lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 1 Dec 2020 17:23:18 +0800
From:   Cindy Lu <lulu@...hat.com>
To:     "Michael S. Tsirkin" <mst@...hat.com>
Cc:     Eli Cohen <elic@...dia.com>, Jason Wang <jasowang@...hat.com>,
        virtualization@...ts.linux-foundation.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] vdpa/mlx5: Use random MAC for the vdpa net instance

On Mon, Nov 30, 2020 at 11:33 PM Michael S. Tsirkin <mst@...hat.com> wrote:
>
> On Mon, Nov 30, 2020 at 06:41:45PM +0800, Cindy Lu wrote:
> > On Mon, Nov 30, 2020 at 5:33 PM Michael S. Tsirkin <mst@...hat.com> wrote:
> > >
> > > On Mon, Nov 30, 2020 at 11:27:59AM +0200, Eli Cohen wrote:
> > > > On Mon, Nov 30, 2020 at 04:00:51AM -0500, Michael S. Tsirkin wrote:
> > > > > On Mon, Nov 30, 2020 at 08:27:46AM +0200, Eli Cohen wrote:
> > > > > > On Sun, Nov 29, 2020 at 03:08:22PM -0500, Michael S. Tsirkin wrote:
> > > > > > > On Sun, Nov 29, 2020 at 08:43:51AM +0200, Eli Cohen wrote:
> > > > > > > > We should not try to use the VF MAC address as that is used by the
> > > > > > > > regular (e.g. mlx5_core) NIC implementation. Instead, use a random
> > > > > > > > generated MAC address.
> > > > > > > >
> > > > > > > > Suggested by: Cindy Lu <lulu@...hat.com>
> > > > > > > > Fixes: 1a86b377aa21 ("vdpa/mlx5: Add VDPA driver for supported mlx5 devices")
> > > > > > > > Signed-off-by: Eli Cohen <elic@...dia.com>
> > > > > > >
> > > > > > > I didn't realise it's possible to use VF in two ways
> > > > > > > with and without vdpa.
> > > > > >
> > > > > > Using a VF you can create quite a few resources, e.g. send queues
> > > > > > recieve queues, virtio_net queues etc. So you can possibly create
> > > > > > several instances of vdpa net devices and nic net devices.
> > > > > >
> > > > > > > Could you include a bit more description on the failure
> > > > > > > mode?
> > > > > >
> > > > > > Well, using the MAC address of the nic vport is wrong since that is the
> > > > > > MAC of the regular NIC implementation of mlx5_core.
> > > > >
> > > > > Right but ATM it doesn't coexist with vdpa so what's the problem?
> > > > >
> > > >
> > > > This call is wrong:  mlx5_query_nic_vport_mac_address()
> > > >
> > > > > > > Is switching to a random mac for such an unusual
> > > > > > > configuration really justified?
> > > > > >
> > > > > > Since I can't use the NIC's MAC address, I have two options:
> > > > > > 1. To get the MAC address as was chosen by the user administering the
> > > > > >    NIC. This should invoke the set_config callback. Unfortunately this
> > > > > >    is not implemented yet.
> > > > > >
> > > > > > 2. Use a random MAC address. This is OK since if (1) is implemented it
> > > > > >    can always override this random configuration.
> > > > > >
> > > > > > > It looks like changing a MAC could break some guests,
> > > > > > > can it not?
> > > > > > >
> > > > > >
> > > > > > No, it will not. The current version of mlx5 VDPA does not allow regular
> > > > > > NIC driver and VDPA to co-exist. I have patches ready that enable that
> > > > > > from steering point of view. I will post them here once other patches on
> > > > > > which they depend will be merged.
> > > > > >
> > > > > > https://patchwork.ozlabs.org/project/netdev/patch/20201120230339.651609-12-saeedm@nvidia.com/
> > > > >
> > > > > Could you be more explicit on the following points:
> > > > > - which configuration is broken ATM (as in, two device have identical
> > > > >   macs? any other issues)?
> > > >
> > > > The only wrong thing is the call to  mlx5_query_nic_vport_mac_address().
> > > > It's not breaking anything yet is wrong. The random MAC address setting
> > > > is required for the steering patches.
> > >
> > > Okay so I'm not sure the Fixes tag at least is appropriate if it's a
> > > dependency of a new feature.
> > >
> > > > > - why won't device MAC change from guest point of view?
> > > > >
> > > >
> > > > It's lack of implementation in qemu as far as I know.
> > >
> > > Sorry not sure I understand. What's not implemented in QEMU?
> > >
> > HI Michael, there are some bug in qemu to set_config, this will fix in future,
> > But this patch is still needed, because without this patch the mlx
> > driver will give an 0 mac address to qemu
> > and qemu will overwrite the default mac address.  This will cause traffic down.
>
> Hmm the patch description says VF mac address, not 0 address. Confused.
> If there's no mac we can clear VIRTIO_NET_F_MAC and have guest
> use a random value ...
>
hi Michael,
I have tried as your suggestion, seems even remove the
VIRTIO_NET_F_MAC the qemu will still call get_cinfig and overwrite the
default address in  VM,
this process is like
vdpa _init -->qemu call get_config ->mlx driver will give  an mac
address with all 0-->
qemu will not check this mac address and use it --> overwrite the mac
address in qemu

So for my understanding there are several method to fix this problem

1, qemu check the mac address, if the mac address is all 0, qemu will
ignore it and set the random mac address to mlx driver.
2. mlx driver checks the mac address and if this mac is 0, return fail
to qemu, but this need to change the UAPI.
3. mlx driver it shelf should get an correct mac address while it init.
4. add check in qemu get_config function  , if there is not F_MAC Then
ignore the mac address from mlx driver

not sure which method is more suitable ?

Thanks
Cindy



> > > > >
> > > > > > > > ---
> > > > > > > >  drivers/vdpa/mlx5/net/mlx5_vnet.c | 5 +----
> > > > > > > >  1 file changed, 1 insertion(+), 4 deletions(-)
> > > > > > > >
> > > > > > > > diff --git a/drivers/vdpa/mlx5/net/mlx5_vnet.c b/drivers/vdpa/mlx5/net/mlx5_vnet.c
> > > > > > > > index 1fa6fcac8299..80d06d958b8b 100644
> > > > > > > > --- a/drivers/vdpa/mlx5/net/mlx5_vnet.c
> > > > > > > > +++ b/drivers/vdpa/mlx5/net/mlx5_vnet.c
> > > > > > > > @@ -1955,10 +1955,7 @@ void *mlx5_vdpa_add_dev(struct mlx5_core_dev *mdev)
> > > > > > > >       if (err)
> > > > > > > >               goto err_mtu;
> > > > > > > >
> > > > > > > > -     err = mlx5_query_nic_vport_mac_address(mdev, 0, 0, config->mac);
> > > > > > > > -     if (err)
> > > > > > > > -             goto err_mtu;
> > > > > > > > -
> > > > > > > > +     eth_random_addr(config->mac);
> > > > > > > >       mvdev->vdev.dma_dev = mdev->device;
> > > > > > > >       err = mlx5_vdpa_alloc_resources(&ndev->mvdev);
> > > > > > > >       if (err)
> > > > > > > > --
> > > > > > > > 2.26.2
> > > > > > >
> > > > >
> > >
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ