[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/8] xen/evtchn: modify evtchn_alloc_unbound to allocate specified port

  • To: Julien Grall <julien@xxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 13 Jul 2022 12:56:05 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iBv92jFERIyUUuSdPy5W7MkGC5RJaQFYPDo0M5aO2w8=; b=DnUght/esJmYfwVoCrYVa2UmuhhakGB5ycB4cAgBicf+amKh6VFsfryHt0Fs2NrSEMuzZ8KM9ibgE64OXO/pQ4/rRnO2ba+eIeWN3c9/RSyZYWXSatrsX873qtut3/ijnXO3wATzdGK6Odz6G4dtprexIIjXAS/sCQA1u2LA6VEL3GVm449DQL2sO2twEE4APwI9030bNCAdOt2n1jKGyd1hJTJF0DUlavKYVNdtj+8HWiAsc5UnJM41hxc566Gv3WQJ/GxnYocRFsehLw/hsh5OVpRxVkR22mNJ38bTyOG47Z90mrcGIfjnH1Is6mt/gSTORR7zg6vcuUKvctxIdA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jDe7ckSL8yoquC85WXXYFVxnaJ/OkaNFkCz4HssQu/vbA8b4mkgSxJ+mYjL69Mu8/ZvDY+/QsKAXOU1mGIzZ6PIJU7uK+8d+ZeKZylJQPwr66/YO1ejbbWnIgQDz2u0RlG8XmpigFEO7SF3aYPES48tS9h7LxCJZK5JaXKvTVh8tHWMZS+Lp+DcgjDc6/09tZAEnZAq8svCmy/7a5EBlQk2+SEhL3D5XS1siGRIw6w5QFPJYPQDRuHVfcv68wHGTFfqomBqEvbDNblMZOFt0qJYzqsSPLXsgGl6pXl2AEOZDH1sx2c+/5V4MQA3NvI5X3EeBYQ5LIBdKhun6f7/Xrg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Rahul Singh <Rahul.Singh@xxxxxxx>
  • Delivery-date: Wed, 13 Jul 2022 10:56:16 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 13.07.2022 12:18, Julien Grall wrote:
> On 13/07/2022 10:53, Jan Beulich wrote:
>> On 13.07.2022 11:35, Julien Grall wrote:
>>> On 13/07/2022 07:21, Jan Beulich wrote:
>>>>>> For the FIFO issue, we can introduce the new config option to restrict 
>>>>>> the maximum number of static
>>>>>> port supported in Xen. We can check the user-defined static port when we 
>>>>>> parse the device tree and if
>>>>>> a user-defined static port is greater than the maximum allowed static 
>>>>>> port will return an error to the user.
>>>>>> In this way, we can avoid allocating a lot of memory to fill the hole.
>>>>>>
>>>>>> Let me know your view on this.
>>>>>>
>>>>>> config MAX_STATIC_PORT
>>>>>>        int "Maximum number of static ports”
>>>>>>        range 1 4095
>>>>>>        help
>>>>>>           Controls the build-time maximum number of static port supported
>>>>>
>>>>> The problem is not exclusive to the static event channel. So I don't
>>>>> think this is right to introduce MAX_STATIC_PORT to mitigate the issue
>>>>> (even though this is the only user today).
>>>>>
>>>>> A few of alternative solutions:
>>>>>      1) Handle preemption in alloc_evtchn_bucket()
>>>>>      2) Allocate all the buckets when the domain is created (the max
>>>>> numbers event channel is known). We may need to think about preemption
>>>>>      3) Tweak is_port_valid() to check if the bucket is valid. This would
>>>>> introduce a couple of extra memory access (might be OK as the bucket
>>>>> would be accessed afterwards) and we would need to update some users.
>>>>>
>>>>> At the moment, 3) is appealing me the most. I would be interested to
>>>>> have an opionions from the other maintainers.
>>>>
>>>> Fwiw of the named alternatives I would also prefer 3. Whether things
>>>> really need generalizing at this point I'm not sure, though.
>>> I am worry that we may end up to forget that we had non-generaic way
>>> (e.g. MAX_STATIC_PORT) to prevent trigger the issue. So we could end up
>>> to mistakenly introduce a security issue.
>>>
>>> However, my point was less about generalization but more about
>>> introducing CONFIG_MAX_STATIC_PORT.
>>>
>>> It seems strange to let the admin to decide the maximum number of static
>>> port supported.
>>
>> Why (assuming s/admin/build admin/)? I view both a build time upper bound
>> as well as (alternatively) a command line driven upper bound as reasonable
>> (in the latter case there of course still would want/need to be an upper
>> bound on what is legitimate to specify from the command line). Using
>> static ports after all means there's a static largest port number.
>> Determined across all intended uses of a build such an upper bound can be
>> a feasible mechanism.
> 
> AFAICT, the limit is only here to mitigate the risk with the patch I 
> proposed. With a proper fix, the limit would be articial and therefore 
> it is not clear why the admin should be able to configure it (even 
> temporarily).

The limit would be as artificial as other limits we enforce. I can't
see why it would be wrong to have a more tight limit on static ports
than on traditional ("dynamic") ones. Even if only to make sure so
many dynamic ones are left. That said, ...

> Instead, I think we want to have a limit that apply for both statically 
> and dynamically allocated even channel. This is what d->max_evtchn_port 
> is for.

... I also have no issue with following your way of thinking. I view
both perspectives as valid ones to take.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.