From mboxrd@z Thu Jan 1 00:00:00 1970 From: Maxime Coquelin Subject: Re: [PATCH 00/12] Vhost: CVE-2018-1059 fixes Date: Wed, 2 May 2018 11:20:07 +0200 Message-ID: <16b1e2a6-c675-a402-4dfa-fd3953b9ff11@redhat.com> References: <20180423155818.21285-1-maxime.coquelin@redhat.com> <2DBBFF226F7CF64BAFCA79B681719D953A432589@SHSMSX101.ccr.corp.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Cc: "Bie, Tiwei" To: "Yao, Lei A" , "dev@dpdk.org" Return-path: Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by dpdk.org (Postfix) with ESMTP id BDE81DD2 for ; Wed, 2 May 2018 11:20:10 +0200 (CEST) In-Reply-To: <2DBBFF226F7CF64BAFCA79B681719D953A432589@SHSMSX101.ccr.corp.intel.com> Content-Language: en-US List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Lei, Thanks for the perf report. On 05/02/2018 07:08 AM, Yao, Lei A wrote: > Hi, Maxime > > During the 18.05-rc1 performance testing, I find this patch set will bring > slightly performance drop on mergeable and normal path, and big performance > drop on vector path. Could you have a check on this? I know this patch is > important for security. Not sure if there is any way to improve the performance. > Could you please share info about the use cases you are benchmarking? There may be ways to improve the performance, for this we would need to profile the code to understand where the bottlenecks are. > Mergebale > packet size > 64 0.80% > 128 -2.75% > 260 -2.93% > 520 -2.72% > 1024 -1.18% > 1500 -0.65% > > Normal > packet size > 64 -1.47% > 128 -7.43% > 260 -3.66% > 520 -2.52% > 1024 -1.19% > 1500 -0.78% > > Vector > packet size > 64 -8.60% > 128 -3.54% > 260 -2.63% > 520 -6.12% > 1024 -1.05% > 1500 -1.20% Are you sure this is only this series that induces such a big performance drop in vector test? I.e. have you run the benchmark just before and right after the series is applied? Thanks, Maxime > CPU info: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz > OS: Ubuntu 16.04 > > BRs > Lei > >> -----Original Message----- >> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Maxime Coquelin >> Sent: Monday, April 23, 2018 11:58 PM >> To: dev@dpdk.org >> Cc: Maxime Coquelin >> Subject: [dpdk-dev] [PATCH 00/12] Vhost: CVE-2018-1059 fixes >> >> This series fixes the security vulnerability referenced >> as CVE-2018-1059. >> >> Patches are already applied to the branch, but reviews >> are encouraged. Any issues spotted would be fixed on top. >> >> Maxime Coquelin (12): >> vhost: fix indirect descriptors table translation size >> vhost: check all range is mapped when translating GPAs >> vhost: introduce safe API for GPA translation >> vhost: ensure all range is mapped when translating QVAs >> vhost: add support for non-contiguous indirect descs tables >> vhost: handle virtually non-contiguous buffers in Tx >> vhost: handle virtually non-contiguous buffers in Rx >> vhost: handle virtually non-contiguous buffers in Rx-mrg >> examples/vhost: move to safe GPA translation API >> examples/vhost_scsi: move to safe GPA translation API >> vhost/crypto: move to safe GPA translation API >> vhost: deprecate unsafe GPA translation API >> >> examples/vhost/virtio_net.c | 94 +++++++- >> examples/vhost_scsi/vhost_scsi.c | 56 ++++- >> lib/librte_vhost/rte_vhost.h | 46 ++++ >> lib/librte_vhost/rte_vhost_version.map | 4 +- >> lib/librte_vhost/vhost.c | 39 ++-- >> lib/librte_vhost/vhost.h | 8 +- >> lib/librte_vhost/vhost_crypto.c | 65 ++++-- >> lib/librte_vhost/vhost_user.c | 58 +++-- >> lib/librte_vhost/virtio_net.c | 411 ++++++++++++++++++++++++++++- >> ---- >> 9 files changed, 650 insertions(+), 131 deletions(-) >> >> -- >> 2.14.3 >