Xenstore write limiting should not be applied to dom0. Unfortunately
write limiting is disabled only for connections via sockets. When
running in a stubdom Xenstore will apply write limiting to dom0, too.
Change that by testing for the domain to be privileged as well.
Signed-off-by: Juergen Gross <jgross@suse.com>
---
tools/xenstore/xenstored_domain.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c
index 1a83097952..c7c6c574df 100644
--- a/tools/xenstore/xenstored_domain.c
+++ b/tools/xenstore/xenstored_domain.c
@@ -918,8 +918,8 @@ void wrl_apply_debit_actual(struct domain *domain)
{
struct wrl_timestampt now;
- if (!domain)
- /* sockets escape the write rate limit */
+ if (!domain || !domid_is_unprivileged(domain->domid))
+ /* sockets and dom0 escape the write rate limit */
return;
wrl_gettime_now(&now);
--
2.16.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-develOn Fri, Jan 31, 2020 at 03:25:57PM +0100, Juergen Gross wrote:
> Xenstore write limiting should not be applied to dom0. Unfortunately
> write limiting is disabled only for connections via sockets. When
> running in a stubdom Xenstore will apply write limiting to dom0, too.
> Change that by testing for the domain to be privileged as well.
>
> Signed-off-by: Juergen Gross <jgross@suse.com>
Acked-by: Wei Liu <wl@xen.org>
> ---
> tools/xenstore/xenstored_domain.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c
> index 1a83097952..c7c6c574df 100644
> --- a/tools/xenstore/xenstored_domain.c
> +++ b/tools/xenstore/xenstored_domain.c
> @@ -918,8 +918,8 @@ void wrl_apply_debit_actual(struct domain *domain)
> {
> struct wrl_timestampt now;
>
> - if (!domain)
> - /* sockets escape the write rate limit */
> + if (!domain || !domid_is_unprivileged(domain->domid))
> + /* sockets and dom0 escape the write rate limit */
> return;
>
> wrl_gettime_now(&now);
> --
> 2.16.4
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
On Fri, Jan 31, 2020 at 02:55:44PM +0000, Wei Liu wrote:
> On Fri, Jan 31, 2020 at 03:25:57PM +0100, Juergen Gross wrote:
> > Xenstore write limiting should not be applied to dom0. Unfortunately
> > write limiting is disabled only for connections via sockets. When
> > running in a stubdom Xenstore will apply write limiting to dom0, too.
> > Change that by testing for the domain to be privileged as well.
> >
> > Signed-off-by: Juergen Gross <jgross@suse.com>
>
> Acked-by: Wei Liu <wl@xen.org>
>
> > ---
> > tools/xenstore/xenstored_domain.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c
> > index 1a83097952..c7c6c574df 100644
> > --- a/tools/xenstore/xenstored_domain.c
> > +++ b/tools/xenstore/xenstored_domain.c
> > @@ -918,8 +918,8 @@ void wrl_apply_debit_actual(struct domain *domain)
> > {
> > struct wrl_timestampt now;
> >
> > - if (!domain)
> > - /* sockets escape the write rate limit */
> > + if (!domain || !domid_is_unprivileged(domain->domid))
> > + /* sockets and dom0 escape the write rate limit */
Actually I think changing dom0 to "privileged domain" makes more sense
here because you're allowed to specify a non-0 domain ID as privileged
domid.
If you agree I can fix it while committing.
Wei.
> > return;
> >
> > wrl_gettime_now(&now);
> > --
> > 2.16.4
> >
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
On 31.01.20 15:58, Wei Liu wrote:
> On Fri, Jan 31, 2020 at 02:55:44PM +0000, Wei Liu wrote:
>> On Fri, Jan 31, 2020 at 03:25:57PM +0100, Juergen Gross wrote:
>>> Xenstore write limiting should not be applied to dom0. Unfortunately
>>> write limiting is disabled only for connections via sockets. When
>>> running in a stubdom Xenstore will apply write limiting to dom0, too.
>>> Change that by testing for the domain to be privileged as well.
>>>
>>> Signed-off-by: Juergen Gross <jgross@suse.com>
>>
>> Acked-by: Wei Liu <wl@xen.org>
>>
>>> ---
>>> tools/xenstore/xenstored_domain.c | 4 ++--
>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c
>>> index 1a83097952..c7c6c574df 100644
>>> --- a/tools/xenstore/xenstored_domain.c
>>> +++ b/tools/xenstore/xenstored_domain.c
>>> @@ -918,8 +918,8 @@ void wrl_apply_debit_actual(struct domain *domain)
>>> {
>>> struct wrl_timestampt now;
>>>
>>> - if (!domain)
>>> - /* sockets escape the write rate limit */
>>> + if (!domain || !domid_is_unprivileged(domain->domid))
>>> + /* sockets and dom0 escape the write rate limit */
>
> Actually I think changing dom0 to "privileged domain" makes more sense
> here because you're allowed to specify a non-0 domain ID as privileged
> domid.
>
> If you agree I can fix it while committing.
Yes, sure.
Juergen
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
© 2016 - 2024 Red Hat, Inc.