lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2372a3b8-9bb2-4c53-9029-9bd03f56b98a@iogearbox.net>
Date: Wed, 19 Nov 2025 15:57:29 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: Jakub Kicinski <kuba@...nel.org>
Cc: netdev@...r.kernel.org, bpf@...r.kernel.org, davem@...emloft.net,
 razor@...ckwall.org, pabeni@...hat.com, willemb@...gle.com, sdf@...ichev.me,
 john.fastabend@...il.com, martin.lau@...nel.org, jordan@...fe.io,
 maciej.fijalkowski@...el.com, magnus.karlsson@...el.com, dw@...idwei.uk,
 toke@...hat.com, yangzhenze@...edance.com, wangdongdong.6@...edance.com
Subject: Re: [PATCH net-next v4 01/14] net: Add bind-queue operation

Hi Jakub,

On 11/7/25 1:39 AM, Jakub Kicinski wrote:
> On Fri, 31 Oct 2025 22:20:50 +0100 Daniel Borkmann wrote:
>> From: David Wei <dw@...idwei.uk>
>>
>> Add a ynl netdev family operation called bind-queue that creates a new
>> rx queue in a virtual netdev (i.e. netkit or veth) and binds it to an rx
>> queue in a real netdev.
> 
> bind is already used in context of queues to attach devmem.
> Having bind-rx, bind-tx == devmem, and bind-queue something else
> is not great. Plus well-named ops have the object first.
> 
> Can we call this op queue-create ?
> 
> It is creating a queue on the netkit, we can wrap the other params
> into a nest called "lease". Once / if we get to dynamic queue creation
> on real netdevs we can reuse it (presumably then lack of "lease" will
> then imply that we need a real queue to be allocated).
> 
>> This forms a queue pair, where the peer queue of
> 
> "queue pair" means Rx+Tx, please do not reuse terms like this.

Ok, yeah lets switch everything to 'lease', sgtm.

>> the pair in the virtual netdev acts as a proxy for the peer queue in the
>> real netdev. Thus, the peer queue in the virtual netdev can be used by
>> processes running in a container to use both memory providers (io_uring
>> zero-copy rx and devmem) and AF_XDP. An early implementation had only
>> driver-specific integration [0], but in order for other virtual devices
>> to reuse, it makes sense to have this as a generic API.
> 
>> diff --git a/Documentation/netlink/specs/netdev.yaml b/Documentation/netlink/specs/netdev.yaml
>> index e00d3fa1c152..1e24c7f76de0 100644
>> --- a/Documentation/netlink/specs/netdev.yaml
>> +++ b/Documentation/netlink/specs/netdev.yaml
>> @@ -561,6 +561,46 @@ attribute-sets:
>>           type: u32
>>           checks:
>>             min: 1
>> +  -
>> +    name: queue-pair
>> +    attributes:
> 
> No need to create a "real" attribute set for this.
> 
> Once the attrs are wrapped in a "lease" nest you'll need a single
> triplet, so make this a subset-of: queue (see the queue-id set).
> name: ifc-queue-id ?

Does the below rework look reasonable to you in terms of netdev spec?

I do like the queue-create as it's generic and can be reused in future.
As you said, we'll make the lease a nested attribute there and in future
queue-create can be reused without it.

We could then also reuse the same for the queue-get operation, I'll still
add the netns-id to the 'lease' attribute set as well, and for 'queue-create'
we enforce that the 'netns-id' is not set in order to indicate to search
the ifindex in the current netns.

With the below its also clear that queue-create ifindex is always done
against the netkit device in our use-case and there's no ambiguity.

Thanks,
Daniel

diff --git a/Documentation/netlink/specs/netdev.yaml b/Documentation/netlink/specs/netdev.yaml
index 82bf5cb2617d..b7278e8a167e 100644
--- a/Documentation/netlink/specs/netdev.yaml
+++ b/Documentation/netlink/specs/netdev.yaml
@@ -339,6 +339,11 @@ attribute-sets:
          doc: XSK information for this queue, if any.
          type: nest
          nested-attributes: xsk-info
+      -
+        name: lease
+        doc: tbd
+        type: nest
+        nested-attributes: lease
    -
      name: qstats
      doc: |
@@ -537,6 +542,20 @@ attribute-sets:
          name: id
        -
          name: type
+  -
+    name: lease
+    attributes:
+      -
+        name: ifindex
+        doc: netdev ifindex to lease the queue from.
+        type: u32
+        checks:
+          min: 1
+      -
+        name: queue
+        doc: netdev queue to lease from.
+        type: nest
+        nested-attributes: queue-id
    -
      name: dmabuf
      attributes:
@@ -684,6 +703,7 @@ operations:
              - dmabuf
              - io-uring
              - xsk
+            - lease
        dump:
          request:
            attributes:
@@ -795,6 +815,20 @@ operations:
          reply:
            attributes:
              - id
+    -
+      name: queue-create
+      doc: tbd
+      attribute-set: queue
+      flags: [admin-perm]
+      do:
+        request:
+          attributes:
+            - ifindex
+            - type
+            - lease
+        reply: &queue-create-op
+          attributes:
+            - id
  
  kernel-family:
    headers: ["net/netdev_netlink.h"]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ