lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 8 Apr 2019 10:37:23 +0100
From:   Stefan Hajnoczi <stefanha@...hat.com>
To:     Stefano Garzarella <sgarzare@...hat.com>
Cc:     Stefan Hajnoczi <stefanha@...il.com>, netdev@...r.kernel.org,
        Jason Wang <jasowang@...hat.com>,
        "Michael S. Tsirkin" <mst@...hat.com>, kvm@...r.kernel.org,
        virtualization@...ts.linux-foundation.org,
        linux-kernel@...r.kernel.org,
        "David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH RFC 3/4] vsock/virtio: change the maximum packet size
 allowed

On Fri, Apr 05, 2019 at 12:07:47PM +0200, Stefano Garzarella wrote:
> On Fri, Apr 05, 2019 at 09:24:47AM +0100, Stefan Hajnoczi wrote:
> > On Thu, Apr 04, 2019 at 12:58:37PM +0200, Stefano Garzarella wrote:
> > > Since now we are able to split packets, we can avoid limiting
> > > their sizes to VIRTIO_VSOCK_DEFAULT_RX_BUF_SIZE.
> > > Instead, we can use VIRTIO_VSOCK_MAX_PKT_BUF_SIZE as the max
> > > packet size.
> > > 
> > > Signed-off-by: Stefano Garzarella <sgarzare@...hat.com>
> > > ---
> > >  net/vmw_vsock/virtio_transport_common.c | 4 ++--
> > >  1 file changed, 2 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
> > > index f32301d823f5..822e5d07a4ec 100644
> > > --- a/net/vmw_vsock/virtio_transport_common.c
> > > +++ b/net/vmw_vsock/virtio_transport_common.c
> > > @@ -167,8 +167,8 @@ static int virtio_transport_send_pkt_info(struct vsock_sock *vsk,
> > >  	vvs = vsk->trans;
> > >  
> > >  	/* we can send less than pkt_len bytes */
> > > -	if (pkt_len > VIRTIO_VSOCK_DEFAULT_RX_BUF_SIZE)
> > > -		pkt_len = VIRTIO_VSOCK_DEFAULT_RX_BUF_SIZE;
> > > +	if (pkt_len > VIRTIO_VSOCK_MAX_PKT_BUF_SIZE)
> > > +		pkt_len = VIRTIO_VSOCK_MAX_PKT_BUF_SIZE;
> > 
> > The next line limits pkt_len based on available credits:
> > 
> >   /* virtio_transport_get_credit might return less than pkt_len credit */
> >   pkt_len = virtio_transport_get_credit(vvs, pkt_len);
> > 
> > I think drivers/vhost/vsock.c:vhost_transport_do_send_pkt() now works
> > correctly even with pkt_len > VIRTIO_VSOCK_MAX_PKT_BUF_SIZE.
> 
> Correct.
> 
> > 
> > The other ->send_pkt() callback is
> > net/vmw_vsock/virtio_transport.c:virtio_transport_send_pkt_work() and it
> > can already send any size packet.
> > 
> > Do you remember why VIRTIO_VSOCK_MAX_PKT_BUF_SIZE still needs to be the
> > limit?  I'm wondering if we can get rid of it now and just limit packets
> > to the available credits.
> 
> There are 2 reasons why I left this limit:
> 1. When the host receives a packets, it must be <=
>    VIRTIO_VSOCK_MAX_PKT_BUF_SIZE [drivers/vhost/vsock.c:vhost_vsock_alloc_pkt()]
>    So in this way we can limit the packets sent from the guest.

The general intent is to prevent the guest from sending huge buffers.
This is good.

However, the guest must already obey the credit limit advertized by the
host.  Therefore I think we should be checking against that instead of
an arbitrary constant limit.

So I think the limit should be the receive buffer size, not
VIRTIO_VSOCK_MAX_PKT_BUF_SIZE.  But at this point the code doesn't know
which connection the packet is associated with and cannot check the
receive buffer size. :(

Anyway, any change to this behavior requires compatibility so new guest
drivers work with old vhost_vsock.ko.  Therefore we should probably just
leave the limit for now.

> 2. When the host send packets, it help us to increase the parallelism
>    (especially if the guest has 64 KB RX buffers) because the user thread
>    will split packets, calling multiple times transport->stream_enqueue()
>    in net/vmw_vsock/af_vsock.c:vsock_stream_sendmsg() while the
>    vhost_transport_send_pkt_work() send them to the guest.

Sorry, I don't understand the reasoning.  Overall this creates more
work.  Are you saying the benefit is that
vhost_transport_send_pkt_work() can run "early" and notify the guest of
partial rx data before all of it has been enqueued?

Stefan

Download attachment "signature.asc" of type "application/pgp-signature" (456 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ