File xsa326-07.patch of Package xen.31431
From 665a6ae7a4eb3977564a6f00c91758f988e35be8 Mon Sep 17 00:00:00 2001
From: Juergen Gross <jgross@suse.com>
Date: Tue, 13 Sep 2022 07:35:08 +0200
Subject: tools/xenstore: fix connection->id usage
Don't use conn->id for privilege checks, but domain_is_unprivileged().
This is part of XSA-326.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Julien Grall <jgrall@amazon.com>
diff --git a/tools/xenstore/xenstored_control.c b/tools/xenstore/xenstored_control.c
index e4b8aa95abfd..d3272e2ef9b5 100644
--- a/tools/xenstore/xenstored_control.c
+++ b/tools/xenstore/xenstored_control.c
@@ -180,7 +180,7 @@ int do_control(struct connection *conn, struct buffered_data *in)
int cmd;
char **vec;
- if (conn->id != 0)
+ if (domain_is_unprivileged(conn))
return EACCES;
num = xs_count_strings(in->buffer, in->used);
diff --git a/tools/xenstore/xenstored_core.h b/tools/xenstore/xenstored_core.h
index 1eb6131fc88d..98db4afcaabf 100644
--- a/tools/xenstore/xenstored_core.h
+++ b/tools/xenstore/xenstored_core.h
@@ -93,7 +93,7 @@ struct connection
/* The index of pollfd in global pollfd array */
int pollfd_idx;
- /* Who am I? 0 for socket connections. */
+ /* Who am I? Domid of connection. */
unsigned int id;
/* Is this a read-only connection? */
diff --git a/tools/xenstore/xenstored_transaction.c b/tools/xenstore/xenstored_transaction.c
index 6fbdb29dcdd7..9bef6e72a566 100644
--- a/tools/xenstore/xenstored_transaction.c
+++ b/tools/xenstore/xenstored_transaction.c
@@ -483,7 +483,8 @@ int do_transaction_start(struct connection *conn, struct buffered_data *in)
if (conn->transaction)
return EBUSY;
- if (conn->id && conn->transaction_started > quota_max_transaction)
+ if (domain_is_unprivileged(conn) &&
+ conn->transaction_started > quota_max_transaction)
return ENOSPC;
/* Attach transaction to input for autofree until it's complete */