[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging-4.15] tools/xenstore: add memory accounting for watches
commit 9c2e71fe0611da9ed2ebbf2362a9bb05d42bf0c3 Author: Juergen Gross <jgross@xxxxxxxx> AuthorDate: Tue Sep 13 07:35:10 2022 +0200 Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CommitDate: Tue Nov 1 15:03:25 2022 +0000 tools/xenstore: add memory accounting for watches Add the memory accounting for registered watches. When a socket connection is destroyed, the associated watches are removed, too. In order to keep memory accounting correct the watches must be removed explicitly via a call of conn_delete_all_watches() from destroy_conn(). This is part of XSA-326 / CVE-2022-42315. Signed-off-by: Juergen Gross <jgross@xxxxxxxx> Reviewed-by: Julien Grall <jgrall@xxxxxxxxxx> (cherry picked from commit 7f9978a2cc37aaffab2fb09593bc598c0712a69b) --- tools/xenstore/xenstored_core.c | 1 + tools/xenstore/xenstored_watch.c | 13 ++++++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c index 2e02b577c9..b1a4575929 100644 --- a/tools/xenstore/xenstored_core.c +++ b/tools/xenstore/xenstored_core.c @@ -457,6 +457,7 @@ static int destroy_conn(void *_conn) } conn_free_buffered_data(conn); + conn_delete_all_watches(conn); list_for_each_entry(req, &conn->ref_list, list) req->on_ref_list = false; diff --git a/tools/xenstore/xenstored_watch.c b/tools/xenstore/xenstored_watch.c index 1d664e3d6b..0d5858df5b 100644 --- a/tools/xenstore/xenstored_watch.c +++ b/tools/xenstore/xenstored_watch.c @@ -211,7 +211,7 @@ static int check_watch_path(struct connection *conn, const void *ctx, } static struct watch *add_watch(struct connection *conn, char *path, char *token, - bool relative) + bool relative, bool no_quota_check) { struct watch *watch; @@ -222,6 +222,9 @@ static struct watch *add_watch(struct connection *conn, char *path, char *token, watch->token = talloc_strdup(watch, token); if (!watch->node || !watch->token) goto nomem; + if (domain_memory_add(conn->id, strlen(path) + strlen(token), + no_quota_check)) + goto nomem; if (relative) watch->relative_path = get_implicit_path(conn); @@ -265,7 +268,7 @@ int do_watch(struct connection *conn, struct buffered_data *in) if (domain_watch(conn) > quota_nb_watch_per_domain) return E2BIG; - watch = add_watch(conn, vec[0], vec[1], relative); + watch = add_watch(conn, vec[0], vec[1], relative, false); if (!watch) return errno; @@ -296,6 +299,8 @@ int do_unwatch(struct connection *conn, struct buffered_data *in) list_for_each_entry(watch, &conn->watches, list) { if (streq(watch->node, node) && streq(watch->token, vec[1])) { list_del(&watch->list); + domain_memory_add_nochk(conn->id, -strlen(watch->node) - + strlen(watch->token)); talloc_free(watch); domain_watch_dec(conn); send_ack(conn, XS_UNWATCH); @@ -311,6 +316,8 @@ void conn_delete_all_watches(struct connection *conn) while ((watch = list_top(&conn->watches, struct watch, list))) { list_del(&watch->list); + domain_memory_add_nochk(conn->id, -strlen(watch->node) - + strlen(watch->token)); talloc_free(watch); domain_watch_dec(conn); } @@ -373,7 +380,7 @@ void read_state_watch(const void *ctx, const void *state) if (!path) barf("allocation error for read watch"); - if (!add_watch(conn, path, token, relative)) + if (!add_watch(conn, path, token, relative, true)) barf("error adding watch"); } -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.15
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |