From nobody Mon Feb 9 09:33:59 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1674208865; cv=none; d=zohomail.com; s=zohoarc; b=IjZzu03oi/EI5Xz5lckfVILM5+m2Dbe52p+ctCZNEJHM5PGsWvln9XJqEBneNrO1UZvIo5gL9zIYR04f2o/MGkVW6ivi9Q1hqZXhQ2rA6fldCzdUgMumAWVW1eY4QlSbtCNdoLLrp1l320f0nL4XfQ+g2wPk8P3SwGHXuWowSHY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1674208865; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=oOWWalZWNgxUmz2EcuOumPLWbSmCnLaSwu6nlgaH5og=; b=JFfoSja+ixHamXfOUGNO+hgwq95jmhV3XfyuUOu+Sry46pKCa4t084d8Ktgaq3M+cWIFBui2m3EPj5or13618T+E4w7+w0mtMKWn9CZrCFt0Kad2e9cFHe6OnSJih/zV3K/2YVZFDOHQarH9b26A+XyaYZ4cnmR9Xp/Of0TlSSs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1674208865485486.5734101210801; Fri, 20 Jan 2023 02:01:05 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.481562.746547 (Exim 4.92) (envelope-from ) id 1pIoCR-0001by-OB; Fri, 20 Jan 2023 10:00:43 +0000 Received: by outflank-mailman (output) from mailman id 481562.746547; Fri, 20 Jan 2023 10:00:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pIoCR-0001bn-LQ; Fri, 20 Jan 2023 10:00:43 +0000 Received: by outflank-mailman (input) for mailman id 481562; Fri, 20 Jan 2023 10:00:42 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pIoCQ-0001b3-1y for xen-devel@lists.xenproject.org; Fri, 20 Jan 2023 10:00:42 +0000 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 4b46e61a-98a9-11ed-b8d1-410ff93cb8f0; Fri, 20 Jan 2023 11:00:40 +0100 (CET) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id B7B6B5F7E2; Fri, 20 Jan 2023 10:00:39 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 8CE7B1390C; Fri, 20 Jan 2023 10:00:39 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id eIQaIUdmymMBRQAAMHmgww (envelope-from ); Fri, 20 Jan 2023 10:00:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 4b46e61a-98a9-11ed-b8d1-410ff93cb8f0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1674208839; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oOWWalZWNgxUmz2EcuOumPLWbSmCnLaSwu6nlgaH5og=; b=PeYGAbCgwbKo9iCYeVsE3aXEFcjXCLgH2mXlxP4Wu4v/wKhw8CbqB5KduBbBRPdMLasqG3 YjERjITMTkbj1Y8T+8DNISFoPRrduV6NMLREK6QosEUlQFQeKln0jXuxSdV6BOLj3SYmtP 4ANE/DFwVz4RN9O0xMoHBlGvk9/zGYE= From: Juergen Gross To: xen-devel@lists.xenproject.org Cc: Juergen Gross , Wei Liu , Julien Grall , Anthony PERARD Subject: [PATCH v2 01/13] tools/xenstore: don't allow creating too many nodes in a transaction Date: Fri, 20 Jan 2023 11:00:16 +0100 Message-Id: <20230120100028.11142-2-jgross@suse.com> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20230120100028.11142-1-jgross@suse.com> References: <20230120100028.11142-1-jgross@suse.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1674208867592100005 Content-Type: text/plain; charset="utf-8" The accounting for the number of nodes of a domain in an active transaction is not working correctly, as it allows to create arbitrary number of nodes. The transaction will finally fail due to exceeding the number of nodes quota, but before closing the transaction an unprivileged guest could cause Xenstore to use a lot of memory. Signed-off-by: Juergen Gross Acked-by: Julien Grall --- tools/xenstore/xenstored_domain.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_d= omain.c index 9ef41ede03..7eb9cd077b 100644 --- a/tools/xenstore/xenstored_domain.c +++ b/tools/xenstore/xenstored_domain.c @@ -1116,9 +1116,8 @@ int domain_nbentry_fix(unsigned int domid, int num, b= ool update) =20 int domain_nbentry(struct connection *conn) { - return (domain_is_unprivileged(conn)) - ? conn->domain->nbentry - : 0; + return domain_is_unprivileged(conn) + ? domain_nbentry_add(conn, conn->id, 0, true) : 0; } =20 static bool domain_chk_quota(struct domain *domain, int mem) --=20 2.35.3