[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86/HVM: avoid pointer wraparound in bufioreq handling



> -----Original Message-----
> From: Ian Campbell [mailto:ian.campbell@xxxxxxxxxx]
> Sent: 16 June 2015 10:00
> To: Jan Beulich
> Cc: Andrew Cooper; Wei Liu; Ian Jackson; Stefano Stabellini; xen-devel; Keir
> (Xen.org); Paul Durrant
> Subject: Re: [Xen-devel] [PATCH] x86/HVM: avoid pointer wraparound in
> bufioreq handling
> 
> On Tue, 2015-06-16 at 09:37 +0100, Jan Beulich wrote:
> > >>> On 16.06.15 at 10:20, <ian.campbell@xxxxxxxxxx> wrote:
> > > On Tue, 2015-06-16 at 07:44 +0100, Jan Beulich wrote:
> > >> >>> On 15.06.15 at 16:30, <JBeulich@xxxxxxxx> wrote:
> > >> > The number of slots per page being 511 (i.e. not a power of two)
> means
> > >> > that the (32-bit) read and write indexes going beyond 2^32 will likely
> > >> > disturb operation. Extend I/O req server creation so the caller can
> > >> > indicate that it is using suitable atomic accesses where needed (not
> > >> > all accesses to the two pointers really need to be atomic), allowing
> > >> > the hypervisor to atomically canonicalize both pointers when both
> have
> > >> > gone through at least one cycle.
> > >> >
> > >> > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> > >>
> > >> No matter that it's just a single line change, I realized that I
> > >> forgot to Cc the tools maintainers. While a v2 will be needed (see
> > >> the reply just sent to Andrew) I'd still appreciate input (if any) to
> > >> limit the number of revisions needed.
> > >
> > > For such a simple toolstack side change which just reflects the
> > > underlying hcall interface I have no real opinion so far as the tools
> > > side goes, but it would be good to update the comments in xenctrl.h too.
> > > With that done for the tools change:
> > >         Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
> >
> > Thanks. The request for feedback went beyond the request for
> > an ack though, namely
> >
> > TBD: Do we need to be worried about non-libxc users of the changed
> >      (tools only) interface?
> 
> It's (currently at least) a declared non-stable API, so in principal no.
> It would be polite to give a heads up to the expected potential users
> though, which you've done by CCing the QEMU maintainers I think. Adding
> Paul D for completeness though.

From my reading, both QEMU upstream and trad are safe. They use a loop of the 
form:

while (read_ptr != write_ptr)
{
   do stuff

  read_ptr += (handled a qword) ? 2 : 1;
}

So, since the only test is for equality I think overflow should be handled 
correctly. So, does anything actually need to be fixed?

  Paul

> 
> >      Do we also need a way for default servers to flag atomicity?
> 
> Not doing so leaves them open to the issue which you are fixing here, I
> think?
> 
> Andy indicated that qemu-trad was the only default-server these days, so
> perhaps we can just decree that it is so while fixing qemu-trad as
> necessary?
> 
> In fact, are ioreq servers new enough and with few enough users that can
> we decree that even they are always atomic, perhaps after having audited
> the current users to ensure they behave correctly?
> 
> > > For the hypercall interface level, I wonder if handle_bufioreq is still
> > > an appropriate name given its no longer treated as a boolean flag?
> > > bufioreq_type or something perhaps?
> >
> > I think the name is fine as is (it doesn't really imply boolean-ness
> > in my reading), but if others agree with you that it should be
> > renamed I also wouldn't object.
> 
> I read it as "should handle buf ioreqs", with should being a boolean
> type predicate thing, but that might just be me, I suppose it could also
> be read as "kind of buf ioreqs to handle".

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.