[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/8] xen/evtchn: modify evtchn_alloc_unbound to allocate specified port

  • To: Julien Grall <julien@xxxxxxx>, Rahul Singh <Rahul.Singh@xxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 13 Jul 2022 08:21:33 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SEe2o8N71L3Bkw30NpqHygABlyv6r6jVEhL8AhcxjeA=; b=PtqSQST/BNEM14Duk7Fh/aVZuBmFGC8l7b6PYyVWFTFzYX3bl34qLGqCl3HvZMHNsOmCNio6TGsNhSdQCNUqmyYUv9gGvPV2PCHOFW2Jp1dI54Hnb9GVSBcZ4RfhR8fJjhtup2NXMlikGTP7Skaw3+a4h9NdNGylAIdQu7vnmAMdB0m1C7ARIemK13YR0cBKQKuAhKnP5IZ3fk7o/ki6xu+/Clov2IfE9pq/bcl3nKl46W1cR3pKbwFa811uxyY//rmvaryin1DkSO7Ke0VEkNLTtXXxPEF0xjBHLj+SN4wDWPqFKGYBGeUpD2LhqtT9/mVz6de1m7XL/KF73Gddhw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nOCbbF91D/V0UlY5lK8o6shZQNRH7Lnn7vHd4jRlsr5q2wI8VCCSjCZ0/QExZnSjnP2u+Vm10Oram2x38sAEY4YY1tpSwUJtZNfjbtFZA8qFI8Pn0dJH6KvXTsIxiyj72SB9v3V+SMGbEyc4jwC8fBJQJEVZYkWKxCmldlI0ZxAmWOTNzvK9L2imLvitvh7kVHczbwz3hvgMxWLdI7CmfgWu/nrBc+F0tFIMkLXFZRcAQUkZet48uK88UdYFRSxvgBDTGp1WSrsPEwR/q1WrZQcueNDJvXt/8Da0Jd2K8yYlzw9ha6YYWy//m5f7p2wcI87e8ptUSIy+G1MHIGMgxA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Wed, 13 Jul 2022 06:21:39 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 12.07.2022 19:28, Julien Grall wrote:
> On 11/07/2022 17:08, Rahul Singh wrote:
>>> On 22 Jun 2022, at 3:51 pm, Julien Grall <julien@xxxxxxx> wrote:
>>> On 22/06/2022 15:37, Rahul Singh wrote:
>>>> evtchn_alloc_unbound() always allocates the next available port. Static
>>>> event channel support for dom0less domains requires allocating a
>>>> specified port.
>>>> Modify the evtchn_alloc_unbound() to accept the port number as an
>>>> argument and allocate the specified port if available. If the port
>>>> number argument is zero, the next available port will be allocated.
>>>
>>> I haven't yet fully reviewed this series. But I would like to point out 
>>> that this opening a security hole (which I thought I had mention before) 
>>> that could be exploited by a guest at runtime.
>>>
>>> You would need [1] or similar in order to fix the issue. I am wrote 
>>> "similar" because the patch could potentially be a problem if you allow a 
>>> guest to use FIFO (you may need to allocate a lot of memory to fill the 
>>> hole).
>>>
>>> Cheers,
>>>
>>> [1] 
>>> https://xenbits.xen.org/gitweb/?p=people/julieng/xen-unstable.git;a=commit;h=2d89486fcf11216331e58a21b367b8a9be1af725
>>
>> Thanks for sharing the patch.  If you are okay I can use this patch in next 
>> version to fix the security hole.
> 
> I am fine with that.
> 
>>
>> For the FIFO issue, we can introduce the new config option to restrict the 
>> maximum number of static
>> port supported in Xen. We can check the user-defined static port when we 
>> parse the device tree and if
>> a user-defined static port is greater than the maximum allowed static port 
>> will return an error to the user.
>> In this way, we can avoid allocating a lot of memory to fill the hole.
>>
>> Let me know your view on this.
>>
>> config MAX_STATIC_PORT
>>      int "Maximum number of static ports”
>>      range 1 4095
>>      help
>>         Controls the build-time maximum number of static port supported
> 
> The problem is not exclusive to the static event channel. So I don't 
> think this is right to introduce MAX_STATIC_PORT to mitigate the issue 
> (even though this is the only user today).
> 
> A few of alternative solutions:
>    1) Handle preemption in alloc_evtchn_bucket()
>    2) Allocate all the buckets when the domain is created (the max 
> numbers event channel is known). We may need to think about preemption
>    3) Tweak is_port_valid() to check if the bucket is valid. This would 
> introduce a couple of extra memory access (might be OK as the bucket 
> would be accessed afterwards) and we would need to update some users.
> 
> At the moment, 3) is appealing me the most. I would be interested to 
> have an opionions from the other maintainers.

Fwiw of the named alternatives I would also prefer 3. Whether things
really need generalizing at this point I'm not sure, though.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.