[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.5] libxl: Cleanup: Have libxl__alloc_vdev use /libxl

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Tue, 14 Jun 2016 03:00:00 +0000
Delivery-date: Tue, 14 Jun 2016 03:00:04 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

commit 3675172b342d1c03b01e2ac0a9fe851391921ab7
Author:     Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
AuthorDate: Tue May 3 15:25:19 2016 +0100
Commit:     Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
CommitDate: Mon Jun 6 15:48:36 2016 +0100

    libxl: Cleanup: Have libxl__alloc_vdev use /libxl
    
    When allocating a vdev for a new disk, look in /libxl/device, rather
    than the frontends directory in xenstore.
    
    This is more in line with the other parts of libxl, which ought not to
    trust frontends.  In this case, though, there is no security bug prior
    to this patch because the frontend is the toolstack domain itself.
    
    If libxl__alloc_vdev were ever changed to take a frontend domain
    argument, this patch will fix a latent security bug.
    
    This is a followup to XSA-175.
    
    Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
    Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx>
---
 tools/libxl/libxl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
index a6701d4..20a8960 100644
--- a/tools/libxl/libxl.c
+++ b/tools/libxl/libxl.c
@@ -3043,7 +3043,7 @@ static char * libxl__alloc_vdev(libxl__gc *gc, void 
*get_vdev_user,
 {
     const char *blkdev_start = (const char *) get_vdev_user;
     int devid = 0, disk = 0, part = 0;
-    char *dompath = libxl__xs_get_dompath(gc, LIBXL_TOOLSTACK_DOMID);
+    char *libxl_dom_path = libxl__xs_libxl_path(gc, LIBXL_TOOLSTACK_DOMID);
 
     libxl__device_disk_dev_number(blkdev_start, &disk, &part);
     if (part != 0) {
@@ -3058,7 +3058,7 @@ static char * libxl__alloc_vdev(libxl__gc *gc, void 
*get_vdev_user,
             return NULL;
         if (libxl__xs_read(gc, t,
                     libxl__sprintf(gc, "%s/device/vbd/%d/backend",
-                        dompath, devid)) == NULL) {
+                        libxl_dom_path, devid)) == NULL) {
             if (errno == ENOENT)
                 return libxl__devid_to_localdev(gc, devid);
             else
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.5

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

Prev by Date: [Xen-changelog] [xen stable-4.5] libxl: Do not trust backend in channel list
Next by Date: [Xen-changelog] [xen stable-4.5] libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be
Previous by thread: [Xen-changelog] [xen stable-4.5] libxl: Do not trust backend in channel list
Next by thread: [Xen-changelog] [xen stable-4.5] libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.