[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.3] libxl: Do not trust frontend for disk eject event



commit babf4f45a52af68e58316c4456dffc97e0a1df79
Author:     Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
AuthorDate: Wed Apr 27 16:08:49 2016 +0100
Commit:     Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
CommitDate: Mon Jun 6 17:06:43 2016 +0100

    libxl: Do not trust frontend for disk eject event
    
    Use the /libxl path for interpreting disk eject watch events: do not
    read the backend path out of the frontend.  Instead, use the version
    in /libxl.  That avoids us relying on the guest-modifiable
    $frontend/backend pointer.
    
    To implement this we store the path
      /libxl/$guest/device/vbd/$devid/backend
    in the evgen structure.
    
    This is part of XSA-175.
    
    Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
    Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx>
---
 tools/libxl/libxl.c          | 28 ++++++++++++++++++++++------
 tools/libxl/libxl_internal.h |  2 +-
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
index 0e9b9a5..cc7c91d 100644
--- a/tools/libxl/libxl.c
+++ b/tools/libxl/libxl.c
@@ -1140,9 +1140,10 @@ static void disk_eject_xswatch_callback(libxl__egc *egc, 
libxl__ev_xswatch *w,
                                         const char *wpath, const char *epath) {
     EGC_GC;
     libxl_evgen_disk_eject *evg = (void*)w;
-    char *backend;
+    const char *backend;
     char *value;
     char backend_type[BACKEND_STRING_SIZE+1];
+    int rc;
 
     value = libxl__xs_read(gc, XBT_NULL, wpath);
 
@@ -1158,9 +1159,16 @@ static void disk_eject_xswatch_callback(libxl__egc *egc, 
libxl__ev_xswatch *w,
     libxl_event *ev = NEW_EVENT(egc, DISK_EJECT, evg->domid, evg->user);
     libxl_device_disk *disk = &ev->u.disk_eject.disk;
     
-    backend = libxl__xs_read(gc, XBT_NULL,
-                             libxl__sprintf(gc, "%.*s/backend",
-                                            (int)strlen(wpath)-6, wpath));
+    rc = libxl__xs_read_checked(gc, XBT_NULL, evg->be_ptr_path, &backend);
+    if (rc) {
+        LIBXL__EVENT_DISASTER(egc, "xs_read failed reading be_ptr_path",
+                              errno, LIBXL_EVENT_TYPE_DISK_EJECT);
+        return;
+    }
+    if (!backend) {
+        /* device has been removed, not simply ejected */
+        return;
+    }
 
     sscanf(backend,
             "/local/domain/%d/backend/%" TOSTRING(BACKEND_STRING_SIZE)
@@ -1209,11 +1217,18 @@ int libxl_evenable_disk_eject(libxl_ctx *ctx, uint32_t 
guest_domid,
     if (!domid)
         domid = guest_domid;
 
-    path = libxl__sprintf(gc, "%s/device/vbd/%d/eject",
+    int devid = libxl__device_disk_dev_number(vdev, NULL, NULL);
+
+    path = GCSPRINTF("%s/device/vbd/%d/eject",
                  libxl__xs_get_dompath(gc, domid),
-                 libxl__device_disk_dev_number(vdev, NULL, NULL));
+                 devid);
     if (!path) { rc = ERROR_NOMEM; goto out; }
 
+    const char *libxl_path = GCSPRINTF("%s/device/vbd/%d",
+                                 libxl__xs_libxl_path(gc, domid),
+                                 devid);
+    evg->be_ptr_path = libxl__sprintf(NOGC, "%s/backend", libxl_path);
+
     rc = libxl__ev_xswatch_register(gc, &evg->watch,
                                     disk_eject_xswatch_callback, path);
     if (rc) goto out;
@@ -1240,6 +1255,7 @@ void libxl__evdisable_disk_eject(libxl__gc *gc, 
libxl_evgen_disk_eject *evg) {
         libxl__ev_xswatch_deregister(gc, &evg->watch);
 
     free(evg->vdev);
+    free(evg->be_ptr_path);
     free(evg);
 
     CTX_UNLOCK;
diff --git a/tools/libxl/libxl_internal.h b/tools/libxl/libxl_internal.h
index 84fa2cc..7e22ed5 100644
--- a/tools/libxl/libxl_internal.h
+++ b/tools/libxl/libxl_internal.h
@@ -256,7 +256,7 @@ struct libxl__evgen_disk_eject {
     uint32_t domid;
     LIBXL_LIST_ENTRY(libxl_evgen_disk_eject) entry;
     libxl_ev_user user;
-    char *vdev;
+    char *vdev, *be_ptr_path;
 };
 _hidden void
 libxl__evdisable_disk_eject(libxl__gc*, libxl_evgen_disk_eject*);
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.3

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.