Received: by 10.192.165.148 with SMTP id m20csp309908imm; Tue, 24 Apr 2018 23:08:34 -0700 (PDT) X-Google-Smtp-Source: AIpwx48kkUNX8NgU0qqdjmPAvZOVISub5LyynlDad8wBkFicBq4cIj4wdqsVvanuco2bbxxuymYm X-Received: by 10.99.62.201 with SMTP id l192mr22501044pga.318.1524636514212; Tue, 24 Apr 2018 23:08:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524636514; cv=none; d=google.com; s=arc-20160816; b=UERJ0IuQXVUvsVIAZuQIs3l/upyqlXkV6YuLtL7uICtrFnUXbPEfP2YtMSFS0PMBGF iF8A8s4wMRIy6biv+HM4Wdp5iO5b8h2gQazyKzUz8hRqrjcvj/ShElqbHLgjWev4NEJs WqcKxKcmXtwRHfQ9Pj5NkhXKq6xlGDQFjagB/myKXZh74d1eB7/VAZVhZMGjGfOeoh9d VdbCPk1KKEOlVVVRsZZL5e9lL4DUu1tPAHaf8lByMlF04jeV+mCCsVuqlF9Mu1+p4ihV ww6BCeYDt1zHVTVGd6SVEBh5G5XS0M0bwxhU4GG5RkazcyIo4A3E8EaRXvtubdrawn0T DvyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=TZuRCefE6vkXDKUm6IO18lnBQ9ON88jCQmT+xqY+szw=; b=PQ5G8CufGj5WWbtKiZLIIeXt2o4rgGOcaLJFKEPRoPzo3O60Z6NUeD4tvX6MzNUmvj wFpMKTBJimMwjH0gNIMaE4EnPONZryEK2UuX7fMabmGn4Iaj9HzbhVJDo4UWAwJ2G7ZC 3wSa/m/ff4I1T8UHKI6fFds/0SqKaiw6uD8ymD02xCPu9JeU+B3FwSV/+MuGsseK/mbR 0mZ7sNqiFnV6me+5Jfw+Tt51OXDwWixbSPluhHfdmjQwTZp7eayqA3n6Rqeqa3S/bp3X zPOVe8EEXiomGrdqvTEXxwGVy7o/h3tAFlwQEw4dhR3XWiYGXguPaleNLyvAkQWRhr8v vVOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=OWAc5vFT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b184si12942160pgc.25.2018.04.24.23.08.19; Tue, 24 Apr 2018 23:08:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=OWAc5vFT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751233AbeDYGHN (ORCPT + 99 others); Wed, 25 Apr 2018 02:07:13 -0400 Received: from mail-lf0-f68.google.com ([209.85.215.68]:36854 "EHLO mail-lf0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750941AbeDYGHL (ORCPT ); Wed, 25 Apr 2018 02:07:11 -0400 Received: by mail-lf0-f68.google.com with SMTP id d20-v6so23720694lfe.3 for ; Tue, 24 Apr 2018 23:07:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=TZuRCefE6vkXDKUm6IO18lnBQ9ON88jCQmT+xqY+szw=; b=OWAc5vFTYDddvAXnbzfER65Kogj2+vmFq+g1LeAL3OYXZOMi/51kM5b/0lfC0Muh9p n/ybqhlnSLEDICsYMQjr4iBU7me+x31RaLh5QeH5f558BUhSGt/AfLdg6PBYV2L/YCWp coLooiySheDSkXDASyIFgTu7tNfu5JXoA5vOXOyEA4C/QmdH2kvXsKpzOFvGI226Edb4 IW03qHyMdHCdYxvP1litXb6oZV8IXgrWtp37LjMKLUhhpyxf17QL/T8IAXDqhnCCzgAN d178nEoo60uEQO5K0LB6CoyaRck1uutQ2L9l5cf8JZaafCfFyb2NeJzG2+vquhi0Wrr/ Boig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=TZuRCefE6vkXDKUm6IO18lnBQ9ON88jCQmT+xqY+szw=; b=NDwsFIRR7wBLxuvsTiHoB9GMKwlYC5gmWMYyPn9a5GJwOTI1X4xi3hnsnxCv6pVM1w 0xkTFfDCM/WvSzisyo9rnKlcf5ZUwxKOpHMX13KvyCw+AbH+ug0uqBZx4ILoUVBU2ctA D1NLGxiFuibpG/Jm9h3wtz1hsDmL5N3XXGKMsOsxBQDkmlXB7bHydiJvB4OuMee12T8u NfM3WH1/mWwvrYZUw41ZnM1Oitj/WEm1xnQAKjbSoUlcfCHu0rvvJBdKXcfq56dFPC8H q5ExuJqeUqCkGIBfUWy5oHa/P1wO0nd2Hkx/x6wnljBKKqoCL1ZilloPOphC7guUlq2E FInw== X-Gm-Message-State: ALQs6tBTiQKPVoNJtFMlDVSPLk1HSIBtiAsSvcgJPxn+ineLdE5TJeg/ CqaRleuBm1zFMWFjhxZ8p1I= X-Received: by 10.46.83.14 with SMTP id h14mr14914178ljb.108.1524636429526; Tue, 24 Apr 2018 23:07:09 -0700 (PDT) Received: from [10.17.182.9] (ll-52.209.223.85.sovam.net.ua. [85.223.209.52]) by smtp.gmail.com with ESMTPSA id h82-v6sm259742lfi.87.2018.04.24.23.07.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 24 Apr 2018 23:07:08 -0700 (PDT) Subject: Re: [Xen-devel] [PATCH 0/1] drm/xen-zcopy: Add Xen zero-copy helper DRM driver To: Dongwon Kim Cc: Wei Liu , jgross@suse.com, Artem Mygaiev , konrad.wilk@oracle.com, airlied@linux.ie, linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org, "Potrola, MateuszX" , daniel.vetter@intel.com, xen-devel@lists.xenproject.org, boris.ostrovsky@oracle.com, =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= , "Oleksandr_Andrushchenko@epam.com" References: <41487acb-a67a-8933-d0c3-702c19b0938e@gmail.com> <20180418073508.ptvntwedczpvl7bx@MacBook-Pro-de-Roger.local> <20180418101058.hyqk3gr3b2ibxswu@MacBook-Pro-de-Roger.local> <20180420071914.GG31310@phenom.ffwll.local> <76cdc65a-7bb1-9377-7bc5-6164e32f7b5d@gmail.com> <20180423115242.ywdwqblj2aseu3fr@citrix.com> <61105351-8896-072b-abf0-757c7f6c0edf@gmail.com> <20180424115437.GT31310@phenom.ffwll.local> <18ab5f76-00b0-42a0-fcb8-e0cbf4cdd527@gmail.com> <20180424203514.GA26787@downor-Z87X-UD5H> From: Oleksandr Andrushchenko Message-ID: <43bc755f-3e31-6841-0962-542c42515f88@gmail.com> Date: Wed, 25 Apr 2018 09:07:07 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <20180424203514.GA26787@downor-Z87X-UD5H> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 04/24/2018 11:35 PM, Dongwon Kim wrote: > Had a meeting with Daniel and talked about bringing out generic > part of hyper-dmabuf to the userspace, which means we most likely > reuse IOCTLs defined in xen-zcopy for our use-case if we follow > his suggestion. I will still have kernel side API, so backends/frontends implemented in the kernel can access that functionality as well. > > So assuming we use these IOCTLs as they are, > Several things I would like you to double-check.. > > 1. returning gref as is to the user space is still unsafe because > it is a constant, easy to guess and any process that hijacks it can easily > exploit the buffer. So I am wondering if it's possible to keep dmabuf-to > -gref or gref-to-dmabuf in kernel space and add other layers on top > of those in actual IOCTLs to add some safety.. We introduced flink like > hyper_dmabuf_id including random number but many says even that is still > not safe. Yes, it is generally unsafe. But even if we have implemented the approach you have in hyper-dmabuf or similar, what stops malicious software from doing the same with the existing gntdev UAPI? No need to brute force new UAPI if there is a simpler one. That being said, I'll put security aside at the first stage, but of course we can start investigating ways to improve (I assume you already have use-cases where security issues must be considered, so, probably you can tell more on what was investigated so far). > > 2. maybe we could take hypervisor-independent process (e.g. SGT<->page) > out of xen-zcopy and put those in a new helper library. I believe this can be done, but at the first stage I would go without that helper library, so it is clearly seen what can be moved to it later (I know that you want to run ACRN as well, but can I run it on ARM? ;) > 3. please consider the case where original DMA-BUF's first offset > and last length are not 0 and PAGE_SIZE respectively. I assume current > xen-zcopy only supports page-aligned buffer with PAGE_SIZE x n big. Hm, what is the use-case for that? > thanks, > DW Thank you, Oleksandr > On Tue, Apr 24, 2018 at 02:59:39PM +0300, Oleksandr Andrushchenko wrote: >> On 04/24/2018 02:54 PM, Daniel Vetter wrote: >>> On Mon, Apr 23, 2018 at 03:10:35PM +0300, Oleksandr Andrushchenko wrote: >>>> On 04/23/2018 02:52 PM, Wei Liu wrote: >>>>> On Fri, Apr 20, 2018 at 02:25:20PM +0300, Oleksandr Andrushchenko wrote: >>>>>>>> the gntdev. >>>>>>>> >>>>>>>> I think this is generic enough that it could be implemented by a >>>>>>>> device not tied to Xen. AFAICT the hyper_dma guys also wanted >>>>>>>> something similar to this. >>>>>>> You can't just wrap random userspace memory into a dma-buf. We've just had >>>>>>> this discussion with kvm/qemu folks, who proposed just that, and after a >>>>>>> bit of discussion they'll now try to have a driver which just wraps a >>>>>>> memfd into a dma-buf. >>>>>> So, we have to decide either we introduce a new driver >>>>>> (say, under drivers/xen/xen-dma-buf) or extend the existing >>>>>> gntdev/balloon to support dma-buf use-cases. >>>>>> >>>>>> Can anybody from Xen community express their preference here? >>>>>> >>>>> Oleksandr talked to me on IRC about this, he said a few IOCTLs need to >>>>> be added to either existing drivers or a new driver. >>>>> >>>>> I went through this thread twice and skimmed through the relevant >>>>> documents, but I couldn't see any obvious pros and cons for either >>>>> approach. So I don't really have an opinion on this. >>>>> >>>>> But, assuming if implemented in existing drivers, those IOCTLs need to >>>>> be added to different drivers, which means userspace program needs to >>>>> write more code and get more handles, it would be slightly better to >>>>> implement a new driver from that perspective. >>>> If gntdev/balloon extension is still considered: >>>> >>>> All the IOCTLs will be in gntdev driver (in current xen-zcopy terminology): >> I was lazy to change dumb to dma-buf, so put this notice ;) >>>>  - DRM_ICOTL_XEN_ZCOPY_DUMB_FROM_REFS >>>>  - DRM_IOCTL_XEN_ZCOPY_DUMB_TO_REFS >>>>  - DRM_IOCTL_XEN_ZCOPY_DUMB_WAIT_FREE >>> s/DUMB/DMA_BUF/ please. This is generic dma-buf, it has nothing to do with >>> the dumb scanout buffer support in the drm/gfx subsystem. This here can be >>> used for any zcopy sharing among guests (as long as your endpoints >>> understands dma-buf, which most relevant drivers do). >> Of course, please see above >>> -Daniel >>> >>>> Balloon driver extension, which is needed for contiguous/DMA >>>> buffers, will be to provide new *kernel API*, no UAPI is needed. >>>> >>>>> Wei. >>>> Thank you, >>>> Oleksandr >>>> _______________________________________________ >>>> dri-devel mailing list >>>> dri-devel@lists.freedesktop.org >>>> https://lists.freedesktop.org/mailman/listinfo/dri-devel