[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RFC] netif: staging grants for requests

To: Paul Durrant <Paul.Durrant@xxxxxxxxxx>
From: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Date: Mon, 9 Jan 2017 10:25:43 -0800 (PST)
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Joao Martins <joao.m.martins@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
Delivery-date: Mon, 09 Jan 2017 18:25:52 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Mon, 9 Jan 2017, Paul Durrant wrote:
> > Wouldn't it be better to introduce the new memcpy based scheme for RX
> > only?
> 
> It would certainly be reasonable to tackle RX first. But I don't want to 
> force a copy in the TX path when it may be possible to avoid it.
> 
> > 
> > This suggestion increases the total amount of grants and the amount of
> > non-packet data simultaneously shared from frontend to backend by
> > "accident" (because it happens to be on the same pages that are granted
> > to the backend). Am I right? If so, it could be a security concern.
> > Let's keep in mind that if we trust the backend then we might as well go
> > all the way and assume that the backend is in Dom0 and can map any mfn
> > in memory without requiring grants. That would be a simple extension
> > guaranteed to have great performance (I am in favor of this FYI).
> 
> I'm not sure that we want to do away with grants altogether. In my scheme the 
> frontend can ask for its grants back so that it doesn't leak, but if it's 
> willing to place more trust in the backend then it can grant pages from the 
> stack which may contain other information. Certainly bypassing grants would 
> be a quick performance boost but it's an all-or-nothing approach, whereas I'm 
> shooting for something more flexible.

I understand the intent but this is a suboptimal choice. If we do trust
the backend, then we can do better by using MFNs instead of grants. It
is simpler and more efficient. I prefer to make decisions based on
numbers, rather than gut feeling, but I bet that the MFN solution would
be significantly faster. If we do not trust the backend, then we would
be better off with a pure memcpy approach. This half-way proposal tries
to please both the security crowd and the performance crowd but leaves
them both wanting.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- Re: [Xen-devel] [RFC] netif: staging grants for requests
  - From: Paul Durrant
- Re: [Xen-devel] [RFC] netif: staging grants for requests
  - From: Stefano Stabellini
- Re: [Xen-devel] [RFC] netif: staging grants for requests
  - From: Paul Durrant

Prev by Date: [Xen-devel] [qemu-mainline test] 104083: regressions - FAIL
Next by Date: Re: [Xen-devel] [PATCH v6 00/14] linux: generalize sections, ranges and linker tables
Previous by thread: Re: [Xen-devel] [RFC] netif: staging grants for requests
Next by thread: Re: [Xen-devel] [RFC] netif: staging grants for requests
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.