xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Keir Fraser <keir.xen@gmail.com>
To: "Zhang, Yang Z" <yang.z.zhang@intel.com>,
	"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Cc: "Zhang, Xiantao" <xiantao.zhang@intel.com>,
	Jan Beulich <jbeulich@suse.com>
Subject: Re: use tasklet to handle init/sipi?
Date: Mon, 25 Mar 2013 12:39:57 +0000	[thread overview]
Message-ID: <CD75F61D.1AFA1%keir.xen@gmail.com> (raw)
In-Reply-To: <A9667DDFB95DB7438FA9D7D576C3D87E099EEE4A@SHSMSX101.ccr.corp.intel.com>

On 25/03/2013 12:16, "Zhang, Yang Z" <yang.z.zhang@intel.com> wrote:

> Keir Fraser wrote on 2013-03-25:
>> On 25/03/2013 06:55, "Zhang, Yang Z" <yang.z.zhang@intel.com> wrote:
>> 
>>> Keir Fraser wrote on 2013-03-25:
>>>> There are deadlock issues around directly locking and resetting a remote
>>>> vcpu (e.g., buggy/malicious guest vcpu A sends INIT to vcpu B, and B does
>>>> same to A).
>>> 
>>> Can you elaborate it? Does the lock impact hypervisor or just guest?
>> 
>> INIT-handling path takes the domain lock. If two vcpus in same guest try to
>> INIT each other, one will take the lock and then try to vcpu_pause() the
>> other. But this will spin forever while that other vcpu itself waits to take
>> the domain_lock.
>> 
>> This seemed to me a fairly fundamental problem of vcpus directly resetting
>> each other. Hence the deferral to tasklet context.
> 
> I see your point. But seems two vcpus call vcpu_pause() simultaneously without
> hold any lock also will cause the deadlock, see following code:
> void vcpu_sleep_sync(struct vcpu *v)
> {
>     vcpu_sleep_nosync(v);
> 
>     while ( !vcpu_runnable(v) && v->is_running )  // two vcpus arrived here at
> same time and waiting each vcpu will cause deadlock?
>         cpu_relax();
> 
>     sync_vcpu_execstate(v);
> } 

Yep, agreed. So we mustn't call vcpu_pause() directly from guest context
then, you would agree? ;)

> Also, should we care about such malicious guest? If the guest really did such
> thing, it just block himself. It just eat the cpu time which belong to
> himself. A malicious guest can run a non-stop loop to do same thing.

No, the spin loop is in the hypervisor. So it is a denial-of-service attack
on the hypervisor -- i.e., a security concern.

 -- Keir

>>  -- Keir
>>>>  -- Keir
>>>> On 25/03/2013 05:31, "Zhang, Yang Z" <yang.z.zhang@intel.com> wrote:
>>>> 
>>>>> Hi, Keir,
>>>>> 
>>>>> I am looking into a issue and found cs:17457 changes to use tasklet to
>>>>> handle
>>>>> init and sipi. And the comments only said "clean up". I wonder is there
>>>>> any
>>>>> special reason to use tasklet to handle it? If no, I will send a patch to
>>>>> call
>>>>> handler directly instead via tasklet.
>>>>> The background is that with APICv, it assume all apic write is succeed and
>>>>> don't care the return value of vlapic_reg_write(). But the above logic
>>>>> need
>>>>> the caller to check return value. This obviously will break APICv.
>>>>> 
>>>>> # HG changeset patch
>>>>> # User Keir Fraser <keir.fraser@citrix.com>
>>>>> # Date 1208270873 -3600
>>>>> # Node ID e15be54059e4bde8f5916269dedff5fc3812686a
>>>>> # Parent  6691ae150d104127c097fd9f3a6acccc5ce43c52
>>>>> x86, hvm: Clean up handling of APIC INIT and SIPI messages.
>>>>> Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
>>>>> 
>>>>> best regards
>>>>> yang
>>>>> 
>>>> 
>>> 
>>> 
>>> Best regards,
>>> Yang
>>> 
>> 
> 
> 
> Best regards,
> Yang
> 
> 

  parent reply	other threads:[~2013-03-25 12:39 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-03-25  5:31 use tasklet to handle init/sipi? Zhang, Yang Z
2013-03-25  6:29 ` Keir Fraser
2013-03-25  6:55   ` Zhang, Yang Z
2013-03-25  8:05     ` Keir Fraser
2013-03-25 12:16       ` Zhang, Yang Z
2013-03-25 12:38         ` Jan Beulich
2013-03-25 12:39         ` Keir Fraser [this message]
2013-03-26  3:15           ` Zhang, Yang Z
2013-03-26  6:07             ` Keir Fraser
2013-03-26  6:14               ` Zhang, Yang Z
2013-03-26  7:00                 ` Keir Fraser
2013-03-26  7:11                   ` Keir Fraser
2013-03-26  7:17                     ` Zhang, Yang Z
2013-03-26  7:38                       ` Keir Fraser
2013-03-26  7:41                         ` Zhang, Yang Z
2013-03-26  7:55                           ` Keir Fraser
2013-03-26  8:02                             ` Keir Fraser
2013-03-28  1:18                               ` Zhang, Yang Z
2013-03-28  6:39                               ` Qiu, Shuang
2013-03-28 11:48                                 ` Keir Fraser
2013-03-28 15:29                                   ` Jan Beulich
2013-03-28 20:02                                     ` Keir Fraser

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CD75F61D.1AFA1%keir.xen@gmail.com \
    --to=keir.xen@gmail.com \
    --cc=jbeulich@suse.com \
    --cc=xen-devel@lists.xen.org \
    --cc=xiantao.zhang@intel.com \
    --cc=yang.z.zhang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).