| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Jun 2010 16:29:28 +0800 From: "Xin, Xiaohui" <xiaohui.xin@...el.com> To: Stephen Hemminger <shemminger@...tta.com> CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "kvm@...r.kernel.org" <kvm@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "mst@...hat.com" <mst@...hat.com>, "mingo@...e.hu" <mingo@...e.hu>, "davem@...emloft.net" <davem@...emloft.net>, "herbert@...dor.apana.org.au" <herbert@...dor.apana.org.au>, "jdike@...ux.intel.com" <jdike@...ux.intel.com> Subject: RE: [RFC PATCH v7 01/19] Add a new structure for skb buffer from external. >-----Original Message----- >From: Stephen Hemminger [mailto:shemminger@...tta.com] >Sent: Monday, June 07, 2010 7:14 AM >To: Xin, Xiaohui >Cc: netdev@...r.kernel.org; kvm@...r.kernel.org; linux-kernel@...r.kernel.org; >mst@...hat.com; mingo@...e.hu; davem@...emloft.net; herbert@...dor.apana.org.au; >jdike@...ux.intel.com >Subject: Re: [RFC PATCH v7 01/19] Add a new structure for skb buffer from external. > >Still not sure this is a good idea for a couple of reasons: > >1. We already have lots of special cases with skb's (frags and fraglist), > and skb's travel through a lot of different parts of the kernel. So any > new change like this creates lots of exposed points for new bugs. Look > at cases like MD5 TCP and netfilter, and forwarding these SKB's to ipsec > and ppp and ... > Yes, I agree on your concern at some extent. But the skbs which use external pages in our cases have short travels which start from NIC driver and then forward to the guest immediately. It will not travel into host kernel stack or any filters which may avoid many problems you have mentioned here. Another point is that we try to make the solution more generic to different NIC drivers, then many drivers may use the way without modifications. >2. SKB's can have infinite lifetime in the kernel. If these buffers come from > a fixed size pool in an external device, they can easily all get tied up > if you have a slow listener. What happens then? The pool is not fixed size, it's the size of usable buffers submitted by guest virtio-net driver. Guest virtio-net will check how much buffers are filled and do resubmit. What a slow listener mean? A slow NIC driver? Thanks Xiaohui -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists