xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
* [PATCH for-4.7 0/3] XSA-175/XSA-178 followups
@ 2016-06-02 15:10 Ian Jackson
  2016-06-02 15:10 ` [PATCH 1/3] libxl: Cleanup: Have libxl__alloc_vdev use /libxl Ian Jackson
                   ` (3 more replies)
  0 siblings, 4 replies; 6+ messages in thread
From: Ian Jackson @ 2016-06-02 15:10 UTC (permalink / raw)
  To: xen-devel; +Cc: Wei Liu

These three patches came out of my development of the XSA-175/XSA-178
fixes.

The rest of the XSA-175/XSA-178 patches, as sent out in the advisory,
have just been applied to staging.  These three patches have not, yet.


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH 1/3] libxl: Cleanup: Have libxl__alloc_vdev use /libxl
  2016-06-02 15:10 [PATCH for-4.7 0/3] XSA-175/XSA-178 followups Ian Jackson
@ 2016-06-02 15:10 ` Ian Jackson
  2016-06-02 15:10 ` [PATCH 2/3] libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be Ian Jackson
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 6+ messages in thread
From: Ian Jackson @ 2016-06-02 15:10 UTC (permalink / raw)
  To: xen-devel; +Cc: Ian Jackson, Wei Liu

When allocating a vdev for a new disk, look in /libxl/device, rather
than the frontends directory in xenstore.

This is more in line with the other parts of libxl, which ought not to
trust frontends.  In this case, though, there is no security bug prior
to this patch because the frontend is the toolstack domain itself.

If libxl__alloc_vdev were ever changed to take a frontend domain
argument, this patch will fix a latent security bug.

This is a followup to XSA-175.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
---
 tools/libxl/libxl.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
index 9ff08a5..d5475ed 100644
--- a/tools/libxl/libxl.c
+++ b/tools/libxl/libxl.c
@@ -3105,7 +3105,7 @@ static char * libxl__alloc_vdev(libxl__gc *gc, void *get_vdev_user,
 {
     const char *blkdev_start = (const char *) get_vdev_user;
     int devid = 0, disk = 0, part = 0;
-    char *dompath = libxl__xs_get_dompath(gc, LIBXL_TOOLSTACK_DOMID);
+    char *libxl_dom_path = libxl__xs_libxl_path(gc, LIBXL_TOOLSTACK_DOMID);
 
     libxl__device_disk_dev_number(blkdev_start, &disk, &part);
     if (part != 0) {
@@ -3120,7 +3120,7 @@ static char * libxl__alloc_vdev(libxl__gc *gc, void *get_vdev_user,
             return NULL;
         if (libxl__xs_read(gc, t,
                     GCSPRINTF("%s/device/vbd/%d/backend",
-                        dompath, devid)) == NULL) {
+                        libxl_dom_path, devid)) == NULL) {
             if (errno == ENOENT)
                 return libxl__devid_to_vdev(gc, devid);
             else
-- 
1.7.10.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [PATCH 2/3] libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be
  2016-06-02 15:10 [PATCH for-4.7 0/3] XSA-175/XSA-178 followups Ian Jackson
  2016-06-02 15:10 ` [PATCH 1/3] libxl: Cleanup: Have libxl__alloc_vdev use /libxl Ian Jackson
@ 2016-06-02 15:10 ` Ian Jackson
  2016-06-02 15:10 ` [PATCH 3/3] libxl: Document ~/serial/ correctly Ian Jackson
  2016-06-02 15:14 ` [PATCH for-4.7 0/3] XSA-175/XSA-178 followups Wei Liu
  3 siblings, 0 replies; 6+ messages in thread
From: Ian Jackson @ 2016-06-02 15:10 UTC (permalink / raw)
  To: xen-devel; +Cc: Ian Jackson, Wei Liu

Rather than an open-coded sscanf.  No functional change with correct
input.

This is a followup to XSA-175 and XSA-178.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
---
 tools/libxl/libxl.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
index d5475ed..006b83f 100644
--- a/tools/libxl/libxl.c
+++ b/tools/libxl/libxl.c
@@ -2658,10 +2658,10 @@ static int libxl__device_disk_from_xenstore(libxl__gc *gc,
         goto out;
     }
 
-    rc = sscanf(backend_path, "/local/domain/%d/", &disk->backend_domid);
-    if (rc != 1) {
+    rc = libxl__backendpath_parse_domid(gc, backend_path, &disk->backend_domid);
+    if (rc) {
         LOG(ERROR, "Unable to fetch device backend domid from %s", backend_path);
-        goto cleanup;
+        goto out;
     }
 
     /*
-- 
1.7.10.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [PATCH 3/3] libxl: Document ~/serial/ correctly
  2016-06-02 15:10 [PATCH for-4.7 0/3] XSA-175/XSA-178 followups Ian Jackson
  2016-06-02 15:10 ` [PATCH 1/3] libxl: Cleanup: Have libxl__alloc_vdev use /libxl Ian Jackson
  2016-06-02 15:10 ` [PATCH 2/3] libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be Ian Jackson
@ 2016-06-02 15:10 ` Ian Jackson
  2016-06-02 15:14 ` [PATCH for-4.7 0/3] XSA-175/XSA-178 followups Wei Liu
  3 siblings, 0 replies; 6+ messages in thread
From: Ian Jackson @ 2016-06-02 15:10 UTC (permalink / raw)
  To: xen-devel; +Cc: Ian Jackson, Wei Liu

xenstore-paths.markdown talked about ~/device/serial/, but that's not
used.

(It is very wrong for this value, which contains a driver domain
filesystem path, to be in the guest's area of xenstore.  However, it
is only ever created by libxl and ready by xenconsoled.  When it is
created, it inherits the read-only permissions of /local/domain/DOMID.
So there is no security bug.)

This is a followup to XSA-175.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
---
 docs/misc/xenstore-paths.markdown |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/misc/xenstore-paths.markdown b/docs/misc/xenstore-paths.markdown
index 261ee42..c6b4dab 100644
--- a/docs/misc/xenstore-paths.markdown
+++ b/docs/misc/xenstore-paths.markdown
@@ -283,7 +283,7 @@ The primary PV console device. Described in [console.txt](console.txt)
 
 A secondary PV console device. Described in [console.txt](console.txt)
 
-#### ~/device/serial/$DEVID/* [HVM]
+#### ~/serial/$DEVID/* [HVM]
 
 An emulated serial device. Described in [console.txt](console.txt)
 
-- 
1.7.10.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH for-4.7 0/3] XSA-175/XSA-178 followups
  2016-06-02 15:10 [PATCH for-4.7 0/3] XSA-175/XSA-178 followups Ian Jackson
                   ` (2 preceding siblings ...)
  2016-06-02 15:10 ` [PATCH 3/3] libxl: Document ~/serial/ correctly Ian Jackson
@ 2016-06-02 15:14 ` Wei Liu
  2016-06-02 15:36   ` Wei Liu
  3 siblings, 1 reply; 6+ messages in thread
From: Wei Liu @ 2016-06-02 15:14 UTC (permalink / raw)
  To: Ian Jackson; +Cc: xen-devel, Wei Liu

On Thu, Jun 02, 2016 at 04:10:29PM +0100, Ian Jackson wrote:
> These three patches came out of my development of the XSA-175/XSA-178
> fixes.
> 
> The rest of the XSA-175/XSA-178 patches, as sent out in the advisory,
> have just been applied to staging.  These three patches have not, yet.
> 

Please apply these three to staging as well.

Release-acked-by: Wei Liu <wei.liu2@citrix.com>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH for-4.7 0/3] XSA-175/XSA-178 followups
  2016-06-02 15:14 ` [PATCH for-4.7 0/3] XSA-175/XSA-178 followups Wei Liu
@ 2016-06-02 15:36   ` Wei Liu
  0 siblings, 0 replies; 6+ messages in thread
From: Wei Liu @ 2016-06-02 15:36 UTC (permalink / raw)
  To: Ian Jackson; +Cc: xen-devel, Wei Liu

On Thu, Jun 02, 2016 at 04:14:34PM +0100, Wei Liu wrote:
> On Thu, Jun 02, 2016 at 04:10:29PM +0100, Ian Jackson wrote:
> > These three patches came out of my development of the XSA-175/XSA-178
> > fixes.
> > 
> > The rest of the XSA-175/XSA-178 patches, as sent out in the advisory,
> > have just been applied to staging.  These three patches have not, yet.
> > 
> 
> Please apply these three to staging as well.
> 
> Release-acked-by: Wei Liu <wei.liu2@citrix.com>

I've queued this series up for committing.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2016-06-02 15:36 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-02 15:10 [PATCH for-4.7 0/3] XSA-175/XSA-178 followups Ian Jackson
2016-06-02 15:10 ` [PATCH 1/3] libxl: Cleanup: Have libxl__alloc_vdev use /libxl Ian Jackson
2016-06-02 15:10 ` [PATCH 2/3] libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be Ian Jackson
2016-06-02 15:10 ` [PATCH 3/3] libxl: Document ~/serial/ correctly Ian Jackson
2016-06-02 15:14 ` [PATCH for-4.7 0/3] XSA-175/XSA-178 followups Wei Liu
2016-06-02 15:36   ` Wei Liu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).