* DRAFT XSA 142 - libxl fails to honour readonly flag on disks with qemu-xen
@ 2015-09-15 16:22 Xen.org security team
2015-09-21 11:58 ` Ian Campbell
0 siblings, 1 reply; 6+ messages in thread
From: Xen.org security team @ 2015-09-15 16:22 UTC (permalink / raw)
To: stefano.stabellini, wei.liu2, m.a.young, xen-devel; +Cc: Xen.org security team
[-- Attachment #1: Type: text/plain, Size: 3093 bytes --]
***** DRAFT DRAFT DRAFT *****
Xen Security Advisory XSA-142
libxl fails to honour readonly flag on disks with qemu-xen
ISSUE DESCRIPTION
=================
Callers of libxl can specify that a disk should be read-only to the
guest. However, there is no code in libxl to pass this information to
qemu-xen (the upstream-based qemu); and indeed there is no way in qemu
to make a disk read-only.
The vulnerability is exploitable only via devices emulated by the
device model, not the parallel PV devices for supporting PVHVM.
Normally the PVHVM device unplug protocol renders the emulated devices
inaccessible early in boot.
IMPACT
======
Malicious guest administrators or (in some situations) users may be
able to write to supposedly read-only disk images.
CDROM devices (that is, devices specified to be presented to the guest
as CDROMs, regardless of the nature of the backing storage on the
host) are not affected.
VULNERABLE SYSTEMS
==================
Only systems using qemu-xen (rather than qemu-xen-traditional) as the
device model version are vulnerable.
Only systems using libxl or libxl-based toolstacks are vulnerable.
(This includes libvirt with the libxl driver.)
All versions of libxl which support qemu-xen are vulnerable. Support
for qemu-xen was introduced in Xen 4.1.
If the host and guest together usually support PVHVM, the issue is
exploitable only if the malicious guest administrator has control of
the guest kernel or guest kernel command line.
MITIGATION
==========
Switching to qemu-xen-traditional will avoid this vulnerability.
This can be done with
device_model_version="qemu-xen-traditional"
in the xl configuration file.
Using stub domain device models (which necessarily involves switching
to qemu-xen-traditional) will also avoid this vulnerability.
This can be done with
device_model_stubdomain_override=true
in the xl configuration file.
Either of these mitigations is liable to have other guest-visible
effects or even regressions.
It may be possible, depending on the configuration, to make the
underlying storage object readonly, or to make it reject writes.
RESOLUTION
==========
There is no reasonable resolution because Qemu does not (at the time
of writing) support presenting a read-only block device to a guest as
a disk.
The attached patch corrects the weakness in the libxl code, by
rejecting the unsupported configurations, rather than allowing them to
run but with the device perhaps writeable by the guest. Applying it
should increase confidence and avoid future configuration errors, but
will break configurations specifying read-only disk devices.
xsa142.patch Xen 4.3.x and later
$ sha256sum xsa142*.patch
de0d6d19becac199037dce5a6a49e35cb7de5c99b8e2950600ed71fdc2d5a752 xsa142.patch
$
NOTE REGARDING LACK OF EMBARGO
==============================
This issue was discussed in public in the Red Hat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1257893
CREDITS
=======
Thanks to Michael Young of Durham University for bring this problem to
our attention.
[-- Attachment #2: xsa142.patch --]
[-- Type: application/octet-stream, Size: 2505 bytes --]
From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
To: <xen-devel@lists.xenproject.org>
CC: <wei.liu2@citrix.com>, <Ian.Campbell@eu.citrix.com>,
<stefano.stabellini@eu.citrix.com>, <Ian.Jackson@eu.citrix.com>,
<m.a.young@durham.ac.uk>
Subject: [PATCH v2 for-4.6] libxl: handle read-only drives with qemu-xen
Date: Tue, 15 Sep 2015 10:52:14 +0100
The current libxl code doesn't deal with read-only drives at all.
Upstream QEMU and qemu-xen only support read-only cdrom drives: make
sure to specify "readonly=on" for cdrom drives and return error in case
the user requested a non-cdrom read-only drive.
This is XSA-142, discovered by Lin Liu
(https://bugzilla.redhat.com/show_bug.cgi?id=1257893).
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
---
tools/libxl/libxl_dm.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c
index 02c0162..468ff9c 100644
--- a/tools/libxl/libxl_dm.c
+++ b/tools/libxl/libxl_dm.c
@@ -1110,13 +1110,18 @@ static int libxl__build_device_model_args_new(libxl__gc *gc,
if (disks[i].is_cdrom) {
if (disks[i].format == LIBXL_DISK_FORMAT_EMPTY)
drive = libxl__sprintf
- (gc, "if=ide,index=%d,media=cdrom,cache=writeback,id=ide-%i",
- disk, dev_number);
+ (gc, "if=ide,index=%d,readonly=%s,media=cdrom,cache=writeback,id=ide-%i",
+ disk, disks[i].readwrite ? "off" : "on", dev_number);
else
drive = libxl__sprintf
- (gc, "file=%s,if=ide,index=%d,media=cdrom,format=%s,cache=writeback,id=ide-%i",
- disks[i].pdev_path, disk, format, dev_number);
+ (gc, "file=%s,if=ide,index=%d,readonly=%s,media=cdrom,format=%s,cache=writeback,id=ide-%i",
+ disks[i].pdev_path, disk, disks[i].readwrite ? "off" : "on", format, dev_number);
} else {
+ if (!disks[i].readwrite) {
+ LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "qemu-xen doesn't support read-only disk drivers");
+ return ERROR_INVAL;
+ }
+
if (disks[i].format == LIBXL_DISK_FORMAT_EMPTY) {
LIBXL__LOG(ctx, LIBXL__LOG_WARNING, "cannot support"
" empty disk format for %s", disks[i].vdev);
--
1.7.10.4
[-- Attachment #3: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: DRAFT XSA 142 - libxl fails to honour readonly flag on disks with qemu-xen
2015-09-15 16:22 DRAFT XSA 142 - libxl fails to honour readonly flag on disks with qemu-xen Xen.org security team
@ 2015-09-21 11:58 ` Ian Campbell
2015-09-21 12:55 ` Ian Jackson
0 siblings, 1 reply; 6+ messages in thread
From: Ian Campbell @ 2015-09-21 11:58 UTC (permalink / raw)
To: Xen.org security team, stefano.stabellini, wei.liu2, m.a.young,
xen-devel
On Tue, 2015-09-15 at 16:22 +0000, Xen.org security team wrote:
> VULNERABLE SYSTEMS
> ==================
>
[...]
> Only systems using libxl or libxl-based toolstacks are vulnerable.
> (This includes libvirt with the libxl driver.)
^xl and ... ?
>
> All versions of libxl which support qemu-xen are vulnerable. Support
> for qemu-xen was introduced in Xen 4.1.
http://wiki.xenproject.org/wiki/Xen_Project_Release_Features says 4.2 as
preview and 4.3 properly. Which is wrong?
Apart from those minor nits this looks good to me, although I confess I've
not fully been following the discussion.
Ian.
^ permalink raw reply [flat|nested] 6+ messages in thread
* DRAFT XSA 142 - libxl fails to honour readonly flag on disks with qemu-xen
@ 2015-09-21 12:55 Xen.org security team
2015-09-21 13:08 ` M A Young
0 siblings, 1 reply; 6+ messages in thread
From: Xen.org security team @ 2015-09-21 12:55 UTC (permalink / raw)
To: stefano.stabellini, wei.liu2, m.a.young, xen-devel; +Cc: Xen.org security team
[-- Attachment #1: Type: text/plain, Size: 3098 bytes --]
***** DRAFT DRAFT DRAFT *****
Xen Security Advisory XSA-142
libxl fails to honour readonly flag on disks with qemu-xen
ISSUE DESCRIPTION
=================
Callers of libxl can specify that a disk should be read-only to the
guest. However, there is no code in libxl to pass this information to
qemu-xen (the upstream-based qemu); and indeed there is no way in qemu
to make a disk read-only.
The vulnerability is exploitable only via devices emulated by the
device model, not the parallel PV devices for supporting PVHVM.
Normally the PVHVM device unplug protocol renders the emulated devices
inaccessible early in boot.
IMPACT
======
Malicious guest administrators or (in some situations) users may be
able to write to supposedly read-only disk images.
CDROM devices (that is, devices specified to be presented to the guest
as CDROMs, regardless of the nature of the backing storage on the
host) are not affected.
VULNERABLE SYSTEMS
==================
Only systems using qemu-xen (rather than qemu-xen-traditional) as the
device model version are vulnerable.
Only systems using libxl or libxl-based toolstacks are vulnerable.
(This includes xl, and libvirt with the libxl driver.)
All versions of libxl which support qemu-xen are vulnerable. The
affected code was introduced in Xen 4.1.
If the host and guest together usually support PVHVM, the issue is
exploitable only if the malicious guest administrator has control of
the guest kernel or guest kernel command line.
MITIGATION
==========
Switching to qemu-xen-traditional will avoid this vulnerability.
This can be done with
device_model_version="qemu-xen-traditional"
in the xl configuration file.
Using stub domain device models (which necessarily involves switching
to qemu-xen-traditional) will also avoid this vulnerability.
This can be done with
device_model_stubdomain_override=true
in the xl configuration file.
Either of these mitigations is liable to have other guest-visible
effects or even regressions.
It may be possible, depending on the configuration, to make the
underlying storage object readonly, or to make it reject writes.
RESOLUTION
==========
There is no reasonable resolution because Qemu does not (at the time
of writing) support presenting a read-only block device to a guest as
a disk.
The attached patch corrects the weakness in the libxl code, by
rejecting the unsupported configurations, rather than allowing them to
run but with the device perhaps writeable by the guest. Applying it
should increase confidence and avoid future configuration errors, but
will break configurations specifying read-only disk devices.
xsa142.patch Xen 4.3.x and later
$ sha256sum xsa142*.patch
de0d6d19becac199037dce5a6a49e35cb7de5c99b8e2950600ed71fdc2d5a752 xsa142.patch
$
NOTE REGARDING LACK OF EMBARGO
==============================
This issue was discussed in public in the Red Hat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1257893
CREDITS
=======
Thanks to Michael Young of Durham University for bring this problem to
our attention.
[-- Attachment #2: xsa142.patch --]
[-- Type: application/octet-stream, Size: 2505 bytes --]
From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
To: <xen-devel@lists.xenproject.org>
CC: <wei.liu2@citrix.com>, <Ian.Campbell@eu.citrix.com>,
<stefano.stabellini@eu.citrix.com>, <Ian.Jackson@eu.citrix.com>,
<m.a.young@durham.ac.uk>
Subject: [PATCH v2 for-4.6] libxl: handle read-only drives with qemu-xen
Date: Tue, 15 Sep 2015 10:52:14 +0100
The current libxl code doesn't deal with read-only drives at all.
Upstream QEMU and qemu-xen only support read-only cdrom drives: make
sure to specify "readonly=on" for cdrom drives and return error in case
the user requested a non-cdrom read-only drive.
This is XSA-142, discovered by Lin Liu
(https://bugzilla.redhat.com/show_bug.cgi?id=1257893).
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
---
tools/libxl/libxl_dm.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c
index 02c0162..468ff9c 100644
--- a/tools/libxl/libxl_dm.c
+++ b/tools/libxl/libxl_dm.c
@@ -1110,13 +1110,18 @@ static int libxl__build_device_model_args_new(libxl__gc *gc,
if (disks[i].is_cdrom) {
if (disks[i].format == LIBXL_DISK_FORMAT_EMPTY)
drive = libxl__sprintf
- (gc, "if=ide,index=%d,media=cdrom,cache=writeback,id=ide-%i",
- disk, dev_number);
+ (gc, "if=ide,index=%d,readonly=%s,media=cdrom,cache=writeback,id=ide-%i",
+ disk, disks[i].readwrite ? "off" : "on", dev_number);
else
drive = libxl__sprintf
- (gc, "file=%s,if=ide,index=%d,media=cdrom,format=%s,cache=writeback,id=ide-%i",
- disks[i].pdev_path, disk, format, dev_number);
+ (gc, "file=%s,if=ide,index=%d,readonly=%s,media=cdrom,format=%s,cache=writeback,id=ide-%i",
+ disks[i].pdev_path, disk, disks[i].readwrite ? "off" : "on", format, dev_number);
} else {
+ if (!disks[i].readwrite) {
+ LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "qemu-xen doesn't support read-only disk drivers");
+ return ERROR_INVAL;
+ }
+
if (disks[i].format == LIBXL_DISK_FORMAT_EMPTY) {
LIBXL__LOG(ctx, LIBXL__LOG_WARNING, "cannot support"
" empty disk format for %s", disks[i].vdev);
--
1.7.10.4
[-- Attachment #3: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: DRAFT XSA 142 - libxl fails to honour readonly flag on disks with qemu-xen
2015-09-21 11:58 ` Ian Campbell
@ 2015-09-21 12:55 ` Ian Jackson
0 siblings, 0 replies; 6+ messages in thread
From: Ian Jackson @ 2015-09-21 12:55 UTC (permalink / raw)
To: Ian Campbell
Cc: m.a.young, xen-devel, stefano.stabellini, wei.liu2,
Xen.org security team
Ian Campbell writes ("Re: DRAFT XSA 142 - libxl fails to honour readonly flag on disks with qemu-xen"):
> On Tue, 2015-09-15 at 16:22 +0000, Xen.org security team wrote:
> > VULNERABLE SYSTEMS
> > ==================
> >
> [...]
> > Only systems using libxl or libxl-based toolstacks are vulnerable.
> > (This includes libvirt with the libxl driver.)
>
> ^xl and ... ?
Good idea, done.
> > All versions of libxl which support qemu-xen are vulnerable. Support
> > for qemu-xen was introduced in Xen 4.1.
>
> http://wiki.xenproject.org/wiki/Xen_Project_Release_Features says 4.2 as
> preview and 4.3 properly. Which is wrong?
staging-4.1 contains `libxl_build_device_model_args_new' But maybe the
feature wasn't advertised. I have reworded. to say `the affected code
was introduced in Xen 4.1'.
Last Call draft just sent.
Ian.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: DRAFT XSA 142 - libxl fails to honour readonly flag on disks with qemu-xen
2015-09-21 12:55 Xen.org security team
@ 2015-09-21 13:08 ` M A Young
0 siblings, 0 replies; 6+ messages in thread
From: M A Young @ 2015-09-21 13:08 UTC (permalink / raw)
To: Xen.org security team; +Cc: xen-devel, wei.liu2, stefano.stabellini
On Mon, 21 Sep 2015, Xen.org security team wrote:
> ***** DRAFT DRAFT DRAFT *****
>
> Xen Security Advisory XSA-142
>
> ...
>
> xsa142.patch Xen 4.3.x and later
>
> $ sha256sum xsa142*.patch
> de0d6d19becac199037dce5a6a49e35cb7de5c99b8e2950600ed71fdc2d5a752 xsa142.patch
> $
Of course you still need a separate patch for xen 4.5.1 and earlier as the
xsa142.patch file attached is only valid for xen 4.6.0. Replacing
ERROR_INVAL with NULL works for xen 4.5.1 and compiles for xen 4.4.3.
Michael Young
^ permalink raw reply [flat|nested] 6+ messages in thread
* DRAFT XSA 142 - libxl fails to honour readonly flag on disks with qemu-xen
@ 2015-09-21 14:47 Xen.org security team
0 siblings, 0 replies; 6+ messages in thread
From: Xen.org security team @ 2015-09-21 14:47 UTC (permalink / raw)
To: stefano.stabellini, wei.liu2, m.a.young, xen-devel; +Cc: Xen.org security team
[-- Attachment #1: Type: text/plain, Size: 3251 bytes --]
***** DRAFT DRAFT DRAFT *****
Xen Security Advisory XSA-142
libxl fails to honour readonly flag on disks with qemu-xen
ISSUE DESCRIPTION
=================
Callers of libxl can specify that a disk should be read-only to the
guest. However, there is no code in libxl to pass this information to
qemu-xen (the upstream-based qemu); and indeed there is no way in qemu
to make a disk read-only.
The vulnerability is exploitable only via devices emulated by the
device model, not the parallel PV devices for supporting PVHVM.
Normally the PVHVM device unplug protocol renders the emulated devices
inaccessible early in boot.
IMPACT
======
Malicious guest administrators or (in some situations) users may be
able to write to supposedly read-only disk images.
CDROM devices (that is, devices specified to be presented to the guest
as CDROMs, regardless of the nature of the backing storage on the
host) are not affected.
VULNERABLE SYSTEMS
==================
Only systems using qemu-xen (rather than qemu-xen-traditional) as the
device model version are vulnerable.
Only systems using libxl or libxl-based toolstacks are vulnerable.
(This includes xl, and libvirt with the libxl driver.)
All versions of libxl which support qemu-xen are vulnerable. The
affected code was introduced in Xen 4.1.
If the host and guest together usually support PVHVM, the issue is
exploitable only if the malicious guest administrator has control of
the guest kernel or guest kernel command line.
MITIGATION
==========
Switching to qemu-xen-traditional will avoid this vulnerability.
This can be done with
device_model_version="qemu-xen-traditional"
in the xl configuration file.
Using stub domain device models (which necessarily involves switching
to qemu-xen-traditional) will also avoid this vulnerability.
This can be done with
device_model_stubdomain_override=true
in the xl configuration file.
Either of these mitigations is liable to have other guest-visible
effects or even regressions.
It may be possible, depending on the configuration, to make the
underlying storage object readonly, or to make it reject writes.
RESOLUTION
==========
There is no reasonable resolution because Qemu does not (at the time
of writing) support presenting a read-only block device to a guest as
a disk.
The attached patch corrects the weakness in the libxl code, by
rejecting the unsupported configurations, rather than allowing them to
run but with the device perhaps writeable by the guest. Applying it
should increase confidence and avoid future configuration errors, but
will break configurations specifying read-only disk devices.
xsa142-4.6.patch Xen 4.6.x and later
xsa142-4.5.patch Xen 4.3.x to 4.5.x inclusive
$ sha256sum xsa142*.patch
9ec0649f39720bc692be03c87ebea0506d6ec574f339fc745e41b31643240124 xsa142-4.5.patch
65f01167bfc141048261f56b99ed9b48ec7ff6e98155454ced938a17ec20e7d1 xsa142-4.6.patch
$
NOTE REGARDING LACK OF EMBARGO
==============================
This issue was discussed in public in the Red Hat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1257893
CREDITS
=======
Thanks to Michael Young of Durham University for bring this problem to
our attention.
[-- Attachment #2: xsa142-4.5.patch --]
[-- Type: application/octet-stream, Size: 2489 bytes --]
From 07ca00703f76ad392eda5ee52cce1197cf49c30a Mon Sep 17 00:00:00 2001
From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Subject: [PATCH v2.1 for-4.5] libxl: handle read-only drives with qemu-xen
The current libxl code doesn't deal with read-only drives at all.
Upstream QEMU and qemu-xen only support read-only cdrom drives: make
sure to specify "readonly=on" for cdrom drives and return error in case
the user requested a non-cdrom read-only drive.
This is XSA-142, discovered by Lin Liu
(https://bugzilla.redhat.com/show_bug.cgi?id=1257893).
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Backport to Xen 4.5 and earlier, apropos of report and review from
Michael Young.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
---
tools/libxl/libxl_dm.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c
index b4ce523..d74fb14 100644
--- a/tools/libxl/libxl_dm.c
+++ b/tools/libxl/libxl_dm.c
@@ -797,13 +797,18 @@ static char ** libxl__build_device_model_args_new(libxl__gc *gc,
if (disks[i].is_cdrom) {
if (disks[i].format == LIBXL_DISK_FORMAT_EMPTY)
drive = libxl__sprintf
- (gc, "if=ide,index=%d,media=cdrom,cache=writeback,id=ide-%i",
- disk, dev_number);
+ (gc, "if=ide,index=%d,readonly=%s,media=cdrom,cache=writeback,id=ide-%i",
+ disk, disks[i].readwrite ? "off" : "on", dev_number);
else
drive = libxl__sprintf
- (gc, "file=%s,if=ide,index=%d,media=cdrom,format=%s,cache=writeback,id=ide-%i",
- disks[i].pdev_path, disk, format, dev_number);
+ (gc, "file=%s,if=ide,index=%d,readonly=%s,media=cdrom,format=%s,cache=writeback,id=ide-%i",
+ disks[i].pdev_path, disk, disks[i].readwrite ? "off" : "on", format, dev_number);
} else {
+ if (!disks[i].readwrite) {
+ LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "qemu-xen doesn't support read-only disk drivers");
+ return NULL;
+ }
+
if (disks[i].format == LIBXL_DISK_FORMAT_EMPTY) {
LIBXL__LOG(ctx, LIBXL__LOG_WARNING, "cannot support"
" empty disk format for %s", disks[i].vdev);
--
1.7.10.4
[-- Attachment #3: xsa142-4.6.patch --]
[-- Type: application/octet-stream, Size: 2319 bytes --]
From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Subject: [PATCH v2 for-4.6] libxl: handle read-only drives with qemu-xen
Date: Tue, 15 Sep 2015 10:52:14 +0100
The current libxl code doesn't deal with read-only drives at all.
Upstream QEMU and qemu-xen only support read-only cdrom drives: make
sure to specify "readonly=on" for cdrom drives and return error in case
the user requested a non-cdrom read-only drive.
This is XSA-142, discovered by Lin Liu
(https://bugzilla.redhat.com/show_bug.cgi?id=1257893).
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
---
tools/libxl/libxl_dm.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c
index 02c0162..468ff9c 100644
--- a/tools/libxl/libxl_dm.c
+++ b/tools/libxl/libxl_dm.c
@@ -1110,13 +1110,18 @@ static int libxl__build_device_model_args_new(libxl__gc *gc,
if (disks[i].is_cdrom) {
if (disks[i].format == LIBXL_DISK_FORMAT_EMPTY)
drive = libxl__sprintf
- (gc, "if=ide,index=%d,media=cdrom,cache=writeback,id=ide-%i",
- disk, dev_number);
+ (gc, "if=ide,index=%d,readonly=%s,media=cdrom,cache=writeback,id=ide-%i",
+ disk, disks[i].readwrite ? "off" : "on", dev_number);
else
drive = libxl__sprintf
- (gc, "file=%s,if=ide,index=%d,media=cdrom,format=%s,cache=writeback,id=ide-%i",
- disks[i].pdev_path, disk, format, dev_number);
+ (gc, "file=%s,if=ide,index=%d,readonly=%s,media=cdrom,format=%s,cache=writeback,id=ide-%i",
+ disks[i].pdev_path, disk, disks[i].readwrite ? "off" : "on", format, dev_number);
} else {
+ if (!disks[i].readwrite) {
+ LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "qemu-xen doesn't support read-only disk drivers");
+ return ERROR_INVAL;
+ }
+
if (disks[i].format == LIBXL_DISK_FORMAT_EMPTY) {
LIBXL__LOG(ctx, LIBXL__LOG_WARNING, "cannot support"
" empty disk format for %s", disks[i].vdev);
--
1.7.10.4
[-- Attachment #4: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-09-21 14:47 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-15 16:22 DRAFT XSA 142 - libxl fails to honour readonly flag on disks with qemu-xen Xen.org security team
2015-09-21 11:58 ` Ian Campbell
2015-09-21 12:55 ` Ian Jackson
-- strict thread matches above, loose matches on Subject: below --
2015-09-21 12:55 Xen.org security team
2015-09-21 13:08 ` M A Young
2015-09-21 14:47 Xen.org security team
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).