From: George Dunlap <george.dunlap@eu.citrix.com>
To: Jan Beulich <JBeulich@suse.com>,
Dario Faggioli <dario.faggioli@citrix.com>
Cc: Marcus Granado <Marcus.Granado@eu.citrix.com>,
Justin Weaver <jtweaver@hawaii.edu>,
Ian Campbell <Ian.Campbell@citrix.com>,
Li Yechen <lccycc123@gmail.com>,
Andrew Cooper <Andrew.Cooper3@citrix.com>,
Juergen Gross <juergen.gross@ts.fujitsu.com>,
Ian Jackson <Ian.Jackson@eu.citrix.com>,
Matt Wilson <msw@amazon.com>,
xen-devel <xen-devel@lists.xenproject.org>,
Keir Fraser <keir@xen.org>, Elena Ufimtseva <ufimtseva@gmail.com>
Subject: Re: [PATCH v5 12/17] xen/libxc: sched: DOMCTL_*vcpuaffinity works with hard and soft affinity
Date: Tue, 3 Dec 2013 18:21:32 +0000 [thread overview]
Message-ID: <529E212C.8070205@eu.citrix.com> (raw)
In-Reply-To: <529DBB4A02000078001093E5@nat28.tlf.novell.com>
On 12/03/2013 10:06 AM, Jan Beulich wrote:
>>>> On 03.12.13 at 11:02, "Jan Beulich" <JBeulich@suse.com> wrote:
>>>>> On 02.12.13 at 19:29, Dario Faggioli <dario.faggioli@citrix.com> wrote:
>>> + goto setvcpuaffinity_out;
>>> +
>>> + /*
>>> + * We both set a new affinity and report back to the caller what
>>> + * the scheduler will be effectively using.
>>> + */
>>> + if ( vcpuaff->flags & XEN_VCPUAFFINITY_HARD )
>>> + {
>>> + ret = xenctl_bitmap_to_bitmap(cpumask_bits(new_affinity),
>>> + &vcpuaff->cpumap_hard,
>>> + vcpuaff->cpumap_hard.nr_bits);
>>
>> There's no code above range checking vcpuaff->cpumap_hard.nr_bits,
>> yet xenctl_bitmap_to_bitmap() uses the passed in value to write into
>> the array pointed to by the first argument. Why is this not
>> xenctl_bitmap_to_cpumask() in the first place?
>
> And just to make it explicit - with fundamental flaws like this, I'm
> not certain anymore whether we really ought to rush this series
> in for 4.4.
I'm certainly getting nervous about the prospect. However, the above
bug would only be triggered by bad input from domain 0, right? I suppose
even that would be a potential security issue in a highly disaggregated
environment.
Other bugs in this patch would be similar. This path is taken on domain
creation IIUC; so bugs in this particular patch would probably either be
unexpected behavior of the affinities, or failure to handle unusual
input from a trusted source (domain 0).
-George
next prev parent reply other threads:[~2013-12-03 18:21 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-02 18:27 [PATCH v5 00/17] Implement vcpu soft affinity for credit1 Dario Faggioli
2013-12-02 18:27 ` [PATCH v5 01/17] xl: match output of vcpu-list with pinning syntax Dario Faggioli
2013-12-02 18:27 ` [PATCH v5 02/17] libxl: better name for last parameter of libxl_list_vcpu Dario Faggioli
2013-12-04 11:40 ` Ian Jackson
2013-12-06 14:40 ` Dario Faggioli
2013-12-02 18:27 ` [PATCH v5 03/17] libxl: fix memory leak in libxl_list_vcpu Dario Faggioli
2013-12-05 12:07 ` Ian Jackson
2013-12-02 18:27 ` [PATCH v5 04/17] libxc/libxl: sanitize error handling in *_get_max_{cpus, nodes} Dario Faggioli
2013-12-05 12:10 ` Ian Jackson
2013-12-06 10:34 ` Dario Faggioli
2013-12-06 11:52 ` Ian Jackson
2013-12-02 18:27 ` [PATCH v5 05/17] libxc/libxl: allow to retrieve the number of online pCPUs Dario Faggioli
2013-12-02 18:28 ` [PATCH v5 06/17] xl: allow for node-wise specification of vcpu pinning Dario Faggioli
2013-12-02 18:28 ` [PATCH v5 07/17] xl: implement and enable dryrun mode for `xl vcpu-pin' Dario Faggioli
2013-12-02 18:28 ` [PATCH v5 08/17] xl: test script for the cpumap parser (for vCPU pinning) Dario Faggioli
2013-12-02 18:28 ` [PATCH v5 09/17] xen: sched: rename v->cpu_affinity into v->cpu_hard_affinity Dario Faggioli
2013-12-02 18:28 ` [PATCH v5 10/17] xen: sched: introduce soft-affinity and use it instead d->node-affinity Dario Faggioli
2013-12-02 18:28 ` [PATCH v5 11/17] xen: derive NUMA node affinity from hard and soft CPU affinity Dario Faggioli
2013-12-02 18:29 ` [PATCH v5 12/17] xen/libxc: sched: DOMCTL_*vcpuaffinity works with hard and soft affinity Dario Faggioli
2013-12-03 10:02 ` Jan Beulich
2013-12-03 10:06 ` Jan Beulich
2013-12-03 11:08 ` Dario Faggioli
2013-12-03 13:25 ` Dario Faggioli
2013-12-03 18:21 ` George Dunlap [this message]
2013-12-03 18:29 ` Dario Faggioli
2013-12-03 18:37 ` George Dunlap
2013-12-03 19:06 ` Dario Faggioli
2013-12-04 9:03 ` Dario Faggioli
2013-12-04 15:49 ` George Dunlap
2013-12-04 16:03 ` Dario Faggioli
2013-12-04 16:20 ` Jan Beulich
2013-12-11 11:33 ` Jan Beulich
2013-12-03 10:59 ` Dario Faggioli
2013-12-03 11:20 ` Jan Beulich
2013-12-03 11:30 ` Dario Faggioli
2013-12-02 18:29 ` [PATCH v5 13/17] libxc: get and set soft and hard affinity Dario Faggioli
2013-12-02 18:29 ` [PATCH v5 14/17] libxl: get and set soft affinity Dario Faggioli
2013-12-02 18:29 ` [PATCH v5 15/17] xl: enable getting and setting soft Dario Faggioli
2013-12-02 18:29 ` [PATCH v5 16/17] xl: enable for specifying node-affinity in the config file Dario Faggioli
2013-12-02 18:29 ` [PATCH v5 17/17] libxl: automatic NUMA placement affects soft affinity Dario Faggioli
2013-12-03 14:05 ` [PATCH v5 00/17] Implement vcpu soft affinity for credit1 George Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=529E212C.8070205@eu.citrix.com \
--to=george.dunlap@eu.citrix.com \
--cc=Andrew.Cooper3@citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=Marcus.Granado@eu.citrix.com \
--cc=dario.faggioli@citrix.com \
--cc=jtweaver@hawaii.edu \
--cc=juergen.gross@ts.fujitsu.com \
--cc=keir@xen.org \
--cc=lccycc123@gmail.com \
--cc=msw@amazon.com \
--cc=ufimtseva@gmail.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).