Received: by 10.223.176.5 with SMTP id f5csp332012wra;
        Thu, 8 Feb 2018 23:06:14 -0800 (PST)
X-Google-Smtp-Source: AH8x226A9dCnF9VZNEdG3RF/8jmM52zcZBPOsaXQjrJE7qgYA1XDenos2uX/30PUKsTcHgNs1PtL
X-Received: by 2002:a17:902:6809:: with SMTP id h9-v6mr1654977plk.46.1518159974734;
        Thu, 08 Feb 2018 23:06:14 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518159974; cv=none;
        d=google.com; s=arc-20160816;
        b=RNJplMjRB9HyOeGdvTApSepg7Ypeo02GMbo07d1nFDU6KEZRcKgkxAjl0w+c3eodFT
         aal8ek12+7VMpXSMrFiqsbMFe7AevE36EwV7YI5cwGwxo0QNAfkHVYx8K4aRBHV8obWK
         vpEQubNKSSYBeZVtg5bNN838gSX0Rd+2C6PttkYS1Qk0EaGbvU44pMbmJ3ZaM/8vsWYO
         mdE+9XtyQvdeC27KQ0YQc7BBuwYxF1+3t8AGQX7zEfUhVqmBFXRwbWaEGtvW3tE0Us2x
         GGSk13juj/0g8ht0yHxIGMf4je7Hes3NHP3EX1KO0lcF8Z+Qqjb9LTh4kRJJ8bCo3iDU
         6Ecw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=dbkwYkd9oPkauGzDqKlB3UULWQ0Oz+KriotqA+N3GJQ=;
        b=I7cuu0DoNko1eIspL2LIFWLBJSid62ruFpZPlEoGACyuP44dQ92V7aRUAGLe3NRqvo
         Bb8I2VLD/njlX/qlr6fDOzVBq6C4WSNvoFmEApfK9cmPeoldmtbPXv9h05MJKOihIi9b
         hWdfGELK6Ay60q7n0U3vS1KHL15ETfkBNkTKzTCKuQq6syalo8LB0VF/6oo8bhLGRi9+
         X9fpWReGDw8j2RrAyqE8zu9VEyZnDCFM+JUpEiP7lkchiQcR8+1lhih34/vDbsLMXvAS
         sZH7afIK5SL9HWCCVng9wLo6GhuWnenIDCVfvXtqhKXXs6sY81enjc1i5MlIzBMOZPXg
         WnQA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n1-v6si1178521pll.334.2018.02.08.23.06.00;
        Thu, 08 Feb 2018 23:06:14 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751077AbeBIHFV (ORCPT <rfc822;huangleihappily@gmail.com>
        + 99 others); Fri, 9 Feb 2018 02:05:21 -0500
Received: from mx3-rdu2.redhat.com ([66.187.233.73]:37432 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1750828AbeBIHFU (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 9 Feb 2018 02:05:20 -0500
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 98D014040093;
        Fri,  9 Feb 2018 07:05:19 +0000 (UTC)
Received: from xz-mi (dhcp-14-120.nay.redhat.com [10.66.14.120])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id 70ADE2026DFD;
        Fri,  9 Feb 2018 07:05:13 +0000 (UTC)
Date:   Fri, 9 Feb 2018 15:05:11 +0800
From:   Peter Xu <peterx@redhat.com>
To:     Alex Williamson <alex.williamson@redhat.com>
Cc:     kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
        qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [RFC PATCH] vfio/pci: Add ioeventfd support
Message-ID: <20180209070511.GD2783@xz-mi>
References: <20180207000731.32764.95992.stgit@gimli.home>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20180207000731.32764.95992.stgit@gimli.home>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Fri, 09 Feb 2018 07:05:19 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Fri, 09 Feb 2018 07:05:19 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'peterx@redhat.com' RCPT:''
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Feb 06, 2018 at 05:08:14PM -0700, Alex Williamson wrote:

[...]

> +long vfio_pci_ioeventfd(struct vfio_pci_device *vdev, loff_t offset,
> +			uint64_t data, int count, int fd)
> +{
> +	struct pci_dev *pdev = vdev->pdev;
> +	loff_t pos = offset & VFIO_PCI_OFFSET_MASK;
> +	int ret, bar = VFIO_PCI_OFFSET_TO_INDEX(offset);
> +	struct vfio_pci_ioeventfd *ioeventfd;
> +	int (*handler)(void *, void *);
> +	unsigned long val;
> +
> +	/* Only support ioeventfds into BARs */
> +	if (bar > VFIO_PCI_BAR5_REGION_INDEX)
> +		return -EINVAL;
> +
> +	if (pos + count > pci_resource_len(pdev, bar))
> +		return -EINVAL;
> +
> +	/* Disallow ioeventfds working around MSI-X table writes */
> +	if (bar == vdev->msix_bar &&
> +	    !(pos + count <= vdev->msix_offset ||
> +	      pos >= vdev->msix_offset + vdev->msix_size))
> +		return -EINVAL;
> +
> +	switch (count) {
> +	case 1:
> +		handler = &vfio_pci_ioeventfd_handler8;
> +		val = data;
> +		break;
> +	case 2:
> +		handler = &vfio_pci_ioeventfd_handler16;
> +		val = le16_to_cpu(data);
> +		break;
> +	case 4:
> +		handler = &vfio_pci_ioeventfd_handler32;
> +		val = le32_to_cpu(data);
> +		break;
> +#ifdef iowrite64
> +	case 8:
> +		handler = &vfio_pci_ioeventfd_handler64;
> +		val = le64_to_cpu(data);
> +		break;
> +#endif
> +	default:
> +		return -EINVAL;
> +	}
> +
> +	ret = vfio_pci_setup_barmap(vdev, bar);
> +	if (ret)
> +		return ret;
> +
> +	mutex_lock(&vdev->ioeventfds_lock);
> +
> +	list_for_each_entry(ioeventfd, &vdev->ioeventfds_list, next) {
> +		if (ioeventfd->pos == pos && ioeventfd->bar == bar &&
> +		    ioeventfd->data == data && ioeventfd->count == count) {
> +			if (fd == -1) {
> +				vfio_virqfd_disable(&ioeventfd->virqfd);
> +				list_del(&ioeventfd->next);
> +				kfree(ioeventfd);
> +				ret = 0;
> +			} else
> +				ret = -EEXIST;
> +
> +			goto out_unlock;
> +		}
> +	}
> +
> +	if (fd < 0) {
> +		ret = -ENODEV;
> +		goto out_unlock;
> +	}
> +
> +	ioeventfd = kzalloc(sizeof(*ioeventfd), GFP_KERNEL);
> +	if (!ioeventfd) {
> +		ret = -ENOMEM;
> +		goto out_unlock;
> +	}
> +
> +	ioeventfd->pos = pos;
> +	ioeventfd->bar = bar;
> +	ioeventfd->data = data;
> +	ioeventfd->count = count;
> +
> +	ret = vfio_virqfd_enable(vdev->barmap[ioeventfd->bar] + ioeventfd->pos,
> +				 handler, NULL, (void *)val,
> +				 &ioeventfd->virqfd, fd);
> +	if (ret) {
> +		kfree(ioeventfd);
> +		goto out_unlock;
> +	}
> +
> +	list_add(&ioeventfd->next, &vdev->ioeventfds_list);

Is there a limit on how many ioeventfds that can be created?

IIUC we'll create this eventfd "automatically" if a MMIO addr/data
triggered continuously for N=10 times, then would it be safer we have
a limitation on maximum eventfds?  Or not sure whether a malicious
guest can consume the host memory by sending:

- addr1/data1, 10 times
- addr2/data2, 10 times
- ...

To create unlimited ioeventfds?  Thanks,

-- 
Peter Xu