CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Roger Pau Monné <royger@FreeBSD.org>
	Wed, 25 Nov 2020 11:34:38 +0000 (12:34 +0100)
committer	Roger Pau Monné <royger@FreeBSD.org>
	Wed, 30 Dec 2020 10:18:26 +0000 (11:18 +0100)
commit	4e4e43dc9e1afc863670a031cc5cc75eb5e668d6
tree	b2fde3dd928e876abfc673b3453d0b2886e05d9a	tree \| snapshot
parent	2ae75536d370c238f77ad09e5e994d2b8bdf010c	commit \| diff

xen: allow limiting the amount of duplicated pending xenstore watches

Xenstore watches received are queued in a list and processed in a
deferred thread. Such queuing was done without any checking, so a
guest could potentially trigger a resource starvation against the
FreeBSD kernel if such kernel is watching any user-controlled xenstore
path.

Allowing limiting the amount of pending events a watch can accumulate
to prevent a remote guest from triggering this resource starvation
issue.

For the PV device backends and frontends this limitation is only
applied to the other end /state node, which is limited to 1 pending
event, the rest of the watched paths can still have unlimited pending
watches because they are either local or controlled by a privileged
domain.

The xenstore user-space device gets special treatment as it's not
possible for the kernel to know whether the paths being watched by
user-space processes are controlled by a guest domain. For this reason
watches set by the xenstore user-space device are limited to 1000
pending events. Note this can be modified using the
max_pending_watch_events sysctl of the device.

This is XSA-349.

Sponsored by: Citrix Systems R&D
MFC after: 3 days

sys/dev/xen/balloon/balloon.c		diff \| blob \| history
sys/dev/xen/blkback/blkback.c		diff \| blob \| history
sys/dev/xen/control/control.c		diff \| blob \| history
sys/dev/xen/xenstore/xenstore.c		diff \| blob \| history
sys/dev/xen/xenstore/xenstore_dev.c		diff \| blob \| history
sys/xen/xenbus/xenbusb.c		diff \| blob \| history
sys/xen/xenstore/xenstorevar.h		diff \| blob \| history