Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp9101940pxu; Mon, 28 Dec 2020 06:41:13 -0800 (PST) X-Google-Smtp-Source: ABdhPJyaq8lZcHvKvdKVuqQiR7nMWamn6498TxcRsdNFZWi3ItotPbU0LxILbsHE9YMLJ2K+QCTM X-Received: by 2002:a17:907:447d:: with SMTP id oo21mr42004835ejb.367.1609166472880; Mon, 28 Dec 2020 06:41:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609166472; cv=none; d=google.com; s=arc-20160816; b=hQ0dtB/cX+4bLp0OiiTfG+Slzdo031R2oyfJ7FyVQuw5MPsFW6a2tN7kiFHDIMRHMh M+NyAqfPZzY0oaW9GLdRPd22Nrw+iKTlqjfxzg2IFeUf0ONRUKEMgZVFFVkfLrUDKwGM M4Z2BhRl61e+3+ONheRIvOTi6Vu4N3ZMLPYqceR+sqoMw572uTTcSHVOcQsTlWYaDuZA 9YIC4pvckXCaDy5DDw30BQwA+NHRIkEzIZShWMRRmn+1wvgiiK2qhVqFadL6Vbk3DScZ 8g9lGLMg8fuQrFO1tWoAkve+Rd5BcdsaPkJMwqFpwP45vXK62aj6eqEJlS2rH23aRJcg ArtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=5iYUy8oWBWSn5bnLs4yWbnUYEHpXcOZGLKcGJcRkxbg=; b=rjaN2VngtkMEUb7NAzBeROFhHhnFt6a9TJw9/EyvH/4AtxfmK1urhnUqL5zU1P5dMX ZGrCMyIBQYH6cmmK4bnyQIjujPKkk/vJl22+mpanP7QhiTMENNDBDPYvGfvVMrcLQvBN gII+jIfdbtWxr1aFfqVdRfsYgRgJ6MjMJ5nG7UXIcMe3kQn98VJP0ZdRvr3296Wo2Kfe KRuQxbIY8bP70oPB1v+oHBwfUS4C0u5nbc/rhFirY0+anIf68OTB4B5xw14oHMi7x/Vz 9nqvD2RbbiORwaLB6ZHsDgIzkBu6dwbZHdh1hdXc2soOoaegA9O9RYf378RaUfHJC/gd aomQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=fHV2xsrM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c6si5500514ejb.666.2020.12.28.06.40.49; Mon, 28 Dec 2020 06:41:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=fHV2xsrM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392261AbgL1Ohd (ORCPT + 99 others); Mon, 28 Dec 2020 09:37:33 -0500 Received: from mail.kernel.org ([198.145.29.99]:40610 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2504743AbgL1Och (ORCPT ); Mon, 28 Dec 2020 09:32:37 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 3D15D20715; Mon, 28 Dec 2020 14:31:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1609165916; bh=+pSnwWsCMByYdsFsfpHiPyCaC6g7YzUC9AlAXhW96sA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fHV2xsrMZH7nfCOcUl7oP+lmJZqyDTicaW/OK1Ap9rpAJ+w6tT3vh3sHKjOUCH/0V dcFw05PYRTEh9Rs/w3yehiHijE+UDtAl93VJZRmwpo7p13C0C9v33lGkPZao2fCz5x CKJ0pxFVUQxtRSTXGGd2p9lU/C8MKwCfsiPvj29Q= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, SeongJae Park , Michael Kurth , Pawel Wieczorkiewicz , Juergen Gross Subject: [PATCH 5.10 700/717] xenbus/xenbus_backend: Disallow pending watch messages Date: Mon, 28 Dec 2020 13:51:38 +0100 Message-Id: <20201228125054.519478188@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201228125020.963311703@linuxfoundation.org> References: <20201228125020.963311703@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: SeongJae Park commit 9996bd494794a2fe393e97e7a982388c6249aa76 upstream. 'xenbus_backend' watches 'state' of devices, which is writable by guests. Hence, if guests intensively updates it, dom0 will have lots of pending events that exhausting memory of dom0. In other words, guests can trigger dom0 memory pressure. This is known as XSA-349. However, the watch callback of it, 'frontend_changed()', reads only 'state', so doesn't need to have the pending events. To avoid the problem, this commit disallows pending watch messages for 'xenbus_backend' using the 'will_handle()' watch callback. This is part of XSA-349 Cc: stable@vger.kernel.org Signed-off-by: SeongJae Park Reported-by: Michael Kurth Reported-by: Pawel Wieczorkiewicz Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross Signed-off-by: Greg Kroah-Hartman --- drivers/xen/xenbus/xenbus_probe_backend.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/drivers/xen/xenbus/xenbus_probe_backend.c +++ b/drivers/xen/xenbus/xenbus_probe_backend.c @@ -180,6 +180,12 @@ static int xenbus_probe_backend(struct x return err; } +static bool frontend_will_handle(struct xenbus_watch *watch, + const char *path, const char *token) +{ + return watch->nr_pending == 0; +} + static void frontend_changed(struct xenbus_watch *watch, const char *path, const char *token) { @@ -191,6 +197,7 @@ static struct xen_bus_type xenbus_backen .levels = 3, /* backend/type// */ .get_bus_id = backend_bus_id, .probe = xenbus_probe_backend, + .otherend_will_handle = frontend_will_handle, .otherend_changed = frontend_changed, .bus = { .name = "xen-backend",