[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.13] tools/xenstore: add memory accounting for watches

To: xen-changelog@xxxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Wed, 02 Nov 2022 06:46:24 +0000
Delivery-date: Wed, 02 Nov 2022 06:46:25 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xenproject.org>

commit c17d49134aef23c8d017a64e5e36c626779bf863
Author:     Juergen Gross <jgross@xxxxxxxx>
AuthorDate: Tue Sep 13 07:35:10 2022 +0200
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Tue Nov 1 15:25:15 2022 +0000

    tools/xenstore: add memory accounting for watches
    
    Add the memory accounting for registered watches.
    
    When a socket connection is destroyed, the associated watches are
    removed, too. In order to keep memory accounting correct the watches
    must be removed explicitly via a call of conn_delete_all_watches() from
    destroy_conn().
    
    This is part of XSA-326 / CVE-2022-42315.
    
    Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
    Reviewed-by: Julien Grall <jgrall@xxxxxxxxxx>
    (cherry picked from commit 7f9978a2cc37aaffab2fb09593bc598c0712a69b)
---
 tools/xenstore/xenstored_core.c  | 1 +
 tools/xenstore/xenstored_watch.c | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
index 4f29439ad8..eca04e734a 100644
--- a/tools/xenstore/xenstored_core.c
+++ b/tools/xenstore/xenstored_core.c
@@ -404,6 +404,7 @@ static int destroy_conn(void *_conn)
        }
 
        conn_free_buffered_data(conn);
+       conn_delete_all_watches(conn);
        list_for_each_entry(req, &conn->ref_list, list)
                req->on_ref_list = false;
 
diff --git a/tools/xenstore/xenstored_watch.c b/tools/xenstore/xenstored_watch.c
index c50c0575f0..7118c30e8c 100644
--- a/tools/xenstore/xenstored_watch.c
+++ b/tools/xenstore/xenstored_watch.c
@@ -224,7 +224,8 @@ int do_watch(struct connection *conn, struct buffered_data 
*in)
                return ENOMEM;
        watch->node = talloc_strdup(watch, vec[0]);
        watch->token = talloc_strdup(watch, vec[1]);
-       if (!watch->node || !watch->token) {
+       if (!watch->node || !watch->token ||
+           domain_memory_add_chk(conn->id, strlen(vec[0]) + strlen(vec[1]))) {
                talloc_free(watch);
                return ENOMEM;
        }
@@ -265,6 +266,8 @@ int do_unwatch(struct connection *conn, struct 
buffered_data *in)
        list_for_each_entry(watch, &conn->watches, list) {
                if (streq(watch->node, node) && streq(watch->token, vec[1])) {
                        list_del(&watch->list);
+                       domain_memory_add_nochk(conn->id, -strlen(watch->node) -
+                                                         strlen(watch->token));
                        talloc_free(watch);
                        domain_watch_dec(conn);
                        send_ack(conn, XS_UNWATCH);
@@ -280,6 +283,8 @@ void conn_delete_all_watches(struct connection *conn)
 
        while ((watch = list_top(&conn->watches, struct watch, list))) {
                list_del(&watch->list);
+               domain_memory_add_nochk(conn->id, -strlen(watch->node) -
+                                                 strlen(watch->token));
                talloc_free(watch);
                domain_watch_dec(conn);
        }
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.13

Prev by Date: [xen stable-4.13] tools/xenstore: add memory accounting for responses
Next by Date: [xen stable-4.13] tools/xenstore: add memory accounting for nodes
Previous by thread: [xen stable-4.13] tools/xenstore: add memory accounting for responses
Next by thread: [xen stable-4.13] tools/xenstore: add memory accounting for nodes
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.