Xenstore write limiting should not be applied to dom0. Unfortunately
write limiting is disabled only for connections via sockets. When
running in a stubdom Xenstore will apply write limiting to dom0, too.
Change that by testing for the domain to be privileged as well.
Signed-off-by: Juergen Gross <jgross@suse.com>
---
tools/xenstore/xenstored_domain.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c
index 1a83097952..c7c6c574df 100644
--- a/tools/xenstore/xenstored_domain.c
+++ b/tools/xenstore/xenstored_domain.c
@@ -918,8 +918,8 @@ void wrl_apply_debit_actual(struct domain *domain)
{
struct wrl_timestampt now;
- if (!domain)
- /* sockets escape the write rate limit */
+ if (!domain || !domid_is_unprivileged(domain->domid))
+ /* sockets and dom0 escape the write rate limit */
return;
wrl_gettime_now(&now);
--
2.16.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
On Fri, Jan 31, 2020 at 03:25:57PM +0100, Juergen Gross wrote: > Xenstore write limiting should not be applied to dom0. Unfortunately > write limiting is disabled only for connections via sockets. When > running in a stubdom Xenstore will apply write limiting to dom0, too. > Change that by testing for the domain to be privileged as well. > > Signed-off-by: Juergen Gross <jgross@suse.com> Acked-by: Wei Liu <wl@xen.org> > --- > tools/xenstore/xenstored_domain.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c > index 1a83097952..c7c6c574df 100644 > --- a/tools/xenstore/xenstored_domain.c > +++ b/tools/xenstore/xenstored_domain.c > @@ -918,8 +918,8 @@ void wrl_apply_debit_actual(struct domain *domain) > { > struct wrl_timestampt now; > > - if (!domain) > - /* sockets escape the write rate limit */ > + if (!domain || !domid_is_unprivileged(domain->domid)) > + /* sockets and dom0 escape the write rate limit */ > return; > > wrl_gettime_now(&now); > -- > 2.16.4 > _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
On Fri, Jan 31, 2020 at 02:55:44PM +0000, Wei Liu wrote: > On Fri, Jan 31, 2020 at 03:25:57PM +0100, Juergen Gross wrote: > > Xenstore write limiting should not be applied to dom0. Unfortunately > > write limiting is disabled only for connections via sockets. When > > running in a stubdom Xenstore will apply write limiting to dom0, too. > > Change that by testing for the domain to be privileged as well. > > > > Signed-off-by: Juergen Gross <jgross@suse.com> > > Acked-by: Wei Liu <wl@xen.org> > > > --- > > tools/xenstore/xenstored_domain.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c > > index 1a83097952..c7c6c574df 100644 > > --- a/tools/xenstore/xenstored_domain.c > > +++ b/tools/xenstore/xenstored_domain.c > > @@ -918,8 +918,8 @@ void wrl_apply_debit_actual(struct domain *domain) > > { > > struct wrl_timestampt now; > > > > - if (!domain) > > - /* sockets escape the write rate limit */ > > + if (!domain || !domid_is_unprivileged(domain->domid)) > > + /* sockets and dom0 escape the write rate limit */ Actually I think changing dom0 to "privileged domain" makes more sense here because you're allowed to specify a non-0 domain ID as privileged domid. If you agree I can fix it while committing. Wei. > > return; > > > > wrl_gettime_now(&now); > > -- > > 2.16.4 > > _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
On 31.01.20 15:58, Wei Liu wrote: > On Fri, Jan 31, 2020 at 02:55:44PM +0000, Wei Liu wrote: >> On Fri, Jan 31, 2020 at 03:25:57PM +0100, Juergen Gross wrote: >>> Xenstore write limiting should not be applied to dom0. Unfortunately >>> write limiting is disabled only for connections via sockets. When >>> running in a stubdom Xenstore will apply write limiting to dom0, too. >>> Change that by testing for the domain to be privileged as well. >>> >>> Signed-off-by: Juergen Gross <jgross@suse.com> >> >> Acked-by: Wei Liu <wl@xen.org> >> >>> --- >>> tools/xenstore/xenstored_domain.c | 4 ++-- >>> 1 file changed, 2 insertions(+), 2 deletions(-) >>> >>> diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c >>> index 1a83097952..c7c6c574df 100644 >>> --- a/tools/xenstore/xenstored_domain.c >>> +++ b/tools/xenstore/xenstored_domain.c >>> @@ -918,8 +918,8 @@ void wrl_apply_debit_actual(struct domain *domain) >>> { >>> struct wrl_timestampt now; >>> >>> - if (!domain) >>> - /* sockets escape the write rate limit */ >>> + if (!domain || !domid_is_unprivileged(domain->domid)) >>> + /* sockets and dom0 escape the write rate limit */ > > Actually I think changing dom0 to "privileged domain" makes more sense > here because you're allowed to specify a non-0 domain ID as privileged > domid. > > If you agree I can fix it while committing. Yes, sure. Juergen _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
© 2016 - 2024 Red Hat, Inc.