Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Subject: Re: [MASSMAIL KLMS] Re: [PATCH v11 11/18] virtio/vsock: dequeue
 callback for SOCK_SEQPACKET
From:   Arseny Krasnov <arseny.krasnov@kaspersky.com>
To:     Stefano Garzarella <sgarzare@redhat.com>
CC:     Stefan Hajnoczi <stefanha@redhat.com>,
        "Michael S. Tsirkin" <mst@redhat.com>,
        Jason Wang <jasowang@redhat.com>,
        "David S. Miller" <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>,
        Norbert Slusarek <nslusarek@gmx.net>,
        Andra Paraschiv <andraprs@amazon.com>,
        Colin Ian King <colin.king@canonical.com>,
        "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
        "virtualization@lists.linux-foundation.org" 
        <virtualization@lists.linux-foundation.org>,
        "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "oxffffaa@gmail.com" <oxffffaa@gmail.com>
References: <20210611110744.3650456-1-arseny.krasnov@kaspersky.com>
 <20210611111241.3652274-1-arseny.krasnov@kaspersky.com>
 <20210618134423.mksgnbmchmow4sgh@steredhat.lan>
 <bb323125-f802-1d16-7530-6e4f4abb00a6@kaspersky.com>
 <20210618155555.j5p4v6j5gk2dboj3@steredhat.lan>
 <650673dc-8b29-657e-5bbd-2cc974628ec9@kaspersky.com>
 <20210618162509.yppkajmvcbzvidy4@steredhat.lan>
 <31f58b17-02e6-4246-5ad8-7e8d7892ecb7@kaspersky.com>
Message-ID: <b27d3fd1-fa8a-97ff-9035-cf3f525d5866@kaspersky.com>
Date:   Mon, 21 Jun 2021 09:55:13 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <31f58b17-02e6-4246-5ad8-7e8d7892ecb7@kaspersky.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-KSE-AttachmentFiltering-Interceptor-Info: no applicable attachment filtering
 rules found
X-KSE-Antivirus-Interceptor-Info: scan successful
X-KSE-Antivirus-Info: Clean, bases: 21.06.2021 5:14:00
X-KSE-BulkMessagesFiltering-Scan-Result: InTheLimit
X-KSE-AttachmentFiltering-Interceptor-Info: no applicable attachment filtering
 rules found
X-KSE-BulkMessagesFiltering-Scan-Result: InTheLimit
X-KLMS-Rule-ID: 52
X-KLMS-Message-Action: clean
X-KLMS-AntiSpam-Status: not scanned, disabled by settings
X-KLMS-AntiSpam-Interceptor-Info: not scanned
X-KLMS-AntiPhishing: Clean, bases: 2021/06/21 03:57:00
X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2021/06/21 05:44:00 #16774393
X-KLMS-AntiVirus-Status: Clean, skipped
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


On 18.06.2021 19:26, Arseny Krasnov wrote:
> On 18.06.2021 19:25, Stefano Garzarella wrote:
>> On Fri, Jun 18, 2021 at 07:08:30PM +0300, Arseny Krasnov wrote:
>>> On 18.06.2021 18:55, Stefano Garzarella wrote:
>>>> On Fri, Jun 18, 2021 at 06:04:37PM +0300, Arseny Krasnov wrote:
>>>>> On 18.06.2021 16:44, Stefano Garzarella wrote:
>>>>>> Hi Arseny,
>>>>>> the series looks great, I have just a question below about
>>>>>> seqpacket_dequeue.
>>>>>>
>>>>>> I also sent a couple a simple fixes, it would be great if you can review
>>>>>> them:
>>>>>> https://lore.kernel.org/netdev/20210618133526.300347-1-sgarzare@redhat.com/
>>>>>>
>>>>>>
>>>>>> On Fri, Jun 11, 2021 at 02:12:38PM +0300, Arseny Krasnov wrote:
>>>>>>> Callback fetches RW packets from rx queue of socket until whole record
>>>>>>> is copied(if user's buffer is full, user is not woken up). This is done
>>>>>>> to not stall sender, because if we wake up user and it leaves syscall,
>>>>>>> nobody will send credit update for rest of record, and sender will wait
>>>>>>> for next enter of read syscall at receiver's side. So if user buffer is
>>>>>>> full, we just send credit update and drop data.
>>>>>>>
>>>>>>> Signed-off-by: Arseny Krasnov <arseny.krasnov@kaspersky.com>
>>>>>>> ---
>>>>>>> v10 -> v11:
>>>>>>> 1) 'msg_count' field added to count current number of EORs.
>>>>>>> 2) 'msg_ready' argument removed from callback.
>>>>>>> 3) If 'memcpy_to_msg()' failed during copy loop, there will be
>>>>>>>    no next attempts to copy data, rest of record will be freed.
>>>>>>>
>>>>>>> include/linux/virtio_vsock.h            |  5 ++
>>>>>>> net/vmw_vsock/virtio_transport_common.c | 84 +++++++++++++++++++++++++
>>>>>>> 2 files changed, 89 insertions(+)
>>>>>>>
>>>>>>> diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h
>>>>>>> index dc636b727179..1d9a302cb91d 100644
>>>>>>> --- a/include/linux/virtio_vsock.h
>>>>>>> +++ b/include/linux/virtio_vsock.h
>>>>>>> @@ -36,6 +36,7 @@ struct virtio_vsock_sock {
>>>>>>> 	u32 rx_bytes;
>>>>>>> 	u32 buf_alloc;
>>>>>>> 	struct list_head rx_queue;
>>>>>>> +	u32 msg_count;
>>>>>>> };
>>>>>>>
>>>>>>> struct virtio_vsock_pkt {
>>>>>>> @@ -80,6 +81,10 @@ virtio_transport_dgram_dequeue(struct vsock_sock *vsk,
>>>>>>> 			       struct msghdr *msg,
>>>>>>> 			       size_t len, int flags);
>>>>>>>
>>>>>>> +ssize_t
>>>>>>> +virtio_transport_seqpacket_dequeue(struct vsock_sock *vsk,
>>>>>>> +				   struct msghdr *msg,
>>>>>>> +				   int flags);
>>>>>>> s64 virtio_transport_stream_has_data(struct vsock_sock *vsk);
>>>>>>> s64 virtio_transport_stream_has_space(struct vsock_sock *vsk);
>>>>>>>
>>>>>>> diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
>>>>>>> index ad0d34d41444..1e1df19ec164 100644
>>>>>>> --- a/net/vmw_vsock/virtio_transport_common.c
>>>>>>> +++ b/net/vmw_vsock/virtio_transport_common.c
>>>>>>> @@ -393,6 +393,78 @@ virtio_transport_stream_do_dequeue(struct vsock_sock *vsk,
>>>>>>> 	return err;
>>>>>>> }
>>>>>>>
>>>>>>> +static int virtio_transport_seqpacket_do_dequeue(struct vsock_sock *vsk,
>>>>>>> +						 struct msghdr *msg,
>>>>>>> +						 int flags)
>>>>>>> +{
>>>>>>> +	struct virtio_vsock_sock *vvs = vsk->trans;
>>>>>>> +	struct virtio_vsock_pkt *pkt;
>>>>>>> +	int dequeued_len = 0;
>>>>>>> +	size_t user_buf_len = msg_data_left(msg);
>>>>>>> +	bool copy_failed = false;
>>>>>>> +	bool msg_ready = false;
>>>>>>> +
>>>>>>> +	spin_lock_bh(&vvs->rx_lock);
>>>>>>> +
>>>>>>> +	if (vvs->msg_count == 0) {
>>>>>>> +		spin_unlock_bh(&vvs->rx_lock);
>>>>>>> +		return 0;
>>>>>>> +	}
>>>>>>> +
>>>>>>> +	while (!msg_ready) {
>>>>>>> +		pkt = list_first_entry(&vvs->rx_queue, struct virtio_vsock_pkt, list);
>>>>>>> +
>>>>>>> +		if (!copy_failed) {
>>>>>>> +			size_t pkt_len;
>>>>>>> +			size_t bytes_to_copy;
>>>>>>> +
>>>>>>> +			pkt_len = (size_t)le32_to_cpu(pkt->hdr.len);
>>>>>>> +			bytes_to_copy = min(user_buf_len, pkt_len);
>>>>>>> +
>>>>>>> +			if (bytes_to_copy) {
>>>>>>> +				int err;
>>>>>>> +
>>>>>>> +				/* sk_lock is held by caller so no one else can dequeue.
>>>>>>> +				 * Unlock rx_lock since memcpy_to_msg() may sleep.
>>>>>>> +				 */
>>>>>>> +				spin_unlock_bh(&vvs->rx_lock);
>>>>>>> +
>>>>>>> +				err = memcpy_to_msg(msg, pkt->buf, bytes_to_copy);
>>>>>>> +				if (err) {
>>>>>>> +					/* Copy of message failed, set flag to skip
>>>>>>> +					 * copy path for rest of fragments. Rest of
>>>>>>> +					 * fragments will be freed without copy.
>>>>>>> +					 */
>>>>>>> +					copy_failed = true;
>>>>>>> +					dequeued_len = err;
>>>>>> If we fail to copy the message we will discard the entire packet.
>>>>>> Is it acceptable for the user point of view, or we should leave the
>>>>>> packet in the queue and the user can retry, maybe with a different
>>>>>> buffer?
>>>>>>
>>>>>> Then we can remove the packets only when we successfully copied all the
>>>>>> fragments.
>>>>>>
>>>>>> I'm not sure make sense, maybe better to check also other
>>>>>> implementations :-)
>>>>>>
>>>>>> Thanks,
>>>>>> Stefano
>>>>> Understand, i'll check it on weekend, anyway I think it is
>>>>> not critical for implementation.
>>>> Yep, I agree.
>>>>
>>>>> I have another question: may be it is useful to research for
>>>>> approach where packets are not queued until whole message
>>>>> is received, but copied to user's buffer thus freeing memory.
>>>>> (like previous implementation, of course with solution of problem
>>>>> where part of message still in queue, while reader was woken
>>>>> by timeout or signal).
>>>>>
>>>>> I think it is better, because? in current version, sender may set
>>>>> 'peer_alloc_buf' to? for example 1MB, so at receiver we get
>>>>> 1MB of 'kmalloc()' memory allocated, while having user's buffer
>>>>> to copy data there or drop it(if user's buffer is full). This way
>>>>> won't change spec(e.g. no message id or SEQ_BEGIN will be added).
>>>>>
>>>>> What do You think?
>>>> Yep, I see your point and it would be great, but I think the main issues
>>>> to fix is how to handle a signal while we are waiting other fragments
>>>> since the other peer can take unspecified time to send them.
>>> What about transport callback, something like 'seqpacket_drain()' or
>>>
>>> 'seqpacket_drop_curr()' - when we got signal or timeout, notify transport
>>>
>>> to drop current message. In virtio case this will set special flag in transport,
>>>
>>> so on next dequeue, this flag is checked and if it is set - we drop all packets
>>>
>>> until EOR found. Then we can copy untouched new record.
>>>
>> But in this way, we will lose the entire message.
>>
>> Is it acceptable for seqpacket?
>>
>> Stefano
> Hm, i'll check it. At least for unix domain sockets - it supports SEQPACKET

Hello, i've checked AF_UNIX and AF_AX25 SEQPACKET implementations,

in both cases:

1) Datagram is dequeued first, then copied to user's buffer.

2) Datagram is also freed when copying to user's buffer fail

(it is not reinserted back).


But, in case of virtio vsock, i've got the following concern in

this approach: in cases of AF_UNIX or AF_AX25 there is maximum

datagram size, strictly limited by spec, so no 'setsockopt()' call allows

to exceed this. Also these limits are significantly smaller that current

amounts of RAM. But, in our case, there is no such limit: peer could

say 'i want to use 100MB datagram', and receiver just answer 'ok',

?as there is just variable assignment to setup new limit. Now, consider

that there will be 10 peers, 100MB each(no one limit such request,

because each socket doesn't know about each other). I think we get

out-of-service in this case - all kmalloc() memory will be wasted for

pending record.


I still think, that approach when we copy data from packet to user's

buffer without waiting EOR is better.


Also i'll rebase QEMU patch today or tomorrow.


What do You Think?

>>