All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pankaj Gupta <pagupta@redhat.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: David Miller <davem@davemloft.net>,
	linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
	jasowang@redhat.com, dgibson@redhat.com, vfalico@gmail.com,
	edumazet@google.com, vyasevic@redhat.com, hkchu@google.com,
	wuzhy@linux.vnet.ibm.com, xemul@parallels.com,
	therbert@google.com, bhutchings@solarflare.com, xii@google.com,
	stephen@networkplumber.org, jiri@resnulli.us,
	sergei shtylyov <sergei.shtylyov@cogentembedded.com>
Subject: Re: [PATCH net-net 0/4] Increase the limit of tuntap queues
Date: Mon, 24 Nov 2014 09:28:25 -0500 (EST)	[thread overview]
Message-ID: <1253769917.3166193.1416839305146.JavaMail.zimbra@redhat.com> (raw)
In-Reply-To: <20141124080243.GD6286@redhat.com>


> On Sun, Nov 23, 2014 at 08:23:21PM -0500, David Miller wrote:
> > From: "Michael S. Tsirkin" <mst@redhat.com>
> > Date: Sun, 23 Nov 2014 22:30:32 +0200
> > 
> > > qemu runs in the host, but it's unpriveledged: it gets
> > > passed tun FDs by a priveledged daemon, and it only
> > > has the rights to some operations,
> > > in particular to attach and detach queues.
> > > 
> > > The assumption always was that this operation is safe
> > > and can't make kernel run out of resources.
> > 
> > This creates a rather rediculous situation in my opinion.
> > 
> > Configuring a network device is a privileged operation, the daemon
> > should be setting this thing up.
> > 
> > In no other context would we have to worry about something like this.
> 
> Right.  Jason corrected me.  I got it wrong:
> what qemu does is TUNSETQUEUE and that needs to get a queue
> that's already initialized by the daemon.
> 
> To create new queues daemon calls TUNSETIFF,
> and that already can be used to create new devices,
> so it's a priveledged operation.
> 
> This means it's safe to just drop the restriction,
> exactly as you suggested originally.

I will drop patch2 to add sysctl entry and and will send a v2 with other 
patches.

Thanks,
Pankaj

> --
> MST
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

  reply	other threads:[~2014-11-24 14:28 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-18 16:22 [PATCH net-net 0/4] Increase the limit of tuntap queues Pankaj Gupta
2014-11-18 16:22 ` [PATCH net-next 1/4] net: allow large number of rx queues Pankaj Gupta
2014-11-18 20:29   ` Cong Wang
2014-11-20 16:31     ` Pankaj Gupta
2014-11-18 16:22 ` [PATCH net-next 2/4] tuntap: Accept tuntap maximum number of queues as sysctl Pankaj Gupta
2014-11-18 16:22 ` [PATCH net-next 3/4] tuntap: reduce the size of tun_struct by using flex array Pankaj Gupta
2014-11-18 16:22 ` [PATCH net-next 4/4] tuntap: Increase the number of queues in tun Pankaj Gupta
2014-11-19  1:43 ` [PATCH net-net 0/4] Increase the limit of tuntap queues Alexei Starovoitov
2014-11-19 20:16 ` David Miller
2014-11-19 20:44   ` Michael S. Tsirkin
2014-11-23  5:22     ` Pankaj Gupta
2014-11-23 10:46     ` Michael S. Tsirkin
2014-11-23 18:43       ` David Miller
2014-11-23 20:30         ` Michael S. Tsirkin
2014-11-24  1:23           ` David Miller
2014-11-24  8:02             ` Michael S. Tsirkin
2014-11-24 14:28               ` Pankaj Gupta [this message]
2014-11-24  3:23       ` Jason Wang
2014-11-24  7:55         ` Michael S. Tsirkin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1253769917.3166193.1416839305146.JavaMail.zimbra@redhat.com \
    --to=pagupta@redhat.com \
    --cc=bhutchings@solarflare.com \
    --cc=davem@davemloft.net \
    --cc=dgibson@redhat.com \
    --cc=edumazet@google.com \
    --cc=hkchu@google.com \
    --cc=jasowang@redhat.com \
    --cc=jiri@resnulli.us \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mst@redhat.com \
    --cc=netdev@vger.kernel.org \
    --cc=sergei.shtylyov@cogentembedded.com \
    --cc=stephen@networkplumber.org \
    --cc=therbert@google.com \
    --cc=vfalico@gmail.com \
    --cc=vyasevic@redhat.com \
    --cc=wuzhy@linux.vnet.ibm.com \
    --cc=xemul@parallels.com \
    --cc=xii@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.