[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] tools/xenstore: Avoid leaking memory in check_store

To: xen-devel@xxxxxxxxxxxxxxxxxxxx
From: David Kahurani <k.kahurani@xxxxxxxxx>
Date: Fri, 29 Sep 2023 07:57:24 +0300
Cc: jgross@xxxxxxxx, David Kahurani <k.kahurani@xxxxxxxxx>
Delivery-date: Fri, 29 Sep 2023 04:57:50 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

While this code should not be trigger-able from an unprivileged domain
it is called multiple times when the database gets inconsistent. This
means that a malicious guest able to corrupt the database will trigger
the leaks here.

Fix the leaks so that this code can be safely called from anywhere

Signed-off-by: David Kahurani <k.kahurani@xxxxxxxxx>
---
 tools/xenstored/core.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/tools/xenstored/core.c b/tools/xenstored/core.c
index 092de76a2e..edd07711db 100644
--- a/tools/xenstored/core.c
+++ b/tools/xenstored/core.c
@@ -2535,18 +2535,18 @@ static void clean_store(struct check_store_data *data)
        domain_check_acc(data->domains);
 }
 
-int check_store_path(const char *name, struct check_store_data *data)
+int check_store_path(const void *ctx, const char *name, struct 
check_store_data *data)
 {
        struct node *node;
 
-       node = read_node(NULL, NULL, name);
+       node = read_node(NULL, ctx, name);
        if (!node) {
                log("check_store: error %d reading special node '%s'", errno,
                    name);
                return errno;
        }
 
-       return check_store_step(NULL, NULL, node, data);
+       return check_store_step(ctx, NULL, node, data);
 }
 
 void check_store(void)
@@ -2556,6 +2556,7 @@ void check_store(void)
                .enoent = check_store_enoent,
        };
        struct check_store_data data;
+       void *ctx;
 
        /* Don't free values (they are all void *1) */
        data.reachable = create_hashtable(NULL, "checkstore", hash_from_key_fn,
@@ -2571,17 +2572,19 @@ void check_store(void)
                goto out_hash;
        }
 
+       ctx = talloc_new(NULL);
        log("Checking store ...");
-       if (walk_node_tree(NULL, NULL, "/", &walkfuncs, &data)) {
+       if (walk_node_tree(ctx, NULL, "/", &walkfuncs, &data)) {
                if (errno == ENOMEM)
                        log("check_store: ENOMEM");
-       } else if (!check_store_path("@introduceDomain", &data) &&
-                  !check_store_path("@releaseDomain", &data) &&
+       } else if (!check_store_path(ctx, "@introduceDomain", &data) &&
+                  !check_store_path(ctx, "@releaseDomain", &data) &&
                   !check_transactions(data.reachable))
                clean_store(&data);
        log("Checking store complete.");
 
        hashtable_destroy(data.domains);
+       talloc_free(ctx);
  out_hash:
        hashtable_destroy(data.reachable);
 }
-- 
2.25.1

Follow-Ups:
- Re: [PATCH] tools/xenstore: Avoid leaking memory in check_store
  - From: Juergen Gross

Prev by Date: Issue with shared information page on Xen/ARM 4.17
Next by Date: [linux-5.4 test] 183205: regressions - FAIL
Previous by thread: Issue with shared information page on Xen/ARM 4.17
Next by thread: Re: [PATCH] tools/xenstore: Avoid leaking memory in check_store
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.