[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.4] libxl: Do not trust frontend for vtpm in getinfo
commit 9b7d6d20bcc45d43b4b7d11e0efe0419597f64bf Author: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> AuthorDate: Tue May 3 16:00:20 2016 +0100 Commit: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> CommitDate: Mon Jun 6 15:54:27 2016 +0100 libxl: Do not trust frontend for vtpm in getinfo libxl_device_vtpm_getinfo needs to examine devices without trusting frontend-controlled data. So: * Use /libxl to find the backend path. * Parse the backend path to find the backend domid, rather than reading it from the frontend. This is part of XSA-175. Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx> --- tools/libxl/libxl.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c index 0886d92..a0aeb50 100644 --- a/tools/libxl/libxl.c +++ b/tools/libxl/libxl.c @@ -1928,7 +1928,7 @@ int libxl_device_vtpm_getinfo(libxl_ctx *ctx, libxl_vtpminfo *vtpminfo) { GC_INIT(ctx); - char *dompath, *vtpmpath; + char *libxl_path, *dompath, *vtpmpath; char *val; int rc = 0; @@ -1937,8 +1937,10 @@ int libxl_device_vtpm_getinfo(libxl_ctx *ctx, vtpminfo->devid = vtpm->devid; vtpmpath = GCSPRINTF("%s/device/vtpm/%d", dompath, vtpminfo->devid); + libxl_path = GCSPRINTF("%s/device/vtpm/%d", + libxl__xs_libxl_path(gc, domid), vtpminfo->devid); vtpminfo->backend = xs_read(ctx->xsh, XBT_NULL, - GCSPRINTF("%s/backend", vtpmpath), NULL); + GCSPRINTF("%s/backend", libxl_path), NULL); if (!vtpminfo->backend) { goto err; } @@ -1946,9 +1948,9 @@ int libxl_device_vtpm_getinfo(libxl_ctx *ctx, goto err; } - val = libxl__xs_read(gc, XBT_NULL, - GCSPRINTF("%s/backend-id", vtpmpath)); - vtpminfo->backend_id = val ? strtoul(val, NULL, 10) : -1; + rc = libxl__backendpath_parse_domid(gc, vtpminfo->backend, + &vtpminfo->backend_id); + if (rc) goto exit; val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/state", vtpmpath)); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.4 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |