linux/drivers/xen/xenbus
SeongJae Park 9996bd4947 xenbus/xenbus_backend: Disallow pending watch messages
'xenbus_backend' watches 'state' of devices, which is writable by
guests.  Hence, if guests intensively updates it, dom0 will have lots of
pending events that exhausting memory of dom0.  In other words, guests
can trigger dom0 memory pressure.  This is known as XSA-349.  However,
the watch callback of it, 'frontend_changed()', reads only 'state', so
doesn't need to have the pending events.

To avoid the problem, this commit disallows pending watch messages for
'xenbus_backend' using the 'will_handle()' watch callback.

This is part of XSA-349

Cc: stable@vger.kernel.org
Signed-off-by: SeongJae Park <sjpark@amazon.de>
Reported-by: Michael Kurth <mku@amazon.de>
Reported-by: Pawel Wieczorkiewicz <wipawel@amazon.de>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
2020-12-14 10:08:40 +01:00
..
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xenbus.h xen/xenbus/xen_bus_type: Support will_handle watch callback 2020-12-14 10:05:47 +01:00
xenbus_client.c xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() 2020-12-14 10:04:18 +01:00
xenbus_comms.c xenbus: req->err should be updated before req->state 2020-03-05 09:42:01 -06:00
xenbus_dev_backend.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xenbus_dev_frontend.c xen/xenbus: fix self-deadlock after killing user process 2019-10-02 16:40:11 -04:00
xenbus_probe.c xen/xenbus/xen_bus_type: Support will_handle watch callback 2020-12-14 10:05:47 +01:00
xenbus_probe_backend.c xenbus/xenbus_backend: Disallow pending watch messages 2020-12-14 10:08:40 +01:00
xenbus_probe_frontend.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
xenbus_xs.c xen/xenbus: Count pending messages for each watch 2020-12-14 10:07:13 +01:00