| Message ID | 1470655185-8676-1-git-send-email-i.maximets@samsung.com |
|---|---|
| State | Accepted |
| Delegated to: | Daniele Di Proietto |
| Headers | show |
2016-08-08 4:19 GMT-07:00 Ilya Maximets <i.maximets@samsung.com>: > Binding/unbinding of virtio driver inside VM leads to reconfiguration > of PMD threads. This behaviour may be abused by executing bind/unbind > in an infinite loop to break normal networking on all ports attached > to the same instance of Open vSwitch. > > Fix that by avoiding reconfiguration if it's not necessary. > Number of queues will not be decreased to 1 on device disconnection but > it's not very important in comparison with possible DOS attack from the > inside of guest OS. > > Makes sense to me Applied to master, thanks > Fixes: 81acebdaaf27 ("netdev-dpdk: Obtain number of queues for vhost > ports from attached virtio.") > Reported-by: Ciara Loftus <ciara.loftus@intel.com> > Signed-off-by: Ilya Maximets <i.maximets@samsung.com> > --- > > Version 2: > * Set 'vhost_reconfigured' flag if reconfiguration not > required. > * Rebased on current master. > > lib/netdev-dpdk.c | 19 +++++++++++-------- > 1 file changed, 11 insertions(+), 8 deletions(-) > > diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c > index b671601..ea0e16e 100644 > --- a/lib/netdev-dpdk.c > +++ b/lib/netdev-dpdk.c > @@ -2299,10 +2299,17 @@ new_device(int vid) > newnode = dev->socket_id; > } > > - dev->requested_socket_id = newnode; > - dev->requested_n_rxq = qp_num; > - dev->requested_n_txq = qp_num; > - netdev_request_reconfigure(&dev->up); > + if (dev->requested_n_txq != qp_num > + || dev->requested_n_rxq != qp_num > + || dev->requested_socket_id != newnode) { > + dev->requested_socket_id = newnode; > + dev->requested_n_rxq = qp_num; > + dev->requested_n_txq = qp_num; > + netdev_request_reconfigure(&dev->up); > + } else { > + /* Reconfiguration not required. */ > + dev->vhost_reconfigured = true; > + } > > ovsrcu_index_set(&dev->vid, vid); > exists = true; > @@ -2362,11 +2369,7 @@ destroy_device(int vid) > ovs_mutex_lock(&dev->mutex); > dev->vhost_reconfigured = false; > ovsrcu_index_set(&dev->vid, -1); > - /* Clear tx/rx queue settings. */ > netdev_dpdk_txq_map_clear(dev); > - dev->requested_n_rxq = NR_QUEUE; > - dev->requested_n_txq = NR_QUEUE; > - netdev_request_reconfigure(&dev->up); > > netdev_change_seq_changed(&dev->up); > ovs_mutex_unlock(&dev->mutex); > -- > 2.7.4 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > http://openvswitch.org/mailman/listinfo/dev >
diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c index b671601..ea0e16e 100644 --- a/lib/netdev-dpdk.c +++ b/lib/netdev-dpdk.c @@ -2299,10 +2299,17 @@ new_device(int vid) newnode = dev->socket_id; } - dev->requested_socket_id = newnode; - dev->requested_n_rxq = qp_num; - dev->requested_n_txq = qp_num; - netdev_request_reconfigure(&dev->up); + if (dev->requested_n_txq != qp_num + || dev->requested_n_rxq != qp_num + || dev->requested_socket_id != newnode) { + dev->requested_socket_id = newnode; + dev->requested_n_rxq = qp_num; + dev->requested_n_txq = qp_num; + netdev_request_reconfigure(&dev->up); + } else { + /* Reconfiguration not required. */ + dev->vhost_reconfigured = true; + } ovsrcu_index_set(&dev->vid, vid); exists = true; @@ -2362,11 +2369,7 @@ destroy_device(int vid) ovs_mutex_lock(&dev->mutex); dev->vhost_reconfigured = false; ovsrcu_index_set(&dev->vid, -1); - /* Clear tx/rx queue settings. */ netdev_dpdk_txq_map_clear(dev); - dev->requested_n_rxq = NR_QUEUE; - dev->requested_n_txq = NR_QUEUE; - netdev_request_reconfigure(&dev->up); netdev_change_seq_changed(&dev->up); ovs_mutex_unlock(&dev->mutex);
Binding/unbinding of virtio driver inside VM leads to reconfiguration of PMD threads. This behaviour may be abused by executing bind/unbind in an infinite loop to break normal networking on all ports attached to the same instance of Open vSwitch. Fix that by avoiding reconfiguration if it's not necessary. Number of queues will not be decreased to 1 on device disconnection but it's not very important in comparison with possible DOS attack from the inside of guest OS. Fixes: 81acebdaaf27 ("netdev-dpdk: Obtain number of queues for vhost ports from attached virtio.") Reported-by: Ciara Loftus <ciara.loftus@intel.com> Signed-off-by: Ilya Maximets <i.maximets@samsung.com> --- Version 2: * Set 'vhost_reconfigured' flag if reconfiguration not required. * Rebased on current master. lib/netdev-dpdk.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-)