Received: by 2002:ac0:aa62:0:0:0:0:0 with SMTP id w31-v6csp510038ima; Fri, 26 Oct 2018 01:55:21 -0700 (PDT) X-Google-Smtp-Source: AJdET5fLT3IbwSpxneJ8k3NjhDGto3dpyJFUcwPN3k13/LDA/AWpli2XCmDsBkqPxlh8OEafGj7d X-Received: by 2002:a17:902:2ac3:: with SMTP id j61-v6mr2627448plb.139.1540544121306; Fri, 26 Oct 2018 01:55:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540544121; cv=none; d=google.com; s=arc-20160816; b=rAyArG0kG+diBAcB9OYhYHFAwOxebjtsL8M05RZ8sxdq1EdSok8wa0HQMX1meImGfz zGOYmLiz/DN9pVz2c75yYfYAI4fOOcRC1O9/iTyVz79JrdAsM+b7gd0dx7+uU3y+Tbh7 3bOJSmYmoSkoXlU6C7I2WS2D91FrOexKRcP5iAEr3XjYLSTf5TsAAalgX06fjFa0hFgH sKdV5UNny9X1eCjCeAVx3VMLx+4Y6KmY1m6rCMP2stxdwf5d4xa5Ub+Q/v2q6yPHwBq6 KPv9QIaeCV7iugHt5NsVNyaqP4YoZ9Y3NZLSFlDaLiLk2Rnlo8Iq5mrULVZqgqB/9PLN Glhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:cc:references:to :subject:dkim-signature; bh=UZLE4JxKt/KMLfEuFn9/+2BwdcZ5ttZCEZlRoTEwFow=; b=gG2yOb39JMRjp7wKQCs6YoVthNb/vKWA56AkFHVrPBk9CiQ53mXC7H6iVoKeoCTyiC y0tNI3FwMwZKQAXSpxcUZJW974VLg2DcSMm8bHTQMBubBSj/XwLU1bozBVemyqlBEeIj nRirEg8NUEzgiwy3LVxKs/q4vndcpRO2ghcvR7+lt75ssEP547BWB5yDlISn68cZpAiI UPJxKvA3GY40pvK8Q0d3Hsp0FBzLxpN8aaHhfCcon1EhDYXiwm3jhvLILN2pTHp/Mjma Wxb1rq5VmY8t+KLink/vYoFdBC4puclZ3pwgrLqjjZ+L4YEGuU+RRJFpMmPkyAp8XmFj R+6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=33CEHkpK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c3-v6si10306096pfi.110.2018.10.26.01.55.04; Fri, 26 Oct 2018 01:55:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2018-07-02 header.b=33CEHkpK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726373AbeJZRaz (ORCPT + 99 others); Fri, 26 Oct 2018 13:30:55 -0400 Received: from aserp2120.oracle.com ([141.146.126.78]:58838 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726078AbeJZRaz (ORCPT ); Fri, 26 Oct 2018 13:30:55 -0400 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w9Q8rjDs047562; Fri, 26 Oct 2018 08:54:37 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : references : cc : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=UZLE4JxKt/KMLfEuFn9/+2BwdcZ5ttZCEZlRoTEwFow=; b=33CEHkpKRWWgKsGBRqnQycgkV1A9AWv7bVVxJhFpKMQpsZ+IncZVa1CNqtts8jPbzXE9 tawyJ3Ni9+OtRwL+VtooyvC9E4jLQxNZ5m8dFPOy9Vz3ITD1YTLQ6Z9zxonKQqER3pl2 iTUInVwFprGD+j531l17pK2J4ViesIKDpthmnSQclA6jjLS+HxmKoGqbsohySXrDaKAm 0Yib61TerrIE8jMKQhA55e72qfM7cSl4f25V0JCfj7tOoK6yA/rEdOMEwut9SADV6D/f SdRRRnGZpFvpI3GpqT6yTMrDX4zB+L+YGyCGdN9F2OG8bCwohBeYQfsSbg1h8vOI2Wkl 5w== Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp2120.oracle.com with ESMTP id 2n7vaqe3d5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 26 Oct 2018 08:54:36 +0000 Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w9Q8saef003971 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 26 Oct 2018 08:54:36 GMT Received: from abhmp0011.oracle.com (abhmp0011.oracle.com [141.146.116.17]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w9Q8sZ4B017190; Fri, 26 Oct 2018 08:54:35 GMT Received: from [10.191.16.181] (/10.191.16.181) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 26 Oct 2018 01:54:35 -0700 Subject: Re: [PATCH] xen-swiotlb: exchange memory with Xen only when pages are contiguous To: Joe Jin References: <20181024130246.GA22616@localhost.localdomain> <83900cf4-690c-9725-d022-d427fdeb4f7d@oracle.com> <581cb7ea-3112-791d-918d-9bb887e4744f@oracle.com> <24a62522-1629-5d0b-398e-6d2c1a0b97f7@oracle.com> <922914c9-22db-c5d1-33da-d07691ebd7d7@oracle.com> <45f5ffe8-3f48-4485-53f0-5a056be69b0c@oracle.com> <5b64850f-9142-0360-fe4e-9e7bc74d2368@oracle.com> <20181026074802.GA4768@lst.de> Cc: Christoph Helwig , Boris Ostrovsky , Konrad Rzeszutek Wilk , konrad@kernel.org, John Sobecki , "xen-devel@lists.xenproject.org" , "linux-kernel@vger.kernel.org" From: Dongli Zhang Message-ID: <10301c25-5bbf-51b6-6cb2-77e30bcd9a99@oracle.com> Date: Fri, 26 Oct 2018 16:54:28 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 MIME-Version: 1.0 In-Reply-To: <20181026074802.GA4768@lst.de> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9057 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=2 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=913 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810260079 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Joe, On 10/26/2018 03:48 PM, Christoph Helwig wrote: > On Thu, Oct 25, 2018 at 11:56:02AM -0700, Joe Jin wrote: >> I just discussed this patch with Boris in private, his opinions(Boris, >> please correct me if any misunderstood) are: >> >> 1. With/without the check, both are incorrect, he thought we need to >> prevented unalloc'd free at here. >> 2. On freeing, if upper layer already checked the memory was DMA-able, >> the checking at here does not make sense, we can remove all checks. >> 3. xen_create_contiguous_region() and xen_destroy_contiguous_region() >> to come in pairs. >> >> For #1 and #3, I think we need something associate it, like a list, on >> allocating, add addr to it, on freeing, check if in the list. If dom0 (or any domain) is happy, although it could try to exchange all its continuous dma pages back to xen hypervisor. From the perspective of each domain, they always would like to keep as much continuous dma page as possible. I am thinking something different. If there is malicious domU keep exchanging memory and allocating continuous pages from xen hypervisor, will the continuously dma pages be used up (sort of DoS attack)? I am not sure if there is anything in xen hypervisor to prevent such behavior? Dongli Zhang > > Is there any way to figure out based on an address if the exchange > operation happened? > >> For #2, I'm was not found anywhere validated the address on >> dma_free_coherent() callpath, not just xen-swiotlb. > > At least for simple direct mappings there is no easy way to verify that > without keeping a list, and for some of the ops that do vmap like > operations we have basic santiy checks, but nothing that really catches > a wrong free. >