[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.3] libxl: Do not trust frontend in libxl__devices_destroy



commit 4a78d360241a4b97a22d83e6283e122a45ef96e3
Author:     Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
AuthorDate: Tue May 3 18:39:36 2016 +0100
Commit:     Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
CommitDate: Mon Jun 6 17:06:43 2016 +0100

    libxl: Do not trust frontend in libxl__devices_destroy
    
    We need to enumerate the devices we have provided to a domain, without
    trusting the guest-writeable (or, at least, guest-deletable) frontend
    paths.
    
    Instead, enumerate via, and read the backend path from, /libxl.
    
    The console /libxl path is regular, so the special case for console 0
    is not relevant any more: /libxl/GUEST/device/console/0 will be found,
    and then libxl__device_destroy will DTRT to the right frontend path.
    
    This is part of XSA-175.
    
    Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
    Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx>
---
 tools/libxl/libxl_device.c | 24 ++++--------------------
 1 file changed, 4 insertions(+), 20 deletions(-)

diff --git a/tools/libxl/libxl_device.c b/tools/libxl/libxl_device.c
index fd46726..0cd0c0d 100644
--- a/tools/libxl/libxl_device.c
+++ b/tools/libxl/libxl_device.c
@@ -656,7 +656,7 @@ void libxl__devices_destroy(libxl__egc *egc, 
libxl__devices_remove_state *drs)
     libxl__multidev_begin(ao, multidev);
     multidev->callback = devices_remove_callback;
 
-    path = libxl__sprintf(gc, "/local/domain/%d/device", domid);
+    path = GCSPRINTF("/libxl/%d/device", domid);
     kinds = libxl__xs_directory(gc, XBT_NULL, path, &num_kinds);
     if (!kinds) {
         if (errno != ENOENT) {
@@ -670,13 +670,13 @@ void libxl__devices_destroy(libxl__egc *egc, 
libxl__devices_remove_state *drs)
         if (libxl__device_kind_from_string(kinds[i], &kind))
             continue;
 
-        path = libxl__sprintf(gc, "/local/domain/%d/device/%s", domid, 
kinds[i]);
+        path = GCSPRINTF("/libxl/%d/device/%s", domid, kinds[i]);
         devs = libxl__xs_directory(gc, XBT_NULL, path, &num_dev_xsentries);
         if (!devs)
             continue;
         for (j = 0; j < num_dev_xsentries; j++) {
-            path = libxl__sprintf(gc, "/local/domain/%d/device/%s/%s/backend",
-                                  domid, kinds[i], devs[j]);
+            path = GCSPRINTF("/libxl/%d/device/%s/%s/backend",
+                             domid, kinds[i], devs[j]);
             path = libxl__xs_read(gc, XBT_NULL, path);
             GCNEW(dev);
             if (path && libxl__parse_backend_path(gc, path, dev) == 0) {
@@ -700,22 +700,6 @@ void libxl__devices_destroy(libxl__egc *egc, 
libxl__devices_remove_state *drs)
         }
     }
 
-    /* console 0 frontend directory is not under /local/domain/<domid>/device 
*/
-    path = libxl__sprintf(gc, "/local/domain/%d/console/backend", domid);
-    path = libxl__xs_read(gc, XBT_NULL, path);
-    GCNEW(dev);
-    if (path && strcmp(path, "") &&
-        libxl__parse_backend_path(gc, path, dev) == 0) {
-        dev->domid = domid;
-        dev->kind = LIBXL__DEVICE_KIND_CONSOLE;
-        dev->devid = 0;
-
-        /* Currently console devices can be destroyed synchronously by just
-         * removing xenstore entries, this is what libxl__device_destroy does.
-         */
-        libxl__device_destroy(gc, dev);
-    }
-
 out:
     libxl__multidev_prepared(egc, multidev, rc);
 }
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.3

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.