lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <dcfd3551-acfc-4de3-b5c1-cf8a18730ad0@lunn.ch>
Date: Tue, 25 Mar 2025 17:43:15 +0100
From: Andrew Lunn <andrew@...n.ch>
To: Erni Sri Satya Vennela <ernis@...ux.microsoft.com>
Cc: kys@...rosoft.com, haiyangz@...rosoft.com, wei.liu@...nel.org,
	decui@...rosoft.com, andrew+netdev@...n.ch, davem@...emloft.net,
	edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
	longli@...rosoft.com, kotaranov@...rosoft.com, horms@...nel.org,
	brett.creeley@....com, surenb@...gle.com,
	schakrabarti@...ux.microsoft.com, kent.overstreet@...ux.dev,
	shradhagupta@...ux.microsoft.com, erick.archer@...look.com,
	rosenp@...il.com, linux-hyperv@...r.kernel.org,
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-rdma@...r.kernel.org
Subject: Re: [PATCH 1/3] net: mana: Add speed support in
 mana_get_link_ksettings

> The QoS control is at the hardware/firmware level and applies to the
> egress rate.

egress relative to the VM? So what the VM sends to the hypervisor.
There is no restriction the other way, hypervisor to the VM?

That is not what link modes do. 10Mbps is the limit in both
directions.

> > Also, if i understand correctly MANA is a virtual device and this is
> > the VM side of it. If this is used for bandwidth limitation, why is
> > the VM controlling this, not the hypervisor? What is the security
> > model?
> > 
> In certain cluster and hardware versions, Azure allows this API to
> restrict the bandwidth limit to a lesser value than what was configured
> by the Azure control plane. The device will not allow a higher limit
> than what was configured through the Azure control plane to be set by
> the VM through this API.

So all this information needs adding to the commit message. When you
are using an API in a strange way, you have to expect questions to be
asked, and you can save a lot of time by answering those questions in
the commit message, before they are even asked.

So, i think this is the wrong API.

Please implement it as a TC offload. I'm not an TC expert, but htb
might work.

	Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ