freebsd-nq/sys/xen
Roger Pau Monné 4e4e43dc9e xen: allow limiting the amount of duplicated pending xenstore watches
Xenstore watches received are queued in a list and processed in a
deferred thread. Such queuing was done without any checking, so a
guest could potentially trigger a resource starvation against the
FreeBSD kernel if such kernel is watching any user-controlled xenstore
path.

Allowing limiting the amount of pending events a watch can accumulate
to prevent a remote guest from triggering this resource starvation
issue.

For the PV device backends and frontends this limitation is only
applied to the other end /state node, which is limited to 1 pending
event, the rest of the watched paths can still have unlimited pending
watches because they are either local or controlled by a privileged
domain.

The xenstore user-space device gets special treatment as it's not
possible for the kernel to know whether the paths being watched by
user-space processes are controlled by a guest domain. For this reason
watches set by the xenstore user-space device are limited to 1000
pending events. Note this can be modified using the
max_pending_watch_events sysctl of the device.

This is XSA-349.

Sponsored by:	Citrix Systems R&D
MFC after:	3 days
2020-12-30 11:18:26 +01:00
..
evtchn
interface xen: clean up empty lines in .c and .h files 2020-09-01 21:21:55 +00:00
xenbus xen: allow limiting the amount of duplicated pending xenstore watches 2020-12-30 11:18:26 +01:00
xenmem
xenstore xen: allow limiting the amount of duplicated pending xenstore watches 2020-12-30 11:18:26 +01:00
blkif.h
error.h
evtchn.h
features.c
features.h
gntdev.h
gnttab.h
hvm.h xen: introduce a new way to setup event channel upcall 2019-01-30 11:34:52 +00:00
hypervisor.h xen: clean up empty lines in .c and .h files 2020-09-01 21:21:55 +00:00
privcmd.h
xen_intr.h
xen_msi.h
xen_pci.h
xen_pv.h
xen-os.h