Re: [PATCH net-next v2 2/9] xen-netback: Change TX path from grant copy to mapping

Mon, 16 Dec 2013 11:07:52 -0800 

On Mon, Dec 16, 2013 at 06:57:44PM +0000, Zoltan Kiss wrote:
> On 16/12/13 18:21, Wei Liu wrote:
> >On Mon, Dec 16, 2013 at 03:38:05PM +0000, Zoltan Kiss wrote:
> >[...]
> >>>>+ for (i = 0; i < MAX_PENDING_REQS; ++i) {
> >>>>+         if (vif->grant_tx_handle[i] != NETBACK_INVALID_HANDLE) {
> >>>>+                 i = 0;
> >>>>+                 unmap_timeout++;
> >>>>+                 msleep(1000);
> >>>>+                 if (unmap_timeout > 9 &&
> >>>>+                         net_ratelimit())
> >>>>+                         netdev_err(vif->dev,
> >>>>+                                 "Page still granted! Index: %x\n", i);
> >>>>+         }
> >>>>+ }
> >>>>+
> >>>>+ free_xenballooned_pages(MAX_PENDING_REQS, vif->mmap_pages);
> >>>>+
> >>>
> >>>If some pages are stuck and you just free them will it cause Dom0 to
> >>>crash? I mean, if those pages are recycled by other balloon page users.
> >>>
> >>>Even if it will not cause Dom0 to crash, will it leak any resource in
> >>>Dom0? At plain sight it looks like at least grant table entry is leaked,
> >>>isn't it? We need to be careful about this because a malicious might be
> >>>able to DoS Dom0 with resource leakage.
> >>Yes, if we call free_xenballooned_pages while something is still
> >>mapped, Xen kills Dom0 because balloon driver tries to touch the PTE
> >>of a grant mapped page. That's why we make sure before that
> >>everything is unmapped, and repeat an error message if it's not. I'm
> 
> There is an "i = 0" if we find a valid handle. So we start again

Oops, missed that.

> checking the whole array from the second element (incorrectly, it
> should be "i = -1"!), and we print an incorrect error message, but
> essentially we are not leaving the loop, unless the first element
> was the problematic. We can modify that to "i--" or "i = -1" if we
> want to recheck the whole array. It shouldn't happen at this point
> that we transmit new packets, starting from the beginning is just an
> extra safety check.
> Also, we should modify i after the printing of the error message.
> 

So I did help find a bug though. :-)

Wei.

> Zoli
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to