From: Ian Campbell <Ian.Campbell@citrix.com>
To: David Vrabel <david.vrabel@citrix.com>
Cc: <netdev@vger.kernel.org>, <xen-devel@lists.xenproject.org>,
Wei Liu <wei.liu2@citrix.com>,
Malcolm Crossley <malcolm.crossley@citrix.com>
Subject: Re: [PATCHv1 net-next] xen-netback: remove unconditional pull_skb_tail in guest Tx path
Date: Mon, 3 Nov 2014 17:55:37 +0000 [thread overview]
Message-ID: <1415037337.1411.9.camel@citrix.com> (raw)
In-Reply-To: <5457BF80.2000205@citrix.com>
On Mon, 2014-11-03 at 17:46 +0000, David Vrabel wrote:
> On 03/11/14 17:39, Ian Campbell wrote:
> > On Mon, 2014-11-03 at 17:23 +0000, David Vrabel wrote:
> >> From: Malcolm Crossley <malcolm.crossley@citrix.com>
> >>
> >> Unconditionally pulling 128 bytes into the linear buffer is not
> >> required. Netback has already grant copied up-to 128 bytes from the
> >> first slot of a packet into the linear buffer. The first slot normally
> >> contain all the IPv4/IPv6 and TCP/UDP headers.
> >
> > What about when it doesn't? It sounds as if we now won't pull up, which
> > would be bad.
>
> The network stack will always pull any headers it needs to inspect (the
> frag may be a userspace page which has the same security issues as a
> frag with a foreign page).
I don't believe it will, unless something changed since I last looked.
The kernel assumes that it has been sensible enough to put the headers
in the linear area, since it is the one which generates them in most
cases. In other cases its up to the relevant driver to make sure this is
true.
> e.g., see skb_checksum_setup() called slightly later on in netback.
This however is what will make things safe for us (note that this is
only used by xen-net* in practice), it is this which should be mentioned
in the commit message I think.
> > To avoid the pull up the code would need to grant copy up-to 128 bytes
> > from as many slots as needed, not only the first.
> >
> > Also, if the grant copy has already placed 128 bytes in the linear area,
> > why is the pull up touching anything in the first place? Shouldn't it be
> > a nop in that case?
>
> The grant copy only copies from the first frag which may be less than
> 128 bytes in length.
>
> David
next prev parent reply other threads:[~2014-11-03 18:06 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-03 17:23 [PATCHv1 net-next] xen-netback: remove unconditional pull_skb_tail in guest Tx path David Vrabel
2014-11-03 17:39 ` Ian Campbell
2014-11-03 17:46 ` David Vrabel
2014-11-03 17:55 ` Ian Campbell [this message]
2014-11-03 18:23 ` [Xen-devel] " Zoltan Kiss
2014-11-04 21:17 ` David Miller
2014-11-04 21:43 ` Eric Dumazet
2014-11-05 10:46 ` David Vrabel
2014-11-05 10:53 ` Ian Campbell
2014-11-05 9:51 ` Ian Campbell
2014-11-05 17:15 ` David Miller
2014-11-04 21:41 ` David Miller
2014-11-05 9:53 ` Ian Campbell
2014-11-05 17:16 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1415037337.1411.9.camel@citrix.com \
--to=ian.campbell@citrix.com \
--cc=david.vrabel@citrix.com \
--cc=malcolm.crossley@citrix.com \
--cc=netdev@vger.kernel.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).