[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v8.1 04/27] xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op

To: <konrad.wilk@xxxxxxxxxx>
From: "Jan Beulich" <jbeulich@xxxxxxxx>
Date: Mon, 18 Apr 2016 10:33:46 -0600
Cc: sstabellini@xxxxxxxxxx, wei.liu2@xxxxxxxxxx, ross.lagerwall@xxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, ian.jackson@xxxxxxxxxxxxx, mpohlack@xxxxxxxxxx, sasha.levin@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx, dgdegra@xxxxxxxxxxxxx
Delivery-date: Mon, 18 Apr 2016 16:34:05 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> 04/18/16 9:50 AM >>>
>On Sun, Apr 17, 2016 at 02:05:10AM -0600, Jan Beulich wrote:
>> >>> Konrad Rzeszutek Wilk <konrad@xxxxxxxxxx> 04/15/16 4:29 AM >>>
>> >On Thu, Apr 14, 2016 at 10:36:46AM -0600, Jan Beulich wrote:
>> >> >>> Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> 04/14/16 12:05 AM >>>
>> >> > +    spin_lock(&payload_lock);
>> >> > +
>> >> > +    found = find_payload(n);
>> >> > +    if ( IS_ERR(found) )
>> >> > +    {
>> >> > +        rc = PTR_ERR(found);
>> >> > +        goto out;
>> >> > +    }
>> >> > +    else if ( found )
>> >> > +    {
>> >> > +        rc = -EEXIST;
>> >> > +        goto out;
>> >> > +    }
>> >> > +
>> >> > +    data = xzalloc(struct payload);
>> >> 
>> >> I generally advocate for not doing allocations with locks held, and I 
>> >> don't think
>> >> it would severely complicate the code here doing so.
>> >
>> >I can certainly unlock and then lock again (when adding
>> >it to the list).
>> 
>> That would create a race again afaict. Instead what I have been trying to 
>> hint
>> at is that the allocation should be done before taking the lock, freeing the 
>> object
>> again if in the end it turned out it's not going to be needed. Hence the 
>> referral to
>
>What if I get -ENOMEM and that the user supplied an payload we already
>have? In that case I would return -ENOMEM while I would expect us to
>return -EEXIST.
>
>Unless I add some extra checks to continue on?

Or unless you didn't check the allocation result right after the allocation 
call,
but only where you check it now.

>Also one could do a bit of memory DoS (perhaps by mistake) by continously
>uploading the same and same payload and us first allocating the memory,
>and then doing the check for the payload existence (which would then
>free the memory). Since the allocation is outside the lock we can
>eat a bit of memory.

Why that? You'd free the memory right away on the error path.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v8.1 04/27] xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op
  - From: Konrad Rzeszutek Wilk

References:
- [Xen-devel] [PATCH v8.1] xSplice v1 design and implementation.
  - From: Konrad Rzeszutek Wilk
- [Xen-devel] [PATCH v8.1 04/27] xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [PATCH v8.1 04/27] xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v8.1 04/27] xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op
  - From: Konrad Rzeszutek Wilk
- Re: [Xen-devel] [PATCH v8.1 04/27] xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v8.1 04/27] xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op
  - From: Konrad Rzeszutek Wilk

Prev by Date: [Xen-devel] memory sharing
Next by Date: [Xen-devel] [ovmf test] 91905: regressions - FAIL
Previous by thread: Re: [Xen-devel] [PATCH v8.1 04/27] xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op
Next by thread: Re: [Xen-devel] [PATCH v8.1 04/27] xen/xsplice: Hypervisor implementation of XEN_XSPLICE_op
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.