lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 25 Feb 2012 14:07:55 -0800
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Ben Greear <greearb@...delatech.com>
Cc:	Ben Hutchings <bhutchings@...arflare.com>,
	John Fastabend <john.r.fastabend@...el.com>,
	David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
	Shradha Shah <sshah@...arflare.com>,
	Patrick McHardy <kaber@...sh.net>
Subject: Re: [PATCH net] macvlan: Disable LRO on lowerdev; warn if it's turned back on

Ben Greear <greearb@...delatech.com> writes:

> On 02/21/2012 12:28 PM, Ben Hutchings wrote:
>> On Tue, 2012-02-21 at 12:01 -0800, John Fastabend wrote:
>>> On 2/21/2012 11:13 AM, Ben Hutchings wrote:
>>>> Large Receive Offload (LRO) is only appropriate for packets that are
>>>> destined for the host, and should be disabled if received packets may
>>>> be forwarded.
>>>>
>>>> Further, macvtap_skb_to_vnet_hdr() will BUG() on a packet received
>>>> with LRO (but not GRO).
>>>>
>>>> Signed-off-by: Ben Hutchings<bhutchings@...arflare.com>
>>>> ---
>>>> I'm not really familiar with macvlan so I'm not certain that this should
>>>> be applied to all modes.
>>>>
>>>> Ben.
>>>>
>>>>   drivers/net/macvlan.c |    7 +++++++
>>>>   1 files changed, 7 insertions(+), 0 deletions(-)
>>>>
>>>
>>> But this patch assumes the macvlan is forwarding traffic to a guest
>>> via macvtap. Which is an assumption that may not be true.
>>>
>>> It seems more appropriate for the macvtap driver to do these checks
>>> after all its the driver that may BUG() with LRO.
>>
>> That's what I thought at first, but then I looked through what macvlan
>> was doing and it certainly appears to re-transmit skbs in all modes.
>> That's not valid when gso_size != 0 and gso_type == 0.
>
> You can put an IP on a mac-vlan and receive packets on it like
> normal Ethernet interfaces.  They wouldn't be re-transmitted
> in that case, would they?

Long story short.

With the macvlan driver the normal case is not to turn packets around
but to go directly to the nic or to come directly from the nic.

In the case where packets are turned around and packets go from one
software interface the design is that the drivers are supposed to
do software emulation of hardware features like gro so that we don't
have to take a performance hit when it happens.

If we are not doing proper software emulation of features like gro
in macvtap that is a problem.

I am fuzzy about all of the details but last I looked we were doing
proper software emulation of the features when just macvlan was
involved.  I also remember that the macvtap driver really wanted
gro so that it could work efficiently with emulated hardware.

So I don't know why people are having a problem, but the correct
solution is not to give up but to fix the silly software side of
the drivers to actually handle things properly.

Disabling LRO on the lowerdev just so we can avoid writing the
support in macvtap just sounds sad.

Eric
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ