[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] libxl: Do not trust frontend for channel in list



commit ca04e01490acc333b43cfc784751d09134e65e18
Author:     Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
AuthorDate: Tue May 3 17:01:56 2016 +0100
Commit:     Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
CommitDate: Thu Jun 2 15:53:28 2016 +0100

    libxl: Do not trust frontend for channel in list
    
    libxl_device_channel_list should not trust frontend-provided data.
    
    So it needs to iterate using the /libxl paths, and read the backend
    path out of /libxl.
    
    However, it also filters out pure "consoles", which are channels
    without a "name".  But the name was stored only in the frontend
    directory, which the frontend can delete.
    
    So store the name in the backend too.  (Ideally we would store it in
    /libxl, where the backend can't write to it either, but
    libxl__device_console_add not currently have access to the xenstore
    transaction used by libxl__device_generic_add.  Protection against the
    backend will come later, in XSA-178.)
    
    Because the libxl paths are defined to be in terms of the frontend
    device types, not the backend device types, it is no longer correct
    for libxl__append_channel_list to take a type argument.  Abolish this
    (with no functional effect).
    
    This is part of XSA-175.
    
    Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
    Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx>
---
 tools/libxl/libxl.c | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
index c24887a..85c0241 100644
--- a/tools/libxl/libxl.c
+++ b/tools/libxl/libxl.c
@@ -3815,6 +3815,8 @@ int libxl__device_console_add(libxl__gc *gc, uint32_t 
domid,
     if (console->name) {
         flexarray_append(ro_front, "name");
         flexarray_append(ro_front, console->name);
+        flexarray_append(back, "name");
+        flexarray_append(back, console->name);
     }
     if (console->connection) {
         flexarray_append(back, "connection");
@@ -3953,34 +3955,35 @@ static int libxl__device_channel_from_xs_be(libxl__gc 
*gc,
     return rc;
 }
 
-static int libxl__append_channel_list_of_type(libxl__gc *gc,
+static int libxl__append_channel_list(libxl__gc *gc,
                                               uint32_t domid,
-                                              const char *type,
                                               libxl_device_channel **channels,
                                               int *nchannels)
 {
-    char *fe_path = NULL, *be_path = NULL;
+    char *libxl_dir_path = NULL, *be_path = NULL;
     char **dir = NULL;
     unsigned int n = 0, devid = 0;
     libxl_device_channel *next = NULL;
     int rc = 0, i;
 
-    fe_path = GCSPRINTF("%s/device/%s",
-                        libxl__xs_get_dompath(gc, domid), type);
-    dir = libxl__xs_directory(gc, XBT_NULL, fe_path, &n);
+    libxl_dir_path = GCSPRINTF("%s/device/console",
+                               libxl__xs_libxl_path(gc, domid));
+    dir = libxl__xs_directory(gc, XBT_NULL, libxl_dir_path, &n);
     if (!dir || !n)
       goto out;
 
     for (i = 0; i < n; i++) {
-        const char *p, *name;
+        const char *libxl_path, *name;
         libxl_device_channel *tmp;
 
-        p = GCSPRINTF("%s/%s", fe_path, dir[i]);
-        name = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/name", p));
+        libxl_path = GCSPRINTF("%s/%s", libxl_dir_path, dir[i]);
+        be_path = libxl__xs_read(gc, XBT_NULL,
+                                 GCSPRINTF("%s/backend", libxl_path));
+        if (!be_path) continue;
+        name = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/name", be_path));
         /* 'channels' are consoles with names, so ignore all consoles
            without names */
         if (!name) continue;
-        be_path = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/backend", p));
         tmp = realloc(*channels,
                       sizeof(libxl_device_channel) * (*nchannels + devid + 1));
         if (!tmp) {
@@ -4011,7 +4014,7 @@ libxl_device_channel *libxl_device_channel_list(libxl_ctx 
*ctx,
 
     *num = 0;
 
-    rc = libxl__append_channel_list_of_type(gc, domid, "console", &channels, 
num);
+    rc = libxl__append_channel_list(gc, domid, &channels, num);
     if (rc) goto out_err;
 
     GC_FREE;
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.