[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.5] libxl: Cleanup: Have libxl__alloc_vdev use /libxl



commit 3675172b342d1c03b01e2ac0a9fe851391921ab7
Author:     Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
AuthorDate: Tue May 3 15:25:19 2016 +0100
Commit:     Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
CommitDate: Mon Jun 6 15:48:36 2016 +0100

    libxl: Cleanup: Have libxl__alloc_vdev use /libxl
    
    When allocating a vdev for a new disk, look in /libxl/device, rather
    than the frontends directory in xenstore.
    
    This is more in line with the other parts of libxl, which ought not to
    trust frontends.  In this case, though, there is no security bug prior
    to this patch because the frontend is the toolstack domain itself.
    
    If libxl__alloc_vdev were ever changed to take a frontend domain
    argument, this patch will fix a latent security bug.
    
    This is a followup to XSA-175.
    
    Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
    Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx>
---
 tools/libxl/libxl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
index a6701d4..20a8960 100644
--- a/tools/libxl/libxl.c
+++ b/tools/libxl/libxl.c
@@ -3043,7 +3043,7 @@ static char * libxl__alloc_vdev(libxl__gc *gc, void 
*get_vdev_user,
 {
     const char *blkdev_start = (const char *) get_vdev_user;
     int devid = 0, disk = 0, part = 0;
-    char *dompath = libxl__xs_get_dompath(gc, LIBXL_TOOLSTACK_DOMID);
+    char *libxl_dom_path = libxl__xs_libxl_path(gc, LIBXL_TOOLSTACK_DOMID);
 
     libxl__device_disk_dev_number(blkdev_start, &disk, &part);
     if (part != 0) {
@@ -3058,7 +3058,7 @@ static char * libxl__alloc_vdev(libxl__gc *gc, void 
*get_vdev_user,
             return NULL;
         if (libxl__xs_read(gc, t,
                     libxl__sprintf(gc, "%s/device/vbd/%d/backend",
-                        dompath, devid)) == NULL) {
+                        libxl_dom_path, devid)) == NULL) {
             if (errno == ENOENT)
                 return libxl__devid_to_localdev(gc, devid);
             else
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.5

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.