From patchwork Wed Feb 3 17:35:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12064947 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0D9FFC433E6 for ; Wed, 3 Feb 2021 17:36:24 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id AA00E64F87 for ; Wed, 3 Feb 2021 17:36:23 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AA00E64F87 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.80997.148794 (Exim 4.92) (envelope-from ) id 1l7M4Y-0008UR-Qz; Wed, 03 Feb 2021 17:36:10 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 80997.148794; Wed, 03 Feb 2021 17:36:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l7M4Y-0008UK-Nw; Wed, 03 Feb 2021 17:36:10 +0000 Received: by outflank-mailman (input) for mailman id 80997; Wed, 03 Feb 2021 17:36:09 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l7M4X-0008Tu-Jr for xen-devel@lists.xenproject.org; Wed, 03 Feb 2021 17:36:09 +0000 Received: from esa1.hc3370-68.iphmx.com (unknown [216.71.145.142]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 58c0bd68-f56d-4cab-82e4-e7127bb1aace; Wed, 03 Feb 2021 17:36:07 +0000 (UTC) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 58c0bd68-f56d-4cab-82e4-e7127bb1aace DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1612373767; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=889AXvG19V0DSakGW3KQHUHk1PEmlP7uNjR4YWM4jWA=; b=JPJkjgP1C0rWovARN0J3PoSLv3GHDmwG3eoFZ3pVgZiPhNTFqa4w3L7P C6nAFHSxvNHJASwj2WkWLYsd99tFF5JMa9EofSurPvGwKbTwVLna2npQI Gj4bJXjW2fWV4V/CPS4SsE/I9KKdLMydRk7Cgm7OhfsRrLaLkVagZ6f9q 0=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: GHlpCchcGiZaGyMFSLcqrjrMkMAx7YnISs1C2/f8fe3gDyooaOdOelMf6aFFDzwG8iadmKZNs8 edjC4SEnD/fIPDmb6pWVjnHXl9bwREqYnNI3ghAepI7EHHhVlueIX9LlvooRxXZOo8Yz8+pNOF WlD4C1aRO0OaOl6X+tWv6tUdQ9UM8DHrt9zsgphtpUa0KYYImq6jFrsmmZ2pOwJoZPebOwU6sw nqqrc51lUpiQJ9nc/N0a7a5DshMrEWJ2lm4ekDbFu8zN7wRRanPskcnx6alPgLCrIoqqcE1z1R Nrk= X-SBRS: 4.0 X-MesageID: 36863742 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.79,399,1602561600"; d="scan'208";a="36863742" From: Andrew Cooper To: Xen-devel CC: =?utf-8?b?RWR3aW4gVMO2csO2aw==?= , "Christian Lindig" , Ian Jackson , "Wei Liu" Subject: [PATCH 1/3] tools/oxenstored: Fix quota calculation for mkdir EEXIST Date: Wed, 3 Feb 2021 17:35:47 +0000 Message-ID: <20210203173549.21159-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20210203173549.21159-1-andrew.cooper3@citrix.com> References: <20210203173549.21159-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 From: Edwin Török We increment the domain's quota on mkdir even when the node already exists. This results in a quota inconsistency after live update, where reconstructing the tree from scratch results in a different quota. Not a security issue because the domain uses up quota faster, so it will only get a Quota error sooner than it should. Found by the structured fuzzer. Signed-off-by: Edwin Török --- CC: Christian Lindig CC: Ian Jackson CC: Wei Liu --- tools/ocaml/xenstored/store.ml | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/ocaml/xenstored/store.ml b/tools/ocaml/xenstored/store.ml index 1bd0c81f6f..20e67b1427 100644 --- a/tools/ocaml/xenstored/store.ml +++ b/tools/ocaml/xenstored/store.ml @@ -419,6 +419,7 @@ let mkdir store perm path = (* It's upt to the mkdir logic to decide what to do with existing path *) if not (existing || (Perms.Connection.is_dom0 perm)) then Quota.check store.quota owner 0; store.root <- path_mkdir store perm path; + if not existing then Quota.add_entry store.quota owner let rm store perm path = From patchwork Wed Feb 3 17:35:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12064951 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 87A24C433E0 for ; Wed, 3 Feb 2021 17:36:25 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2DAEF6024A for ; Wed, 3 Feb 2021 17:36:25 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2DAEF6024A Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.81000.148823 (Exim 4.92) (envelope-from ) id 1l7M4e-00007q-Op; Wed, 03 Feb 2021 17:36:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 81000.148823; Wed, 03 Feb 2021 17:36:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l7M4e-00007V-I4; Wed, 03 Feb 2021 17:36:16 +0000 Received: by outflank-mailman (input) for mailman id 81000; Wed, 03 Feb 2021 17:36:15 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l7M4d-0008Tz-2W for xen-devel@lists.xenproject.org; Wed, 03 Feb 2021 17:36:15 +0000 Received: from esa1.hc3370-68.iphmx.com (unknown [216.71.145.142]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id adc4e1d1-95bd-4935-8ece-b9fabf13efa6; Wed, 03 Feb 2021 17:36:10 +0000 (UTC) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: adc4e1d1-95bd-4935-8ece-b9fabf13efa6 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1612373770; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=jygmUT9ZgGv9XOH9leiyk/f2jyGpdMf+qKEjhDs7RYI=; b=hUAZxBfXhjv4XwruRSQv/O1Zb5KU5RL9xPfHW++fdsduOt1Ik+3sfxhh eQqkoH2TJ2PHDsP6USL/UkW/EYZdYBiFRSDt+ew8QCARlTVaWJhAVOE6S 63iRut9ukT6//s4sTxFWVNpPBCjOpi4mT+VT1hIwjgFOcaAdGcBBgCq5a g=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: ps/T2ELTmh5sbe8wJPIhhRDNfIPLPal8p3N/07kJv29melQyOj0h8RWyJIhLIdUTpR4XNNS/7Z 7ziBh1l1UWLsB7UWnqDf3f6heXzFR1dPKUSMhBc6fjHlkqspctyKwG98mSNKUqXpKFPg+GjQHo gHFHONUbOP7V9S3HoZHqjyxMr3TYgPWRcPpB15Rk7ZEvn6TwKdyOuhpvJh1BsE6Eb7qp3ACYQD qNN11o2T1Aki7W63juGTtXGA1EOEBuHow7MdUFIEMfHlY/nhQvFElpmsfFSY+PKb7PD3BpetBf /+8= X-SBRS: 4.0 X-MesageID: 36863744 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.79,399,1602561600"; d="scan'208";a="36863744" From: Andrew Cooper To: Xen-devel CC: =?utf-8?b?RWR3aW4gVMO2csO2aw==?= , "Christian Lindig" , Ian Jackson , "Wei Liu" Subject: [PATCH 2/3] tools/oxenstored: Reject invalid watch paths early Date: Wed, 3 Feb 2021 17:35:48 +0000 Message-ID: <20210203173549.21159-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20210203173549.21159-1-andrew.cooper3@citrix.com> References: <20210203173549.21159-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 From: Edwin Török Watches on invalid paths were accepted, but they would never trigger. The client also got no notification that its watch is bad and would never trigger. Found again by the structured fuzzer, due to an error on live update reload: the invalid watch paths would get rejected during live update and the list of watches would be different pre/post live update. The testcase is watch on `//`, which is an invalid path. Signed-off-by: Edwin Török Acked-by: Christian Lindig --- CC: Christian Lindig CC: Ian Jackson CC: Wei Liu --- tools/ocaml/xenstored/connection.ml | 5 ++--- tools/ocaml/xenstored/connections.ml | 4 +++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/tools/ocaml/xenstored/connection.ml b/tools/ocaml/xenstored/connection.ml index d09a0fa405..65f99ea6f2 100644 --- a/tools/ocaml/xenstored/connection.ml +++ b/tools/ocaml/xenstored/connection.ml @@ -158,18 +158,17 @@ let get_children_watches con path = let is_dom0 con = Perms.Connection.is_dom0 (get_perm con) -let add_watch con path token = +let add_watch con (path, apath) token = if !Quota.activate && !Define.maxwatch > 0 && not (is_dom0 con) && con.nb_watches > !Define.maxwatch then raise Quota.Limit_reached; - let apath = get_watch_path con path in let l = get_watches con apath in if List.exists (fun w -> w.token = token) l then raise Define.Already_exist; let watch = watch_create ~con ~token ~path in Hashtbl.replace con.watches apath (watch :: l); con.nb_watches <- con.nb_watches + 1; - apath, watch + watch let del_watch con path token = let apath = get_watch_path con path in diff --git a/tools/ocaml/xenstored/connections.ml b/tools/ocaml/xenstored/connections.ml index 8a66eeec3a..3c7429fe7f 100644 --- a/tools/ocaml/xenstored/connections.ml +++ b/tools/ocaml/xenstored/connections.ml @@ -114,8 +114,10 @@ let key_of_path path = "" :: Store.Path.to_string_list path let add_watch cons con path token = - let apath, watch = Connection.add_watch con path token in + let apath = Connection.get_watch_path con path in + (* fail on invalid paths early by calling key_of_str before adding watch *) let key = key_of_str apath in + let watch = Connection.add_watch con (path, apath) token in let watches = if Trie.mem cons.watches key then Trie.find cons.watches key From patchwork Wed Feb 3 17:35:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12064949 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0AE3DC433DB for ; Wed, 3 Feb 2021 17:36:24 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9E63E64F84 for ; Wed, 3 Feb 2021 17:36:23 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9E63E64F84 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.80998.148801 (Exim 4.92) (envelope-from ) id 1l7M4Z-0008Uw-6K; Wed, 03 Feb 2021 17:36:11 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 80998.148801; Wed, 03 Feb 2021 17:36:11 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l7M4Y-0008Ul-Vr; Wed, 03 Feb 2021 17:36:10 +0000 Received: by outflank-mailman (input) for mailman id 80998; Wed, 03 Feb 2021 17:36:10 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l7M4Y-0008Tz-5S for xen-devel@lists.xenproject.org; Wed, 03 Feb 2021 17:36:10 +0000 Received: from esa2.hc3370-68.iphmx.com (unknown [216.71.145.153]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 8b008ad3-6a96-418a-91a1-c75a1770c9a8; Wed, 03 Feb 2021 17:36:08 +0000 (UTC) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8b008ad3-6a96-418a-91a1-c75a1770c9a8 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1612373768; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=g+a0zjEE5v0WInnTQX+eiSAhYh9ndjnBsYijZ422tKA=; b=fs8xPXZKpH1sZfIJlXXr+ldYqu/g/tiqtxvJDMOXUddIMOtmmgbBk6hy WM5ZlfpvNSeUQDxVxMmT9INJl83SCUz6kCsAJtjzmKnG5HjO35MN54khp nE++qJZROaJZ8+jn0EUrIEZ2Y75sB3Ofo9GF0p11FC+rKug1WnZm2uuZq k=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: +x0IaZ3Lv3ThQBPVJscpHNRMxzB/BYwmXJhwj5OFmM6hJOqn45xZqQCsWXfPxdtUitE8b+bm0r YOKqsNPk7vmN1z3mTSA+c/oNaMdzlREZdwzF1aKNdeHVqh1HXe/rs3UxGM1NCbI/L2lHHI6Pdx EblhuLgnJO5COnFhalVab6pGjV+lo00qV+TVJXOLSgE6D2FgfVFah6car82xxYk4GAlclweyQT Idq1iFqQaucakg53vqqKN+aBawbcP1E6tJcyhzb8VpK4TJuQWqW+Ln7Hzus+Xw3te1q04myv6T ues= X-SBRS: 4.0 X-MesageID: 36517500 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.79,399,1602561600"; d="scan'208";a="36517500" From: Andrew Cooper To: Xen-devel CC: =?utf-8?b?RWR3aW4gVMO2csO2aw==?= , "Christian Lindig" , Ian Jackson , "Wei Liu" Subject: [PATCH 3/3] tools/oxenstored: mkdir conflicts were sometimes missed Date: Wed, 3 Feb 2021 17:35:49 +0000 Message-ID: <20210203173549.21159-4-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20210203173549.21159-1-andrew.cooper3@citrix.com> References: <20210203173549.21159-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 From: Edwin Török Due to how set_write_lowpath was used here it didn't detect create/delete conflicts. When we create an entry we must mark our parent as modified (this is what creating a new node via write does). Otherwise we can have 2 transactions one creating, and another deleting a node both succeeding depending on timing. Or one transaction reading an entry, concluding it doesn't exist, do some other work based on that information and successfully commit even if another transaction creates the node via mkdir meanwhile. Signed-off-by: Edwin Török Acked-by: Christian Lindig --- CC: Christian Lindig CC: Ian Jackson CC: Wei Liu --- tools/ocaml/xenstored/transaction.ml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/ocaml/xenstored/transaction.ml b/tools/ocaml/xenstored/transaction.ml index 25bc8c3b4a..17b1bdf2ea 100644 --- a/tools/ocaml/xenstored/transaction.ml +++ b/tools/ocaml/xenstored/transaction.ml @@ -165,7 +165,7 @@ let write t perm path value = let mkdir ?(with_watch=true) t perm path = Store.mkdir t.store perm path; - set_write_lowpath t path; + set_write_lowpath t (Store.Path.get_parent path); if with_watch then add_wop t Xenbus.Xb.Op.Mkdir path