[PATCH v3 5/5] xenbus/xenbus_backend: Disallow pending watch messages

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: SeongJae Park <sjpark@amazon.com>
To: <stable@vger.kernel.org>
Cc: SeongJae Park <sjpark@amazon.de>, <doebel@amazon.de>,
	<aams@amazon.de>, <mku@amazon.de>, <jgross@suse.com>,
	<julien@xen.org>, <wipawel@amazon.de>,
	<linux-kernel@vger.kernel.org>
Subject: [PATCH v3 5/5] xenbus/xenbus_backend: Disallow pending watch messages
Date: Thu, 17 Dec 2020 17:05:03 +0100	[thread overview]
Message-ID: <20201217160503.26563-1-sjpark@amazon.com> (raw)
In-Reply-To: <20201217160402.26303-1-sjpark@amazon.com>

From: SeongJae Park <sjpark@amazon.de>

'xenbus_backend' watches 'state' of devices, which is writable by
guests.  Hence, if guests intensively updates it, dom0 will have lots of
pending events that exhausting memory of dom0.  In other words, guests
can trigger dom0 memory pressure.  This is known as XSA-349.  However,
the watch callback of it, 'frontend_changed()', reads only 'state', so
doesn't need to have the pending events.

To avoid the problem, this commit disallows pending watch messages for
'xenbus_backend' using the 'will_handle()' watch callback.

This is part of XSA-349

This is upstream commit 9996bd494794a2fe393e97e7a982388c6249aa76

Cc: stable@vger.kernel.org
Signed-off-by: SeongJae Park <sjpark@amazon.de>
Reported-by: Michael Kurth <mku@amazon.de>
Reported-by: Pawel Wieczorkiewicz <wipawel@amazon.de>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
---
 drivers/xen/xenbus/xenbus_probe_backend.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/xen/xenbus/xenbus_probe_backend.c b/drivers/xen/xenbus/xenbus_probe_backend.c
index 04f7f85a5edf..597c0b038454 100644
--- a/drivers/xen/xenbus/xenbus_probe_backend.c
+++ b/drivers/xen/xenbus/xenbus_probe_backend.c
@@ -181,6 +181,12 @@ static int xenbus_probe_backend(struct xen_bus_type *bus, const char *type,
 	return err;
 }
 
+static bool frontend_will_handle(struct xenbus_watch *watch,
+				 const char **vec, unsigned int len)
+{
+	return watch->nr_pending == 0;
+}
+
 static void frontend_changed(struct xenbus_watch *watch,
 			    const char **vec, unsigned int len)
 {
@@ -192,6 +198,7 @@ static struct xen_bus_type xenbus_backend = {
 	.levels = 3,		/* backend/type/<frontend>/<id> */
 	.get_bus_id = backend_bus_id,
 	.probe = xenbus_probe_backend,
+	.otherend_will_handle = frontend_will_handle,
 	.otherend_changed = frontend_changed,
 	.bus = {
 		.name		= "xen-backend",
-- 
2.17.1

next prev parent reply	other threads:[~2020-12-17 16:06 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-17 16:03 [PATCH v3 0/5] Backport of patch series for stable 4.4 branch SeongJae Park
2020-12-17 16:03 ` [PATCH v3 1/5] xen/xenbus: Allow watches discard events before queueing SeongJae Park
2020-12-17 16:03 ` [PATCH v3 2/5] xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() SeongJae Park
2020-12-17 16:04 ` [PATCH v3 3/5] xen/xenbus/xen_bus_type: Support will_handle watch callback SeongJae Park
2020-12-17 16:04 ` [PATCH v3 4/5] xen/xenbus: Count pending messages for each watch SeongJae Park
2020-12-17 16:05 ` SeongJae Park [this message]
2020-12-28 11:29 ` [PATCH v3 0/5] Backport of patch series for stable 4.4 branch Greg KH
2021-01-05 10:37   ` SeongJae Park
2021-01-05 10:43     ` Greg KH
2021-01-05 10:51       ` SeongJae Park

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:04f7f85a5ed dfblob:597c0b03845 )
 OR (
bs:"[PATCH v3 5/5] xenbus/xenbus_backend: Disallow pending watch messages" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201217160503.26563-1-sjpark@amazon.com \
    --to=sjpark@amazon.com \
    --cc=aams@amazon.de \
    --cc=doebel@amazon.de \
    --cc=jgross@suse.com \
    --cc=julien@xen.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mku@amazon.de \
    --cc=sjpark@amazon.de \
    --cc=stable@vger.kernel.org \
    --cc=wipawel@amazon.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).