lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <504D7F95.9070700@redhat.com>
Date:	Mon, 10 Sep 2012 07:50:13 +0200
From:	Paolo Bonzini <pbonzini@...hat.com>
To:	"Michael S. Tsirkin" <mst@...hat.com>
CC:	fes@...gle.com, aarcange@...hat.com, riel@...hat.com,
	yvugenfi@...hat.com, kvm@...r.kernel.org,
	linux-kernel@...r.kernel.org, mikew@...gle.com, yinghan@...gle.com,
	virtualization@...ts.linux-foundation.org
Subject: Re: [PATCH] virtio-balloon spec: provide a version of the "silent
 deflate" feature that works

Il 09/09/2012 00:22, Michael S. Tsirkin ha scritto:
>> Almost.  One is "the guest, if really needed, can tell the host of
>> pages".  If not negotiated, and the host does not support it, the host
>> must break the guest (e.g. fail to offer any virtqueues).
> 
> There is no way in spec to break the guest.
> You can not fail to offer virtqueues.

You can always return 0 for the first queue.

> Besides, there is no guarantee that virtqueue setup
> happens after feature negotiation.

It is the only way that makes sense though (unless the guest would write
0 for its features).  Should we change that?

>> The other is "the guest, though, would prefer not to do so".  It is
>> different because the guest can proceed in a fallback mode even if the
>> host doesn't offer it.
> 
> I think I get what your proposed SILENT means what I do not get
> is the motivation. It looks like a premature optimization to me.

The motivation is to let the driver choose between two behaviors: the
current one where ballooning is only done on request, and a more
aggressive one.

> The spec is pretty clear that if guest acks feature it
> is a contract that dictates behaviour.
> If it doesn't it is either ignored or just informative
> depending on feature.
> 
>> You could negotiate VIRTIO_BLK_F_TOPOLOGY
>> and end up never reading the fields; you could negotiate
>> VIRTIO_NET_F_GUEST_ANNOUNCE and never send a guest announcement.
> 
> Block example is just informative. It does not need to be
> negotiated even to be used. But last example is wrong.
> If you ack GUEST_ANNOUNCE hypervisor assumes guest will
> announce self, if guest does not do it this break migration.

It is wrong indeed, sorry.

Better example: the driver can negotiate VIRTIO_NET_F_CTRL_RX and never
set promiscuous mode.  The device has to obey if it does.

Similarly, if you set VIRTIO_BALLOON_F_SILENT_DEFLATE and only do chatty
deflate later, that's fine.  If you do silent deflate, and the device
negotiated the feature, it has to work.

>> Delaying or avoiding is the same in the end.  The spec says it well: "In
>> this case, deflation advice is merely a courtesy".
> 
> So it looks like we don't need a new bit to leak in atomic ctx.
> Just do not ack MUST_TELL_HOST and delay telling host to a wq.
> IMO we should not add random stuff to spec like this just because it
> seems like a good idea.

But this way you have to choose all-or-none.  If the host cannot do
silent deflate, you cannot balloon anymore, not even in the normal
"cooperative" mode.

> OK so TELL says *when* to notify host, SILENT if set allows guest
> to skip leak notifications? In this case TELL should just be ignored
> when SILENT is set.

Yeah, that was my first idea.  However, there are existing drivers that
ignore SILENT, so that would not be 100% exact.

> IMHO, renaming is fine since there is confusion.
> But WILL_TELL is also not all that clear imho.

> I think the confusion is that TELL_HOST seems to
> imply we can avoid telling host at all.
> How about being explicit?
> 
> VIRTIO_BALLOON_F_HOST_ACK_BEFORE_DEFLATE

Makes sense.

Paolo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ