From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id B0977A05D3 for ; Tue, 21 May 2019 21:43:40 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 97A944C88; Tue, 21 May 2019 21:43:39 +0200 (CEST) Received: from mail.lysator.liu.se (mail.lysator.liu.se [130.236.254.3]) by dpdk.org (Postfix) with ESMTP id 2FB0310BD for ; Tue, 21 May 2019 21:43:38 +0200 (CEST) Received: from mail.lysator.liu.se (localhost [127.0.0.1]) by mail.lysator.liu.se (Postfix) with ESMTP id 971BA4001E for ; Tue, 21 May 2019 21:43:37 +0200 (CEST) Received: by mail.lysator.liu.se (Postfix, from userid 1004) id 82E0440024; Tue, 21 May 2019 21:43:37 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on bernadotte.lysator.liu.se X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=ALL_TRUSTED,AWL autolearn=disabled version=3.4.1 X-Spam-Score: -0.9 Received: from [192.168.1.59] (host-90-232-127-248.mobileonline.telia.com [90.232.127.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.lysator.liu.se (Postfix) with ESMTPSA id D75174001E; Tue, 21 May 2019 21:43:34 +0200 (CEST) To: Maxime Coquelin , dev@dpdk.org, tiwei.bie@intel.com, jfreimann@redhat.com, zhihong.wang@intel.com, bruce.richardson@intel.com, konstantin.ananyev@intel.com References: <20190517122220.31283-1-maxime.coquelin@redhat.com> <20190517122220.31283-4-maxime.coquelin@redhat.com> From: =?UTF-8?Q?Mattias_R=c3=b6nnblom?= Message-ID: <2cfed6b0-8a7d-ec05-4b67-f40bd9409a8b@ericsson.com> Date: Tue, 21 May 2019 21:43:33 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <20190517122220.31283-4-maxime.coquelin@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Subject: Re: [dpdk-dev] [PATCH 3/5] vhost: do not inline unlikely fragmented buffers code X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 2019-05-17 14:22, Maxime Coquelin wrote: > Handling of fragmented virtio-net header and indirect descriptors > tables was implemented to fix CVE-2018-1059. It should not never > happen with healthy guests and so are already considered as > unlikely code path. > > This patch moves these bits into non-inline dedicated functions > to reduce the I-cache pressure. > > Signed-off-by: Maxime Coquelin > --- > lib/librte_vhost/vhost.c | 33 +++++++++++ > lib/librte_vhost/vhost.h | 35 +----------- > lib/librte_vhost/virtio_net.c | 102 +++++++++++++++++++--------------- > 3 files changed, 91 insertions(+), 79 deletions(-) > > diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c > index 4a54ad6bd1..8a4379bc13 100644 > --- a/lib/librte_vhost/vhost.c > +++ b/lib/librte_vhost/vhost.c > @@ -201,6 +201,39 @@ __vhost_log_cache_write(struct virtio_net *dev, struct vhost_virtqueue *vq, > } > > > +void * > +alloc_copy_ind_table(struct virtio_net *dev, struct vhost_virtqueue *vq, This function should have a prefix. > + uint64_t desc_addr, uint64_t desc_len) > +{ > + void *idesc; > + uint64_t src, dst; > + uint64_t len, remain = desc_len; > + > + idesc = rte_malloc(__func__, desc_len, 0); > + if (unlikely(!idesc)) if (idesc == NULL) > + return NULL; > + > + dst = (uint64_t)(uintptr_t)idesc; > + > + while (remain) { remain > 0 > + len = remain; > + src = vhost_iova_to_vva(dev, vq, desc_addr, &len, > + VHOST_ACCESS_RO); > + if (unlikely(!src || !len)) { > + rte_free(idesc); > + return NULL; > + } > + > + rte_memcpy((void *)(uintptr_t)dst, (void *)(uintptr_t)src, len); Just for my understanding: what difference does that (uintptr_t) cast do? > + > + remain -= len; > + dst += len; > + desc_addr += len; > + } > + > + return idesc; > +} > + > void > cleanup_vq(struct vhost_virtqueue *vq, int destroy) > { > diff --git a/lib/librte_vhost/vhost.h b/lib/librte_vhost/vhost.h > index 3ab7b4950f..ab26454e1c 100644 > --- a/lib/librte_vhost/vhost.h > +++ b/lib/librte_vhost/vhost.h > @@ -488,6 +488,8 @@ void vhost_backend_cleanup(struct virtio_net *dev); > > uint64_t __vhost_iova_to_vva(struct virtio_net *dev, struct vhost_virtqueue *vq, > uint64_t iova, uint64_t *len, uint8_t perm); > +void *alloc_copy_ind_table(struct virtio_net *dev, struct vhost_virtqueue *vq, > + uint64_t desc_addr, uint64_t desc_len); > int vring_translate(struct virtio_net *dev, struct vhost_virtqueue *vq); > void vring_invalidate(struct virtio_net *dev, struct vhost_virtqueue *vq); > > @@ -601,39 +603,6 @@ vhost_vring_call_packed(struct virtio_net *dev, struct vhost_virtqueue *vq) > eventfd_write(vq->callfd, (eventfd_t)1); > } > > -static __rte_always_inline void * > -alloc_copy_ind_table(struct virtio_net *dev, struct vhost_virtqueue *vq, > - uint64_t desc_addr, uint64_t desc_len) > -{ > - void *idesc; > - uint64_t src, dst; > - uint64_t len, remain = desc_len; > - > - idesc = rte_malloc(__func__, desc_len, 0); > - if (unlikely(!idesc)) > - return 0; > - > - dst = (uint64_t)(uintptr_t)idesc; > - > - while (remain) { > - len = remain; > - src = vhost_iova_to_vva(dev, vq, desc_addr, &len, > - VHOST_ACCESS_RO); > - if (unlikely(!src || !len)) { > - rte_free(idesc); > - return 0; > - } > - > - rte_memcpy((void *)(uintptr_t)dst, (void *)(uintptr_t)src, len); > - > - remain -= len; > - dst += len; > - desc_addr += len; > - } > - > - return idesc; > -} > - > static __rte_always_inline void > free_ind_table(void *idesc) > { > diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c > index 35ae4992c2..494dd9957e 100644 > --- a/lib/librte_vhost/virtio_net.c > +++ b/lib/librte_vhost/virtio_net.c > @@ -610,6 +610,35 @@ reserve_avail_buf_packed(struct virtio_net *dev, struct vhost_virtqueue *vq, > return 0; > } > > +static void > +copy_vnet_hdr_to_desc(struct virtio_net *dev, struct vhost_virtqueue *vq, __rte_noinline? Or you don't care about this function being inlined or not? > + struct buf_vector *buf_vec, > + struct virtio_net_hdr_mrg_rxbuf *hdr){ > + uint64_t len; > + uint64_t remain = dev->vhost_hlen; > + uint64_t src = (uint64_t)(uintptr_t)hdr, dst; > + uint64_t iova = buf_vec->buf_iova; > + > + while (remain) { remain > 0 > + len = RTE_MIN(remain, > + buf_vec->buf_len); > + dst = buf_vec->buf_addr; > + rte_memcpy((void *)(uintptr_t)dst, > + (void *)(uintptr_t)src, > + len); > + > + PRINT_PACKET(dev, (uintptr_t)dst, > + (uint32_t)len, 0); > + vhost_log_cache_write(dev, vq, > + iova, len); > + > + remain -= len; > + iova += len; > + src += len; > + buf_vec++; > + } > +} > + > static __rte_always_inline int > copy_mbuf_to_desc(struct virtio_net *dev, struct vhost_virtqueue *vq, > struct rte_mbuf *m, struct buf_vector *buf_vec, > @@ -703,30 +732,7 @@ copy_mbuf_to_desc(struct virtio_net *dev, struct vhost_virtqueue *vq, > num_buffers); > > if (unlikely(hdr == &tmp_hdr)) { > - uint64_t len; > - uint64_t remain = dev->vhost_hlen; > - uint64_t src = (uint64_t)(uintptr_t)hdr, dst; > - uint64_t iova = buf_vec[0].buf_iova; > - uint16_t hdr_vec_idx = 0; > - > - while (remain) { > - len = RTE_MIN(remain, > - buf_vec[hdr_vec_idx].buf_len); > - dst = buf_vec[hdr_vec_idx].buf_addr; > - rte_memcpy((void *)(uintptr_t)dst, > - (void *)(uintptr_t)src, > - len); > - > - PRINT_PACKET(dev, (uintptr_t)dst, > - (uint32_t)len, 0); > - vhost_log_cache_write(dev, vq, > - iova, len); > - > - remain -= len; > - iova += len; > - src += len; > - hdr_vec_idx++; > - } > + copy_vnet_hdr_to_desc(dev, vq, buf_vec, hdr); > } else { > PRINT_PACKET(dev, (uintptr_t)hdr_addr, > dev->vhost_hlen, 0); > @@ -1063,6 +1069,31 @@ vhost_dequeue_offload(struct virtio_net_hdr *hdr, struct rte_mbuf *m) > } > } > > +static void > +copy_vnet_hdr_from_desc(struct virtio_net_hdr *hdr, > + struct buf_vector *buf_vec) __rte_noinline? > +{ > + uint64_t len; > + uint64_t remain = sizeof(struct virtio_net_hdr); > + uint64_t src; > + uint64_t dst = (uint64_t)(uintptr_t)&hdr; > + > + /* > + * No luck, the virtio-net header doesn't fit > + * in a contiguous virtual area. > + */ > + while (remain) { > + len = RTE_MIN(remain, buf_vec->buf_len); > + src = buf_vec->buf_addr; > + rte_memcpy((void *)(uintptr_t)dst, > + (void *)(uintptr_t)src, len); > + > + remain -= len; > + dst += len; > + buf_vec++; > + } > +} > + > static __rte_always_inline int > copy_desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq, > struct buf_vector *buf_vec, uint16_t nr_vec, > @@ -1094,28 +1125,7 @@ copy_desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq, > > if (virtio_net_with_host_offload(dev)) { > if (unlikely(buf_len < sizeof(struct virtio_net_hdr))) { > - uint64_t len; > - uint64_t remain = sizeof(struct virtio_net_hdr); > - uint64_t src; > - uint64_t dst = (uint64_t)(uintptr_t)&tmp_hdr; > - uint16_t hdr_vec_idx = 0; > - > - /* > - * No luck, the virtio-net header doesn't fit > - * in a contiguous virtual area. > - */ > - while (remain) { > - len = RTE_MIN(remain, > - buf_vec[hdr_vec_idx].buf_len); > - src = buf_vec[hdr_vec_idx].buf_addr; > - rte_memcpy((void *)(uintptr_t)dst, > - (void *)(uintptr_t)src, len); > - > - remain -= len; > - dst += len; > - hdr_vec_idx++; > - } > - > + copy_vnet_hdr_from_desc(&tmp_hdr, buf_vec); > hdr = &tmp_hdr; > } else { > hdr = (struct virtio_net_hdr *)((uintptr_t)buf_addr); >