[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/2] libxl: correctly list disks served by driver domains in block-list

To: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
From: Roger Pau MonnÃ <roger.pau@xxxxxxxxxx>
Date: Tue, 10 Sep 2013 14:06:57 +0200
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Delivery-date: Tue, 10 Sep 2013 12:07:26 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 10/09/13 12:11, Ian Campbell wrote:
> On Fri, 2013-09-06 at 12:36 +0200, Roger Pau Monne wrote:
>> The block-list command was not able to lists disks with backends
>> running on domains different than Dom0, because it was only looking on
>> the backend xenstore path of Dom0. Fix this by instead fetching the
>> disks from the DomU xenstore entries.
> 
> Need to be a bit careful here about reading from potentially guest
> controllable keys. This should mostly be a question of permissions.
> 
>> +    fe_path = libxl__sprintf(gc, "/local/domain/%d/device/vbd", domid);
> 
> Are guests able to create new subdirectories under here?

Yes

> 
>> +    devs = libxl__xs_directory(gc, XBT_NULL, fe_path, &xs_num);
>> +    if (!devs)
>> +        /* Domain has no disks */
>> +        goto out;
>> +    disks = libxl__calloc(NOGC, xs_num, sizeof(*disks));
>> +    if (!disks)
>> +        goto out_err;
>> +    for (i = 0; i < xs_num; i++) {
>> +        fe_path = GCSPRINTF("/local/domain/%d/device/vbd/%s/backend",
>> +                            domid, devs[i]);
> 
> Is this path writeable by the guest? The containing directory is I
> think, so this needs to include delete and recreate type situations
> (although ISTR xenstore not having the posix like semantics here).

Yes, the whole directory including the backend entry is writeable by the
guest.

> 
> If the guest can remove and recreate then we should check the current
> owner of the key is e.g. the toolstack domain or whoever should be
> trusted to won the key, within the same transaction as the read itself.

I'm sorry but I'm not following you here, I assume you are speaking
about the frontend node that points to the backend ie:

/local/domain/<domid>/device/vbd/<devid>/backend

Permissions on this node are:

domid: <domid> perms: 0
domid: 0 perms: 1

If the guest changes this node, or recreates it permissions will still
be the same.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 1/2] libxl: correctly list disks served by driver domains in block-list
  - From: Ian Campbell

References:
- [Xen-devel] [PATCH 0/2] libxl: fixes for driver domains
  - From: Roger Pau Monne
- [Xen-devel] [PATCH 1/2] libxl: correctly list disks served by driver domains in block-list
  - From: Roger Pau Monne
- Re: [Xen-devel] [PATCH 1/2] libxl: correctly list disks served by driver domains in block-list
  - From: Ian Campbell

Prev by Date: Re: [Xen-devel] [Urgent, Input Needed] Moving the Xen Project Developer meeting to start a little earlier to accomodate for joint Xen-KVM Hackathon
Next by Date: Re: [Xen-devel] [Urgent, Input Needed] Moving the Xen Project Developer meeting to start a little earlier to accomodate for joint Xen-KVM Hackathon
Previous by thread: Re: [Xen-devel] [PATCH 1/2] libxl: correctly list disks served by driver domains in block-list
Next by thread: Re: [Xen-devel] [PATCH 1/2] libxl: correctly list disks served by driver domains in block-list
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.