projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 297ac24) | patch
tools/xenstore: remove nodes owned by destroyed domain
authorJuergen Gross <jgross@suse.com>
Tue, 13 Sep 2022 05:35:12 +0000 (07:35 +0200)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 1 Nov 2022 13:05:44 +0000 (13:05 +0000)
commit755d3f9debf8879448211fffb018f556136f6a79
tree355454dc7c2a90233275d24ff2b836826b02cfd1tree | snapshot
parent297ac246a5d8ed656b349641288f3402dcc0251ecommit | diff
tools/xenstore: remove nodes owned by destroyed domain

In case a domain is removed from Xenstore, remove all nodes owned by
it per default.

This tackles the problem that nodes might be created by a domain
outside its home path in Xenstore, leading to Xenstore hogging more
and more memory. Domain quota don't work in this case if the guest is
rebooting in between.

Since XSA-322 ownership of such stale nodes is transferred to dom0,
which is helping against unintended access, but not against OOM of
Xenstore.

As a fallback for weird cases add a Xenstore start parameter for
keeping today's way to handle stale nodes, adding the risk of Xenstore
hitting an OOM situation.

This is part of XSA-419 / CVE-2022-42322.

Fixes: 496306324d8d ("tools/xenstore: revoke access rights for removed domains")
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Julien Grall <jgrall@amazon.com>
tools/xenstore/xenstored_core.c diff | blob | history
tools/xenstore/xenstored_core.h diff | blob | history
tools/xenstore/xenstored_domain.c diff | blob | history
tools/xenstore/xenstored_domain.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.