9pfs: deprecate 'proxy' backend

As recent CVE-2023-2861 (fixed by f6b0de53fb) once again showed, the 9p 'proxy' fs driver is in bad shape. Using the 'proxy' backend was already discouraged for safety reasons before and we recommended to use the 'local' backend (preferably in conjunction with its 'mapped' security model) instead, but now it is time to officially deprecate the 'proxy' backend. Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Greg Kurz <groug@kaod.org> Message-Id: <E1qDkmw-0007M1-8f@lizzy.crudebyte.com>
2025-08-22 15:15:46 +00:00 · 2023-06-26 13:49:06 +02:00
parent 0618e72d64
commit 71d72ececa
9 changed files with 67 additions and 3 deletions
--- a/fsdev/qemu-fsdev.c
+++ b/fsdev/qemu-fsdev.c
@ -133,6 +133,14 @@ int qemu_fsdev_add(QemuOpts *opts, Error **errp)
    }

    if (fsdriver) {
+        if (strncmp(fsdriver, "proxy", 5) == 0) {
+            warn_report(
+                "'-fsdev proxy' and '-virtfs proxy' are deprecated, use "
+                "'local' instead of 'proxy, or consider deploying virtiofsd "
+                "as alternative to 9p"
+            );
+        }
+
        for (i = 0; i < ARRAY_SIZE(FsDrivers); i++) {
            if (strcmp(FsDrivers[i].name, fsdriver) == 0) {
                break;
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c
@ -9,6 +9,11 @@
 * the COPYING file in the top-level directory.
 */

+/*
+ * NOTE: The 9p 'proxy' backend is deprecated (since QEMU 8.1) and will be
+ * removed in a future version of QEMU!
+ */
+
 #include "qemu/osdep.h"
 #include <glib/gstdio.h>
 #include <sys/resource.h>
@ -1057,6 +1062,10 @@ int main(int argc, char **argv)
    struct statfs st_fs;
 #endif

+    fprintf(stderr, "NOTE: The 9p 'proxy' backend is deprecated (since "
+                    "QEMU 8.1) and will be removed in a future version of "
+                    "QEMU!\n");
+
    prog_name = g_path_get_basename(argv[0]);

    is_daemon = true;