From: "Jürgen Groß" <jgross@suse.com>
To: Paul Durrant <pdurrant@amazon.com>,
linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Stefano Stabellini <sstabellini@kernel.org>
Subject: Re: [PATCH 3/4] xen/interface: don't discard pending work in FRONT/BACK_RING_ATTACH
Date: Mon, 9 Dec 2019 14:55:19 +0100 [thread overview]
Message-ID: <8a42e7a2-e1aa-69ff-32a4-f43cc5df10d9@suse.com> (raw)
In-Reply-To: <20191205140123.3817-4-pdurrant@amazon.com>
On 05.12.19 15:01, Paul Durrant wrote:
> Currently these macros will skip over any requests/responses that are
> added to the shared ring whilst it is detached. This, in general, is not
> a desirable semantic since most frontend implementations will eventually
> block waiting for a response which would either never appear or never be
> processed.
>
> NOTE: These macros are currently unused. BACK_RING_ATTACH(), however, will
> be used in a subsequent patch.
>
> Signed-off-by: Paul Durrant <pdurrant@amazon.com>
> ---
> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
> Cc: Juergen Gross <jgross@suse.com>
> Cc: Stefano Stabellini <sstabellini@kernel.org>
> ---
> include/xen/interface/io/ring.h | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/xen/interface/io/ring.h b/include/xen/interface/io/ring.h
> index 3f40501fc60b..405adfed87e6 100644
> --- a/include/xen/interface/io/ring.h
> +++ b/include/xen/interface/io/ring.h
> @@ -143,14 +143,14 @@ struct __name##_back_ring { \
> #define FRONT_RING_ATTACH(_r, _s, __size) do { \
> (_r)->sring = (_s); \
> (_r)->req_prod_pvt = (_s)->req_prod; \
> - (_r)->rsp_cons = (_s)->rsp_prod; \
> + (_r)->rsp_cons = (_s)->req_prod; \
> (_r)->nr_ents = __RING_SIZE(_s, __size); \
> } while (0)
>
> #define BACK_RING_ATTACH(_r, _s, __size) do { \
> (_r)->sring = (_s); \
> (_r)->rsp_prod_pvt = (_s)->rsp_prod; \
> - (_r)->req_cons = (_s)->req_prod; \
> + (_r)->req_cons = (_s)->rsp_prod; \
> (_r)->nr_ents = __RING_SIZE(_s, __size); \
> } while (0)
Lets look at all possible scenarios where BACK_RING_ATTACH()
might happen:
Initially (after [FRONT|BACK]_RING_INIT(), leaving _pvt away):
req_prod=0, rsp_cons=0, rsp_prod=0, req_cons=0
Using BACK_RING_ATTACH() is fine (no change)
Request queued:
req_prod=1, rsp_cons=0, rsp_prod=0, req_cons=0
Using BACK_RING_ATTACH() is fine (no change)
and taken by backend:
req_prod=1, rsp_cons=0, rsp_prod=0, req_cons=1
Using BACK_RING_ATTACH() is resetting req_cons to 0, will result
in redoing request (for blk this is fine, other devices like SCSI
tapes will have issues with that). One possible solution would be
to ensure all taken requests are either stopped or the response
is queued already.
Response queued:
req_prod=1, rsp_cons=0, rsp_prod=1, req_cons=1
Using BACK_RING_ATTACH() is fine (no change)
Response taken:
req_prod=1, rsp_cons=1, rsp_prod=1, req_cons=1
Using BACK_RING_ATTACH() is fine (no change)
In general I believe the [FRONT|BACK]_RING_ATTACH() macros are not
fine to be used in the current state, as the *_pvt fields normally not
accessible by the other end are initialized using the (possibly
untrusted) values from the shared ring. There needs at least to be a
test for the values to be sane, and your change should not result in the
same value to be read twice, as it could have changed in between.
As this is an error which can happen in other OS's, too, I'd recommend
to add the adapted macros (plus a comment regarding the possible
problem noted above for special devices like tapes) to the Xen variant
of ring.h.
Juergen
WARNING: multiple messages have this Message-ID (diff)
From: "Jürgen Groß" <jgross@suse.com>
To: Paul Durrant <pdurrant@amazon.com>,
linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Stefano Stabellini <sstabellini@kernel.org>
Subject: Re: [Xen-devel] [PATCH 3/4] xen/interface: don't discard pending work in FRONT/BACK_RING_ATTACH
Date: Mon, 9 Dec 2019 14:55:19 +0100 [thread overview]
Message-ID: <8a42e7a2-e1aa-69ff-32a4-f43cc5df10d9@suse.com> (raw)
In-Reply-To: <20191205140123.3817-4-pdurrant@amazon.com>
On 05.12.19 15:01, Paul Durrant wrote:
> Currently these macros will skip over any requests/responses that are
> added to the shared ring whilst it is detached. This, in general, is not
> a desirable semantic since most frontend implementations will eventually
> block waiting for a response which would either never appear or never be
> processed.
>
> NOTE: These macros are currently unused. BACK_RING_ATTACH(), however, will
> be used in a subsequent patch.
>
> Signed-off-by: Paul Durrant <pdurrant@amazon.com>
> ---
> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
> Cc: Juergen Gross <jgross@suse.com>
> Cc: Stefano Stabellini <sstabellini@kernel.org>
> ---
> include/xen/interface/io/ring.h | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/xen/interface/io/ring.h b/include/xen/interface/io/ring.h
> index 3f40501fc60b..405adfed87e6 100644
> --- a/include/xen/interface/io/ring.h
> +++ b/include/xen/interface/io/ring.h
> @@ -143,14 +143,14 @@ struct __name##_back_ring { \
> #define FRONT_RING_ATTACH(_r, _s, __size) do { \
> (_r)->sring = (_s); \
> (_r)->req_prod_pvt = (_s)->req_prod; \
> - (_r)->rsp_cons = (_s)->rsp_prod; \
> + (_r)->rsp_cons = (_s)->req_prod; \
> (_r)->nr_ents = __RING_SIZE(_s, __size); \
> } while (0)
>
> #define BACK_RING_ATTACH(_r, _s, __size) do { \
> (_r)->sring = (_s); \
> (_r)->rsp_prod_pvt = (_s)->rsp_prod; \
> - (_r)->req_cons = (_s)->req_prod; \
> + (_r)->req_cons = (_s)->rsp_prod; \
> (_r)->nr_ents = __RING_SIZE(_s, __size); \
> } while (0)
Lets look at all possible scenarios where BACK_RING_ATTACH()
might happen:
Initially (after [FRONT|BACK]_RING_INIT(), leaving _pvt away):
req_prod=0, rsp_cons=0, rsp_prod=0, req_cons=0
Using BACK_RING_ATTACH() is fine (no change)
Request queued:
req_prod=1, rsp_cons=0, rsp_prod=0, req_cons=0
Using BACK_RING_ATTACH() is fine (no change)
and taken by backend:
req_prod=1, rsp_cons=0, rsp_prod=0, req_cons=1
Using BACK_RING_ATTACH() is resetting req_cons to 0, will result
in redoing request (for blk this is fine, other devices like SCSI
tapes will have issues with that). One possible solution would be
to ensure all taken requests are either stopped or the response
is queued already.
Response queued:
req_prod=1, rsp_cons=0, rsp_prod=1, req_cons=1
Using BACK_RING_ATTACH() is fine (no change)
Response taken:
req_prod=1, rsp_cons=1, rsp_prod=1, req_cons=1
Using BACK_RING_ATTACH() is fine (no change)
In general I believe the [FRONT|BACK]_RING_ATTACH() macros are not
fine to be used in the current state, as the *_pvt fields normally not
accessible by the other end are initialized using the (possibly
untrusted) values from the shared ring. There needs at least to be a
test for the values to be sane, and your change should not result in the
same value to be read twice, as it could have changed in between.
As this is an error which can happen in other OS's, too, I'd recommend
to add the adapted macros (plus a comment regarding the possible
problem noted above for special devices like tapes) to the Xen variant
of ring.h.
Juergen
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2019-12-09 13:55 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-05 14:01 [PATCH 0/4] xen-blkback: support live update Paul Durrant
2019-12-05 14:01 ` [Xen-devel] " Paul Durrant
2019-12-05 14:01 ` [PATCH 1/4] xenbus: move xenbus_dev_shutdown() into frontend code Paul Durrant
2019-12-05 14:01 ` [Xen-devel] " Paul Durrant
2019-12-09 11:33 ` Jürgen Groß
2019-12-09 11:33 ` [Xen-devel] " Jürgen Groß
2019-12-09 11:55 ` Durrant, Paul
2019-12-09 11:55 ` [Xen-devel] " Durrant, Paul
2019-12-09 11:57 ` Jürgen Groß
2019-12-09 11:57 ` [Xen-devel] " Jürgen Groß
2019-12-05 14:01 ` [PATCH 2/4] xenbus: limit when state is forced to closed Paul Durrant
2019-12-05 14:01 ` [Xen-devel] " Paul Durrant
2019-12-09 11:39 ` Roger Pau Monné
2019-12-09 11:39 ` Roger Pau Monné
2019-12-09 11:55 ` Jürgen Groß
2019-12-09 11:55 ` Jürgen Groß
2019-12-09 12:03 ` Durrant, Paul
2019-12-09 12:03 ` Durrant, Paul
2019-12-09 12:08 ` Jürgen Groß
2019-12-09 12:08 ` Jürgen Groß
2019-12-09 12:19 ` Durrant, Paul
2019-12-09 12:19 ` Durrant, Paul
2019-12-09 13:38 ` Jürgen Groß
2019-12-09 13:38 ` Jürgen Groß
2019-12-09 14:06 ` Durrant, Paul
2019-12-09 14:06 ` Durrant, Paul
2019-12-09 14:09 ` Jürgen Groß
2019-12-09 14:09 ` Jürgen Groß
2019-12-09 14:23 ` Durrant, Paul
2019-12-09 14:23 ` Durrant, Paul
2019-12-09 14:41 ` Jürgen Groß
2019-12-09 14:41 ` Jürgen Groß
2019-12-09 14:43 ` Durrant, Paul
2019-12-09 14:43 ` Durrant, Paul
2019-12-09 12:01 ` Durrant, Paul
2019-12-09 12:01 ` Durrant, Paul
2019-12-09 12:25 ` Roger Pau Monné
2019-12-09 12:25 ` Roger Pau Monné
2019-12-09 12:40 ` Durrant, Paul
2019-12-09 12:40 ` Durrant, Paul
2019-12-09 14:28 ` Roger Pau Monné
2019-12-09 14:28 ` Roger Pau Monné
2019-12-09 14:41 ` Durrant, Paul
2019-12-09 14:41 ` Durrant, Paul
2019-12-09 15:13 ` Roger Pau Monné
2019-12-09 15:13 ` Roger Pau Monné
2019-12-09 16:26 ` Durrant, Paul
2019-12-09 16:26 ` Durrant, Paul
2019-12-09 17:17 ` Roger Pau Monné
2019-12-09 17:17 ` Roger Pau Monné
2019-12-09 17:23 ` Durrant, Paul
2019-12-09 17:23 ` Durrant, Paul
2019-12-05 14:01 ` [PATCH 3/4] xen/interface: don't discard pending work in FRONT/BACK_RING_ATTACH Paul Durrant
2019-12-05 14:01 ` [Xen-devel] " Paul Durrant
2019-12-09 11:41 ` Roger Pau Monné
2019-12-09 11:41 ` Roger Pau Monné
2019-12-09 11:52 ` Jürgen Groß
2019-12-09 11:52 ` Jürgen Groß
2019-12-09 12:50 ` Durrant, Paul
2019-12-09 12:50 ` Durrant, Paul
2019-12-09 13:55 ` Jürgen Groß [this message]
2019-12-09 13:55 ` Jürgen Groß
2019-12-09 16:38 ` Durrant, Paul
2019-12-09 16:38 ` [Xen-devel] " Durrant, Paul
2019-12-10 11:42 ` Jürgen Groß
2019-12-10 11:42 ` [Xen-devel] " Jürgen Groß
2019-12-05 14:01 ` [PATCH 4/4] xen-blkback: support dynamic unbind/bind Paul Durrant
2019-12-05 14:01 ` [Xen-devel] " Paul Durrant
2019-12-09 12:17 ` Roger Pau Monné
2019-12-09 12:17 ` [Xen-devel] " Roger Pau Monné
2019-12-09 12:24 ` Durrant, Paul
2019-12-09 12:24 ` [Xen-devel] " Durrant, Paul
2019-12-09 13:57 ` Jürgen Groß
2019-12-09 13:57 ` [Xen-devel] " Jürgen Groß
2019-12-09 14:01 ` Durrant, Paul
2019-12-09 14:01 ` [Xen-devel] " Durrant, Paul
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8a42e7a2-e1aa-69ff-32a4-f43cc5df10d9@suse.com \
--to=jgross@suse.com \
--cc=boris.ostrovsky@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pdurrant@amazon.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.