| Message ID | 20221101152842.4257-3-jgross@suse.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | tools/xenstore: do some cleanup and fixes | expand |
On 01/11/2022 15:28, Juergen Gross wrote: > When destroying a domain, any stale permissions of the domain must be > removed from the special nodes "@...", too. This was not done in the > fix for XSA-322. > > Fixes: 496306324d8d ("tools/xenstore: revoke access rights for removed domains") > Signed-off-by: Juergen Gross <jgross@suse.com> > Reviewed-by: Julien Grall <jgrall@amazon.com> Henry, this one also ought to be considered for 4.17 at this point, as it's a bugfix to security fix. As noted in the cover letter, it is R-by already as it came up in private, but was ultimately not included in the security content. Thanks, ~Andrew
Hi Andrew, > -----Original Message----- > From: Andrew Cooper <Andrew.Cooper3@citrix.com> > Subject: Re: [PATCH 02/20] tools/xenstore: call remove_domid_from_perm() > for special nodes > > On 01/11/2022 15:28, Juergen Gross wrote: > > When destroying a domain, any stale permissions of the domain must be > > removed from the special nodes "@...", too. This was not done in the > > fix for XSA-322. > > > > Fixes: 496306324d8d ("tools/xenstore: revoke access rights for removed > domains") > > Signed-off-by: Juergen Gross <jgross@suse.com> > > Reviewed-by: Julien Grall <jgrall@amazon.com> > > Henry, this one also ought to be considered for 4.17 at this point, as > it's a bugfix to security fix. Yes, I was wondering why I didn't have an email in my inbox about this patch :) Release-acked-by: Henry Wang <Henry.Wang@arm.com> Kind regards, Henry > > As noted in the cover letter, it is R-by already as it came up in > private, but was ultimately not included in the security content. > > Thanks, > > ~Andrew
diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c index 84b7817cd5..aa86892fed 100644 --- a/tools/xenstore/xenstored_domain.c +++ b/tools/xenstore/xenstored_domain.c @@ -227,6 +227,27 @@ static void unmap_interface(void *interface) xengnttab_unmap(*xgt_handle, interface, 1); } +static void remove_domid_from_perm(struct node_perms *perms, + struct domain *domain) +{ + unsigned int cur, new; + + if (perms->p[0].id == domain->domid) + perms->p[0].id = priv_domid; + + for (cur = new = 1; cur < perms->num; cur++) { + if (perms->p[cur].id == domain->domid) + continue; + + if (new != cur) + perms->p[new] = perms->p[cur]; + + new++; + } + + perms->num = new; +} + static int domain_tree_remove_sub(const void *ctx, struct connection *conn, struct node *node, void *arg) { @@ -277,6 +298,9 @@ static void domain_tree_remove(struct domain *domain) syslog(LOG_ERR, "error when looking for orphaned nodes\n"); } + + remove_domid_from_perm(&dom_release_perms, domain); + remove_domid_from_perm(&dom_introduce_perms, domain); } static int destroy_domain(void *_domain)
When destroying a domain, any stale permissions of the domain must be removed from the special nodes "@...", too. This was not done in the fix for XSA-322. Fixes: 496306324d8d ("tools/xenstore: revoke access rights for removed domains") Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Julien Grall <jgrall@amazon.com> --- tools/xenstore/xenstored_domain.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)