[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.16] tools/xenstore: call remove_domid_from_perm() for special nodes

To: xen-changelog@xxxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Thu, 10 Nov 2022 13:11:01 +0000
Delivery-date: Thu, 10 Nov 2022 13:11:10 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xenproject.org>

commit a524495aac037d48e3163ad29099030403298f6f
Author:     Juergen Gross <jgross@xxxxxxxx>
AuthorDate: Wed Nov 9 10:59:42 2022 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Nov 9 10:59:42 2022 +0100

    tools/xenstore: call remove_domid_from_perm() for special nodes
    
    When destroying a domain, any stale permissions of the domain must be
    removed from the special nodes "@...", too. This was not done in the
    fix for XSA-322.
    
    Fixes: 496306324d8d ("tools/xenstore: revoke access rights for removed 
domains")
    Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
    Reviewed-by: Julien Grall <jgrall@xxxxxxxxxx>
    master commit: 0751a75e3996cf6efd3925a90b4776660d8df2bc
    master date: 2022-11-02 12:08:22 +0100
---
 tools/xenstore/xenstored_domain.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/tools/xenstore/xenstored_domain.c 
b/tools/xenstore/xenstored_domain.c
index 8b134017a2..ddd49eddfa 100644
--- a/tools/xenstore/xenstored_domain.c
+++ b/tools/xenstore/xenstored_domain.c
@@ -227,6 +227,27 @@ static void unmap_interface(void *interface)
        xengnttab_unmap(*xgt_handle, interface, 1);
 }
 
+static void remove_domid_from_perm(struct node_perms *perms,
+                                  struct domain *domain)
+{
+       unsigned int cur, new;
+
+       if (perms->p[0].id == domain->domid)
+               perms->p[0].id = priv_domid;
+
+       for (cur = new = 1; cur < perms->num; cur++) {
+               if (perms->p[cur].id == domain->domid)
+                       continue;
+
+               if (new != cur)
+                       perms->p[new] = perms->p[cur];
+
+               new++;
+       }
+
+       perms->num = new;
+}
+
 static int domain_tree_remove_sub(const void *ctx, struct connection *conn,
                                  struct node *node, void *arg)
 {
@@ -277,6 +298,9 @@ static void domain_tree_remove(struct domain *domain)
                        syslog(LOG_ERR,
                               "error when looking for orphaned nodes\n");
        }
+
+       remove_domid_from_perm(&dom_release_perms, domain);
+       remove_domid_from_perm(&dom_introduce_perms, domain);
 }
 
 static int destroy_domain(void *_domain)
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.16

Prev by Date: [xen stable-4.15] xen/sched: migrate timers to correct cpus after suspend
Next by Date: [xen stable-4.16] xen/sched: migrate timers to correct cpus after suspend
Previous by thread: [xen stable-4.15] xen/sched: migrate timers to correct cpus after suspend
Next by thread: [xen stable-4.16] xen/sched: migrate timers to correct cpus after suspend
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.