| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Sep 2012 07:50:13 +0200 From: Paolo Bonzini <pbonzini@...hat.com> To: "Michael S. Tsirkin" <mst@...hat.com> CC: fes@...gle.com, aarcange@...hat.com, riel@...hat.com, yvugenfi@...hat.com, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, mikew@...gle.com, yinghan@...gle.com, virtualization@...ts.linux-foundation.org Subject: Re: [PATCH] virtio-balloon spec: provide a version of the "silent deflate" feature that works Il 09/09/2012 00:22, Michael S. Tsirkin ha scritto: >> Almost. One is "the guest, if really needed, can tell the host of >> pages". If not negotiated, and the host does not support it, the host >> must break the guest (e.g. fail to offer any virtqueues). > > There is no way in spec to break the guest. > You can not fail to offer virtqueues. You can always return 0 for the first queue. > Besides, there is no guarantee that virtqueue setup > happens after feature negotiation. It is the only way that makes sense though (unless the guest would write 0 for its features). Should we change that? >> The other is "the guest, though, would prefer not to do so". It is >> different because the guest can proceed in a fallback mode even if the >> host doesn't offer it. > > I think I get what your proposed SILENT means what I do not get > is the motivation. It looks like a premature optimization to me. The motivation is to let the driver choose between two behaviors: the current one where ballooning is only done on request, and a more aggressive one. > The spec is pretty clear that if guest acks feature it > is a contract that dictates behaviour. > If it doesn't it is either ignored or just informative > depending on feature. > >> You could negotiate VIRTIO_BLK_F_TOPOLOGY >> and end up never reading the fields; you could negotiate >> VIRTIO_NET_F_GUEST_ANNOUNCE and never send a guest announcement. > > Block example is just informative. It does not need to be > negotiated even to be used. But last example is wrong. > If you ack GUEST_ANNOUNCE hypervisor assumes guest will > announce self, if guest does not do it this break migration. It is wrong indeed, sorry. Better example: the driver can negotiate VIRTIO_NET_F_CTRL_RX and never set promiscuous mode. The device has to obey if it does. Similarly, if you set VIRTIO_BALLOON_F_SILENT_DEFLATE and only do chatty deflate later, that's fine. If you do silent deflate, and the device negotiated the feature, it has to work. >> Delaying or avoiding is the same in the end. The spec says it well: "In >> this case, deflation advice is merely a courtesy". > > So it looks like we don't need a new bit to leak in atomic ctx. > Just do not ack MUST_TELL_HOST and delay telling host to a wq. > IMO we should not add random stuff to spec like this just because it > seems like a good idea. But this way you have to choose all-or-none. If the host cannot do silent deflate, you cannot balloon anymore, not even in the normal "cooperative" mode. > OK so TELL says *when* to notify host, SILENT if set allows guest > to skip leak notifications? In this case TELL should just be ignored > when SILENT is set. Yeah, that was my first idea. However, there are existing drivers that ignore SILENT, so that would not be 100% exact. > IMHO, renaming is fine since there is confusion. > But WILL_TELL is also not all that clear imho. > I think the confusion is that TELL_HOST seems to > imply we can avoid telling host at all. > How about being explicit? > > VIRTIO_BALLOON_F_HOST_ACK_BEFORE_DEFLATE Makes sense. Paolo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists