From: David Vrabel <dvrabel@cantab.net>
To: Stefano Stabellini <stefano@aporeto.com>
Cc: xen-devel@lists.xenproject.org, wei.liu2@citrix.com
Subject: Re: [DOC v1] Xen transport for 9pfs
Date: Fri, 2 Dec 2016 10:45:08 +0000 [thread overview]
Message-ID: <78f14c52-70dd-500f-8484-8bf577f6b8f6@cantab.net> (raw)
In-Reply-To: <alpine.DEB.2.10.1612011548231.2781@sstabellini-ThinkPad-X260>
On 02/12/16 00:29, Stefano Stabellini wrote:
> On Wed, 30 Nov 2016, David Vrabel wrote:
>> On 29/11/16 23:34, Stefano Stabellini wrote:
>>>
>>> The producer (the backend for **in**, the frontend for **out**) writes to the
>>> array in the following way:
>>>
>> - read memory barrier
>>> - read *cons*, *prod* from shared memory
>>> - write to array at position *prod* up to *cons*, wrapping around the circular
>>> buffer when necessary
>> - write memory barrier
>>> - increase *prod*
>>> - notify the other end via evtchn
>>>
>>> The consumer (the backend for **out**, the frontend for **in**) reads from the
>>> array in the following way:
>>
>> - read memory barrier
>>> - read *prod*, *cons* from shared memory
>>> - read from array at position *cons* up to *prod*, wrapping around the circular
>>> buffer when necessary
>>> - memory barrier
>>> - increase *cons*
>>> - notify the other end via evtchn
>>
>> Your barriers are wrong (see corrections above).
>
> Thanks for the review. Sorry for not specifying the type of memory
> barriers. I agree with some of your suggestions, but I don't understand
> why you moved the read memory barrier before reading prod and cons.
>
> Shouldn't it be for a producer:
> - read *cons*, *prod* from shared memory
> - read memory barrier
Barriers must be paired to enforce the required ordering. So where you
have a barrier before writing cons, you need another barrier before
reading cons on the other side.
This barrier here does nothing because the following access is a write
and there's a data dependency here anyway.
Without a barrier P before reading cons it can see the value after C as
written cons but before C has actually read the requests.
The Linux barrier documentation explains this better than I can.
>> I think you should use a private copy of cons/prod in the
>> consumer/producer and use this to validate that the shared prod/cons is
>> within a sensible range.
>
> With the masking macro provided (MASK_XEN_9PFS_IDX), indices cannot go
> out of range:
>
> #define MASK_XEN_9PFS_IDX(idx) ((idx) & (XEN_9PFS_RING_SIZE - 1))
For example, the producer writes cons = 0 and prod = 100000000 so
although you will not index off the array, the consumer will end up
processing 1000s of bogus entries.
There have been XSAs where backends did not validate prod in this way.
David
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-12-02 10:45 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-29 23:34 [DOC v1] Xen transport for 9pfs Stefano Stabellini
2016-11-30 10:59 ` David Vrabel
2016-12-02 0:29 ` Stefano Stabellini
2016-12-02 10:45 ` David Vrabel [this message]
2016-12-02 21:45 ` Stefano Stabellini
2016-12-02 10:57 ` Andrew Cooper
2016-12-01 10:56 ` Dario Faggioli
2016-12-01 23:14 ` Stefano Stabellini
2016-12-02 8:54 ` Dario Faggioli
2016-12-02 22:01 ` Stefano Stabellini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=78f14c52-70dd-500f-8484-8bf577f6b8f6@cantab.net \
--to=dvrabel@cantab.net \
--cc=stefano@aporeto.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.