[PATCH RFC] qemu-trad: don't assume backend domid is always 0

[Roger Pau Monne <roger.pau@citrix.com>]

Fetch backend domid from <frontend-path>/backend-id and use that id
instead of the hardcoded one from the global domid_backend variable.

This is needed when using stubdomains with driver domains, which is
the only way right now to use HVM guests with driver domains.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
---
I couldn't find this code in qemu-xen upstream, so this patch is to
qemu-trad directly.

Qemu-trad seems to do a lot of xenstore path checking, specially for
backend paths instead of just reading <frontend-path>/backend. I think
all those checks are not needed, and there's no security benefit in
doing them because those paths are only writable by either the
stubdomain or the driver domain, and both should be trusted.

Anyway, getting rid of all those unnecessary checks is also not
trivial, so this patch only fixes the minimum amount of code to make
stubdomains work with driver domains.
---
 xenstore.c |   15 ++++++++++++++-
 1 files changed, 14 insertions(+), 1 deletions(-)

diff --git a/xenstore.c b/xenstore.c
index b0d6f77..44fe99d 100644
--- a/xenstore.c
+++ b/xenstore.c
@@ -247,8 +247,11 @@ static void xenstore_get_backend_path(char **backend, const char *devtype,
     char *backend_dompath=0;
     char *expected_backend=0;
     char *frontend_backend_path=0;
+    char *frontend_domid_path=0;
     char *backend_frontend_path=0;
     char *frontend_doublecheck=0;
+    char *backend_domid_str=0;
+    int backend_domid;
     int len;
     const char *frontend_idpath_slash;
 
@@ -270,13 +273,21 @@ static void xenstore_get_backend_path(char **backend, const char *devtype,
                   frontend_path)
         == -1) goto out;
 
+    if (pasprintf(&frontend_domid_path, "%s/backend-id",
+                  frontend_path)
+        == -1) goto out;
+
     bpath = xs_read(xsh, XBT_NULL, frontend_backend_path, &len);
 
+    backend_domid_str = xs_read(xsh, XBT_NULL, frontend_domid_path, &len);
+    if (!backend_domid_str) goto out;
+    backend_domid = atoi(backend_domid_str);
+
     /* now we must check that the backend is intended for use
      * by this frontend, since the frontend's /backend xenstore node
      * is writeable by the untrustworthy guest. */
 
-    backend_dompath = xs_get_domain_path(xsh, domid_backend);
+    backend_dompath = xs_get_domain_path(xsh, backend_domid);
     if (!backend_dompath) goto out;
     
     const char *expected_devtypes[4];
@@ -336,6 +347,8 @@ static void xenstore_get_backend_path(char **backend, const char *devtype,
     free(frontend_backend_path);
     free(backend_frontend_path);
     free(frontend_doublecheck);
+    free(frontend_domid_path);
+    free(backend_domid_str);
 }
 
 static const char *xenstore_get_guest_uuid(void)
-- 
1.7.7.5 (Apple Git-26)


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel