File 63624fa6-xenstored-call-remove_domid_from_perm-for-special.patch of Package xen.39151
# Commit 0751a75e3996cf6efd3925a90b4776660d8df2bc
# Date 2022-11-02 12:08:22 +0100
# Author Juergen Gross <jgross@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
tools/xenstore: call remove_domid_from_perm() for special nodes
When destroying a domain, any stale permissions of the domain must be
removed from the special nodes "@...", too. This was not done in the
fix for XSA-322.
Fixes: 496306324d8d ("tools/xenstore: revoke access rights for removed domains")
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Julien Grall <jgrall@amazon.com>
--- a/tools/xenstore/xenstored_domain.c
+++ b/tools/xenstore/xenstored_domain.c
@@ -200,6 +200,27 @@ static void unmap_interface(void *interf
 	xengnttab_unmap(*xgt_handle, interface, 1);
 }
 
+static void remove_domid_from_perm(struct node_perms *perms,
+				   struct domain *domain)
+{
+	unsigned int cur, new;
+
+	if (perms->p[0].id == domain->domid)
+		perms->p[0].id = priv_domid;
+
+	for (cur = new = 1; cur < perms->num; cur++) {
+		if (perms->p[cur].id == domain->domid)
+			continue;
+
+		if (new != cur)
+			perms->p[new] = perms->p[cur];
+
+		new++;
+	}
+
+	perms->num = new;
+}
+
 static int domain_tree_remove_sub(const void *ctx, struct connection *conn,
 				  struct node *node, void *arg)
 {
@@ -251,6 +272,9 @@ static void domain_tree_remove(struct do
 			syslog(LOG_ERR,
 			       "error when looking for orphaned nodes\n");
 	}
+
+	remove_domid_from_perm(&dom_release_perms, domain);
+	remove_domid_from_perm(&dom_introduce_perms, domain);
 }
 
 static int destroy_domain(void *_domain)