[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 02/20] tools/xenstore: call remove_domid_from_perm() for special nodes

  • To: Juergen Gross <jgross@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Wed, 2 Nov 2022 08:41:31 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+xxM5wFKUi3p/4vPj61Bn/Dr2aDLwstqkvQRZEDlcxU=; b=FrVlfcg60dPK0qgf2aOIUFgAFcv1F1BlPGcazwFDlraPg8YAJ9c2obbG9MuU6hH5Z3peQWHuNmXM+AUL4WvKr86jTGJiprvpCLKAxCK4Wjvqt5BgnFaQ4XXCCn1FhkDYSaTh7p5p8sK9aeAZDmIVx5AcRVn14AfQQnvpqstQLoQEIGLclagf24Ai24vBtneCktnSkB+5UyzM2EZanxC13pUmHEAZisJe6n431KVf46CJRvsi4Wnn50hYFEjS7WdyRIJq0WHitXlW393RhJGWtwzCfh69/noLtmWdUFbXMqmyBx36CuiLp9nrDw7NVrFtRnl8WRSTSzxEurggulcS1w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YTUCdhy4jNpOzaClFJZc3g/brb22/SqOL4bDz7j+sEHrFSf6Ce89hlDZfDcngVPgtkVWhuO+pHBcwGGfexrIp6skQmDiRC5pBkALo0+WqpwicSq4QLZOIMwsFEY/o05jpVgk1fnL7xmLH+gClugLiC0tKygV7JJM1PgMFaTX2Ci7dk0WBOCri4dtv7W5syPu5+4LolJw9XEzhX+BJCzhOVvE0VCpoGkGdt7mLahZ/NLAW3OTRbzISnYLZ10WbGhxvQYm9ijYvFkbL0u3ZiRO6XZV29KsJs1REgn9Kusm5N79gFnbZJ/plm3JhrzCPCE72gM03bLDOl4yR8yICXRNKw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, Julien Grall <jgrall@xxxxxxxxxx>, Henry Wang <Henry.Wang@xxxxxxx>
  • Delivery-date: Wed, 02 Nov 2022 08:41:48 +0000
  • Ironport-data: A9a23:ZDW7jKMAhUgfJ9rvrR18lsFynXyQoLVcMsEvi/4bfWQNrUon3j1Sz TdJXD/Xa6reZ2bzeN9+bYzg9k4E7MCAn9JgTwto+SlhQUwRpJueD7x1DKtS0wC6dZSfER09v 63yTvGacajYm1eF/k/F3oDJ9CU6jufQA+KmU4YoAwgpLSd8UiAtlBl/rOAwh49skLCRDhiE/ Nj/uKUzAnf8s9JPGj9Suv/rRC9H5qyo4mpB5gZmPJingXeF/5UrJMNHTU2OByOQrrl8RoaSW +vFxbelyWLVlz9F5gSNy+uTnuUiG9Y+DCDW4pZkc/HKbitq/0Te5p0TJvsEAXq7vh3S9zxHJ HehgrTrIeshFvWkdO3wyHC0GQkmVUFN0OevzXRSLaV/ZqAJGpfh66wGMa04AWEX0slTGV5Er fIKEixOah2ln7qw4qmJb+Y506zPLOGzVG8ekldJ6GmDSM0AGNXESaiM4sJE1jAtgMwIBezZe 8cSdTtoalLHfgFLPVAUTpk5mY9EhFGmK2Ee9A3T+PVxvza7IA9ZidABNPL8fNCQSNoTtUGfv m/cpEzyAw0ANczZwj2Amp6prr+TwXqgBt1KfFG+3qJlx3eJ+2U5Mhw5VWWFqvWdpmG8QOsKf iT4/QJr98De7neDTNbnWAajiGWZpRNaUN1Ve8Uq5QfIxqfK7gKxAmkfUiUHeNEgrNUxRzEhy hmOhdyBLSNrmK2YTzSa7Lj8hTGvPSkYK0cSaClCShEKi/Hhr5s6ihbnR9NqAqmzyNbyHFnY4 z2Mtjl4uLwVguYCzaD99lfC6w9AvbDMRw8xox7RB2uj5wYhPoq9PdT0tx7c8OpKK5ufQh+Zp n8YlsOC7ecIS5aQiCiKR+ZLF7asjxqYDADhbZdUN8FJ31yQF7SLJOi8PBkWyJ9VD/s5
  • Ironport-hdrordr: A9a23:T1vjraxB4QQs05XqMvsaKrPxj+skLtp133Aq2lEZdPULSKGlfp GV9sjziyWetN9IYgBapTiBUJPwIk81bfZOkMQs1MSZLXPbUQyTXc1fBOrZsnfd8kjFmtK1up 0QFJSWZOeQMbE+t7eD3ODaKadu/DDkytHPuQ629R4EIm9XguNbnn5E422gYy9LrXx9dP4E/e 2nl696TlSbGUg/X4CePD0oTuLDr9rEmNbNehgdHSMq7wGIkHeB9KP6OwLw5GZebxp/hZMZtU TVmQ3w4auu99uhzAXH6mPV55NK3PP819p4AtCWgMR9EESttu/oXvUjZ1SxhkFxnAid0idvrD AKmWZmAy1H0QKSQohym2qq5+Cv6kd215ao8y7kvZKqm72EeNt9MbsOuWsRSGqm16Jr1usMr5 5jziaXsYFaAgjHmzm479/UVwtynk7xunY6l/UP5kYvGLf2RYUh2rD3xnklZqsoDWb/8sQqAe NuBMbT6LJfdk6bdWnQui1qzMa3Vno+Ex+aSgxa0/blmAR+jTR81Q8V1cYflnAP+NY0TIRF/f 3NNuBtmKtVRsEbYKphDKMKQNexCGbKXRXQWVjiaWjPBeUCITbAupT36LI66KWjf4EJ1oI7nN DbXFZRpQcJCjbT4A21reh2Gzz2MRaAtG7Wu7BjDrBCy83BbauuNzGfQ1YzlMblq+kDA6TgKo SOBK4=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHY7ga/5MFeaUWvXkWrm6X3MoCOY64rUcKA
  • Thread-topic: [PATCH 02/20] tools/xenstore: call remove_domid_from_perm() for special nodes
On 01/11/2022 15:28, Juergen Gross wrote:
> When destroying a domain, any stale permissions of the domain must be
> removed from the special nodes "@...", too. This was not done in the
> fix for XSA-322.
>
> Fixes: 496306324d8d ("tools/xenstore: revoke access rights for removed 
> domains")
> Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
> Reviewed-by: Julien Grall <jgrall@xxxxxxxxxx>

Henry, this one also ought to be considered for 4.17 at this point, as
it's a bugfix to security fix.

As noted in the cover letter, it is R-by already as it came up in
private, but was ultimately not included in the security content.

Thanks,

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.