Commit afbb98f9 authored by K. Y. Srinivasan's avatar K. Y. Srinivasan Committed by Greg Kroah-Hartman

Drivers: hv: vmbus: Base host signaling strictly on the ring state

commit 74198eb4 upstream.

One of the factors that can result in the host concluding that a given
guest in mounting a DOS attack is if the guest generates interrupts
to the host when the host is not expecting it. If these "spurious"
interrupts reach a certain rate, the host can throttle the guest to
minimize the impact. The host computation of the "expected number
of interrupts" is strictly based on the ring transitions. Until
the host logic is fixed, base the guest logic to interrupt solely
on the ring state.
Signed-off-by: default avatarK. Y. Srinivasan <kys@microsoft.com>
Cc: Rolf Neugebauer <rolf.neugebauer@docker.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent e68f0dbb
...@@ -676,10 +676,18 @@ int vmbus_sendpacket_ctl(struct vmbus_channel *channel, void *buffer, ...@@ -676,10 +676,18 @@ int vmbus_sendpacket_ctl(struct vmbus_channel *channel, void *buffer,
* NOTE: in this case, the hvsock channel is an exception, because * NOTE: in this case, the hvsock channel is an exception, because
* it looks the host side's hvsock implementation has a throttling * it looks the host side's hvsock implementation has a throttling
* mechanism which can hurt the performance otherwise. * mechanism which can hurt the performance otherwise.
*
* KYS: Oct. 30, 2016:
* It looks like Windows hosts have logic to deal with DOS attacks that
* can be triggered if it receives interrupts when it is not expecting
* the interrupt. The host expects interrupts only when the ring
* transitions from empty to non-empty (or full to non full on the guest
* to host ring).
* So, base the signaling decision solely on the ring state until the
* host logic is fixed.
*/ */
if (((ret == 0) && kick_q && signal) || if (((ret == 0) && signal))
(ret && !is_hvsock_channel(channel)))
vmbus_setevent(channel); vmbus_setevent(channel);
return ret; return ret;
...@@ -786,9 +794,18 @@ int vmbus_sendpacket_pagebuffer_ctl(struct vmbus_channel *channel, ...@@ -786,9 +794,18 @@ int vmbus_sendpacket_pagebuffer_ctl(struct vmbus_channel *channel,
* If we cannot write to the ring-buffer; signal the host * If we cannot write to the ring-buffer; signal the host
* even if we may not have written anything. This is a rare * even if we may not have written anything. This is a rare
* enough condition that it should not matter. * enough condition that it should not matter.
*
* KYS: Oct. 30, 2016:
* It looks like Windows hosts have logic to deal with DOS attacks that
* can be triggered if it receives interrupts when it is not expecting
* the interrupt. The host expects interrupts only when the ring
* transitions from empty to non-empty (or full to non full on the guest
* to host ring).
* So, base the signaling decision solely on the ring state until the
* host logic is fixed.
*/ */
if (((ret == 0) && kick_q && signal) || (ret)) if (((ret == 0) && signal))
vmbus_setevent(channel); vmbus_setevent(channel);
return ret; return ret;
......
...@@ -449,8 +449,6 @@ static void vmbus_process_offer(struct vmbus_channel *newchannel) ...@@ -449,8 +449,6 @@ static void vmbus_process_offer(struct vmbus_channel *newchannel)
} }
dev_type = hv_get_dev_type(newchannel); dev_type = hv_get_dev_type(newchannel);
if (dev_type == HV_NIC)
set_channel_signal_state(newchannel, HV_SIGNAL_POLICY_EXPLICIT);
init_vp_index(newchannel, dev_type); init_vp_index(newchannel, dev_type);
......
...@@ -75,13 +75,6 @@ static bool hv_need_to_signal(u32 old_write, struct hv_ring_buffer_info *rbi, ...@@ -75,13 +75,6 @@ static bool hv_need_to_signal(u32 old_write, struct hv_ring_buffer_info *rbi,
if (READ_ONCE(rbi->ring_buffer->interrupt_mask)) if (READ_ONCE(rbi->ring_buffer->interrupt_mask))
return false; return false;
/*
* When the client wants to control signaling,
* we only honour the host interrupt mask.
*/
if (policy == HV_SIGNAL_POLICY_EXPLICIT)
return true;
/* check interrupt_mask before read_index */ /* check interrupt_mask before read_index */
virt_rmb(); virt_rmb();
/* /*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment