Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp2474160pxm; Sun, 27 Feb 2022 22:53:06 -0800 (PST) X-Google-Smtp-Source: ABdhPJxU2WwhLH0BovP8sBcQXX9gh3rLJJnHs7jeNY+Jz11/DaqGbp0ZrrGm0LBeFCIcp3gf/EWG X-Received: by 2002:a05:6a00:23d1:b0:4f4:76:4b69 with SMTP id g17-20020a056a0023d100b004f400764b69mr5156437pfc.29.1646031185962; Sun, 27 Feb 2022 22:53:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646031185; cv=none; d=google.com; s=arc-20160816; b=R8TXuDCSNq8QHePBtAQg3MOSG017+6nNu75EmhUvNHgFCwpTX5jQdyEkRajbi/W0Nm qPBA7cSVHD6v5h+oFTY8C/I5QybnR6StVLFxHcloCqNMzmcfp8uNXqoGPKsCAgvPkkJu evQSedYZOY7UbvxQZidhbdGSbbWKgx5kmR4fX+JEuKz5zNxXkhDeHhOapZWDbgPsZ3A9 umL62RIsQ0AnQ3Kr4nHjeg6lLyf6GIc8Svf337gv5c7e+umuQXEwk3PCzKatS/vKpD+g S2rdg56XLZeTGWZen+irNzV00OtQutXWt16QaB+SQ2LROSySf9V4vbSmSdpXIyUO+zmh DCVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=qsxc2s292NsRQ4hzwanA8m9ycoHJFMMtSw79mLbnNdE=; b=IrYxfeXokiRAAnFIHaYvg0rn8PYyJ1Ax+nvAgg0F1HGxjgfIzm0Kygp5861CDx+VDv U7+u6XwtpGeN6RCmMcezY49m5pWs/em0YomBHe5YjRyTtXcwxT5hQ2LROvyvxwAzohZZ CUhZHedeXvWDcFcdUqi+17L/cY0NzOIZ5vXoVpHnG1CWJuTcFAGDqpj36rFRyhAq8IW3 6IlDxjnBWp2+KwF4g/3jljusrTaKE2KZT0ry9D3r+OItZAF90icctxHwbYK1GihqhtN1 yhGw8Fyh+f/HL3L09gCAUko0vV+tvufYIJEZ1ddPYvV6w/b4RtmSPwJlXtRvJga0j2Sp DG1g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=UObONYEQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a6-20020a17090abe0600b001bc073de4f5si13990669pjs.182.2022.02.27.22.52.50; Sun, 27 Feb 2022 22:53:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=UObONYEQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229643AbiB1FSR (ORCPT + 99 others); Mon, 28 Feb 2022 00:18:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46336 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232858AbiB1FSP (ORCPT ); Mon, 28 Feb 2022 00:18:15 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 16CDB29835 for ; Sun, 27 Feb 2022 21:17:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646025457; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=qsxc2s292NsRQ4hzwanA8m9ycoHJFMMtSw79mLbnNdE=; b=UObONYEQYdCVxKHA11OaBuo5CFL6IpX0AW0kcT2RJcfpvyOAolx9fCGshmUQkKTrjsovM+ mTyalHtmtm89fXcSUcOyosoF53MlLOPfgDekv0n0iCvIQGJcPcDMC+iTRnPGy6gYfsVurx k9sH/0XUEQBrIu6oUoS7PLuE+aLuCX4= Received: from mail-lf1-f71.google.com (mail-lf1-f71.google.com [209.85.167.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-399-G7bHknfQN4eUfpqC0DpYZQ-1; Mon, 28 Feb 2022 00:17:35 -0500 X-MC-Unique: G7bHknfQN4eUfpqC0DpYZQ-1 Received: by mail-lf1-f71.google.com with SMTP id i24-20020a0565123e1800b0044567f5a29bso1473129lfv.5 for ; Sun, 27 Feb 2022 21:17:34 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qsxc2s292NsRQ4hzwanA8m9ycoHJFMMtSw79mLbnNdE=; b=3f797p9sZsFk7ZntKC9+M1STcaQt0lkrUfizIsLIGt38siRf2nqYYltXfzgbxVLgBl 51F12XWkLvhuR8y5GCa8e6l/bvCHXlFIlTsafShGBAuo5e/B836GS/kDdqNJkgQbpgGd W2TxwjixwashdekVjiJ7Pb1r8uVU6JXSx7CyyIM6BFBK5EJJYXw+qOWd/yYrmeGSaBQ0 Xdmavx11SurbtJr8l8MDow6EG79v5FqDCUWz7ayFUrjWFnkqewLQLSJ2wSBECrK4HgYt bvVtwNzo5nI66ERrSSkoBRsL89H+qdyJ9T9/Elb9t4AS328If9ncIfIm3WDUXc1WyWfN YBJw== X-Gm-Message-State: AOAM531U+z+YrAzrQCBEug7Cx6qqu0vuQ9pzKDv1ovew52rvtmBz+zwe vIrLyUM1j32C39H3vVJjDT/QrXknoQ1f4VaGVfp2JJrSR/AlosVyCv4yYXMt1xjcM2OavELbLsT QyOdpIpjzVAevy5+WzMV2TSowhSGTofC9LdyYcHwp X-Received: by 2002:ac2:4da1:0:b0:438:74be:5a88 with SMTP id h1-20020ac24da1000000b0043874be5a88mr11252861lfe.210.1646025453591; Sun, 27 Feb 2022 21:17:33 -0800 (PST) X-Received: by 2002:ac2:4da1:0:b0:438:74be:5a88 with SMTP id h1-20020ac24da1000000b0043874be5a88mr11252849lfe.210.1646025453345; Sun, 27 Feb 2022 21:17:33 -0800 (PST) MIME-Version: 1.0 References: <20220224103852.311369-1-baymaxhuang@gmail.com> <20220225090223.636877-1-baymaxhuang@gmail.com> In-Reply-To: From: Jason Wang Date: Mon, 28 Feb 2022 13:17:22 +0800 Message-ID: Subject: Re: [PATCH net-next v2] tun: support NAPI for packets received from batched XDP buffs To: Eric Dumazet Cc: Eric Dumazet , Harold Huang , netdev , Paolo Abeni , "David S. Miller" , Jakub Kicinski , Alexei Starovoitov , Daniel Borkmann , Jesper Dangaard Brouer , John Fastabend , open list , "open list:XDP (eXpress Data Path)" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 28, 2022 at 12:59 PM Eric Dumazet wrote: > > > > On Sun, Feb 27, 2022 at 8:20 PM Jason Wang wrote: >> >> On Mon, Feb 28, 2022 at 12:06 PM Eric Dumazet wrote: >> >> > How big n can be ? >> > >> > BTW I could not find where m->msg_controllen was checked in tun_sendmsg(). >> > >> > struct tun_msg_ctl *ctl = m->msg_control; >> > >> > if (ctl && (ctl->type == TUN_MSG_PTR)) { >> > >> > int n = ctl->num; // can be set to values in [0..65535] >> > >> > for (i = 0; i < n; i++) { >> > >> > xdp = &((struct xdp_buff *)ctl->ptr)[i]; >> > >> > >> > I really do not understand how we prevent malicious user space from >> > crashing the kernel. >> >> It looks to me the only user for this is vhost-net which limits it to >> 64, userspace can't use sendmsg() directly on tap. >> > > Ah right, thanks for the clarification. > > (IMO, either remove the "msg.msg_controllen = sizeof(ctl);" from handle_tx_zerocopy(), or add sanity checks in tun_sendmsg()) > > Right, Harold, want to do that? Thanks