--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Date: Fri, 1 Jul 2022 11:09:15 +0200
+Subject: [PATCH] add check for statvfs
+
+we use HAVE_STATVFS in the code but with meson the check got
+lost causing mount_entry to fail to remount some things such
+as a bind mount of /dev/fuse via
+
+ lxc.mount.entry = /dev/fuse dev/fuse none bind,create=file 0 0
+
+which would cause the following log messages:
+
+ DEBUG conf - ../src/lxc/conf.c:mount_entry:2416 - Remounting "/dev/fuse" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/fuse" to respect bind or remount options
+ ERROR conf - ../src/lxc/conf.c:mount_entry:2459 - Operation not permitted - Failed to mount "/dev/fuse" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/fuse"
+
+note that the `Flags for ... were ...` line is not showing
+up there, which depends on HAVE_STATVFS
+
+Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+---
+ meson.build | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/meson.build b/meson.build
+index 43362d37a..274511037 100644
+--- a/meson.build
++++ b/meson.build
+@@ -493,6 +493,7 @@ foreach tuple: [
+ ['sigdescr_np'],
+ ['signalfd'],
+ ['statx'],
++ ['statvfs'],
+ ['strlcat'],
+ ['strlcpy'],
+ ['unshare'],
+@@ -622,6 +623,7 @@ foreach ident: [
+ ['setns', '''#include <sched.h>'''],
+ ['sigdescr_np', '''#include <string.h>'''],
+ ['signalfd', '''#include <sys/signalfd.h>'''],
++ ['statvfs', '''#include <sys/statvfs.h>'''],
+ ['statx', '''#include <sys/types.h>
+ #include <sys/stat.h>
+ #include <unistd.h>'''],
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: srd424 <srd424@users.noreply.github.com>
+Date: Sun, 3 Jul 2022 10:21:30 +0100
+Subject: [PATCH] Fix off-by-one error constructing mount options
+
+This fixes a really subtle off-by-one error constructing overlay mount options if rootfs options are provided and modern overlayfs (i.e. requiring a workdir) is used. We need to allow for the extra "," required to separate the extra options when computing the length!
+
+Signed-off-by: srd424 <srd424@users.noreply.github.com>
+---
+ src/lxc/storage/overlay.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lxc/storage/overlay.c b/src/lxc/storage/overlay.c
+index f8094fada..0c3fa1220 100644
+--- a/src/lxc/storage/overlay.c
++++ b/src/lxc/storage/overlay.c
+@@ -445,7 +445,7 @@ int ovl_mount(struct lxc_storage *bdev)
+ upper, lower, mntdata);
+
+ len2 = strlen(lower) + strlen(upper) + strlen(work) +
+- strlen("upperdir=,lowerdir=,workdir=") +
++ strlen("upperdir=,lowerdir=,workdir=,") +
+ strlen(mntdata) + 1;
+ options_work = must_realloc(NULL, len2);
+ ret2 = snprintf(options, len2,
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: srd424 <srd424@users.noreply.github.com>
+Date: Sun, 3 Jul 2022 18:18:23 +0100
+Subject: [PATCH] Store mount options in correct variable
+
+This was exposed by the fix in the previous commit.
+
+Signed-off-by: srd424 <srd424@users.noreply.github.com>
+---
+ src/lxc/storage/overlay.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lxc/storage/overlay.c b/src/lxc/storage/overlay.c
+index 0c3fa1220..f38f3a740 100644
+--- a/src/lxc/storage/overlay.c
++++ b/src/lxc/storage/overlay.c
+@@ -448,7 +448,7 @@ int ovl_mount(struct lxc_storage *bdev)
+ strlen("upperdir=,lowerdir=,workdir=,") +
+ strlen(mntdata) + 1;
+ options_work = must_realloc(NULL, len2);
+- ret2 = snprintf(options, len2,
++ ret2 = snprintf(options_work, len2,
+ "upperdir=%s,lowerdir=%s,workdir=%s,%s", upper,
+ lower, work, mntdata);
+ } else {
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Raphael Isemann <teemperor@gmail.com>
+Date: Tue, 21 Jun 2022 13:10:40 +0200
+Subject: [PATCH] Fix uninitialized read in parse_cap when libcap is not used
+
+fuzz-lxc-cgroup-init currently fails for me with the input
+```
+ lxc.cap.keep=0
+```
+
+with this report:
+
+```
+==640655==WARNING: MemorySanitizer: use-of-uninitialized-value
+ #0 0x833c77 in parse_cap /src/lxc/san_build/../src/lxc/conf.c:3161:6
+ #1 0xaa5fd6 in add_cap_entry /src/lxc/san_build/../src/lxc/confile.c:2462:9
+ #2 0x9eb69c in set_config_cap_keep /src/lxc/san_build/../src/lxc/confile.c:2503:8
+ #3 0x974a76 in parse_line /src/lxc/san_build/../src/lxc/confile.c:3115:9
+ #4 0xea8cac in lxc_file_for_each_line_mmap /src/lxc/san_build/../src/lxc/parse.c:123:9
+ #5 0x9700a1 in lxc_config_read /src/lxc/san_build/../src/lxc/confile.c:3192:9
+ #6 0x4a3b50 in LLVMFuzzerTestOneInput /src/lxc/san_build/../src/tests/fuzz-lxc-cgroup-init.c:40:8
+ #7 0x10556e3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
+ #8 0x1041372 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
+ #9 0x1046bbc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
+ #10 0x106f7b2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
+ #11 0x7ffff7bc00b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16
+ #12 0x420a9d in _start (/home/fuzzer/oss-fuzz/build/out/lxc/fuzz-lxc-cgroup-init+0x420a9d)
+
+ Uninitialized value was created by an allocation of 'last_cap' in the stack frame of function 'parse_cap'
+ #0 0x832e30 in parse_cap /src/lxc/san_build/../src/lxc/conf.c:3131
+```
+
+The reason is that without libcap we parse_cap ends up comparing two
+uninitialized values. See the snippet below:
+
+```
+int parse_cap(const char *cap_name, __u32 *cap)
+{
+ int ret;
+ unsigned int res;
+ __u32 last_cap;
+
+ [...]
+
+ ret = lxc_caps_last_cap(&last_cap); // NOTE: 1. Call here.
+ if (ret) // Not taken as dummy lxc_caps_last_cap returned 0.
+ return -1;
+
+ if ((__u32)res > last_cap) // last_cap is uninitialized.
+ return -1;
+
+ *cap = (__u32)res;
+ return 0;
+}
+```
+
+Root cause seems to be that the dummy `lxc_caps_last_cap` returns 0 but
+doesn't set the last_cap value. This patch just returns -1 as an error code
+to avoid the uninitialized read.
+
+Note: When reproducing the bug you need to compile with O0 and *not* with O1
+otherwise you will not see the report.
+
+Signed-off-by: Raphael Isemann <teemperor@gmail.com>
+---
+ src/lxc/caps.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lxc/caps.h b/src/lxc/caps.h
+index fd1456b81..fbec1fdb5 100644
+--- a/src/lxc/caps.h
++++ b/src/lxc/caps.h
+@@ -49,7 +49,7 @@ static inline int lxc_caps_init(void)
+
+ static inline int lxc_caps_last_cap(__u32 *cap)
+ {
+- return 0;
++ return -1;
+ }
+
+ typedef int cap_value_t;
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Date: Mon, 4 Jul 2022 11:27:14 +0200
+Subject: [PATCH] meson: add remaining still-in-use config checks
+
+These are all still in use in the code but have not been
+added to meson.build when switching over from autoconf.
+
+Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+---
+ meson.build | 31 ++++++++++++++++++++++++++-----
+ 1 file changed, 26 insertions(+), 5 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index 274511037..ebbd6b697 100644
+--- a/meson.build
++++ b/meson.build
+@@ -375,6 +375,9 @@ if want_capabilities
+ if not libcap.found()
+ # Compat with Ubuntu 14.04 which ships libcap w/o .pc file
+ libcap = cc.find_library('cap', required: false)
++ else
++ have = cc.has_function('cap_get_file', dependencies: libcap, prefix: '#include <sys/capability.h>')
++ srcconf.set10('LIBCAP_SUPPORTS_FILE_CAPABILITIES', have)
+ endif
+ srcconf.set10('HAVE_LIBCAP', libcap.found())
+ pkgconfig_libs += libcap
+@@ -399,6 +402,8 @@ else
+ srcconf.set10('HAVE_STATIC_LIBCAP', false)
+ endif
+
++libutil = cc.find_library('util', required: false)
++
+ if want_oss_fuzz
+ srcconf.set10('FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION', true)
+ srcconf.set10('RUN_ON_OSS_FUZZ', true)
+@@ -414,12 +419,21 @@ srcconf.set10('HAVE_PAM', pam.found())
+ pkgconfig_libs += pam
+
+ ## Others.
++have = cc.has_function('fmemopen', prefix: '#include <stdio.h>', args: '-D_GNU_SOURCE')
++srcconf.set10('HAVE_FMEMOPEN', have)
++
++have_openpty = cc.has_function('openpty', dependencies: libutil, prefix: '#include <pty.h>')
++srcconf.set10('HAVE_OPENPTY', have_openpty)
++
++have = cc.has_function('pthread_setcancelstate', prefix: '#include <pthread.h>')
++srcconf.set10('HAVE_PTHREAD_SETCANCELSTATE', have)
++
++have = cc.has_function('rand_r')
++srcconf.set10('HAVE_RAND_R', have)
++
+ have = cc.has_function('strchrnul', prefix: '#include <string.h>', args: '-D_GNU_SOURCE')
+ srcconf.set10('HAVE_STRCHRNUL', have)
+
+-have = cc.has_function('openpty', prefix: '#include <pty.h>', args: '-D_GNU_SOURCE')
+-srcconf.set10('HAVE_OPENPTY', have)
+-
+ have_func_strerror_r = cc.has_function('strerror_r', prefix: '#include <string.h>', args: '-D_GNU_SOURCE')
+ srcconf.set10('HAVE_STRERROR_R', have_func_strerror_r)
+
+@@ -520,16 +534,18 @@ decl_headers = '''
+ #include <sys/mount.h>
+ #include <sys/stat.h>
+ #include <linux/fs.h>
+-#include <linux/types.h>
++#include <linux/if_link.h>
+ #include <linux/openat2.h>
+ #include <linux/sched.h>
++#include <linux/types.h>
+ '''
+
+ foreach decl: [
+ '__aligned_u64',
++ 'struct clone_args',
+ 'struct mount_attr',
+ 'struct open_how',
+- 'struct clone_args',
++ 'struct rtnl_link_stats64',
+ ]
+
+ # We get -1 if the size cannot be determined
+@@ -549,6 +565,7 @@ foreach tuple: [
+ ['__aligned_u64'],
+ ['struct mount_attr'],
+ ['struct open_how'],
++ ['struct rtnl_link_stats64'],
+ ]
+
+ if tuple.length() >= 2
+@@ -751,6 +768,10 @@ if want_io_uring
+ liblxc_dependencies += [liburing]
+ endif
+
++if have_openpty
++ liblxc_dependencies += [libutil]
++endif
++
+ liblxc_link_whole = [liblxc_static]
+
+ liblxc = shared_library(
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Date: Fri, 1 Jul 2022 11:09:15 +0200
-Subject: [PATCH lxc] add check for statvfs
-
-we use HAVE_STATVFS in the code but this was not added to
-config.h
-
-Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
----
- meson.build | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/meson.build b/meson.build
-index 43362d37a..274511037 100644
---- a/meson.build
-+++ b/meson.build
-@@ -493,6 +493,7 @@ foreach tuple: [
- ['sigdescr_np'],
- ['signalfd'],
- ['statx'],
-+ ['statvfs'],
- ['strlcat'],
- ['strlcpy'],
- ['unshare'],
-@@ -622,6 +623,7 @@ foreach ident: [
- ['setns', '''#include <sched.h>'''],
- ['sigdescr_np', '''#include <string.h>'''],
- ['signalfd', '''#include <sys/signalfd.h>'''],
-+ ['statvfs', '''#include <sys/statvfs.h>'''],
- ['statx', '''#include <sys/types.h>
- #include <sys/stat.h>
- #include <unistd.h>'''],
-lxc/0001-add-check-for-statvfs.patch
+extra/0001-add-check-for-statvfs.patch
+extra/0002-Fix-off-by-one-error-constructing-mount-options.patch
+extra/0003-Store-mount-options-in-correct-variable.patch
+extra/0004-Fix-uninitialized-read-in-parse_cap-when-libcap-is-n.patch
+extra/0005-meson-add-remaining-still-in-use-config-checks.patch
pve/0001-PVE-Config-lxc.service-start-after-a-potential-syslo.patch
pve/0002-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch
pve/0003-PVE-Config-attach-always-use-getent.patch
projects / lxc.git / commitdiff