[dpdk-dev] [PATCH 00/12] Vhost: CVE-2018-1059 fixes

Yao, Lei A lei.a.yao at intel.com
Wed May 2 14:10:23 CEST 2018



> -----Original Message-----
> From: Maxime Coquelin [mailto:maxime.coquelin at redhat.com]
> Sent: Wednesday, May 2, 2018 5:20 PM
> To: Yao, Lei A <lei.a.yao at intel.com>; dev at dpdk.org
> Cc: Bie, Tiwei <tiwei.bie at intel.com>
> Subject: Re: [dpdk-dev] [PATCH 00/12] Vhost: CVE-2018-1059 fixes
> 
> Hi Lei,
> 
> Thanks for the perf report.
> 
> On 05/02/2018 07:08 AM, Yao, Lei A wrote:
> > Hi, Maxime
> >
> > During the 18.05-rc1 performance testing, I find this patch set will bring
> > slightly performance drop on mergeable and normal path, and big
> performance
> > drop on vector path. Could you have a check on this? I know this patch is
> > important for security. Not sure if there is any way to improve the
> performance.
> >
> 
> Could you please share info about the use cases you are benchmarking?
> 
I run vhost/virtio loopback test .
> There may be ways to improve the performance, for this we would need to
> profile the code to understand where the bottlenecks are.
> 
> 
> > Mergebale
> > packet size
> > 64	0.80%
> > 128	-2.75%
> > 260	-2.93%
> > 520	-2.72%
> > 1024	-1.18%
> > 1500	-0.65%
> >
> > Normal
> > packet size
> > 64	-1.47%
> > 128	-7.43%
> > 260	-3.66%
> > 520	-2.52%
> > 1024	-1.19%
> > 1500	-0.78%
> >
> > Vector
> > packet size
> > 64	-8.60%
> > 128	-3.54%
> > 260	-2.63%
> > 520	-6.12%
> > 1024	-1.05%
> > 1500	-1.20%
> 
> Are you sure this is only this series that induces such a big
> performance drop in vector test? I.e. have you run the benchmark
> just before and right after the series is applied?
Yes. The performance drop I list here is just compared before and after your 
patch set. The key patch bring performance drop is this commit
" Commit hash:	41333fba5b98945b8051e7b48f8fe47432cdd356"
vhost: introduce safe API for GPA translation.

Between 18.02 and 18.05-rc1, there are some other performance drop, but not
so large. I need more git bisect work to identify.  


> 
> Thanks,
> Maxime
> > CPU info: Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz
> > OS: Ubuntu 16.04
> >
> > BRs
> > Lei
> >
> >> -----Original Message-----
> >> From: dev [mailto:dev-bounces at dpdk.org] On Behalf Of Maxime
> Coquelin
> >> Sent: Monday, April 23, 2018 11:58 PM
> >> To: dev at dpdk.org
> >> Cc: Maxime Coquelin <maxime.coquelin at redhat.com>
> >> Subject: [dpdk-dev] [PATCH 00/12] Vhost: CVE-2018-1059 fixes
> >>
> >> This series fixes the security vulnerability referenced
> >> as CVE-2018-1059.
> >>
> >> Patches are already applied to the branch, but reviews
> >> are encouraged. Any issues spotted would be fixed on top.
> >>
> >> Maxime Coquelin (12):
> >>    vhost: fix indirect descriptors table translation size
> >>    vhost: check all range is mapped when translating GPAs
> >>    vhost: introduce safe API for GPA translation
> >>    vhost: ensure all range is mapped when translating QVAs
> >>    vhost: add support for non-contiguous indirect descs tables
> >>    vhost: handle virtually non-contiguous buffers in Tx
> >>    vhost: handle virtually non-contiguous buffers in Rx
> >>    vhost: handle virtually non-contiguous buffers in Rx-mrg
> >>    examples/vhost: move to safe GPA translation API
> >>    examples/vhost_scsi: move to safe GPA translation API
> >>    vhost/crypto: move to safe GPA translation API
> >>    vhost: deprecate unsafe GPA translation API
> >>
> >>   examples/vhost/virtio_net.c            |  94 +++++++-
> >>   examples/vhost_scsi/vhost_scsi.c       |  56 ++++-
> >>   lib/librte_vhost/rte_vhost.h           |  46 ++++
> >>   lib/librte_vhost/rte_vhost_version.map |   4 +-
> >>   lib/librte_vhost/vhost.c               |  39 ++--
> >>   lib/librte_vhost/vhost.h               |   8 +-
> >>   lib/librte_vhost/vhost_crypto.c        |  65 ++++--
> >>   lib/librte_vhost/vhost_user.c          |  58 +++--
> >>   lib/librte_vhost/virtio_net.c          | 411
> ++++++++++++++++++++++++++++-
> >> ----
> >>   9 files changed, 650 insertions(+), 131 deletions(-)
> >>
> >> --
> >> 2.14.3
> >


More information about the dev mailing list