Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752429AbcKFTVU (ORCPT <rfc822;w@1wt.eu>);
        Sun, 6 Nov 2016 14:21:20 -0500
Received: from p3plsmtps2ded02.prod.phx3.secureserver.net ([208.109.80.59]:41496
        "EHLO p3plsmtps2ded02.prod.phx3.secureserver.net"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752051AbcKFTVC (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 6 Nov 2016 14:21:02 -0500
x-originating-ip: 72.167.245.219
From: kys@exchange.microsoft.com
To: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
        devel@linuxdriverproject.org, olaf@aepfle.de, apw@canonical.com,
        vkuznets@redhat.com, jasowang@redhat.com,
        leann.ogasawara@canonical.com, sthemmin@microsoft.com
Cc: "K. Y. Srinivasan" <kys@microsoft.com>
Subject: [PATCH V3 12/14] Drivers: hv: vmbus: Base host signaling strictly on the ring state
Date: Sun,  6 Nov 2016 13:14:16 -0800
Message-Id: <1478466858-32153-12-git-send-email-kys@exchange.microsoft.com>
X-Mailer: git-send-email 1.7.4.1
In-Reply-To: <1478466858-32153-1-git-send-email-kys@exchange.microsoft.com>
References: <1478466784-32113-1-git-send-email-kys@exchange.microsoft.com>
 <1478466858-32153-1-git-send-email-kys@exchange.microsoft.com>
Reply-To: kys@microsoft.com
X-CMAE-Envelope: MS4wfBF2kP7eHlrC3Bi4tP20XVxj6Y1Bfjghg22kWwVLAEsToqEZD1KPfCy/728igT/czbJ29SMJtea4jE3vTTVY6EkazgmDBF2ChH6fXApS12KRIZYldzRM
 tPJLkFAo7qS7T52p83fXOTBOgttEuuTPREri+okHN5VT3/U0mKchBP+ioMDJ7k1yrlnGmNMZQX+6c4hmWFKuufRzeViOHQRC7pttm1CJcTK8S/IhjTDXHkDs
 dBR8yXD8T9F2Gk5xNXSrqtWzw2URE5SFN7d5bUCcwNlu6rvNkBrXJnmdaTZMJfA1aaD75vFKTGaNb6uxmP4L0vt6d4bMkhtxYDQNnHjfhwId0OxA460znB4P
 uDs1N504Ycfyq218w68fb7jV8Uig6FrleehUN7t0iKg5NkG49LXRZRXw75XqIU/eYlrQJMsSXq0Qd7H3nNxsnHliReGSxuFaSLvgbUbYb+ayb/fJQWD9xMgs
 nGF/F+176T2E34u28TFmn1t8MLUYONl7Gb38YQ==
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 3640
Lines: 96

From: K. Y. Srinivasan <kys@microsoft.com>

One of the factors that can result in the host concluding that a given
guest in mounting a DOS attack is if the guest generates interrupts
to the host when the host is not expecting it. If these "spurious"
interrupts reach a certain rate, the host can throttle the guest to
minimize the impact. The host computation of the "expected number
of interrupts" is strictly based on the ring transitions. Until
the host logic is fixed, base the guest logic to interrupt solely
on the ring state.

Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
---
 drivers/hv/channel.c      |   23 ++++++++++++++++++++---
 drivers/hv/channel_mgmt.c |    2 --
 drivers/hv/ring_buffer.c  |    7 -------
 3 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
index 16f91c8..5e482d7 100644
--- a/drivers/hv/channel.c
+++ b/drivers/hv/channel.c
@@ -676,10 +676,18 @@ int vmbus_sendpacket_ctl(struct vmbus_channel *channel, void *buffer,
 	 * NOTE: in this case, the hvsock channel is an exception, because
 	 * it looks the host side's hvsock implementation has a throttling
 	 * mechanism which can hurt the performance otherwise.
+	 *
+	 * KYS: Oct. 30, 2016:
+	 * It looks like Windows hosts have logic to deal with DOS attacks that
+	 * can be triggered if it receives interrupts when it is not expecting
+	 * the interrupt. The host expects interrupts only when the ring
+	 * transitions from empty to non-empty (or full to non full on the guest
+	 * to host ring).
+	 * So, base the signaling decision solely on the ring state until the
+	 * host logic is fixed.
 	 */
 
-	if (((ret == 0) && kick_q && signal) ||
-	    (ret && !is_hvsock_channel(channel)))
+	if (((ret == 0) && signal))
 		vmbus_setevent(channel);
 
 	return ret;
@@ -786,9 +794,18 @@ int vmbus_sendpacket_pagebuffer_ctl(struct vmbus_channel *channel,
 	 * If we cannot write to the ring-buffer; signal the host
 	 * even if we may not have written anything. This is a rare
 	 * enough condition that it should not matter.
+	 *
+	 * KYS: Oct. 30, 2016:
+	 * It looks like Windows hosts have logic to deal with DOS attacks that
+	 * can be triggered if it receives interrupts when it is not expecting
+	 * the interrupt. The host expects interrupts only when the ring
+	 * transitions from empty to non-empty (or full to non full on the guest
+	 * to host ring).
+	 * So, base the signaling decision solely on the ring state until the
+	 * host logic is fixed.
 	 */
 
-	if (((ret == 0) && kick_q && signal) || (ret))
+	if (((ret == 0) && signal))
 		vmbus_setevent(channel);
 
 	return ret;
diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c
index 96a85cd..cbb96f2 100644
--- a/drivers/hv/channel_mgmt.c
+++ b/drivers/hv/channel_mgmt.c
@@ -447,8 +447,6 @@ static void vmbus_process_offer(struct vmbus_channel *newchannel)
 	}
 
 	dev_type = hv_get_dev_type(newchannel);
-	if (dev_type == HV_NIC)
-		set_channel_signal_state(newchannel, HV_SIGNAL_POLICY_EXPLICIT);
 
 	init_vp_index(newchannel, dev_type);
 
diff --git a/drivers/hv/ring_buffer.c b/drivers/hv/ring_buffer.c
index 08043da..5d11d93 100644
--- a/drivers/hv/ring_buffer.c
+++ b/drivers/hv/ring_buffer.c
@@ -75,13 +75,6 @@ static bool hv_need_to_signal(u32 old_write, struct hv_ring_buffer_info *rbi,
 	if (READ_ONCE(rbi->ring_buffer->interrupt_mask))
 		return false;
 
-	/*
-	 * When the client wants to control signaling,
-	 * we only honour the host interrupt mask.
-	 */
-	if (policy == HV_SIGNAL_POLICY_EXPLICIT)
-		return true;
-
 	/* check interrupt_mask before read_index */
 	virt_rmb();
 	/*
-- 
1.7.4.1