** Description changed:
[ Impact ]
Users of the 9p filesystem may encounter problems when guests try to
access host files, which can lead to e.g. guest boot issues.
[ Test plan ]
Using the script kindly provided by the reporter, we can set up our test
environment as such (this requires an s390x machine):
$ lxc profile create lp2091099
$ lxc profile edit lp2091099 << _EOF_
name: kvm-nodisk
description: ""
config:
- boot.autostart: "true"
- linux.kernel_modules: openvswitch,nbd,ip_tables,ip6_tables,kvm
- security.nesting: "true"
- security.privileged: "true"
+ boot.autostart: "true"
+ linux.kernel_modules: openvswitch,nbd,ip_tables,ip6_tables,kvm
+ security.nesting: "true"
+ security.privileged: "true"
devices:
- eth0:
- name: eth0
- nictype: bridged
- parent: lxdbr0
- type: nic
- kvm:
- path: /dev/kvm
- type: unix-char
- mem:
- path: /dev/mem
- type: unix-char
- tun:
- path: /dev/net/tun
- type: unix-char
+ eth0:
+ name: eth0
+ nictype: bridged
+ parent: lxdbr0
+ type: nic
+ kvm:
+ path: /dev/kvm
+ type: unix-char
+ mem:
+ path: /dev/mem
+ type: unix-char
+ tun:
+ path: /dev/net/tun
+ type: unix-char
_EOF_
$ lxc launch ubuntu-daily:noble n-9ptest --profile default --profile lp2091099
$ lxc shell n-9ptest
# apt update
- # apt install -y qemu-system-x86 debootstrap
+ # apt install -y qemu-system-s390x debootstrap
# cat > t.sh << _EOF_
#!/bin/bash
# Cleanup target dir
[ -d ./target ] && rm -rf target
mkdir target
# Add configuration updates
mkdir -p ./target/etc/initramfs-tools/
echo 9p >> ./target/etc/initramfs-tools/modules
echo 9pnet_virtio >> ./target/etc/initramfs-tools/modules
# Add the test script
cat > ./target/test_init << EOF
#!/bin/bash
echo "Test for unix domain sockets"
nc -Ul /socket &
sleep 1
echo "Sockets work" | nc -UN /socket || echo "Sockets fail"
echo o > /proc/sysrq-trigger
sleep 999
EOF
chmod 700 ./target/test_init
# Create an Ubuntu 23.10 around it
echo "Creating Ubuntu target OS"
debootstrap --variant=minbase\
--include=udev,kmod,initramfs-tools,systemd,netcat-openbsd,linux-image-generic \
--exclude=man,bash-completion \
noble ./target > /dev/null || exit 1
# Run the test in 9p forwarded filesystem
echo "Running OS in qemu"
qemu-system-s390x \
-m 8192 \
-smp 4 \
-nodefaults -nographic -no-reboot -no-user-config \
-kernel ./target/boot/vmlinuz \
-initrd ./target/boot/initrd.img \
-append 'root=fsRoot rw rootfstype=9p
rootflags=trans=virtio,version=9p2000.L,msize=512000,cache=mmap,posixacl
console=ttysclp0 init=/test_init quiet' \
-fsdev
local,security_model=passthrough,multidevs=remap,id=fsdev-fsRoot,path=./target \
-device virtio-9p-pci,id=fsRoot,fsdev=fsdev-fsRoot,mount_tag=fsRoot \
-device virtio-serial-ccw -device sclpconsole,chardev=console \
-chardev stdio,id=console,signal=off
_EOF_
+ # sh ./t.sh
+
+ On a problematic system, you should see something similar to the
+ following output:
+
+ Creating Ubuntu target OS
+ Running OS in qemu
+ KASLR disabled: CPU has no PRNG
+ KASLR disabled: CPU has no PRNG
+ Test for unix domain sockets
+ qemu-system-s390x: 9p: broken or compromised client detected; attempt to open
special file (i.e. neither regular file, nor directory)
+ nc: No such device or address
+ nc: /socket: No such file or directory
+ Sockets fail
+
[ Where problems could occur ]
This failure is caused by a regression introduced by a fix to a CVE. As
such, the possibility of introducing a security regression needs to be
considered. The CVE fix was about preventing guests to open files on
the host when using 9p, but it ended up being too restrictive and
impacting use cases when there needs to be an access.
The patch is not too complex and is specifically aimed at allowing
open(2) with O_PATH, which is an operation that is as secure as possible
without actually opening the file. According to the manpage:
- O_PATH (since Linux 2.6.39)
- Obtain a file descriptor that can be used for two purposes: to
indicate a location in the filesystem tree and to perform operations that act
purely at the file descriptor level. The file itself is not opened, and other
file operations (e.g., read(2), write(2), fchmod(2), fchown(2),
fgetxattr(2), ioctl(2), mmap(2)) fail with the error EBADF.
+ O_PATH (since Linux 2.6.39)
+ Obtain a file descriptor that can be used for two purposes: to
indicate a location in the filesystem tree and to perform operations that act
purely at the file descriptor level. The file itself is not opened, and other
file operations (e.g., read(2), write(2), fchmod(2), fchown(2),
fgetxattr(2), ioctl(2), mmap(2)) fail with the error EBADF.
[ Original Description ]
== Reported by <d.herrendoer...@de.ibm.com> - 2024-12-04 ==
---Problem Description---
[UBUNTU 24.04] OS guest boot issues on 9p filesystem
---uname output---
Linux winlnxnw 6.8.0-45-generic #45-Ubuntu SMP Fri Aug 30 11:09:37 UTC 2024
s390x s390x s390x GNU/Linux
Contact Information = d.herrendoer...@de.ibm.com
Machine Type = 3931-7G4
---Steps to Reproduce---
Run this script (fails with a qemu error message)
#!/bin/bash
# Cleanup target dir
[ -d ./target ] && rm -rf target
mkdir target
# Add configuration updates
mkdir -p ./target/etc/initramfs-tools/
echo 9p >> ./target/etc/initramfs-tools/modules
echo 9pnet_virtio >> ./target/etc/initramfs-tools/modules
# Add the test script
cat > ./target/test_init << EOF
#!/bin/bash
echo "Test for unix domain sockets"
nc -Ul /socket &
sleep 1
echo "Sockets work" | nc -UN /socket || echo "Sockets fail"
echo o > /proc/sysrq-trigger
sleep 999
EOF
chmod 700 ./target/test_init
# Create an Ubuntu 23.10 around it
echo "Creating Ubuntu target OS"
debootstrap --variant=minbase\
--include=udev,kmod,initramfs-tools,systemd,netcat-openbsd,linux-image-generic \
--exclude=man,bash-completion \
noble ./target > /dev/null || exit 1
# Run the test in 9p forwarded filesystem
echo "Running OS in qemu"
qemu-system-s390x \
-m 8192 \
-smp 4 \
-nodefaults -nographic -no-reboot -no-user-config \
-kernel ./target/boot/vmlinuz \
-initrd ./target/boot/initrd.img \
-append 'root=fsRoot rw rootfstype=9p
rootflags=trans=virtio,version=9p2000.L,msize=512000,cache=mmap,posixacl
console=ttysclp0 init=/test_init quiet' \
-fsdev
local,security_model=passthrough,multidevs=remap,id=fsdev-fsRoot,path=./target \
-device virtio-9p-pci,id=fsRoot,fsdev=fsdev-fsRoot,mount_tag=fsRoot \
-device virtio-serial-ccw -device sclpconsole,chardev=console \
-chardev stdio,id=console,signal=off
---Debugger---
A debugger is not configured
Userspace tool obtained from project website: na
Userspace rpm: qemu-(current).deb
Userspace tool common name: qemu
The userspace tool has the following bit modes: both
*Additional Instructions for d.herrendoer...@de.ibm.com:
-Post a private note with access information to the machine that the bug is
occuring on.
-Attach ltrace and strace of userspace application.
** Also affects: qemu (Ubuntu Oracular)
Importance: Undecided
Status: New
** Also affects: qemu (Ubuntu Plucky)
Importance: Critical
Assignee: Sergio Durigan Junior (sergiodj)
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2091099
Title:
[UBUNTU 24.04] OS guest boot issues on 9p filesystem
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/2091099/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
