lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 27 Jun 2012 21:52:52 -0600
From:	Alex Williamson <alex.williamson@...hat.com>
To:	"Michael S. Tsirkin" <mst@...hat.com>
Cc:	avi@...hat.com, kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
	jan.kiszka@...mens.com
Subject: Re: [PATCH v2 4/6] kvm: Extend irqfd to support level interrupts

On Thu, 2012-06-28 at 01:28 +0300, Michael S. Tsirkin wrote:
> On Wed, Jun 27, 2012 at 03:28:19PM -0600, Alex Williamson wrote:
> > On Thu, 2012-06-28 at 00:14 +0300, Michael S. Tsirkin wrote:
> > > On Wed, Jun 27, 2012 at 02:59:09PM -0600, Alex Williamson wrote:
> > > > On Wed, 2012-06-27 at 12:51 +0300, Michael S. Tsirkin wrote:
> > > > > On Tue, Jun 26, 2012 at 11:09:46PM -0600, Alex Williamson wrote:
> > > > > > In order to inject an interrupt from an external source using an
> > > > > > irqfd, we need to allocate a new irq_source_id.  This allows us to
> > > > > > assert and (later) de-assert an interrupt line independently from
> > > > > > users of KVM_IRQ_LINE and avoid lost interrupts.
> > > > > > 
> > > > > > We also add what may appear like a bit of excessive infrastructure
> > > > > > around an object for storing this irq_source_id.  However, notice
> > > > > > that we only provide a way to assert the interrupt here.  A follow-on
> > > > > > interface will make use of the same irq_source_id to allow de-assert.
> > > > > > 
> > > > > > Signed-off-by: Alex Williamson <alex.williamson@...hat.com>
> > > > > > ---
> > > > > > 
> > > > > >  Documentation/virtual/kvm/api.txt |    5 ++
> > > > > >  arch/x86/kvm/x86.c                |    1 
> > > > > >  include/linux/kvm.h               |    3 +
> > > > > >  virt/kvm/eventfd.c                |   95 +++++++++++++++++++++++++++++++++++--
> > > > > >  4 files changed, 99 insertions(+), 5 deletions(-)
> > > > > > 
> > > > > > diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
> > > > > > index ea9edce..b216709 100644
> > > > > > --- a/Documentation/virtual/kvm/api.txt
> > > > > > +++ b/Documentation/virtual/kvm/api.txt
> > > > > > @@ -1981,6 +1981,11 @@ the guest using the specified gsi pin.  The irqfd is removed using
> > > > > >  the KVM_IRQFD_FLAG_DEASSIGN flag, specifying both kvm_irqfd.fd
> > > > > >  and kvm_irqfd.gsi.
> > > > > >  
> > > > > > +With KVM_IRQFD_FLAG_LEVEL KVM_IRQFD allocates a new IRQ source ID for
> > > > > > +the requested irqfd.  This is necessary to share level triggered
> > > > > > +interrupts with those injected through KVM_IRQ_LINE.  IRQFDs created
> > > > > > +with KVM_IRQFD_FLAG_LEVEL must also set this flag when de-assiging.
> > > > > > +KVM_IRQFD_FLAG_LEVEL support is indicated by KVM_CAP_IRQFD_LEVEL.
> > > > > 
> > > > > Note that if my patch removing auto-deassert gets accepted,
> > > > > this is not needed at all: we can just look at the GSI
> > > > > to see if it's level or edge.
> > > > 
> > > > I'm not sure this is a good idea.  I know from vfio that I'm injecting a
> > > > level interrupt regardless of how the guest has the pic/ioapic
> > > > programmed at the time I'm calling this ioctl.  Peeking across address
> > > > spaces to get to the right pin on the right pic/ioapic and see how it's
> > > > currently programmed seems fragile.  Thanks,
> > > > 
> > > > Alex
> > > 
> > > Fragile? If you set eventfd as LEVEL but GSI is really edge then
> > > it all explodes, right? So why give users the option to shoot
> > > themselves in the foot?
> > 
> > If the guest has the ioapic rte set to edge at the time I call KVM_IRQFD
> > to register my level interrupt then it all explodes, right?  I'd rather
> > let the user shoot themselves than play Russian roulette with the guest.
> > Am I misunderstanding what you mean by looking that the GSI to see if
> > it's level or edge?
> 
> Not sure.
> I simply mean this: if eventfd is bound to irqfd, set level from irqfd
> and clear from eventfd ack notifier.

Are you simply saying assert (kvm_set_irq(,,,1)) from irqfd trigger and
de-assert (kvm_set_irq(,,,0)) from eventfd ack notifier (aka KVM_EOIFD)?

> There's no need for a special IRQ_LEVEL for this.

That ignores the whole problem of when do we need to allocate a new
irq_source_id and when do we inject using KVM_USERSPACE_IRQ_SOURCE_ID.
We've already discussed that a level triggered, externally fired
interrupt must use a separate source ID from Qemu userspace.  Therefore
when you say "look at the GSI to see if it's level or edge", I assume
you mean trace the gsi back to the pic/ioapic pin and look at the
trigger mode.  That trigger mode is configured by the guest, so that
means that at the point in time when we call KVM_IRQFD we make a
determination based on how the _guest_ has programmed the ioapic.  That
may not match the interrupt we expect to inject.  On the other hand, the
user calling KVM_IRQFD absolutely knows the type of interrupt provided
by their device.  I think we need a flag regardless of whether your
patch is accepted.  We may be able to share the inject handler if it is
accepted, but it doesn't change the user API.  Thanks,

Alex

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ