Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 23D537A26E for ; Sat, 6 Aug 2016 12:41:40 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 831C385F0F; Sat, 6 Aug 2016 12:41:39 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 107B285EC5 for ; Sat, 6 Aug 2016 12:41:39 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 3n7ryqECtqGo for ; Sat, 6 Aug 2016 12:41:36 +0000 (UTC) Received: from cvs.NetBSD.org (unknown [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 7288384CE5 for ; Sat, 6 Aug 2016 12:41:36 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 6CBA7FBB5; Sat, 6 Aug 2016 12:41:36 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1470487296244800" MIME-Version: 1.0 Date: Sat, 6 Aug 2016 12:41:36 +0000 From: "S.P.Zeidler" Subject: CVS commit: pkgsrc/sysutils/xentools45 To: pkgsrc-changes@NetBSD.org Reply-To: spz@netbsd.org X-Mailer: log_accum Message-Id: <20160806124136.6CBA7FBB5@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk This is a multi-part message in MIME format. --_----------=_1470487296244800 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: spz Date: Sat Aug 6 12:41:36 UTC 2016 Modified Files: pkgsrc/sysutils/xentools45: Makefile distinfo Added Files: pkgsrc/sysutils/xentools45/patches: patch-XSA-178 patch-XSA-180 patch-xenpaging_xenpaging.c Log Message: add patches to XSAs 178 and 180 from upstream add an initialization for a pointer where the compiler doesn't recognize it being assigned by posix_memalign (trivial compile fix) To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.37 pkgsrc/sysutils/xentools45/Makefile cvs rdiff -u -r1.24 -r1.25 pkgsrc/sysutils/xentools45/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/sysutils/xentools45/patches/patch-XSA-178 \ pkgsrc/sysutils/xentools45/patches/patch-XSA-180 \ pkgsrc/sysutils/xentools45/patches/patch-xenpaging_xenpaging.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1470487296244800 Content-Disposition: inline Content-Length: 59350 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/sysutils/xentools45/Makefile diff -u pkgsrc/sysutils/xentools45/Makefile:1.36 pkgsrc/sysutils/xentools45/Makefile:1.37 --- pkgsrc/sysutils/xentools45/Makefile:1.36 Sat Jul 9 13:04:08 2016 +++ pkgsrc/sysutils/xentools45/Makefile Sat Aug 6 12:41:36 2016 @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.36 2016/07/09 13:04:08 wiz Exp $ +# $NetBSD: Makefile,v 1.37 2016/08/06 12:41:36 spz Exp $ VERSION= 4.5.3 -PKGREVISION= 2 +PKGREVISION= 3 VERSION_IPXE= 9a93db3f0947484e30e753bbd61a10b17336e20e DISTNAME= xen-${VERSION} Index: pkgsrc/sysutils/xentools45/distinfo diff -u pkgsrc/sysutils/xentools45/distinfo:1.24 pkgsrc/sysutils/xentools45/distinfo:1.25 --- pkgsrc/sysutils/xentools45/distinfo:1.24 Sat May 21 20:11:21 2016 +++ pkgsrc/sysutils/xentools45/distinfo Sat Aug 6 12:41:36 2016 @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.24 2016/05/21 20:11:21 bad Exp $ +$NetBSD: distinfo,v 1.25 2016/08/06 12:41:36 spz Exp $ SHA1 (ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz) = fecadf952821e830ce1a1d19655288eef8488f88 RMD160 (ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz) = 539bfa12db7054228250d6dd380bbf96c1a040f8 @@ -20,7 +20,9 @@ SHA1 (patch-.._docs_man_xlcpupool.cfg.po SHA1 (patch-.._docs_misc_xl-disk-configuration.txt) = 5b59cfc2569d1a4c10d6c0fcb98ed35278723b79 SHA1 (patch-Makefile) = eb5d3211b26c5f10a24fcca658c83d5f60990d9f SHA1 (patch-Rules.mk) = e0dc4234c35dc2d78afad4a90b0af829a6a10b50 +SHA1 (patch-XSA-178) = 5cb68dd7d82f537e9a9d0417cc79e8cafeb05ac2 SHA1 (patch-XSA-179) = b73d44757651efe4b8df27cedd7f9827f3d6a6ca +SHA1 (patch-XSA-180) = 58a93dec38792a36bca74123444eb72fafe158a3 SHA1 (patch-blktap_drivers_Makefile) = 7cc53b2a0dea1694a969046ab8542271ca63f9e7 SHA1 (patch-configure) = 97fa4274e425984d593cd93aea36edc681462b88 SHA1 (patch-console_daemon_utils.c) = 915078ce6155a367e3e597fa7ab551f6afac083f @@ -65,4 +67,5 @@ SHA1 (patch-qemu-xen_audio_audio.c) = 84 SHA1 (patch-qemu-xen_qemu-doc.texi) = 721e80d15ac30ac71df3d6c4c485b0bf70897cf9 SHA1 (patch-qemu-xen_util_hbitmap.c) = 5a495ae2b47d1ff6dd342633b8d655582f21dffe SHA1 (patch-qemu-xen_xen-hvm.c) = 11d4deb5de577e8beb2d1c6c3ca886e3d7563f8a +SHA1 (patch-xenpaging_xenpaging.c) = 3faaa93ae6e1a0debdadf2e520f0f2781ee2ae10 SHA1 (patch-xenstore_xc.c) = 51b39e9929062e72d0ff85f0ee6d13a6ac04ac65 Added files: Index: pkgsrc/sysutils/xentools45/patches/patch-XSA-178 diff -u /dev/null pkgsrc/sysutils/xentools45/patches/patch-XSA-178:1.1 --- /dev/null Sat Aug 6 12:41:36 2016 +++ pkgsrc/sysutils/xentools45/patches/patch-XSA-178 Sat Aug 6 12:41:36 2016 @@ -0,0 +1,1332 @@ +$NetBSD: patch-XSA-178,v 1.1 2016/08/06 12:41:36 spz Exp $ + +patch for XSA-178 from the xenbits.xen.org git (stable-45 branch) +by updating the affected files to the versions in git from today +(20160806). + +Thus also included are: +"libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename" +"libxl: Cleanup: Have libxl__alloc_vdev use /libxl" +"libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be" +"libxl: keep PoD target adjustment by memory fudge after reload_domain_config()" + +which are fixes of errors introduced by XSA-178, XSA-175 and XSA-180 patches. + +This patch can be dropped when updating to 4.5.4 + +--- libxl/libxl.c.orig 2016-03-23 13:57:27.000000000 +0000 ++++ libxl/libxl.c +@@ -21,10 +21,10 @@ + #define PAGE_TO_MEMKB(pages) ((pages) * 4) + #define BACKEND_STRING_SIZE 5 + +-/* Utility to read backend xenstore keys */ +-#define READ_BACKEND(tgc, subpath) ({ \ ++/* Utility to read /libxl xenstore keys, from libxl_path */ ++#define READ_LIBXLDEV(tgc, subpath) ({ \ + rc = libxl__xs_read_checked(tgc, XBT_NULL, \ +- GCSPRINTF("%s/" subpath, be_path), \ ++ GCSPRINTF("%s/" subpath, libxl_path), \ + &tmp); \ + if (rc) goto out; \ + (char*)tmp; \ +@@ -1323,9 +1323,10 @@ static void disk_eject_xswatch_callback( + const char *wpath, const char *epath) { + EGC_GC; + libxl_evgen_disk_eject *evg = (void*)w; +- char *backend; ++ const char *backend; + char *value; + char backend_type[BACKEND_STRING_SIZE+1]; ++ int rc; + + value = libxl__xs_read(gc, XBT_NULL, wpath); + +@@ -1341,9 +1342,16 @@ static void disk_eject_xswatch_callback( + libxl_event *ev = NEW_EVENT(egc, DISK_EJECT, evg->domid, evg->user); + libxl_device_disk *disk = &ev->u.disk_eject.disk; + +- backend = libxl__xs_read(gc, XBT_NULL, +- libxl__sprintf(gc, "%.*s/backend", +- (int)strlen(wpath)-6, wpath)); ++ rc = libxl__xs_read_checked(gc, XBT_NULL, evg->be_ptr_path, &backend); ++ if (rc) { ++ LIBXL__EVENT_DISASTER(egc, "xs_read failed reading be_ptr_path", ++ errno, LIBXL_EVENT_TYPE_DISK_EJECT); ++ return; ++ } ++ if (!backend) { ++ /* device has been removed, not simply ejected */ ++ return; ++ } + + sscanf(backend, + "/local/domain/%d/backend/%" TOSTRING(BACKEND_STRING_SIZE) +@@ -1360,8 +1368,7 @@ static void disk_eject_xswatch_callback( + disk->pdev_path = strdup(""); /* xxx fixme malloc failure */ + disk->format = LIBXL_DISK_FORMAT_EMPTY; + /* this value is returned to the user: do not free right away */ +- disk->vdev = xs_read(CTX->xsh, XBT_NULL, +- libxl__sprintf(gc, "%s/dev", backend), NULL); ++ disk->vdev = libxl__strdup(NOGC, evg->vdev); + disk->removable = 1; + disk->readwrite = 0; + disk->is_cdrom = 1; +@@ -1384,19 +1391,30 @@ int libxl_evenable_disk_eject(libxl_ctx + evg->domid = guest_domid; + LIBXL_LIST_INSERT_HEAD(&CTX->disk_eject_evgens, evg, entry); + +- evg->vdev = strdup(vdev); +- if (!evg->vdev) { rc = ERROR_NOMEM; goto out; } +- + uint32_t domid = libxl_get_stubdom_id(ctx, guest_domid); + + if (!domid) + domid = guest_domid; + +- path = libxl__sprintf(gc, "%s/device/vbd/%d/eject", ++ int devid = libxl__device_disk_dev_number(vdev, NULL, NULL); ++ ++ path = GCSPRINTF("%s/device/vbd/%d/eject", + libxl__xs_get_dompath(gc, domid), +- libxl__device_disk_dev_number(vdev, NULL, NULL)); ++ devid); + if (!path) { rc = ERROR_NOMEM; goto out; } + ++ const char *libxl_path = GCSPRINTF("%s/device/vbd/%d", ++ libxl__xs_libxl_path(gc, domid), ++ devid); ++ evg->be_ptr_path = libxl__sprintf(NOGC, "%s/backend", libxl_path); ++ ++ const char *configured_vdev; ++ rc = libxl__xs_read_checked(gc, XBT_NULL, ++ GCSPRINTF("%s/dev", libxl_path), &configured_vdev); ++ if (rc) goto out; ++ ++ evg->vdev = libxl__strdup(NOGC, configured_vdev); ++ + rc = libxl__ev_xswatch_register(gc, &evg->watch, + disk_eject_xswatch_callback, path); + if (rc) goto out; +@@ -1423,6 +1441,7 @@ void libxl__evdisable_disk_eject(libxl__ + libxl__ev_xswatch_deregister(gc, &evg->watch); + + free(evg->vdev); ++ free(evg->be_ptr_path); + free(evg); + + CTX_UNLOCK; +@@ -1985,15 +2004,16 @@ out: + /* common function to get next device id */ + static int libxl__device_nextid(libxl__gc *gc, uint32_t domid, char *device) + { +- char *dompath, **l; ++ char *libxl_dom_path, **l; + unsigned int nb; + int nextid = -1; + +- if (!(dompath = libxl__xs_get_dompath(gc, domid))) ++ if (!(libxl_dom_path = libxl__xs_libxl_path(gc, domid))) + return nextid; + + l = libxl__xs_directory(gc, XBT_NULL, +- GCSPRINTF("%s/device/%s", dompath, device), &nb); ++ GCSPRINTF("%s/device/%s", libxl_dom_path, device), ++ &nb); + if (l == NULL || nb == 0) + nextid = 0; + else +@@ -2156,14 +2176,15 @@ libxl_device_vtpm *libxl_device_vtpm_lis + GC_INIT(ctx); + + libxl_device_vtpm* vtpms = NULL; +- char* fe_path = NULL; ++ char *libxl_path; + char** dir = NULL; + unsigned int ndirs = 0; ++ int rc; + + *num = 0; + +- fe_path = libxl__sprintf(gc, "%s/device/vtpm", libxl__xs_get_dompath(gc, domid)); +- dir = libxl__xs_directory(gc, XBT_NULL, fe_path, &ndirs); ++ libxl_path = GCSPRINTF("%s/device/vtpm", libxl__xs_libxl_path(gc, domid)); ++ dir = libxl__xs_directory(gc, XBT_NULL, libxl_path, &ndirs); + if (dir && ndirs) { + vtpms = malloc(sizeof(*vtpms) * ndirs); + libxl_device_vtpm* vtpm; +@@ -2172,18 +2193,17 @@ libxl_device_vtpm *libxl_device_vtpm_lis + char* tmp; + const char* be_path = libxl__xs_read(gc, XBT_NULL, + GCSPRINTF("%s/%s/backend", +- fe_path, *dir)); ++ libxl_path, *dir)); + + libxl_device_vtpm_init(vtpm); + + vtpm->devid = atoi(*dir); + +- tmp = libxl__xs_read(gc, XBT_NULL, +- GCSPRINTF("%s/%s/backend-id", +- fe_path, *dir)); +- vtpm->backend_domid = atoi(tmp); ++ rc = libxl__backendpath_parse_domid(gc, be_path, ++ &vtpm->backend_domid); ++ if (rc) return NULL; + +- tmp = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/uuid", be_path)); ++ tmp = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/uuid", libxl_path)); + if (tmp) { + if(libxl_uuid_from_string(&(vtpm->uuid), tmp)) { + LOG(ERROR, "%s/uuid is a malformed uuid?? (%s) Probably a bug!!\n", be_path, tmp); +@@ -2205,7 +2225,7 @@ int libxl_device_vtpm_getinfo(libxl_ctx + libxl_vtpminfo *vtpminfo) + { + GC_INIT(ctx); +- char *dompath, *vtpmpath; ++ char *libxl_path, *dompath, *vtpmpath; + char *val; + int rc = 0; + +@@ -2214,18 +2234,17 @@ int libxl_device_vtpm_getinfo(libxl_ctx + vtpminfo->devid = vtpm->devid; + + vtpmpath = GCSPRINTF("%s/device/vtpm/%d", dompath, vtpminfo->devid); ++ libxl_path = GCSPRINTF("%s/device/vtpm/%d", ++ libxl__xs_libxl_path(gc, domid), vtpminfo->devid); + vtpminfo->backend = xs_read(ctx->xsh, XBT_NULL, +- GCSPRINTF("%s/backend", vtpmpath), NULL); ++ GCSPRINTF("%s/backend", libxl_path), NULL); + if (!vtpminfo->backend) { + goto err; + } +- if(!libxl__xs_read(gc, XBT_NULL, vtpminfo->backend)) { +- goto err; +- } + +- val = libxl__xs_read(gc, XBT_NULL, +- GCSPRINTF("%s/backend-id", vtpmpath)); +- vtpminfo->backend_id = val ? strtoul(val, NULL, 10) : -1; ++ rc = libxl__backendpath_parse_domid(gc, vtpminfo->backend, ++ &vtpminfo->backend_id); ++ if (rc) goto exit; + + val = libxl__xs_read(gc, XBT_NULL, + GCSPRINTF("%s/state", vtpmpath)); +@@ -2240,14 +2259,11 @@ int libxl_device_vtpm_getinfo(libxl_ctx + vtpminfo->rref = val ? strtoul(val, NULL, 10) : -1; + + vtpminfo->frontend = xs_read(ctx->xsh, XBT_NULL, +- GCSPRINTF("%s/frontend", vtpminfo->backend), NULL); ++ GCSPRINTF("%s/frontend", libxl_path), NULL); ++ vtpminfo->frontend_id = domid; + + val = libxl__xs_read(gc, XBT_NULL, +- GCSPRINTF("%s/frontend-id", vtpminfo->backend)); +- vtpminfo->frontend_id = val ? strtoul(val, NULL, 10) : -1; +- +- val = libxl__xs_read(gc, XBT_NULL, +- GCSPRINTF("%s/uuid", vtpminfo->backend)); ++ GCSPRINTF("%s/uuid", libxl_path)); + if(val == NULL) { + LOG(ERROR, "%s/uuid does not exist!\n", vtpminfo->backend); + goto err; +@@ -2601,8 +2617,8 @@ void libxl__device_disk_add(libxl__egc * + device_disk_add(egc, domid, disk, aodev, NULL, NULL); + } + +-static int libxl__device_disk_from_xs_be(libxl__gc *gc, +- const char *be_path, ++static int libxl__device_disk_from_xenstore(libxl__gc *gc, ++ const char *libxl_path, + libxl_device_disk *disk) + { + libxl_ctx *ctx = libxl__gc_owner(gc); +@@ -2612,15 +2628,27 @@ static int libxl__device_disk_from_xs_be + + libxl_device_disk_init(disk); + +- rc = sscanf(be_path, "/local/domain/%d/", &disk->backend_domid); +- if (rc != 1) { +- LOG(ERROR, "Unable to fetch device backend domid from %s", be_path); +- goto cleanup; ++ const char *backend_path; ++ rc = libxl__xs_read_checked(gc, XBT_NULL, ++ GCSPRINTF("%s/backend", libxl_path), ++ &backend_path); ++ if (rc) goto out; ++ ++ if (!backend_path) { ++ LOG(ERROR, "disk %s does not exist (no backend path", libxl_path); ++ rc = ERROR_FAIL; ++ goto out; ++ } ++ ++ rc = libxl__backendpath_parse_domid(gc, backend_path, &disk->backend_domid); ++ if (rc) { ++ LOG(ERROR, "Unable to fetch device backend domid from %s", backend_path); ++ goto out; + } + + /* "params" may not be present; but everything else must be. */ + tmp = xs_read(ctx->xsh, XBT_NULL, +- libxl__sprintf(gc, "%s/params", be_path), &len); ++ libxl__sprintf(gc, "%s/params", libxl_path), &len); + if (tmp && strchr(tmp, ':')) { + disk->pdev_path = strdup(strchr(tmp, ':') + 1); + free(tmp); +@@ -2630,31 +2658,31 @@ static int libxl__device_disk_from_xs_be + + + tmp = libxl__xs_read(gc, XBT_NULL, +- libxl__sprintf(gc, "%s/type", be_path)); ++ libxl__sprintf(gc, "%s/type", libxl_path)); + if (!tmp) { +- LOG(ERROR, "Missing xenstore node %s/type", be_path); ++ LOG(ERROR, "Missing xenstore node %s/type", libxl_path); + goto cleanup; + } + libxl_string_to_backend(ctx, tmp, &(disk->backend)); + + disk->vdev = xs_read(ctx->xsh, XBT_NULL, +- libxl__sprintf(gc, "%s/dev", be_path), &len); ++ libxl__sprintf(gc, "%s/dev", libxl_path), &len); + if (!disk->vdev) { +- LOG(ERROR, "Missing xenstore node %s/dev", be_path); ++ LOG(ERROR, "Missing xenstore node %s/dev", libxl_path); + goto cleanup; + } + + tmp = libxl__xs_read(gc, XBT_NULL, libxl__sprintf +- (gc, "%s/removable", be_path)); ++ (gc, "%s/removable", libxl_path)); + if (!tmp) { +- LOG(ERROR, "Missing xenstore node %s/removable", be_path); ++ LOG(ERROR, "Missing xenstore node %s/removable", libxl_path); + goto cleanup; + } + disk->removable = atoi(tmp); + +- tmp = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/mode", be_path)); ++ tmp = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/mode", libxl_path)); + if (!tmp) { +- LOG(ERROR, "Missing xenstore node %s/mode", be_path); ++ LOG(ERROR, "Missing xenstore node %s/mode", libxl_path); + goto cleanup; + } + if (!strcmp(tmp, "w")) +@@ -2663,9 +2691,9 @@ static int libxl__device_disk_from_xs_be + disk->readwrite = 0; + + tmp = libxl__xs_read(gc, XBT_NULL, +- libxl__sprintf(gc, "%s/device-type", be_path)); ++ libxl__sprintf(gc, "%s/device-type", libxl_path)); + if (!tmp) { +- LOG(ERROR, "Missing xenstore node %s/device-type", be_path); ++ LOG(ERROR, "Missing xenstore node %s/device-type", libxl_path); + goto cleanup; + } + disk->is_cdrom = !strcmp(tmp, "cdrom"); +@@ -2674,15 +2702,17 @@ static int libxl__device_disk_from_xs_be + + return 0; + cleanup: ++ rc = ERROR_FAIL; ++ out: + libxl_device_disk_dispose(disk); +- return ERROR_FAIL; ++ return rc; + } + + int libxl_vdev_to_device_disk(libxl_ctx *ctx, uint32_t domid, + const char *vdev, libxl_device_disk *disk) + { + GC_INIT(ctx); +- char *dompath, *path; ++ char *dom_xl_path, *libxl_path; + int devid = libxl__device_disk_dev_number(vdev, NULL, NULL); + int rc = ERROR_FAIL; + +@@ -2691,39 +2721,34 @@ int libxl_vdev_to_device_disk(libxl_ctx + + libxl_device_disk_init(disk); + +- dompath = libxl__xs_get_dompath(gc, domid); +- if (!dompath) { ++ dom_xl_path = libxl__xs_libxl_path(gc, domid); ++ if (!dom_xl_path) { + goto out; + } +- path = libxl__xs_read(gc, XBT_NULL, +- libxl__sprintf(gc, "%s/device/vbd/%d/backend", +- dompath, devid)); +- if (!path) +- goto out; ++ libxl_path = GCSPRINTF("%s/device/vbd/%d", dom_xl_path, devid); + +- rc = libxl__device_disk_from_xs_be(gc, path, disk); ++ rc = libxl__device_disk_from_xenstore(gc, libxl_path, disk); + out: + GC_FREE; + return rc; + } + + +-static int libxl__append_disk_list_of_type(libxl__gc *gc, ++static int libxl__append_disk_list(libxl__gc *gc, + uint32_t domid, +- const char *type, + libxl_device_disk **disks, + int *ndisks) + { +- char *be_path = NULL; ++ char *libxl_dir_path = NULL; + char **dir = NULL; + unsigned int n = 0; + libxl_device_disk *pdisk = NULL, *pdisk_end = NULL; + int rc=0; + int initial_disks = *ndisks; + +- be_path = libxl__sprintf(gc, "%s/backend/%s/%d", +- libxl__xs_get_dompath(gc, 0), type, domid); +- dir = libxl__xs_directory(gc, XBT_NULL, be_path, &n); ++ libxl_dir_path = GCSPRINTF("%s/device/vbd", ++ libxl__xs_libxl_path(gc, domid)); ++ dir = libxl__xs_directory(gc, XBT_NULL, libxl_dir_path, &n); + if (dir && n) { + libxl_device_disk *tmp; + tmp = realloc(*disks, sizeof (libxl_device_disk) * (*ndisks + n)); +@@ -2734,10 +2759,9 @@ static int libxl__append_disk_list_of_ty + pdisk_end = *disks + initial_disks + n; + for (; pdisk < pdisk_end; pdisk++, dir++) { + const char *p; +- p = libxl__sprintf(gc, "%s/%s", be_path, *dir); +- if ((rc=libxl__device_disk_from_xs_be(gc, p, pdisk))) ++ p = libxl__sprintf(gc, "%s/%s", libxl_dir_path, *dir); ++ if ((rc=libxl__device_disk_from_xenstore(gc, p, pdisk))) + goto out; +- pdisk->backend_domid = 0; + *ndisks += 1; + } + } +@@ -2753,13 +2777,7 @@ libxl_device_disk *libxl_device_disk_lis + + *num = 0; + +- rc = libxl__append_disk_list_of_type(gc, domid, "vbd", &disks, num); +- if (rc) goto out_err; +- +- rc = libxl__append_disk_list_of_type(gc, domid, "tap", &disks, num); +- if (rc) goto out_err; +- +- rc = libxl__append_disk_list_of_type(gc, domid, "qdisk", &disks, num); ++ rc = libxl__append_disk_list(gc, domid, &disks, num); + if (rc) goto out_err; + + GC_FREE; +@@ -2779,35 +2797,45 @@ int libxl_device_disk_getinfo(libxl_ctx + libxl_device_disk *disk, libxl_diskinfo *diskinfo) + { + GC_INIT(ctx); +- char *dompath, *diskpath; ++ char *dompath, *fe_path, *libxl_path; + char *val; ++ int rc; ++ ++ diskinfo->backend = NULL; + + dompath = libxl__xs_get_dompath(gc, domid); + diskinfo->devid = libxl__device_disk_dev_number(disk->vdev, NULL, NULL); + + /* tap devices entries in xenstore are written as vbd devices. */ +- diskpath = libxl__sprintf(gc, "%s/device/vbd/%d", dompath, diskinfo->devid); ++ fe_path = GCSPRINTF("%s/device/vbd/%d", dompath, diskinfo->devid); ++ libxl_path = GCSPRINTF("%s/device/vbd/%d", ++ libxl__xs_libxl_path(gc, domid), diskinfo->devid); + diskinfo->backend = xs_read(ctx->xsh, XBT_NULL, +- libxl__sprintf(gc, "%s/backend", diskpath), NULL); ++ GCSPRINTF("%s/backend", libxl_path), NULL); + if (!diskinfo->backend) { + GC_FREE; + return ERROR_FAIL; + } +- val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/backend-id", diskpath)); +- diskinfo->backend_id = val ? strtoul(val, NULL, 10) : -1; +- val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/state", diskpath)); ++ rc = libxl__backendpath_parse_domid(gc, diskinfo->backend, ++ &diskinfo->backend_id); ++ if (rc) goto out; ++ ++ val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/state", fe_path)); + diskinfo->state = val ? strtoul(val, NULL, 10) : -1; +- val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/event-channel", diskpath)); ++ val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/event-channel", fe_path)); + diskinfo->evtch = val ? strtoul(val, NULL, 10) : -1; +- val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/ring-ref", diskpath)); ++ val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/ring-ref", fe_path)); + diskinfo->rref = val ? strtoul(val, NULL, 10) : -1; + diskinfo->frontend = xs_read(ctx->xsh, XBT_NULL, +- libxl__sprintf(gc, "%s/frontend", diskinfo->backend), NULL); +- val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/frontend-id", diskinfo->backend)); +- diskinfo->frontend_id = val ? strtoul(val, NULL, 10) : -1; ++ GCSPRINTF("%s/frontend", libxl_path), NULL); ++ diskinfo->frontend_id = domid; + + GC_FREE; + return 0; ++ ++ out: ++ free(diskinfo->backend); ++ return rc; + } + + int libxl_cdrom_insert(libxl_ctx *ctx, uint32_t domid, libxl_device_disk *disk, +@@ -2819,7 +2847,7 @@ int libxl_cdrom_insert(libxl_ctx *ctx, u + libxl_domain_config d_config; + int rc, dm_ver; + libxl__device device; +- const char * path; ++ const char *be_path, *libxl_path; + char * tmp; + libxl__domain_userdata_lock *lock = NULL; + xs_transaction_t t = XBT_NULL; +@@ -2886,7 +2914,8 @@ int libxl_cdrom_insert(libxl_ctx *ctx, u + rc = libxl__device_from_disk(gc, domid, disk, &device); + if (rc) goto out; + +- path = libxl__device_backend_path(gc, &device); ++ be_path = libxl__device_backend_path(gc, &device); ++ libxl_path = libxl__device_libxl_path(gc, &device); + + insert = flexarray_make(gc, 4, 1); + +@@ -2925,18 +2954,22 @@ int libxl_cdrom_insert(libxl_ctx *ctx, u + for (;;) { + rc = libxl__xs_transaction_start(gc, &t); + if (rc) goto out; +- /* Sanity check: make sure the backend exists before writing here */ +- tmp = libxl__xs_read(gc, t, libxl__sprintf(gc, "%s/frontend", path)); ++ /* Sanity check: make sure the device exists before writing here */ ++ tmp = libxl__xs_read(gc, t, GCSPRINTF("%s/frontend", libxl_path)); + if (!tmp) + { + LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "Internal error: %s does not exist", +- libxl__sprintf(gc, "%s/frontend", path)); ++ libxl__sprintf(gc, "%s/frontend", libxl_path)); + rc = ERROR_FAIL; + goto out; + } + +- rc = libxl__xs_writev(gc, t, path, +- libxl__xs_kvs_of_flexarray(gc, empty, empty->count)); ++ char **kvs = libxl__xs_kvs_of_flexarray(gc, empty, empty->count); ++ ++ rc = libxl__xs_writev(gc, t, be_path, kvs); ++ if (rc) goto out; ++ ++ rc = libxl__xs_writev(gc, t, libxl_path, kvs); + if (rc) goto out; + + rc = libxl__xs_transaction_commit(gc, &t); +@@ -2957,12 +2990,12 @@ int libxl_cdrom_insert(libxl_ctx *ctx, u + for (;;) { + rc = libxl__xs_transaction_start(gc, &t); + if (rc) goto out; +- /* Sanity check: make sure the backend exists before writing here */ +- tmp = libxl__xs_read(gc, t, libxl__sprintf(gc, "%s/frontend", path)); ++ /* Sanity check: make sure the device exists before writing here */ ++ tmp = libxl__xs_read(gc, t, GCSPRINTF("%s/frontend", libxl_path)); + if (!tmp) + { + LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "Internal error: %s does not exist", +- libxl__sprintf(gc, "%s/frontend", path)); ++ libxl__sprintf(gc, "%s/frontend", libxl_path)); + rc = ERROR_FAIL; + goto out; + } +@@ -2970,8 +3003,12 @@ int libxl_cdrom_insert(libxl_ctx *ctx, u + rc = libxl__set_domain_configuration(gc, domid, &d_config); + if (rc) goto out; + +- rc = libxl__xs_writev(gc, t, path, +- libxl__xs_kvs_of_flexarray(gc, insert, insert->count)); ++ char **kvs = libxl__xs_kvs_of_flexarray(gc, insert, insert->count); ++ ++ rc = libxl__xs_writev(gc, t, be_path, kvs); ++ if (rc) goto out; ++ ++ rc = libxl__xs_writev(gc, t, libxl_path, kvs); + if (rc) goto out; + + rc = libxl__xs_transaction_commit(gc, &t); +@@ -3006,7 +3043,7 @@ static char * libxl__alloc_vdev(libxl__g + { + const char *blkdev_start = (const char *) get_vdev_user; + int devid = 0, disk = 0, part = 0; +- char *dompath = libxl__xs_get_dompath(gc, LIBXL_TOOLSTACK_DOMID); ++ char *libxl_dom_path = libxl__xs_libxl_path(gc, LIBXL_TOOLSTACK_DOMID); + + libxl__device_disk_dev_number(blkdev_start, &disk, &part); + if (part != 0) { +@@ -3021,7 +3058,7 @@ static char * libxl__alloc_vdev(libxl__g + return NULL; + if (libxl__xs_read(gc, t, + libxl__sprintf(gc, "%s/device/vbd/%d/backend", +- dompath, devid)) == NULL) { ++ libxl_dom_path, devid)) == NULL) { + if (errno == ENOENT) + return libxl__devid_to_localdev(gc, devid); + else +@@ -3461,8 +3498,8 @@ out: + return; + } + +-static int libxl__device_nic_from_xs_be(libxl__gc *gc, +- const char *be_path, ++static int libxl__device_nic_from_xenstore(libxl__gc *gc, ++ const char *libxl_path, + libxl_device_nic *nic) + { + const char *tmp; +@@ -3470,7 +3507,7 @@ static int libxl__device_nic_from_xs_be( + + libxl_device_nic_init(nic); + +- tmp = READ_BACKEND(gc, "handle"); ++ tmp = READ_LIBXLDEV(gc, "handle"); + if (tmp) + nic->devid = atoi(tmp); + else +@@ -3478,7 +3515,7 @@ static int libxl__device_nic_from_xs_be( + + /* nic->mtu = */ + +- tmp = READ_BACKEND(gc, "mac"); ++ tmp = READ_LIBXLDEV(gc, "mac"); + if (tmp) { + rc = libxl__parse_mac(tmp, nic->mac); + if (rc) goto out; +@@ -3486,12 +3523,12 @@ static int libxl__device_nic_from_xs_be( + memset(nic->mac, 0, sizeof(nic->mac)); + } + +- nic->ip = READ_BACKEND(NOGC, "ip"); +- nic->bridge = READ_BACKEND(NOGC, "bridge"); +- nic->script = READ_BACKEND(NOGC, "script"); ++ nic->ip = READ_LIBXLDEV(NOGC, "ip"); ++ nic->bridge = READ_LIBXLDEV(NOGC, "bridge"); ++ nic->script = READ_LIBXLDEV(NOGC, "script"); + + /* vif_ioemu nics use the same xenstore entries as vif interfaces */ +- tmp = READ_BACKEND(gc, "type"); ++ tmp = READ_LIBXLDEV(gc, "type"); + if (tmp) { + rc = libxl_nic_type_from_string(tmp, &nic->nictype); + if (rc) goto out; +@@ -3510,21 +3547,17 @@ int libxl_devid_to_device_nic(libxl_ctx + int devid, libxl_device_nic *nic) + { + GC_INIT(ctx); +- char *dompath, *path; ++ char *libxl_dom_path, *libxl_path; + int rc = ERROR_FAIL; + + libxl_device_nic_init(nic); +- dompath = libxl__xs_get_dompath(gc, domid); +- if (!dompath) ++ libxl_dom_path = libxl__xs_libxl_path(gc, domid); ++ if (!libxl_dom_path) + goto out; + +- path = libxl__xs_read(gc, XBT_NULL, +- libxl__sprintf(gc, "%s/device/vif/%d/backend", +- dompath, devid)); +- if (!path) +- goto out; ++ libxl_path = GCSPRINTF("%s/device/vif/%d", libxl_dom_path, devid); + +- rc = libxl__device_nic_from_xs_be(gc, path, nic); ++ rc = libxl__device_nic_from_xenstore(gc, libxl_path, nic); + if (rc) goto out; + + rc = 0; +@@ -3533,21 +3566,20 @@ out: + return rc; + } + +-static int libxl__append_nic_list_of_type(libxl__gc *gc, ++static int libxl__append_nic_list(libxl__gc *gc, + uint32_t domid, +- const char *type, + libxl_device_nic **nics, + int *nnics) + { +- char *be_path = NULL; ++ char *libxl_dir_path = NULL; + char **dir = NULL; + unsigned int n = 0; + libxl_device_nic *pnic = NULL, *pnic_end = NULL; + int rc; + +- be_path = libxl__sprintf(gc, "%s/backend/%s/%d", +- libxl__xs_get_dompath(gc, 0), type, domid); +- dir = libxl__xs_directory(gc, XBT_NULL, be_path, &n); ++ libxl_dir_path = GCSPRINTF("%s/device/vif", ++ libxl__xs_libxl_path(gc, domid)); ++ dir = libxl__xs_directory(gc, XBT_NULL, libxl_dir_path, &n); + if (dir && n) { + libxl_device_nic *tmp; + tmp = realloc(*nics, sizeof (libxl_device_nic) * (*nnics + n)); +@@ -3558,10 +3590,9 @@ static int libxl__append_nic_list_of_typ + pnic_end = *nics + *nnics + n; + for (; pnic < pnic_end; pnic++, dir++) { + const char *p; +- p = libxl__sprintf(gc, "%s/%s", be_path, *dir); +- rc = libxl__device_nic_from_xs_be(gc, p, pnic); ++ p = GCSPRINTF("%s/%s", libxl_dir_path, *dir); ++ rc = libxl__device_nic_from_xenstore(gc, p, pnic); + if (rc) goto out; +- pnic->backend_domid = 0; + } + *nnics += n; + } +@@ -3579,7 +3610,7 @@ libxl_device_nic *libxl_device_nic_list( + + *num = 0; + +- rc = libxl__append_nic_list_of_type(gc, domid, "vif", &nics, num); ++ rc = libxl__append_nic_list(gc, domid, &nics, num); + if (rc) goto out_err; + + GC_FREE; +@@ -3599,22 +3630,27 @@ int libxl_device_nic_getinfo(libxl_ctx * + libxl_device_nic *nic, libxl_nicinfo *nicinfo) + { + GC_INIT(ctx); +- char *dompath, *nicpath; ++ char *dompath, *nicpath, *libxl_path; + char *val; ++ int rc; + + dompath = libxl__xs_get_dompath(gc, domid); + nicinfo->devid = nic->devid; + +- nicpath = libxl__sprintf(gc, "%s/device/vif/%d", dompath, nicinfo->devid); ++ nicpath = GCSPRINTF("%s/device/vif/%d", dompath, nicinfo->devid); ++ libxl_path = GCSPRINTF("%s/device/vif/%d", ++ libxl__xs_libxl_path(gc, domid), nicinfo->devid); + nicinfo->backend = xs_read(ctx->xsh, XBT_NULL, +- libxl__sprintf(gc, "%s/backend", nicpath), NULL); ++ GCSPRINTF("%s/backend", libxl_path), NULL); + if (!nicinfo->backend) { + GC_FREE; + return ERROR_FAIL; + } +- val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/backend-id", nicpath)); +- nicinfo->backend_id = val ? strtoul(val, NULL, 10) : -1; +- val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/state", nicpath)); ++ rc = libxl__backendpath_parse_domid(gc, nicinfo->backend, ++ &nicinfo->backend_id); ++ if (rc) goto out; ++ ++ val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/state", nicpath)); + nicinfo->state = val ? strtoul(val, NULL, 10) : -1; + val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/event-channel", nicpath)); + nicinfo->evtch = val ? strtoul(val, NULL, 10) : -1; +@@ -3622,13 +3658,13 @@ int libxl_device_nic_getinfo(libxl_ctx * + nicinfo->rref_tx = val ? strtoul(val, NULL, 10) : -1; + val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/rx-ring-ref", nicpath)); + nicinfo->rref_rx = val ? strtoul(val, NULL, 10) : -1; +- nicinfo->frontend = xs_read(ctx->xsh, XBT_NULL, +- libxl__sprintf(gc, "%s/frontend", nicinfo->backend), NULL); +- val = libxl__xs_read(gc, XBT_NULL, libxl__sprintf(gc, "%s/frontend-id", nicinfo->backend)); +- nicinfo->frontend_id = val ? strtoul(val, NULL, 10) : -1; ++ nicinfo->frontend = libxl__strdup(NOGC, nicpath); ++ nicinfo->frontend_id = domid; + ++ rc = 0; ++ out: + GC_FREE; +- return 0; ++ return rc; + } + + const char *libxl__device_nic_devname(libxl__gc *gc, +@@ -3689,6 +3725,8 @@ int libxl__device_console_add(libxl__gc + if (console->name) { + flexarray_append(ro_front, "name"); + flexarray_append(ro_front, console->name); ++ flexarray_append(back, "name"); ++ flexarray_append(back, console->name); + } + if (console->connection) { + flexarray_append(back, "connection"); +@@ -3800,8 +3838,8 @@ int libxl__init_console_from_channel(lib + return 0; + } + +-static int libxl__device_channel_from_xs_be(libxl__gc *gc, +- const char *be_path, ++static int libxl__device_channel_from_xenstore(libxl__gc *gc, ++ const char *libxl_path, + libxl_device_channel *channel) + { + const char *tmp; +@@ -3809,14 +3847,14 @@ static int libxl__device_channel_from_xs + + libxl_device_channel_init(channel); + +- /* READ_BACKEND is from libxl__device_nic_from_xs_be above */ +- channel->name = READ_BACKEND(NOGC, "name"); +- tmp = READ_BACKEND(gc, "connection"); ++ /* READ_BACKEND is from libxl__device_nic_from_xenstore above */ ++ channel->name = READ_LIBXLDEV(NOGC, "name"); ++ tmp = READ_LIBXLDEV(gc, "connection"); + if (!strcmp(tmp, "pty")) { + channel->connection = LIBXL_CHANNEL_CONNECTION_PTY; + } else if (!strcmp(tmp, "socket")) { + channel->connection = LIBXL_CHANNEL_CONNECTION_SOCKET; +- channel->u.socket.path = READ_BACKEND(NOGC, "path"); ++ channel->u.socket.path = READ_LIBXLDEV(NOGC, "path"); + } else { + rc = ERROR_INVAL; + goto out; +@@ -3827,34 +3865,32 @@ static int libxl__device_channel_from_xs + return rc; + } + +-static int libxl__append_channel_list_of_type(libxl__gc *gc, ++static int libxl__append_channel_list(libxl__gc *gc, + uint32_t domid, +- const char *type, + libxl_device_channel **channels, + int *nchannels) + { +- char *fe_path = NULL, *be_path = NULL; ++ char *libxl_dir_path = NULL; + char **dir = NULL; + unsigned int n = 0, devid = 0; + libxl_device_channel *next = NULL; + int rc = 0, i; + +- fe_path = GCSPRINTF("%s/device/%s", +- libxl__xs_get_dompath(gc, domid), type); +- dir = libxl__xs_directory(gc, XBT_NULL, fe_path, &n); ++ libxl_dir_path = GCSPRINTF("%s/device/console", ++ libxl__xs_libxl_path(gc, domid)); ++ dir = libxl__xs_directory(gc, XBT_NULL, libxl_dir_path, &n); + if (!dir || !n) + goto out; + + for (i = 0; i < n; i++) { +- const char *p, *name; ++ const char *libxl_path, *name; + libxl_device_channel *tmp; + +- p = libxl__sprintf(gc, "%s/%s", fe_path, dir[i]); +- name = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/name", p)); ++ libxl_path = GCSPRINTF("%s/%s", libxl_dir_path, dir[i]); ++ name = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/name", libxl_path)); + /* 'channels' are consoles with names, so ignore all consoles + without names */ + if (!name) continue; +- be_path = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/backend", p)); + tmp = realloc(*channels, + sizeof(libxl_device_channel) * (*nchannels + devid + 1)); + if (!tmp) { +@@ -3863,7 +3899,7 @@ static int libxl__append_channel_list_of + } + *channels = tmp; + next = *channels + *nchannels + devid; +- rc = libxl__device_channel_from_xs_be(gc, be_path, next); ++ rc = libxl__device_channel_from_xenstore(gc, libxl_path, next); + if (rc) goto out; + next->devid = devid; + devid++; +@@ -3885,7 +3921,7 @@ libxl_device_channel *libxl_device_chann + + *num = 0; + +- rc = libxl__append_channel_list_of_type(gc, domid, "console", &channels, num); ++ rc = libxl__append_channel_list(gc, domid, &channels, num); + if (rc) goto out_err; + + GC_FREE; +@@ -3906,31 +3942,32 @@ int libxl_device_channel_getinfo(libxl_c + libxl_channelinfo *channelinfo) + { + GC_INIT(ctx); +- char *dompath, *fe_path; ++ char *dompath, *fe_path, *libxl_path; + char *val; ++ int rc; + + dompath = libxl__xs_get_dompath(gc, domid); + channelinfo->devid = channel->devid; + +- fe_path = libxl__sprintf(gc, "%s/device/console/%d", dompath, +- channelinfo->devid + 1); ++ fe_path = GCSPRINTF("%s/device/console/%d", dompath, ++ channelinfo->devid + 1); ++ libxl_path = GCSPRINTF("%s/device/console/%d", ++ libxl__xs_libxl_path(gc, domid), ++ channelinfo->devid + 1); + channelinfo->backend = xs_read(ctx->xsh, XBT_NULL, +- libxl__sprintf(gc, "%s/backend", +- fe_path), NULL); ++ GCSPRINTF("%s/backend", libxl_path), NULL); + if (!channelinfo->backend) { + GC_FREE; + return ERROR_FAIL; + } +- val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/backend-id", fe_path)); +- channelinfo->backend_id = val ? strtoul(val, NULL, 10) : -1; ++ rc = libxl__backendpath_parse_domid(gc, channelinfo->backend, ++ &channelinfo->backend_id); ++ if (rc) goto out; ++ + val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/state", fe_path)); + channelinfo->state = val ? strtoul(val, NULL, 10) : -1; +- channelinfo->frontend = xs_read(ctx->xsh, XBT_NULL, +- GCSPRINTF("%s/frontend", +- channelinfo->backend), NULL); +- val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/frontend-id", +- channelinfo->backend)); +- channelinfo->frontend_id = val ? strtoul(val, NULL, 10) : -1; ++ channelinfo->frontend = libxl__strdup(NOGC, fe_path); ++ channelinfo->frontend_id = domid; + val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/ring-ref", fe_path)); + channelinfo->rref = val ? strtoul(val, NULL, 10) : -1; + val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/port", fe_path)); +@@ -3940,13 +3977,36 @@ int libxl_device_channel_getinfo(libxl_c + switch (channel->connection) { + case LIBXL_CHANNEL_CONNECTION_PTY: + val = libxl__xs_read(gc, XBT_NULL, GCSPRINTF("%s/tty", fe_path)); ++ /* ++ * It is obviously very wrong for this value to be in the ++ * frontend. But in XSA-175 we don't want to re-engineer ++ * this because other xenconsole code elsewhere (some ++ * even out of tree, perhaps) expects this node to be ++ * here. ++ * ++ * FE/pty is readonly for the guest. It always exists if ++ * FE does because libxl__device_console_add ++ * unconditionally creates it and nothing deletes it. ++ * ++ * The guest can delete the whole FE (which it has write ++ * privilege on) but the containing directories ++ * /local/GUEST[/device[/console]] are also RO for the ++ * guest. So if the guest deletes FE it cannot recreate ++ * it. ++ * ++ * Therefore the guest cannot cause FE/pty to contain bad ++ * data, although it can cause it to not exist. ++ */ ++ if (!val) val = "/NO-SUCH-PATH"; + channelinfo->u.pty.path = strdup(val); + break; + default: + break; + } ++ rc = 0; ++ out: + GC_FREE; +- return 0; ++ return rc; + } + + /******************************************************************************/ +@@ -6679,12 +6739,12 @@ int libxl_retrieve_domain_configuration( + LOG(ERROR, "fail to get memory target for domain %d", domid); + goto out; + } +- /* Target memory in xenstore is different from what user has +- * asked for. The difference is video_memkb. See +- * libxl_set_memory_target. ++ ++ /* libxl__get_targetmem_fudge() calculates the difference from ++ * what is in xenstore to what we have in the domain build info. + */ + d_config->b_info.target_memkb = target_memkb + +- d_config->b_info.video_memkb; ++ libxl__get_targetmem_fudge(gc, &d_config->b_info); + + d_config->b_info.max_memkb = max_memkb; + } + +--- libxl/libxl_device.c.orig 2016-03-23 13:57:27.000000000 +0000 ++++ libxl/libxl_device.c +@@ -40,12 +40,21 @@ char *libxl__device_backend_path(libxl__ + device->domid, device->devid); + } + ++char *libxl__device_libxl_path(libxl__gc *gc, libxl__device *device) ++{ ++ char *libxl_dom_path = libxl__xs_libxl_path(gc, device->domid); ++ ++ return GCSPRINTF("%s/device/%s/%d", libxl_dom_path, ++ libxl__device_kind_to_string(device->kind), ++ device->devid); ++} ++ + /* Returns 1 if device exists, 0 if not, ERROR_* (<0) on error. */ + int libxl__device_exists(libxl__gc *gc, xs_transaction_t t, + libxl__device *device) + { + int rc; +- char *be_path = libxl__device_backend_path(gc, device); ++ char *be_path = libxl__device_libxl_path(gc, device); + const char *dir; + + rc = libxl__xs_read_checked(gc, t, be_path, &dir); +@@ -105,14 +114,16 @@ int libxl__device_generic_add(libxl__gc + libxl__device *device, char **bents, char **fents, char **ro_fents) + { + libxl_ctx *ctx = libxl__gc_owner(gc); +- char *frontend_path, *backend_path; ++ char *frontend_path, *backend_path, *libxl_path; + struct xs_permissions frontend_perms[2]; + struct xs_permissions ro_frontend_perms[2]; + struct xs_permissions backend_perms[2]; + int create_transaction = t == XBT_NULL; ++ int rc; + + frontend_path = libxl__device_frontend_path(gc, device); + backend_path = libxl__device_backend_path(gc, device); ++ libxl_path = libxl__device_libxl_path(gc, device); + + frontend_perms[0].id = device->domid; + frontend_perms[0].perms = XS_PERM_NONE; +@@ -127,8 +138,22 @@ int libxl__device_generic_add(libxl__gc + retry_transaction: + if (create_transaction) + t = xs_transaction_start(ctx->xsh); ++ + /* FIXME: read frontend_path and check state before removing stuff */ + ++ rc = libxl__xs_rm_checked(gc, t, libxl_path); ++ if (rc) goto out; ++ ++ rc = libxl__xs_write_checked(gc, t, GCSPRINTF("%s/frontend",libxl_path), ++ frontend_path); ++ if (rc) goto out; ++ ++ rc = libxl__xs_write_checked(gc, t, GCSPRINTF("%s/backend",libxl_path), ++ backend_path); ++ if (rc) goto out; ++ ++ /* xxx much of this function lacks error checks! */ ++ + if (fents || ro_fents) { + xs_rm(ctx->xsh, t, frontend_path); + xs_mkdir(ctx->xsh, t, frontend_path); +@@ -160,6 +185,29 @@ retry_transaction: + xs_write(ctx->xsh, t, GCSPRINTF("%s/frontend", backend_path), + frontend_path, strlen(frontend_path)); + libxl__xs_writev(gc, t, backend_path, bents); ++ ++ /* ++ * We make a copy of everything for the backend in the libxl ++ * path as well. This means we don't need to trust the ++ * backend. Ideally this information would not be used and we ++ * would use the information from the json configuration ++ * instead. But there are still places in libxl that try to ++ * reconstruct a config from xenstore. ++ * ++ * This duplication will typically produces duplicate keys ++ * which will go out of date, but that's OK because nothing ++ * reads those. For example, there is usually ++ * /libxl/$guest/device/$kind/$devid/state ++ * which starts out containing XenbusStateInitialising ("1") ++ * just like the copy in ++ * /local/domain/$driverdom/backend/$guest/$kind/$devid/state ++ * but which won't ever be updated. ++ * ++ * This duplication is superfluous and messy but as discussed ++ * the proper fix is more intrusive than we want to do now. ++ */ ++ rc = libxl__xs_writev(gc, t, libxl_path, bents); ++ if (rc) goto out; + } + + if (!create_transaction) +@@ -174,6 +222,11 @@ retry_transaction: + } + } + return 0; ++ ++ out: ++ if (create_transaction && t) ++ libxl__xs_transaction_abort(gc, &t); ++ return rc; + } + + typedef struct { +@@ -258,6 +311,21 @@ static int disk_try_backend(disk_try_bac + return 0; + } + ++int libxl__backendpath_parse_domid(libxl__gc *gc, const char *be_path, ++ libxl_domid *domid_out) { ++ int r; ++ unsigned int domid_sc; ++ char delim_sc; ++ ++ r = sscanf(be_path, "/local/domain/%u%c", &domid_sc, &delim_sc); ++ if (!(r==2 && delim_sc=='/')) { ++ LOG(ERROR, "internal error: backend path %s unparseable!", be_path); ++ return ERROR_FAIL; ++ } ++ *domid_out = domid_sc; ++ return 0; ++} ++ + int libxl__device_disk_set_backend(libxl__gc *gc, libxl_device_disk *disk) { + libxl_disk_backend ok; + disk_try_backend_args a; +@@ -570,6 +638,7 @@ int libxl__device_destroy(libxl__gc *gc, + { + const char *be_path = libxl__device_backend_path(gc, dev); + const char *fe_path = libxl__device_frontend_path(gc, dev); ++ const char *libxl_path = libxl__device_libxl_path(gc, dev); + const char *tapdisk_path = GCSPRINTF("%s/%s", be_path, "tapdisk-params"); + const char *tapdisk_params; + xs_transaction_t t = 0; +@@ -594,6 +663,7 @@ int libxl__device_destroy(libxl__gc *gc, + */ + libxl__xs_path_cleanup(gc, t, fe_path); + libxl__xs_path_cleanup(gc, t, be_path); ++ libxl__xs_path_cleanup(gc, t, libxl_path); + } else if (dev->backend_domid == domid) { + /* + * The driver domain is in charge for removing what it can +@@ -636,7 +706,7 @@ void libxl__devices_destroy(libxl__egc * + libxl__multidev_begin(ao, multidev); + multidev->callback = devices_remove_callback; + +- path = GCSPRINTF("/local/domain/%d/device", domid); ++ path = GCSPRINTF("/libxl/%d/device", domid); + kinds = libxl__xs_directory(gc, XBT_NULL, path, &num_kinds); + if (!kinds) { + if (errno != ENOENT) { +@@ -649,12 +719,12 @@ void libxl__devices_destroy(libxl__egc * + if (libxl__device_kind_from_string(kinds[i], &kind)) + continue; + +- path = GCSPRINTF("/local/domain/%d/device/%s", domid, kinds[i]); ++ path = GCSPRINTF("/libxl/%d/device/%s", domid, kinds[i]); + devs = libxl__xs_directory(gc, XBT_NULL, path, &num_dev_xsentries); + if (!devs) + continue; + for (j = 0; j < num_dev_xsentries; j++) { +- path = GCSPRINTF("/local/domain/%d/device/%s/%s/backend", ++ path = GCSPRINTF("/libxl/%d/device/%s/%s/backend", + domid, kinds[i], devs[j]); + path = libxl__xs_read(gc, XBT_NULL, path); + GCNEW(dev); +@@ -679,22 +749,6 @@ void libxl__devices_destroy(libxl__egc * + } + } + +- /* console 0 frontend directory is not under /local/domain//device */ +- path = GCSPRINTF("/local/domain/%d/console/backend", domid); +- path = libxl__xs_read(gc, XBT_NULL, path); +- GCNEW(dev); +- if (path && strcmp(path, "") && +- libxl__parse_backend_path(gc, path, dev) == 0) { +- dev->domid = domid; +- dev->kind = LIBXL__DEVICE_KIND_CONSOLE; +- dev->devid = 0; +- +- /* Currently console devices can be destroyed synchronously by just +- * removing xenstore entries, this is what libxl__device_destroy does. +- */ +- libxl__device_destroy(gc, dev); +- } +- + out: + libxl__multidev_prepared(egc, multidev, rc); + } + +--- libxl/libxl_dm.c.orig 2016-03-23 13:57:27.000000000 +0000 ++++ libxl/libxl_dm.c +@@ -92,6 +92,20 @@ const char *libxl__domain_device_model(l + return dm; + } + ++/* XSA-180 / CVE-2014-3672 ++ * ++ * The QEMU shipped with Xen has a bodge. It checks for ++ * XEN_QEMU_CONSOLE_LIMIT to see how much data QEMU is allowed ++ * to write to stderr. We set that to 1MB if it is not set by ++ * system administrator. ++ */ ++static void libxl__set_qemu_env_for_xsa_180(libxl__gc *gc, ++ flexarray_t *dm_envs) ++{ ++ if (getenv("XEN_QEMU_CONSOLE_LIMIT")) return; ++ flexarray_append_pair(dm_envs, "XEN_QEMU_CONSOLE_LIMIT", "1048576"); ++} ++ + const libxl_vnc_info *libxl__dm_vnc(const libxl_domain_config *guest_config) + { + const libxl_vnc_info *vnc = NULL; +@@ -1345,7 +1359,8 @@ void libxl__spawn_local_dm(libxl__egc *e + char *path; + int logfile_w, null; + int rc; +- char **args, **arg; ++ flexarray_t *dm_envs; ++ char **args, *const *envs, **arg; + xs_transaction_t t; + char *vm_path; + char **pass_stuff; +@@ -1374,6 +1389,10 @@ void libxl__spawn_local_dm(libxl__egc *e + goto out; + } + ++ dm_envs = flexarray_make(gc, 16, 1); ++ libxl__set_qemu_env_for_xsa_180(gc, dm_envs); ++ envs = (char**) flexarray_contents(dm_envs); ++ + if (b_info->type == LIBXL_DOMAIN_TYPE_HVM) { + path = xs_get_domain_path(ctx->xsh, domid); + libxl__xs_write(gc, XBT_NULL, +@@ -1452,7 +1471,7 @@ retry_transaction: + goto out_close; + if (!rc) { /* inner child */ + setsid(); +- libxl__exec(gc, null, logfile_w, logfile_w, dm, args, NULL); ++ libxl__exec(gc, null, logfile_w, logfile_w, dm, args, envs); + } + + rc = 0; +@@ -1524,8 +1543,8 @@ static void device_model_spawn_outcome(l + void libxl__spawn_qdisk_backend(libxl__egc *egc, libxl__dm_spawn_state *dmss) + { + STATE_AO_GC(dmss->spawn.ao); +- flexarray_t *dm_args; +- char **args; ++ flexarray_t *dm_args, *dm_envs; ++ char **args, **envs; + const char *dm; + int logfile_w, null, rc; + uint32_t domid = dmss->guest_domid; +@@ -1534,6 +1553,8 @@ void libxl__spawn_qdisk_backend(libxl__e + dm = qemu_xen_path(gc); + + dm_args = flexarray_make(gc, 15, 1); ++ dm_envs = flexarray_make(gc, 1, 1); ++ + flexarray_vappend(dm_args, dm, "-xen-domid", + GCSPRINTF("%d", domid), NULL); + flexarray_append(dm_args, "-xen-attach"); +@@ -1547,6 +1568,9 @@ void libxl__spawn_qdisk_backend(libxl__e + flexarray_append(dm_args, NULL); + args = (char **) flexarray_contents(dm_args); + ++ libxl__set_qemu_env_for_xsa_180(gc, dm_envs); ++ envs = (char **) flexarray_contents(dm_envs); ++ + logfile_w = libxl__create_qemu_logfile(gc, GCSPRINTF("qdisk-%u", domid)); + if (logfile_w < 0) { + rc = logfile_w; +@@ -1580,7 +1604,7 @@ void libxl__spawn_qdisk_backend(libxl__e + goto error; + if (!rc) { /* inner child */ + setsid(); +- libxl__exec(gc, null, logfile_w, logfile_w, dm, args, NULL); ++ libxl__exec(gc, null, logfile_w, logfile_w, dm, args, envs); + } + + return; +@@ -1648,6 +1672,7 @@ int libxl__destroy_device_model(libxl__g + GCSPRINTF("/local/domain/%d/image/device-model-pid", domid)); + } + ++/* Return 0 if no dm needed, 1 if needed and <0 if error. */ + int libxl__need_xenpv_qemu(libxl__gc *gc, + int nr_consoles, libxl__device_console *consoles, + int nr_vfbs, libxl_device_vfb *vfbs, + +--- libxl/libxl_dom.c.orig 2016-03-23 13:57:27.000000000 +0000 ++++ libxl/libxl_dom.c +@@ -446,7 +446,6 @@ int libxl__build_post(libxl__gc *gc, uin + xs_transaction_t t; + char **ents; + int i, rc; +- int64_t mem_target_fudge; + + rc = libxl_domain_sched_params_set(CTX, domid, &info->sched_params); + if (rc) +@@ -473,17 +472,12 @@ int libxl__build_post(libxl__gc *gc, uin + } + } + +- mem_target_fudge = +- (info->type == LIBXL_DOMAIN_TYPE_HVM && +- info->max_memkb > info->target_memkb) +- ? LIBXL_MAXMEM_CONSTANT : 0; +- + ents = libxl__calloc(gc, 12 + (info->max_vcpus * 2) + 2, sizeof(char *)); + ents[0] = "memory/static-max"; + ents[1] = GCSPRINTF("%"PRId64, info->max_memkb); + ents[2] = "memory/target"; +- ents[3] = GCSPRINTF("%"PRId64, info->target_memkb - info->video_memkb +- - mem_target_fudge); ++ ents[3] = GCSPRINTF("%"PRId64, info->target_memkb - ++ libxl__get_targetmem_fudge(gc, info)); + ents[4] = "memory/videoram"; + ents[5] = GCSPRINTF("%"PRId64, info->video_memkb); + ents[6] = "domid"; + +--- libxl/libxl_internal.h.orig 2016-03-23 13:57:27.000000000 +0000 ++++ libxl/libxl_internal.h +@@ -271,7 +271,7 @@ struct libxl__evgen_disk_eject { + uint32_t domid; + LIBXL_LIST_ENTRY(libxl_evgen_disk_eject) entry; + libxl_ev_user user; +- char *vdev; ++ char *vdev, *be_ptr_path; + }; + _hidden void + libxl__evdisable_disk_eject(libxl__gc*, libxl_evgen_disk_eject*); +@@ -594,6 +594,8 @@ _hidden bool libxl__xs_mkdir(libxl__gc * + + _hidden char *libxl__xs_libxl_path(libxl__gc *gc, uint32_t domid); + ++_hidden int libxl__backendpath_parse_domid(libxl__gc *gc, const char *be_path, ++ libxl_domid *domid_out); + + /*----- "checked" xenstore access functions -----*/ + /* Each of these functions will check that it succeeded; if it +@@ -1061,6 +1063,7 @@ _hidden int libxl__device_generic_add(li + libxl__device *device, char **bents, char **fents, char **ro_fents); + _hidden char *libxl__device_backend_path(libxl__gc *gc, libxl__device *device); + _hidden char *libxl__device_frontend_path(libxl__gc *gc, libxl__device *device); ++_hidden char *libxl__device_libxl_path(libxl__gc *gc, libxl__device *device); + _hidden int libxl__parse_backend_path(libxl__gc *gc, const char *path, + libxl__device *dev); + _hidden int libxl__device_destroy(libxl__gc *gc, libxl__device *dev); +@@ -3578,6 +3581,21 @@ static inline void libxl__update_config_ + libxl_uuid_copy(CTX, &dst->uuid, &src->uuid); + } + ++/* Target memory in xenstore is different from what user has ++ * asked for. The difference is video_memkb + (possible) fudge. ++ * See libxl_set_memory_target. ++ */ ++static inline ++uint64_t libxl__get_targetmem_fudge(libxl__gc *gc, ++ const libxl_domain_build_info *info) ++{ ++ int64_t mem_target_fudge = (info->type == LIBXL_DOMAIN_TYPE_HVM && ++ info->max_memkb > info->target_memkb) ++ ? LIBXL_MAXMEM_CONSTANT : 0; ++ ++ return info->video_memkb + mem_target_fudge; ++} ++ + /* Macros used to compare device identifier. Returns true if the two + * devices have same identifier. */ + #define COMPARE_DEVID(a, b) ((a)->devid == (b)->devid) Index: pkgsrc/sysutils/xentools45/patches/patch-XSA-180 diff -u /dev/null pkgsrc/sysutils/xentools45/patches/patch-XSA-180:1.1 --- /dev/null Sat Aug 6 12:41:36 2016 +++ pkgsrc/sysutils/xentools45/patches/patch-XSA-180 Sat Aug 6 12:41:36 2016 @@ -0,0 +1,66 @@ +$NetBSD: patch-XSA-180,v 1.1 2016/08/06 12:41:36 spz Exp $ + +patch for XSA-180 from upstream + +--- qemu-xen-traditional/vl.c.orig 2016-01-04 15:36:03.000000000 +0000 ++++ qemu-xen-traditional/vl.c +@@ -3753,6 +3753,50 @@ static void host_main_loop_wait(int *tim + } + #endif + ++static void check_cve_2014_3672_xen(void) ++{ ++ static unsigned long limit = ~0UL; ++ const int fd = 2; ++ struct stat stab; ++ ++ if (limit == ~0UL) { ++ const char *s = getenv("XEN_QEMU_CONSOLE_LIMIT"); ++ /* XEN_QEMU_CONSOLE_LIMIT=0 means no limit */ ++ limit = s ? strtoul(s,0,0) : 1*1024*1024; ++ } ++ if (limit == 0) ++ return; ++ ++ int r = fstat(fd, &stab); ++ if (r) { ++ perror("fstat stderr (for CVE-2014-3672 check)"); ++ exit(-1); ++ } ++ if (!S_ISREG(stab.st_mode)) ++ return; ++ if (stab.st_size <= limit) ++ return; ++ ++ /* oh dear */ ++ fprintf(stderr,"\r\n" ++ "Closing stderr due to CVE-2014-3672 limit. " ++ " Set XEN_QEMU_CONSOLE_LIMIT to number of bytes to override," ++ " or 0 for no limit.\n"); ++ fflush(stderr); ++ ++ int nfd = open("/dev/null", O_WRONLY); ++ if (nfd < 0) { ++ perror("open /dev/null (for CVE-2014-3672 check)"); ++ exit(-1); ++ } ++ r = dup2(nfd, fd); ++ if (r != fd) { ++ perror("dup2 /dev/null (for CVE-2014-3672 check)"); ++ exit(-1); ++ } ++ close(nfd); ++} ++ + void main_loop_wait(int timeout) + { + IOHandlerRecord *ioh; +@@ -3762,6 +3806,8 @@ void main_loop_wait(int timeout) + + qemu_bh_update_timeout(&timeout); + ++ check_cve_2014_3672_xen(); ++ + host_main_loop_wait(&timeout); + + /* poll any events */ Index: pkgsrc/sysutils/xentools45/patches/patch-xenpaging_xenpaging.c diff -u /dev/null pkgsrc/sysutils/xentools45/patches/patch-xenpaging_xenpaging.c:1.1 --- /dev/null Sat Aug 6 12:41:36 2016 +++ pkgsrc/sysutils/xentools45/patches/patch-xenpaging_xenpaging.c Sat Aug 6 12:41:36 2016 @@ -0,0 +1,14 @@ +$NetBSD: patch-xenpaging_xenpaging.c,v 1.1 2016/08/06 12:41:36 spz Exp $ + +--- xenpaging/xenpaging.c.orig 2016-03-23 13:57:27.000000000 +0000 ++++ xenpaging/xenpaging.c +@@ -184,6 +184,9 @@ static void *init_page(void) + { + void *buffer; + ++ buffer = NULL; /* shut up compiler about uninitialized use: ++ * posix_memalign initializes it */ ++ + /* Allocated page memory */ + errno = posix_memalign(&buffer, PAGE_SIZE, PAGE_SIZE); + if ( errno != 0 ) --_----------=_1470487296244800--