From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lei.a.yao@intel.com>
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by dpdk.org (Postfix) with ESMTP id BB110231E
 for <dev@dpdk.org>; Wed,  2 May 2018 07:09:00 +0200 (CEST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga007.jf.intel.com ([10.7.209.58])
 by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 01 May 2018 22:08:59 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.49,353,1520924400"; d="scan'208";a="37738160"
Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202])
 by orsmga007.jf.intel.com with ESMTP; 01 May 2018 22:08:59 -0700
Received: from fmsmsx151.amr.corp.intel.com (10.18.125.4) by
 fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Tue, 1 May 2018 22:08:58 -0700
Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by
 FMSMSX151.amr.corp.intel.com (10.18.125.4) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Tue, 1 May 2018 22:08:58 -0700
Received: from shsmsx101.ccr.corp.intel.com ([169.254.1.40]) by
 SHSMSX104.ccr.corp.intel.com ([169.254.5.240]) with mapi id 14.03.0319.002;
 Wed, 2 May 2018 13:08:56 +0800
From: "Yao, Lei A" <lei.a.yao@intel.com>
To: Maxime Coquelin <maxime.coquelin@redhat.com>, "dev@dpdk.org" <dev@dpdk.org>
CC: "Bie, Tiwei" <tiwei.bie@intel.com>
Thread-Topic: [dpdk-dev] [PATCH 00/12] Vhost: CVE-2018-1059 fixes
Thread-Index: AQHT2xwb9NKLswTU5USYgZ7YBj1KJaQb77yQ
Date: Wed, 2 May 2018 05:08:56 +0000
Message-ID: <2DBBFF226F7CF64BAFCA79B681719D953A432589@SHSMSX101.ccr.corp.intel.com>
References: <20180423155818.21285-1-maxime.coquelin@redhat.com>
In-Reply-To: <20180423155818.21285-1-maxime.coquelin@redhat.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNTU2YmVhNGMtYTc0NS00ZWY5LWFlNzYtZWFiYmJmMmNiZjBjIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE2LjUuOS4zIiwiVHJ1c3RlZExhYmVsSGFzaCI6IkVicnJWSjhmTndZUHluWTRlbkFKT1FqZkZZVnN3Qyswdjl3dDB4ZVNRcVE9In0=
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.0.200.100
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [dpdk-dev] [PATCH 00/12] Vhost: CVE-2018-1059 fixes
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2018 05:09:02 -0000

Hi, Maxime

During the 18.05-rc1 performance testing, I find this patch set will bring
slightly performance drop on mergeable and normal path, and big performance
drop on vector path. Could you have a check on this? I know this patch is=20
important for security. Not sure if there is any way to improve the perform=
ance.

Mergebale=09
packet size=09
64	0.80%
128	-2.75%
260	-2.93%
520	-2.72%
1024	-1.18%
1500	-0.65%
=09
Normal=09
packet size=09
64	-1.47%
128	-7.43%
260	-3.66%
520	-2.52%
1024	-1.19%
1500	-0.78%
=09
Vector=09
packet size=09
64	-8.60%
128	-3.54%
260	-2.63%
520	-6.12%
1024	-1.05%
1500	-1.20%=20

CPU info: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz
OS: Ubuntu 16.04

BRs
Lei

> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Maxime Coquelin
> Sent: Monday, April 23, 2018 11:58 PM
> To: dev@dpdk.org
> Cc: Maxime Coquelin <maxime.coquelin@redhat.com>
> Subject: [dpdk-dev] [PATCH 00/12] Vhost: CVE-2018-1059 fixes
>=20
> This series fixes the security vulnerability referenced
> as CVE-2018-1059.
>=20
> Patches are already applied to the branch, but reviews
> are encouraged. Any issues spotted would be fixed on top.
>=20
> Maxime Coquelin (12):
>   vhost: fix indirect descriptors table translation size
>   vhost: check all range is mapped when translating GPAs
>   vhost: introduce safe API for GPA translation
>   vhost: ensure all range is mapped when translating QVAs
>   vhost: add support for non-contiguous indirect descs tables
>   vhost: handle virtually non-contiguous buffers in Tx
>   vhost: handle virtually non-contiguous buffers in Rx
>   vhost: handle virtually non-contiguous buffers in Rx-mrg
>   examples/vhost: move to safe GPA translation API
>   examples/vhost_scsi: move to safe GPA translation API
>   vhost/crypto: move to safe GPA translation API
>   vhost: deprecate unsafe GPA translation API
>=20
>  examples/vhost/virtio_net.c            |  94 +++++++-
>  examples/vhost_scsi/vhost_scsi.c       |  56 ++++-
>  lib/librte_vhost/rte_vhost.h           |  46 ++++
>  lib/librte_vhost/rte_vhost_version.map |   4 +-
>  lib/librte_vhost/vhost.c               |  39 ++--
>  lib/librte_vhost/vhost.h               |   8 +-
>  lib/librte_vhost/vhost_crypto.c        |  65 ++++--
>  lib/librte_vhost/vhost_user.c          |  58 +++--
>  lib/librte_vhost/virtio_net.c          | 411 +++++++++++++++++++++++++++=
+-
> ----
>  9 files changed, 650 insertions(+), 131 deletions(-)
>=20
> --
> 2.14.3