On 12/22/2016 02:19 AM, Juergen Gross wrote: > When accessing Xenstore in a transaction the user is specifying a > transaction id which he normally obtained from Xenstore when starting > the transaction. Xenstore is validating a transaction id against all > known transaction ids of the connection the request came in. As all > requests of a domain not being the one where Xenstore lives share > one connection, validation of transaction ids of different users of > Xenstore in that domain should be done by the kernel of that domain > being the multiplexer between the Xenstore users in that domain and > Xenstore. > > In order to prohibit one Xenstore user to be able to "hijack" a > transaction from another user the xenbus driver has to verify a > given transaction id against all known transaction ids of the user > before forwarding it to Xenstore. > > Signed-off-by: Juergen Gross <jgr...@suse.com>
Should this go to stable trees as well? Reviewed-by: Boris Ostrovsky <boris.ostrov...@oracle.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
