From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id 978CEA00E6 for ; Fri, 17 May 2019 14:57:48 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id AC74A5F1F; Fri, 17 May 2019 14:57:47 +0200 (CEST) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id A7FFD5F1D for ; Fri, 17 May 2019 14:57:45 +0200 (CEST) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3E7EA3179176; Fri, 17 May 2019 12:57:42 +0000 (UTC) Received: from [10.36.112.59] (ovpn-112-59.ams2.redhat.com [10.36.112.59]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 80BDA10027B7; Fri, 17 May 2019 12:57:29 +0000 (UTC) To: dev@dpdk.org, tiwei.bie@intel.com, jfreimann@redhat.com, zhihong.wang@intel.com, bruce.richardson@intel.com, konstantin.ananyev@intel.com References: <20190517122220.31283-1-maxime.coquelin@redhat.com> <20190517122220.31283-4-maxime.coquelin@redhat.com> From: Maxime Coquelin Message-ID: Date: Fri, 17 May 2019 14:57:27 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <20190517122220.31283-4-maxime.coquelin@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Fri, 17 May 2019 12:57:42 +0000 (UTC) Subject: Re: [dpdk-dev] [PATCH 3/5] vhost: do not inline unlikely fragmented buffers code X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 5/17/19 2:22 PM, Maxime Coquelin wrote: > Handling of fragmented virtio-net header and indirect descriptors > tables was implemented to fix CVE-2018-1059. It should not never > happen with healthy guests and so are already considered as > unlikely code path. > > This patch moves these bits into non-inline dedicated functions > to reduce the I-cache pressure. > > Signed-off-by: Maxime Coquelin > --- > lib/librte_vhost/vhost.c | 33 +++++++++++ > lib/librte_vhost/vhost.h | 35 +----------- > lib/librte_vhost/virtio_net.c | 102 +++++++++++++++++++--------------- > 3 files changed, 91 insertions(+), 79 deletions(-) > > diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c > index 4a54ad6bd1..8a4379bc13 100644 > --- a/lib/librte_vhost/vhost.c > +++ b/lib/librte_vhost/vhost.c > @@ -201,6 +201,39 @@ __vhost_log_cache_write(struct virtio_net *dev, struct vhost_virtqueue *vq, > } > > > +void * > +alloc_copy_ind_table(struct virtio_net *dev, struct vhost_virtqueue *vq, > + uint64_t desc_addr, uint64_t desc_len) > +{ > + void *idesc; > + uint64_t src, dst; > + uint64_t len, remain = desc_len; > + > + idesc = rte_malloc(__func__, desc_len, 0); > + if (unlikely(!idesc)) > + return NULL; > + > + dst = (uint64_t)(uintptr_t)idesc; > + > + while (remain) { > + len = remain; > + src = vhost_iova_to_vva(dev, vq, desc_addr, &len, > + VHOST_ACCESS_RO); > + if (unlikely(!src || !len)) { > + rte_free(idesc); > + return NULL; > + } > + > + rte_memcpy((void *)(uintptr_t)dst, (void *)(uintptr_t)src, len); > + > + remain -= len; > + dst += len; > + desc_addr += len; > + } > + > + return idesc; > +} > + > void > cleanup_vq(struct vhost_virtqueue *vq, int destroy) > { > diff --git a/lib/librte_vhost/vhost.h b/lib/librte_vhost/vhost.h > index 3ab7b4950f..ab26454e1c 100644 > --- a/lib/librte_vhost/vhost.h > +++ b/lib/librte_vhost/vhost.h > @@ -488,6 +488,8 @@ void vhost_backend_cleanup(struct virtio_net *dev); > > uint64_t __vhost_iova_to_vva(struct virtio_net *dev, struct vhost_virtqueue *vq, > uint64_t iova, uint64_t *len, uint8_t perm); > +void *alloc_copy_ind_table(struct virtio_net *dev, struct vhost_virtqueue *vq, > + uint64_t desc_addr, uint64_t desc_len); > int vring_translate(struct virtio_net *dev, struct vhost_virtqueue *vq); > void vring_invalidate(struct virtio_net *dev, struct vhost_virtqueue *vq); > > @@ -601,39 +603,6 @@ vhost_vring_call_packed(struct virtio_net *dev, struct vhost_virtqueue *vq) > eventfd_write(vq->callfd, (eventfd_t)1); > } > > -static __rte_always_inline void * > -alloc_copy_ind_table(struct virtio_net *dev, struct vhost_virtqueue *vq, > - uint64_t desc_addr, uint64_t desc_len) > -{ > - void *idesc; > - uint64_t src, dst; > - uint64_t len, remain = desc_len; > - > - idesc = rte_malloc(__func__, desc_len, 0); > - if (unlikely(!idesc)) > - return 0; > - > - dst = (uint64_t)(uintptr_t)idesc; > - > - while (remain) { > - len = remain; > - src = vhost_iova_to_vva(dev, vq, desc_addr, &len, > - VHOST_ACCESS_RO); > - if (unlikely(!src || !len)) { > - rte_free(idesc); > - return 0; > - } > - > - rte_memcpy((void *)(uintptr_t)dst, (void *)(uintptr_t)src, len); > - > - remain -= len; > - dst += len; > - desc_addr += len; > - } > - > - return idesc; > -} > - > static __rte_always_inline void > free_ind_table(void *idesc) > { > diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c > index 35ae4992c2..494dd9957e 100644 > --- a/lib/librte_vhost/virtio_net.c > +++ b/lib/librte_vhost/virtio_net.c > @@ -610,6 +610,35 @@ reserve_avail_buf_packed(struct virtio_net *dev, struct vhost_virtqueue *vq, > return 0; > } > > +static void > +copy_vnet_hdr_to_desc(struct virtio_net *dev, struct vhost_virtqueue *vq, > + struct buf_vector *buf_vec, > + struct virtio_net_hdr_mrg_rxbuf *hdr){ I seem to have missed above open bracket coding style issue while running checkpatch. Will fix in next revision. > + uint64_t len; > + uint64_t remain = dev->vhost_hlen; > + uint64_t src = (uint64_t)(uintptr_t)hdr, dst; > + uint64_t iova = buf_vec->buf_iova; > + > + while (remain) { > + len = RTE_MIN(remain, > + buf_vec->buf_len); > + dst = buf_vec->buf_addr; > + rte_memcpy((void *)(uintptr_t)dst, > + (void *)(uintptr_t)src, > + len); > + > + PRINT_PACKET(dev, (uintptr_t)dst, > + (uint32_t)len, 0); > + vhost_log_cache_write(dev, vq, > + iova, len); > + > + remain -= len; > + iova += len; > + src += len; > + buf_vec++; > + } > +} > + > static __rte_always_inline int > copy_mbuf_to_desc(struct virtio_net *dev, struct vhost_virtqueue *vq, > struct rte_mbuf *m, struct buf_vector *buf_vec, > @@ -703,30 +732,7 @@ copy_mbuf_to_desc(struct virtio_net *dev, struct vhost_virtqueue *vq, > num_buffers); > > if (unlikely(hdr == &tmp_hdr)) { > - uint64_t len; > - uint64_t remain = dev->vhost_hlen; > - uint64_t src = (uint64_t)(uintptr_t)hdr, dst; > - uint64_t iova = buf_vec[0].buf_iova; > - uint16_t hdr_vec_idx = 0; > - > - while (remain) { > - len = RTE_MIN(remain, > - buf_vec[hdr_vec_idx].buf_len); > - dst = buf_vec[hdr_vec_idx].buf_addr; > - rte_memcpy((void *)(uintptr_t)dst, > - (void *)(uintptr_t)src, > - len); > - > - PRINT_PACKET(dev, (uintptr_t)dst, > - (uint32_t)len, 0); > - vhost_log_cache_write(dev, vq, > - iova, len); > - > - remain -= len; > - iova += len; > - src += len; > - hdr_vec_idx++; > - } > + copy_vnet_hdr_to_desc(dev, vq, buf_vec, hdr); > } else { > PRINT_PACKET(dev, (uintptr_t)hdr_addr, > dev->vhost_hlen, 0); > @@ -1063,6 +1069,31 @@ vhost_dequeue_offload(struct virtio_net_hdr *hdr, struct rte_mbuf *m) > } > } > > +static void > +copy_vnet_hdr_from_desc(struct virtio_net_hdr *hdr, > + struct buf_vector *buf_vec) > +{ > + uint64_t len; > + uint64_t remain = sizeof(struct virtio_net_hdr); > + uint64_t src; > + uint64_t dst = (uint64_t)(uintptr_t)&hdr; > + > + /* > + * No luck, the virtio-net header doesn't fit > + * in a contiguous virtual area. > + */ > + while (remain) { > + len = RTE_MIN(remain, buf_vec->buf_len); > + src = buf_vec->buf_addr; > + rte_memcpy((void *)(uintptr_t)dst, > + (void *)(uintptr_t)src, len); > + > + remain -= len; > + dst += len; > + buf_vec++; > + } > +} > + > static __rte_always_inline int > copy_desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq, > struct buf_vector *buf_vec, uint16_t nr_vec, > @@ -1094,28 +1125,7 @@ copy_desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq, > > if (virtio_net_with_host_offload(dev)) { > if (unlikely(buf_len < sizeof(struct virtio_net_hdr))) { > - uint64_t len; > - uint64_t remain = sizeof(struct virtio_net_hdr); > - uint64_t src; > - uint64_t dst = (uint64_t)(uintptr_t)&tmp_hdr; > - uint16_t hdr_vec_idx = 0; > - > - /* > - * No luck, the virtio-net header doesn't fit > - * in a contiguous virtual area. > - */ > - while (remain) { > - len = RTE_MIN(remain, > - buf_vec[hdr_vec_idx].buf_len); > - src = buf_vec[hdr_vec_idx].buf_addr; > - rte_memcpy((void *)(uintptr_t)dst, > - (void *)(uintptr_t)src, len); > - > - remain -= len; > - dst += len; > - hdr_vec_idx++; > - } > - > + copy_vnet_hdr_from_desc(&tmp_hdr, buf_vec); > hdr = &tmp_hdr; > } else { > hdr = (struct virtio_net_hdr *)((uintptr_t)buf_addr); >