1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
From 23e13a52a6213b11eda9a3b09df455f495f74e8d Mon Sep 17 00:00:00 2001
From: Yogita Urade <yogita.urade@windriver.com>
Date: Tue, 13 Dec 2022 09:18:33 +0000
Subject: [PATCH] multipath-tools: use /run instead of /dev/shm
/dev/shm may have unsafe permissions. Use /run instead.
Use systemd's tmpfiles.d mechanism to create /run/multipath
early during boot.
For backward compatibilty, make the runtime directory configurable
via the "runtimedir" make variable.
Signed-off-by: Martin Wilck <mwilck@suse.com>
Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
CVE: CVE-2022-41973
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-41973
Upstream-Status: Backport [https://github.com/opensvc/multipath-tools/commit/cb57b930fa690ab79b3904846634681685e3470f]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
.gitignore | 2 ++
Makefile.inc | 7 ++++++-
libmultipath/defaults.h | 3 +--
multipath/Makefile | 11 ++++++++---
multipath/{multipath.rules => multipath.rules.in} | 4 ++--
multipath/tmpfiles.conf.in | 1 +
6 files changed, 20 insertions(+), 8 deletions(-)
rename multipath/{multipath.rules => multipath.rules.in} (95%)
create mode 100644 multipath/tmpfiles.conf.in
diff --git a/.gitignore b/.gitignore
index 9926756b..f90b0350 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,8 @@
*.d
kpartx/kpartx
multipath/multipath
+multipath/multipath.rules
+multipath/tmpfiles.conf
multipathd/multipathd
mpathpersist/mpathpersist
.nfs*
diff --git a/Makefile.inc b/Makefile.inc
index 4eb08eed..648f91b4 100644
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -44,6 +44,7 @@ exec_prefix = $(prefix)
usr_prefix = $(prefix)
bindir = $(exec_prefix)/usr/sbin
libudevdir = $(prefix)/$(SYSTEMDPATH)/udev
+tmpfilesdir = $(prefix)/$(SYSTEMDPATH)/tmpfiles.d
udevrulesdir = $(libudevdir)/rules.d
multipathdir = $(TOPDIR)/libmultipath
man8dir = $(prefix)/usr/share/man/man8
@@ -60,6 +61,7 @@ libdmmpdir = $(TOPDIR)/libdmmp
nvmedir = $(TOPDIR)/libmultipath/nvme
includedir = $(prefix)/usr/include
pkgconfdir = $(usrlibdir)/pkgconfig
+runtimedir := /$(RUN)
GZIP = gzip -9 -c
RM = rm -f
@@ -95,7 +97,10 @@ OPTFLAGS += -Wextra -Wstrict-prototypes -Wformat=2 -Werror=implicit-int \
-Wno-unused-parameter -Werror=cast-qual \
-Werror=discarded-qualifiers
-CPPFLAGS := -Wp,-D_FORTIFY_SOURCE=2
+CPPFLAGS := $(FORTIFY_OPT) \
+ -DBIN_DIR=\"$(bindir)\" -DMULTIPATH_DIR=\"$(plugindir)\" -DRUN_DIR=\"${RUN}\" \
+ -DRUNTIME_DIR=\"$(runtimedir)\" \
+ -DCONFIG_DIR=\"$(configdir)\" -DEXTRAVERSION=\"$(EXTRAVERSION)\" -MMD -MP
CFLAGS := $(OPTFLAGS) -DBIN_DIR=\"$(bindir)\" -DLIB_STRING=\"${LIB}\" -DRUN_DIR=\"${RUN}\" \
-MMD -MP $(CFLAGS)
BIN_CFLAGS = -fPIE -DPIE
diff --git a/libmultipath/defaults.h b/libmultipath/defaults.h
index c2164c16..908e0ca3 100644
--- a/libmultipath/defaults.h
+++ b/libmultipath/defaults.h
@@ -64,8 +64,7 @@
#define DEFAULT_WWIDS_FILE "/etc/multipath/wwids"
#define DEFAULT_PRKEYS_FILE "/etc/multipath/prkeys"
#define DEFAULT_CONFIG_DIR "/etc/multipath/conf.d"
-#define MULTIPATH_SHM_BASE "/dev/shm/multipath/"
-
+#define MULTIPATH_SHM_BASE RUNTIME_DIR "/multipath/"
static inline char *set_default(char *str)
{
diff --git a/multipath/Makefile b/multipath/Makefile
index e720c7f6..28976546 100644
--- a/multipath/Makefile
+++ b/multipath/Makefile
@@ -12,7 +12,7 @@ EXEC = multipath
OBJS = main.o
-all: $(EXEC)
+all: $(EXEC) multipath.rules tmpfiles.conf
$(EXEC): $(OBJS) $(multipathdir)/libmultipath.so $(mpathcmddir)/libmpathcmd.so
$(CC) $(CFLAGS) $(OBJS) -o $(EXEC) $(LDFLAGS) $(LIBDEPS)
@@ -26,7 +26,9 @@ install:
$(INSTALL_PROGRAM) -m 755 mpathconf $(DESTDIR)$(bindir)/
$(INSTALL_PROGRAM) -d $(DESTDIR)$(udevrulesdir)
$(INSTALL_PROGRAM) -m 644 11-dm-mpath.rules $(DESTDIR)$(udevrulesdir)
- $(INSTALL_PROGRAM) -m 644 $(EXEC).rules $(DESTDIR)$(libudevdir)/rules.d/62-multipath.rules
+ $(INSTALL_PROGRAM) -m 644 multipath.rules $(DESTDIR)$(udevrulesdir)/56-multipath.rules
+ $(INSTALL_PROGRAM) -d $(DESTDIR)$(tmpfilesdir)
+ $(INSTALL_PROGRAM) -m 644 tmpfiles.conf $(DESTDIR)$(tmpfilesdir)/multipath.conf
$(INSTALL_PROGRAM) -d $(DESTDIR)$(man8dir)
$(INSTALL_PROGRAM) -m 644 $(EXEC).8.gz $(DESTDIR)$(man8dir)
$(INSTALL_PROGRAM) -d $(DESTDIR)$(man5dir)
@@ -43,9 +45,12 @@ uninstall:
$(RM) $(DESTDIR)$(man8dir)/mpathconf.8.gz
clean: dep_clean
- $(RM) core *.o $(EXEC) *.gz
+ $(RM) core *.o $(EXEC) multipath.rules tmpfiles.conf
include $(wildcard $(OBJS:.o=.d))
dep_clean:
$(RM) $(OBJS:.o=.d)
+
+%: %.in
+ sed 's,@RUNTIME_DIR@,$(runtimedir),' $< >$@
diff --git a/multipath/multipath.rules b/multipath/multipath.rules.in
similarity index 95%
rename from multipath/multipath.rules
rename to multipath/multipath.rules.in
index 0486bf70..5fb499e6 100644
--- a/multipath/multipath.rules
+++ b/multipath/multipath.rules.in
@@ -1,8 +1,8 @@
# Set DM_MULTIPATH_DEVICE_PATH if the device should be handled by multipath
SUBSYSTEM!="block", GOTO="end_mpath"
KERNEL!="sd*|dasd*|nvme*", GOTO="end_mpath"
-ACTION=="remove", TEST=="/dev/shm/multipath/find_multipaths/$major:$minor", \
- RUN+="/usr/bin/rm -f /dev/shm/multipath/find_multipaths/$major:$minor"
+ACTION=="remove", TEST=="@RUNTIME_DIR@/multipath/find_multipaths/$major:$minor", \
+ RUN+="/usr/bin/rm -f @RUNTIME_DIR@/multipath/find_multipaths/$major:$minor"
ACTION!="add|change", GOTO="end_mpath"
IMPORT{cmdline}="nompath"
diff --git a/multipath/tmpfiles.conf.in b/multipath/tmpfiles.conf.in
new file mode 100644
index 00000000..21be438a
--- /dev/null
+++ b/multipath/tmpfiles.conf.in
@@ -0,0 +1 @@
+d @RUNTIME_DIR@/multipath 0700 root root -
--
2.32.0
|
