lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 9 Jan 2017 15:13:15 -0800
From:   John Fastabend <john.fastabend@...il.com>
To:     "Michael S. Tsirkin" <mst@...hat.com>,
        Jason Wang <jasowang@...hat.com>
Cc:     john.r.fastabend@...el.com, netdev@...r.kernel.org,
        alexei.starovoitov@...il.com, daniel@...earbox.net
Subject: Re: [net PATCH] net: virtio: cap mtu when XDP programs are running

On 17-01-09 03:05 PM, Michael S. Tsirkin wrote:
> On Thu, Jan 05, 2017 at 11:09:14AM +0800, Jason Wang wrote:
>>
>>
>> On 2017年01月05日 02:57, John Fastabend wrote:
>>> [...]
>>>
>>>> On 2017年01月04日 00:48, John Fastabend wrote:
>>>>> On 17-01-02 10:14 PM, Jason Wang wrote:
>>>>>> On 2017年01月03日 06:30, John Fastabend wrote:
>>>>>>> XDP programs can not consume multiple pages so we cap the MTU to
>>>>>>> avoid this case. Virtio-net however only checks the MTU at XDP
>>>>>>> program load and does not block MTU changes after the program
>>>>>>> has loaded.
>>>>>>>
>>>>>>> This patch sets/clears the max_mtu value at XDP load/unload time.
>>>>>>>
>>>>>>> Signed-off-by: John Fastabend <john.r.fastabend@...el.com>
>>>>>>> ---
>>> [...]
>>>
>>>>> OK so this logic is a bit too simply. When it resets the max_mtu I guess it
>>>>> needs to read the mtu via
>>>>>
>>>>>      virtio_cread16(vdev, ...)
>>>>>
>>>>> or we may break the negotiated mtu.
>>>> Yes, this is a problem (even use ETH_MAX_MTU). We may need a method to notify
>>>> the device about the mtu in this case which is not supported by virtio now.
>>> Note this is not really a XDP specific problem. The guest can change the MTU
>>> after init time even without XDP which I assume should ideally result in a
>>> notification if the MTU is negotiated.
>>
>> Yes, Michael, do you think we need add some mechanism to notify host about
>> MTU change in this case?
>>
>> Thanks
> 
> Why does host care?
> 

Well the guest will drop packets after mtu has been reduced. Although the guest
by reducing its MTU in some sense must expect this. Likewise if the host were
to change MTU after virtio_net probe time the guest would not learn about it.

I think at best negotiating the mtu is just a hint? If system _really_ cares
we could use lldp or some other out of band mechanism to learn/set/adjust MTU
on both systems and it would be more robust. I'm not actually convinced this
is a problem in bare metal systems we have the same issue with physical
switches and solve it out of band via configuration, protocols, etc.

.John

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ