(prefix)/usr/share/man/man8
@@ -60,6 +61,7 @@ libdmmpdir = $(TOPDIR)/libdmmp
nvmedir = $(TOPDIR)/libmultipath/nvme
includedir = $(prefix)/usr/include
pkgconfdir = $(usrlibdir)/pkgconfig
+runtimedir := /$(RUN)
GZIP = gzip -9 -c
RM = rm -f
@@ -95,7 +97,10 @@ OPTFLAGS += -Wextra -Wstrict-prototypes -Wformat=2 -Werror=implicit-int \
-Wno-unused-parameter -Werror=cast-qual \
-Werror=discarded-qualifiers
-CPPFLAGS := -Wp,-D_FORTIFY_SOURCE=2
+CPPFLAGS := $(FORTIFY_OPT) \
+ -DBIN_DIR=\"$(bindir)\" -DMULTIPATH_DIR=\"$(plugindir)\" -DRUN_DIR=\"${RUN}\" \
+ -DRUNTIME_DIR=\"$(runtimedir)\" \
+ -DCONFIG_DIR=\"$(configdir)\" -DEXTRAVERSION=\"$(EXTRAVERSION)\" -MMD -MP
CFLAGS := $(OPTFLAGS) -DBIN_DIR=\"$(bindir)\" -DLIB_STRING=\"${LIB}\" -DRUN_DIR=\"${RUN}\" \
-MMD -MP $(CFLAGS)
BIN_CFLAGS = -fPIE -DPIE
diff --git a/libmultipath/defaults.h b/libmultipath/defaults.h
index c2164c16..908e0ca3 100644
--- a/libmultipath/defaults.h
+++ b/libmultipath/defaults.h
@@ -64,8 +64,7 @@
#define DEFAULT_WWIDS_FILE "/etc/multipath/wwids"
#define DEFAULT_PRKEYS_FILE "/etc/multipath/prkeys"
#define DEFAULT_CONFIG_DIR "/etc/multipath/conf.d"
-#define MULTIPATH_SHM_BASE "/dev/shm/multipath/"
-
+#define MULTIPATH_SHM_BASE RUNTIME_DIR "/multipath/"
static inline char *set_default(char *str)
{
diff --git a/multipath/Makefile b/multipath/Makefile
index e720c7f6..28976546 100644
--- a/multipath/Makefile
+++ b/multipath/Makefile
@@ -12,7 +12,7 @@ EXEC = multipath
OBJS = main.o
-all: $(EXEC)
+all: $(EXEC) multipath.rules tmpfiles.conf
$(EXEC): $(OBJS) $(multipathdir)/libmultipath.so $(mpathcmddir)/libmpathcmd.so
$(CC) $(CFLAGS) $(OBJS) -o $(EXEC) $(LDFLAGS) $(LIBDEPS)
@@ -26,7 +26,9 @@ install:
$(INSTALL_PROGRAM) -m 755 mpathconf $(DESTDIR)$(bindir)/
$(INSTALL_PROGRAM) -d $(DESTDIR)$(udevrulesdir)
$(INSTALL_PROGRAM) -m 644 11-dm-mpath.rules $(DESTDIR)$(udevrulesdir)
- $(INSTALL_PROGRAM) -m 644 $(EXEC).rules $(DESTDIR)$(libudevdir)/rules.d/62-multipath.rules
+ $(INSTALL_PROGRAM) -m 644 multipath.rules $(DESTDIR)$(udevrulesdir)/56-multipath.rules
+ $(INSTALL_PROGRAM) -d $(DESTDIR)$(tmpfilesdir)
+ $(INSTALL_PROGRAM) -m 644 tmpfiles.conf $(DESTDIR)$(tmpfilesdir)/multipath.conf
$(INSTALL_PROGRAM) -d $(DESTDIR)$(man8dir)
$(INSTALL_PROGRAM) -m 644 $(EXEC).8.gz $(DESTDIR)$(man8dir)
$(INSTALL_PROGRAM) -d $(DESTDIR)$(man5dir)
@@ -43,9 +45,12 @@ uninstall:
$(RM) $(DESTDIR)$(man8dir)/mpathconf.8.gz
clean: dep_clean
- $(RM) core *.o $(EXEC) *.gz
+ $(RM) core *.o $(EXEC) multipath.rules tmpfiles.conf
include $(wildcard $(OBJS:.o=.d))
dep_clean:
$(RM) $(OBJS:.o=.d)
+
+%: %.in
+ sed 's,@RUNTIME_DIR@,$(runtimedir),' $< >$@
diff --git a/multipath/multipath.rules b/multipath/multipath.rules.in
similarity index 95%
rename from multipath/multipath.rules
rename to multipath/multipath.rules.in
index 0486bf70..5fb499e6 100644
--- a/multipath/multipath.rules
+++ b/multipath/multipath.rules.in
@@ -1,8 +1,8 @@
# Set DM_MULTIPATH_DEVICE_PATH if the device should be handled by multipath
SUBSYSTEM!="block", GOTO="end_mpath"
KERNEL!="sd*|dasd*|nvme*", GOTO="end_mpath"
-ACTION=="remove", TEST=="/dev/shm/multipath/find_multipaths/$major:$minor", \
- RUN+="/usr/bin/rm -f /dev/shm/multipath/find_multipaths/$major:$minor"
+ACTION=="remove", TEST=="@RUNTIME_DIR@/multipath/find_multipaths/$major:$minor", \
+ RUN+="/usr/bin/rm -f @RUNTIME_DIR@/multipath/find_multipaths/$major:$minor"
ACTION!="add|change", GOTO="end_mpath"
IMPORT{cmdline}="nompath"
diff --git a/multipath/tmpfiles.conf.in b/multipath/tmpfiles.conf.in
new file mode 100644
index 00000000..21be438a
--- /dev/null
+++ b/multipath/tmpfiles.conf.in
@@ -0,0 +1 @@
+d @RUNTIME_DIR@/multipath 0700 root root -
--
2.25.1