lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BY2PR0301MB0711245C96E6B0AF47C74160A03A0@BY2PR0301MB0711.namprd03.prod.outlook.com>
Date:	Wed, 4 Feb 2015 18:26:26 +0000
From:	KY Srinivasan <kys@...rosoft.com>
To:	Vitaly Kuznetsov <vkuznets@...hat.com>,
	"devel@...uxdriverproject.org" <devel@...uxdriverproject.org>
CC:	Haiyang Zhang <haiyangz@...rosoft.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Dexuan Cui <decui@...rosoft.com>,
	Jason Wang <jasowang@...hat.com>
Subject: RE: [PATCH 0/4] Drivers: hv: Further protection for the rescind path



> -----Original Message-----
> From: Vitaly Kuznetsov [mailto:vkuznets@...hat.com]
> Sent: Tuesday, February 3, 2015 9:01 AM
> To: KY Srinivasan; devel@...uxdriverproject.org
> Cc: Haiyang Zhang; linux-kernel@...r.kernel.org; Dexuan Cui; Jason Wang
> Subject: [PATCH 0/4] Drivers: hv: Further protection for the rescind path
> 
> This series is a continuation of the "Drivers: hv: vmbus: serialize Offer and
> Rescind offer". I'm trying to address a number of theoretically possible issues
> with rescind offer handling. All these complications come from the fact that a
> rescind offer results in vmbus channel being freed and we must ensure
> nobody still uses it. Instead of introducing new locks I suggest we switch
> channels usage to the get/put workflow.
> 
> The main part of the series is [PATCH 1/4] which introduces the workflow for
> vmbus channels, all other patches fix different corner cases using this
> workflow. I'm not sure all such cases are covered with this series (probably
> not), but in case protection is required in some other places it should become
> relatively easy to add one.
> 
> I did some sanity testing with CONFIG_DEBUG_LOCKDEP=y and nothing
> popped out, however, additional testing would be much appreciated.
> 
> K.Y., Haiyang, I'm not sending this series to netdev@ and linux-scsi@ as it is
> supposed to be applied as a whole, please resend these patches with your
> sign-offs when (and if) we're done with reviews. Thanks!

Vitaly,

Thanks for looking into this issue. While today, rescind offer results in the freeing of the channel, I don't think
that is required. By not freeing up the channel in the rescind path, we can have a safe way to access the channel and
that does not have to involve taking a reference on the channel every time you access it - the get/put workflow in your
patch set. As part of the network performance improvement work, I had eliminated all locks in the receive path by setting
up per-cpu data structures for mapping the relid to channel etc. These set of patches introduces locking/atomic operations
in performance critical code paths to deal with an event that is truly rare - the channel getting rescinded.

All channel messages are handled in a single work context:

vmbus_on_msg_dpc() -> vmbus_onmessage_work()-> Various channel messages [offer, rescind etc.]

So, the rescind message cannot be processed while we are processing the offer message and since an offer
cannot be rescinded before it is offered, offer and rescind are naturally serialized (I think I have patchset in my queue
from you that is trying to solve the concurrent execution of offer and rescind and looking at the code I cannot see how
this can occur).

As part of handling the rescind message, we will just set the channel state to indicate that the offer is rescinded (we can add
the rescind state to the channel states already defined and this will be done under the protection of the channel lock).
The cleanup of the channel and sending of the RELID release message  will only be done in the context of the driver as part of 
driver remove function. I think this should be doable in a way that does not penalize the normal path. If it is ok with you, I will
try to put together a patch along the lines I have described here.

Regards,

K. Y



> 
> Vitaly Kuznetsov (4):
>   Drivers: hv: vmbus: implement get/put usage workflow for vmbus
>     channels
>   Drivers: hv: vmbus: do not lose rescind offer on failure in
>     vmbus_process_offer()
>   Drivers: hv: vmbus: protect vmbus_get_outgoing_channel() against
>     channel removal
>   hyperv: netvsc: improve protection against rescind offer
> 
>  drivers/hv/channel_mgmt.c   | 75
> +++++++++++++++++++++++++++++++++++++--------
>  drivers/hv/connection.c     |  7 +++--
>  drivers/hv/hyperv_vmbus.h   |  4 +++
>  drivers/net/hyperv/netvsc.c | 10 ++++--  drivers/scsi/storvsc_drv.c  |  2 ++
>  include/linux/hyperv.h      | 13 ++++++++
>  6 files changed, 95 insertions(+), 16 deletions(-)
> 
> --
> 1.9.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ