lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <948D159A-EFAC-4ADA-94B0-2A79561A3D15@oracle.com>
Date:	Sun, 14 Sep 2014 10:21:20 -0700
From:	Raghuram Kothakota <Raghuram.Kothakota@...cle.com>
To:	David L Stevens <david.stevens@...cle.com>
Cc:	David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [PATCHv3 net-next 1/3] sunvnet: upgrade to VIO protocol version 1.6

The following is a highlevel view of what we have in LDoms virtual network
infrastructure.

1. The vio protocol version number to introduce new messages and/or
    changes to the existing messages. 
 
    In the past there may be a case or two where the version number is
    assumed as a capability, an example is the version 1.3.

2. Flexibility to negotiate or enable individual feature/enhancement. That
    is attribute negotiation includes the ability for each peer to negotiate
    any specific feature/enhancement independently of the others. 

    An example of this are, physical link state updates(that you pointed out),
    mtu, LSO support, dring mode(TX_DRING or RX_DRING_DATA) etc.

3. Properties in MD(machine description) as way to set or enable these features
    for a Guest. This typically involves an administrative command.

    For example, an administrator can enable/disable the behavior of physical
    linkstate. The vlan-ids and mtu are also part of the administrative commands.

4. Finally the OS version(and/or patches) that is installed in a guest. 
    Without the OS/driver support, an administrator settings may not work. 
    Most of the controls revolve around the service domain, we use a new framework
    in place for administrative commands to check if the given service domain
    has the required support to enforce a specific option. In case of Guest domains,
    it's just to the Guest to enable/disable or implement a feature.

Please below for my response.

On Sep 14, 2014, at 5:02 AM, David L Stevens <david.stevens@...cle.com> wrote:

> 
> 
> On 09/13/2014 11:30 PM, Raghuram Kothakota wrote:
>> I have a question around bumping the sunvnet vio_version to 1.6.
>> Each of the versions from 1.0, have a specific feature or behavior defined in the
>> protocol, if a given version is negotiated then peers will assume the Guest
>> can handle all those feature/enhancement automatically. If a given feature
>> is not supported or implemented, it may be best to handle those cases gracefully.
> 
> It doesn't (and shouldn't) assume it supports any feature that isn't negotiated, and
> the code I submitted does not support or negotiate receive rings, for example. It
> therefore does not set the bit. The VIO protocol can negotiate TSO,
> which is not supported on Linux, so it doesn't set VNET_LSO_IPV4_CAPAB. And,
> as in your example, we don't want physical link state updates, so we use
> PHYSLINK_UPDATE_NONE (==0).
> 
> I implemented from the VIO protocol spec and verified interoperability by testing
> with pre-patched Linux (VIO v1.0) and Solaris 11.1 and 11.2.

Thanks, if you have verified these cases then it addresses my comment.
In the code, it will be good to explicitly set the attribute such as "plnk_updt" to
the PHYSLINK_UPDATE_NONE and probably add a comment on top of
it would be even better. The same could be done for the other attribute as
well.

> 
>> For example, if version 1.3 or higher is negotiated, then Guest is assumed to
>> support vlan packet processing.
> 
> Nobody should *assume* VLAN support is there based on the VIO protocol version. v1.3
> and higher require from the driver that there be space for a vlan header, which I have
> added in the patch. I did not do anything else with VLAN processing, because this is
> not a patch to add VLAN support, and nothing requires Solaris to enable it. It is no
> different with respect to VLAN support than it was before the patch, meaning that if
> an admin tries to use a feature that isn't supported on all the machines, it won't
> work, just as it wouldn't work pre-patch to enable VLAN on Solaris and try to use it
> with Linux over sunvnet. The patch is to update the VIO protocol, which is the layout
> and semantics of the fields. It is not to support every feature that can be negotiated
> within the protocol.

That's fine. My point was about  we have verified each of these
minor version specifics are thought and the behavior is understood.

-Raghuram


> 
> 								+-DLS
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ