Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757644AbbFQRai (ORCPT ); Wed, 17 Jun 2015 13:30:38 -0400 Received: from mx1.redhat.com ([209.132.183.28]:34117 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752713AbbFQRaa (ORCPT ); Wed, 17 Jun 2015 13:30:30 -0400 Date: Wed, 17 Jun 2015 19:30:25 +0200 From: Igor Mammedov To: "Michael S. Tsirkin" Cc: Paolo Bonzini , linux-kernel@vger.kernel.org, kvm@vger.kernel.org Subject: Re: [PATCH 3/5] vhost: support upto 509 memory regions Message-ID: <20150617193025.21cf2cd6@igors-macbook-pro.local> In-Reply-To: <20150617182917-mutt-send-email-mst@redhat.com> References: <20150617123842-mutt-send-email-mst@redhat.com> <20150617134803.5a03d04e@nial.brq.redhat.com> <20150617134848-mutt-send-email-mst@redhat.com> <20150617142339.6e6deb12@nial.brq.redhat.com> <20150617151030-mutt-send-email-mst@redhat.com> <5581742C.9060100@redhat.com> <20150617163028-mutt-send-email-mst@redhat.com> <20150617171257.11fe405d@nial.brq.redhat.com> <20150617173736-mutt-send-email-mst@redhat.com> <20150617180921.7972345d@igors-macbook-pro.local> <20150617182917-mutt-send-email-mst@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2616 Lines: 61 On Wed, 17 Jun 2015 18:30:02 +0200 "Michael S. Tsirkin" wrote: > On Wed, Jun 17, 2015 at 06:09:21PM +0200, Igor Mammedov wrote: > > On Wed, 17 Jun 2015 17:38:40 +0200 > > "Michael S. Tsirkin" wrote: > > > > > On Wed, Jun 17, 2015 at 05:12:57PM +0200, Igor Mammedov wrote: > > > > On Wed, 17 Jun 2015 16:32:02 +0200 > > > > "Michael S. Tsirkin" wrote: > > > > > > > > > On Wed, Jun 17, 2015 at 03:20:44PM +0200, Paolo Bonzini wrote: > > > > > > > > > > > > > > > > > > On 17/06/2015 15:13, Michael S. Tsirkin wrote: > > > > > > > > > Considering userspace can be malicious, I guess yes. > > > > > > > > I don't think it's a valid concern in this case, > > > > > > > > setting limit back from 509 to 64 will not help here in > > > > > > > > any way, userspace still can create as many vhost > > > > > > > > instances as it needs to consume memory it desires. > > > > > > > > > > > > > > Not really since vhost char device isn't world-accessible. > > > > > > > It's typically opened by a priveledged tool, the fd is > > > > > > > then passed to an unpriveledged userspace, or permissions > > > > > > > dropped. > > > > > > > > > > > > Then what's the concern anyway? > > > > > > > > > > > > Paolo > > > > > > > > > > Each fd now ties up 16K of kernel memory. It didn't use to, > > > > > so priveledged tool could safely give the unpriveledged > > > > > userspace a ton of these fds. > > > > if privileged tool gives out unlimited amount of fds then it > > > > doesn't matter whether fd ties 4K or 16K, host still could be > > > > DoSed. > > > > > > > > > > Of course it does not give out unlimited fds, there's a way > > > for the sysadmin to specify the number of fds. Look at how libvirt > > > uses vhost, it should become clear I think. > > then it just means that tool has to take into account a new limits > > to partition host in sensible manner. > > Meanwhile old tools are vulnerable to OOM attacks. Let's leave old limit by default and allow override it via module parameter, that way tools old tools won't be affected and new tools could set limit the way they need. That will accommodate current slot hungry userspace and a new one with continuous HVA and won't regress old tools. > > > Exposing limit as module parameter might be of help to tool for > > getting/setting it in a way it needs. > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/