lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID:
 <MW4PR21MB18597355B7156EC46BD793E2CA712@MW4PR21MB1859.namprd21.prod.outlook.com>
Date: Thu, 3 Oct 2024 15:35:41 +0000
From: Haiyang Zhang <haiyangz@...rosoft.com>
To: Paolo Abeni <pabeni@...hat.com>, "linux-hyperv@...r.kernel.org"
	<linux-hyperv@...r.kernel.org>, "netdev@...r.kernel.org"
	<netdev@...r.kernel.org>
CC: KY Srinivasan <kys@...rosoft.com>, "wei.liu@...nel.org"
	<wei.liu@...nel.org>, Dexuan Cui <decui@...rosoft.com>, "edumazet@...gle.com"
	<edumazet@...gle.com>, "kuba@...nel.org" <kuba@...nel.org>,
	"stephen@...workplumber.org" <stephen@...workplumber.org>,
	"davem@...emloft.net" <davem@...emloft.net>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, "stable@...r.kernel.org"
	<stable@...r.kernel.org>
Subject: RE: [PATCH net] hv_netvsc: Fix VF namespace also in netvsc_open



> -----Original Message-----
> From: Paolo Abeni <pabeni@...hat.com>
> Sent: Thursday, October 3, 2024 5:35 AM
> To: Haiyang Zhang <haiyangz@...rosoft.com>; linux-hyperv@...r.kernel.org;
> netdev@...r.kernel.org
> Cc: KY Srinivasan <kys@...rosoft.com>; wei.liu@...nel.org; Dexuan Cui
> <decui@...rosoft.com>; edumazet@...gle.com; kuba@...nel.org;
> stephen@...workplumber.org; davem@...emloft.net; linux-
> kernel@...r.kernel.org; stable@...r.kernel.org
> Subject: Re: [PATCH net] hv_netvsc: Fix VF namespace also in netvsc_open
> 
> On 9/27/24 22:54, Haiyang Zhang wrote:
> > The existing code moves VF to the same namespace as the synthetic
> device
> > during netvsc_register_vf(). But, if the synthetic device is moved to a
> > new namespace after the VF registration, the VF won't be moved
> together.
> >
> > To make the behavior more consistent, add a namespace check to
> netvsc_open(),
> > and move the VF if it is not in the same namespace.
> >
> > Cc: stable@...r.kernel.org
> > Fixes: c0a41b887ce6 ("hv_netvsc: move VF to same namespace as netvsc
> device")
> > Signed-off-by: Haiyang Zhang <haiyangz@...rosoft.com>
> 
> This looks strange to me. Skimming over the code it looks like that with
> VF you really don't mean a Virtual Function...

Thanks for the review.
"VF": I mean "Virtual Function" NIC.

> Looking at the blamed commit, it looks like that having both the
> synthetic and the "VF" device in different namespaces is an intended
> use-case. This change would make such scenario more difficult and could
> possibly break existing use-cases.

On Hyper-V / Azure hosts, the synthetic NIC (master) and VF NIC (slave)
are transparently bonded, and apps should only interact with the
synthetic NIC (master). Using them at two different namespaces is not
an intended use case.

We have published documents explaining this:
"The synthetic and VF interfaces have the same MAC address. Together, 
they constitute a single NIC from the standpoint of other network entities 
that exchange packets with the virtual NIC in the VM. "
"IP addresses are assigned only to the synthetic interface."
https://learn.microsoft.com/en-us/azure/virtual-network/accelerated-networking-how-it-works
 
> Why do you think it will be more consistent? If the user moved the
> synthetic device in another netns, possibly/likely the user intended to
> keep both devices separated.

Consider two Cases:
Case 1):
	- Synthetic NIC is offered.
	- Run command to move synthetic NIC
		ip link set <synthetic NIC> netns <new namespace>
	- VF NIC is offered.

Case 2):
	- Synthetic NIC is offered.
	- VF NIC is offered.
	- Run command to move synthetic NIC
		ip link set <synthetic NIC> netns <new namespace>

The previous patch: c0a41b887ce6 ("hv_netvsc: move VF to same namespace as netvsc device")
automatically moves the VF to the new namespace in Case (1), but not
in Case (2).

With this patch, VF will be automatically moved to the new namespace
also in the Case (2). So, the behaviors of Case 1 & 2 become consistent.
This will make our customers easier to find and check if VF NIC is
running, and its stat data.

Thanks,
- Haiyang

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ