Re: [PATCH] xen-swiotlb: exchange memory with Xen only when pages are contiguous
From: Dongli Zhang
Date: Fri Oct 26 2018 - 04:54:46 EST
Hi Joe,
On 10/26/2018 03:48 PM, Christoph Helwig wrote:
> On Thu, Oct 25, 2018 at 11:56:02AM -0700, Joe Jin wrote:
>> I just discussed this patch with Boris in private, his opinions(Boris,
>> please correct me if any misunderstood) are:
>>
>> 1. With/without the check, both are incorrect, he thought we need to
>> prevented unalloc'd free at here.
>> 2. On freeing, if upper layer already checked the memory was DMA-able,
>> the checking at here does not make sense, we can remove all checks.
>> 3. xen_create_contiguous_region() and xen_destroy_contiguous_region()
>> to come in pairs.
>>
>> For #1 and #3, I think we need something associate it, like a list, on
>> allocating, add addr to it, on freeing, check if in the list.
If dom0 (or any domain) is happy, although it could try to exchange all its
continuous dma pages back to xen hypervisor. From the perspective of each
domain, they always would like to keep as much continuous dma page as possible.
I am thinking something different. If there is malicious domU keep exchanging
memory and allocating continuous pages from xen hypervisor, will the
continuously dma pages be used up (sort of DoS attack)?
I am not sure if there is anything in xen hypervisor to prevent such behavior?
Dongli Zhang
>
> Is there any way to figure out based on an address if the exchange
> operation happened?
>
>> For #2, I'm was not found anywhere validated the address on
>> dma_free_coherent() callpath, not just xen-swiotlb.
>
> At least for simple direct mappings there is no easy way to verify that
> without keeping a list, and for some of the ops that do vmap like
> operations we have basic santiy checks, but nothing that really catches
> a wrong free.
>