From: Pankaj Gupta <pagupta@redhat.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: David Miller <davem@davemloft.net>,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
jasowang@redhat.com, dgibson@redhat.com, vfalico@gmail.com,
edumazet@google.com, vyasevic@redhat.com, hkchu@google.com,
wuzhy@linux.vnet.ibm.com, xemul@parallels.com,
therbert@google.com, bhutchings@solarflare.com, xii@google.com,
stephen@networkplumber.org, jiri@resnulli.us,
sergei shtylyov <sergei.shtylyov@cogentembedded.com>
Subject: Re: [PATCH net-net 0/4] Increase the limit of tuntap queues
Date: Mon, 24 Nov 2014 09:28:25 -0500 (EST) [thread overview]
Message-ID: <1253769917.3166193.1416839305146.JavaMail.zimbra@redhat.com> (raw)
In-Reply-To: <20141124080243.GD6286@redhat.com>
> On Sun, Nov 23, 2014 at 08:23:21PM -0500, David Miller wrote:
> > From: "Michael S. Tsirkin" <mst@redhat.com>
> > Date: Sun, 23 Nov 2014 22:30:32 +0200
> >
> > > qemu runs in the host, but it's unpriveledged: it gets
> > > passed tun FDs by a priveledged daemon, and it only
> > > has the rights to some operations,
> > > in particular to attach and detach queues.
> > >
> > > The assumption always was that this operation is safe
> > > and can't make kernel run out of resources.
> >
> > This creates a rather rediculous situation in my opinion.
> >
> > Configuring a network device is a privileged operation, the daemon
> > should be setting this thing up.
> >
> > In no other context would we have to worry about something like this.
>
> Right. Jason corrected me. I got it wrong:
> what qemu does is TUNSETQUEUE and that needs to get a queue
> that's already initialized by the daemon.
>
> To create new queues daemon calls TUNSETIFF,
> and that already can be used to create new devices,
> so it's a priveledged operation.
>
> This means it's safe to just drop the restriction,
> exactly as you suggested originally.
I will drop patch2 to add sysctl entry and and will send a v2 with other
patches.
Thanks,
Pankaj
> --
> MST
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
next prev parent reply other threads:[~2014-11-24 14:28 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-18 16:22 [PATCH net-net 0/4] Increase the limit of tuntap queues Pankaj Gupta
2014-11-18 16:22 ` [PATCH net-next 1/4] net: allow large number of rx queues Pankaj Gupta
2014-11-18 20:29 ` Cong Wang
2014-11-20 16:31 ` Pankaj Gupta
2014-11-18 16:22 ` [PATCH net-next 2/4] tuntap: Accept tuntap maximum number of queues as sysctl Pankaj Gupta
2014-11-18 16:22 ` [PATCH net-next 3/4] tuntap: reduce the size of tun_struct by using flex array Pankaj Gupta
2014-11-18 16:22 ` [PATCH net-next 4/4] tuntap: Increase the number of queues in tun Pankaj Gupta
2014-11-19 1:43 ` [PATCH net-net 0/4] Increase the limit of tuntap queues Alexei Starovoitov
2014-11-19 20:16 ` David Miller
2014-11-19 20:44 ` Michael S. Tsirkin
2014-11-23 5:22 ` Pankaj Gupta
2014-11-23 10:46 ` Michael S. Tsirkin
2014-11-23 18:43 ` David Miller
2014-11-23 20:30 ` Michael S. Tsirkin
2014-11-24 1:23 ` David Miller
2014-11-24 8:02 ` Michael S. Tsirkin
2014-11-24 14:28 ` Pankaj Gupta [this message]
2014-11-24 3:23 ` Jason Wang
2014-11-24 7:55 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1253769917.3166193.1416839305146.JavaMail.zimbra@redhat.com \
--to=pagupta@redhat.com \
--cc=bhutchings@solarflare.com \
--cc=davem@davemloft.net \
--cc=dgibson@redhat.com \
--cc=edumazet@google.com \
--cc=hkchu@google.com \
--cc=jasowang@redhat.com \
--cc=jiri@resnulli.us \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=sergei.shtylyov@cogentembedded.com \
--cc=stephen@networkplumber.org \
--cc=therbert@google.com \
--cc=vfalico@gmail.com \
--cc=vyasevic@redhat.com \
--cc=wuzhy@linux.vnet.ibm.com \
--cc=xemul@parallels.com \
--cc=xii@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).