Xen project Mailing List

Re: [cxenstored] Potential bug in special watch event firing

To: Raphael Ning <raphning@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Juergen Gross <jgross@xxxxxxxx>

Date: Wed, 27 Apr 2022 09:30:37 +0200

Delivery-date: Wed, 27 Apr 2022 07:30:49 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Raphael, On 26.04.22 19:02, Raphael Ning wrote:

While reading C xenstored code, I noticed that it may send special events like 
@releaseDomain to (privileged) clients that only watch the root node (/). 
That's probably not the intended behaviour.

For example, when firing @releaseDomain, fire_watches() is called with exact == 
false:

https://github.com/xen-project/xen/blob/2419a159fb943c24a6f2439604b9fdb1478fcd08/tools/xenstore/xenstored_domain.c#L234

As a result, it will check whether @releaseDomain is a child of the path being 
watched:

https://github.com/xen-project/xen/blob/2419a159fb943c24a6f2439604b9fdb1478fcd08/tools/xenstore/xenstored_watch.c#L195

And when the parent path is /, is_child() unconditionally returns true:

https://github.com/xen-project/xen/blob/2419a159fb943c24a6f2439604b9fdb1478fcd08/tools/xenstore/xenstored_watch.c#L66

The xenstore documentation is not clear about whether @<wspecial> should be 
considered children of /. But I find it counterintuitive that clients may be notified 
about a special event without explicitly subscribing to it. Is it a bug?

I agree this is a bug. Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.