[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 04/10] tools/xenstored: Limit the number of requests a connection can delay


  • To: Julien Grall <julien@xxxxxxx>
  • From: Luca Fancellu <luca.fancellu@xxxxxxx>
  • Date: Mon, 21 Jun 2021 10:02:01 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7C18WQ4WmLiN6bjCWWNLNGvCw4AQ2jUQz27y43G7p7s=; b=ZY7d6YDD/sZLC3YIm/cx3EVh4Mw2C+6eb+Am7S+/QxViDWUiaNiYQMIWoOm1v3YVJVGosS72r3/e3Xk7Qzfliif9MYwZAqwMX84C6LX7ilXfO290XhwY1CH6z9ZqQ49WTP9idSJ201dTg5gnAY/ngUvESTyO4KrIl6Qu9YJl7W6IAY5i3wAKoWF3Bb8v5s/Uj7PcZuPjWIxLNeC1Fd9DLdMCmsgCikV8bo50jh+ituuxCjuBx7NwB0+w7BQe2HYFOiPJUa+0k489HLdpD9ve2xV1YrOj9W4HLgFG9DxZH8gs0WQmuS9v9z6ZsIN7aMo2LGEwEjeNe0KJ8kk2BPqnHw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=m72A5m7JfUUSWURMcq2lkUIs2hsDxmMfi7A5bSl2ZvPybOEGEpS7oEWtIWoWjICxKnzLXwMmf52dqLFwa4hdlCm+EujFhJY4XHV/l3vYvjaynCHwMTQ3EM0GpCVAgSOvtJ4LEJpLIsyx8bkC8UaqGaWKzcZXUxc7yd4LmMuUQ+nkb78ubA3pUDdVzyRj9Hq4HneQkv2Q7/Xrl7fiGYmSfpl1hTFoc/mSnb+3tzYMtiLd1v9NzHptjQ4P/i4CoLjXqhzJOvfuswyvp8EUhtyLuxbTtM7NDKkoYvqdes7g43Wt3DMGeQzwj7dKNuEOEI1djkF12aQPLgKBLmj/b0yoJw==
  • Authentication-results-original: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=arm.com;
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, raphning@xxxxxxxxxxxx, doebel@xxxxxxxxx, Julien Grall <jgrall@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>
  • Delivery-date: Mon, 21 Jun 2021 09:03:01 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=arm.com;


> On 16 Jun 2021, at 15:43, Julien Grall <julien@xxxxxxx> wrote:
> 
> From: Julien Grall <jgrall@xxxxxxxxxx>
> 
> Currently, only liveupdate request can be delayed. The request can only
> be performed by a privileged connection (e.g. dom0). So it is fine to
> have no limits.
> 
> In a follow-up patch we will want to delay request for unprivileged
> connection as well. So it is best to apply a limit.
> 
> For now and for simplicity, only a single request can be delayed
> for a given unprivileged connection.
> 
> Take the opportunity to tweak the prototype and provide a way to
> bypass the quota check. This would be useful when the function
> is called from the restore code.
> 
> Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx>

Reviewed-by: Luca Fancellu <luca.fancellu@xxxxxxx>

> ---
> tools/xenstore/xenstored_control.c |  2 +-
> tools/xenstore/xenstored_core.c    | 11 ++++++++++-
> tools/xenstore/xenstored_core.h    |  3 ++-
> 3 files changed, 13 insertions(+), 3 deletions(-)
> 
> diff --git a/tools/xenstore/xenstored_control.c 
> b/tools/xenstore/xenstored_control.c
> index 7acc2d134f9f..1c24d4869eab 100644
> --- a/tools/xenstore/xenstored_control.c
> +++ b/tools/xenstore/xenstored_control.c
> @@ -737,7 +737,7 @@ static const char *lu_start(const void *ctx, struct 
> connection *conn,
>       lu_status->timeout = to;
>       lu_status->started_at = time(NULL);
> 
> -     errno = delay_request(conn, conn->in, do_lu_start, NULL);
> +     errno = delay_request(conn, conn->in, do_lu_start, NULL, false);
> 
>       return NULL;
> }
> diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
> index 41b26d7094c8..51d210828922 100644
> --- a/tools/xenstore/xenstored_core.c
> +++ b/tools/xenstore/xenstored_core.c
> @@ -279,10 +279,19 @@ static void call_delayed(struct connection *conn, 
> struct delayed_request *req)
> }
> 
> int delay_request(struct connection *conn, struct buffered_data *in,
> -               bool (*func)(struct delayed_request *), void *data)
> +               bool (*func)(struct delayed_request *), void *data,
> +               bool no_quota_check)
> {
>       struct delayed_request *req;
> 
> +     /*
> +      * Only allow one request can be delayed for an unprivileged
> +      * connection.
> +      */
> +     if (!no_quota_check && domain_is_unprivileged(conn) &&
> +         !list_empty(&conn->delayed))
> +             return ENOSPC;
> +
>       req = talloc(in, struct delayed_request);
>       if (!req)
>               return ENOMEM;
> diff --git a/tools/xenstore/xenstored_core.h b/tools/xenstore/xenstored_core.h
> index 89ce155e755b..34839b34f6e9 100644
> --- a/tools/xenstore/xenstored_core.h
> +++ b/tools/xenstore/xenstored_core.h
> @@ -213,7 +213,8 @@ char *get_parent(const void *ctx, const char *node);
> 
> /* Delay a request. */
> int delay_request(struct connection *conn, struct buffered_data *in,
> -               bool (*func)(struct delayed_request *), void *data);
> +               bool (*func)(struct delayed_request *), void *data,
> +               bool no_quota_check);
> 
> /* Tracing infrastructure. */
> void trace_create(const void *data, const char *type);
> -- 
> 2.17.1
> 
> 




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.