Received: by 10.192.165.148 with SMTP id m20csp5093185imm; Tue, 24 Apr 2018 13:37:53 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+//XPwSOwKy7bSsbORdQk7fhuRzy1AtAkxH8zLbXkB2IHMOtXPjfBguUTeiOIqL5zhCtWn X-Received: by 10.99.182.66 with SMTP id v2mr19896619pgt.158.1524602273695; Tue, 24 Apr 2018 13:37:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524602273; cv=none; d=google.com; s=arc-20160816; b=VM85OUt+Jom13rr4X/MSY/YljVj5BM6PEQKKU5ZjZp2QikGPMIyo3ZuWGz7CctPTQi zFJhSAHwtMsE2ogkXrU+ItlL+3SeVlgMZgC9lcgnvR71nDJxq/bPhFMGkS4DSCBE+/Ms s7Sfs1ma3yXFQXV+2WrewDYv1JSRKmAvHFnTnrQ/uUzgdHXHKmc6GzYjefpw/4qwxEAz lj2Izuz7TdPYknyNVcj/aLoeOFNX3vYoJMiCo5HiNVsh0SuwHY9TSqolGu6YAFnVeKDs nkCyoA5s8hoP+SeXYqwKRKw9dbc5dx6nDgVklTga++9roJA7u++l+WjZWI/Oe1m4kcnn uBRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date :arc-authentication-results; bh=kbEj/T6XPRdk99jlASdjb2UhMBcnTQeQsm459cookPY=; b=KGrsli6YzhkVb5l8dfERWM3faGnyeTMo2Az6ihcXb25lWZyivMk/pUR+GBuTe7u5sm jGSZqxar5uE36O0yv6/SUvxRkQarmW3Wb+7j0S4IQTkR+F5IVwqqzAEyaVTe4PJQQ1pW I5aLDJWD8EdrRpnGxZJ8fJAileXke6BT+3YysyWCKzct3EiU72/odbIJwrIM8CCwMXkO OQkbjd8YdtzyVfWsT5xZBUXXs79D0b5rB03XLcpr8qkAjL+3r2WJUQpc1fB7Y1VYp0W1 KvY3Qjzrv7D0GFoGjR/JzHWDuwnOlhqhY3+ykDTbbyJUXtJM7QYVz7pjqrQWh1A2P6o3 5Jcw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g14-v6si8725305plj.146.2018.04.24.13.37.39; Tue, 24 Apr 2018 13:37:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752700AbeDXUf7 (ORCPT + 99 others); Tue, 24 Apr 2018 16:35:59 -0400 Received: from mga04.intel.com ([192.55.52.120]:7095 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751439AbeDXUft (ORCPT ); Tue, 24 Apr 2018 16:35:49 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Apr 2018 13:35:49 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,324,1520924400"; d="scan'208";a="49619626" Received: from downor-z87x-ud5h.fm.intel.com (HELO downor-Z87X-UD5H) ([10.1.122.107]) by fmsmga001.fm.intel.com with ESMTP; 24 Apr 2018 13:35:49 -0700 Date: Tue, 24 Apr 2018 13:35:14 -0700 From: Dongwon Kim To: Oleksandr Andrushchenko Cc: Wei Liu , jgross@suse.com, Artem Mygaiev , konrad.wilk@oracle.com, airlied@linux.ie, linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org, "Potrola, MateuszX" , daniel.vetter@intel.com, xen-devel@lists.xenproject.org, boris.ostrovsky@oracle.com, Roger Pau =?iso-8859-1?Q?Monn=E9?= , "Oleksandr_Andrushchenko@epam.com" Subject: Re: [Xen-devel] [PATCH 0/1] drm/xen-zcopy: Add Xen zero-copy helper DRM driver Message-ID: <20180424203514.GA26787@downor-Z87X-UD5H> References: <41487acb-a67a-8933-d0c3-702c19b0938e@gmail.com> <20180418073508.ptvntwedczpvl7bx@MacBook-Pro-de-Roger.local> <20180418101058.hyqk3gr3b2ibxswu@MacBook-Pro-de-Roger.local> <20180420071914.GG31310@phenom.ffwll.local> <76cdc65a-7bb1-9377-7bc5-6164e32f7b5d@gmail.com> <20180423115242.ywdwqblj2aseu3fr@citrix.com> <61105351-8896-072b-abf0-757c7f6c0edf@gmail.com> <20180424115437.GT31310@phenom.ffwll.local> <18ab5f76-00b0-42a0-fcb8-e0cbf4cdd527@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <18ab5f76-00b0-42a0-fcb8-e0cbf4cdd527@gmail.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Had a meeting with Daniel and talked about bringing out generic part of hyper-dmabuf to the userspace, which means we most likely reuse IOCTLs defined in xen-zcopy for our use-case if we follow his suggestion. So assuming we use these IOCTLs as they are, Several things I would like you to double-check.. 1. returning gref as is to the user space is still unsafe because it is a constant, easy to guess and any process that hijacks it can easily exploit the buffer. So I am wondering if it's possible to keep dmabuf-to -gref or gref-to-dmabuf in kernel space and add other layers on top of those in actual IOCTLs to add some safety.. We introduced flink like hyper_dmabuf_id including random number but many says even that is still not safe. 2. maybe we could take hypervisor-independent process (e.g. SGT<->page) out of xen-zcopy and put those in a new helper library. 3. please consider the case where original DMA-BUF's first offset and last length are not 0 and PAGE_SIZE respectively. I assume current xen-zcopy only supports page-aligned buffer with PAGE_SIZE x n big. thanks, DW On Tue, Apr 24, 2018 at 02:59:39PM +0300, Oleksandr Andrushchenko wrote: > On 04/24/2018 02:54 PM, Daniel Vetter wrote: > >On Mon, Apr 23, 2018 at 03:10:35PM +0300, Oleksandr Andrushchenko wrote: > >>On 04/23/2018 02:52 PM, Wei Liu wrote: > >>>On Fri, Apr 20, 2018 at 02:25:20PM +0300, Oleksandr Andrushchenko wrote: > >>>>>> the gntdev. > >>>>>> > >>>>>>I think this is generic enough that it could be implemented by a > >>>>>>device not tied to Xen. AFAICT the hyper_dma guys also wanted > >>>>>>something similar to this. > >>>>>You can't just wrap random userspace memory into a dma-buf. We've just had > >>>>>this discussion with kvm/qemu folks, who proposed just that, and after a > >>>>>bit of discussion they'll now try to have a driver which just wraps a > >>>>>memfd into a dma-buf. > >>>>So, we have to decide either we introduce a new driver > >>>>(say, under drivers/xen/xen-dma-buf) or extend the existing > >>>>gntdev/balloon to support dma-buf use-cases. > >>>> > >>>>Can anybody from Xen community express their preference here? > >>>> > >>>Oleksandr talked to me on IRC about this, he said a few IOCTLs need to > >>>be added to either existing drivers or a new driver. > >>> > >>>I went through this thread twice and skimmed through the relevant > >>>documents, but I couldn't see any obvious pros and cons for either > >>>approach. So I don't really have an opinion on this. > >>> > >>>But, assuming if implemented in existing drivers, those IOCTLs need to > >>>be added to different drivers, which means userspace program needs to > >>>write more code and get more handles, it would be slightly better to > >>>implement a new driver from that perspective. > >>If gntdev/balloon extension is still considered: > >> > >>All the IOCTLs will be in gntdev driver (in current xen-zcopy terminology): > I was lazy to change dumb to dma-buf, so put this notice ;) > >> ?- DRM_ICOTL_XEN_ZCOPY_DUMB_FROM_REFS > >> ?- DRM_IOCTL_XEN_ZCOPY_DUMB_TO_REFS > >> ?- DRM_IOCTL_XEN_ZCOPY_DUMB_WAIT_FREE > >s/DUMB/DMA_BUF/ please. This is generic dma-buf, it has nothing to do with > >the dumb scanout buffer support in the drm/gfx subsystem. This here can be > >used for any zcopy sharing among guests (as long as your endpoints > >understands dma-buf, which most relevant drivers do). > Of course, please see above > >-Daniel > > > >>Balloon driver extension, which is needed for contiguous/DMA > >>buffers, will be to provide new *kernel API*, no UAPI is needed. > >> > >>>Wei. > >>Thank you, > >>Oleksandr > >>_______________________________________________ > >>dri-devel mailing list > >>dri-devel@lists.freedesktop.org > >>https://lists.freedesktop.org/mailman/listinfo/dri-devel >