From: Ian Campbell <Ian.Campbell@citrix.com>
To: David Miller <davem@davemloft.net>
Cc: <zoltan.kiss@linaro.org>, <david.vrabel@citrix.com>,
<netdev@vger.kernel.org>, <malcolm.crossley@citrix.com>,
<wei.liu2@citrix.com>, <xen-devel@lists.xenproject.org>
Subject: Re: [Xen-devel] [PATCHv1 net-next] xen-netback: remove unconditional pull_skb_tail in guest Tx path
Date: Wed, 5 Nov 2014 09:51:20 +0000 [thread overview]
Message-ID: <1415181080.11486.63.camel@citrix.com> (raw)
In-Reply-To: <20141104.161704.1690311989900127361.davem@davemloft.net>
On Tue, 2014-11-04 at 16:17 -0500, David Miller wrote:
> From: Zoltan Kiss <zoltan.kiss@linaro.org>
> Date: Mon, 03 Nov 2014 18:23:03 +0000
>
> >
> >
> > On 03/11/14 17:46, David Vrabel wrote:
> >> On 03/11/14 17:39, Ian Campbell wrote:
> >>> On Mon, 2014-11-03 at 17:23 +0000, David Vrabel wrote:
> >>>> From: Malcolm Crossley <malcolm.crossley@citrix.com>
> >>>>
> >>>> Unconditionally pulling 128 bytes into the linear buffer is not
> >>>> required. Netback has already grant copied up-to 128 bytes from the
> >>>> first slot of a packet into the linear buffer. The first slot normally
> >>>> contain all the IPv4/IPv6 and TCP/UDP headers.
> >>>
> >>> What about when it doesn't? It sounds as if we now won't pull up,
> >>> which
> >>> would be bad.
> >>
> >> The network stack will always pull any headers it needs to inspect
> >> (the
> >> frag may be a userspace page which has the same security issues as a
> >> frag with a foreign page).
> > I wouldn't bet my life on this, but indeed it should always happen.
>
> I would bet my life on it.
>
> Every protocol demux starts with pskb_may_pull() to pull frag data
> into the linear area, if necessary, before looking at headers.
Then I stand corrected, I was sure this wasn't the case (but my
information could well be a decade out of date...).
Is this also true for things which hit the iptables paths? I suppose
they must necessarily have already been through the protocol demux stage
before iptables would even be able to interpret them as e.g. an IP
packet.
Ian.
next prev parent reply other threads:[~2014-11-05 9:51 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-03 17:23 [PATCHv1 net-next] xen-netback: remove unconditional pull_skb_tail in guest Tx path David Vrabel
2014-11-03 17:39 ` Ian Campbell
2014-11-03 17:46 ` David Vrabel
2014-11-03 17:55 ` Ian Campbell
2014-11-03 18:23 ` [Xen-devel] " Zoltan Kiss
2014-11-04 21:17 ` David Miller
2014-11-04 21:43 ` Eric Dumazet
2014-11-05 10:46 ` David Vrabel
2014-11-05 10:53 ` Ian Campbell
2014-11-05 9:51 ` Ian Campbell [this message]
2014-11-05 17:15 ` David Miller
2014-11-04 21:41 ` David Miller
2014-11-05 9:53 ` Ian Campbell
2014-11-05 17:16 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1415181080.11486.63.camel@citrix.com \
--to=ian.campbell@citrix.com \
--cc=davem@davemloft.net \
--cc=david.vrabel@citrix.com \
--cc=malcolm.crossley@citrix.com \
--cc=netdev@vger.kernel.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
--cc=zoltan.kiss@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).