lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140922225816.GD8347@google.com>
Date:	Mon, 22 Sep 2014 15:58:16 -0700
From:	David Matlack <dmatlack@...gle.com>
To:	Marcelo Tosatti <mtosatti@...hat.com>
Cc:	Gleb Natapov <gleb@...nel.org>,
	Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] kvm: don't take vcpu mutex for obviously invalid vcpu
 ioctls

On 09/22, Marcelo Tosatti wrote:
> On Fri, Sep 19, 2014 at 04:03:25PM -0700, David Matlack wrote:
> > vcpu ioctls can hang the calling thread if issued while a vcpu is
> > running. 
> 
> There is a mutex per-vcpu, so thats expected, OK...
> 
> > If we know ioctl is going to be rejected as invalid anyway,
> > we can fail before trying to take the vcpu mutex.
> 
> Consider a valid ioctl that takes the vcpu mutex. If you need immediate
> access for that valid ioctl, it is necessary to interrupt thread
> which KVM_RUN ioctl executes. 
> 
> So knowledge of whether KVM_RUN is being executed is expected in
> userspace (either
> that or ask the KVM_RUN thread to run the ioctl for you, as qemu does).
> 
> Can't see why having different behaviour for valid/invalid ioctls
> is a good thing.
> 
> > This patch does not change functionality, it just makes invalid ioctls
> > fail faster.
> 
> Should not be executing vcpu ioctls without interrupt KVM_RUN in the
> first place.

This patch is trying to be nice to code that isn't aware it's
probing kvm file descriptors. We saw long hangs with some generic
process inspection code that was probing all open file descriptors.
There's no reason non-kvm ioctls should have to wait for the vcpu
mutex to become available just to fail.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ