Xen project Mailing List

RE: [PATCH 02/20] tools/xenstore: call remove_domid_from_perm() for special nodes

To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Henry Wang <Henry.Wang@xxxxxxx>

Date: Wed, 2 Nov 2022 08:44:52 +0000

Accept-language: zh-CN, en-US

Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none

Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oK4jbHfGL94GP7JAH7C2CgduJanU8YTRpFQRxy7Cm04=; b=OSFJ9i+uEQtAkHO09G9SxJLsOD3pgMOdodVorllPbDVVkeaClT3AOy0sBvdYfPaxfn9faky2chIw8yG/oXrmLq2XBHIvUViJQYV+6zq7U8ZfnqZxOKsncntczJhpnXL6lq9jNnRRAV8l3gF1YAyuAI/l4p/m+UPvVvg366ctF2QWQMEvB5vq2uuOIvrFBLskuluHQn2n6KRkoAvBcqVX5mY07inP7QBu2RjD8HMAXLYhOnosazr+wBIa4fEPtsAcpYht6MiCoQ2xFVbBB2OurNobLbE1TWXxS4/6H78ZWpR+pra0/So7oObMtVbKuyItquc69Dk2grHEBFIqaRmlDg==

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oK4jbHfGL94GP7JAH7C2CgduJanU8YTRpFQRxy7Cm04=; b=lZS08AD312nF8wUuqAk83ATYTgOgPUXtU8Yh+Ty6VZgWjPFExg3D8e0BNQCXpeOOW+fa5e4Vrked11WtsK8qDtVfWAegHCtKC1pE6HZi/5Cb5npvPAYIJLvRx2txifYOnwK/oXMe9gjIGgJECGmNyUP+LmqwsvD1Aylh63oBf+5mo7BAAktKr86PSWtDV/B30nywGrC6/W+z6ye1Y/mWn7dURcLXOnstv6v1hkB+bt7RyJ6Toxe71ZR+lo+Sv8TYUJ8BGPxmY8I/42EAuw81KFcPBVIsDNuGNKYDY7kRj0hG2psa2/HGpN1bGhc3LvXWm6A1MaQHY8jJOa/JgePqYQ==

Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=ch47SOG89eC4UWI44ZqDtpRTTtHVWJ74elZBBfI+m0vTWBI9IwIxEdCHDrlDhZqX5aL6oW/1e9QsDE0kUe7cBaoUrcMpOhcdzVe28hliK02Nbeht84HCfLMEKFePiqShn+odv2Ff1Y736BohVDGCimJ/4RIFKD2VdjLnrjV0IaRr/CDKTRlBhfMMTRZvwYYYovKlH8ceYuLuhaWwe8SrqIR5Y+dXLIMZnSxa0yFjGvRnXufXeYlsBtrN05Qvi1A9V0/l8/fmOV669B1yzVpgB2LeVx7+nvMCFiVjfGRU71m8fKlo/lfbq+0Ypg7RYJJxBreqoy3UB6k3i5RjYD5+xA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cKPt+DA0pJS5DGVHa/6/kslw4mAR9ZPYPp4YIkf0TCsjOV56ufZMROH1An3ng8wIMABFTHGZZvBXhdc+mgYI/cyvpOlChmLkJIgF2kKruwtGZ3uYh6PBVqLkxR550IO4oTkS8LwkMe6ZwLWukT5DbxzOLka9wV7M4Y0lfwJRGgeTTZVfB5IghLqKdQG/YBZ/7UTfCeN9FDVGLR9pVhLnp253ZKxTzaY3Eu7plThdYJtoZJEZ2143SCDjaT5HxUKKhU4Qo7aVRTyclYX9W5Lj6vMsRBx+pXEuxckLG/qVIkJCmgIs38rfUNeYqIOHynyYldJz45f0FYuC0yMP2HwUTQ==

Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Cc: Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, Julien Grall <jgrall@xxxxxxxxxx>

Delivery-date: Wed, 02 Nov 2022 08:45:07 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Nodisclaimer: true

Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;

Thread-index: AQHY7ga8TbV3UfvVg06BXOIqShILHK4rUcKAgAAAoDA=

Thread-topic: [PATCH 02/20] tools/xenstore: call remove_domid_from_perm() for special nodes

Hi Andrew, > -----Original Message----- > From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx> > Subject: Re: [PATCH 02/20] tools/xenstore: call remove_domid_from_perm() > for special nodes > > On 01/11/2022 15:28, Juergen Gross wrote: > > When destroying a domain, any stale permissions of the domain must be > > removed from the special nodes "@...", too. This was not done in the > > fix for XSA-322. > > > > Fixes: 496306324d8d ("tools/xenstore: revoke access rights for removed > domains") > > Signed-off-by: Juergen Gross <jgross@xxxxxxxx> > > Reviewed-by: Julien Grall <jgrall@xxxxxxxxxx> > > Henry, this one also ought to be considered for 4.17 at this point, as > it's a bugfix to security fix. Yes, I was wondering why I didn't have an email in my inbox about this patch :) Release-acked-by: Henry Wang <Henry.Wang@xxxxxxx> Kind regards, Henry > > As noted in the cover letter, it is R-by already as it came up in > private, but was ultimately not included in the security content. > > Thanks, > > ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.