[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 13/20] tools/xenstore: don't allow creating too many nodes in a transaction



On 07.11.22 19:37, Julien Grall wrote:


On 07/11/2022 08:34, Juergen Gross wrote:
On 06.11.22 23:00, Julien Grall wrote:
Hi Juergen,

On 01/11/2022 15:28, Juergen Gross wrote:
The accounting for the number of nodes of a domain in an active
transaction is not working correctly, as it allows to create arbitrary
number of nodes. The transaction will finally fail due to exceeding
the number of nodes quota, but before closing the transaction an
unprivileged guest could cause Xenstore to use a lot of memory.

I have already made some of comments on the security ML when this was initially set. The arguments still don't sound right to me.

For a first, since XSA-326, we have a cap in place for the memory a domain can consume. So this surely can't be a "lot of memory". Otherwise we are saying that our limit (there are other way to hit it) were wrong...

Yeah, maybe I should rework the commit message.

The reason I still want to keep the patch is that in a transaction without any
conflicts and without hitting any transaction specific limits (number of nodes
accessed), the errors returned due to a single operation should be the same as
with the same operation performed outside a transaction.

This seems to be a very niche use case. So it is not clear to me why this matter and we want to add extra check for everyone.

It is a matter of correctness.

Additionally, after the internal accounting rework this makes even more
sense, as the maximum values per domain seen are really correct, even when
queried while transactions are active.


Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.