[PATCH net 0/2] vsock/virtio: make the credit mechanism more robust

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH net 0/2] vsock/virtio: make the credit mechanism more robust
@ 2019-10-17 12:44 Stefano Garzarella
  2019-10-17 12:44 ` [PATCH net 1/2] vsock/virtio: send a credit update when buffer size is changed Stefano Garzarella
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Stefano Garzarella @ 2019-10-17 12:44 UTC (permalink / raw)
  To: netdev
  Cc: kvm, linux-kernel, David S. Miller, Stefan Hajnoczi, virtualization

This series makes the credit mechanism implemented in the
virtio-vsock devices more robust.
Patch 1 sends an update to the remote peer when the buf_alloc
change.
Patch 2 prevents a malicious peer (especially the guest) can
consume all the memory of the other peer, discarding packets
when the credit available is not respected.

Stefano Garzarella (2):
  vsock/virtio: send a credit update when buffer size is changed
  vsock/virtio: discard packets if credit is not respected

 net/vmw_vsock/virtio_transport_common.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

-- 
2.21.0


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH net 1/2] vsock/virtio: send a credit update when buffer size is changed
  2019-10-17 12:44 [PATCH net 0/2] vsock/virtio: make the credit mechanism more robust Stefano Garzarella
@ 2019-10-17 12:44 ` Stefano Garzarella
  2019-10-17 12:44 ` [PATCH net 2/2] vsock/virtio: discard packets if credit is not respected Stefano Garzarella
  2019-10-18 17:20 ` [PATCH net 0/2] vsock/virtio: make the credit mechanism more robust David Miller
  2 siblings, 0 replies; 4+ messages in thread
From: Stefano Garzarella @ 2019-10-17 12:44 UTC (permalink / raw)
  To: netdev
  Cc: kvm, linux-kernel, David S. Miller, Stefan Hajnoczi, virtualization

When the user application set a new buffer size value, we should
update the remote peer about this change, since it uses this
information to calculate the credit available.

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
 net/vmw_vsock/virtio_transport_common.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
index a666ef8fc54e..db127a69f5c3 100644
--- a/net/vmw_vsock/virtio_transport_common.c
+++ b/net/vmw_vsock/virtio_transport_common.c
@@ -458,6 +458,9 @@ void virtio_transport_set_buffer_size(struct vsock_sock *vsk, u64 val)
 		vvs->buf_size_max = val;
 	vvs->buf_size = val;
 	vvs->buf_alloc = val;
+
+	virtio_transport_send_credit_update(vsk, VIRTIO_VSOCK_TYPE_STREAM,
+					    NULL);
 }
 EXPORT_SYMBOL_GPL(virtio_transport_set_buffer_size);

-- 
2.21.0

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH net 2/2] vsock/virtio: discard packets if credit is not respected
  2019-10-17 12:44 [PATCH net 0/2] vsock/virtio: make the credit mechanism more robust Stefano Garzarella
  2019-10-17 12:44 ` [PATCH net 1/2] vsock/virtio: send a credit update when buffer size is changed Stefano Garzarella
@ 2019-10-17 12:44 ` Stefano Garzarella
  2019-10-18 17:20 ` [PATCH net 0/2] vsock/virtio: make the credit mechanism more robust David Miller
  2 siblings, 0 replies; 4+ messages in thread
From: Stefano Garzarella @ 2019-10-17 12:44 UTC (permalink / raw)
  To: netdev
  Cc: kvm, linux-kernel, David S. Miller, Stefan Hajnoczi, virtualization

If the remote peer doesn't respect the credit information
(buf_alloc, fwd_cnt), sending more data than it can send,
we should drop the packets to prevent a malicious peer
from using all of our memory.

This is patch follows the VIRTIO spec: "VIRTIO_VSOCK_OP_RW data
packets MUST only be transmitted when the peer has sufficient
free buffer space for the payload"

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
 net/vmw_vsock/virtio_transport_common.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
index db127a69f5c3..481f7f8a1655 100644
--- a/net/vmw_vsock/virtio_transport_common.c
+++ b/net/vmw_vsock/virtio_transport_common.c
@@ -204,10 +204,14 @@ static int virtio_transport_send_pkt_info(struct vsock_sock *vsk,
 	return virtio_transport_get_ops()->send_pkt(pkt);
 }

-static void virtio_transport_inc_rx_pkt(struct virtio_vsock_sock *vvs,
+static bool virtio_transport_inc_rx_pkt(struct virtio_vsock_sock *vvs,
 					struct virtio_vsock_pkt *pkt)
 {
+	if (vvs->rx_bytes + pkt->len > vvs->buf_alloc)
+		return false;
+
 	vvs->rx_bytes += pkt->len;
+	return true;
 }

 static void virtio_transport_dec_rx_pkt(struct virtio_vsock_sock *vvs,
@@ -879,14 +883,18 @@ virtio_transport_recv_enqueue(struct vsock_sock *vsk,
 			      struct virtio_vsock_pkt *pkt)
 {
 	struct virtio_vsock_sock *vvs = vsk->trans;
-	bool free_pkt = false;
+	bool can_enqueue, free_pkt = false;

 	pkt->len = le32_to_cpu(pkt->hdr.len);
 	pkt->off = 0;

 	spin_lock_bh(&vvs->rx_lock);

-	virtio_transport_inc_rx_pkt(vvs, pkt);
+	can_enqueue = virtio_transport_inc_rx_pkt(vvs, pkt);
+	if (!can_enqueue) {
+		free_pkt = true;
+		goto out;
+	}

 	/* Try to copy small packets into the buffer of last packet queued,
 	 * to avoid wasting memory queueing the entire buffer with a small
-- 
2.21.0

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH net 0/2] vsock/virtio: make the credit mechanism more robust
  2019-10-17 12:44 [PATCH net 0/2] vsock/virtio: make the credit mechanism more robust Stefano Garzarella
  2019-10-17 12:44 ` [PATCH net 1/2] vsock/virtio: send a credit update when buffer size is changed Stefano Garzarella
  2019-10-17 12:44 ` [PATCH net 2/2] vsock/virtio: discard packets if credit is not respected Stefano Garzarella
@ 2019-10-18 17:20 ` David Miller
  2 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2019-10-18 17:20 UTC (permalink / raw)
  To: sgarzare; +Cc: netdev, kvm, linux-kernel, stefanha, virtualization

From: Stefano Garzarella <sgarzare@redhat.com>
Date: Thu, 17 Oct 2019 14:44:01 +0200

> This series makes the credit mechanism implemented in the
> virtio-vsock devices more robust.
> Patch 1 sends an update to the remote peer when the buf_alloc
> change.
> Patch 2 prevents a malicious peer (especially the guest) can
> consume all the memory of the other peer, discarding packets
> when the credit available is not respected.

Series applied, thanks.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2019-10-18 17:20 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-17 12:44 [PATCH net 0/2] vsock/virtio: make the credit mechanism more robust Stefano Garzarella
2019-10-17 12:44 ` [PATCH net 1/2] vsock/virtio: send a credit update when buffer size is changed Stefano Garzarella
2019-10-17 12:44 ` [PATCH net 2/2] vsock/virtio: discard packets if credit is not respected Stefano Garzarella
2019-10-18 17:20 ` [PATCH net 0/2] vsock/virtio: make the credit mechanism more robust David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).