Re: [PATCH v7 2/4] virtio_balloon: introduce migration primitives toballoon pages

From: Michael S. Tsirkin
Date: Tue Aug 14 2012 - 16:53:27 EST

Next message: David Howells: "Re: [GIT PULL] Disintegrate the User API from the kernel headers"
Previous message: Trevor Brandt: "[PATCH] sched: Support compiling out real-time scheduling with REALTIME_SCHED."
In reply to: Michael S. Tsirkin: "Re: [PATCH v7 2/4] virtio_balloon: introduce migration primitives toballoon pages"
Next in thread: Rik van Riel: "Re: [PATCH v7 2/4] virtio_balloon: introduce migration primitivesto balloon pages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 14, 2012 at 11:49:06PM +0300, Michael S. Tsirkin wrote:
> On Tue, Aug 14, 2012 at 05:29:50PM -0300, Rafael Aquini wrote:
> > On Tue, Aug 14, 2012 at 11:24:01PM +0300, Michael S. Tsirkin wrote:
> > > On Tue, Aug 14, 2012 at 05:08:31PM -0300, Rafael Aquini wrote:
> > > > On Tue, Aug 14, 2012 at 10:59:16PM +0300, Michael S. Tsirkin wrote:
> > > > > > > > What if there is more than one balloon device?
> > > > > > >
> > > > > > > Is it possible to load this driver twice, or are you foreseeing a future case
> > > > > > > where this driver will be able to manage several distinct memory balloons for
> > > > > > > the same guest?
> > > > > > >
> > > > > >
> > > > > > Second.
> > > > > > It is easy to create several balloons they are just
> > > > > > pci devices.
> > > > >
> > > > >
> > > > >
> > > > > and it might not be too important to make it work but
> > > > > at least would be nice not to have a crash in this
> > > > > setup.
> > > > >
> > > > Fair enough. For now, as I believe it's safe to assume we are only inflating one
> > > > balloon per guest, I'd like to propose this as a future enhancement. Sounds
> > > > good?
> > > >
> > >
> > > Since guest crashes when it's not the case, no it doesn't, sorry :(.
> > >
> > Ok, but right now this driver only takes care of 1 balloon per guest,
>
> It does? Are you sure? There is no global state as far as I can see. So
> I can create 2 devices and driver will happily create two instances,
> each one can be inflated/deflated independently.
>
> > so how
> > could this approach crash it?
>
> Add device. inflate. Add another device. inflate. deflate. unplug.
> Now you have pointer to freed memory and when mm touches
> page from first device, you ge use after free.
>
> > Your point is a good thing to be on a to-do list for future enhancements, but
> > it's not a dealbreaker for the present balloon driver implementation, IMHO.
> >
>
> Yes it looks like a dealbreaker to me.

To clarify, the global state that this patch adds, is ugly
even if we didn't support multiple balloons yet.
So I don't think I can accept such a patch.
Rusty has a final word here, maybe he thinks differently.

> --
> MST
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Howells: "Re: [GIT PULL] Disintegrate the User API from the kernel headers"
Previous message: Trevor Brandt: "[PATCH] sched: Support compiling out real-time scheduling with REALTIME_SCHED."
In reply to: Michael S. Tsirkin: "Re: [PATCH v7 2/4] virtio_balloon: introduce migration primitives toballoon pages"
Next in thread: Rik van Riel: "Re: [PATCH v7 2/4] virtio_balloon: introduce migration primitivesto balloon pages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]