lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 18 Sep 2018 19:17:35 +0200
From:   Juergen Gross <jgross@...e.com>
To:     Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        linux-kernel@...r.kernel.org, xen-devel@...ts.xenproject.org
Subject: Re: [PATCH] xen: issue warning message when out of grant maptrack
 entries

On 18/09/18 19:03, Boris Ostrovsky wrote:
> On 9/18/18 5:32 AM, Juergen Gross wrote:
>> When a driver domain (e.g. dom0) is running out of maptrack entries it
>> can't map any more foreign domain pages. Instead of silently stalling
>> the affected domUs issue a rate limited warning in this case in order
>> to make it easier to detect that situation.
>>
>> Signed-off-by: Juergen Gross <jgross@...e.com>
>> ---
>>  drivers/xen/grant-table.c | 25 +++++++++++++++++++------
>>  1 file changed, 19 insertions(+), 6 deletions(-)
>>
>> diff --git a/drivers/xen/grant-table.c b/drivers/xen/grant-table.c
>> index 7bafa703a992..09f6ff8c1957 100644
>> --- a/drivers/xen/grant-table.c
>> +++ b/drivers/xen/grant-table.c
>> @@ -1040,18 +1040,31 @@ int gnttab_map_refs(struct gnttab_map_grant_ref *map_ops,
>>  		return ret;
>>  
>>  	for (i = 0; i < count; i++) {
>> -		/* Retry eagain maps */
>> -		if (map_ops[i].status == GNTST_eagain)
>> -			gnttab_retry_eagain_gop(GNTTABOP_map_grant_ref, map_ops + i,
>> -						&map_ops[i].status, __func__);
>> -
>> -		if (map_ops[i].status == GNTST_okay) {
>> +		switch (map_ops[i].status) {
>> +		case GNTST_okay:
>> +		{
>>  			struct xen_page_foreign *foreign;
>>  
>>  			SetPageForeign(pages[i]);
>>  			foreign = xen_page_foreign(pages[i]);
>>  			foreign->domid = map_ops[i].dom;
>>  			foreign->gref = map_ops[i].ref;
>> +			break;
>> +		}
>> +
>> +		case GNTST_no_device_space:
>> +			pr_warn_ratelimited("maptrack limit reached, can't map all guest pages\n");
>> +			break;
>> +
>> +		case GNTST_eagain:
>> +			/* Retry eagain maps */
>> +			gnttab_retry_eagain_gop(GNTTABOP_map_grant_ref,
>> +						map_ops + i,
>> +						&map_ops[i].status, __func__);
>> +			break;
>> +
>> +		default:
>> +			break;
>>  		}
>>  	}
> 
> 
> Should we pass 'i' instead of count to set_foreign_p2m_mapping() below?
> The loop there will skip entries that are in error, but does it make
> sense to do the hypercall for kmap_ops with count>i ?

The loop is running until the end, so i == count for the call of kmap_ops().


Juergen

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ