From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dario Faggioli <dario.faggioli@citrix.com>
Subject: Re: [PATCH v5 12/17] xen/libxc: sched:
 DOMCTL_*vcpuaffinity works with hard and soft affinity
Date: Tue, 3 Dec 2013 19:29:47 +0100
Message-ID: <1386095387.5338.361.camel@Solace>
References: <20131202180129.29026.81543.stgit@Solace>
	<20131202182908.29026.23720.stgit@Solace>
	<529DBA3F02000078001093CF@nat28.tlf.novell.com>
	<529DBB4A02000078001093E5@nat28.tlf.novell.com>
	<529E212C.8070205@eu.citrix.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0141105358376557512=="
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <dario.faggioli@citrix.com>) id 1VnujL-00082r-Et
	for xen-devel@lists.xenproject.org; Tue, 03 Dec 2013 18:29:55 +0000
In-Reply-To: <529E212C.8070205@eu.citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: George Dunlap <george.dunlap@eu.citrix.com>
Cc: Marcus Granado <Marcus.Granado@eu.citrix.com>, Justin Weaver <jtweaver@hawaii.edu>, Jan Beulich <JBeulich@suse.com>, Li Yechen <lccycc123@gmail.com>, Andrew Cooper <Andrew.Cooper3@citrix.com>, Juergen Gross <juergen.gross@ts.fujitsu.com>, Ian Jackson <Ian.Jackson@eu.citrix.com>, Matt Wilson <msw@amazon.com>, xen-devel <xen-devel@lists.xenproject.org>, Keir Fraser <keir@xen.org>, Elena Ufimtseva <ufimtseva@gmail.com>, Ian Campbell <Ian.Campbell@citrix.com>
List-Id: xen-devel@lists.xenproject.org

--===============0141105358376557512==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="=-wMvF3wHuN484CBeaDdBZ"

--=-wMvF3wHuN484CBeaDdBZ
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On mar, 2013-12-03 at 18:21 +0000, George Dunlap wrote:
> On 12/03/2013 10:06 AM, Jan Beulich wrote:
> >>>> On 03.12.13 at 11:02, "Jan Beulich" <JBeulich@suse.com> wrote:
> >>>>> On 02.12.13 at 19:29, Dario Faggioli <dario.faggioli@citrix.com> wr=
ote:
> >>> +                goto setvcpuaffinity_out;
> >>> +
> >>> +            /*
> >>> +             * We both set a new affinity and report back to the cal=
ler what
> >>> +             * the scheduler will be effectively using.
> >>> +             */
> >>> +            if ( vcpuaff->flags & XEN_VCPUAFFINITY_HARD )
> >>> +            {
> >>> +                ret =3D xenctl_bitmap_to_bitmap(cpumask_bits(new_aff=
inity),
> >>> +                                              &vcpuaff->cpumap_hard,
> >>> +                                              vcpuaff->cpumap_hard.n=
r_bits);
> >>
> >> There's no code above range checking vcpuaff->cpumap_hard.nr_bits,
> >> yet xenctl_bitmap_to_bitmap() uses the passed in value to write into
> >> the array pointed to by the first argument. Why is this not
> >> xenctl_bitmap_to_cpumask() in the first place?
> >
> > And just to make it explicit - with fundamental flaws like this, I'm
> > not certain anymore whether we really ought to rush this series
> > in for 4.4.
>=20
> I'm certainly getting nervous about the prospect.
>
Sory. :-/

> However, the above=20
> bug would only be triggered by bad input from domain 0, right?=20
>
Exactly, either at domain creation or `xl vcpu-pin' time.

> I suppose=20
> even that would be a potential security issue in a highly disaggregated=
=20
> environment.
>=20
And, it's fixed here (again, just waiting to gather a bit more
feedback/ack before reposting):

 git://xenbits.xen.org/people/dariof/xen.git numa/per-vcpu-affinity-v6
 http://xenbits.xen.org/gitweb/?p=3Dpeople/dariof/xen.git;a=3Dshortlog;h=3D=
refs/heads/numa/per-vcpu-affinity-v6

> Other bugs in this patch would be similar.  This path is taken on domain=
=20
> creation IIUC; so bugs in this particular patch would probably either be=
=20
> unexpected behavior of the affinities, or failure to handle unusual=20
> input from a trusted source (domain 0).
>=20
Indeed.

Regards,
Dario

--=20
<<This happens because I choose it to happen!>> (Raistlin Majere)
-----------------------------------------------------------------
Dario Faggioli, Ph.D, http://about.me/dario.faggioli
Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK)


--=-wMvF3wHuN484CBeaDdBZ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iEYEABECAAYFAlKeIxsACgkQk4XaBE3IOsSMGwCfWv2dobfycLQSlBV6DRolhCqE
YccAnAsjZpVc24VJQgpC7Sh0DvSuNpup
=QAoZ
-----END PGP SIGNATURE-----

--=-wMvF3wHuN484CBeaDdBZ--


--===============0141105358376557512==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

--===============0141105358376557512==--