[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] tools/xenstore: fix XSA-417 patch

To: Juergen Gross <jgross@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Julien Grall <julien@xxxxxxx>
Date: Thu, 20 Jul 2023 23:34:36 +0100
Cc: Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>
Delivery-date: Thu, 20 Jul 2023 22:34:49 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Juergen,

On 20/07/2023 16:04, Juergen Gross wrote:

The fix for XSA-417 had a bug: domain_alloc_permrefs() will not return
a negative value in case of an error, but a plain errno value.

Note this is not considered to be a security issue, as the only case
where domain_alloc_permrefs() will return an error is a failed memory
allocation. As a guest should not be able to drive Xenstore out of
memory, this is NOT a problem a guest can trigger at will.

Fixes: ab128218225d ("tools/xenstore: fix checking node permissions")
Signed-off-by: Juergen Gross <jgross@xxxxxxxx>


Acked-by: Julien Grall <jgrall@xxxxxxxxxx>

Cheers,

--
Julien Grall

Follow-Ups:
- Re: [PATCH] tools/xenstore: fix XSA-417 patch
  - From: Jan Beulich

References:
- [PATCH] tools/xenstore: fix XSA-417 patch
  - From: Juergen Gross

Prev by Date: Re: [XEN PATCH] automation: add ECLAIR pipeline
Next by Date: Re: [PATCH 04/10] x86 setup: porting dom0 construction logic to boot module structures
Previous by thread: [PATCH] tools/xenstore: fix XSA-417 patch
Next by thread: Re: [PATCH] tools/xenstore: fix XSA-417 patch
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.