Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S941109AbcLVPiv (ORCPT ); Thu, 22 Dec 2016 10:38:51 -0500 Received: from aserp1040.oracle.com ([141.146.126.69]:45059 "EHLO aserp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754354AbcLVPiu (ORCPT ); Thu, 22 Dec 2016 10:38:50 -0500 Subject: Re: [PATCH 1/3] xen: xenbus driver must not accept invalid transaction ids To: Juergen Gross , linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org References: <20161222071948.23862-1-jgross@suse.com> <20161222071948.23862-2-jgross@suse.com> From: Boris Ostrovsky Message-ID: <6ff2c379-4c23-3b9e-c877-9da74bf3879e@oracle.com> Date: Thu, 22 Dec 2016 10:38:53 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <20161222071948.23862-2-jgross@suse.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Source-IP: userv0022.oracle.com [156.151.31.74] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1009 Lines: 24 On 12/22/2016 02:19 AM, Juergen Gross wrote: > When accessing Xenstore in a transaction the user is specifying a > transaction id which he normally obtained from Xenstore when starting > the transaction. Xenstore is validating a transaction id against all > known transaction ids of the connection the request came in. As all > requests of a domain not being the one where Xenstore lives share > one connection, validation of transaction ids of different users of > Xenstore in that domain should be done by the kernel of that domain > being the multiplexer between the Xenstore users in that domain and > Xenstore. > > In order to prohibit one Xenstore user to be able to "hijack" a > transaction from another user the xenbus driver has to verify a > given transaction id against all known transaction ids of the user > before forwarding it to Xenstore. > > Signed-off-by: Juergen Gross Should this go to stable trees as well? Reviewed-by: Boris Ostrovsky