lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 5 Sep 2018 19:14:37 +0200
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     Björn Töpel <bjorn.topel@...il.com>
Cc:     ast@...nel.org, daniel@...earbox.net, netdev@...r.kernel.org,
        jeffrey.t.kirsher@...el.com, intel-wired-lan@...ts.osuosl.org,
        Björn Töpel <bjorn.topel@...el.com>,
        magnus.karlsson@...el.com, magnus.karlsson@...il.com
Subject: Re: [PATCH bpf-next 0/4] i40e AF_XDP zero-copy buffer leak fixes

On Tue,  4 Sep 2018 20:11:01 +0200, Björn Töpel wrote:
> From: Björn Töpel <bjorn.topel@...el.com>
> 
> This series addresses an AF_XDP zero-copy issue that buffers passed
> from userspace to the kernel was leaked when the hardware descriptor
> ring was torn down.
> 
> The patches fixes the i40e AF_XDP zero-copy implementation.
> 
> Thanks to Jakub Kicinski for pointing this out!
> 
> Some background for folks that don't know the details: A zero-copy
> capable driver picks buffers off the fill ring and places them on the
> hardware Rx ring to be completed at a later point when DMA is
> complete. Similar on the Tx side; The driver picks buffers off the Tx
> ring and places them on the Tx hardware ring.
> 
> In the typical flow, the Rx buffer will be placed onto an Rx ring
> (completed to the user), and the Tx buffer will be placed on the
> completion ring to notify the user that the transfer is done.
> 
> However, if the driver needs to tear down the hardware rings for some
> reason (interface goes down, reconfiguration and such), the userspace
> buffers cannot be leaked. They have to be reused or completed back to
> userspace.
> 
> The implementation does the following:
> 
> * Outstanding Tx descriptors will be passed to the completion
>   ring. The Tx code has back-pressure mechanism in place, so that
>   enough empty space in the completion ring is guaranteed.
> 
> * Outstanding Rx descriptors are temporarily stored on a stash/reuse
>   queue. The reuse queue is based on Jakub's RFC. When/if the HW rings
>   comes up again, entries from the stash are used to re-populate the
>   ring.
> 
> * When AF_XDP ZC is enabled, disallow changing the number of hardware
>   descriptors via ethtool. Otherwise, the size of the stash/reuse
>   queue can grow unbounded.
> 
> Going forward, introducing a "zero-copy allocator" analogous to Jesper
> Brouer's page pool would be a more robust and reuseable solution.
> 
> Jakub: I've made a minor checkpatch-fix to your RFC, prior adding it
> into this series.

Thanks for the fix! :)

Out of curiosity, did checking the reuse queue have a noticeable impact
in your test (i.e. always using the _rq() helpers)?  You seem to be
adding an indirect call, would that not be way worse on a retpoline
kernel?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ