From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by dpdk.org (Postfix) with ESMTP id BB110231E for ; Wed, 2 May 2018 07:09:00 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 01 May 2018 22:08:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,353,1520924400"; d="scan'208";a="37738160" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by orsmga007.jf.intel.com with ESMTP; 01 May 2018 22:08:59 -0700 Received: from fmsmsx151.amr.corp.intel.com (10.18.125.4) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 1 May 2018 22:08:58 -0700 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by FMSMSX151.amr.corp.intel.com (10.18.125.4) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 1 May 2018 22:08:58 -0700 Received: from shsmsx101.ccr.corp.intel.com ([169.254.1.40]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.240]) with mapi id 14.03.0319.002; Wed, 2 May 2018 13:08:56 +0800 From: "Yao, Lei A" To: Maxime Coquelin , "dev@dpdk.org" CC: "Bie, Tiwei" Thread-Topic: [dpdk-dev] [PATCH 00/12] Vhost: CVE-2018-1059 fixes Thread-Index: AQHT2xwb9NKLswTU5USYgZ7YBj1KJaQb77yQ Date: Wed, 2 May 2018 05:08:56 +0000 Message-ID: <2DBBFF226F7CF64BAFCA79B681719D953A432589@SHSMSX101.ccr.corp.intel.com> References: <20180423155818.21285-1-maxime.coquelin@redhat.com> In-Reply-To: <20180423155818.21285-1-maxime.coquelin@redhat.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNTU2YmVhNGMtYTc0NS00ZWY5LWFlNzYtZWFiYmJmMmNiZjBjIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE2LjUuOS4zIiwiVHJ1c3RlZExhYmVsSGFzaCI6IkVicnJWSjhmTndZUHluWTRlbkFKT1FqZkZZVnN3Qyswdjl3dDB4ZVNRcVE9In0= x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.200.100 dlp-reaction: no-action x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH 00/12] Vhost: CVE-2018-1059 fixes X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 May 2018 05:09:02 -0000 Hi, Maxime During the 18.05-rc1 performance testing, I find this patch set will bring slightly performance drop on mergeable and normal path, and big performance drop on vector path. Could you have a check on this? I know this patch is=20 important for security. Not sure if there is any way to improve the perform= ance. Mergebale=09 packet size=09 64 0.80% 128 -2.75% 260 -2.93% 520 -2.72% 1024 -1.18% 1500 -0.65% =09 Normal=09 packet size=09 64 -1.47% 128 -7.43% 260 -3.66% 520 -2.52% 1024 -1.19% 1500 -0.78% =09 Vector=09 packet size=09 64 -8.60% 128 -3.54% 260 -2.63% 520 -6.12% 1024 -1.05% 1500 -1.20%=20 CPU info: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz OS: Ubuntu 16.04 BRs Lei > -----Original Message----- > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Maxime Coquelin > Sent: Monday, April 23, 2018 11:58 PM > To: dev@dpdk.org > Cc: Maxime Coquelin > Subject: [dpdk-dev] [PATCH 00/12] Vhost: CVE-2018-1059 fixes >=20 > This series fixes the security vulnerability referenced > as CVE-2018-1059. >=20 > Patches are already applied to the branch, but reviews > are encouraged. Any issues spotted would be fixed on top. >=20 > Maxime Coquelin (12): > vhost: fix indirect descriptors table translation size > vhost: check all range is mapped when translating GPAs > vhost: introduce safe API for GPA translation > vhost: ensure all range is mapped when translating QVAs > vhost: add support for non-contiguous indirect descs tables > vhost: handle virtually non-contiguous buffers in Tx > vhost: handle virtually non-contiguous buffers in Rx > vhost: handle virtually non-contiguous buffers in Rx-mrg > examples/vhost: move to safe GPA translation API > examples/vhost_scsi: move to safe GPA translation API > vhost/crypto: move to safe GPA translation API > vhost: deprecate unsafe GPA translation API >=20 > examples/vhost/virtio_net.c | 94 +++++++- > examples/vhost_scsi/vhost_scsi.c | 56 ++++- > lib/librte_vhost/rte_vhost.h | 46 ++++ > lib/librte_vhost/rte_vhost_version.map | 4 +- > lib/librte_vhost/vhost.c | 39 ++-- > lib/librte_vhost/vhost.h | 8 +- > lib/librte_vhost/vhost_crypto.c | 65 ++++-- > lib/librte_vhost/vhost_user.c | 58 +++-- > lib/librte_vhost/virtio_net.c | 411 +++++++++++++++++++++++++++= +- > ---- > 9 files changed, 650 insertions(+), 131 deletions(-) >=20 > -- > 2.14.3