From 729ba26c1180288fd93585af4328482e60babf2a Mon Sep 17 00:00:00 2001
From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Wed, 4 May 2016 16:07:02 +0100
Subject: [PATCH 12/21] libxl: Rename READ_BACKEND to READ_LIBXLDEV
We are going to want to change all the functions that use READ_BACKEND
to get untrustworthy information from the backend, to use trustworthy
information from /libxl.
This will involve replacing READ_BACKEND, which reads from be_path,
with a similar macro READ_LIBXLDEV, which reads from libxl_path.
The macro name change generates a lot of clutter in the diff. So we
break it out into this separate patch. Here, we rename the macro, but
the implementation does not really match the new name.
So, another way to look at this, is that we have transformed the bug:
* All of the backends use READ_BACKEND, which is unsafe
into the new bug:
* READ_LIBXLDEV actually reads be_path, which is unsafe.
There is no functional change as yet.
This is part of XSA-178.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
---
tools/libxl/libxl.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
index e43713e..b5578cb 100644
--- a/tools/libxl/libxl.c
+++ b/tools/libxl/libxl.c
@@ -21,8 +21,8 @@
#define PAGE_TO_MEMKB(pages) ((pages) * 4)
#define BACKEND_STRING_SIZE 5
-/* Utility to read backend xenstore keys */
-#define READ_BACKEND(tgc, subpath) ({ \
+/* Utility to read /libxl or backend xenstore keys, from be_path */
+#define READ_LIBXLDEV(tgc, subpath) ({ \
rc = libxl__xs_read_checked(tgc, XBT_NULL, \
GCSPRINTF("%s/" subpath, be_path), \
&tmp); \
@@ -3594,7 +3594,7 @@ static int libxl__device_nic_from_xenstore(libxl__gc *gc,
libxl_device_nic_init(nic);
- tmp = READ_BACKEND(gc, "handle");
+ tmp = READ_LIBXLDEV(gc, "handle");
if (tmp)
nic->devid = atoi(tmp);
else
@@ -3602,7 +3602,7 @@ static int libxl__device_nic_from_xenstore(libxl__gc *gc,
/* nic->mtu = */
- tmp = READ_BACKEND(gc, "mac");
+ tmp = READ_LIBXLDEV(gc, "mac");
if (tmp) {
rc = libxl__parse_mac(tmp, nic->mac);
if (rc) goto out;
@@ -3610,12 +3610,12 @@ static int libxl__device_nic_from_xenstore(libxl__gc *gc,
memset(nic->mac, 0, sizeof(nic->mac));
}
- nic->ip = READ_BACKEND(NOGC, "ip");
- nic->bridge = READ_BACKEND(NOGC, "bridge");
- nic->script = READ_BACKEND(NOGC, "script");
+ nic->ip = READ_LIBXLDEV(NOGC, "ip");
+ nic->bridge = READ_LIBXLDEV(NOGC, "bridge");
+ nic->script = READ_LIBXLDEV(NOGC, "script");
/* vif_ioemu nics use the same xenstore entries as vif interfaces */
- tmp = READ_BACKEND(gc, "type");
+ tmp = READ_LIBXLDEV(gc, "type");
if (tmp) {
rc = libxl_nic_type_from_string(tmp, &nic->nictype);
if (rc) goto out;
@@ -3944,13 +3944,13 @@ static int libxl__device_channel_from_xenstore(libxl__gc *gc,
libxl_device_channel_init(channel);
/* READ_BACKEND is from libxl__device_nic_from_xenstore above */
- channel->name = READ_BACKEND(NOGC, "name");
- tmp = READ_BACKEND(gc, "connection");
+ channel->name = READ_LIBXLDEV(NOGC, "name");
+ tmp = READ_LIBXLDEV(gc, "connection");
if (!strcmp(tmp, "pty")) {
channel->connection = LIBXL_CHANNEL_CONNECTION_PTY;
} else if (!strcmp(tmp, "socket")) {
channel->connection = LIBXL_CHANNEL_CONNECTION_SOCKET;
- channel->u.socket.path = READ_BACKEND(NOGC, "path");
+ channel->u.socket.path = READ_LIBXLDEV(NOGC, "path");
} else {
rc = ERROR_INVAL;
goto out;
--
2.1.4