File 65263478-libfsimage-function-to-preload-plugins.patch of Package xen.31417

# Commit 990e65c3ad9ac08642ce62a92852c80be6c83e96
# Date 2023-10-11 06:36:50 +0100
# Author Alejandro Vallejo <alejandro.vallejo@cloud.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
tools/libfsimage: Export a new function to preload all plugins

This is work required in order to let pygrub operate in highly deprivileged
chroot mode. This patch adds a function that preloads every plugin, hence
ensuring that a on function exit, every shared library is loaded in memory.

The new "init" function is supposed to be used before depriv, but that's
fine because it's not acting on untrusted data.

This is part of XSA-443 / CVE-2023-34325

Signed-off-by: Alejandro Vallejo <alejandro.vallejo@cloud.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

--- a/tools/libfsimage/common/fsimage_plugin.c
+++ b/tools/libfsimage/common/fsimage_plugin.c
@@ -119,7 +119,7 @@ fail:
 	return (-1);
 }
 
-static int load_plugins(void)
+int fsi_init(void)
 {
 	const char *fsdir = getenv("XEN_FSIMAGE_FSDIR");
 	struct dirent *dp = NULL;
@@ -180,7 +180,7 @@ int find_plugin(fsi_t *fsi, const char *
 	fsi_plugin_t *fp;
 	int ret = 0;
 
-	if (plugins == NULL && (ret = load_plugins()) != 0)
+	if (plugins == NULL && (ret = fsi_init()) != 0)
 		goto out;
 
 	for (fp = plugins; fp != NULL; fp = fp->fp_next) {
--- a/tools/libfsimage/common/mapfile-GNU
+++ b/tools/libfsimage/common/mapfile-GNU
@@ -1,6 +1,7 @@
 VERSION {
 	libfsimage.so.1.0 {
 		global:
+			fsi_init;
 			fsi_open_fsimage;
 			fsi_close_fsimage;
 			fsi_file_exists;
--- a/tools/libfsimage/common/mapfile-SunOS
+++ b/tools/libfsimage/common/mapfile-SunOS
@@ -1,5 +1,6 @@
 libfsimage.so.1.0 {
 	global:
+		fsi_init;
 		fsi_open_fsimage;
 		fsi_close_fsimage;
 		fsi_file_exists;
--- a/tools/libfsimage/common/xenfsimage.h
+++ b/tools/libfsimage/common/xenfsimage.h
@@ -35,6 +35,14 @@ extern C {
 typedef struct fsi fsi_t;
 typedef struct fsi_file fsi_file_t;
 
+/*
+ * Optional initialization function. If invoked it loads the associated
+ * dynamic libraries for the backends ahead of time. This is required if
+ * the library is to run as part of a highly deprivileged executable, as
+ * the libraries may not be reachable after depriv.
+ */
+int fsi_init(void);
+
 fsi_t *fsi_open_fsimage(const char *, uint64_t, const char *);
 void fsi_close_fsimage(fsi_t *);
 
--- a/tools/pygrub/src/fsimage/fsimage.c
+++ b/tools/pygrub/src/fsimage/fsimage.c
@@ -286,6 +286,15 @@ fsimage_getbootstring(PyObject *o, PyObj
 	return Py_BuildValue("s", bootstring);
 }
 
+static PyObject *
+fsimage_init(PyObject *o, PyObject *args)
+{
+	if (!PyArg_ParseTuple(args, ""))
+		return (NULL);
+
+	return Py_BuildValue("i", fsi_init());
+}
+
 PyDoc_STRVAR(fsimage_open__doc__,
     "open(name, [offset=off]) - Open the given file as a filesystem image.\n"
     "\n"
@@ -297,7 +306,13 @@ PyDoc_STRVAR(fsimage_getbootstring__doc_
     "getbootstring(fs) - Return the boot string needed for this file system "
     "or NULL if none is needed.\n");
 
+PyDoc_STRVAR(fsimage_init__doc__,
+    "init() - Loads every dynamic library contained in xenfsimage "
+    "into memory so that it can be used in chrooted environments.\n");
+
 static struct PyMethodDef fsimage_module_methods[] = {
+	{ "init", (PyCFunction)fsimage_init,
+	    METH_VARARGS, fsimage_init__doc__ },
 	{ "open", (PyCFunction)fsimage_open,
 	    METH_VARARGS|METH_KEYWORDS, fsimage_open__doc__ },
 	{ "getbootstring", (PyCFunction)fsimage_getbootstring,