From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id 0BD31377E for ; Fri, 8 Sep 2017 11:29:04 +0200 (CEST) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5122C4E334; Fri, 8 Sep 2017 09:29:03 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 5122C4E334 Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=maxime.coquelin@redhat.com Received: from [10.36.112.16] (ovpn-112-16.ams2.redhat.com [10.36.112.16]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3B3674DD; Fri, 8 Sep 2017 09:28:58 +0000 (UTC) To: Yuanhan Liu Cc: dev@dpdk.org, jfreiman@redhat.com, tiwei.bie@intel.com, mst@redhat.com, vkaplans@redhat.com, jasowang@redhat.com References: <20170831095023.21037-1-maxime.coquelin@redhat.com> <20170831095023.21037-8-maxime.coquelin@redhat.com> <20170908080855.GF9736@yliu-home> <8a9b486b-635a-ec70-76f9-de830ad21882@redhat.com> <20170908083633.GG9736@yliu-home> <3150540a-66ee-b686-7553-a4c988a2f18d@redhat.com> <20170908092121.GH9736@yliu-home> From: Maxime Coquelin Message-ID: <86ce8050-e346-2c4e-5eed-f6134c7c8fc6@redhat.com> Date: Fri, 8 Sep 2017 11:28:57 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <20170908092121.GH9736@yliu-home> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Fri, 08 Sep 2017 09:29:03 +0000 (UTC) Subject: Re: [dpdk-dev] [PATCH 07/21] vhost: add iotlb helper functions X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Sep 2017 09:29:04 -0000 On 09/08/2017 11:21 AM, Yuanhan Liu wrote: > On Fri, Sep 08, 2017 at 10:50:49AM +0200, Maxime Coquelin wrote: >>>>>> +{ >>>>>> + struct vhost_iotlb_entry *node, *temp_node; >>>>>> + >>>>>> + rte_rwlock_write_lock(&vq->iotlb_lock); >>>>>> + >>>>>> + TAILQ_FOREACH_SAFE(node, &vq->iotlb_list, next, temp_node) { >>>>>> + TAILQ_REMOVE(&vq->iotlb_list, node, next); >>>>>> + rte_mempool_put(vq->iotlb_pool, node); >>>>>> + } >>>>>> + >>>>>> + rte_rwlock_write_unlock(&vq->iotlb_lock); >>>>>> +} >>>>>> + >>>>>> +void vhost_user_iotlb_cache_insert(struct vhost_virtqueue *vq, uint64_t iova, >>>>>> + uint64_t uaddr, uint64_t size, uint8_t perm) >>>>>> +{ >>>>>> + struct vhost_iotlb_entry *node, *new_node; >>>>>> + int ret; >>>>>> + >>>>>> + ret = rte_mempool_get(vq->iotlb_pool, (void **)&new_node); >>>>>> + if (ret) { >>>>>> + RTE_LOG(ERR, VHOST_CONFIG, "IOTLB pool empty, invalidate cache\n"); >>>>> >>>>> It's a cache, why not considering remove one to get space for new one? >>>> >>>> It would mean having to track every lookups not to remove hot entries, >>>> which would have an impact on performance. >>> >>> You were removing all caches, how can we do worse than that? Even a >>> random evict would be better. Or, more simply, just to remove the >>> head or the tail? >> >> I think removing head or tail could cause deadlocks. >> For example it needs to translate from 0x0 to 0x2000, with page size >> being 0x1000. >> >> If cache is full, when inserting 0x1000-0x1fff, it will remove >> 0x0-0xfff, so a miss will be sent for 0x0-0xffff and 0x1000-0x1fff will >> be remove at insert time, etc... > > Okay, that means we can't simply remove the head or tail. > >> Note that we really need to size the cache large enough for performance >> purpose, so having the cache full could be cause by either buggy or >> malicious guest. > > I agree. But for the malicious guest, it could lead to a DDOS attack: > assume it keeps vhost running out of cache and then vhost keeps printing > above message. > > What I suggested was to evict one (by some polices) to get a space for > the new one we want to insert. Note that it won't be a performance issue, > IMO, due to we only do that when we run out of caches, which, according > to your sayings, should not happen in normal cases. Ok, so let's randomly remove one entry. What about using something like: rte_rand() % IOTLB_CACHE_SIZE > > --yliu > >>>> Moreover, the idea is to have the cache large enough, else you could >>>> face packet drops due to random cache misses. >>>> >>>> We might consider to improve it, but I consider it an optimization that >>>> could be implemented later if needed. >>>> >>>>>> + vhost_user_iotlb_cache_remove_all(vq); >>>>>> + ret = rte_mempool_get(vq->iotlb_pool, (void **)&new_node); >>>>>> + if (ret) { >>>>>> + RTE_LOG(ERR, VHOST_CONFIG, "IOTLB pool still empty, failure\n"); >>>>>> + return; >>>>>> + } >>>>>> + }