[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/8] xen/evtchn: modify evtchn_alloc_unbound to allocate specified port

  • To: Julien Grall <julien@xxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 13 Jul 2022 11:53:50 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RN0c0/+RBtS0QLG2v7icUhMBY9CevbS6Srs0SCzJnbY=; b=FOcwiHvvTMznyCD+ahM6OpvQNPkZtMYd4socpVrGH8QefdtgF5ikcRsxKed1n09VK7xecNcUJW8CmHeY3XwXtBY3KkFb44Ywc8eaMTtqgjVb1cB6TzjGje9y9IBP5PCU93NuShIFUsDjD3XiXdW7DYJXn8MMN/HPHy7/w5tPHPJiFbBc8vLTE6naP/vieO+sgkJI8JBPIpznmfdc9xwI8x8/AmAimTDejizKD9wXEtB4fW/4tVHbBEobA5TC/sFumqOd8M8oXhU3qkjtTiyRYyoritXwjpT7otLKfCvcK63kW1MtyQT7LrjRoI6QLefX6jV78Txcpmtou2sggt159w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hJII0yv0sDetlxthXsLaci3Fj9gmJTgPQnF5eeCF3nSLx+4Q6OfBljsoX5bmjLgt5iwMlsEnByZGv05adxezEa2GqiXbvA7rJE2jvFsxS7jgafhAKD6zvfyPbvI6zfc8JUq9ZQ3Ml7lJZ2NOWB+vbfhaM5Js8Wpd4AtQUGzX0JuQSTSYNUcgK86w7J91UjP4QrTfK02ukjYcifz/fEeyYGSadN9NOp740pxKlpsjgn/JWy/4GWi9JsxMW/Gp/9q7M/VQKhco7bpz8i5zEQeCXHe80rUNbzXcLTnEs2NICLBGyX9oWIwwwfGX9mEXbKWYrEGYF3T7wdxvMLwe15+fuQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Rahul Singh <Rahul.Singh@xxxxxxx>
  • Delivery-date: Wed, 13 Jul 2022 09:53:57 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 13.07.2022 11:35, Julien Grall wrote:
> Hi,
> 
> On 13/07/2022 07:21, Jan Beulich wrote:
>>>> For the FIFO issue, we can introduce the new config option to restrict the 
>>>> maximum number of static
>>>> port supported in Xen. We can check the user-defined static port when we 
>>>> parse the device tree and if
>>>> a user-defined static port is greater than the maximum allowed static port 
>>>> will return an error to the user.
>>>> In this way, we can avoid allocating a lot of memory to fill the hole.
>>>>
>>>> Let me know your view on this.
>>>>
>>>> config MAX_STATIC_PORT
>>>>       int "Maximum number of static ports”
>>>>       range 1 4095
>>>>       help
>>>>          Controls the build-time maximum number of static port supported
>>>
>>> The problem is not exclusive to the static event channel. So I don't
>>> think this is right to introduce MAX_STATIC_PORT to mitigate the issue
>>> (even though this is the only user today).
>>>
>>> A few of alternative solutions:
>>>     1) Handle preemption in alloc_evtchn_bucket()
>>>     2) Allocate all the buckets when the domain is created (the max
>>> numbers event channel is known). We may need to think about preemption
>>>     3) Tweak is_port_valid() to check if the bucket is valid. This would
>>> introduce a couple of extra memory access (might be OK as the bucket
>>> would be accessed afterwards) and we would need to update some users.
>>>
>>> At the moment, 3) is appealing me the most. I would be interested to
>>> have an opionions from the other maintainers.
>>
>> Fwiw of the named alternatives I would also prefer 3. Whether things
>> really need generalizing at this point I'm not sure, though.
> I am worry that we may end up to forget that we had non-generaic way 
> (e.g. MAX_STATIC_PORT) to prevent trigger the issue. So we could end up 
> to mistakenly introduce a security issue.
> 
> However, my point was less about generalization but more about 
> introducing CONFIG_MAX_STATIC_PORT.
> 
> It seems strange to let the admin to decide the maximum number of static 
> port supported.

Why (assuming s/admin/build admin/)? I view both a build time upper bound
as well as (alternatively) a command line driven upper bound as reasonable
(in the latter case there of course still would want/need to be an upper
bound on what is legitimate to specify from the command line). Using
static ports after all means there's a static largest port number.
Determined across all intended uses of a build such an upper bound can be
a feasible mechanism.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.