Xen project Mailing List

[Xen-changelog] [xen stable-4.3] libxl: Do not trust frontend for disk eject event

Date: Thu, 30 Jun 2016 20:34:34 +0000

Delivery-date: Thu, 30 Jun 2016 20:34:37 +0000

List-id: "Change log for Mercurial $receive only$" <xen-changelog.lists.xen.org>

commit babf4f45a52af68e58316c4456dffc97e0a1df79 Author: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> AuthorDate: Wed Apr 27 16:08:49 2016 +0100 Commit: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> CommitDate: Mon Jun 6 17:06:43 2016 +0100 libxl: Do not trust frontend for disk eject event Use the /libxl path for interpreting disk eject watch events: do not read the backend path out of the frontend. Instead, use the version in /libxl. That avoids us relying on the guest-modifiable $frontend/backend pointer. To implement this we store the path /libxl/$guest/device/vbd/$devid/backend in the evgen structure. This is part of XSA-175. Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx> --- tools/libxl/libxl.c | 28 ++++++++++++++++++++++------ tools/libxl/libxl_internal.h | 2 +- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c index 0e9b9a5..cc7c91d 100644 --- a/tools/libxl/libxl.c +++ b/tools/libxl/libxl.c @@ -1140,9 +1140,10 @@ static void disk_eject_xswatch_callback(libxl__egc *egc, libxl__ev_xswatch *w, const char *wpath, const char *epath) { EGC_GC; libxl_evgen_disk_eject *evg = (void*)w; - char *backend; + const char *backend; char *value; char backend_type[BACKEND_STRING_SIZE+1]; + int rc; value = libxl__xs_read(gc, XBT_NULL, wpath); @@ -1158,9 +1159,16 @@ static void disk_eject_xswatch_callback(libxl__egc *egc, libxl__ev_xswatch *w, libxl_event *ev = NEW_EVENT(egc, DISK_EJECT, evg->domid, evg->user); libxl_device_disk *disk = &ev->u.disk_eject.disk; - backend = libxl__xs_read(gc, XBT_NULL, - libxl__sprintf(gc, "%.*s/backend", - (int)strlen(wpath)-6, wpath)); + rc = libxl__xs_read_checked(gc, XBT_NULL, evg->be_ptr_path, &backend); + if (rc) { + LIBXL__EVENT_DISASTER(egc, "xs_read failed reading be_ptr_path", + errno, LIBXL_EVENT_TYPE_DISK_EJECT); + return; + } + if (!backend) { + /* device has been removed, not simply ejected */ + return; + } sscanf(backend, "/local/domain/%d/backend/%" TOSTRING(BACKEND_STRING_SIZE) @@ -1209,11 +1217,18 @@ int libxl_evenable_disk_eject(libxl_ctx *ctx, uint32_t guest_domid, if (!domid) domid = guest_domid; - path = libxl__sprintf(gc, "%s/device/vbd/%d/eject", + int devid = libxl__device_disk_dev_number(vdev, NULL, NULL); + + path = GCSPRINTF("%s/device/vbd/%d/eject", libxl__xs_get_dompath(gc, domid), - libxl__device_disk_dev_number(vdev, NULL, NULL)); + devid); if (!path) { rc = ERROR_NOMEM; goto out; } + const char *libxl_path = GCSPRINTF("%s/device/vbd/%d", + libxl__xs_libxl_path(gc, domid), + devid); + evg->be_ptr_path = libxl__sprintf(NOGC, "%s/backend", libxl_path); + rc = libxl__ev_xswatch_register(gc, &evg->watch, disk_eject_xswatch_callback, path); if (rc) goto out; @@ -1240,6 +1255,7 @@ void libxl__evdisable_disk_eject(libxl__gc *gc, libxl_evgen_disk_eject *evg) { libxl__ev_xswatch_deregister(gc, &evg->watch); free(evg->vdev); + free(evg->be_ptr_path); free(evg); CTX_UNLOCK; diff --git a/tools/libxl/libxl_internal.h b/tools/libxl/libxl_internal.h index 84fa2cc..7e22ed5 100644 --- a/tools/libxl/libxl_internal.h +++ b/tools/libxl/libxl_internal.h @@ -256,7 +256,7 @@ struct libxl__evgen_disk_eject { uint32_t domid; LIBXL_LIST_ENTRY(libxl_evgen_disk_eject) entry; libxl_ev_user user; - char *vdev; + char *vdev, *be_ptr_path; }; _hidden void libxl__evdisable_disk_eject(libxl__gc*, libxl_evgen_disk_eject*); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.3 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.