[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH net V2] xen-netback: disable rogue vif in kthread context

To: David Vrabel <david.vrabel@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>
From: Zoltan Kiss <zoltan.kiss@xxxxxxxxxx>
Date: Tue, 25 Mar 2014 13:40:14 +0000
Cc: netdev@xxxxxxxxxxxxxxx, paul.durrant@xxxxxxxxxx, edwin@xxxxxxxxxx, Ian Campbell <ian.campbell@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx
Delivery-date: Tue, 25 Mar 2014 13:40:22 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 25/03/14 13:04, David Vrabel wrote:

On 25/03/14 12:20, Wei Liu wrote:

When netback discovers frontend is sending malformed packet it will
disables the interface which serves that frontend.

However disabling a network interface involving taking a mutex which
cannot be done in softirq context, so we need to defer this process to
kthread context.

This patch does the following:
1. introduce a flag to indicate the interface is disabled.
2. check that flag in TX path, don't do any work if it's true.
3. check that flag in RX path, turn off that interface if it's true.

The reason to disable it in RX path is because RX uses kthread. After
this change the behavior of netback is still consistent -- it won't do
any TX work for a rogue frontend, and the interface will be eventually
turned off.

[...]

--- a/drivers/net/xen-netback/interface.c
+++ b/drivers/net/xen-netback/interface.c
@@ -61,12 +61,23 @@ static int xenvif_poll(struct napi_struct *napi, int budget)
  {
        struct xenvif *vif = container_of(napi, struct xenvif, napi);
        int work_done;
+       unsigned long flags;
+
+       /* This vif is rogue, we pretend we've there is nothing to do
+        * for this vif to deschedule it from NAPI. But this interface
+        * will be turned off in thread context later.
+        */
+       if (unlikely(vif->disabled)) {
+               local_irq_save(flags);
+               __napi_complete(napi);
+               local_irq_restore(flags);


Why isn't this napi_complete(napi) (which uses local_irq_save/restore()
internally)?

I guess we don't need napi_gro_flush, so you can spare a few cycles, andI don't know if we need to check for netpoll, I'm not sure it's asensible thing to run debug console from a guest towards the backend (ordo I misunderstand what's the purpose here?)


David



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH net V2] xen-netback: disable rogue vif in kthread context
  - From: Wei Liu
- Re: [Xen-devel] [PATCH net V2] xen-netback: disable rogue vif in kthread context
  - From: David Vrabel

Prev by Date: Re: [Xen-devel] [PATCH net V2] xen-netback: disable rogue vif in kthread context
Next by Date: Re: [Xen-devel] [PATCH] build: fix sed usage in build process
Previous by thread: Re: [Xen-devel] [PATCH net V2] xen-netback: disable rogue vif in kthread context
Next by thread: Re: [Xen-devel] [PATCH net V2] xen-netback: disable rogue vif in kthread context
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.