From db34d2aaa5f5eb5826a939fe8eacb91432a87d42 Mon Sep 17 00:00:00 2001 From: Ewan Mellor Date: Mon, 13 Nov 2006 10:43:29 +0000 Subject: Fix handling of the entries-per-domain quota. Entries which are created by the guest but deleted by dom0 were remaining accounted against the guest, which meant that the guest would eventually run out of quota. This patch also prevents unprivileged domains from changing the owner of a node. One guest could attack another by creating nodes and then transferring them to the ownership of another, and though the accounting could be made to work properly in this case, domains should never be transferring nodes in any case, so it seems safer just to disallow the operation entirely. Signed-off-by: Ewan Mellor --- tools/xenstore/xenstored_domain.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tools/xenstore/xenstored_domain.h') diff --git a/tools/xenstore/xenstored_domain.h b/tools/xenstore/xenstored_domain.h index 38f26b52de..4acf61bbac 100644 --- a/tools/xenstore/xenstored_domain.h +++ b/tools/xenstore/xenstored_domain.h @@ -50,8 +50,8 @@ bool domain_can_write(struct connection *conn); bool domain_is_unprivileged(struct connection *conn); /* Quota manipulation */ -void domain_entry_inc(struct connection *conn); -void domain_entry_dec(struct connection *conn); +void domain_entry_inc(struct connection *conn, struct node *); +void domain_entry_dec(struct connection *conn, struct node *); int domain_entry(struct connection *conn); void domain_watch_inc(struct connection *conn); void domain_watch_dec(struct connection *conn); -- cgit v1.2.3