Received: by 2002:a05:6a10:a852:0:0:0:0 with SMTP id d18csp1153765pxy; Thu, 6 May 2021 01:28:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJymITqIfX5CCcKosArK9oRltcLHs2cPA73Yc3vvDqIF0SA+DfkRynRDiMI7G2hzivIQXk6A X-Received: by 2002:a62:be16:0:b029:25a:e1b4:5deb with SMTP id l22-20020a62be160000b029025ae1b45debmr3220891pff.66.1620289684643; Thu, 06 May 2021 01:28:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620289684; cv=none; d=google.com; s=arc-20160816; b=QzBSauw+6wvVpDzvXhD0zezp83+6bvGzN8scBRrIQa2KHzZqTNDFGgSHFR7n8rl2ze Ni2XLW24ywlkv77i7jdAlf8GoMOt/U2FfswI8PCUa9QUUECuBIQIWsrNENy5rcDBTAeB LpdnnaNMODyTLV+eWMpCKvgXWdU2hChTrO/4OCYzgstKCgU1LbfGP365PAB+0taltuGV DUvHx5UvVhW9Gjwem0V030Hdc+dgqyslIMY4/kZJtBUqW5LfJzHZR44rf9IOfQWqWkln rIbrf1Luo5W70ZkeeGNHp4JnE9SSAdl+lIyoesywmQ/xvet/0j/YIBoV+WjZEIBDpjkR NEpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=UC82bAJniKzYDd1rr6hFdgedXUqInssRFspajndQMpU=; b=034MP9T+CzrFMsvABzc4Wa4ibMS6TvZihMfTTuER4W6ju3yuSxf0xmkH15WJUoNu44 HZkgS2VafDsyrna3GmUKdJnbOLnjI0PGwsm7viKNTNOYi8RDx/O+BnBcQ0x856zmIwme 1WOlxPdz29bKswYocSSb6U02OimmCxzC0IwRM9YCnA5ZiDPIJfA9vvkkNP+/kOVB/2pk UbZWT9KBEJtX1yc+sowgQF06wn92Kxcqb/tb7FbDLt+w/lG+M7rMn9NY7kXh16SJfSoj D15MxmHXm/MLr+rIXZsl1qZHL+TxA2sI/iH4/xuMyTXDr7Oz/yEVH8Inn5qDNyGhXmhg AN5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SK8K2O+T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l6si2131996pff.253.2021.05.06.01.27.52; Thu, 06 May 2021 01:28:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SK8K2O+T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233669AbhEFINZ (ORCPT + 99 others); Thu, 6 May 2021 04:13:25 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:40886 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233638AbhEFINY (ORCPT ); Thu, 6 May 2021 04:13:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1620288746; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UC82bAJniKzYDd1rr6hFdgedXUqInssRFspajndQMpU=; b=SK8K2O+TEh9ofT+OChMOa8gvXEKqeKOs94Zso8TwxRT8LPF92W6hNmXxbr9UoUVJY6bRMv Zq9lwm6mmJrdbKrvg75l43ovexfx6ledyQgI67J5MT7hlNS3IviyzQhFWNdGe4JbvlMvsS KObIJy0ZVi5FzBY8WY5eoquaVYCau3Q= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-205-YY5BTwI6P0mqAAaqanTUlg-1; Thu, 06 May 2021 04:12:23 -0400 X-MC-Unique: YY5BTwI6P0mqAAaqanTUlg-1 Received: by mail-wr1-f70.google.com with SMTP id x10-20020adfc18a0000b029010d83c83f2aso1867278wre.8 for ; Thu, 06 May 2021 01:12:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=UC82bAJniKzYDd1rr6hFdgedXUqInssRFspajndQMpU=; b=FxbHuyNUhnL0p3wL3x5oIN6/mVuy5qXba78ngIEEzCGczvr+toLEeu22Ag+nkm6ShX kYJBrIZ39nlM+c8tlEgxCAG51lreGdLCzvBRVGOU6IAIQfBKcGF4QqY+AAYS5wFEj+du nZjXzQBZFRmi2nXTLZrqBBHDKlHEKIMh1imh2c1MQ/EiQQCamZcGV/gO+eUIxYr840HC UcKYaV9a5rvoQmXU1vzDBkD7PxJF+d4PYg5fJCNE6tnhKO5+3tjmwpYRbRgzSYOdYRyz sYaaIoFCDzo+0RHNW0qgOgQcUj2mE3VnNJjqkvYoYfWROmVYuZSyl1/x00jLU1ynUkfn FImw== X-Gm-Message-State: AOAM533TsxFcAPdSLp0Pgcrkb6FqHQgAXOdX1NiMNxOr4qNggGn65mPY zAU3ToBsTe1ynEqx187MEh5W5lOuwkRwHSmYn28ikWr2l9N7uOBvKudm6AXpNf3Cln/DKWdCsm4 py4IFfYK2M3S8/bCTNZZqaCis X-Received: by 2002:a5d:5351:: with SMTP id t17mr3541246wrv.83.1620288741816; Thu, 06 May 2021 01:12:21 -0700 (PDT) X-Received: by 2002:a5d:5351:: with SMTP id t17mr3541224wrv.83.1620288741611; Thu, 06 May 2021 01:12:21 -0700 (PDT) Received: from redhat.com ([2a10:8004:640e:0:d1db:1802:5043:7b85]) by smtp.gmail.com with ESMTPSA id x65sm10637130wmg.36.2021.05.06.01.12.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 May 2021 01:12:20 -0700 (PDT) Date: Thu, 6 May 2021 04:12:17 -0400 From: "Michael S. Tsirkin" To: Jason Wang Cc: virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org, xieyongji@bytedance.com, stefanha@redhat.com, file@sect.tu-berlin.de, ashish.kalra@amd.com, konrad.wilk@oracle.com, kvm@vger.kernel.org, hch@infradead.org Subject: Re: [RFC PATCH V2 0/7] Do not read from descripto ring Message-ID: <20210506041057-mutt-send-email-mst@kernel.org> References: <20210423080942.2997-1-jasowang@redhat.com> <0e9d70b7-6c8a-4ff5-1fa9-3c4f04885bb8@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <0e9d70b7-6c8a-4ff5-1fa9-3c4f04885bb8@redhat.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 06, 2021 at 11:20:30AM +0800, Jason Wang wrote: > > 在 2021/4/23 下午4:09, Jason Wang 写道: > > Hi: > > > > Sometimes, the driver doesn't trust the device. This is usually > > happens for the encrtpyed VM or VDUSE[1]. In both cases, technology > > like swiotlb is used to prevent the poking/mangling of memory from the > > device. But this is not sufficient since current virtio driver may > > trust what is stored in the descriptor table (coherent mapping) for > > performing the DMA operations like unmap and bounce so the device may > > choose to utilize the behaviour of swiotlb to perform attacks[2]. > > > > To protect from a malicous device, this series store and use the > > descriptor metadata in an auxiliay structure which can not be accessed > > via swiotlb instead of the ones in the descriptor table. This means > > the descriptor table is write-only from the view of the driver. > > > > Actually, we've almost achieved that through packed virtqueue and we > > just need to fix a corner case of handling mapping errors. For split > > virtqueue we just follow what's done in the packed. > > > > Note that we don't duplicate descriptor medata for indirect > > descriptors since it uses stream mapping which is read only so it's > > safe if the metadata of non-indirect descriptors are correct. > > > > For split virtqueue, the change increase the footprint due the the > > auxiliary metadata but it's almost neglectlable in the simple test > > like pktgen or netpef. > > > > Slightly tested with packed on/off, iommu on/of, swiotlb force/off in > > the guest. > > > > Please review. > > > > Changes from V1: > > - Always use auxiliary metadata for split virtqueue > > - Don't read from descripto when detaching indirect descriptor > > > Hi Michael: > > Our QE see no regression on the perf test for 10G but some regressions > (5%-10%) on 40G card. > > I think this is expected since we increase the footprint, are you OK with > this and we can try to optimize on top or you have other ideas? > > Thanks Let's try for just a bit, won't make this window anyway: I have an old idea. Add a way to find out that unmap is a nop (or more exactly does not use the address/length). Then in that case even with DMA API we do not need the extra data. Hmm? > > > > > [1] > > https://lore.kernel.org/netdev/fab615ce-5e13-a3b3-3715-a4203b4ab010@redhat.com/T/ > > [2] > > https://yhbt.net/lore/all/c3629a27-3590-1d9f-211b-c0b7be152b32@redhat.com/T/#mc6b6e2343cbeffca68ca7a97e0f473aaa871c95b > > > > Jason Wang (7): > > virtio-ring: maintain next in extra state for packed virtqueue > > virtio_ring: rename vring_desc_extra_packed > > virtio-ring: factor out desc_extra allocation > > virtio_ring: secure handling of mapping errors > > virtio_ring: introduce virtqueue_desc_add_split() > > virtio: use err label in __vring_new_virtqueue() > > virtio-ring: store DMA metadata in desc_extra for split virtqueue > > > > drivers/virtio/virtio_ring.c | 201 +++++++++++++++++++++++++---------- > > 1 file changed, 144 insertions(+), 57 deletions(-) > >