Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1046897pxu; Thu, 17 Dec 2020 00:21:02 -0800 (PST) X-Google-Smtp-Source: ABdhPJx3s6mqz+57VdP6CwTtS+96BjTIrUkXasdHmdMsQoHL+glTUYq51EWFjyDAAnsAVdX8mz5n X-Received: by 2002:a17:906:cd06:: with SMTP id oz6mr34562625ejb.25.1608193262197; Thu, 17 Dec 2020 00:21:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608193262; cv=none; d=google.com; s=arc-20160816; b=ax1qOYpH6jFzsYe9cIkFFb4kjfwkryTzy1wk5+oU9Ic0vNUtJr3Hd/E9m2birsnyLl jApCzf5XQ0npXk32hYbY2kfr9p4HhnwieUnnmBU7AAwDFpf9OejoDCkILQDWc3DZyT6s DDyZ3e3INu+NOPW7xg73Z4Lumzlmksm7gBfxYjKCf8kZ+9/vhQRiZn08K5isk0l/EV/L 44qHEZ1q5wpvTQyldzW4I9Fr16pCphhZt74mzE60t/6GkHsrp7/3ZU9B3NX+wnim2pHS sYxDs/wzg29dvQPc2Bf/VgvND4BEaFxisLnQ8DmsmnM9GFzFSG7zMGBLiAeXnUvD6GP2 N/ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=2YmxoZfq/FJgaUjFNGuK4Ht5NlZny6+5b/Pu3VGDsno=; b=Bj541snSsNXrBZvvk78e5Q8STZU0/RF3RN0h3FIcBMGht6GQdpz2Z4ojGgviwIKHk6 u/2EU4vzPE0hShizaAgeau6ITf5SCk1c8V/1L5FgvrIJUecwJQ/oq5eEEhQFBfhSD2Ks duVug1Jnd/wyh48fk0orYDd4XvmL3CYENcWoTCCdFIEkimi6y+mOSusADqXpZU5pyn/p F5hoto6srlurXPjUu5AIhJloWFVzx2VMZ5gr0TAyW1sbYuA9zvNjEZBEBnLOyuSBWQEZ vRbt3bjc6tMXRnwqKxxuKH3tpFD1KLfq2r0GY/essFvnbJ3jkyXYZYRg4xALjYVxe4xb J2LA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=Q4LCL+MQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cq5si3876439edb.200.2020.12.17.00.20.39; Thu, 17 Dec 2020 00:21:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=Q4LCL+MQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727409AbgLQISx (ORCPT + 99 others); Thu, 17 Dec 2020 03:18:53 -0500 Received: from smtp-fw-9103.amazon.com ([207.171.188.200]:56183 "EHLO smtp-fw-9103.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725468AbgLQISx (ORCPT ); Thu, 17 Dec 2020 03:18:53 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1608193132; x=1639729132; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=2YmxoZfq/FJgaUjFNGuK4Ht5NlZny6+5b/Pu3VGDsno=; b=Q4LCL+MQyj3VmkdR+qT4OnqKXlhRsErfknUcnlDeddxZ6tglNaLbrFG5 cVDbiGLeQxLACLvX120fQJJv+KsV0TOx6pk625+ALds0NbGsDw6fTgQ8d S3g4hV6RJqdtQMTUcrww2iv87W8lQAP6TVgAxPtTDo0N/LU3Pt5X2fiG4 w=; X-IronPort-AV: E=Sophos;i="5.78,426,1599523200"; d="scan'208";a="903855449" Received: from sea32-co-svc-lb4-vlan3.sea.corp.amazon.com (HELO email-inbound-relay-1e-c7c08562.us-east-1.amazon.com) ([10.47.23.38]) by smtp-border-fw-out-9103.sea19.amazon.com with ESMTP; 17 Dec 2020 08:18:04 +0000 Received: from EX13D31EUA004.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan2.iad.amazon.com [10.40.163.34]) by email-inbound-relay-1e-c7c08562.us-east-1.amazon.com (Postfix) with ESMTPS id 4F898240B3D; Thu, 17 Dec 2020 08:18:03 +0000 (UTC) Received: from u3f2cd687b01c55.ant.amazon.com (10.43.162.144) by EX13D31EUA004.ant.amazon.com (10.43.165.161) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 17 Dec 2020 08:17:58 +0000 From: SeongJae Park To: CC: SeongJae Park , , , , , , , Subject: [PATCH 1/5] xen/xenbus: Allow watches discard events before queueing Date: Thu, 17 Dec 2020 09:17:23 +0100 Message-ID: <20201217081727.8253-2-sjpark@amazon.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20201217081727.8253-1-sjpark@amazon.com> References: <20201217081727.8253-1-sjpark@amazon.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.43.162.144] X-ClientProxiedBy: EX13D30UWC002.ant.amazon.com (10.43.162.235) To EX13D31EUA004.ant.amazon.com (10.43.165.161) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: SeongJae Park If handling logics of watch events are slower than the events enqueue logic and the events can be created from the guests, the guests could trigger memory pressure by intensively inducing the events, because it will create a huge number of pending events that exhausting the memory. This is known as XSA-349. Fortunately, some watch events could be ignored, depending on its handler callback. For example, if the callback has interest in only one single path, the watch wouldn't want multiple pending events. Or, some watches could ignore events to same path. To let such watches to volutarily help avoiding the memory pressure situation, this commit introduces new watch callback, 'will_handle'. If it is not NULL, it will be called for each new event just before enqueuing it. Then, if the callback returns false, the event will be discarded. No watch is using the callback for now, though. This is part of XSA-349 This is upstream commit fed1755b118147721f2c87b37b9d66e62c39b668 Cc: stable@vger.kernel.org Signed-off-by: SeongJae Park Reported-by: Michael Kurth Reported-by: Pawel Wieczorkiewicz Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross --- drivers/net/xen-netback/xenbus.c | 2 ++ drivers/xen/xenbus/xenbus_client.c | 1 + drivers/xen/xenbus/xenbus_xs.c | 7 ++++++- include/xen/xenbus.h | 7 +++++++ 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/drivers/net/xen-netback/xenbus.c b/drivers/net/xen-netback/xenbus.c index 56ebd8267386..23f03af0a2d4 100644 --- a/drivers/net/xen-netback/xenbus.c +++ b/drivers/net/xen-netback/xenbus.c @@ -697,12 +697,14 @@ static int xen_register_watchers(struct xenbus_device *dev, struct xenvif *vif) return -ENOMEM; snprintf(node, maxlen, "%s/rate", dev->nodename); vif->credit_watch.node = node; + vif->credit_watch.will_handle = NULL; vif->credit_watch.callback = xen_net_rate_changed; err = register_xenbus_watch(&vif->credit_watch); if (err) { pr_err("Failed to set watcher %s\n", vif->credit_watch.node); kfree(node); vif->credit_watch.node = NULL; + vif->credit_watch.will_handle = NULL; vif->credit_watch.callback = NULL; } return err; diff --git a/drivers/xen/xenbus/xenbus_client.c b/drivers/xen/xenbus/xenbus_client.c index 266f446ba331..d02d25f784c9 100644 --- a/drivers/xen/xenbus/xenbus_client.c +++ b/drivers/xen/xenbus/xenbus_client.c @@ -120,6 +120,7 @@ int xenbus_watch_path(struct xenbus_device *dev, const char *path, int err; watch->node = path; + watch->will_handle = NULL; watch->callback = callback; err = register_xenbus_watch(watch); diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c index ce65591b4168..0ea1c259f2f1 100644 --- a/drivers/xen/xenbus/xenbus_xs.c +++ b/drivers/xen/xenbus/xenbus_xs.c @@ -903,7 +903,12 @@ static int process_msg(void) spin_lock(&watches_lock); msg->u.watch.handle = find_watch( msg->u.watch.vec[XS_WATCH_TOKEN]); - if (msg->u.watch.handle != NULL) { + if (msg->u.watch.handle != NULL && + (!msg->u.watch.handle->will_handle || + msg->u.watch.handle->will_handle( + msg->u.watch.handle, + (const char **)msg->u.watch.vec, + msg->u.watch.vec_size))) { spin_lock(&watch_events_lock); list_add_tail(&msg->list, &watch_events); wake_up(&watch_events_waitq); diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h index 32b944b7cebd..11697aa023b5 100644 --- a/include/xen/xenbus.h +++ b/include/xen/xenbus.h @@ -58,6 +58,13 @@ struct xenbus_watch /* Path being watched. */ const char *node; + /* + * Called just before enqueing new event while a spinlock is held. + * The event will be discarded if this callback returns false. + */ + bool (*will_handle)(struct xenbus_watch *, + const char **vec, unsigned int len); + /* Callback (executed in a process context with no locks held). */ void (*callback)(struct xenbus_watch *, const char **vec, unsigned int len); -- 2.17.1