Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp9169009pxu; Mon, 28 Dec 2020 08:17:20 -0800 (PST) X-Google-Smtp-Source: ABdhPJw3Q/exsVMyU+CX7+hReWO1w7azvnQlBhC5ZDcTIALFf7a3XF93aycUh+NMhJCthDgxhEPX X-Received: by 2002:a17:906:f894:: with SMTP id lg20mr41863859ejb.348.1609172240190; Mon, 28 Dec 2020 08:17:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609172240; cv=none; d=google.com; s=arc-20160816; b=wRZhrpV69JhpPFvEmQVe6MeESBgEXr00wGsm//2v8gwXVRjwZaOJJ7rb+PYE+YVG4F zTJ1K4gbcGTIXmtlsXjdkUfrKn9S4ntWRhjxBH8XgdEX6fazEqF3eObL4OY+oLX+bK9G /mHwule3m/FCxp5EqrsvQWhBFasvsBxWMHtVCsHw4sq9pIztfeJx5TaVSIYVVPLQUMJM OuIgUSs/7qMxOlTIdEkTBTFqiAxoKaKWFexW8T/3tvRWOfSflaEVaLYgmBe6vyqgD8Iw AirAGJXjC+sZa00euBg9qxSpyADBpS6+rMZJaZJVGuSwXrzVtXr7Qzy84Zg0LVWINtRR cqmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=5iYUy8oWBWSn5bnLs4yWbnUYEHpXcOZGLKcGJcRkxbg=; b=Rn06aoAGB6cV+hW9jlplihr/0fC49bUmz7ukGxFMIfy5yKr9RmehBh6PX2A54Jgm5x h5ZB+3LNCrdf7CQxk7MZMXz6O6yhqw4ONkWErVFr+120PfWMPHz0CcEGS1b6N4QvdlfS hkg3s42Kb9ElcvwMdgYXsb/hSrAZeoyf/aohJr0E+s/GR2EGfL1kav1L+xxis9KfUIGU 2aRZDOYr6/RVc1vjYMHoNIL+6qjyRTP/VxS62xM8B6xK3Yd3u6inCpoiQ2KiZyV1cuCm oIQP5tgKbVPqVTekMw8TsT+bY9dF6CQ3QdsZw/V28xH01bzaV7MtmZklaZGr2pls3e0N rVag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=DAA9kyO5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ca10si19496837edb.435.2020.12.28.08.16.56; Mon, 28 Dec 2020 08:17:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=DAA9kyO5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2633061AbgL1QOQ (ORCPT + 99 others); Mon, 28 Dec 2020 11:14:16 -0500 Received: from mail.kernel.org ([198.145.29.99]:47572 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732996AbgL1NTQ (ORCPT ); Mon, 28 Dec 2020 08:19:16 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 760D8208D5; Mon, 28 Dec 2020 13:19:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1609161541; bh=+pSnwWsCMByYdsFsfpHiPyCaC6g7YzUC9AlAXhW96sA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DAA9kyO5XZ30sWVgl3pQjjSXCRmJDtEtFLmJVo+muO0ekHhh10i4pa6Kp/PivxpUA qYIpx8+8cvPBGdwxswRH8+OHTS9yfJLZ/3zHCUtqRQbWXVUTL0pjl9q+ugqx7UDK7W 5+ijhecpgIZmapBjjTcmI1xA+ywxT5Gfokn28l3s= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, SeongJae Park , Michael Kurth , Pawel Wieczorkiewicz , Juergen Gross Subject: [PATCH 4.14 240/242] xenbus/xenbus_backend: Disallow pending watch messages Date: Mon, 28 Dec 2020 13:50:45 +0100 Message-Id: <20201228124916.501288077@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201228124904.654293249@linuxfoundation.org> References: <20201228124904.654293249@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: SeongJae Park commit 9996bd494794a2fe393e97e7a982388c6249aa76 upstream. 'xenbus_backend' watches 'state' of devices, which is writable by guests. Hence, if guests intensively updates it, dom0 will have lots of pending events that exhausting memory of dom0. In other words, guests can trigger dom0 memory pressure. This is known as XSA-349. However, the watch callback of it, 'frontend_changed()', reads only 'state', so doesn't need to have the pending events. To avoid the problem, this commit disallows pending watch messages for 'xenbus_backend' using the 'will_handle()' watch callback. This is part of XSA-349 Cc: stable@vger.kernel.org Signed-off-by: SeongJae Park Reported-by: Michael Kurth Reported-by: Pawel Wieczorkiewicz Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross Signed-off-by: Greg Kroah-Hartman --- drivers/xen/xenbus/xenbus_probe_backend.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/drivers/xen/xenbus/xenbus_probe_backend.c +++ b/drivers/xen/xenbus/xenbus_probe_backend.c @@ -180,6 +180,12 @@ static int xenbus_probe_backend(struct x return err; } +static bool frontend_will_handle(struct xenbus_watch *watch, + const char *path, const char *token) +{ + return watch->nr_pending == 0; +} + static void frontend_changed(struct xenbus_watch *watch, const char *path, const char *token) { @@ -191,6 +197,7 @@ static struct xen_bus_type xenbus_backen .levels = 3, /* backend/type// */ .get_bus_id = backend_bus_id, .probe = xenbus_probe_backend, + .otherend_will_handle = frontend_will_handle, .otherend_changed = frontend_changed, .bus = { .name = "xen-backend",