Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3877140pxb; Tue, 17 Nov 2020 06:02:17 -0800 (PST) X-Google-Smtp-Source: ABdhPJwQSMwO8OfjdBvZpD6qMQuOez0ZVqYaTf2Zbbx/m7ygtYZ7VpUWgZmDXfUv0QVB3vMOihGq X-Received: by 2002:a05:6402:3098:: with SMTP id de24mr20510715edb.155.1605621737461; Tue, 17 Nov 2020 06:02:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605621737; cv=none; d=google.com; s=arc-20160816; b=xvWO71NHDquTLpMvwgkY6ypvSeMGn70TJw5J+eE9DmUBDWxmMwQZRf994HgpI3nxl7 4fLwwb/MoiJth31P17dJEt1G/a5HzxUsTyOz/ZHpm+YV5zs2i/lkEFUzvXd7Y7mykWtx 5X28hStNK5xxcxAO1HGQOO0nTUqD2fcrnZdkAsROHuODopAW+lF6U7k044aTF4OOICXA LMrUD1mrH3rmUSZU+fPwayO5ra8sHoy4j2SN58yF9O4lTvcta/crvgF/aAuZOnQJo7q+ XKE0PrfzTA4P9zlCrNWPJ6ybg2jet0MimSJoZBdT4Jqc7CEF/Dk2tPMTXYeHMi3bt5ii BHOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Z1weamoKVzv0NlP3FQ9W+7CnePb8jmbrCkVIQGdv+/U=; b=RRRg+Y1FMzA8jnqf5u4z39WYgo29cYjr9LZI3cStcsNBisXh9eai9z7ZfkQzdT3wAc e0/N2w1omBPQkPet/WDK07DpThssQh1i1sIuxelXHfIp/BqSpQJUCCXlf6snqarb0udB Mezj/+VtupLD5uWVj4nzLWqnAnx2jo4jngfTnCRDExMaC+Yl9Q8cb6aS/XdtJZ9CBMpx Ux+0lXqGTA2ZHm36EBF4CHXct0GnGHhRYMipGVVHyQyGHSWKfDWxkiNBWm+vQ2X6KZU9 fJeBvOlDjDKfwDfymmfZp8XSZveMJ9LqYGHoF/oCMoWPdtJaDIb36lzTblvsQaNOj/FU yAgg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Jiubg+Wq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t9si13386666ejj.143.2020.11.17.06.01.53; Tue, 17 Nov 2020 06:02:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Jiubg+Wq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729729AbgKQNRJ (ORCPT + 99 others); Tue, 17 Nov 2020 08:17:09 -0500 Received: from mail.kernel.org ([198.145.29.99]:48746 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730368AbgKQNQm (ORCPT ); Tue, 17 Nov 2020 08:16:42 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B61FF2225B; Tue, 17 Nov 2020 13:16:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1605619001; bh=mwNxo+bbCU4nxdpksfefs4VZ1FMc6/nY0SNnhBWqFa4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Jiubg+WqA08C1zEAqIPQ8UCv9myv1vWXASP/or+xfI6EflEJRKnCaS0lbkIXjXWfv 0m1NN5lJXmP0eCxBLDnfcvWA8wX4FHagA90KnjcoGxNKkqD9bY6DFLghcKI16p1Icg zNRB8NpOqKBSFtStRQ0D5zwVcB08GfQTQc5KwCBA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , Juergen Gross , Jan Beulich , Stefano Stabellini , Wei Liu Subject: [PATCH 4.14 81/85] xen/events: block rogue events for some time Date: Tue, 17 Nov 2020 14:05:50 +0100 Message-Id: <20201117122115.027758410@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201117122111.018425544@linuxfoundation.org> References: <20201117122111.018425544@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Juergen Gross commit 5f7f77400ab5b357b5fdb7122c3442239672186c upstream. In order to avoid high dom0 load due to rogue guests sending events at high frequency, block those events in case there was no action needed in dom0 to handle the events. This is done by adding a per-event counter, which set to zero in case an EOI without the XEN_EOI_FLAG_SPURIOUS is received from a backend driver, and incremented when this flag has been set. In case the counter is 2 or higher delay the EOI by 1 << (cnt - 2) jiffies, but not more than 1 second. In order not to waste memory shorten the per-event refcnt to two bytes (it should normally never exceed a value of 2). Add an overflow check to evtchn_get() to make sure the 2 bytes really won't overflow. This is part of XSA-332. Cc: stable@vger.kernel.org Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich Reviewed-by: Stefano Stabellini Reviewed-by: Wei Liu Signed-off-by: Greg Kroah-Hartman --- drivers/xen/events/events_base.c | 27 ++++++++++++++++++++++----- drivers/xen/events/events_internal.h | 3 ++- 2 files changed, 24 insertions(+), 6 deletions(-) --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -459,17 +459,34 @@ static void lateeoi_list_add(struct irq_ spin_unlock_irqrestore(&eoi->eoi_list_lock, flags); } -static void xen_irq_lateeoi_locked(struct irq_info *info) +static void xen_irq_lateeoi_locked(struct irq_info *info, bool spurious) { evtchn_port_t evtchn; unsigned int cpu; + unsigned int delay = 0; evtchn = info->evtchn; if (!VALID_EVTCHN(evtchn) || !list_empty(&info->eoi_list)) return; + if (spurious) { + if ((1 << info->spurious_cnt) < (HZ << 2)) + info->spurious_cnt++; + if (info->spurious_cnt > 1) { + delay = 1 << (info->spurious_cnt - 2); + if (delay > HZ) + delay = HZ; + if (!info->eoi_time) + info->eoi_cpu = smp_processor_id(); + info->eoi_time = get_jiffies_64() + delay; + } + } else { + info->spurious_cnt = 0; + } + cpu = info->eoi_cpu; - if (info->eoi_time && info->irq_epoch == per_cpu(irq_epoch, cpu)) { + if (info->eoi_time && + (info->irq_epoch == per_cpu(irq_epoch, cpu) || delay)) { lateeoi_list_add(info); return; } @@ -506,7 +523,7 @@ static void xen_irq_lateeoi_worker(struc info->eoi_time = 0; - xen_irq_lateeoi_locked(info); + xen_irq_lateeoi_locked(info, false); } if (info) @@ -535,7 +552,7 @@ void xen_irq_lateeoi(unsigned int irq, u info = info_for_irq(irq); if (info) - xen_irq_lateeoi_locked(info); + xen_irq_lateeoi_locked(info, eoi_flags & XEN_EOI_FLAG_SPURIOUS); read_unlock_irqrestore(&evtchn_rwlock, flags); } @@ -1438,7 +1455,7 @@ int evtchn_get(unsigned int evtchn) goto done; err = -EINVAL; - if (info->refcnt <= 0) + if (info->refcnt <= 0 || info->refcnt == SHRT_MAX) goto done; info->refcnt++; --- a/drivers/xen/events/events_internal.h +++ b/drivers/xen/events/events_internal.h @@ -33,7 +33,8 @@ enum xen_irq_type { struct irq_info { struct list_head list; struct list_head eoi_list; - int refcnt; + short refcnt; + short spurious_cnt; enum xen_irq_type type; /* type */ unsigned irq; unsigned int evtchn; /* event channel */