[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 1/3] xen/blkfront: read response from backend only once

  • To: Julien Grall <julien@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "linux-block@xxxxxxxxxxxxxxx" <linux-block@xxxxxxxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>
  • From: Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>
  • Date: Tue, 3 Aug 2021 07:00:50 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vktSTjSfHzp8jVpY2cqL8gHhom1nvCJYQhzHgeCEtU4=; b=WtDFZucKLQMRu6CKCm/ZAWPfYC0YAAt1IoMM2Bz3QMJaP7fl8Xx9CszIabt8vL0qIH7URllwUNpG78GPN7Rz3VbhADQrNRi4aDoR1UbIGxAOZ06DwPNegjQRd97/qb2hUqpLP7DEvHFJbOH3o+0UWGY1vnzkuQixCoMXqBfd+3jT7jqdcfvIo2L/MDP1l7AaccbBx9nQ+AMb8myE7zFWW6sM16+II91Z3YlVTjJ6QjdGyphnnCT0H/Mcnv4YiNjFgUDI8WeMzshJ00MwB6WL9E1AB7+12WxnraQ38v+FqkjmFRWrUaZJxlwRaOosfYWAEMz/6efKArvsX7FNEo17EQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DhkHwAhqhgTR7pV+2V/vbaDjumSk27JhuFdxhl1hz9SU4AGgTbcvFgZfvvCF/xt1E7n217oKhYfO/pxJLC6+gtVJeJO9+xfj0GMy+FEKn+ZqsTr2nCO+4jJDvAn9RJmIF4HRnZ7kyvk5nW/UhLjfGaV7OVux+K8mS8tpBkTcNFlTHGtbRdb+LvPiAS7yOB82zbZ9cBSNlcxVxIKxESllxg/5xg0sp4OJwReL234HsJCoXyGxGTjOSvzco0x4kuz1sOMkJJM/HuiNIzlJ7nB+A9pFc5z95VDgSLvE3tyymFO3xp3jRVc+nvaXqrQGf4WLQi0rnSqo6jaY0mZFP4RTOQ==
  • Authentication-results: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=epam.com;
  • Cc: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jens Axboe <axboe@xxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
  • Delivery-date: Tue, 03 Aug 2021 07:01:01 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHXh6eJ91LWa/O//ESEGVadZuHLeatgmVWAgADB8IA=
  • Thread-topic: [PATCH v3 1/3] xen/blkfront: read response from backend only once
On 02.08.21 22:26, Julien Grall wrote:
> Hi,
>
> On 02/08/2021 15:06, Oleksandr Andrushchenko wrote:
>> On 30.07.21 13:38, Juergen Gross wrote:
>>> In order to avoid problems in case the backend is modifying a response
>>> on the ring page while the frontend has already seen it, just read the
>>> response into a local buffer in one go and then operate on that buffer
>>> only.
>>>
>>> Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
>>> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
>>> Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
>>> ---
>>>    drivers/block/xen-blkfront.c | 35 ++++++++++++++++++-----------------
>>>    1 file changed, 18 insertions(+), 17 deletions(-)
>>>
>>> diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c
>>> index d83fee21f6c5..15e840287734 100644
>>> --- a/drivers/block/xen-blkfront.c
>>> +++ b/drivers/block/xen-blkfront.c
>>> @@ -1496,7 +1496,7 @@ static bool blkif_completion(unsigned long *id,
>>>    static irqreturn_t blkif_interrupt(int irq, void *dev_id)
>>>    {
>>>        struct request *req;
>>> -    struct blkif_response *bret;
>>> +    struct blkif_response bret;
>>>        RING_IDX i, rp;
>>>        unsigned long flags;
>>>        struct blkfront_ring_info *rinfo = (struct blkfront_ring_info 
>>> *)dev_id;
>>> @@ -1513,8 +1513,9 @@ static irqreturn_t blkif_interrupt(int irq, void 
>>> *dev_id)
>>>        for (i = rinfo->ring.rsp_cons; i != rp; i++) {
>>>            unsigned long id;
>>>    -        bret = RING_GET_RESPONSE(&rinfo->ring, i);
>>> -        id   = bret->id;
>>> +        RING_COPY_RESPONSE(&rinfo->ring, i, &bret);
>>
>> As per my understanding copying is still not an atomic operation as the 
>> request/response
>>
>> are multi-byte structures in general. IOW, what prevents the backend from 
>> modifying the ring while
>>
>> we are copying?
>
> Nothing and, I believe, you are never going to be able to ensure atomicity 
> with large structure (at least between entity that doesn't trust each other).
>
> However, what you can do is copying the response once, check that it is 
> consistent and then use it. If it is not consistent, then you can report an 
> error.
>
> This is better than what's currently in tree. IOW we may have multiple read 
> so the code is prone to TOCTOU.

Agree,

Thanks

>
> Cheers,
>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.