From nobody Mon Feb  9 19:07:01 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=quarantine dis=none)  header.from=suse.com
ARC-Seal: i=1; a=rsa-sha256; t=1674035747; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Hm632jtaRbr8Y71PQASGgNSm44TdRThza/j6rt17XpirUX1p5U9YZUsnK0lHRwxWsem0tkrtCYSXKyphvUbQ1dS8wHwlFsMnVYtzO4QXMSzokZHysBaLFH8ihYpuIEbM+dKWqcqKCMS5Ee6xemxW8p9ZZoDRvYy2HyyLC+dfQOU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1674035747;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=oOWWalZWNgxUmz2EcuOumPLWbSmCnLaSwu6nlgaH5og=;
	b=RX6z6LXpQtBCbwxJvTNs7DnA+Y+Hrhy8Wyl+anguNXZMF7zSOcv5OfDE66ZqtkpNPftkrQ8jqNaU2+R5JNSSyLBehGgLNXTvG8tf5YFsZd2o8uXtk7Oc4HMnJv1mhCC9YvQWEb1PwOR2D5Eiaviq5SayAGAdYqoYjhbkhdbytAA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<jgross@suse.com> (p=quarantine dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1674035747361883.9774908328337;
 Wed, 18 Jan 2023 01:55:47 -0800 (PST)
Received: from list by lists.xenproject.org with
 outflank-mailman.480362.744741 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1pI5A3-0006Py-D3; Wed, 18 Jan 2023 09:55:15 +0000
Received: by outflank-mailman (output) from mailman id 480362.744741;
 Wed, 18 Jan 2023 09:55:15 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1pI5A3-0006Oz-5r; Wed, 18 Jan 2023 09:55:15 +0000
Received: by outflank-mailman (input) for mailman id 480362;
 Wed, 18 Jan 2023 09:55:13 +0000
Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254]
 helo=se1-gles-sth1.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.92)
 (envelope-from <SRS0=Ov7m=5P=suse.com=jgross@srs-se1.protection.inumbo.net>)
 id 1pI56p-0001v4-L2
 for xen-devel@lists.xenproject.org; Wed, 18 Jan 2023 09:51:55 +0000
Received: from smtp-out1.suse.de (smtp-out1.suse.de [2001:67c:2178:6::1c])
 by se1-gles-sth1.inumbo.com (Halon) with ESMTPS
 id bd8568b3-9715-11ed-91b6-6bf2151ebd3b;
 Wed, 18 Jan 2023 10:51:54 +0100 (CET)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de
 [192.168.254.74])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
 (No client certificate requested)
 by smtp-out1.suse.de (Postfix) with ESMTPS id B727B3EAA9;
 Wed, 18 Jan 2023 09:51:54 +0000 (UTC)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de
 [192.168.254.74])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
 (No client certificate requested)
 by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 8A7C7139D2;
 Wed, 18 Jan 2023 09:51:54 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
 by imap2.suse-dmz.suse.de with ESMTPSA id BY56IDrBx2MZRAAAMHmgww
 (envelope-from <jgross@suse.com>); Wed, 18 Jan 2023 09:51:54 +0000
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: bd8568b3-9715-11ed-91b6-6bf2151ebd3b
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
	t=1674035514;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=oOWWalZWNgxUmz2EcuOumPLWbSmCnLaSwu6nlgaH5og=;
	b=MnBYQ9rCSeBrpPsHd0awpeK2iE9dO+VVk+UHKc1jbPAbC/tVx88sj6j55NHfvUJA3ae+GF
	3ONWFIJKVj2I9Hl23kCiQCkPfOnYzIOGNiNmXz5stRxUCLr641M+DfciV4Zyhi0WF7/ocZ
	f7DbrcOyCyM5IGAhEBHGjVLB/7QiHfE=
From: Juergen Gross <jgross@suse.com>
To: xen-devel@lists.xenproject.org
Cc: Juergen Gross <jgross@suse.com>,
	Wei Liu <wl@xen.org>,
	Julien Grall <julien@xen.org>,
	Anthony PERARD <anthony.perard@citrix.com>
Subject: [PATCH v4 17/17] tools/xenstore: don't allow creating too many nodes
 in a transaction
Date: Wed, 18 Jan 2023 10:50:16 +0100
Message-Id: <20230118095016.13091-18-jgross@suse.com>
X-Mailer: git-send-email 2.35.3
In-Reply-To: <20230118095016.13091-1-jgross@suse.com>
References: <20230118095016.13091-1-jgross@suse.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @suse.com)
X-ZM-MESSAGEID: 1674035749104100013
Content-Type: text/plain; charset="utf-8"

The accounting for the number of nodes of a domain in an active
transaction is not working correctly, as it allows to create arbitrary
number of nodes. The transaction will finally fail due to exceeding
the number of nodes quota, but before closing the transaction an
unprivileged guest could cause Xenstore to use a lot of memory.

Signed-off-by: Juergen Gross <jgross@suse.com>
---
 tools/xenstore/xenstored_domain.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_d=
omain.c
index 9ef41ede03..7eb9cd077b 100644
--- a/tools/xenstore/xenstored_domain.c
+++ b/tools/xenstore/xenstored_domain.c
@@ -1116,9 +1116,8 @@ int domain_nbentry_fix(unsigned int domid, int num, b=
ool update)
=20
 int domain_nbentry(struct connection *conn)
 {
-	return (domain_is_unprivileged(conn))
-		? conn->domain->nbentry
-		: 0;
+	return domain_is_unprivileged(conn)
+	       ? domain_nbentry_add(conn, conn->id, 0, true) : 0;
 }
=20
 static bool domain_chk_quota(struct domain *domain, int mem)
--=20
2.35.3