|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 1/2] libxl: correctly list disks served by driver domains in block-list
On Fri, 2013-09-06 at 12:36 +0200, Roger Pau Monne wrote:
> The block-list command was not able to lists disks with backends
> running on domains different than Dom0, because it was only looking on
> the backend xenstore path of Dom0. Fix this by instead fetching the
> disks from the DomU xenstore entries.
Need to be a bit careful here about reading from potentially guest
controllable keys. This should mostly be a question of permissions.
> + fe_path = libxl__sprintf(gc, "/local/domain/%d/device/vbd", domid);
Are guests able to create new subdirectories under here?
> + devs = libxl__xs_directory(gc, XBT_NULL, fe_path, &xs_num);
> + if (!devs)
> + /* Domain has no disks */
> + goto out;
> + disks = libxl__calloc(NOGC, xs_num, sizeof(*disks));
> + if (!disks)
> + goto out_err;
> + for (i = 0; i < xs_num; i++) {
> + fe_path = GCSPRINTF("/local/domain/%d/device/vbd/%s/backend",
> + domid, devs[i]);
Is this path writeable by the guest? The containing directory is I
think, so this needs to include delete and recreate type situations
(although ISTR xenstore not having the posix like semantics here).
If the guest can remove and recreate then we should check the current
owner of the key is e.g. the toolstack domain or whoever should be
trusted to won the key, within the same transaction as the read itself.
> + rc = libxl__xs_read_checked(gc, XBT_NULL, fe_path, &be_path);
> + if (rc)
> + goto out_err;
> + rc = libxl__device_disk_from_xs_be(gc, be_path, &disks[*num]);
> + if (rc)
> + goto out_err;
> + (*num)++;
> + assert(*num <= xs_num);
> + }
>
> +out:
> GC_FREE;
> return disks;
>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |