lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <6c55b35f-9ffe-c192-651c-f5ca3d02de52@redhat.com>
Date:   Mon, 25 Nov 2019 10:42:01 +0800
From:   Jason Wang <jasowang@...hat.com>
To:     Jesper Dangaard Brouer <brouer@...hat.com>,
        David Ahern <dsahern@...il.com>
Cc:     "xdp-newbies@...r.kernel.org" <xdp-newbies@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: error loading xdp program on virtio nic


On 2019/11/23 上午12:57, Jesper Dangaard Brouer wrote:
> On Fri, 22 Nov 2019 08:43:50 -0700
> David Ahern <dsahern@...il.com> wrote:
>
>> On 11/21/19 11:09 PM, Jason Wang wrote:
>>>> Doubling the number of queues for each tap device adds overhead to the
>>>> hypervisor if you only want to allow XDP_DROP or XDP_DIRECT. Am I
>>>> understanding that correctly?
>>>
>>> Yes, but there's almost impossible to know whether or not XDP_TX will be
>>> used by the program. If we don't use per CPU TX queue, it must be
>>> serialized through locks, not sure it's worth try that (not by default,
>>> of course).
>>>    
>> This restriction is going to prevent use of XDP in VMs in general cloud
>> hosting environments. 2x vhost threads for vcpus is a non-starter.
>>
>> If one XDP feature has high resource needs, then we need to subdivide
>> the capabilities to let some work and others fail. For example, a flag
>> can be added to xdp_buff / xdp_md that indicates supported XDP features.
>> If there are insufficient resources for XDP_TX, do not show support for
>> it. If a program returns XDP_TX anyways, packets will be dropped.
>>
> This sounds like concrete use-case and solid argument why we need XDP
> feature detection and checks. (Last part of LPC talk[1] were about
> XDP features).
>
> An interesting perspective you bring up, is that XDP features are not
> static per device driver.  It actually needs to be dynamic, as your
> XDP_TX feature request depend on the queue resources available.
>
> Implementation wise, I would not add flags to xdp_buff / xdp_md.
> Instead I propose in[1] slide 46, that the verifier should detect the
> XDP features used by a BPF-prog.  If you XDP prog doesn't use e.g.
> XDP_TX, then you should be allowed to run it on a virtio_net device
> with less queue configured, right?


Yes, I think so. But I remember we used to have something like 
header_adjust in the past but finally removed ...

Thanks


>
>
> [1] http://people.netfilter.org/hawk/presentations/LinuxPlumbers2019/xdp-distro-view.pdf

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ