diff options
| author | Keir Fraser <keir.fraser@citrix.com> | 2007-12-14 10:15:00 +0000 |
|---|---|---|
| committer | Keir Fraser <keir.fraser@citrix.com> | 2007-12-14 10:15:00 +0000 |
| commit | 625a82b59cc973fc6adcca234e05e53fff4a96b5 (patch) | |
| tree | b67fc0be96f43cbe1491c00dd3dd1dbe961e21fb /docs/misc/xenstore.txt | |
| parent | 298950dbe88deb0697fdd4f273f1583dc51d20cc (diff) | |
| download | xen-625a82b59cc973fc6adcca234e05e53fff4a96b5.tar.gz xen-625a82b59cc973fc6adcca234e05e53fff4a96b5.tar.bz2 xen-625a82b59cc973fc6adcca234e05e53fff4a96b5.zip | |
xenstore size limits
* Documents the existing 4kby size limit on xenstore message payloads
* Causes xs.c in libxenstore to fail locally rather than violating
said limit (which is good because xenstored kills the client
connection if it's exceeded).
* Introduces some limits on path lengths in xenstored. I trust
no-one is using path lengths >2kby. This is good because currently
a domain client can create a 4kby relative path that the dom0 tools
cannot access since they'd have to specify the somewhat longer
absolute path.
* Removes uses of the host's PATH_MAX (!)
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Diffstat (limited to 'docs/misc/xenstore.txt')
| -rw-r--r-- | docs/misc/xenstore.txt | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/docs/misc/xenstore.txt b/docs/misc/xenstore.txt index e0ad8f9b52..90632863df 100644 --- a/docs/misc/xenstore.txt +++ b/docs/misc/xenstore.txt @@ -38,7 +38,9 @@ The permitted character for paths set is ASCII alphanumerics and plus the four punctuation characters -/_@ (hyphen slash underscore atsign). @ should be avoided except to specify special watches (see below). Doubled slashes and trailing slashes (except to specify the root) are -forbidden. The empty path is also forbidden. +forbidden. The empty path is also forbidden. Paths longer than 3072 +bytes are forbidden; clients specifying relative paths should keep +them to within 2048 bytes. (See XENSTORE_*_PATH_MAX in xs_wire.h.) Communication with xenstore is via either sockets, or event channel @@ -56,6 +58,20 @@ order and must use req_id (and tx_id, if applicable) to match up replies to requests. (The current implementation always replies to requests in the order received but this should not be relied on.) +The payload length (len field of the header) is limited to 4096 +(XENSTORE_PAYLOAD_MAX) in both directions. If a client exceeds the +limit, its xenstored connection will be immediately killed by +xenstored, which is usually catastrophic from the client's point of +view. Clients (particularly domains, which cannot just reconnect) +should avoid this. + +Existing clients do not always contain defences against overly long +payloads. Increasing xenstored's limit is therefore difficult; it +would require negotiation with the client, and obviously would make +parts of xenstore inaccessible to some clients. In any case passing +bulk data through xenstore is not recommended as the performance +properties are poor. + ---------- Xenstore protocol details - introduction ---------- |