|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH 02/20] tools/xenstore: call remove_domid_from_perm() for special nodes
When destroying a domain, any stale permissions of the domain must be
removed from the special nodes "@...", too. This was not done in the
fix for XSA-322.
Fixes: 496306324d8d ("tools/xenstore: revoke access rights for removed domains")
Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
Reviewed-by: Julien Grall <jgrall@xxxxxxxxxx>
---
tools/xenstore/xenstored_domain.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/tools/xenstore/xenstored_domain.c
b/tools/xenstore/xenstored_domain.c
index 84b7817cd5..aa86892fed 100644
--- a/tools/xenstore/xenstored_domain.c
+++ b/tools/xenstore/xenstored_domain.c
@@ -227,6 +227,27 @@ static void unmap_interface(void *interface)
xengnttab_unmap(*xgt_handle, interface, 1);
}
+static void remove_domid_from_perm(struct node_perms *perms,
+ struct domain *domain)
+{
+ unsigned int cur, new;
+
+ if (perms->p[0].id == domain->domid)
+ perms->p[0].id = priv_domid;
+
+ for (cur = new = 1; cur < perms->num; cur++) {
+ if (perms->p[cur].id == domain->domid)
+ continue;
+
+ if (new != cur)
+ perms->p[new] = perms->p[cur];
+
+ new++;
+ }
+
+ perms->num = new;
+}
+
static int domain_tree_remove_sub(const void *ctx, struct connection *conn,
struct node *node, void *arg)
{
@@ -277,6 +298,9 @@ static void domain_tree_remove(struct domain *domain)
syslog(LOG_ERR,
"error when looking for orphaned nodes\n");
}
+
+ remove_domid_from_perm(&dom_release_perms, domain);
+ remove_domid_from_perm(&dom_introduce_perms, domain);
}
static int destroy_domain(void *_domain)
--
2.35.3
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |