From: Andrew Cooper <Andrew.Cooper3@citrix.com>
To: Juergen Gross <jgross@suse.com>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Cc: Wei Liu <wl@xen.org>, Julien Grall <julien@xen.org>,
Anthony Perard <anthony.perard@citrix.com>,
Julien Grall <jgrall@amazon.com>, Henry Wang <Henry.Wang@arm.com>
Subject: Re: [PATCH 02/20] tools/xenstore: call remove_domid_from_perm() for special nodes
Date: Wed, 2 Nov 2022 08:41:31 +0000 [thread overview]
Message-ID: <0a0d2d20-bba7-e802-a1aa-476390cf38a8@citrix.com> (raw)
In-Reply-To: <20221101152842.4257-3-jgross@suse.com>
On 01/11/2022 15:28, Juergen Gross wrote:
> When destroying a domain, any stale permissions of the domain must be
> removed from the special nodes "@...", too. This was not done in the
> fix for XSA-322.
>
> Fixes: 496306324d8d ("tools/xenstore: revoke access rights for removed domains")
> Signed-off-by: Juergen Gross <jgross@suse.com>
> Reviewed-by: Julien Grall <jgrall@amazon.com>
Henry, this one also ought to be considered for 4.17 at this point, as
it's a bugfix to security fix.
As noted in the cover letter, it is R-by already as it came up in
private, but was ultimately not included in the security content.
Thanks,
~Andrew
next prev parent reply other threads:[~2022-11-02 8:41 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-01 15:28 [PATCH 00/20] tools/xenstore: do some cleanup and fixes Juergen Gross
2022-11-01 15:28 ` [PATCH 01/20] tools/xenstore: remove XEN_LIB_STORED and XENSTORED_ROOTDIR Juergen Gross
2022-11-01 16:43 ` Andrew Cooper
2022-11-02 2:26 ` Henry Wang
2022-11-02 5:08 ` Juergen Gross
2022-11-01 15:28 ` [PATCH 02/20] tools/xenstore: call remove_domid_from_perm() for special nodes Juergen Gross
2022-11-02 8:41 ` Andrew Cooper [this message]
2022-11-02 8:44 ` Henry Wang
2022-11-01 15:28 ` [PATCH 03/20] tools/xenstore: let talloc_free() preserve errno Juergen Gross
2022-11-06 21:08 ` Julien Grall
2022-11-07 7:33 ` Juergen Gross
2022-11-01 15:28 ` [PATCH 04/20] tools/xenstore: let tdb_logger() " Juergen Gross
2022-11-06 21:09 ` Julien Grall
2022-11-01 15:28 ` [PATCH 05/20] tools/xenstore: preserve errno across corrupt() Juergen Gross
2022-11-06 21:10 ` Julien Grall
2022-11-01 15:28 ` [PATCH 06/20] tools/xenstore: remove all watches when a domain has stopped Juergen Gross
2022-11-06 21:18 ` Julien Grall
2022-11-07 7:54 ` Juergen Gross
2022-11-07 18:33 ` Julien Grall
2022-11-08 7:54 ` Juergen Gross
2022-11-09 10:46 ` Julien Grall
2022-11-09 12:17 ` Juergen Gross
2022-11-01 15:28 ` [PATCH 07/20] tools/xenstore: enhance hashtable implementation Juergen Gross
2022-12-01 21:11 ` Julien Grall
2022-11-01 15:28 ` [PATCH 08/20] tools/xenstore: add hashlist for finding struct domain by domid Juergen Gross
2022-12-01 21:34 ` Julien Grall
2022-12-12 12:08 ` Juergen Gross
2022-12-12 12:11 ` Julien Grall
2022-12-12 12:18 ` Juergen Gross
2022-11-01 15:28 ` [PATCH 09/20] tools/xenstore: introduce dummy nodes for special watch paths Juergen Gross
2022-11-06 21:38 ` Julien Grall
2022-11-07 8:29 ` Juergen Gross
2022-11-01 15:28 ` [PATCH 10/20] tools/xenstore: replace watch->relative_path with a prefix length Juergen Gross
2022-12-01 21:51 ` Julien Grall
2022-12-13 6:45 ` Juergen Gross
2022-11-01 15:28 ` [PATCH 11/20] tools/xenstore: move changed domain handling Juergen Gross
2022-12-01 21:58 ` Julien Grall
2022-12-13 6:53 ` Juergen Gross
2022-12-13 7:04 ` Juergen Gross
2022-12-13 9:35 ` Julien Grall
2022-12-13 9:54 ` Juergen Gross
2022-12-13 10:13 ` Julien Grall
2022-11-01 15:28 ` [PATCH 12/20] tools/xenstore: change per-domain node accounting interface Juergen Gross
2022-11-01 15:28 ` [PATCH 13/20] tools/xenstore: don't allow creating too many nodes in a transaction Juergen Gross
2022-11-06 22:00 ` Julien Grall
2022-11-07 8:34 ` Juergen Gross
2022-11-07 18:37 ` Julien Grall
2022-11-08 8:09 ` Juergen Gross
2022-12-01 19:25 ` Julien Grall
2022-12-13 7:55 ` Juergen Gross
2022-11-01 15:28 ` [PATCH 14/20] tools/xenstore: replace literal domid 0 with dom0_domid Juergen Gross
2022-12-01 22:00 ` Julien Grall
2022-11-01 15:28 ` [PATCH 15/20] tools/xenstore: make domain_is_unprivileged() an inline function Juergen Gross
2022-12-01 22:05 ` Julien Grall
2022-12-13 7:57 ` Juergen Gross
2022-12-13 9:41 ` Julien Grall
2022-11-01 15:28 ` [PATCH 16/20] tools/xenstore: let chk_domain_generation() return a bool Juergen Gross
2022-12-01 22:07 ` Julien Grall
2022-11-01 15:28 ` [PATCH 17/20] tools/xenstore: switch hashtable to use the talloc framework Juergen Gross
2022-11-06 22:02 ` Julien Grall
2022-11-07 8:37 ` Juergen Gross
2022-11-01 15:28 ` [PATCH 18/20] tools/xenstore: make log macro globally available Juergen Gross
2022-12-01 22:08 ` Julien Grall
2022-11-01 15:28 ` [PATCH 19/20] tools/xenstore: introduce trace classes Juergen Gross
2022-11-06 22:18 ` Julien Grall
2022-11-07 8:40 ` Juergen Gross
2022-11-01 15:28 ` [PATCH 20/20] tools/xenstore: let check_store() check the accounting data Juergen Gross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0a0d2d20-bba7-e802-a1aa-476390cf38a8@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=Henry.Wang@arm.com \
--cc=anthony.perard@citrix.com \
--cc=jgrall@amazon.com \
--cc=jgross@suse.com \
--cc=julien@xen.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.