From patchwork Thu Jun  2 15:10:30 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ian Jackson <Ian.Jackson@eu.citrix.com>
X-Patchwork-Id: 9150585
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	BD6CB60221 for <patchwork-xen-devel@patchwork.kernel.org>;
	Thu,  2 Jun 2016 15:12:56 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AE40B2654B
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Thu,  2 Jun 2016 15:12:56 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id A335C2830D; Thu,  2 Jun 2016 15:12:56 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 54BF92654B
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Thu,  2 Jun 2016 15:12:56 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1b8UGm-0006ld-2u; Thu, 02 Jun 2016 15:10:48 +0000
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <prvs=9546100bf=Ian.Jackson@citrix.com>)
	id 1b8UGk-0006lE-Ln
	for xen-devel@lists.xensource.com; Thu, 02 Jun 2016 15:10:46 +0000
Received: from [85.158.139.211] by server-15.bemta-5.messagelabs.com id
	24/5E-07247-57C40575; Thu, 02 Jun 2016 15:10:45 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupjkeJIrShJLcpLzFFi42JxWrohUrfUJyD
	coP2amMW9Ke/ZHRg9tvftYg9gjGLNzEvKr0hgzZh+8Qh7QQdvxZPJMxgbGCdydTFyckgI+Es0
	zTvLDGKzCehKNG35ywZiiwgoSxxv+sLaxcjBwSxQIvH3gxRIWFjATeL1lBOMIDaLgIrEjqdr2
	EFsXgF3ieWrljFCjFSU6H42AWwMp4CHROeddcwgY4SAat6+tYYw1STmro+H6BSUODnzCQuIzS
	wgIXHwxQtmiCncErdPT2WewMg3C0nZLCRlCxiZVjFqFKcWlaUW6Roa6yUVZaZnlOQmZuboGhq
	Y6uWmFhcnpqfmJCYV6yXn525iBIYTAxDsYPy3zfMQoyQHk5Io78oy/3AhvqT8lMqMxOKM+KLS
	nNTiQ4wyHBxKErw23gHhQoJFqempFWmZOcDAhklLcPAoifBGg6R5iwsSc4sz0yFSpxgVpcR53
	UESAiCJjNI8uDZYNF1ilJUS5mUEOkSIpyC1KDezBFX+FaM4B6OSMK+gF9AUnsy8Erjpr4AWMw
	EtLnjkD7K4JBEhJdXAKHiq8mXZigdqybvfrT5pneN8WECsvc1h38zHDfKHdq94ZMQpt23rp8Q
	S2QWnfDOVljB6Wq9ayvOpQOVwddD8Ih3LvR3auyIPim9XS165Z7ZKmuzZr+xvv+suDeo3/lEa
	p/HnUHm3QOYGGX7l6SmvJXt91h9wD/T9cGddkOj+V7pcd9bFeHAvVWIpzkg01GIuKk4EALvT4
	H6hAgAA
X-Env-Sender: prvs=9546100bf=Ian.Jackson@citrix.com
X-Msg-Ref: server-2.tower-206.messagelabs.com!1464880243!26889593!1
X-Originating-IP: [66.165.176.89]
X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor:
	VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n,
	received_headers: No Received headers
X-StarScan-Received: 
X-StarScan-Version: 8.46; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 31231 invoked from network); 2 Jun 2016 15:10:45 -0000
Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89)
	by server-2.tower-206.messagelabs.com with RC4-SHA encrypted SMTP;
	2 Jun 2016 15:10:45 -0000
X-IronPort-AV: E=Sophos;i="5.26,406,1459814400"; d="scan'208";a="358058573"
From: Ian Jackson <ian.jackson@eu.citrix.com>
To: <xen-devel@lists.xensource.com>
Date: Thu, 2 Jun 2016 16:10:30 +0100
Message-ID: <1464880232-893-2-git-send-email-ian.jackson@eu.citrix.com>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1464880232-893-1-git-send-email-ian.jackson@eu.citrix.com>
References: <1464880232-893-1-git-send-email-ian.jackson@eu.citrix.com>
MIME-Version: 1.0
X-DLP: MIA2
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>, Wei Liu <wei.liu2@citrix.com>
Subject: [Xen-devel] [PATCH 1/3] libxl: Cleanup: Have libxl__alloc_vdev use
	/libxl
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

When allocating a vdev for a new disk, look in /libxl/device, rather
than the frontends directory in xenstore.

This is more in line with the other parts of libxl, which ought not to
trust frontends.  In this case, though, there is no security bug prior
to this patch because the frontend is the toolstack domain itself.

If libxl__alloc_vdev were ever changed to take a frontend domain
argument, this patch will fix a latent security bug.

This is a followup to XSA-175.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
---
 tools/libxl/libxl.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
index 9ff08a5..d5475ed 100644
--- a/tools/libxl/libxl.c
+++ b/tools/libxl/libxl.c
@@ -3105,7 +3105,7 @@ static char * libxl__alloc_vdev(libxl__gc *gc, void *get_vdev_user,
 {
     const char *blkdev_start = (const char *) get_vdev_user;
     int devid = 0, disk = 0, part = 0;
-    char *dompath = libxl__xs_get_dompath(gc, LIBXL_TOOLSTACK_DOMID);
+    char *libxl_dom_path = libxl__xs_libxl_path(gc, LIBXL_TOOLSTACK_DOMID);
 
     libxl__device_disk_dev_number(blkdev_start, &disk, &part);
     if (part != 0) {
@@ -3120,7 +3120,7 @@ static char * libxl__alloc_vdev(libxl__gc *gc, void *get_vdev_user,
             return NULL;
         if (libxl__xs_read(gc, t,
                     GCSPRINTF("%s/device/vbd/%d/backend",
-                        dompath, devid)) == NULL) {
+                        libxl_dom_path, devid)) == NULL) {
             if (errno == ENOENT)
                 return libxl__devid_to_vdev(gc, devid);
             else