dgit.raspbian.org Git - xen.git/commit

author	Juergen Gross <jgross@suse.com>
	Tue, 13 Sep 2022 05:35:08 +0000 (07:35 +0200)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Tue, 1 Nov 2022 13:05:44 +0000 (13:05 +0000)
commit	36de433a273f55d614c83b89c9a8972287a1e475
tree	b0597a2cdf3879b0c5134657fd395736086db948	tree \| snapshot
parent	5285dcb1a5c01695c11e6397c95d906b5e765c98	commit \| diff

tools/xenstore: limit outstanding requests

Add another quota for limiting the number of outstanding requests of a
guest. As the way to specify quotas on the command line is becoming
rather nasty, switch to a new scheme using [--quota|-Q] <what>=<val>
allowing to add more quotas in future easily.

Set the default value to 20 (basically a random value not seeming to
be too high or too low).

A request is said to be outstanding if any message generated by this
request (the direct response plus potential watch events) is not yet
completely stored into a ring buffer. The initial watch event sent as
a result of registering a watch is an exception.

Note that across a live update the relation to buffered watch events
for other domains is lost.

Use talloc_zero() for allocating the domain structure in order to have
all per-domain quota zeroed initially.

This is part of XSA-326 / CVE-2022-42312.

Signed-off-by: Juergen Gross <jgross@suse.com>
Acked-by: Julien Grall <jgrall@amazon.com>

tools/xenstore/xenstored_core.c		diff \| blob \| history
tools/xenstore/xenstored_core.h		diff \| blob \| history
tools/xenstore/xenstored_domain.c		diff \| blob \| history
tools/xenstore/xenstored_domain.h		diff \| blob \| history
tools/xenstore/xenstored_watch.c		diff \| blob \| history