Infinite loop in `wait_for_generation_change` — DoS

[pbeza]

The wait_for_generation_change() function in dstack/kms/src/main_service.rs blocks indefinitely in a polling loop when the generation counter does not advance, with no timeout or cancellation mechanism.

Root Cause

The wait_for_generation_change function polls a configfs generation counter in a busy loop with no timeout. If the configfs interface becomes stuck (e.g., due to a kernel bug or resource exhaustion), the calling thread spins indefinitely, consuming CPU.

// linux.rs:433-441
loop {
    let current_gen = read_generation()?;
    if current_gen != expected_gen {
        return Ok(current_gen);
    }
    // No sleep, no timeout — busy loop
}

Attack Path

1. The configfs TDX interface becomes unresponsive (kernel bug, resource exhaustion, or deliberate blocking by host)
2. wait_for_generation_change enters an infinite busy loop
3. The calling thread consumes 100% CPU indefinitely
4. If multiple quote requests are made concurrently, multiple threads spin
5. The guest agent or KMS process becomes unresponsive due to CPU exhaustion

Impact

Local denial of service. A stuck configfs interface causes the TDX attestation library to consume all available CPU. This could make the CVM's attestation and key derivation services unavailable.

Suggested Fix

Add a timeout and sleep between polls:

let deadline = Instant::now() + Duration::from_secs(30);
loop {
    let current_gen = read_generation()?;
    if current_gen != expected_gen {
        return Ok(current_gen);
    }
    if Instant::now() > deadline {
        return Err(Error::Timeout);
    }
    std::thread::sleep(Duration::from_millis(10));
}

---

Note: This issue was created automatically. The vulnerability report was generated by Claude and has not been verified by a human.