lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5A616995.4050702@intel.com>
Date:   Fri, 19 Jan 2018 11:44:21 +0800
From:   Wei Wang <wei.w.wang@...el.com>
To:     "Michael S. Tsirkin" <mst@...hat.com>
CC:     virtio-dev@...ts.oasis-open.org, linux-kernel@...r.kernel.org,
        virtualization@...ts.linux-foundation.org, kvm@...r.kernel.org,
        linux-mm@...ck.org, mhocko@...nel.org, akpm@...ux-foundation.org,
        pbonzini@...hat.com, liliang.opensource@...il.com,
        yang.zhang.wz@...il.com, quan.xu0@...il.com, nilal@...hat.com,
        riel@...hat.com
Subject: Re: [PATCH v22 2/3] virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_VQ

On 01/18/2018 12:44 AM, Michael S. Tsirkin wrote:
> On Wed, Jan 17, 2018 at 01:10:11PM +0800, Wei Wang wrote:
>

>
>> +{
>> +	struct scatterlist sg;
>> +	unsigned int unused;
>> +	int err;
>> +
>> +	sg_init_one(&sg, addr, sizeof(uint32_t));
> This passes a guest-endian value to host. This is a problem:
> should always pass LE values.

I think the endianness is handled when virtqueue_add_outbuf():

desc[i].addr = cpu_to_virtio64(_vq->vdev, addr);

right?

>
>> +
>> +	/*
>> +	 * This handles the cornercase that the vq happens to be full when
>> +	 * adding a cmd id. Rarely happen in practice.
>> +	 */
>> +	while (!vq->num_free)
>> +		virtqueue_get_buf(vq, &unused);
> I dislike this busy-waiting. It's a hint after all -
> why not just retry later - hopefully after getting an
> interrupt?
>
> Alternatively, stop adding more entries when we have a single
> ring entry left, making sure we have space for the command.

I think the second one looks good. Thanks.

>> +			queue_work(system_freezable_wq,
>> +				   &vb->update_balloon_size_work);
>> +		spin_unlock_irqrestore(&vb->stop_update_lock, flags);
>> +	}
>> +
>> +	virtio_cread(vb->vdev, struct virtio_balloon_config,
>> +		     free_page_report_cmd_id, &cmd_id);
> You want virtio_cread_feature, don't access the new field
> if the feature has not been negotiated.

Right. We probably need to put all the following cmd id related things 
under the feature check,

How about

if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_FREE_PAGE_VQ)) {
     virtio_cread(..);
     if (cmd_id == VIRTIO_BALLOON_FREE_PAGE_REPORT_STOP_ID) {
     ....
}


>
>
>> +	if (cmd_id == VIRTIO_BALLOON_FREE_PAGE_REPORT_STOP_ID) {
>> +		WRITE_ONCE(vb->report_free_page, false);
>> +	} else if (cmd_id != vb->start_cmd_id) {
>> +		/*
>> +		 * Host requests to start the reporting by sending a new cmd
>> +		 * id.
>> +		 */
>> +		WRITE_ONCE(vb->report_free_page, true);
> I don't know why we bother with WRITE_ONCE here.  The point of
> report_free_page being used lockless is that that it's not a big deal if
> it's wrong occasionally, right?

Actually the main reason is that "vb->report_free_page" is a value 
shared by two threads:
Written by the config_change here, and read by the worker thread that 
reports the free pages.

Alternatively, we could let the two sides access to the shared variable 
with "volatile" pointers.


>
>
>
>> +		vb->start_cmd_id = cmd_id;
>> +		queue_work(vb->balloon_wq, &vb->report_free_page_work);
> It seems that if a command was already queued (with a different id),
> this will result in new command id being sent to host twice, which will
> likely confuse the host.

I think that case won't happen, because
- the host sends a cmd id to the guest via the config, while the guest 
acks back the received cmd id via the virtqueue;
- the guest ack back a cmd id only when a new cmd id is received from 
the host, that is the above check:

     if (cmd_id != vb->start_cmd_id) { --> the driver only queues the 
reporting work only when a new cmd id is received
                         /*
                          * Host requests to start the reporting by 
sending a
                          * new cmd id.
                          */
                         WRITE_ONCE(vb->report_free_page, true);
                         vb->start_cmd_id = cmd_id;
                         queue_work(vb->balloon_wq, 
&vb->report_free_page_work);
     }

So the same cmd id wouldn't queue the reporting work twice.


>
>
>
>> +	}
>> +}
>> +
>>   static void update_balloon_size(struct virtio_balloon *vb)
>>   {
>>   	u32 actual = vb->num_pages;
>> @@ -417,40 +513,113 @@ static void update_balloon_size_func(struct work_struct *work)
>>   
>>   static int init_vqs(struct virtio_balloon *vb)
>>   {
>> -	struct virtqueue *vqs[3];
>> -	vq_callback_t *callbacks[] = { balloon_ack, balloon_ack, stats_request };
>> -	static const char * const names[] = { "inflate", "deflate", "stats" };
>> -	int err, nvqs;
>> +	struct virtqueue **vqs;
>> +	vq_callback_t **callbacks;
>> +	const char **names;
>> +	struct scatterlist sg;
>> +	int i, nvqs, err = -ENOMEM;
>> +
>> +	/* Inflateq and deflateq are used unconditionally */
>> +	nvqs = 2;
>> +	if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_STATS_VQ))
>> +		nvqs++;
>> +	if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_FREE_PAGE_VQ))
>> +		nvqs++;
>> +
>> +	/* Allocate space for find_vqs parameters */
>> +	vqs = kcalloc(nvqs, sizeof(*vqs), GFP_KERNEL);
>> +	if (!vqs)
>> +		goto err_vq;
>> +	callbacks = kmalloc_array(nvqs, sizeof(*callbacks), GFP_KERNEL);
>> +	if (!callbacks)
>> +		goto err_callback;
>> +	names = kmalloc_array(nvqs, sizeof(*names), GFP_KERNEL);
>> +	if (!names)
>> +		goto err_names;
> Why not just keep these 3 arrays on stack? they aren't large.

Sounds good. Here is the new implementation:

static int init_vqs(struct virtio_balloon *vb)
{
         struct virtqueue *vqs[4];
         vq_callback_t *callbacks[4];
         const char *names[4];
         struct scatterlist sg;
         int ret;


         /*
          * Inflateq and deflateq are used unconditionally. stats_vq and
          * free_page_vq uses names[2] and names[3], respectively. The 
names[]
          * will be NULL if the related feature is not enabled, which will
          * cause no allocation for the corresponding virtqueue in find_vqs.
          */
         callbacks[0] = balloon_ack;
         names[0] = "inflate";
         callbacks[1] = balloon_ack;
         names[1] = "deflate";
         names[2] = NULL;
         names[3] = NULL;

         if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_STATS_VQ)) {
                 names[2] = "stats";
                 callbacks[2] = stats_request;
         }
         if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_FREE_PAGE_VQ)) {
                 names[3] = "free_page_vq";
                 callbacks[3] = NULL;
         }

         ret = vb->vdev->config->find_vqs(vb->vdev, 4, vqs, callbacks, 
names,
                                          NULL, NULL);
         if (ret)
                 return ret;

         vb->inflate_vq = vqs[0];
         vb->deflate_vq = vqs[1];

         if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_STATS_VQ)) {
                 vb->stats_vq = vqs[2];
                 /*
                  * Prime this virtqueue with one buffer so the 
hypervisor can
                  * use it to signal us later (it can't be broken yet!).
                  */
                 sg_init_one(&sg, vb->stats, sizeof(vb->stats));
                 ret = virtqueue_add_outbuf(vb->stats_vq, &sg, 1, vb,
                                            GFP_KERNEL);
                 if (ret) {
                         dev_warn(&vb->vdev->dev, "%s: add stat_vq 
failed\n",
                                  __func__);
                         return ret;
                 }
                 virtqueue_kick(vb->stats_vq);
         }

         if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_FREE_PAGE_VQ))
                 vb->free_page_vq = vqs[3];

         return 0;
}


Btw, the QEMU side doesn't have an option to disable STATS_VQ currently, 
we may need to add that later.

Best,
Wei

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ