Message ID | 20200131142557.2896-1-jgross@suse.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | tools/xenstore: don't apply write limiting for privileged domain | expand |
On Fri, Jan 31, 2020 at 03:25:57PM +0100, Juergen Gross wrote: > Xenstore write limiting should not be applied to dom0. Unfortunately > write limiting is disabled only for connections via sockets. When > running in a stubdom Xenstore will apply write limiting to dom0, too. > Change that by testing for the domain to be privileged as well. > > Signed-off-by: Juergen Gross <jgross@suse.com> Acked-by: Wei Liu <wl@xen.org> > --- > tools/xenstore/xenstored_domain.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c > index 1a83097952..c7c6c574df 100644 > --- a/tools/xenstore/xenstored_domain.c > +++ b/tools/xenstore/xenstored_domain.c > @@ -918,8 +918,8 @@ void wrl_apply_debit_actual(struct domain *domain) > { > struct wrl_timestampt now; > > - if (!domain) > - /* sockets escape the write rate limit */ > + if (!domain || !domid_is_unprivileged(domain->domid)) > + /* sockets and dom0 escape the write rate limit */ > return; > > wrl_gettime_now(&now); > -- > 2.16.4 >
On Fri, Jan 31, 2020 at 02:55:44PM +0000, Wei Liu wrote: > On Fri, Jan 31, 2020 at 03:25:57PM +0100, Juergen Gross wrote: > > Xenstore write limiting should not be applied to dom0. Unfortunately > > write limiting is disabled only for connections via sockets. When > > running in a stubdom Xenstore will apply write limiting to dom0, too. > > Change that by testing for the domain to be privileged as well. > > > > Signed-off-by: Juergen Gross <jgross@suse.com> > > Acked-by: Wei Liu <wl@xen.org> > > > --- > > tools/xenstore/xenstored_domain.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c > > index 1a83097952..c7c6c574df 100644 > > --- a/tools/xenstore/xenstored_domain.c > > +++ b/tools/xenstore/xenstored_domain.c > > @@ -918,8 +918,8 @@ void wrl_apply_debit_actual(struct domain *domain) > > { > > struct wrl_timestampt now; > > > > - if (!domain) > > - /* sockets escape the write rate limit */ > > + if (!domain || !domid_is_unprivileged(domain->domid)) > > + /* sockets and dom0 escape the write rate limit */ Actually I think changing dom0 to "privileged domain" makes more sense here because you're allowed to specify a non-0 domain ID as privileged domid. If you agree I can fix it while committing. Wei. > > return; > > > > wrl_gettime_now(&now); > > -- > > 2.16.4 > >
On 31.01.20 15:58, Wei Liu wrote: > On Fri, Jan 31, 2020 at 02:55:44PM +0000, Wei Liu wrote: >> On Fri, Jan 31, 2020 at 03:25:57PM +0100, Juergen Gross wrote: >>> Xenstore write limiting should not be applied to dom0. Unfortunately >>> write limiting is disabled only for connections via sockets. When >>> running in a stubdom Xenstore will apply write limiting to dom0, too. >>> Change that by testing for the domain to be privileged as well. >>> >>> Signed-off-by: Juergen Gross <jgross@suse.com> >> >> Acked-by: Wei Liu <wl@xen.org> >> >>> --- >>> tools/xenstore/xenstored_domain.c | 4 ++-- >>> 1 file changed, 2 insertions(+), 2 deletions(-) >>> >>> diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c >>> index 1a83097952..c7c6c574df 100644 >>> --- a/tools/xenstore/xenstored_domain.c >>> +++ b/tools/xenstore/xenstored_domain.c >>> @@ -918,8 +918,8 @@ void wrl_apply_debit_actual(struct domain *domain) >>> { >>> struct wrl_timestampt now; >>> >>> - if (!domain) >>> - /* sockets escape the write rate limit */ >>> + if (!domain || !domid_is_unprivileged(domain->domid)) >>> + /* sockets and dom0 escape the write rate limit */ > > Actually I think changing dom0 to "privileged domain" makes more sense > here because you're allowed to specify a non-0 domain ID as privileged > domid. > > If you agree I can fix it while committing. Yes, sure. Juergen
diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c index 1a83097952..c7c6c574df 100644 --- a/tools/xenstore/xenstored_domain.c +++ b/tools/xenstore/xenstored_domain.c @@ -918,8 +918,8 @@ void wrl_apply_debit_actual(struct domain *domain) { struct wrl_timestampt now; - if (!domain) - /* sockets escape the write rate limit */ + if (!domain || !domid_is_unprivileged(domain->domid)) + /* sockets and dom0 escape the write rate limit */ return; wrl_gettime_now(&now);
Xenstore write limiting should not be applied to dom0. Unfortunately write limiting is disabled only for connections via sockets. When running in a stubdom Xenstore will apply write limiting to dom0, too. Change that by testing for the domain to be privileged as well. Signed-off-by: Juergen Gross <jgross@suse.com> --- tools/xenstore/xenstored_domain.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)