[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.4] libxl: Do not trust frontend for disk in getinfo



commit 0006b20136204e9341f49671b24d2fa263c0bab8
Author:     Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
AuthorDate: Fri Apr 29 19:21:51 2016 +0100
Commit:     Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
CommitDate: Mon Jun 6 15:54:27 2016 +0100

    libxl: Do not trust frontend for disk in getinfo
    
    * Rename the frontend variable to `fe_path' to check we caught them all
    * Read the backend path from /libxl, rather than from the frontend
    * Parse the backend domid from the backend path, rather than reading it
      from the frontend (and add the appropriate error path and initialisation)
    
    This is part of XSA-175.
    
    Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
    Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx>
---
 tools/libxl/libxl.c | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
index f101334..18f9f0a 100644
--- a/tools/libxl/libxl.c
+++ b/tools/libxl/libxl.c
@@ -2449,27 +2449,34 @@ int libxl_device_disk_getinfo(libxl_ctx *ctx, uint32_t 
domid,
                               libxl_device_disk *disk, libxl_diskinfo 
*diskinfo)
 {
     GC_INIT(ctx);
-    char *dompath, *diskpath;
+    char *dompath, *fe_path, *libxl_path;
     char *val;
+    int rc;
+
+    diskinfo->backend = NULL;
 
     dompath = libxl__xs_get_dompath(gc, domid);
     diskinfo->devid = libxl__device_disk_dev_number(disk->vdev, NULL, NULL);
 
     /* tap devices entries in xenstore are written as vbd devices. */
-    diskpath = libxl__sprintf(gc, "%s/device/vbd/%d", dompath, 
diskinfo->devid);
+    fe_path = GCSPRINTF("%s/device/vbd/%d", dompath, diskinfo->devid);
+    libxl_path = GCSPRINTF("%s/device/vbd/%d",
+                           libxl__xs_libxl_path(gc, domid), diskinfo->devid);
     diskinfo->backend = xs_read(ctx->xsh, XBT_NULL,
-                                libxl__sprintf(gc, "%s/backend", diskpath), 
NULL);
+                                GCSPRINTF("%s/backend", libxl_path), NULL);
     if (!diskinfo->backend) {
         GC_FREE;
         return ERROR_FAIL;
     }
-    val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/backend-id", 
diskpath));
-    diskinfo->backend_id = val ? strtoul(val, NULL, 10) : -1;
-    val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/state", 
diskpath));
+    rc = libxl__backendpath_parse_domid(gc, diskinfo->backend,
+                                        &diskinfo->backend_id);
+    if (rc) goto out;
+
+    val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/state", fe_path));
     diskinfo->state = val ? strtoul(val, NULL, 10) : -1;
-    val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/event-channel", 
diskpath));
+    val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/event-channel", fe_path));
     diskinfo->evtch = val ? strtoul(val, NULL, 10) : -1;
-    val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/ring-ref", 
diskpath));
+    val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/ring-ref", fe_path));
     diskinfo->rref = val ? strtoul(val, NULL, 10) : -1;
     diskinfo->frontend = xs_read(ctx->xsh, XBT_NULL,
                                  libxl__sprintf(gc, "%s/frontend", 
diskinfo->backend), NULL);
@@ -2478,6 +2485,10 @@ int libxl_device_disk_getinfo(libxl_ctx *ctx, uint32_t 
domid,
 
     GC_FREE;
     return 0;
+
+ out:
+    free(diskinfo->backend);
+    return rc;
 }
 
 int libxl_cdrom_insert(libxl_ctx *ctx, uint32_t domid, libxl_device_disk *disk,
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.4

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.