From 625a82b59cc973fc6adcca234e05e53fff4a96b5 Mon Sep 17 00:00:00 2001 From: Keir Fraser Date: Fri, 14 Dec 2007 10:15:00 +0000 Subject: xenstore size limits * Documents the existing 4kby size limit on xenstore message payloads * Causes xs.c in libxenstore to fail locally rather than violating said limit (which is good because xenstored kills the client connection if it's exceeded). * Introduces some limits on path lengths in xenstored. I trust no-one is using path lengths >2kby. This is good because currently a domain client can create a 4kby relative path that the dom0 tools cannot access since they'd have to specify the somewhat longer absolute path. * Removes uses of the host's PATH_MAX (!) Signed-off-by: Ian Jackson --- docs/misc/xenstore.txt | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'docs/misc/xenstore.txt') diff --git a/docs/misc/xenstore.txt b/docs/misc/xenstore.txt index e0ad8f9b52..90632863df 100644 --- a/docs/misc/xenstore.txt +++ b/docs/misc/xenstore.txt @@ -38,7 +38,9 @@ The permitted character for paths set is ASCII alphanumerics and plus the four punctuation characters -/_@ (hyphen slash underscore atsign). @ should be avoided except to specify special watches (see below). Doubled slashes and trailing slashes (except to specify the root) are -forbidden. The empty path is also forbidden. +forbidden. The empty path is also forbidden. Paths longer than 3072 +bytes are forbidden; clients specifying relative paths should keep +them to within 2048 bytes. (See XENSTORE_*_PATH_MAX in xs_wire.h.) Communication with xenstore is via either sockets, or event channel @@ -56,6 +58,20 @@ order and must use req_id (and tx_id, if applicable) to match up replies to requests. (The current implementation always replies to requests in the order received but this should not be relied on.) +The payload length (len field of the header) is limited to 4096 +(XENSTORE_PAYLOAD_MAX) in both directions. If a client exceeds the +limit, its xenstored connection will be immediately killed by +xenstored, which is usually catastrophic from the client's point of +view. Clients (particularly domains, which cannot just reconnect) +should avoid this. + +Existing clients do not always contain defences against overly long +payloads. Increasing xenstored's limit is therefore difficult; it +would require negotiation with the client, and obviously would make +parts of xenstore inaccessible to some clients. In any case passing +bulk data through xenstore is not recommended as the performance +properties are poor. + ---------- Xenstore protocol details - introduction ---------- -- cgit v1.2.3