| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Apr 2020 17:54:20 +0100
From: Stefan Hajnoczi <stefanha@...hat.com>
To: Stefano Garzarella <sgarzare@...hat.com>
Cc: Stefan Hajnoczi <stefanha@...il.com>, davem@...emloft.net,
Gerard Garcia <ggarcia@...a.uab.cat>, kvm@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
virtualization@...ts.linux-foundation.org,
Jakub Kicinski <kuba@...nel.org>
Subject: Re: [PATCH net] vsock/virtio: postpone packet delivery to monitoring
devices
On Tue, Apr 21, 2020 at 06:17:24PM +0200, Stefano Garzarella wrote:
> On Tue, Apr 21, 2020 at 04:42:46PM +0100, Stefan Hajnoczi wrote:
> > On Tue, Apr 21, 2020 at 11:25:27AM +0200, Stefano Garzarella wrote:
> > > We delivering packets to monitoring devices, before to check if
> > > the virtqueue has enough space.
> >
> > "We [are] delivering packets" and "before to check" -> "before
> > checking". Perhaps it can be rewritten as:
> >
> > Packets are delivered to monitoring devices before checking if the
> > virtqueue has enough space.
> >
>
> Yeah, it is better :-)
>
> > >
> > > If the virtqueue is full, the transmitting packet is queued up
> > > and it will be sent in the next iteration. This causes the same
> > > packet to be delivered multiple times to monitoring devices.
> > >
> > > This patch fixes this issue, postponing the packet delivery
> > > to monitoring devices, only when it is properly queued in the
> >
> > s/,//
> >
> > > virqueue.
> >
> > s/virqueue/virtqueue/
> >
>
> Thanks, I'll fix in the v2!
>
> > > @@ -137,6 +135,11 @@ virtio_transport_send_pkt_work(struct work_struct *work)
> > > break;
> > > }
> > >
> > > + /* Deliver to monitoring devices all correctly transmitted
> > > + * packets.
> > > + */
> > > + virtio_transport_deliver_tap_pkt(pkt);
> > > +
> >
> > The device may see the tx packet and therefore receive a reply to it
> > before we can call virtio_transport_deliver_tap_pkt(). Does this mean
> > that replies can now appear in the packet capture before the transmitted
> > packet?
>
> hmm, you are right!
>
> And the same thing can already happen in vhost-vsock where we call
> virtio_transport_deliver_tap_pkt() after the vhost_add_used(), right?
>
> The vhost-vsock case can be fixed in a simple way, but here do you think
> we should serialize them? (e.g. mutex, spinlock)
>
> In this case I'm worried about performance.
>
> Or is there some virtqueue API to check availability?
Let's stick to the same semantics as Ethernet netdevs. That way there
are no surprises to anyone who is familiar with Linux packet captures.
I don't know what those semantics are though, you'd need to check the
code :).
Stefan
Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists