lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87o8tlxcgy.fsf@toke.dk>
Date:   Wed, 26 Feb 2020 22:31:09 +0100
From:   Toke Høiland-Jørgensen <toke@...hat.com>
To:     "Michael S. Tsirkin" <mst@...hat.com>,
        David Ahern <dahern@...italocean.com>
Cc:     David Ahern <dsahern@...il.com>, Jason Wang <jasowang@...hat.com>,
        David Ahern <dsahern@...nel.org>, netdev@...r.kernel.org,
        davem@...emloft.net, kuba@...nel.org
Subject: Re: [PATCH RFC net-next] virtio_net: Relax queue requirement for using XDP

"Michael S. Tsirkin" <mst@...hat.com> writes:

> On Wed, Feb 26, 2020 at 08:58:47AM -0700, David Ahern wrote:
>> On 2/26/20 1:34 AM, Toke Høiland-Jørgensen wrote:
>> >>
>> >> OK so basically there would be commands to configure which TX queue is
>> >> used by XDP. With enough resources default is to use dedicated queues.
>> >> With not enough resources default is to fail binding xdp program
>> >> unless queues are specified. Does this sound reasonable?
>> > 
>> > Yeah, that was the idea. See this talk from LPC last year for more
>> > details: https://linuxplumbersconf.org/event/4/contributions/462/
>> 
>>  Hopefully such a design is only required for a program doing a Tx path
>> (XDP_TX or XDP_REDIRECT). i.e., a program just doing basic ACL, NAT, or
>> even encap, decap, should not have to do anything with Tx queues to load
>> and run the program.
>
> Well when XDP was starting up it wasn't too late to require
> meta data about which codes can be returned (e.g. whether program
> can do tx). But by now there's a body of binary programs out there,
> it's probably too late ...

Well, right now things just fail silently if the system is configured
without support for a feature the XDP program is using (e.g., redirect
to an unsupported iface will just drop the packet). So arguably,
rejecting a program is an improvement :) There's ongoing work to define
a notion of XDP features (see [0]). Whether we can turn it on by
default, or if it has to be opt-in on program load/attach remains to be
seem. But it is definitely something we should improve upon :)

-Toke

[0] See https://github.com/xdp-project/xdp-project/blob/master/xdp-project.org#xdp-feature-flags

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ