|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.5] libxl: Do not trust frontend in libxl__devices_destroy
commit 16cb1fb26db2a7098f05a6a571cc2a4b8e955644
Author: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
AuthorDate: Tue May 3 18:39:36 2016 +0100
Commit: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
CommitDate: Mon Jun 6 15:31:25 2016 +0100
libxl: Do not trust frontend in libxl__devices_destroy
We need to enumerate the devices we have provided to a domain, without
trusting the guest-writeable (or, at least, guest-deletable) frontend
paths.
Instead, enumerate via, and read the backend path from, /libxl.
The console /libxl path is regular, so the special case for console 0
is not relevant any more: /libxl/GUEST/device/console/0 will be found,
and then libxl__device_destroy will DTRT to the right frontend path.
This is part of XSA-175.
Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx>
---
tools/libxl/libxl_device.c | 22 +++-------------------
1 file changed, 3 insertions(+), 19 deletions(-)
diff --git a/tools/libxl/libxl_device.c b/tools/libxl/libxl_device.c
index 9136b26..38ab393 100644
--- a/tools/libxl/libxl_device.c
+++ b/tools/libxl/libxl_device.c
@@ -683,7 +683,7 @@ void libxl__devices_destroy(libxl__egc *egc,
libxl__devices_remove_state *drs)
libxl__multidev_begin(ao, multidev);
multidev->callback = devices_remove_callback;
- path = GCSPRINTF("/local/domain/%d/device", domid);
+ path = GCSPRINTF("/libxl/%d/device", domid);
kinds = libxl__xs_directory(gc, XBT_NULL, path, &num_kinds);
if (!kinds) {
if (errno != ENOENT) {
@@ -696,12 +696,12 @@ void libxl__devices_destroy(libxl__egc *egc,
libxl__devices_remove_state *drs)
if (libxl__device_kind_from_string(kinds[i], &kind))
continue;
- path = GCSPRINTF("/local/domain/%d/device/%s", domid, kinds[i]);
+ path = GCSPRINTF("/libxl/%d/device/%s", domid, kinds[i]);
devs = libxl__xs_directory(gc, XBT_NULL, path, &num_dev_xsentries);
if (!devs)
continue;
for (j = 0; j < num_dev_xsentries; j++) {
- path = GCSPRINTF("/local/domain/%d/device/%s/%s/backend",
+ path = GCSPRINTF("/libxl/%d/device/%s/%s/backend",
domid, kinds[i], devs[j]);
path = libxl__xs_read(gc, XBT_NULL, path);
GCNEW(dev);
@@ -726,22 +726,6 @@ void libxl__devices_destroy(libxl__egc *egc,
libxl__devices_remove_state *drs)
}
}
- /* console 0 frontend directory is not under /local/domain/<domid>/device
*/
- path = GCSPRINTF("/local/domain/%d/console/backend", domid);
- path = libxl__xs_read(gc, XBT_NULL, path);
- GCNEW(dev);
- if (path && strcmp(path, "") &&
- libxl__parse_backend_path(gc, path, dev) == 0) {
- dev->domid = domid;
- dev->kind = LIBXL__DEVICE_KIND_CONSOLE;
- dev->devid = 0;
-
- /* Currently console devices can be destroyed synchronously by just
- * removing xenstore entries, this is what libxl__device_destroy does.
- */
- libxl__device_destroy(gc, dev);
- }
-
out:
libxl__multidev_prepared(egc, multidev, rc);
}
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.5
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |