| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 07 Sep 2012 16:09:50 +0930 From: Rusty Russell <rusty@...tcorp.com.au> To: "Michael S. Tsirkin" <mst@...hat.com> Cc: Paolo Bonzini <pbonzini@...hat.com>, fes@...gle.com, aarcange@...hat.com, riel@...hat.com, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, mikew@...gle.com, yinghan@...gle.com, virtualization@...ts.linux-foundation.org, yvugenfi@...hat.com, vrozenfe@...hat.com Subject: Re: [PATCH] virtio-balloon spec: provide a version of the "silent deflate" feature that works "Michael S. Tsirkin" <mst@...hat.com> writes: > On Fri, Sep 07, 2012 at 09:15:46AM +0930, Rusty Russell wrote: >> Paolo Bonzini <pbonzini@...hat.com> writes: >> > Instead, VIRTIO_NET_F_HOST_MUST_SEND_GARP would be a "negative" feature: >> > if set, the host _may not_ rely on the guest to send a gARP. Similarly >> > if VIRTIO_BALLOON_F_MUST_TELL_HOST is set, the guest _may not_ use >> > ballooned pages directly. >> > >> > There are _no_ other negative features besides >> > VIRTIO_BALLOON_F_MUST_TELL_HOST in the spec, and for a good >> > reason---because they're broken. >> > >> > (Hmm, actually we have one, VIRTIO_BLK_F_RO. It is also a bit broken, >> > but it is not so important because it depends on user input more than >> > hypervisor version). >> >> Yes, this is the key observation, and an important lesson for the >> future. Thanks! >> Note that these two negative features were in the original spec, where >> it's assumed that every device supports them. That's not explicitly >> documented, however. > > I'm curious what would we do for the future? I tried to imagine that _RO > was not in the original spec, so virtio-blk expects a r/w device. > Now we can not add _RW - old hypervisors do not set it, and old > drivers do not ack it. > What would a new flag with equivalent functionality be? Backwards compatibility in the R/O case would actually work: just fail writes. Because it's just friendly advice to the OS, really. The final test is always: does it break users? If there are no users who will notice, we can do anything. If there are users, we have to keep backwards compatibility, and that implies we can't add "must know" features. > So it looks like a bug: we should teach driver to tell host first on leak? > Yan, Vadim, can you comment please? > > Also if true, looks like this bit will be useful to detect a fixed driver on > the hypervisor side - to avoid unmapping such pages? Rusty what do you > think? So, feature is unimplemented in qemu, and broken in drivers. I starting to share Paolo's dislike of it. Don't understand why we'd care about fixed drivers though, if we remove the feature bit.... Cheers, Rusty. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists