Fixes for Xenstore permission related issues #81
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
LGTM |
|
|
lorc
approved these changes
May 7, 2024
LKomaryanskiy
approved these changes
May 7, 2024
There was a problem hiding this comment.
Good job!
Reviewed-by: Leonid Komarianskyi <[email protected]>
Strange issues related to Xenstore nodes permissions appeared during
usage of xenstore-srv with 2 Linux domains with PV drivers
configurations: some of the requests received -EACCES for nodes, that
are located in domain "/local/domain/{domid}" directory.
It was caused by incorrect node iterating process during path parsing.
parent_entry for current node were correct only if it was last in
previous directory (in other case it took last value from previous
Xenstore level).
Fix parent_entry processing and remember whole node during iteration
instead of just list of child nodes.
Signed-off-by: Dmytro Firsov <[email protected]>
Reviewed-by: Mykyta Poturai <[email protected]>
Reviewed-by: Grygorii Strashko <[email protected]>
Acked-by: Volodymyr Babchuk <[email protected]>
Reviewed-by: Leonid Komarianskyi <[email protected]>
During Xenstore entries initialization we should create
"local/domain/{domid}" directory and give {domid} domain read/write
access to child entries. When it is missing, local directory will
have access provided from first xss_do_write() for this domain, which
may lead to unexpected access issues.
Signed-off-by: Dmytro Firsov <[email protected]>
Reviewed-by: Mykyta Poturai <[email protected]>
Reviewed-by: Grygorii Strashko <[email protected]>
Acked-by: Volodymyr Babchuk <[email protected]>
Reviewed-by: Leonid Komarianskyi <[email protected]>
Error logs used non-const variable "path" which is modified by strtok() and divided into parts. Such messages are not helpful, because it prints only first level of path. Use const_path variable with full node path for error messages. Signed-off-by: Dmytro Firsov <[email protected]> Reviewed-by: Mykyta Poturai <[email protected]> Reviewed-by: Grygorii Strashko <[email protected]> Acked-by: Volodymyr Babchuk <[email protected]> Reviewed-by: Leonid Komarianskyi <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some problems were found when we tried to start 2 Linux domains connected with PV drivers. Xenstore configurations sometimes came into incorrect state and produce permissions errors. Patches in this PR fixes these problems.