Received: by 10.192.165.148 with SMTP id m20csp448612imm; Wed, 25 Apr 2018 02:07:34 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/Ubbo6Nkii+lgGBu+uARu8Tlv96pCiqeAS5qm6AgKgEzRVa5kbtkJeGYCNoGGBPEuavDnM X-Received: by 10.98.17.220 with SMTP id 89mr15249119pfr.18.1524647254324; Wed, 25 Apr 2018 02:07:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524647254; cv=none; d=google.com; s=arc-20160816; b=RudUR+XpGWUfrooivl7ffEnsIhSslEPyczPiAF9xxe71F/zQ7apDCpI/vEEKYb5hKV pXvIFX/bwdVU0m7VYXgThkYf+FQeiQXgfP4SuunR/ITSiZ4TaU7Wyc45JVzeGgTBD2Ya ZecGrJv19V+lO+bwho64CKh020sIu5/7mjxhQiwkfgMpaO5S/JVlPsB9sAAn+czriS8u Mb2YlGAZoXpn02naVgQho5+g4O7xrQxW+DWk5CkYq5fKUgV+IuuNjhyy2nqKbJkpA1v3 pUtC7P0zh+nQdHGxfv2IE1SLKg1NYa3m4FY4V/r4ENZSC4t7EYU6EfJBfPljgtbqx5l9 jPLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=KOLWhcGlw2YLEAu97Ctx/k88lAYiQ+Eklmct/5uuXJU=; b=jXYgA57WJiYNEvrLZvGvpCsbQan/dHkxEzE5dyhXA/7M9a2q2NlZzWg9JFMsmlDIR6 ZIAisoaFPf1f8DLpYx2EZY0wCSJmlBq3gN3zBU7zUtC83M+nQKuhesx27r06KfLEsEK2 jvV8qi6v1mHEg9BmBiY4c3Y/YWgeKkNXHn6npHBxj83w0vaWVvgFxYCNIQ+NHyYgEyu/ cphaRn75sRqiuG39ggdPdVRhHbApv/dJtYY/wF7Aq9pIrLQpV/1AH5JW9+kS67PpPXQS 6GMpIgHZJ1FYl5Hugc6V9DPhURxJVHhjltOEiJlIAIasA8fqrpLzDRApRofuJRt7W4ph H+qA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=SH+4RWF0; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l85si15326967pfb.231.2018.04.25.02.07.18; Wed, 25 Apr 2018 02:07:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=SH+4RWF0; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751772AbeDYJEm (ORCPT + 99 others); Wed, 25 Apr 2018 05:04:42 -0400 Received: from mail-lf0-f50.google.com ([209.85.215.50]:42799 "EHLO mail-lf0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750882AbeDYJEj (ORCPT ); Wed, 25 Apr 2018 05:04:39 -0400 Received: by mail-lf0-f50.google.com with SMTP id u21-v6so22741869lfu.9 for ; Wed, 25 Apr 2018 02:04:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=KOLWhcGlw2YLEAu97Ctx/k88lAYiQ+Eklmct/5uuXJU=; b=SH+4RWF0ZgRDH3ZpyiL3+KvsZsWrfXDUYROsPr8lhm32uQDMYKjL3VOOtE26T7XYtJ XW9FS5j2WEaldy2t3AylaScE8fhtWKK52GahPRH8MctE4X2hiIYFOVcSw8nVO236AaWe X/T7cyU7t4jW9HX5LPHvjxlb22bJ+g50DCS0cG3jE6qo6Y5v4hH87e9tIdv1byIcS3V1 C1NLoK6BhYwwPdwXCa8rjs+b1TAifc6wmw5BQSU/eycfo5IhPDdJ518tGweoHGhivAU0 IJoVnZyM+R4J9jvO91mywtK+D47fggh2tSlt1EkFaZ0YtQM3paDt0nIva2eJ/D/cfhu/ yU1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=KOLWhcGlw2YLEAu97Ctx/k88lAYiQ+Eklmct/5uuXJU=; b=ATHBxB52HS4q9yzYZe/IHS7WIY83Be9NtckFnr31ZNz8XR0MPX5Z9gPXYVuCgz2GhN kfM9y8uOuQRhNQQvzsu+wrngDtOsshkkDXujjTwYshliYFRIzkwtmn/B3zNgj2j8tO9L bC9Qlfz1sDnYw5zr6/E78Zrw4XELyCVzE+yjK30VG6NcCsZpQgKAxoxLd2KsgVNBeK/A hMvJHlYTG/90l+rCpFDPpitAiiYuzgw5nDvbMUwlbxLp+ZKGtWVM3vrTDpAJTjkDnRDy Ex56lQiU7vdlvuOr9VHIjybpxB7+2EysG/q2ucTH5vx/zkz0jviN313E3mXhPW8JHHdM ZYOg== X-Gm-Message-State: ALQs6tC+fuUwPMIskr6xY66dw58CXk+GEb/XWt+onseiafcSwSbKm2Pw 8Kb5HLSx66sDJbA7gcI0Rv0= X-Received: by 10.46.113.19 with SMTP id m19mr11714424ljc.44.1524647077654; Wed, 25 Apr 2018 02:04:37 -0700 (PDT) Received: from [10.17.182.9] (ll-52.209.223.85.sovam.net.ua. [85.223.209.52]) by smtp.gmail.com with ESMTPSA id d25-v6sm2378816lfa.46.2018.04.25.02.04.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Apr 2018 02:04:36 -0700 (PDT) Subject: Re: [PATCH v2 3/5] ALSA: xen-front: Implement Xen event channel handling To: Takashi Iwai Cc: alsa-devel@alsa-project.org, xen-devel@lists.xenproject.org, boris.ostrovsky@oracle.com, konrad.wilk@oracle.com, perex@perex.cz, Juergen Gross , linux-kernel@vger.kernel.org, Oleksandr Andrushchenko References: <20180416062453.24743-1-andr2000@gmail.com> <20180416062453.24743-4-andr2000@gmail.com> <04e313e5-4fdb-9f7b-43e3-f1551f582db2@gmail.com> From: Oleksandr Andrushchenko Message-ID: <72af8fdb-586f-6c5c-72af-071682ceab7d@gmail.com> Date: Wed, 25 Apr 2018 12:04:35 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 04/25/2018 12:02 PM, Takashi Iwai wrote: > On Wed, 25 Apr 2018 10:26:34 +0200, > Oleksandr Andrushchenko wrote: >> On 04/24/2018 07:23 PM, Oleksandr Andrushchenko wrote: >>> On 04/24/2018 06:02 PM, Takashi Iwai wrote: >>>> On Tue, 24 Apr 2018 16:58:43 +0200, >>>> Oleksandr Andrushchenko wrote: >>>>> On 04/24/2018 05:35 PM, Takashi Iwai wrote: >>>>>> On Tue, 24 Apr 2018 16:29:15 +0200, >>>>>> Oleksandr Andrushchenko wrote: >>>>>>> On 04/24/2018 05:20 PM, Takashi Iwai wrote: >>>>>>>> On Mon, 16 Apr 2018 08:24:51 +0200, >>>>>>>> Oleksandr Andrushchenko wrote: >>>>>>>>> +static irqreturn_t evtchnl_interrupt_req(int irq, void *dev_id) >>>>>>>>> +{ >>>>>>>>> +    struct xen_snd_front_evtchnl *channel = dev_id; >>>>>>>>> +    struct xen_snd_front_info *front_info = channel->front_info; >>>>>>>>> +    struct xensnd_resp *resp; >>>>>>>>> +    RING_IDX i, rp; >>>>>>>>> +    unsigned long flags; >>>>>>>>> + >>>>>>>>> +    if (unlikely(channel->state != EVTCHNL_STATE_CONNECTED)) >>>>>>>>> +        return IRQ_HANDLED; >>>>>>>>> + >>>>>>>>> +    spin_lock_irqsave(&front_info->io_lock, flags); >>>>>>>>> + >>>>>>>>> +again: >>>>>>>>> +    rp = channel->u.req.ring.sring->rsp_prod; >>>>>>>>> +    /* ensure we see queued responses up to rp */ >>>>>>>>> +    rmb(); >>>>>>>>> + >>>>>>>>> +    for (i = channel->u.req.ring.rsp_cons; i != rp; i++) { >>>>>>>> I'm not familiar with Xen stuff in general, but through a quick >>>>>>>> glance, this kind of code worries me a bit. >>>>>>>> >>>>>>>> If channel->u.req.ring.rsp_cons has a bogus number, this may >>>>>>>> lead to a >>>>>>>> very long loop, no?  Better to have a sanity check of the ring >>>>>>>> buffer >>>>>>>> size. >>>>>>> In this loop I have: >>>>>>> resp = RING_GET_RESPONSE(&channel->u.req.ring, i); >>>>>>> and the RING_GET_RESPONSE macro is designed in the way that >>>>>>> it wraps around when *i* in the question gets bigger than >>>>>>> the ring size: >>>>>>> >>>>>>> #define RING_GET_REQUEST(_r, _idx)                    \ >>>>>>>       (&((_r)->sring->ring[((_idx) & (RING_SIZE(_r) - 1))].req)) >>>>>>> >>>>>>> So, even if the counter has a bogus number it will not last long >>>>>> Hm, this prevents from accessing outside the ring buffer, but does it >>>>>> change the loop behavior? >>>>> no, it doesn't >>>>>> Suppose channel->u.req.ring_rsp_cons = 1, and rp = 0, the loop below >>>>>> would still consume the whole 32bit counts, no? >>>>>> >>>>>>     for (i = channel->u.req.ring.rsp_cons; i != rp; i++) { >>>>>>         resp = RING_GET_RESPONSE(&channel->u.req.ring, i); >>>>>>         ... >>>>>>     } >>>>> You are right here and the comment is totally valid. >>>>> I'll put an additional check like here [1] and here [2] >>>>> Will this address your comment? >>>> Yep, this kind of sanity checks should work. >>>> >>> Great, will implement the checks this way then >> Well, after thinking a bit more on that and chatting on #xendevel IRC >> with Juergen (he is on CC list), it seems that the way the code is now >> it is all fine without the checks: the assumption here is that >> the backend is trusted to always write sane values to the ring counters, >> thus no overflow checks on frontend side are required. >> Even if I implement the checks then I have no means to recover, but >> just print >> an error message and bail out not handling any responses. >> This is probably why the checks [1] and [2] are only implemented for the >> backend side and there are no such macros for the frontend side. >> >> Takashi, please let me know if the above sounds reasonable and >> addresses your comments. > If it's guaranteed to work, that's OK. > But maybe it's worth to comment for readers. ok, will put a comment on that > > thanks, > > Takashi Thank you, Oleksandr