[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.10] tools/ocaml/xenstored: introduce permissions for special watches



commit a4c2c94e8ba8e9dd99b98b9dbe5f112baa76c1c5
Author:     Edwin Török <edvin.torok@xxxxxxxxxx>
AuthorDate: Tue Dec 15 14:43:59 2020 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Dec 15 14:43:59 2020 +0100

    tools/ocaml/xenstored: introduce permissions for special watches
    
    The special watches "@introduceDomain" and "@releaseDomain" should be
    allowed for privileged callers only, as they allow to gain information
    about presence of other guests on the host. So send watch events for
    those watches via privileged connections only.
    
    Start to address this by treating the special watches as regular nodes
    in the tree, which gives them normal semantics for permissions.  A later
    change will restrict the handling, so that they can't be listed, etc.
    
    This is part of XSA-115.
    
    Signed-off-by: Edwin Török <edvin.torok@xxxxxxxxxx>
    Acked-by: Christian Lindig <christian.lindig@xxxxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 tools/ocaml/xenstored/process.ml   |  4 ++--
 tools/ocaml/xenstored/store.ml     |  5 +++++
 tools/ocaml/xenstored/utils.ml     | 26 ++++++++++++--------------
 tools/ocaml/xenstored/xenstored.ml |  4 +++-
 4 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/tools/ocaml/xenstored/process.ml b/tools/ocaml/xenstored/process.ml
index f374abe998..c3c8ea2f4b 100644
--- a/tools/ocaml/xenstored/process.ml
+++ b/tools/ocaml/xenstored/process.ml
@@ -414,7 +414,7 @@ let do_introduce con t domains cons data =
                else try
                        let ndom = Domains.create domains domid mfn port in
                        Connections.add_domain cons ndom;
-                       Connections.fire_spec_watches cons "@introduceDomain";
+                       Connections.fire_spec_watches cons 
Store.Path.introduce_domain;
                        ndom
                with _ -> raise Invalid_Cmd_Args
        in
@@ -433,7 +433,7 @@ let do_release con t domains cons data =
        Domains.del domains domid;
        Connections.del_domain cons domid;
        if fire_spec_watches 
-       then Connections.fire_spec_watches cons "@releaseDomain"
+       then Connections.fire_spec_watches cons Store.Path.release_domain
        else raise Invalid_Cmd_Args
 
 let do_resume con t domains cons data =
diff --git a/tools/ocaml/xenstored/store.ml b/tools/ocaml/xenstored/store.ml
index 6375a1c889..98d368d52f 100644
--- a/tools/ocaml/xenstored/store.ml
+++ b/tools/ocaml/xenstored/store.ml
@@ -214,6 +214,11 @@ let rec lookup node path fct =
 
 let apply rnode path fct =
        lookup rnode path fct
+
+let introduce_domain = "@introduceDomain"
+let release_domain = "@releaseDomain"
+let specials = List.map of_string [ introduce_domain; release_domain ]
+
 end
 
 (* The Store.t type *)
diff --git a/tools/ocaml/xenstored/utils.ml b/tools/ocaml/xenstored/utils.ml
index e89c1aff04..f3d95e8897 100644
--- a/tools/ocaml/xenstored/utils.ml
+++ b/tools/ocaml/xenstored/utils.ml
@@ -89,19 +89,17 @@ let read_file_single_integer filename =
        Unix.close fd;
        int_of_string (String.sub buf 0 sz)
 
-let path_complete path connection_path =
-       if String.get path 0 <> '/' then
-               connection_path ^ path
-       else
-               path
-
+(* @path may be guest data and needs its length validating.  @connection_path
+ * is generated locally in xenstored and always of the form 
"/local/domain/$N/" *)
 let path_validate path connection_path =
-       if String.length path = 0 || String.length path > 1024 then
-               raise Define.Invalid_path
-       else
-               let cpath = path_complete path connection_path in
-               if String.get cpath 0 <> '/' then
-                       raise Define.Invalid_path
-               else
-                       cpath
+       let len = String.length path in
+
+       if len = 0 || len > 1024 then raise Define.Invalid_path;
+
+       let abs_path =
+               match String.get path 0 with
+               | '/' | '@' -> path
+               | _   -> connection_path ^ path
+       in
 
+       abs_path
diff --git a/tools/ocaml/xenstored/xenstored.ml 
b/tools/ocaml/xenstored/xenstored.ml
index 49fc18bf19..32c3b1c0f1 100644
--- a/tools/ocaml/xenstored/xenstored.ml
+++ b/tools/ocaml/xenstored/xenstored.ml
@@ -287,6 +287,8 @@ let _ =
        let quit = ref false in
 
        Logging.init_xenstored_log();
+       List.iter (fun path ->
+               Store.write store Perms.Connection.full_rights path "") 
Store.Path.specials;
 
        let filename = Paths.xen_run_stored ^ "/db" in
        if cf.restart && Sys.file_exists filename then (
@@ -339,7 +341,7 @@ let _ =
                                        let (notify, deaddom) = Domains.cleanup 
domains in
                                        List.iter (Connections.del_domain cons) 
deaddom;
                                        if deaddom <> [] || notify then
-                                               Connections.fire_spec_watches 
cons "@releaseDomain"
+                                               Connections.fire_spec_watches 
cons Store.Path.release_domain
                                )
                                else
                                        let c = Connections.find_domain_by_port 
cons port in
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.10



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.