Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1355309pxu;
        Thu, 17 Dec 2020 08:08:21 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxZgZu7VUh2LIWF46g/xNI04GtR/BFoGFukkWutABeanY/XMbiRsTB0hLQNL0p1TR/2KPjF
X-Received: by 2002:a17:906:350b:: with SMTP id r11mr37270839eja.143.1608221300917;
        Thu, 17 Dec 2020 08:08:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1608221300; cv=none;
        d=google.com; s=arc-20160816;
        b=otSsio/HitREheQSKWZjUH2h+WYhjSiIso3N+meKohCcq17vUgRLFjGRyP2RuFa4fd
         02Z1/qe4XT3Z9XJ+eNkloqytLGz83MceFDtsfI7diyri6TKLGhQl4Etrmjq8YILkRQDJ
         HbbNbpHbYD+P5fpL6/focUnAjqfyz05hKWITHMxRkcpXaz0aU2GEo8oGgvEofzK3AwhM
         ix+/Vi3u5DIiBXWTkG9vIj4u/nxFpYnvhHZ0vIPqBVUmTnfMxRGvPtnLF0w4NLAoxkO5
         7G3kQZEOUbTpMsvgp/TkpannvpcpeWaeQGYfKP602YgTZdHfhku4ZKmnQIlDgF46EdxO
         xLhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=rDSWw9DpTymjT0DU6I+lktIy3laoqLV0oAeVdRm7WEc=;
        b=FQz2HMpdaBpIXpi+zxEQrnyjSDOtuMubf1sUNZ1AeETCwJmzEq80qpHQJNF1zZcEaU
         RsHuOe3SvtkOpUvvgikoiuU5YGORGRtTr4nj9Hx7HP3VfCozIeP8Byt5MaYgsJw4bnrV
         YHup1nGdShoIhbfvmSo3svt/fhGWh6ts8lzNhyZXXIEmYShclhzxgLxiLjhvxOca4UII
         o/YYZLN6CbLX2OenFCFFEdKGR2DYFp9QlvKXUFcZ5WdStsg22+JcNmEwt1uoSQOB0nWg
         JxaF/oIiPIfOyOPc0PnsUwbCqpnxcLPwZL4r4BJ9iJ+fI7E6IBgLmADCRyoT+dDp9SFm
         FZ9Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=iLyee2Fr;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id a18si2831868ejb.180.2020.12.17.08.07.57;
        Thu, 17 Dec 2020 08:08:20 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=iLyee2Fr;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729990AbgLQQF5 (ORCPT <rfc822;luzhigang001@gmail.com>
        + 99 others); Thu, 17 Dec 2020 11:05:57 -0500
Received: from smtp-fw-6001.amazon.com ([52.95.48.154]:3877 "EHLO
        smtp-fw-6001.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1729967AbgLQQFz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 17 Dec 2020 11:05:55 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
  d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209;
  t=1608221156; x=1639757156;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version;
  bh=rDSWw9DpTymjT0DU6I+lktIy3laoqLV0oAeVdRm7WEc=;
  b=iLyee2Fr9JVk3Pc5Vpbl7oHEGXq+5xcrS4LLDnGB7+zoeBl5+ftUWNGP
   GoMiVCuA1Oe8ljkYUFJ4tdaaHK3nRzQ26M2MKXf19QZUvE6Sb6QZ38kdN
   0FJCcOsPWjcLxDga1Iy/ImKS4geO7emcr8sT2xrjV5ncIUHLSUJR687ge
   s=;
X-IronPort-AV: E=Sophos;i="5.78,428,1599523200"; 
   d="scan'208";a="73353501"
Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO email-inbound-relay-2a-6e2fc477.us-west-2.amazon.com) ([10.43.8.2])
  by smtp-border-fw-out-6001.iad6.amazon.com with ESMTP; 17 Dec 2020 16:05:28 +0000
Received: from EX13D31EUA004.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan2.pdx.amazon.com [10.236.137.194])
        by email-inbound-relay-2a-6e2fc477.us-west-2.amazon.com (Postfix) with ESMTPS id AC9C4A06A8;
        Thu, 17 Dec 2020 16:05:25 +0000 (UTC)
Received: from u3f2cd687b01c55.ant.amazon.com (10.43.161.68) by
 EX13D31EUA004.ant.amazon.com (10.43.165.161) with Microsoft SMTP Server (TLS)
 id 15.0.1497.2; Thu, 17 Dec 2020 16:05:20 +0000
From:   SeongJae Park <sjpark@amazon.com>
To:     <stable@vger.kernel.org>
CC:     SeongJae Park <sjpark@amazon.de>, <doebel@amazon.de>,
        <aams@amazon.de>, <mku@amazon.de>, <jgross@suse.com>,
        <julien@xen.org>, <wipawel@amazon.de>,
        <linux-kernel@vger.kernel.org>
Subject: [PATCH v3 5/5] xenbus/xenbus_backend: Disallow pending watch messages
Date:   Thu, 17 Dec 2020 17:05:03 +0100
Message-ID: <20201217160503.26563-1-sjpark@amazon.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20201217160402.26303-1-sjpark@amazon.com>
References: <20201217160402.26303-1-sjpark@amazon.com>
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [10.43.161.68]
X-ClientProxiedBy: EX13D23UWC002.ant.amazon.com (10.43.162.22) To
 EX13D31EUA004.ant.amazon.com (10.43.165.161)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: SeongJae Park <sjpark@amazon.de>

'xenbus_backend' watches 'state' of devices, which is writable by
guests.  Hence, if guests intensively updates it, dom0 will have lots of
pending events that exhausting memory of dom0.  In other words, guests
can trigger dom0 memory pressure.  This is known as XSA-349.  However,
the watch callback of it, 'frontend_changed()', reads only 'state', so
doesn't need to have the pending events.

To avoid the problem, this commit disallows pending watch messages for
'xenbus_backend' using the 'will_handle()' watch callback.

This is part of XSA-349

This is upstream commit 9996bd494794a2fe393e97e7a982388c6249aa76

Cc: stable@vger.kernel.org
Signed-off-by: SeongJae Park <sjpark@amazon.de>
Reported-by: Michael Kurth <mku@amazon.de>
Reported-by: Pawel Wieczorkiewicz <wipawel@amazon.de>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
---
 drivers/xen/xenbus/xenbus_probe_backend.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/xen/xenbus/xenbus_probe_backend.c b/drivers/xen/xenbus/xenbus_probe_backend.c
index 04f7f85a5edf..597c0b038454 100644
--- a/drivers/xen/xenbus/xenbus_probe_backend.c
+++ b/drivers/xen/xenbus/xenbus_probe_backend.c
@@ -181,6 +181,12 @@ static int xenbus_probe_backend(struct xen_bus_type *bus, const char *type,
 	return err;
 }
 
+static bool frontend_will_handle(struct xenbus_watch *watch,
+				 const char **vec, unsigned int len)
+{
+	return watch->nr_pending == 0;
+}
+
 static void frontend_changed(struct xenbus_watch *watch,
 			    const char **vec, unsigned int len)
 {
@@ -192,6 +198,7 @@ static struct xen_bus_type xenbus_backend = {
 	.levels = 3,		/* backend/type/<frontend>/<id> */
 	.get_bus_id = backend_bus_id,
 	.probe = xenbus_probe_backend,
+	.otherend_will_handle = frontend_will_handle,
 	.otherend_changed = frontend_changed,
 	.bus = {
 		.name		= "xen-backend",
-- 
2.17.1