Re: [Xen-devel] writing to read only scsi drives [and 1 more messages]

[Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>]

M A Young writes ("writing to read only scsi drives"):
> I thought I would check here in case this is a new security issue but it 
> was reported at https://bugzilla.redhat.com/show_bug.cgi?id=1257893 that 
> in HVM guests it was possible to write to scsi devices (either specified 
> as sda etc. in the configuration file or in a scsi device if the guest 
> kernel is booted with the xen_emul_unplug=never option) that were 
> specified as read only in the xl configuration file.

Thanks for passing this on.

This does not appear to be limited to SCSI.  Stefano has kindly
prepared a patch.  (See below for the current draft of that patch.)

I have assigned this issue Xen Security Advisory number 142.  There
will be no embargo because the issue is already public.

I am going to do some more tests to understand the scope of the
problem.

Ian.

Stefano Stabellini writes ("[PATCH for-4.6] libxl: handle read-only drives with 
qemu-xen"):
> The current libxl code doesn't deal with read-only drives at all.
> 
> Upstream QEMU and qemu-xen only support read-only cdrom drives: make
> sure to specify "readonly=on" for cdrom drives and return error in case
> the user requested a non-cdrom read-only drive.
> 
> Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
> ---
>  tools/libxl/libxl_dm.c |   13 +++++++++----
>  1 file changed, 9 insertions(+), 4 deletions(-)
> 
> diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c
> index 02c0162..468ff9c 100644
> --- a/tools/libxl/libxl_dm.c
> +++ b/tools/libxl/libxl_dm.c
> @@ -1110,13 +1110,18 @@ static int 
> libxl__build_device_model_args_new(libxl__gc *gc,
>              if (disks[i].is_cdrom) {
>                  if (disks[i].format == LIBXL_DISK_FORMAT_EMPTY)
>                      drive = libxl__sprintf
> -                        (gc, 
> "if=ide,index=%d,media=cdrom,cache=writeback,id=ide-%i",
> -                         disk, dev_number);
> +                        (gc, 
> "if=ide,index=%d,readonly=%s,media=cdrom,cache=writeback,id=ide-%i",
> +                         disk, disks[i].readwrite ? "off" : "on", 
> dev_number);
>                  else
>                      drive = libxl__sprintf
> -                        (gc, 
> "file=%s,if=ide,index=%d,media=cdrom,format=%s,cache=writeback,id=ide-%i",
> -                         disks[i].pdev_path, disk, format, dev_number);
> +                        (gc, 
> "file=%s,if=ide,index=%d,readonly=%s,media=cdrom,format=%s,cache=writeback,id=ide-%i",
> +                         disks[i].pdev_path, disk, disks[i].readwrite ? 
> "off" : "on", format, dev_number);
>              } else {
> +                if (!disks[i].readwrite) {
> +                    LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "QEMU doesn't support 
> read-only disk drivers");
> +                    return ERROR_INVAL;
> +                }
> +
>                  if (disks[i].format == LIBXL_DISK_FORMAT_EMPTY) {
>                      LIBXL__LOG(ctx, LIBXL__LOG_WARNING, "cannot support"
>                                 " empty disk format for %s", disks[i].vdev);
> -- 
> 1.7.10.4
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel