Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S941411AbcLVPwS (ORCPT ); Thu, 22 Dec 2016 10:52:18 -0500 Received: from mx2.suse.de ([195.135.220.15]:53950 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S941343AbcLVPwO (ORCPT ); Thu, 22 Dec 2016 10:52:14 -0500 Subject: Re: [PATCH 1/3] xen: xenbus driver must not accept invalid transaction ids To: Boris Ostrovsky , linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org References: <20161222071948.23862-1-jgross@suse.com> <20161222071948.23862-2-jgross@suse.com> <6ff2c379-4c23-3b9e-c877-9da74bf3879e@oracle.com> From: Juergen Gross Message-ID: Date: Thu, 22 Dec 2016 16:51:52 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: <6ff2c379-4c23-3b9e-c877-9da74bf3879e@oracle.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1465 Lines: 35 On 22/12/16 16:38, Boris Ostrovsky wrote: > On 12/22/2016 02:19 AM, Juergen Gross wrote: >> When accessing Xenstore in a transaction the user is specifying a >> transaction id which he normally obtained from Xenstore when starting >> the transaction. Xenstore is validating a transaction id against all >> known transaction ids of the connection the request came in. As all >> requests of a domain not being the one where Xenstore lives share >> one connection, validation of transaction ids of different users of >> Xenstore in that domain should be done by the kernel of that domain >> being the multiplexer between the Xenstore users in that domain and >> Xenstore. >> >> In order to prohibit one Xenstore user to be able to "hijack" a >> transaction from another user the xenbus driver has to verify a >> given transaction id against all known transaction ids of the user >> before forwarding it to Xenstore. >> >> Signed-off-by: Juergen Gross > > > Should this go to stable trees as well? I don't think it is necessary. First I thought this could be a security problem, but any user who could make use of that problem could easily trash complete Xenstore, so there are no additional security concerns with this "bug" not being handled. After all it is just a matter of avoiding problems due to buggy Xenstore users which are probably not existing at all. :-) > Reviewed-by: Boris Ostrovsky Thanks, Juergen