From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Yao, Lei A" Subject: Re: [PATCH 00/12] Vhost: CVE-2018-1059 fixes Date: Wed, 2 May 2018 05:08:56 +0000 Message-ID: <2DBBFF226F7CF64BAFCA79B681719D953A432589@SHSMSX101.ccr.corp.intel.com> References: <20180423155818.21285-1-maxime.coquelin@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Cc: "Bie, Tiwei" To: Maxime Coquelin , "dev@dpdk.org" Return-path: Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by dpdk.org (Postfix) with ESMTP id BB110231E for ; Wed, 2 May 2018 07:09:00 +0200 (CEST) In-Reply-To: <20180423155818.21285-1-maxime.coquelin@redhat.com> Content-Language: en-US List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi, Maxime During the 18.05-rc1 performance testing, I find this patch set will bring slightly performance drop on mergeable and normal path, and big performance drop on vector path. Could you have a check on this? I know this patch is=20 important for security. Not sure if there is any way to improve the perform= ance. Mergebale=09 packet size=09 64 0.80% 128 -2.75% 260 -2.93% 520 -2.72% 1024 -1.18% 1500 -0.65% =09 Normal=09 packet size=09 64 -1.47% 128 -7.43% 260 -3.66% 520 -2.52% 1024 -1.19% 1500 -0.78% =09 Vector=09 packet size=09 64 -8.60% 128 -3.54% 260 -2.63% 520 -6.12% 1024 -1.05% 1500 -1.20%=20 CPU info: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz OS: Ubuntu 16.04 BRs Lei > -----Original Message----- > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Maxime Coquelin > Sent: Monday, April 23, 2018 11:58 PM > To: dev@dpdk.org > Cc: Maxime Coquelin > Subject: [dpdk-dev] [PATCH 00/12] Vhost: CVE-2018-1059 fixes >=20 > This series fixes the security vulnerability referenced > as CVE-2018-1059. >=20 > Patches are already applied to the branch, but reviews > are encouraged. Any issues spotted would be fixed on top. >=20 > Maxime Coquelin (12): > vhost: fix indirect descriptors table translation size > vhost: check all range is mapped when translating GPAs > vhost: introduce safe API for GPA translation > vhost: ensure all range is mapped when translating QVAs > vhost: add support for non-contiguous indirect descs tables > vhost: handle virtually non-contiguous buffers in Tx > vhost: handle virtually non-contiguous buffers in Rx > vhost: handle virtually non-contiguous buffers in Rx-mrg > examples/vhost: move to safe GPA translation API > examples/vhost_scsi: move to safe GPA translation API > vhost/crypto: move to safe GPA translation API > vhost: deprecate unsafe GPA translation API >=20 > examples/vhost/virtio_net.c | 94 +++++++- > examples/vhost_scsi/vhost_scsi.c | 56 ++++- > lib/librte_vhost/rte_vhost.h | 46 ++++ > lib/librte_vhost/rte_vhost_version.map | 4 +- > lib/librte_vhost/vhost.c | 39 ++-- > lib/librte_vhost/vhost.h | 8 +- > lib/librte_vhost/vhost_crypto.c | 65 ++++-- > lib/librte_vhost/vhost_user.c | 58 +++-- > lib/librte_vhost/virtio_net.c | 411 +++++++++++++++++++++++++++= +- > ---- > 9 files changed, 650 insertions(+), 131 deletions(-) >=20 > -- > 2.14.3