[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/8] xen/evtchn: modify evtchn_alloc_unbound to allocate specified port


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Wed, 13 Jul 2022 10:03:40 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jaEAm9/BhIplZC6gvwJvKqYRRevFbyQ55OSYFu6Ak8E=; b=f8oawi4WPStXvlpKFecpFyo1Bsv2Wu/d8y4LmElO0eEjKXQaqXEzySmgOAUWMqohKzlOegeTqLwhUizymDSa51eBqM+HPPwVwqGHGKQ36pO5z8O5GUAGWJG9nu6poFQrRCv4FvjdloYX0uMq4SDHlGhd1JFNl8iZmSNdkk19OUKBetgNHkIDELyOy6YM+eHWLzNfgBV99+ytESbXE7b74IJzMrbEzrMt0KlJRbazB2WeZMLRbSQTJWp0e+fH7OnhBo27z7hnNUDY1r9/oKHXd9p3iDlVGco2n7kqYYdWHm2sjWZkGiRBmllEyqo1rpjoZqTxf23W2khVGoxYkb+3OQ==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jaEAm9/BhIplZC6gvwJvKqYRRevFbyQ55OSYFu6Ak8E=; b=IxnU60SJ3EBSAd44e9QgpItTbOLyBHIXNlZ0i+uw6Mx06RfqIVzoBkTSW4uJO83TXihqaX2GL/4kOLjhdKnMlJaj6EoioMhqulzs9TYGihZD/P+K6HmoEMYz9sDnBxfixQyzeKPSShljeB4KBHHI8FI6VFxVJ/I85+CfyuhKdZLsgdgiV2DsJYk+hmt/qBQeqK5AKdLlLpnXoveMRJLhbkPQRJF+dlkmCHuIZo7PITvIOIyqTW5vfXIvAT230Z0H4uQ+T6fWjNNsAQII2NYiem21dTpB70aWhXOAnjMB0C5zNuQjQuzlrWaaiQNqa2qfxqTJE2N33Ioc7xSdun4PRQ==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=Jp7WffnW8spNSMOb0+r58s1lC+f7qIUyHx6lO1EqsTr5aFjqJFzprrwSKitMyce2mrFjDEPw1jDg0zuRnA9cJnR4hRMoPorz7L4hmw8bNXRse4uPw5w7lXUYPTdBQvt4Qc6+BGZXwcsfzey7K6NTNVWg+N0qSxyFmag/QgYJ7q/ZvvYV27EfbrKi3+Jx7jnkUJvNJ+V/ErzRtgjZ6csHIWPHOH3+NGETRFdrJAH0NWSU9hCJRtEViWH92cSOXulMJGc6JOOl1R4o8mbI4E+7st6QXmO20y4HSt6m2wP0geGARGRXAIXNfHOTTb8LxH9RQNVUaFTEy6v2h/e8VBtUZA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ix767EcqMKZy3Zy1qUS8z1YXcb/YYgdX5U0g4g16ZtSco1lMBb0VXuVaEr4Kb30c840fHlyOJPtHZJF5Qz2hCwnIO5bXbvL7fFNTIq/s5I4DPGSjyFnbesA9LfX9BEPZFf7Bzy7BsQKIBobQ+MzfmV9l3iBLN3QCGEcmxAYx9HK0i0A4w61ZD+KKQJ0awp1Lms606L0JzZGLCSgZCTEyrtSv4ThTJppe/TpvhnuPr6vHmOk29CkkrYdcu0Wcwvn5MM0+cq1TzZFgCUoFNv0+xuANo3aAf96inZk5/HwAs/I5nJr1E9pKaqdxMPxAf77z2SZL6zIo8liwijKMEADSrw==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Julien Grall <julien@xxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Rahul Singh <Rahul.Singh@xxxxxxx>
  • Delivery-date: Wed, 13 Jul 2022 10:03:59 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHYhkXakuWoh6IHqUaokStUp728i61bgqiAgB3xuACAAai8gIAA1/CAgAA2U4CAAAT8AIAAAr+A
  • Thread-topic: [PATCH 2/8] xen/evtchn: modify evtchn_alloc_unbound to allocate specified port


> On 13 Jul 2022, at 10:53, Jan Beulich <jbeulich@xxxxxxxx> wrote:
> 
> On 13.07.2022 11:35, Julien Grall wrote:
>> Hi,
>> 
>> On 13/07/2022 07:21, Jan Beulich wrote:
>>>>> For the FIFO issue, we can introduce the new config option to restrict 
>>>>> the maximum number of static
>>>>> port supported in Xen. We can check the user-defined static port when we 
>>>>> parse the device tree and if
>>>>> a user-defined static port is greater than the maximum allowed static 
>>>>> port will return an error to the user.
>>>>> In this way, we can avoid allocating a lot of memory to fill the hole.
>>>>> 
>>>>> Let me know your view on this.
>>>>> 
>>>>> config MAX_STATIC_PORT
>>>>> int "Maximum number of static ports”
>>>>> range 1 4095
>>>>> help
>>>>> Controls the build-time maximum number of static port supported
>>>> 
>>>> The problem is not exclusive to the static event channel. So I don't
>>>> think this is right to introduce MAX_STATIC_PORT to mitigate the issue
>>>> (even though this is the only user today).
>>>> 
>>>> A few of alternative solutions:
>>>> 1) Handle preemption in alloc_evtchn_bucket()
>>>> 2) Allocate all the buckets when the domain is created (the max
>>>> numbers event channel is known). We may need to think about preemption
>>>> 3) Tweak is_port_valid() to check if the bucket is valid. This would
>>>> introduce a couple of extra memory access (might be OK as the bucket
>>>> would be accessed afterwards) and we would need to update some users.
>>>> 
>>>> At the moment, 3) is appealing me the most. I would be interested to
>>>> have an opionions from the other maintainers.
>>> 
>>> Fwiw of the named alternatives I would also prefer 3. Whether things
>>> really need generalizing at this point I'm not sure, though.
>> I am worry that we may end up to forget that we had non-generaic way 
>> (e.g. MAX_STATIC_PORT) to prevent trigger the issue. So we could end up 
>> to mistakenly introduce a security issue.
>> 
>> However, my point was less about generalization but more about 
>> introducing CONFIG_MAX_STATIC_PORT.
>> 
>> It seems strange to let the admin to decide the maximum number of static 
>> port supported.
> 
> Why (assuming s/admin/build admin/)? I view both a build time upper bound
> as well as (alternatively) a command line driven upper bound as reasonable
> (in the latter case there of course still would want/need to be an upper
> bound on what is legitimate to specify from the command line). Using
> static ports after all means there's a static largest port number.
> Determined across all intended uses of a build such an upper bound can be
> a feasible mechanism.

I agree with this. Right now all static port must be defined on boot so this is 
fully
ok to have a maximum compilation value or something that can be customised
on command line.
In this case the admin must be fully aware of what he does from the start.

Also whatever value we define as default will probably be far bigger than any
real use case I think.

Bertrand

> 
> Jan


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.