| Message ID | 20230117091124.22170-9-jgross@suse.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | tools/xenstore: do some cleanup and fixes | expand |
Hi Juergen, On 17/01/2023 09:11, Juergen Gross wrote: > The accounting for the number of nodes of a domain in an active > transaction is not working correctly, as it allows to create arbitrary > number of nodes. The transaction will finally fail due to exceeding > the number of nodes quota, but before closing the transaction an > unprivileged guest could cause Xenstore to use a lot of memory. > > Signed-off-by: Juergen Gross <jgross@suse.com> Is the rest of the series depend on this patch? I am asking this because I still need to go through your second series before forging an opinion on this patch. Yet, I would like to reduce the number of inflight patches :). Cheers, > --- > tools/xenstore/xenstored_domain.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c > index edfe5809be..07d91eb50c 100644 > --- a/tools/xenstore/xenstored_domain.c > +++ b/tools/xenstore/xenstored_domain.c > @@ -1129,9 +1129,8 @@ int domain_nbentry_fix(unsigned int domid, int num, bool update) > > int domain_nbentry(struct connection *conn) > { > - return (domain_is_unprivileged(conn)) > - ? conn->domain->nbentry > - : 0; > + return domain_is_unprivileged(conn) > + ? domain_nbentry_add(conn, conn->id, 0, true) : 0; > } > > static bool domain_chk_quota(struct domain *domain, int mem)
On 17.01.23 15:08, Julien Grall wrote: > Hi Juergen, > > On 17/01/2023 09:11, Juergen Gross wrote: >> The accounting for the number of nodes of a domain in an active >> transaction is not working correctly, as it allows to create arbitrary >> number of nodes. The transaction will finally fail due to exceeding >> the number of nodes quota, but before closing the transaction an >> unprivileged guest could cause Xenstore to use a lot of memory. >> >> Signed-off-by: Juergen Gross <jgross@suse.com> > > Is the rest of the series depend on this patch? I am asking this because I still > need to go through your second series before forging an opinion on this patch. I think the rest should apply without this one. There shouldn't be any functional dependency. > Yet, I would like to reduce the number of inflight patches :). +1 Juergen
diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c index edfe5809be..07d91eb50c 100644 --- a/tools/xenstore/xenstored_domain.c +++ b/tools/xenstore/xenstored_domain.c @@ -1129,9 +1129,8 @@ int domain_nbentry_fix(unsigned int domid, int num, bool update) int domain_nbentry(struct connection *conn) { - return (domain_is_unprivileged(conn)) - ? conn->domain->nbentry - : 0; + return domain_is_unprivileged(conn) + ? domain_nbentry_add(conn, conn->id, 0, true) : 0; } static bool domain_chk_quota(struct domain *domain, int mem)
The accounting for the number of nodes of a domain in an active transaction is not working correctly, as it allows to create arbitrary number of nodes. The transaction will finally fail due to exceeding the number of nodes quota, but before closing the transaction an unprivileged guest could cause Xenstore to use a lot of memory. Signed-off-by: Juergen Gross <jgross@suse.com> --- tools/xenstore/xenstored_domain.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)