Wed Oct 8 19:13:41 2008 UTC ()
Apply changeset 18434 from upstream xen-3.3-testing tree.
This fixes security issue http://secunia.com/advisories/32064/
(cegger)
diff -r1.9 -r1.10 pkgsrc/sysutils/xentools33/Makefile
diff -r1.12 -r1.13 pkgsrc/sysutils/xentools33/distinfo
diff -r0 -r1.1 pkgsrc/sysutils/xentools33/patches/patch-ga
diff -r0 -r1.1 pkgsrc/sysutils/xentools33/patches/patch-gb
diff -r0 -r1.1 pkgsrc/sysutils/xentools33/patches/patch-gc
diff -r0 -r1.1 pkgsrc/sysutils/xentools33/patches/patch-gd
--- pkgsrc/sysutils/xentools33/Attic/Makefile 2008/09/30 15:08:34 1.9
+++ pkgsrc/sysutils/xentools33/Attic/Makefile 2008/10/08 19:13:41 1.10
--- pkgsrc/sysutils/xentools33/Attic/distinfo 2008/09/30 15:08:34 1.12
+++ pkgsrc/sysutils/xentools33/Attic/distinfo 2008/10/08 19:13:41 1.13
$NetBSD: patch-ga,v 1.1 2008/10/08 19:13:41 cegger Exp $
--- python/xen/xend/XendDomainInfo.py.orig 2008-08-22 09:49:08.000000000 +0000
+++ python/xen/xend/XendDomainInfo.py
@@ -455,8 +455,8 @@ class XendDomainInfo:
try:
self._constructDomain()
self._storeVmDetails()
- self._createDevices()
self._createChannels()
+ self._createDevices()
self._storeDomDetails()
self._endRestore()
except:
@@ -1232,31 +1232,6 @@ class XendDomainInfo:
def permissionsVm(self, *args):
return xstransact.SetPermissions(self.vmpath, *args)
-
- def _readVmTxn(self, transaction, *args):
- paths = map(lambda x: self.vmpath + "/" + x, args)
- return transaction.read(*paths)
-
- def _writeVmTxn(self, transaction, *args):
- paths = map(lambda x: self.vmpath + "/" + x, args)
- return transaction.write(*paths)
-
- def _removeVmTxn(self, transaction, *args):
- paths = map(lambda x: self.vmpath + "/" + x, args)
- return transaction.remove(*paths)
-
- def _gatherVmTxn(self, transaction, *args):
- paths = map(lambda x: self.vmpath + "/" + x, args)
- return transaction.gather(paths)
-
- def storeVmTxn(self, transaction, *args):
- paths = map(lambda x: self.vmpath + "/" + x, args)
- return transaction.store(*paths)
-
- def permissionsVmTxn(self, transaction, *args):
- paths = map(lambda x: self.vmpath + "/" + x, args)
- return transaction.set_permissions(*paths)
-
#
# Function to update xenstore /dom/*
#
@@ -1304,8 +1279,11 @@ class XendDomainInfo:
def _recreateDomFunc(self, t):
t.remove()
t.mkdir()
- t.set_permissions({'dom' : self.domid})
+ t.set_permissions({'dom' : self.domid, 'read' : True})
t.write('vm', self.vmpath)
+ for i in [ 'device', 'control', 'error' ]:
+ t.mkdir(i)
+ t.set_permissions(i, {'dom' : self.domid})
def _storeDomDetails(self):
to_store = {
@@ -2390,11 +2368,11 @@ class XendDomainInfo:
paths = self._prepare_phantom_paths()
- self._cleanupVm()
if self.dompath is not None:
self.destroyDomain()
self._cleanup_phantom_devs(paths)
+ self._cleanupVm()
if "transient" in self.info["other_config"] \
and bool(self.info["other_config"]["transient"]):
@@ -2731,7 +2709,6 @@ class XendDomainInfo:
self._writeVm(to_store)
self._setVmPermissions()
-
def _setVmPermissions(self):
"""Allow the guest domain to read its UUID. We don't allow it to
access any other entry, for security."""
@@ -2750,7 +2727,7 @@ class XendDomainInfo:
log.warn("".join(traceback.format_stack()))
return self._stateGet()
else:
- raise AttributeError()
+ raise AttributeError(name)
def __setattr__(self, name, value):
if name == "state":
@@ -2864,12 +2841,6 @@ class XendDomainInfo:
ignore_devices = ignore_store,
legacy_only = legacy_only)
- #if not ignore_store and self.dompath:
- # vnc_port = self.readDom('console/vnc-port')
- # if vnc_port is not None:
- # result.append(['device',
- # ['console', ['vnc-port', str(vnc_port)]]])
-
return result
# Xen API
@@ -3135,7 +3106,7 @@ class XendDomainInfo:
if not config.has_key('device'):
devid = config.get('id')
if devid != None:
- config['device'] = 'eth%d' % devid
+ config['device'] = 'eth%s' % devid
else:
config['device'] = ''
$NetBSD: patch-gb,v 1.1 2008/10/08 19:13:41 cegger Exp $
--- python/xen/xend/image.py.orig 2008-08-22 09:49:08.000000000 +0000
+++ python/xen/xend/image.py
@@ -502,7 +502,7 @@ class ImageHandler:
if fifo_fd >= 0:
self._openSentinel(sentinel_path_fifo)
os.close(fifo_fd)
- self.pid = self.vm.gatherDom(('image/device-model-pid', int))
+ self.pid = self.vm._gatherDom(('image/device-model-pid', int))
log.debug("%s device model rediscovered, pid %s sentinel fifo %s",
name, self.pid, sentinel_path_fifo)
self.sentinel_thread = thread.start_new_thread(self._sentinel_watch,())
$NetBSD: patch-gc,v 1.1 2008/10/08 19:13:41 cegger Exp $
--- python/xen/xend/server/DevController.py.orig 2008-08-22 09:49:08.000000000 +0000
+++ python/xen/xend/server/DevController.py
@@ -126,8 +126,11 @@ class DevController:
log.debug(
'DevController: still waiting to write device entries.')
+ devpath = self.devicePath(devid)
+
t.remove(frontpath)
t.remove(backpath)
+ t.remove(devpath)
t.mkdir(backpath)
t.set_permissions(backpath,
@@ -142,6 +145,14 @@ class DevController:
t.write2(frontpath, front)
t.write2(backpath, back)
+ t.mkdir(devpath)
+ t.write2(devpath, {
+ 'backend' : backpath,
+ 'backend-id' : "%i" % backdom,
+ 'frontend' : frontpath,
+ 'frontend-id' : "%i" % self.vm.getDomid()
+ })
+
if t.commit():
return devid
@@ -254,11 +265,12 @@ class DevController:
if force:
frontpath = self.frontendPath(dev)
- backpath = xstransact.Read(frontpath, "backend")
+ backpath = self.readVm(devid, "backend")
if backpath:
xstransact.Remove(backpath)
xstransact.Remove(frontpath)
+ # xstransact.Remove(self.devicePath()) ?? Below is the same ?
self.vm._removeVm("device/%s/%d" % (self.deviceClass, dev))
def configurations(self, transaction = None):
@@ -302,9 +314,10 @@ class DevController:
@return: dict
"""
if transaction is None:
- backdomid = xstransact.Read(self.frontendPath(devid), "backend-id")
+ backdomid = xstransact.Read(self.devicePath(devid), "backend-id")
else:
- backdomid = transaction.read(self.frontendPath(devid) + "/backend-id")
+ backdomid = transaction.read(self.devicePath(devid) + "/backend-id")
+
if backdomid is None:
raise VmError("Device %s not connected" % devid)
@@ -446,17 +459,22 @@ class DevController:
else:
raise VmError("Device %s not connected" % devid)
+ def readVm(self, devid, *args):
+ devpath = self.devicePath(devid)
+ if devpath:
+ return xstransact.Read(devpath, *args)
+ else:
+ raise VmError("Device config %s not found" % devid)
+
def readBackend(self, devid, *args):
- frontpath = self.frontendPath(devid)
- backpath = xstransact.Read(frontpath, "backend")
+ backpath = self.readVm(devid, "backend")
if backpath:
return xstransact.Read(backpath, *args)
else:
raise VmError("Device %s not connected" % devid)
def readBackendTxn(self, transaction, devid, *args):
- frontpath = self.frontendPath(devid)
- backpath = transaction.read(frontpath + "/backend")
+ backpath = self.readVm(devid, "backend")
if backpath:
paths = map(lambda x: backpath + "/" + x, args)
return transaction.read(*paths)
@@ -474,7 +492,7 @@ class DevController:
"""@return The IDs of each of the devices currently configured for
this instance's deviceClass.
"""
- fe = self.backendRoot()
+ fe = self.deviceRoot()
if transaction:
return map(lambda x: int(x.split('/')[-1]), transaction.list(fe))
@@ -483,8 +501,7 @@ class DevController:
def writeBackend(self, devid, *args):
- frontpath = self.frontendPath(devid)
- backpath = xstransact.Read(frontpath, "backend")
+ backpath = self.readVm(devid, "backend")
if backpath:
xstransact.Write(backpath, *args)
@@ -549,9 +566,8 @@ class DevController:
def waitForBackend(self, devid):
-
frontpath = self.frontendPath(devid)
- # lookup a phantom
+ # lookup a phantom
phantomPath = xstransact.Read(frontpath, 'phantom_vbd')
if phantomPath is not None:
log.debug("Waiting for %s's phantom %s.", devid, phantomPath)
@@ -564,7 +580,7 @@ class DevController:
if result['status'] != 'Connected':
return (result['status'], err)
- backpath = xstransact.Read(frontpath, "backend")
+ backpath = self.readVm(devid, "backend")
if backpath:
@@ -629,17 +645,20 @@ class DevController:
def frontendRoot(self):
return "%s/device/%s" % (self.vm.getDomainPath(), self.deviceClass)
- def backendRoot(self):
- """Construct backend root path assuming backend is domain 0."""
- from xen.xend.XendDomain import DOM0_ID
- from xen.xend.xenstore.xsutil import GetDomainPath
- return "%s/backend/%s/%s" % (GetDomainPath(DOM0_ID),
- self.deviceClass, self.vm.getDomid())
-
def frontendMiscPath(self):
return "%s/device-misc/%s" % (self.vm.getDomainPath(),
self.deviceClass)
+ def deviceRoot(self):
+ """Return the /vm/device. Because backendRoot assumes the
+ backend domain is 0"""
+ return "%s/device/%s" % (self.vm.vmpath, self.deviceClass)
+
+ def devicePath(self, devid):
+ """Return the /device entry of the given VM. We use it to store
+ backend/frontend locations"""
+ return "%s/device/%s/%s" % (self.vm.vmpath,
+ self.deviceClass, devid)
def hotplugStatusCallback(statusPath, ev, result):
log.debug("hotplugStatusCallback %s.", statusPath)
$NetBSD: patch-gd,v 1.1 2008/10/08 19:13:41 cegger Exp $
--- python/xen/xend/server/netif.py.orig 2008-08-22 09:49:08.000000000 +0000
+++ python/xen/xend/server/netif.py
@@ -142,10 +142,6 @@ class NetifController(DevController):
if sec_lab:
back['security_label'] = sec_lab
- config_path = "device/%s/%d/" % (self.deviceClass, devid)
- for x in back:
- self.vm._writeVm(config_path + x, back[x])
-
back['handle'] = "%i" % devid
back['script'] = os.path.join(xoptions.network_script_dir, script)
if rate:
@@ -189,40 +185,14 @@ class NetifController(DevController):
result = DevController.getDeviceConfiguration(self, devid, transaction)
- config_path = "device/%s/%d/" % (self.deviceClass, devid)
- devinfo = ()
for x in ( 'script', 'ip', 'bridge', 'mac',
'type', 'vifname', 'rate', 'uuid', 'model', 'accel',
'security_label'):
if transaction is None:
- y = self.vm._readVm(config_path + x)
+ y = self.readBackend(devid, x)
else:
- y = self.vm._readVmTxn(transaction, config_path + x)
- devinfo += (y,)
- (script, ip, bridge, mac, typ, vifname, rate, uuid,
- model, accel, security_label) = devinfo
-
- if script:
- result['script'] = script
- if ip:
- result['ip'] = ip
- if bridge:
- result['bridge'] = bridge
- if mac:
- result['mac'] = mac
- if typ:
- result['type'] = typ
- if vifname:
- result['vifname'] = vifname
- if rate:
- result['rate'] = rate
- if uuid:
- result['uuid'] = uuid
- if model:
- result['model'] = model
- if accel:
- result['accel'] = accel
- if security_label:
- result['security_label'] = security_label
+ y = self.readBackendTxn(transaction, devid, x)
+ if y:
+ result[x] = y
return result