linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Jan Beulich <jbeulich@suse.com>, Juergen Gross <jgross@suse.com>
Cc: <xen-devel@lists.xenproject.org>, <boris.ostrovsky@oracle.com>,
	<sstabellini@kernel.org>, <linux-kernel@vger.kernel.org>,
	<stable@vger.kernel.org>
Subject: Re: [Xen-devel] [PATCH] xen: remove size limit of privcmd-buf mapping interface
Date: Thu, 1 Nov 2018 14:23:47 +0000	[thread overview]
Message-ID: <f1eafe1f-71ab-9875-af3f-bf0217bbcb35@citrix.com> (raw)
In-Reply-To: <5BDB0B240200007800142507@prv1-mh.provo.novell.com>

On 01/11/18 14:18, Jan Beulich wrote:
>>>> Juergen Gross <jgross@suse.com> 11/01/18 1:34 PM >>>
>> Currently the size of hypercall buffers allocated via
>> /dev/xen/hypercall is limited to a default of 64 memory pages. For live
>> migration of guests this might be too small as the page dirty bitmask
>> needs to be sized according to the size of the guest. This means
>> migrating a 8GB sized guest is already exhausting the default buffer
>> size for the dirty bitmap.
>>
>> There is no sensible way to set a sane limit, so just remove it
>> completely. The device node's usage is limited to root anyway, so there
>> is no additional DOS scenario added by allowing unlimited buffers.
> But is this setting of permissions what we want long term? What about a
> de-privileged qemu, which still needs to be able to issue at least dm-op
> hypercalls?

dm-op very deliberately doesn't have hypercall bounce buffers like this.

The kernel is responsible for ensuring that the buffer list passed in
the ioctl is safe memory, whether this is bouncing the buffers itself,
or simply ensuring that the underlying userspace memory won't disappear
across the hypercall.

~Andrew

  parent reply	other threads:[~2018-11-01 14:27 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-01 12:33 Juergen Gross
2018-11-01 14:18 ` [Xen-devel] " Jan Beulich
2018-11-01 14:23   ` Juergen Gross
2018-11-01 15:50     ` Jan Beulich
     [not found]     ` <5BDB20AB020000780014251B@suse.com>
2018-11-01 16:27       ` Juergen Gross
2018-11-02  7:26         ` Jan Beulich
2018-11-01 14:23   ` Andrew Cooper [this message]
2018-11-09  7:03 ` Juergen Gross
2018-11-09 14:23   ` Boris Ostrovsky
2018-11-02  9:53 [Xen-devel] " Juergen Gross

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f1eafe1f-71ab-9875-af3f-bf0217bbcb35@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=boris.ostrovsky@oracle.com \
    --cc=jbeulich@suse.com \
    --cc=jgross@suse.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sstabellini@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=xen-devel@lists.xenproject.org \
    --subject='Re: [Xen-devel] [PATCH] xen: remove size limit of privcmd-buf mapping interface' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).