From: Marek Marczykowski <marmarek@invisiblethingslab.com>
To: Ian Jackson <Ian.Jackson@eu.citrix.com>
Cc: Ian Campbell <Ian.Campbell@citrix.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: [PATCH 1/2] libxl: do not assume Dom0 backend while listing disks and nics
Date: Wed, 01 May 2013 22:52:09 +0200 [thread overview]
Message-ID: <51818079.6060601@invisiblethingslab.com> (raw)
In-Reply-To: <20864.61051.771893.780433@mariner.uk.xensource.com>
[-- Attachment #1.1: Type: text/plain, Size: 1464 bytes --]
On 01.05.2013 12:29, Ian Jackson wrote:
> Marek Marczykowski writes ("[PATCH 1/2] libxl: do not assume Dom0 backend while listing disks and nics"):
>> One more place where code assumed that all backends are in dom0. List
>> devices in domain device/ tree, instead of backend/ of dom0.
>> Additionally fix libxl_devid_to_device_{nic,disk} to fill backend_domid
>> properly.
>
> After this change, can a guest cause a backend to be leaked when the
> domain is destroyed ? If it deletes the contents of the frontend
> directory in xenstore, I think the device will no longer show up in
> the lists and so won't be deleted when the guest goes away.
Which is currently the problem for every non-dom0 backend, even without
malicious domain action.
Currently I've some python script which watch xenstore and remove leftover
backends...
> Would iterating over all domains looking for backends for a particular
> frontend domain work ? That would allow a rogue guest to cause
> entries to appear in the list of course, by pretending to be a
> backend domain...
Perhaps frontend domain shouldn't have permissions to remove device directory,
only modify some of entries, like state, feature-* etc. Does xenstore support
something like:
1. allow creating new entries and modify some existing
2. disallow modify and/or remove some entries, in the same directory
?
--
Best Regards / Pozdrawiam,
Marek Marczykowski
Invisible Things Lab
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 555 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2013-05-01 20:52 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-28 1:46 [PATCH 0/2] Two unrelated fixes to libxl Marek Marczykowski
2013-04-27 23:12 ` [PATCH 1/2] libxl: do not assume Dom0 backend while listing disks and nics Marek Marczykowski
2013-04-29 8:48 ` Ian Campbell
2013-05-07 23:56 ` Marek Marczykowski
2013-05-08 9:27 ` Ian Campbell
2013-04-29 8:56 ` Roger Pau Monné
2013-05-01 10:29 ` Ian Jackson
2013-05-01 11:43 ` Ian Campbell
2013-05-07 23:13 ` Marek Marczykowski
2013-05-01 20:52 ` Marek Marczykowski [this message]
2013-05-02 8:30 ` Ian Campbell
2013-04-27 23:17 ` [PATCH 2/2] libxl: fix spelling of "backend-id" for vtpm Marek Marczykowski
2013-04-29 8:40 ` Ian Campbell
2013-04-29 13:26 ` Daniel De Graaf
2013-04-29 13:51 ` Ian Campbell
2013-04-30 10:58 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51818079.6060601@invisiblethingslab.com \
--to=marmarek@invisiblethingslab.com \
--cc=Ian.Campbell@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.