| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Sep 2021 20:21:09 -0300
From: Jason Gunthorpe <jgg@...pe.ca>
To: Max Gurtovoy <mgurtovoy@...dia.com>
Cc: Alex Williamson <alex.williamson@...hat.com>,
Leon Romanovsky <leon@...nel.org>,
Doug Ledford <dledford@...hat.com>,
Yishai Hadas <yishaih@...dia.com>,
Bjorn Helgaas <bhelgaas@...gle.com>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Kirti Wankhede <kwankhede@...dia.com>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-pci@...r.kernel.org,
linux-rdma@...r.kernel.org, netdev@...r.kernel.org,
Saeed Mahameed <saeedm@...dia.com>,
Cornelia Huck <cohuck@...hat.com>
Subject: Re: [PATCH mlx5-next 2/7] vfio: Add an API to check migration state
transition validity
On Thu, Sep 30, 2021 at 12:48:55AM +0300, Max Gurtovoy wrote:
>
> On 9/29/2021 7:14 PM, Jason Gunthorpe wrote:
> > On Wed, Sep 29, 2021 at 06:28:44PM +0300, Max Gurtovoy wrote:
> >
> > > > So you have a device that's actively modifying its internal state,
> > > > performing I/O, including DMA (thereby dirtying VM memory), all while
> > > > in the _STOP state? And you don't see this as a problem?
> > > I don't see how is it different from vfio-pci situation.
> > vfio-pci provides no way to observe the migration state. It isn't
> > "000b"
>
> Alex said that there is a problem of compatibility.
Yes, when a vfio_device first opens it must be running - ie able to do
DMA and otherwise operational.
When we add the migration extension this cannot change, so after
open_device() the device should be operational.
The reported state in the migration region should accurately reflect
what the device is currently doing. If the device is operational then
it must report running, not stopped.
Thus a driver cannot just zero initalize the migration "registers",
they have to be accurate.
> > > Maybe we need to rename STOP state. We can call it READY or LIVE or
> > > NON_MIGRATION_STATE.
> > It was a poor choice to use 000b as stop, but it doesn't really
> > matter. The mlx5 driver should just pre-init this readable to running.
>
> I guess we can do it for this reason. There is no functional problem nor
> compatibility issue here as was mentioned.
>
> But still we need the kernel to track transitions. We don't want to allow
> moving from RESUMING to SAVING state for example. How this transition can be
> allowed ?
It seems semantically fine to me, as per Alex's note what will happen
is defined:
driver will see RESUMING toggle off so it will trigger a
de-serialization
driver will see SAVING toggled on so it will serialize the new state
(either the pre-copy state or the post-copy state dpending on the
running bit)
Depending on the running bit the device may or may not be woken up.
If de-serialization fails then the state goes to error and SAVING is
ignored.
The driver logic probably looks something like this:
// Running toggles off
if (oldstate & RUNNING != newstate & RUNNING && oldstate & RUNNING)
queice
freeze
// Resuming toggles off
if (oldstate & RESUMING != newstate & RESUMING && oldstate & RESUMING)
deserialize
// Saving toggles on
if (oldstate & SAVING != newstate & SAVING && newstate & SAVING)
if (!(newstate & RUNNING))
serialize post copy
// Running toggles on
if (oldstate & RUNNING != newstate & RUNNING && newstate & RUNNING)
unfreeze
unqueice
I'd have to check that carefully against the state chart from my last
email though..
And need to check how the "Stop Active Transactions" bit fits in there
Jason
Powered by blists - more mailing lists