[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH for-4.12 v2 0/8] tools: Depriv fd checking, internal fd access

To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Date: Mon, 11 Jun 2018 15:13:16 +0100
Cc: Anthony Perard <anthony.perard@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Mon, 11 Jun 2018 14:13:56 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

From: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>

This series provides the support in xen.git for auditing whether qemu
file descriptors are deprivileged, as expected with libxl
dm_restrict=1.

The approach I have chosen is to fish the descriptors out of qemu (by
using debugging facilities), and try to make hypercalls etc. using
them.

To take making a hypercall as an example: this is not easily done
without libxc.  So I need to make libxc make a hypercall with a
different fd - actually, a different open-file.  I do this by using
dup2 to overwrite libxc's fd with the one stolen from qemu.  That
means I need to know libxc's fd number.  Hence the handle access
patches in this series.

Compared to v2, this fixes the issues identified, and also, as
promised, introduces the actual descriptor checking utility here in
xen.git.  Building it out-of-tree is quite tiresome and anyway the
utility might be useful for other purposes.

This is not 4.11 material.  qemu depriv is not covered by support in
4.11 anyway.  In 4.12 I want it to be supported, and, therefore,
tested and audited.  If it becomes fully supported there, it might be
worth backporting some of these patches.

The utility `fishdescriptor', referred to, is part of the Debian
package chiark-scripts.deb.  A newish version of that package is
needed.  That will be dealt with fully in the corresponding osstest
patches.

Ian Jackson (8):
  libxc: Drop declarations of osdep_privcmd_open and _close
  libxc: Provide access to internal handles
  tools: xencall, xengnttab, xengntshr: Provide access to internal fds
  libxl: Provide better error message when qemu restrict user not found
  tools/tests/depriv: New test utility for deprivilege auditing
  tools/tests: Allow a test subdir to have `install' and `uninstall'
    targets
  tools/tests/depriv: Install depriv-fd-checker in our private libexec
    directory
  tools/tests/depriv-fd-checker: Support checking of Linux tun devices

 .gitignore                             |   1 +
 tools/libs/call/core.c                 |   5 +
 tools/libs/call/include/xencall.h      |   8 +
 tools/libs/call/libxencall.map         |   6 +
 tools/libs/gnttab/gntshr_core.c        |   6 +
 tools/libs/gnttab/gnttab_core.c        |   5 +
 tools/libs/gnttab/include/xengnttab.h  |  17 ++
 tools/libs/gnttab/libxengnttab.map     |   6 +
 tools/libxc/include/xenctrl.h          |  10 +
 tools/libxc/xc_private.c               |  15 ++
 tools/libxc/xc_private.h               |   3 -
 tools/libxl/libxl_dm.c                 |   5 +-
 tools/tests/Makefile                   |   7 +-
 tools/tests/depriv/Makefile            |  51 ++++
 tools/tests/depriv/depriv-fd-checker.c | 433 +++++++++++++++++++++++++++++++++
 tools/tests/mce-test/Makefile          |   2 +
 tools/tests/mem-sharing/Makefile       |   2 +
 tools/tests/xen-access/Makefile        |   2 +
 tools/tests/xenstore/Makefile          |   2 +
 19 files changed, 576 insertions(+), 10 deletions(-)
 create mode 100644 tools/tests/depriv/Makefile
 create mode 100644 tools/tests/depriv/depriv-fd-checker.c

-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- [Xen-devel] [PATCH v2 7/8] tools/tests/depriv: Install depriv-fd-checker in our private libexec directory
  - From: Ian Jackson
- [Xen-devel] [PATCH v2 8/8] tools/tests/depriv-fd-checker: Support checking of Linux tun devices
  - From: Ian Jackson
- [Xen-devel] [PATCH v2 4/8] libxl: Provide better error message when qemu restrict user not found
  - From: Ian Jackson
- [Xen-devel] [PATCH v2 3/8] tools: xencall, xengnttab, xengntshr: Provide access to internal fds
  - From: Ian Jackson
- [Xen-devel] [PATCH v2 2/8] libxc: Provide access to internal handles
  - From: Ian Jackson
- [Xen-devel] [PATCH v2 6/8] tools/tests: Allow a test subdir to have `install' and `uninstall' targets
  - From: Ian Jackson
- [Xen-devel] [PATCH v2 1/8] libxc: Drop declarations of osdep_privcmd_open and _close
  - From: Ian Jackson
- [Xen-devel] [PATCH v2 5/8] tools/tests/depriv: New test utility for deprivilege auditing
  - From: Ian Jackson

Prev by Date: [Xen-devel] [PATCH v2 1/8] libxc: Drop declarations of osdep_privcmd_open and _close
Next by Date: [Xen-devel] [PATCH v2 6/8] tools/tests: Allow a test subdir to have `install' and `uninstall' targets
Previous by thread: Re: [Xen-devel] [PATCH 2/4] libxc: Provide access to internal handles
Next by thread: [Xen-devel] [PATCH v2 5/8] tools/tests/depriv: New test utility for deprivilege auditing
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.