From: John Fastabend <john.fastabend@gmail.com>
To: David Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org, danny.zhou@intel.com,
nhorman@tuxdriver.com, dborkman@redhat.com,
john.ronciak@intel.com, hannes@stressinduktion.org,
brouer@redhat.com
Subject: Re: [RFC PATCH v2 1/2] net: af_packet support for direct ring access in user space
Date: Sat, 17 Jan 2015 09:35:44 -0800 [thread overview]
Message-ID: <54BA9D70.50403@gmail.com> (raw)
In-Reply-To: <20150114.153509.1264618607573705890.davem@davemloft.net>
On 01/14/2015 12:35 PM, David Miller wrote:
> From: John Fastabend <john.fastabend@gmail.com>
> Date: Mon, 12 Jan 2015 20:35:11 -0800
>
>> + if ((region.direction != DMA_BIDIRECTIONAL) &&
>> + (region.direction != DMA_TO_DEVICE) &&
>> + (region.direction != DMA_FROM_DEVICE))
>> + return -EFAULT;
> ...
>> + if ((umem->nmap == npages) &&
>> + (0 != dma_map_sg(dev->dev.parent, umem->sglist,
>> + umem->nmap, region.direction))) {
>> + region.iova = sg_dma_address(umem->sglist) + offset;
>
> I am having trouble seeing how this can work.
>
> dma_map_{single,sg}() mappings need synchronization after a DMA
> transfer takes place.
>
> For example if the DMA occurs to the device, then that region can
> be cached in the PCI controller's internal caches and thus future
> cpu writes into that memory region will not be seen, until a
> dma_sync_*() is invoked.
>
> That isn't going to happen when the device transmit queue is
> being completely managed in userspace.
>
> And this takes us back to the issue of protection, I don't think
> it is addressed properly yet.
>
> CAP_NET_ADMIN privileges do not mean "can crap all over memory"
> yet with this feature that can still happen.
>
> If we are dealing with a device which cannot provide strict protection
> to only the process's locked local pages, you have to do something
> to implement that protection.
>
> And you have _exactly_ one option to do that, abstracting the page
> addresses and eating a system call to trigger the sends, so that you
> can read from the user's (fake) descriptors and write into the real
> descriptors (translating the DMA addresses along the way) and
> triggering the TX doorbell.
OK, I think this brings us back to some of the original designs/ideas
we were thinking about with Daniel/Neil. We are going to take a look
at this. At least on the RX side we can have the af_packet logic give
us a set of DMA addresses'. I wonder if we can also make the busy
poll logic per queue and use it.
>
> I am not going to consider seriously an implementation that says "yeah
> sometimes the user can crap onto other people's memory", this isn't
> MS-DOS, it's a system where proper memory protections are mandatory
> rather than optional.
>
More to sort out on our side. Thanks for looking at the patches.
.John
--
John Fastabend Intel Corporation
next prev parent reply other threads:[~2015-01-17 17:36 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-13 4:35 [RFC PATCH v2 1/2] net: af_packet support for direct ring access in user space John Fastabend
2015-01-13 4:35 ` [RFC PATCH v2 2/2] net: ixgbe: implement af_packet direct queue mappings John Fastabend
2015-01-13 12:05 ` Hannes Frederic Sowa
2015-01-13 14:26 ` Daniel Borkmann
2015-01-13 15:46 ` John Fastabend
2015-01-13 18:18 ` Daniel Borkmann
2015-01-13 18:58 ` Willem de Bruijn
2015-01-13 4:42 ` [RFC PATCH v2 1/2] net: af_packet support for direct ring access in user space John Fastabend
2015-01-13 12:35 ` Hannes Frederic Sowa
2015-01-13 13:21 ` Daniel Borkmann
2015-01-13 15:24 ` John Fastabend
2015-01-13 17:15 ` David Laight
2015-01-13 17:27 ` David Miller
2015-01-14 15:28 ` Zhou, Danny
2015-01-13 15:12 ` Daniel Borkmann
2015-01-13 15:58 ` John Fastabend
2015-01-13 16:05 ` Daniel Borkmann
2015-01-13 16:19 ` Neil Horman
2015-01-13 18:52 ` Willem de Bruijn
2015-01-14 15:26 ` Zhou, Danny
2015-01-14 20:35 ` David Miller
2015-01-17 17:35 ` John Fastabend [this message]
2015-01-18 22:02 ` Neil Horman
2015-01-19 21:45 ` Neil Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54BA9D70.50403@gmail.com \
--to=john.fastabend@gmail.com \
--cc=brouer@redhat.com \
--cc=danny.zhou@intel.com \
--cc=davem@davemloft.net \
--cc=dborkman@redhat.com \
--cc=hannes@stressinduktion.org \
--cc=john.ronciak@intel.com \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).