提交 37641494 编写于 作者: W Wei Liu 提交者: David S. Miller

xen-netback: better names for thresholds

This patch only changes some names to avoid confusion.

In this patch we have:

  MAX_SKB_SLOTS_DEFAULT -> FATAL_SKB_SLOTS_DEFAULT
  max_skb_slots -> fatal_skb_slots
  #define XEN_NETBK_LEGACY_SLOTS_MAX XEN_NETIF_NR_SLOTS_MIN

The fatal_skb_slots is the threshold to determine whether a packet is
malicious.

XEN_NETBK_LEGACY_SLOTS_MAX is the maximum slots a valid packet can have at
this point. It is defined to be XEN_NETIF_NR_SLOTS_MIN because that's
guaranteed to be supported by all backends.
Suggested-by: NIan Campbell <ian.campbell@citrix.com>
Signed-off-by: NWei Liu <wei.liu2@citrix.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 59ccb4eb
...@@ -51,9 +51,17 @@ ...@@ -51,9 +51,17 @@
* This is the maximum slots a skb can have. If a guest sends a skb * This is the maximum slots a skb can have. If a guest sends a skb
* which exceeds this limit it is considered malicious. * which exceeds this limit it is considered malicious.
*/ */
#define MAX_SKB_SLOTS_DEFAULT 20 #define FATAL_SKB_SLOTS_DEFAULT 20
static unsigned int max_skb_slots = MAX_SKB_SLOTS_DEFAULT; static unsigned int fatal_skb_slots = FATAL_SKB_SLOTS_DEFAULT;
module_param(max_skb_slots, uint, 0444); module_param(fatal_skb_slots, uint, 0444);
/*
* To avoid confusion, we define XEN_NETBK_LEGACY_SLOTS_MAX indicating
* the maximum slots a valid packet can use. Now this value is defined
* to be XEN_NETIF_NR_SLOTS_MIN, which is supposed to be supported by
* all backend.
*/
#define XEN_NETBK_LEGACY_SLOTS_MAX XEN_NETIF_NR_SLOTS_MIN
typedef unsigned int pending_ring_idx_t; typedef unsigned int pending_ring_idx_t;
#define INVALID_PENDING_RING_IDX (~0U) #define INVALID_PENDING_RING_IDX (~0U)
...@@ -953,25 +961,26 @@ static int netbk_count_requests(struct xenvif *vif, ...@@ -953,25 +961,26 @@ static int netbk_count_requests(struct xenvif *vif,
/* This guest is really using too many slots and /* This guest is really using too many slots and
* considered malicious. * considered malicious.
*/ */
if (unlikely(slots >= max_skb_slots)) { if (unlikely(slots >= fatal_skb_slots)) {
netdev_err(vif->dev, netdev_err(vif->dev,
"Malicious frontend using %d slots, threshold %u\n", "Malicious frontend using %d slots, threshold %u\n",
slots, max_skb_slots); slots, fatal_skb_slots);
netbk_fatal_tx_err(vif); netbk_fatal_tx_err(vif);
return -E2BIG; return -E2BIG;
} }
/* Xen network protocol had implicit dependency on /* Xen network protocol had implicit dependency on
* MAX_SKB_FRAGS. XEN_NETIF_NR_SLOTS_MIN is set to the * MAX_SKB_FRAGS. XEN_NETBK_LEGACY_SLOTS_MAX is set to
* historical MAX_SKB_FRAGS value 18 to honor the same * the historical MAX_SKB_FRAGS value 18 to honor the
* behavior as before. Any packet using more than 18 * same behavior as before. Any packet using more than
* slots but less than max_skb_slots slots is dropped * 18 slots but less than fatal_skb_slots slots is
* dropped
*/ */
if (!drop_err && slots >= XEN_NETIF_NR_SLOTS_MIN) { if (!drop_err && slots >= XEN_NETBK_LEGACY_SLOTS_MAX) {
if (net_ratelimit()) if (net_ratelimit())
netdev_dbg(vif->dev, netdev_dbg(vif->dev,
"Too many slots (%d) exceeding limit (%d), dropping packet\n", "Too many slots (%d) exceeding limit (%d), dropping packet\n",
slots, XEN_NETIF_NR_SLOTS_MIN); slots, XEN_NETBK_LEGACY_SLOTS_MAX);
drop_err = -E2BIG; drop_err = -E2BIG;
} }
...@@ -1053,7 +1062,7 @@ static struct gnttab_copy *xen_netbk_get_requests(struct xen_netbk *netbk, ...@@ -1053,7 +1062,7 @@ static struct gnttab_copy *xen_netbk_get_requests(struct xen_netbk *netbk,
struct pending_tx_info *first = NULL; struct pending_tx_info *first = NULL;
/* At this point shinfo->nr_frags is in fact the number of /* At this point shinfo->nr_frags is in fact the number of
* slots, which can be as large as XEN_NETIF_NR_SLOTS_MIN. * slots, which can be as large as XEN_NETBK_LEGACY_SLOTS_MAX.
*/ */
nr_slots = shinfo->nr_frags; nr_slots = shinfo->nr_frags;
...@@ -1415,12 +1424,12 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk) ...@@ -1415,12 +1424,12 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk)
struct sk_buff *skb; struct sk_buff *skb;
int ret; int ret;
while ((nr_pending_reqs(netbk) + XEN_NETIF_NR_SLOTS_MIN while ((nr_pending_reqs(netbk) + XEN_NETBK_LEGACY_SLOTS_MAX
< MAX_PENDING_REQS) && < MAX_PENDING_REQS) &&
!list_empty(&netbk->net_schedule_list)) { !list_empty(&netbk->net_schedule_list)) {
struct xenvif *vif; struct xenvif *vif;
struct xen_netif_tx_request txreq; struct xen_netif_tx_request txreq;
struct xen_netif_tx_request txfrags[XEN_NETIF_NR_SLOTS_MIN]; struct xen_netif_tx_request txfrags[XEN_NETBK_LEGACY_SLOTS_MAX];
struct page *page; struct page *page;
struct xen_netif_extra_info extras[XEN_NETIF_EXTRA_TYPE_MAX-1]; struct xen_netif_extra_info extras[XEN_NETIF_EXTRA_TYPE_MAX-1];
u16 pending_idx; u16 pending_idx;
...@@ -1508,7 +1517,7 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk) ...@@ -1508,7 +1517,7 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk)
pending_idx = netbk->pending_ring[index]; pending_idx = netbk->pending_ring[index];
data_len = (txreq.size > PKT_PROT_LEN && data_len = (txreq.size > PKT_PROT_LEN &&
ret < XEN_NETIF_NR_SLOTS_MIN) ? ret < XEN_NETBK_LEGACY_SLOTS_MAX) ?
PKT_PROT_LEN : txreq.size; PKT_PROT_LEN : txreq.size;
skb = alloc_skb(data_len + NET_SKB_PAD + NET_IP_ALIGN, skb = alloc_skb(data_len + NET_SKB_PAD + NET_IP_ALIGN,
...@@ -1787,7 +1796,7 @@ static inline int rx_work_todo(struct xen_netbk *netbk) ...@@ -1787,7 +1796,7 @@ static inline int rx_work_todo(struct xen_netbk *netbk)
static inline int tx_work_todo(struct xen_netbk *netbk) static inline int tx_work_todo(struct xen_netbk *netbk)
{ {
if ((nr_pending_reqs(netbk) + XEN_NETIF_NR_SLOTS_MIN if ((nr_pending_reqs(netbk) + XEN_NETBK_LEGACY_SLOTS_MAX
< MAX_PENDING_REQS) && < MAX_PENDING_REQS) &&
!list_empty(&netbk->net_schedule_list)) !list_empty(&netbk->net_schedule_list))
return 1; return 1;
...@@ -1872,11 +1881,11 @@ static int __init netback_init(void) ...@@ -1872,11 +1881,11 @@ static int __init netback_init(void)
if (!xen_domain()) if (!xen_domain())
return -ENODEV; return -ENODEV;
if (max_skb_slots < XEN_NETIF_NR_SLOTS_MIN) { if (fatal_skb_slots < XEN_NETBK_LEGACY_SLOTS_MAX) {
printk(KERN_INFO printk(KERN_INFO
"xen-netback: max_skb_slots too small (%d), bump it to XEN_NETIF_NR_SLOTS_MIN (%d)\n", "xen-netback: fatal_skb_slots too small (%d), bump it to XEN_NETBK_LEGACY_SLOTS_MAX (%d)\n",
max_skb_slots, XEN_NETIF_NR_SLOTS_MIN); fatal_skb_slots, XEN_NETBK_LEGACY_SLOTS_MAX);
max_skb_slots = XEN_NETIF_NR_SLOTS_MIN; fatal_skb_slots = XEN_NETBK_LEGACY_SLOTS_MAX;
} }
xen_netbk_group_nr = num_online_cpus(); xen_netbk_group_nr = num_online_cpus();
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册