[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.16] tools/ocaml/xenstored: Synchronise defaults with oxenstore.conf.in



commit b0e95b451225de4db99bbe0b8dc79fdf08873e9e
Author:     Edwin Török <edvin.torok@xxxxxxxxxx>
AuthorDate: Wed Oct 12 19:13:01 2022 +0100
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Tue Nov 1 14:07:24 2022 +0000

    tools/ocaml/xenstored: Synchronise defaults with oxenstore.conf.in
    
    We currently have 2 different set of defaults in upstream Xen git tree:
    * defined in the source code, only used if there is no config file
    * defined in the oxenstored.conf.in upstream Xen
    
    An oxenstored.conf file is not mandatory, and if missing, maxrequests in
    particular has an unsafe default.
    
    Resync the defaults from oxenstored.conf.in into the source code.
    
    This is part of XSA-326 / CVE-2022-42316.
    
    Signed-off-by: Edwin Török <edvin.torok@xxxxxxxxxx>
    Acked-by: Christian Lindig <christian.lindig@xxxxxxxxxx>
    (cherry picked from commit 84734955d4bf629ba459a74773afcde50a52236f)
---
 tools/ocaml/xenstored/define.ml | 6 +++---
 tools/ocaml/xenstored/quota.ml  | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/tools/ocaml/xenstored/define.ml b/tools/ocaml/xenstored/define.ml
index ebe18b8e31..6b06f80859 100644
--- a/tools/ocaml/xenstored/define.ml
+++ b/tools/ocaml/xenstored/define.ml
@@ -21,9 +21,9 @@ let xs_daemon_socket = Paths.xen_run_stored ^ "/socket"
 
 let default_config_dir = Paths.xen_config_dir
 
-let maxwatch = ref (50)
-let maxtransaction = ref (20)
-let maxrequests = ref (-1)   (* maximum requests per transaction *)
+let maxwatch = ref (100)
+let maxtransaction = ref (10)
+let maxrequests = ref (1024)   (* maximum requests per transaction *)
 
 let conflict_burst_limit = ref 5.0
 let conflict_max_history_seconds = ref 0.05
diff --git a/tools/ocaml/xenstored/quota.ml b/tools/ocaml/xenstored/quota.ml
index abcac91280..6e3d6401ae 100644
--- a/tools/ocaml/xenstored/quota.ml
+++ b/tools/ocaml/xenstored/quota.ml
@@ -20,8 +20,8 @@ exception Transaction_opened
 
 let warn fmt = Logging.warn "quota" fmt
 let activate = ref true
-let maxent = ref (10000)
-let maxsize = ref (4096)
+let maxent = ref (1000)
+let maxsize = ref (2048)
 
 type t = {
        maxent: int;               (* max entities per domU *)
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.16



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.