From: annie li <annie.li@oracle.com>
To: Wei Liu <wei.liu2@citrix.com>
Cc: netdev@vger.kernel.org, xen-devel@lists.xen.org,
ian.campbell@citrix.com, konrad.wilk@oracle.com,
david.vrabel@citrix.com, jbeulich@suse.com, wdauchy@gmail.com
Subject: Re: [Xen-devel] [PATCH V5 6/7] xen-netback: coalesce slots in TX path and fix regressions
Date: Tue, 30 Apr 2013 14:06:01 -0400 [thread overview]
Message-ID: <51800809.9070407@oracle.com> (raw)
In-Reply-To: <1366045581-31349-7-git-send-email-wei.liu2@citrix.com>
On 2013-4-15 13:06, Wei Liu wrote:
> This patch tries to coalesce tx requests when constructing grant copy
> structures. It enables netback to deal with situation when frontend's
> MAX_SKB_FRAGS is larger than backend's MAX_SKB_FRAGS.
>
> With the help of coalescing, this patch tries to address two regressions and
> avoid reopening the security hole in XSA-39.
>
> Regression 1. The reduction of the number of supported ring entries (slots)
> per packet (from 18 to 17). This regression has been around for some time but
> remains unnoticed until XSA-39 security fix. This is fixed by coalescing
> slots.
>
> Regression 2. The XSA-39 security fix turning "too many frags" errors from
> just dropping the packet to a fatal error and disabling the VIF. This is fixed
> by coalescing slots (handling 18 slots when backend's MAX_SKB_FRAGS is 17)
> which rules out false positive (using 18 slots is legit) and dropping packets
> using 19 to `max_skb_slots` slots.
>
> To avoid reopening security hole in XSA-39, frontend sending packet using more
> than max_skb_slots is considered malicious.
>
> The behavior of netback for packet is thus:
>
> 1-18 slots: valid
> 19-max_skb_slots slots: drop and respond with an error
> max_skb_slots+ slots: fatal error
>
> max_skb_slots is configurable by admin, default value is 20.
>
> Also change variable name from "frags" to "slots" in netbk_count_requests.
>
> Please note that RX path still has dependency on MAX_SKB_FRAGS. This will be
> fixed with separate patch.
Wei,
The RX path dependency on MAX_SKB_FRAGS in netback should not cause
packet dropping issue like TX path, RX path only calls netif_stop_queue
if RX ring is full.
What is your plan on RX path? Is it in your schedule or you started it
already?
Thanks
Annie
next prev parent reply other threads:[~2013-04-30 18:06 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-15 17:06 [PATCH V5 0/7] Bundle fixes for Xen netfront /netback Wei Liu
2013-04-15 17:06 ` [PATCH V5 1/7] xen-netfront: remove unused variable `extra' Wei Liu
2013-04-15 17:06 ` [PATCH V5 2/7] xen-netfront: frags -> slots in xennet_get_responses Wei Liu
2013-04-15 17:06 ` [PATCH V5 3/7] xen-netback: remove skb in xen_netbk_alloc_page Wei Liu
2013-04-15 17:06 ` [PATCH V5 4/7] xen-netfront: frags -> slots in log message Wei Liu
2013-04-17 13:48 ` Ian Campbell
2013-04-15 17:06 ` [PATCH V5 5/7] xen-netfront: reduce gso_max_size to account for max TCP header Wei Liu
2013-04-17 13:51 ` Ian Campbell
2013-04-15 17:06 ` [PATCH V5 6/7] xen-netback: coalesce slots in TX path and fix regressions Wei Liu
2013-04-17 13:53 ` Ian Campbell
2013-04-21 22:06 ` annie li
2013-04-22 9:28 ` Wei Liu
2013-04-30 18:06 ` annie li [this message]
2013-05-01 9:22 ` [Xen-devel] " Wei Liu
2013-04-15 17:06 ` [PATCH V5 7/7] xen-netback: don't disconnect frontend when seeing oversize packet Wei Liu
2013-04-15 17:38 ` [PATCH V5 0/7] Bundle fixes for Xen netfront /netback David Miller
2013-04-17 13:49 ` Ian Campbell
2013-04-17 17:05 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51800809.9070407@oracle.com \
--to=annie.li@oracle.com \
--cc=david.vrabel@citrix.com \
--cc=ian.campbell@citrix.com \
--cc=jbeulich@suse.com \
--cc=konrad.wilk@oracle.com \
--cc=netdev@vger.kernel.org \
--cc=wdauchy@gmail.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).