| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180124062723-mutt-send-email-mst@kernel.org>
Date: Wed, 24 Jan 2018 06:29:45 +0200
From: "Michael S. Tsirkin" <mst@...hat.com>
To: Wei Wang <wei.w.wang@...el.com>
Cc: virtio-dev@...ts.oasis-open.org, linux-kernel@...r.kernel.org,
virtualization@...ts.linux-foundation.org, kvm@...r.kernel.org,
linux-mm@...ck.org, mhocko@...nel.org, akpm@...ux-foundation.org,
pbonzini@...hat.com, liliang.opensource@...il.com,
yang.zhang.wz@...il.com, quan.xu0@...il.com, nilal@...hat.com,
riel@...hat.com
Subject: Re: [virtio-dev] Re: [PATCH v22 2/3] virtio-balloon:
VIRTIO_BALLOON_F_FREE_PAGE_VQ
On Mon, Jan 22, 2018 at 07:25:45PM +0800, Wei Wang wrote:
> On 01/19/2018 08:39 PM, Michael S. Tsirkin wrote:
> > On Fri, Jan 19, 2018 at 11:44:21AM +0800, Wei Wang wrote:
> > > On 01/18/2018 12:44 AM, Michael S. Tsirkin wrote:
> > > > On Wed, Jan 17, 2018 at 01:10:11PM +0800, Wei Wang wrote:
> > > >
> > > > > + vb->start_cmd_id = cmd_id;
> > > > > + queue_work(vb->balloon_wq, &vb->report_free_page_work);
> > > > It seems that if a command was already queued (with a different id),
> > > > this will result in new command id being sent to host twice, which will
> > > > likely confuse the host.
> > > I think that case won't happen, because
> > > - the host sends a cmd id to the guest via the config, while the guest acks
> > > back the received cmd id via the virtqueue;
> > > - the guest ack back a cmd id only when a new cmd id is received from the
> > > host, that is the above check:
> > >
> > > if (cmd_id != vb->start_cmd_id) { --> the driver only queues the
> > > reporting work only when a new cmd id is received
> > > /*
> > > * Host requests to start the reporting by sending a
> > > * new cmd id.
> > > */
> > > WRITE_ONCE(vb->report_free_page, true);
> > > vb->start_cmd_id = cmd_id;
> > > queue_work(vb->balloon_wq,
> > > &vb->report_free_page_work);
> > > }
> > >
> > > So the same cmd id wouldn't queue the reporting work twice.
> > >
> > Like this:
> >
> > vb->start_cmd_id = cmd_id;
> > queue_work(vb->balloon_wq, &vb->report_free_page_work);
> >
> > command id changes
> >
> > vb->start_cmd_id = cmd_id;
> >
> > work executes
> >
> > queue_work(vb->balloon_wq, &vb->report_free_page_work);
> >
> > work executes again
> >
>
> If we think about the whole working flow, I think this case couldn't happen:
>
> 1) device send cmd_id=1 to driver;
> 2) driver receives cmd_id=1 in the config and acks cmd_id=1 to the device
> via the vq;
> 3) device revives cmd_id=1;
> 4) device wants to stop the reporting by sending cmd_id=STOP;
> 5) driver receives cmd_id=STOP from the config, and acks cmd_id=STOP to the
> device via the vq;
> 6) device sends cmd_id=2 to driver;
> ...
>
> cmd_id=2 won't come after cmd_id=1, there will be a STOP cmd in between them
> (STOP won't queue the work).
>
> How about defining the correct device behavior in the spec:
> The device Should NOT send a second cmd id to the driver until a STOP cmd
> ack for the previous cmd id has been received from the guest.
>
>
> Best,
> Wei
I think we should just fix races in the driver rather than introduce
random restrictions in the device.
If device wants to start a new sequence, it should be able to
do just that without a complicated back and forth with several
roundtrips through the driver.
--
MST
Powered by blists - more mailing lists