Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
xen.28171
xsa326-07.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xsa326-07.patch of Package xen.28171
From 9edfd7fab111833fba1d6ea5d26fd1471c090e83 Mon Sep 17 00:00:00 2001 From: Juergen Gross <jgross@suse.com> Date: Tue, 13 Sep 2022 07:35:08 +0200 Subject: tools/xenstore: fix connection->id usage Don't use conn->id for privilege checks, but domain_is_unprivileged(). This is part of XSA-326. Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Julien Grall <jgrall@amazon.com> diff --git a/tools/xenstore/xenstored_control.c b/tools/xenstore/xenstored_control.c index 8d48ab48201b..bce6662f6e45 100644 --- a/tools/xenstore/xenstored_control.c +++ b/tools/xenstore/xenstored_control.c @@ -198,7 +198,7 @@ int do_control(struct connection *conn, struct buffered_data *in) int cmd; char **vec; - if (conn->id != 0) + if (domain_is_unprivileged(conn)) return EACCES; num = xs_count_strings(in->buffer, in->used); diff --git a/tools/xenstore/xenstored_core.h b/tools/xenstore/xenstored_core.h index 1eb6131fc88d..98db4afcaabf 100644 --- a/tools/xenstore/xenstored_core.h +++ b/tools/xenstore/xenstored_core.h @@ -93,7 +93,7 @@ struct connection /* The index of pollfd in global pollfd array */ int pollfd_idx; - /* Who am I? 0 for socket connections. */ + /* Who am I? Domid of connection. */ unsigned int id; /* Is this a read-only connection? */ diff --git a/tools/xenstore/xenstored_transaction.c b/tools/xenstore/xenstored_transaction.c index 6fbdb29dcdd7..9bef6e72a566 100644 --- a/tools/xenstore/xenstored_transaction.c +++ b/tools/xenstore/xenstored_transaction.c @@ -483,7 +483,8 @@ int do_transaction_start(struct connection *conn, struct buffered_data *in) if (conn->transaction) return EBUSY; - if (conn->id && conn->transaction_started > quota_max_transaction) + if (domain_is_unprivileged(conn) && + conn->transaction_started > quota_max_transaction) return ENOSPC; /* Attach transaction to input for autofree until it's complete */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor