projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 61917a0) | patch
oxenstored: Protect oxenstored from malicious domains.
author=John Liu <john.liuqiming@huawei.com>
Mon, 22 Jul 2013 21:23:10 +0000 (22:23 +0100)
committerIan Campbell <ian.campbell@citrix.com>
Mon, 22 Jul 2013 21:23:10 +0000 (22:23 +0100)
commit704302ce9404c73cfb687d31adcf67094ab5bb53
tree28ba781031c1ad021085e36cb2c0ab55340c92detree | snapshot
parent61917a0802b93cebd596c6c71aa13df428149f67commit | diff
oxenstored: Protect oxenstored from malicious domains.

add check logic when read from IO ring, and if error happens,
then mark the reading connection as "bad", Unless vm reboot,
oxenstored will not handle message from this connection any more.

xs_ring_stubs.c: add a more strict check on ring reading
connection.ml, domain.ml: add getter and setter for bad flag
process.ml: if exception raised when reading from domain's ring,
            mark this domain as "bad"
xenstored.ml: if a domain is marked as "bad", do not handle it.

Signed-off-by: John Liu <john.liuqiming@huawei.com>
Acked-by: David Scott <dave.scott@eu.citrix.com>
tools/ocaml/libs/xb/xs_ring_stubs.c diff | blob | history
tools/ocaml/xenstored/connection.ml diff | blob | history
tools/ocaml/xenstored/domain.ml diff | blob | history
tools/ocaml/xenstored/process.ml diff | blob | history
tools/ocaml/xenstored/xenstored.ml diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.