2011-03-15 08:06:18 +08:00
|
|
|
/*
|
|
|
|
* Back-end of the driver for virtual network devices. This portion of the
|
|
|
|
* driver exports a 'unified' network-device interface that can be accessed
|
|
|
|
* by any operating system that implements a compatible front end. A
|
|
|
|
* reference front-end implementation can be found in:
|
|
|
|
* drivers/net/xen-netfront.c
|
|
|
|
*
|
|
|
|
* Copyright (c) 2002-2005, K A Fraser
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License version 2
|
|
|
|
* as published by the Free Software Foundation; or, when distributed
|
|
|
|
* separately from the Linux kernel or incorporated into other
|
|
|
|
* software packages, subject to the following license:
|
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* of this source file (the "Software"), to deal in the Software without
|
|
|
|
* restriction, including without limitation the rights to use, copy, modify,
|
|
|
|
* merge, publish, distribute, sublicense, and/or sell copies of the Software,
|
|
|
|
* and to permit persons to whom the Software is furnished to do so, subject to
|
|
|
|
* the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be included in
|
|
|
|
* all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
|
|
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
|
|
|
* IN THE SOFTWARE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "common.h"
|
|
|
|
|
|
|
|
#include <linux/kthread.h>
|
|
|
|
#include <linux/if_vlan.h>
|
|
|
|
#include <linux/udp.h>
|
|
|
|
|
|
|
|
#include <net/tcp.h>
|
|
|
|
|
2012-08-09 01:21:23 +08:00
|
|
|
#include <xen/xen.h>
|
2011-03-15 08:06:18 +08:00
|
|
|
#include <xen/events.h>
|
|
|
|
#include <xen/interface/memory.h>
|
|
|
|
|
|
|
|
#include <asm/xen/hypercall.h>
|
|
|
|
#include <asm/xen/page.h>
|
|
|
|
|
2013-05-22 14:34:45 +08:00
|
|
|
/* Provide an option to disable split event channels at load time as
|
|
|
|
* event channels are limited resource. Split event channels are
|
|
|
|
* enabled by default.
|
|
|
|
*/
|
|
|
|
bool separate_tx_rx_irq = 1;
|
|
|
|
module_param(separate_tx_rx_irq, bool, 0644);
|
|
|
|
|
2013-04-22 10:20:42 +08:00
|
|
|
/*
|
|
|
|
* This is the maximum slots a skb can have. If a guest sends a skb
|
|
|
|
* which exceeds this limit it is considered malicious.
|
|
|
|
*/
|
2013-05-02 08:43:59 +08:00
|
|
|
#define FATAL_SKB_SLOTS_DEFAULT 20
|
|
|
|
static unsigned int fatal_skb_slots = FATAL_SKB_SLOTS_DEFAULT;
|
|
|
|
module_param(fatal_skb_slots, uint, 0444);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* To avoid confusion, we define XEN_NETBK_LEGACY_SLOTS_MAX indicating
|
|
|
|
* the maximum slots a valid packet can use. Now this value is defined
|
|
|
|
* to be XEN_NETIF_NR_SLOTS_MIN, which is supposed to be supported by
|
|
|
|
* all backend.
|
|
|
|
*/
|
|
|
|
#define XEN_NETBK_LEGACY_SLOTS_MAX XEN_NETIF_NR_SLOTS_MIN
|
2013-04-22 10:20:42 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* If head != INVALID_PENDING_RING_IDX, it means this tx request is head of
|
|
|
|
* one or more merged tx requests, otherwise it is the continuation of
|
|
|
|
* previous tx request.
|
|
|
|
*/
|
2013-08-26 19:59:38 +08:00
|
|
|
static inline int pending_tx_is_head(struct xenvif *vif, RING_IDX idx)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
2013-08-26 19:59:38 +08:00
|
|
|
return vif->pending_tx_info[idx].head != INVALID_PENDING_RING_IDX;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
static void xenvif_idx_release(struct xenvif *vif, u16 pending_idx,
|
|
|
|
u8 status);
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
static void make_tx_response(struct xenvif *vif,
|
|
|
|
struct xen_netif_tx_request *txp,
|
|
|
|
s8 st);
|
2013-08-26 19:59:38 +08:00
|
|
|
|
|
|
|
static inline int tx_work_todo(struct xenvif *vif);
|
|
|
|
static inline int rx_work_todo(struct xenvif *vif);
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
static struct xen_netif_rx_response *make_rx_response(struct xenvif *vif,
|
|
|
|
u16 id,
|
|
|
|
s8 st,
|
|
|
|
u16 offset,
|
|
|
|
u16 size,
|
|
|
|
u16 flags);
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
static inline unsigned long idx_to_pfn(struct xenvif *vif,
|
2011-10-05 08:28:46 +08:00
|
|
|
u16 idx)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
2013-08-26 19:59:38 +08:00
|
|
|
return page_to_pfn(vif->mmap_pages[idx]);
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
static inline unsigned long idx_to_kaddr(struct xenvif *vif,
|
2011-10-05 08:28:46 +08:00
|
|
|
u16 idx)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
2013-08-26 19:59:38 +08:00
|
|
|
return (unsigned long)pfn_to_kaddr(idx_to_pfn(vif, idx));
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-10-17 00:50:29 +08:00
|
|
|
/* This is a miniumum size for the linear area to avoid lots of
|
|
|
|
* calls to __pskb_pull_tail() as we set up checksum offsets. The
|
|
|
|
* value 128 was chosen as it covers all IPv4 and most likely
|
|
|
|
* IPv6 headers.
|
2011-03-15 08:06:18 +08:00
|
|
|
*/
|
2013-10-17 00:50:29 +08:00
|
|
|
#define PKT_PROT_LEN 128
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2011-10-05 08:28:46 +08:00
|
|
|
static u16 frag_get_pending_idx(skb_frag_t *frag)
|
|
|
|
{
|
|
|
|
return (u16)frag->page_offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void frag_set_pending_idx(skb_frag_t *frag, u16 pending_idx)
|
|
|
|
{
|
|
|
|
frag->page_offset = pending_idx;
|
|
|
|
}
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
static inline pending_ring_idx_t pending_index(unsigned i)
|
|
|
|
{
|
|
|
|
return i & (MAX_PENDING_REQS-1);
|
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
static inline pending_ring_idx_t nr_pending_reqs(struct xenvif *vif)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
return MAX_PENDING_REQS -
|
2013-08-26 19:59:38 +08:00
|
|
|
vif->pending_prod + vif->pending_cons;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
bool xenvif_rx_ring_slots_available(struct xenvif *vif, int needed)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
RING_IDX prod, cons;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
do {
|
|
|
|
prod = vif->rx.sring->req_prod;
|
|
|
|
cons = vif->rx.req_cons;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
if (prod - cons >= needed)
|
|
|
|
return true;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
vif->rx.sring->req_event = prod + 1;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
/* Make sure event is visible before we check prod
|
|
|
|
* again.
|
|
|
|
*/
|
|
|
|
mb();
|
|
|
|
} while (vif->rx.sring->req_prod != prod);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
return false;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Returns true if we should start a new receive buffer instead of
|
|
|
|
* adding 'size' bytes to a buffer which currently contains 'offset'
|
|
|
|
* bytes.
|
|
|
|
*/
|
|
|
|
static bool start_new_rx_buffer(int offset, unsigned long size, int head)
|
|
|
|
{
|
|
|
|
/* simple case: we have completely filled the current buffer. */
|
|
|
|
if (offset == MAX_BUFFER_OFFSET)
|
|
|
|
return true;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* complex case: start a fresh buffer if the current frag
|
|
|
|
* would overflow the current buffer but only if:
|
|
|
|
* (i) this frag would fit completely in the next buffer
|
|
|
|
* and (ii) there is already some data in the current buffer
|
|
|
|
* and (iii) this is not the head buffer.
|
|
|
|
*
|
|
|
|
* Where:
|
|
|
|
* - (i) stops us splitting a frag into two copies
|
|
|
|
* unless the frag is too large for a single buffer.
|
|
|
|
* - (ii) stops us from leaving a buffer pointlessly empty.
|
|
|
|
* - (iii) stops us leaving the first buffer
|
|
|
|
* empty. Strictly speaking this is already covered
|
|
|
|
* by (ii) but is explicitly checked because
|
|
|
|
* netfront relies on the first buffer being
|
|
|
|
* non-empty and can crash otherwise.
|
|
|
|
*
|
|
|
|
* This means we will effectively linearise small
|
|
|
|
* frags but do not needlessly split large buffers
|
|
|
|
* into multiple copies tend to give large frags their
|
|
|
|
* own buffers as before.
|
|
|
|
*/
|
2014-03-28 19:39:05 +08:00
|
|
|
BUG_ON(size > MAX_BUFFER_OFFSET);
|
|
|
|
if ((offset + size > MAX_BUFFER_OFFSET) && offset && !head)
|
2011-03-15 08:06:18 +08:00
|
|
|
return true;
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
struct netrx_pending_operations {
|
|
|
|
unsigned copy_prod, copy_cons;
|
|
|
|
unsigned meta_prod, meta_cons;
|
|
|
|
struct gnttab_copy *copy;
|
2013-08-26 19:59:38 +08:00
|
|
|
struct xenvif_rx_meta *meta;
|
2011-03-15 08:06:18 +08:00
|
|
|
int copy_off;
|
|
|
|
grant_ref_t copy_gref;
|
|
|
|
};
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
static struct xenvif_rx_meta *get_next_rx_buffer(struct xenvif *vif,
|
|
|
|
struct netrx_pending_operations *npo)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
2013-08-26 19:59:38 +08:00
|
|
|
struct xenvif_rx_meta *meta;
|
2011-03-15 08:06:18 +08:00
|
|
|
struct xen_netif_rx_request *req;
|
|
|
|
|
|
|
|
req = RING_GET_REQUEST(&vif->rx, vif->rx.req_cons++);
|
|
|
|
|
|
|
|
meta = npo->meta + npo->meta_prod++;
|
2013-10-17 00:50:32 +08:00
|
|
|
meta->gso_type = XEN_NETIF_GSO_TYPE_NONE;
|
2011-03-15 08:06:18 +08:00
|
|
|
meta->gso_size = 0;
|
|
|
|
meta->size = 0;
|
|
|
|
meta->id = req->id;
|
|
|
|
|
|
|
|
npo->copy_off = 0;
|
|
|
|
npo->copy_gref = req->gref;
|
|
|
|
|
|
|
|
return meta;
|
|
|
|
}
|
|
|
|
|
2013-10-08 17:54:21 +08:00
|
|
|
/*
|
|
|
|
* Set up the grant operations for this fragment. If it's a flipping
|
|
|
|
* interface, we also set up the unmap request from here.
|
|
|
|
*/
|
2013-08-26 19:59:39 +08:00
|
|
|
static void xenvif_gop_frag_copy(struct xenvif *vif, struct sk_buff *skb,
|
|
|
|
struct netrx_pending_operations *npo,
|
|
|
|
struct page *page, unsigned long size,
|
2013-10-08 17:54:21 +08:00
|
|
|
unsigned long offset, int *head)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
struct gnttab_copy *copy_gop;
|
2013-08-26 19:59:38 +08:00
|
|
|
struct xenvif_rx_meta *meta;
|
2011-03-15 08:06:18 +08:00
|
|
|
unsigned long bytes;
|
2014-03-10 22:58:34 +08:00
|
|
|
int gso_type = XEN_NETIF_GSO_TYPE_NONE;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
/* Data must not cross a page boundary. */
|
2012-10-10 11:48:42 +08:00
|
|
|
BUG_ON(size + offset > PAGE_SIZE<<compound_order(page));
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
meta = npo->meta + npo->meta_prod - 1;
|
|
|
|
|
2012-10-10 11:48:42 +08:00
|
|
|
/* Skip unused frames from start of page */
|
|
|
|
page += offset >> PAGE_SHIFT;
|
|
|
|
offset &= ~PAGE_MASK;
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
while (size > 0) {
|
2012-10-10 11:48:42 +08:00
|
|
|
BUG_ON(offset >= PAGE_SIZE);
|
2011-03-15 08:06:18 +08:00
|
|
|
BUG_ON(npo->copy_off > MAX_BUFFER_OFFSET);
|
|
|
|
|
2012-10-10 11:48:42 +08:00
|
|
|
bytes = PAGE_SIZE - offset;
|
|
|
|
|
|
|
|
if (bytes > size)
|
|
|
|
bytes = size;
|
|
|
|
|
2013-10-08 17:54:21 +08:00
|
|
|
if (start_new_rx_buffer(npo->copy_off, bytes, *head)) {
|
2011-03-15 08:06:18 +08:00
|
|
|
/*
|
|
|
|
* Netfront requires there to be some data in the head
|
|
|
|
* buffer.
|
|
|
|
*/
|
2013-10-08 17:54:21 +08:00
|
|
|
BUG_ON(*head);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
meta = get_next_rx_buffer(vif, npo);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (npo->copy_off + bytes > MAX_BUFFER_OFFSET)
|
|
|
|
bytes = MAX_BUFFER_OFFSET - npo->copy_off;
|
|
|
|
|
|
|
|
copy_gop = npo->copy + npo->copy_prod++;
|
|
|
|
copy_gop->flags = GNTCOPY_dest_gref;
|
2013-08-26 19:59:38 +08:00
|
|
|
copy_gop->len = bytes;
|
|
|
|
|
2013-08-26 19:59:37 +08:00
|
|
|
copy_gop->source.domid = DOMID_SELF;
|
|
|
|
copy_gop->source.u.gmfn = virt_to_mfn(page_address(page));
|
2011-03-15 08:06:18 +08:00
|
|
|
copy_gop->source.offset = offset;
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
copy_gop->dest.domid = vif->domid;
|
2011-03-15 08:06:18 +08:00
|
|
|
copy_gop->dest.offset = npo->copy_off;
|
|
|
|
copy_gop->dest.u.ref = npo->copy_gref;
|
|
|
|
|
|
|
|
npo->copy_off += bytes;
|
|
|
|
meta->size += bytes;
|
|
|
|
|
|
|
|
offset += bytes;
|
|
|
|
size -= bytes;
|
|
|
|
|
2012-10-10 11:48:42 +08:00
|
|
|
/* Next frame */
|
|
|
|
if (offset == PAGE_SIZE && size) {
|
|
|
|
BUG_ON(!PageCompound(page));
|
|
|
|
page++;
|
|
|
|
offset = 0;
|
|
|
|
}
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
/* Leave a gap for the GSO descriptor. */
|
2014-03-10 22:58:34 +08:00
|
|
|
if (skb_is_gso(skb)) {
|
|
|
|
if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4)
|
|
|
|
gso_type = XEN_NETIF_GSO_TYPE_TCPV4;
|
|
|
|
else if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6)
|
|
|
|
gso_type = XEN_NETIF_GSO_TYPE_TCPV6;
|
|
|
|
}
|
2013-10-17 00:50:32 +08:00
|
|
|
|
|
|
|
if (*head && ((1 << gso_type) & vif->gso_mask))
|
2011-03-15 08:06:18 +08:00
|
|
|
vif->rx.req_cons++;
|
|
|
|
|
2013-10-08 17:54:21 +08:00
|
|
|
*head = 0; /* There must be something in this buffer now. */
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Prepare an SKB to be transmitted to the frontend.
|
|
|
|
*
|
|
|
|
* This function is responsible for allocating grant operations, meta
|
|
|
|
* structures, etc.
|
|
|
|
*
|
|
|
|
* It returns the number of meta structures consumed. The number of
|
|
|
|
* ring slots used is always equal to the number of meta slots used
|
|
|
|
* plus the number of GSO descriptors used. Currently, we use either
|
|
|
|
* zero GSO descriptors (for non-GSO packets) or one descriptor (for
|
|
|
|
* frontend-side LRO).
|
|
|
|
*/
|
2013-08-26 19:59:39 +08:00
|
|
|
static int xenvif_gop_skb(struct sk_buff *skb,
|
|
|
|
struct netrx_pending_operations *npo)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
struct xenvif *vif = netdev_priv(skb->dev);
|
|
|
|
int nr_frags = skb_shinfo(skb)->nr_frags;
|
|
|
|
int i;
|
|
|
|
struct xen_netif_rx_request *req;
|
2013-08-26 19:59:38 +08:00
|
|
|
struct xenvif_rx_meta *meta;
|
2011-03-15 08:06:18 +08:00
|
|
|
unsigned char *data;
|
2013-10-08 17:54:21 +08:00
|
|
|
int head = 1;
|
2011-03-15 08:06:18 +08:00
|
|
|
int old_meta_prod;
|
2013-10-17 00:50:32 +08:00
|
|
|
int gso_type;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
old_meta_prod = npo->meta_prod;
|
|
|
|
|
2014-03-10 22:58:34 +08:00
|
|
|
gso_type = XEN_NETIF_GSO_TYPE_NONE;
|
|
|
|
if (skb_is_gso(skb)) {
|
|
|
|
if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4)
|
|
|
|
gso_type = XEN_NETIF_GSO_TYPE_TCPV4;
|
|
|
|
else if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6)
|
|
|
|
gso_type = XEN_NETIF_GSO_TYPE_TCPV6;
|
2013-10-17 00:50:32 +08:00
|
|
|
}
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
/* Set up a GSO prefix descriptor, if necessary */
|
2013-12-12 22:20:13 +08:00
|
|
|
if ((1 << gso_type) & vif->gso_prefix_mask) {
|
2011-03-15 08:06:18 +08:00
|
|
|
req = RING_GET_REQUEST(&vif->rx, vif->rx.req_cons++);
|
|
|
|
meta = npo->meta + npo->meta_prod++;
|
2013-10-17 00:50:32 +08:00
|
|
|
meta->gso_type = gso_type;
|
2014-03-10 22:58:34 +08:00
|
|
|
meta->gso_size = skb_shinfo(skb)->gso_size;
|
2011-03-15 08:06:18 +08:00
|
|
|
meta->size = 0;
|
|
|
|
meta->id = req->id;
|
|
|
|
}
|
|
|
|
|
|
|
|
req = RING_GET_REQUEST(&vif->rx, vif->rx.req_cons++);
|
|
|
|
meta = npo->meta + npo->meta_prod++;
|
|
|
|
|
2013-10-17 00:50:32 +08:00
|
|
|
if ((1 << gso_type) & vif->gso_mask) {
|
|
|
|
meta->gso_type = gso_type;
|
2014-03-10 22:58:34 +08:00
|
|
|
meta->gso_size = skb_shinfo(skb)->gso_size;
|
2013-10-17 00:50:32 +08:00
|
|
|
} else {
|
|
|
|
meta->gso_type = XEN_NETIF_GSO_TYPE_NONE;
|
2011-03-15 08:06:18 +08:00
|
|
|
meta->gso_size = 0;
|
2013-10-17 00:50:32 +08:00
|
|
|
}
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
meta->size = 0;
|
|
|
|
meta->id = req->id;
|
|
|
|
npo->copy_off = 0;
|
|
|
|
npo->copy_gref = req->gref;
|
|
|
|
|
|
|
|
data = skb->data;
|
|
|
|
while (data < skb_tail_pointer(skb)) {
|
|
|
|
unsigned int offset = offset_in_page(data);
|
|
|
|
unsigned int len = PAGE_SIZE - offset;
|
|
|
|
|
|
|
|
if (data + len > skb_tail_pointer(skb))
|
|
|
|
len = skb_tail_pointer(skb) - data;
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_gop_frag_copy(vif, skb, npo,
|
2013-10-08 17:54:21 +08:00
|
|
|
virt_to_page(data), len, offset, &head);
|
2011-03-15 08:06:18 +08:00
|
|
|
data += len;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; i < nr_frags; i++) {
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_gop_frag_copy(vif, skb, npo,
|
|
|
|
skb_frag_page(&skb_shinfo(skb)->frags[i]),
|
|
|
|
skb_frag_size(&skb_shinfo(skb)->frags[i]),
|
|
|
|
skb_shinfo(skb)->frags[i].page_offset,
|
2013-10-08 17:54:21 +08:00
|
|
|
&head);
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return npo->meta_prod - old_meta_prod;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2013-08-26 19:59:39 +08:00
|
|
|
* This is a twin to xenvif_gop_skb. Assume that xenvif_gop_skb was
|
2011-03-15 08:06:18 +08:00
|
|
|
* used to set up the operations on the top of
|
|
|
|
* netrx_pending_operations, which have since been done. Check that
|
|
|
|
* they didn't give any errors and advance over them.
|
|
|
|
*/
|
2013-08-26 19:59:39 +08:00
|
|
|
static int xenvif_check_gop(struct xenvif *vif, int nr_meta_slots,
|
|
|
|
struct netrx_pending_operations *npo)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
struct gnttab_copy *copy_op;
|
|
|
|
int status = XEN_NETIF_RSP_OKAY;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < nr_meta_slots; i++) {
|
|
|
|
copy_op = npo->copy + npo->copy_cons++;
|
|
|
|
if (copy_op->status != GNTST_okay) {
|
|
|
|
netdev_dbg(vif->dev,
|
|
|
|
"Bad status %d from copy to DOM%d.\n",
|
|
|
|
copy_op->status, vif->domid);
|
|
|
|
status = XEN_NETIF_RSP_ERROR;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
static void xenvif_add_frag_responses(struct xenvif *vif, int status,
|
|
|
|
struct xenvif_rx_meta *meta,
|
|
|
|
int nr_meta_slots)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
int i;
|
|
|
|
unsigned long offset;
|
|
|
|
|
|
|
|
/* No fragments used */
|
|
|
|
if (nr_meta_slots <= 1)
|
|
|
|
return;
|
|
|
|
|
|
|
|
nr_meta_slots--;
|
|
|
|
|
|
|
|
for (i = 0; i < nr_meta_slots; i++) {
|
|
|
|
int flags;
|
|
|
|
if (i == nr_meta_slots - 1)
|
|
|
|
flags = 0;
|
|
|
|
else
|
|
|
|
flags = XEN_NETRXF_more_data;
|
|
|
|
|
|
|
|
offset = 0;
|
|
|
|
make_rx_response(vif, meta[i].id, status, offset,
|
|
|
|
meta[i].size, flags);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-10-08 17:54:21 +08:00
|
|
|
struct skb_cb_overlay {
|
|
|
|
int meta_slots_used;
|
|
|
|
};
|
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
void xenvif_kick_thread(struct xenvif *vif)
|
2013-08-26 19:59:38 +08:00
|
|
|
{
|
|
|
|
wake_up(&vif->wq);
|
|
|
|
}
|
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
static void xenvif_rx_action(struct xenvif *vif)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
s8 status;
|
2013-05-22 14:34:45 +08:00
|
|
|
u16 flags;
|
2011-03-15 08:06:18 +08:00
|
|
|
struct xen_netif_rx_response *resp;
|
|
|
|
struct sk_buff_head rxq;
|
|
|
|
struct sk_buff *skb;
|
|
|
|
LIST_HEAD(notify);
|
|
|
|
int ret;
|
|
|
|
unsigned long offset;
|
|
|
|
struct skb_cb_overlay *sco;
|
2014-01-08 20:41:58 +08:00
|
|
|
bool need_to_notify = false;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
struct netrx_pending_operations npo = {
|
2013-08-26 19:59:38 +08:00
|
|
|
.copy = vif->grant_copy_op,
|
|
|
|
.meta = vif->meta,
|
2011-03-15 08:06:18 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
skb_queue_head_init(&rxq);
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
while ((skb = skb_dequeue(&vif->rx_queue)) != NULL) {
|
2014-02-05 03:54:37 +08:00
|
|
|
RING_IDX max_slots_needed;
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
int i;
|
|
|
|
|
|
|
|
/* We need a cheap worse case estimate for the number of
|
|
|
|
* slots we'll use.
|
|
|
|
*/
|
|
|
|
|
|
|
|
max_slots_needed = DIV_ROUND_UP(offset_in_page(skb->data) +
|
|
|
|
skb_headlen(skb),
|
|
|
|
PAGE_SIZE);
|
|
|
|
for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
|
|
|
|
unsigned int size;
|
2014-03-28 19:39:06 +08:00
|
|
|
unsigned int offset;
|
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
size = skb_frag_size(&skb_shinfo(skb)->frags[i]);
|
2014-03-28 19:39:06 +08:00
|
|
|
offset = skb_shinfo(skb)->frags[i].page_offset;
|
|
|
|
|
|
|
|
/* For a worse-case estimate we need to factor in
|
|
|
|
* the fragment page offset as this will affect the
|
|
|
|
* number of times xenvif_gop_frag_copy() will
|
|
|
|
* call start_new_rx_buffer().
|
|
|
|
*/
|
|
|
|
max_slots_needed += DIV_ROUND_UP(offset + size,
|
|
|
|
PAGE_SIZE);
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
}
|
2014-03-28 19:39:06 +08:00
|
|
|
|
|
|
|
/* To avoid the estimate becoming too pessimal for some
|
|
|
|
* frontends that limit posted rx requests, cap the estimate
|
|
|
|
* at MAX_SKB_FRAGS.
|
|
|
|
*/
|
|
|
|
if (max_slots_needed > MAX_SKB_FRAGS)
|
|
|
|
max_slots_needed = MAX_SKB_FRAGS;
|
|
|
|
|
|
|
|
/* We may need one more slot for GSO metadata */
|
2014-03-10 22:58:34 +08:00
|
|
|
if (skb_is_gso(skb) &&
|
|
|
|
(skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4 ||
|
|
|
|
skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6))
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
max_slots_needed++;
|
|
|
|
|
|
|
|
/* If the skb may not fit then bail out now */
|
|
|
|
if (!xenvif_rx_ring_slots_available(vif, max_slots_needed)) {
|
|
|
|
skb_queue_head(&vif->rx_queue, skb);
|
2014-01-08 20:41:58 +08:00
|
|
|
need_to_notify = true;
|
2014-02-05 03:54:37 +08:00
|
|
|
vif->rx_last_skb_slots = max_slots_needed;
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
break;
|
2014-02-05 03:54:37 +08:00
|
|
|
} else
|
|
|
|
vif->rx_last_skb_slots = 0;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
sco = (struct skb_cb_overlay *)skb->cb;
|
2013-08-26 19:59:39 +08:00
|
|
|
sco->meta_slots_used = xenvif_gop_skb(skb, &npo);
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
BUG_ON(sco->meta_slots_used > max_slots_needed);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
__skb_queue_tail(&rxq, skb);
|
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
BUG_ON(npo.meta_prod > ARRAY_SIZE(vif->meta));
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
if (!npo.copy_prod)
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
goto done;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-12-23 17:27:17 +08:00
|
|
|
BUG_ON(npo.copy_prod > MAX_GRANT_COPY_OPS);
|
2013-08-26 19:59:38 +08:00
|
|
|
gnttab_batch_copy(vif->grant_copy_op, npo.copy_prod);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
while ((skb = __skb_dequeue(&rxq)) != NULL) {
|
|
|
|
sco = (struct skb_cb_overlay *)skb->cb;
|
|
|
|
|
2013-10-17 00:50:32 +08:00
|
|
|
if ((1 << vif->meta[npo.meta_cons].gso_type) &
|
|
|
|
vif->gso_prefix_mask) {
|
2011-03-15 08:06:18 +08:00
|
|
|
resp = RING_GET_RESPONSE(&vif->rx,
|
2013-08-26 19:59:38 +08:00
|
|
|
vif->rx.rsp_prod_pvt++);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
resp->flags = XEN_NETRXF_gso_prefix | XEN_NETRXF_more_data;
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
resp->offset = vif->meta[npo.meta_cons].gso_size;
|
|
|
|
resp->id = vif->meta[npo.meta_cons].id;
|
2011-03-15 08:06:18 +08:00
|
|
|
resp->status = sco->meta_slots_used;
|
|
|
|
|
|
|
|
npo.meta_cons++;
|
|
|
|
sco->meta_slots_used--;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
vif->dev->stats.tx_bytes += skb->len;
|
|
|
|
vif->dev->stats.tx_packets++;
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
status = xenvif_check_gop(vif, sco->meta_slots_used, &npo);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
if (sco->meta_slots_used == 1)
|
|
|
|
flags = 0;
|
|
|
|
else
|
|
|
|
flags = XEN_NETRXF_more_data;
|
|
|
|
|
|
|
|
if (skb->ip_summed == CHECKSUM_PARTIAL) /* local packet? */
|
|
|
|
flags |= XEN_NETRXF_csum_blank | XEN_NETRXF_data_validated;
|
|
|
|
else if (skb->ip_summed == CHECKSUM_UNNECESSARY)
|
|
|
|
/* remote but checksummed. */
|
|
|
|
flags |= XEN_NETRXF_data_validated;
|
|
|
|
|
|
|
|
offset = 0;
|
2013-08-26 19:59:38 +08:00
|
|
|
resp = make_rx_response(vif, vif->meta[npo.meta_cons].id,
|
2011-03-15 08:06:18 +08:00
|
|
|
status, offset,
|
2013-08-26 19:59:38 +08:00
|
|
|
vif->meta[npo.meta_cons].size,
|
2011-03-15 08:06:18 +08:00
|
|
|
flags);
|
|
|
|
|
2013-10-17 00:50:32 +08:00
|
|
|
if ((1 << vif->meta[npo.meta_cons].gso_type) &
|
|
|
|
vif->gso_mask) {
|
2011-03-15 08:06:18 +08:00
|
|
|
struct xen_netif_extra_info *gso =
|
|
|
|
(struct xen_netif_extra_info *)
|
|
|
|
RING_GET_RESPONSE(&vif->rx,
|
|
|
|
vif->rx.rsp_prod_pvt++);
|
|
|
|
|
|
|
|
resp->flags |= XEN_NETRXF_extra_info;
|
|
|
|
|
2013-10-17 00:50:32 +08:00
|
|
|
gso->u.gso.type = vif->meta[npo.meta_cons].gso_type;
|
2013-08-26 19:59:38 +08:00
|
|
|
gso->u.gso.size = vif->meta[npo.meta_cons].gso_size;
|
2011-03-15 08:06:18 +08:00
|
|
|
gso->u.gso.pad = 0;
|
|
|
|
gso->u.gso.features = 0;
|
|
|
|
|
|
|
|
gso->type = XEN_NETIF_EXTRA_TYPE_GSO;
|
|
|
|
gso->flags = 0;
|
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_add_frag_responses(vif, status,
|
|
|
|
vif->meta + npo.meta_cons + 1,
|
|
|
|
sco->meta_slots_used);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&vif->rx, ret);
|
|
|
|
|
2014-01-08 20:41:58 +08:00
|
|
|
need_to_notify |= !!ret;
|
2013-08-26 19:59:38 +08:00
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
npo.meta_cons += sco->meta_slots_used;
|
|
|
|
dev_kfree_skb(skb);
|
|
|
|
}
|
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
done:
|
2013-08-26 19:59:38 +08:00
|
|
|
if (need_to_notify)
|
2013-05-22 14:34:45 +08:00
|
|
|
notify_remote_via_irq(vif->rx_irq);
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
void xenvif_check_rx_xenvif(struct xenvif *vif)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
int more_to_do;
|
|
|
|
|
|
|
|
RING_FINAL_CHECK_FOR_REQUESTS(&vif->tx, more_to_do);
|
|
|
|
|
|
|
|
if (more_to_do)
|
2013-08-26 19:59:38 +08:00
|
|
|
napi_schedule(&vif->napi);
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void tx_add_credit(struct xenvif *vif)
|
|
|
|
{
|
|
|
|
unsigned long max_burst, max_credit;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Allow a burst big enough to transmit a jumbo packet of up to 128kB.
|
|
|
|
* Otherwise the interface can seize up due to insufficient credit.
|
|
|
|
*/
|
|
|
|
max_burst = RING_GET_REQUEST(&vif->tx, vif->tx.req_cons)->size;
|
|
|
|
max_burst = min(max_burst, 131072UL);
|
|
|
|
max_burst = max(max_burst, vif->credit_bytes);
|
|
|
|
|
|
|
|
/* Take care that adding a new chunk of credit doesn't wrap to zero. */
|
|
|
|
max_credit = vif->remaining_credit + vif->credit_bytes;
|
|
|
|
if (max_credit < vif->remaining_credit)
|
|
|
|
max_credit = ULONG_MAX; /* wrapped: clamp to ULONG_MAX */
|
|
|
|
|
|
|
|
vif->remaining_credit = min(max_credit, max_burst);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void tx_credit_callback(unsigned long data)
|
|
|
|
{
|
|
|
|
struct xenvif *vif = (struct xenvif *)data;
|
|
|
|
tx_add_credit(vif);
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_check_rx_xenvif(vif);
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
static void xenvif_tx_err(struct xenvif *vif,
|
|
|
|
struct xen_netif_tx_request *txp, RING_IDX end)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
RING_IDX cons = vif->tx.req_cons;
|
|
|
|
|
|
|
|
do {
|
|
|
|
make_tx_response(vif, txp, XEN_NETIF_RSP_ERROR);
|
2013-02-07 07:41:38 +08:00
|
|
|
if (cons == end)
|
2011-03-15 08:06:18 +08:00
|
|
|
break;
|
|
|
|
txp = RING_GET_REQUEST(&vif->tx, cons++);
|
|
|
|
} while (1);
|
|
|
|
vif->tx.req_cons = cons;
|
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
static void xenvif_fatal_tx_err(struct xenvif *vif)
|
2013-02-07 07:41:35 +08:00
|
|
|
{
|
|
|
|
netdev_err(vif->dev, "fatal error; disabling device\n");
|
|
|
|
xenvif_carrier_off(vif);
|
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
static int xenvif_count_requests(struct xenvif *vif,
|
|
|
|
struct xen_netif_tx_request *first,
|
|
|
|
struct xen_netif_tx_request *txp,
|
|
|
|
int work_to_do)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
RING_IDX cons = vif->tx.req_cons;
|
2013-04-22 10:20:42 +08:00
|
|
|
int slots = 0;
|
|
|
|
int drop_err = 0;
|
2013-05-02 08:43:58 +08:00
|
|
|
int more_data;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
if (!(first->flags & XEN_NETTXF_more_data))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
do {
|
2013-05-02 08:43:58 +08:00
|
|
|
struct xen_netif_tx_request dropped_tx = { 0 };
|
|
|
|
|
2013-04-22 10:20:42 +08:00
|
|
|
if (slots >= work_to_do) {
|
|
|
|
netdev_err(vif->dev,
|
|
|
|
"Asked for %d slots but exceeds this limit\n",
|
|
|
|
work_to_do);
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_fatal_tx_err(vif);
|
2013-02-14 11:18:57 +08:00
|
|
|
return -ENODATA;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-04-22 10:20:42 +08:00
|
|
|
/* This guest is really using too many slots and
|
|
|
|
* considered malicious.
|
|
|
|
*/
|
2013-05-02 08:43:59 +08:00
|
|
|
if (unlikely(slots >= fatal_skb_slots)) {
|
2013-04-22 10:20:42 +08:00
|
|
|
netdev_err(vif->dev,
|
|
|
|
"Malicious frontend using %d slots, threshold %u\n",
|
2013-05-02 08:43:59 +08:00
|
|
|
slots, fatal_skb_slots);
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_fatal_tx_err(vif);
|
2013-02-14 11:18:57 +08:00
|
|
|
return -E2BIG;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-04-22 10:20:42 +08:00
|
|
|
/* Xen network protocol had implicit dependency on
|
2013-05-02 08:43:59 +08:00
|
|
|
* MAX_SKB_FRAGS. XEN_NETBK_LEGACY_SLOTS_MAX is set to
|
|
|
|
* the historical MAX_SKB_FRAGS value 18 to honor the
|
|
|
|
* same behavior as before. Any packet using more than
|
|
|
|
* 18 slots but less than fatal_skb_slots slots is
|
|
|
|
* dropped
|
2013-04-22 10:20:42 +08:00
|
|
|
*/
|
2013-05-02 08:43:59 +08:00
|
|
|
if (!drop_err && slots >= XEN_NETBK_LEGACY_SLOTS_MAX) {
|
2013-04-22 10:20:42 +08:00
|
|
|
if (net_ratelimit())
|
|
|
|
netdev_dbg(vif->dev,
|
|
|
|
"Too many slots (%d) exceeding limit (%d), dropping packet\n",
|
2013-05-02 08:43:59 +08:00
|
|
|
slots, XEN_NETBK_LEGACY_SLOTS_MAX);
|
2013-04-22 10:20:42 +08:00
|
|
|
drop_err = -E2BIG;
|
|
|
|
}
|
|
|
|
|
2013-05-02 08:43:58 +08:00
|
|
|
if (drop_err)
|
|
|
|
txp = &dropped_tx;
|
|
|
|
|
2013-04-22 10:20:42 +08:00
|
|
|
memcpy(txp, RING_GET_REQUEST(&vif->tx, cons + slots),
|
2011-03-15 08:06:18 +08:00
|
|
|
sizeof(*txp));
|
2013-04-22 10:20:43 +08:00
|
|
|
|
|
|
|
/* If the guest submitted a frame >= 64 KiB then
|
|
|
|
* first->size overflowed and following slots will
|
|
|
|
* appear to be larger than the frame.
|
|
|
|
*
|
|
|
|
* This cannot be fatal error as there are buggy
|
|
|
|
* frontends that do this.
|
|
|
|
*
|
|
|
|
* Consume all slots and drop the packet.
|
|
|
|
*/
|
|
|
|
if (!drop_err && txp->size > first->size) {
|
|
|
|
if (net_ratelimit())
|
|
|
|
netdev_dbg(vif->dev,
|
|
|
|
"Invalid tx request, slot size %u > remaining size %u\n",
|
|
|
|
txp->size, first->size);
|
|
|
|
drop_err = -EIO;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
first->size -= txp->size;
|
2013-04-22 10:20:42 +08:00
|
|
|
slots++;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
if (unlikely((txp->offset + txp->size) > PAGE_SIZE)) {
|
2013-04-22 10:20:42 +08:00
|
|
|
netdev_err(vif->dev, "Cross page boundary, txp->offset: %x, size: %u\n",
|
2011-03-15 08:06:18 +08:00
|
|
|
txp->offset, txp->size);
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_fatal_tx_err(vif);
|
2013-02-14 11:18:57 +08:00
|
|
|
return -EINVAL;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
2013-05-02 08:43:58 +08:00
|
|
|
|
|
|
|
more_data = txp->flags & XEN_NETTXF_more_data;
|
|
|
|
|
|
|
|
if (!drop_err)
|
|
|
|
txp++;
|
|
|
|
|
|
|
|
} while (more_data);
|
2013-04-22 10:20:42 +08:00
|
|
|
|
|
|
|
if (drop_err) {
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_tx_err(vif, first, cons + slots);
|
2013-04-22 10:20:42 +08:00
|
|
|
return drop_err;
|
|
|
|
}
|
|
|
|
|
|
|
|
return slots;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
static struct page *xenvif_alloc_page(struct xenvif *vif,
|
|
|
|
u16 pending_idx)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
struct page *page;
|
2013-08-26 19:59:38 +08:00
|
|
|
|
|
|
|
page = alloc_page(GFP_ATOMIC|__GFP_COLD);
|
2011-03-15 08:06:18 +08:00
|
|
|
if (!page)
|
|
|
|
return NULL;
|
2013-08-26 19:59:38 +08:00
|
|
|
vif->mmap_pages[pending_idx] = page;
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
return page;
|
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
static struct gnttab_copy *xenvif_get_requests(struct xenvif *vif,
|
|
|
|
struct sk_buff *skb,
|
|
|
|
struct xen_netif_tx_request *txp,
|
|
|
|
struct gnttab_copy *gop)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
struct skb_shared_info *shinfo = skb_shinfo(skb);
|
|
|
|
skb_frag_t *frags = shinfo->frags;
|
2011-10-05 08:28:46 +08:00
|
|
|
u16 pending_idx = *((u16 *)skb->data);
|
2013-04-22 10:20:42 +08:00
|
|
|
u16 head_idx = 0;
|
|
|
|
int slot, start;
|
|
|
|
struct page *page;
|
|
|
|
pending_ring_idx_t index, start_idx = 0;
|
|
|
|
uint16_t dst_offset;
|
|
|
|
unsigned int nr_slots;
|
|
|
|
struct pending_tx_info *first = NULL;
|
|
|
|
|
|
|
|
/* At this point shinfo->nr_frags is in fact the number of
|
2013-05-02 08:43:59 +08:00
|
|
|
* slots, which can be as large as XEN_NETBK_LEGACY_SLOTS_MAX.
|
2013-04-22 10:20:42 +08:00
|
|
|
*/
|
|
|
|
nr_slots = shinfo->nr_frags;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
/* Skip first skb fragment if it is on same page as header fragment. */
|
2011-10-05 08:28:46 +08:00
|
|
|
start = (frag_get_pending_idx(&shinfo->frags[0]) == pending_idx);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-04-22 10:20:42 +08:00
|
|
|
/* Coalesce tx requests, at this point the packet passed in
|
|
|
|
* should be <= 64K. Any packets larger than 64K have been
|
2013-08-26 19:59:39 +08:00
|
|
|
* handled in xenvif_count_requests().
|
2013-04-22 10:20:42 +08:00
|
|
|
*/
|
|
|
|
for (shinfo->nr_frags = slot = start; slot < nr_slots;
|
|
|
|
shinfo->nr_frags++) {
|
2011-03-15 08:06:18 +08:00
|
|
|
struct pending_tx_info *pending_tx_info =
|
2013-08-26 19:59:38 +08:00
|
|
|
vif->pending_tx_info;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
page = alloc_page(GFP_ATOMIC|__GFP_COLD);
|
2011-03-15 08:06:18 +08:00
|
|
|
if (!page)
|
2013-02-07 07:41:37 +08:00
|
|
|
goto err;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-04-22 10:20:42 +08:00
|
|
|
dst_offset = 0;
|
|
|
|
first = NULL;
|
|
|
|
while (dst_offset < PAGE_SIZE && slot < nr_slots) {
|
|
|
|
gop->flags = GNTCOPY_source_gref;
|
|
|
|
|
|
|
|
gop->source.u.ref = txp->gref;
|
|
|
|
gop->source.domid = vif->domid;
|
|
|
|
gop->source.offset = txp->offset;
|
|
|
|
|
|
|
|
gop->dest.domid = DOMID_SELF;
|
|
|
|
|
|
|
|
gop->dest.offset = dst_offset;
|
|
|
|
gop->dest.u.gmfn = virt_to_mfn(page_address(page));
|
|
|
|
|
|
|
|
if (dst_offset + txp->size > PAGE_SIZE) {
|
|
|
|
/* This page can only merge a portion
|
|
|
|
* of tx request. Do not increment any
|
|
|
|
* pointer / counter here. The txp
|
|
|
|
* will be dealt with in future
|
|
|
|
* rounds, eventually hitting the
|
|
|
|
* `else` branch.
|
|
|
|
*/
|
|
|
|
gop->len = PAGE_SIZE - dst_offset;
|
|
|
|
txp->offset += gop->len;
|
|
|
|
txp->size -= gop->len;
|
|
|
|
dst_offset += gop->len; /* quit loop */
|
|
|
|
} else {
|
|
|
|
/* This tx request can be merged in the page */
|
|
|
|
gop->len = txp->size;
|
|
|
|
dst_offset += gop->len;
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
index = pending_index(vif->pending_cons++);
|
2013-04-22 10:20:42 +08:00
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
pending_idx = vif->pending_ring[index];
|
2013-04-22 10:20:42 +08:00
|
|
|
|
|
|
|
memcpy(&pending_tx_info[pending_idx].req, txp,
|
|
|
|
sizeof(*txp));
|
|
|
|
|
|
|
|
/* Poison these fields, corresponding
|
|
|
|
* fields for head tx req will be set
|
|
|
|
* to correct values after the loop.
|
|
|
|
*/
|
2013-08-26 19:59:38 +08:00
|
|
|
vif->mmap_pages[pending_idx] = (void *)(~0UL);
|
2013-04-22 10:20:42 +08:00
|
|
|
pending_tx_info[pending_idx].head =
|
|
|
|
INVALID_PENDING_RING_IDX;
|
|
|
|
|
|
|
|
if (!first) {
|
|
|
|
first = &pending_tx_info[pending_idx];
|
|
|
|
start_idx = index;
|
|
|
|
head_idx = pending_idx;
|
|
|
|
}
|
|
|
|
|
|
|
|
txp++;
|
|
|
|
slot++;
|
|
|
|
}
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-04-22 10:20:42 +08:00
|
|
|
gop++;
|
|
|
|
}
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-04-22 10:20:42 +08:00
|
|
|
first->req.offset = 0;
|
|
|
|
first->req.size = dst_offset;
|
|
|
|
first->head = start_idx;
|
2013-08-26 19:59:38 +08:00
|
|
|
vif->mmap_pages[head_idx] = page;
|
2013-04-22 10:20:42 +08:00
|
|
|
frag_set_pending_idx(&frags[shinfo->nr_frags], head_idx);
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-04-22 10:20:42 +08:00
|
|
|
BUG_ON(shinfo->nr_frags > MAX_SKB_FRAGS);
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
return gop;
|
2013-02-07 07:41:37 +08:00
|
|
|
err:
|
|
|
|
/* Unwind, freeing all pages and sending error responses. */
|
2013-04-22 10:20:42 +08:00
|
|
|
while (shinfo->nr_frags-- > start) {
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_idx_release(vif,
|
2013-04-22 10:20:42 +08:00
|
|
|
frag_get_pending_idx(&frags[shinfo->nr_frags]),
|
|
|
|
XEN_NETIF_RSP_ERROR);
|
2013-02-07 07:41:37 +08:00
|
|
|
}
|
|
|
|
/* The head too, if necessary. */
|
|
|
|
if (start)
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_idx_release(vif, pending_idx, XEN_NETIF_RSP_ERROR);
|
2013-02-07 07:41:37 +08:00
|
|
|
|
|
|
|
return NULL;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
static int xenvif_tx_check_gop(struct xenvif *vif,
|
|
|
|
struct sk_buff *skb,
|
|
|
|
struct gnttab_copy **gopp)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
struct gnttab_copy *gop = *gopp;
|
2011-10-05 08:28:46 +08:00
|
|
|
u16 pending_idx = *((u16 *)skb->data);
|
2011-03-15 08:06:18 +08:00
|
|
|
struct skb_shared_info *shinfo = skb_shinfo(skb);
|
2013-04-22 10:20:42 +08:00
|
|
|
struct pending_tx_info *tx_info;
|
2011-03-15 08:06:18 +08:00
|
|
|
int nr_frags = shinfo->nr_frags;
|
|
|
|
int i, err, start;
|
2013-04-22 10:20:42 +08:00
|
|
|
u16 peek; /* peek into next tx request */
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
/* Check status of header. */
|
|
|
|
err = gop->status;
|
2013-02-07 07:41:36 +08:00
|
|
|
if (unlikely(err))
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_idx_release(vif, pending_idx, XEN_NETIF_RSP_ERROR);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
/* Skip first skb fragment if it is on same page as header fragment. */
|
2011-10-05 08:28:46 +08:00
|
|
|
start = (frag_get_pending_idx(&shinfo->frags[0]) == pending_idx);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
for (i = start; i < nr_frags; i++) {
|
|
|
|
int j, newerr;
|
2013-04-22 10:20:42 +08:00
|
|
|
pending_ring_idx_t head;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2011-10-05 08:28:46 +08:00
|
|
|
pending_idx = frag_get_pending_idx(&shinfo->frags[i]);
|
2013-08-26 19:59:38 +08:00
|
|
|
tx_info = &vif->pending_tx_info[pending_idx];
|
2013-04-22 10:20:42 +08:00
|
|
|
head = tx_info->head;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
/* Check error status: if okay then remember grant handle. */
|
2013-04-22 10:20:42 +08:00
|
|
|
do {
|
|
|
|
newerr = (++gop)->status;
|
|
|
|
if (newerr)
|
|
|
|
break;
|
2013-08-26 19:59:38 +08:00
|
|
|
peek = vif->pending_ring[pending_index(++head)];
|
|
|
|
} while (!pending_tx_is_head(vif, peek));
|
2013-04-22 10:20:42 +08:00
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
if (likely(!newerr)) {
|
|
|
|
/* Had a previous error? Invalidate this fragment. */
|
|
|
|
if (unlikely(err))
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_idx_release(vif, pending_idx,
|
|
|
|
XEN_NETIF_RSP_OKAY);
|
2011-03-15 08:06:18 +08:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Error on this fragment: respond to client with an error. */
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_idx_release(vif, pending_idx, XEN_NETIF_RSP_ERROR);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
/* Not the first error? Preceding frags already invalidated. */
|
|
|
|
if (err)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/* First error: invalidate header and preceding fragments. */
|
|
|
|
pending_idx = *((u16 *)skb->data);
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_idx_release(vif, pending_idx, XEN_NETIF_RSP_OKAY);
|
2011-03-15 08:06:18 +08:00
|
|
|
for (j = start; j < i; j++) {
|
2011-11-18 13:42:05 +08:00
|
|
|
pending_idx = frag_get_pending_idx(&shinfo->frags[j]);
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_idx_release(vif, pending_idx,
|
|
|
|
XEN_NETIF_RSP_OKAY);
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Remember the error: invalidate all subsequent fragments. */
|
|
|
|
err = newerr;
|
|
|
|
}
|
|
|
|
|
|
|
|
*gopp = gop + 1;
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
static void xenvif_fill_frags(struct xenvif *vif, struct sk_buff *skb)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
struct skb_shared_info *shinfo = skb_shinfo(skb);
|
|
|
|
int nr_frags = shinfo->nr_frags;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < nr_frags; i++) {
|
|
|
|
skb_frag_t *frag = shinfo->frags + i;
|
|
|
|
struct xen_netif_tx_request *txp;
|
2011-10-05 08:28:46 +08:00
|
|
|
struct page *page;
|
|
|
|
u16 pending_idx;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2011-10-05 08:28:46 +08:00
|
|
|
pending_idx = frag_get_pending_idx(frag);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
txp = &vif->pending_tx_info[pending_idx].req;
|
|
|
|
page = virt_to_page(idx_to_kaddr(vif, pending_idx));
|
2011-10-05 08:28:46 +08:00
|
|
|
__skb_fill_page_desc(skb, i, page, txp->offset, txp->size);
|
2011-03-15 08:06:18 +08:00
|
|
|
skb->len += txp->size;
|
|
|
|
skb->data_len += txp->size;
|
|
|
|
skb->truesize += txp->size;
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
/* Take an extra reference to offset xenvif_idx_release */
|
2013-08-26 19:59:38 +08:00
|
|
|
get_page(vif->mmap_pages[pending_idx]);
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_idx_release(vif, pending_idx, XEN_NETIF_RSP_OKAY);
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
static int xenvif_get_extras(struct xenvif *vif,
|
2011-03-15 08:06:18 +08:00
|
|
|
struct xen_netif_extra_info *extras,
|
|
|
|
int work_to_do)
|
|
|
|
{
|
|
|
|
struct xen_netif_extra_info extra;
|
|
|
|
RING_IDX cons = vif->tx.req_cons;
|
|
|
|
|
|
|
|
do {
|
|
|
|
if (unlikely(work_to_do-- <= 0)) {
|
2013-02-07 07:41:35 +08:00
|
|
|
netdev_err(vif->dev, "Missing extra info\n");
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_fatal_tx_err(vif);
|
2011-03-15 08:06:18 +08:00
|
|
|
return -EBADR;
|
|
|
|
}
|
|
|
|
|
|
|
|
memcpy(&extra, RING_GET_REQUEST(&vif->tx, cons),
|
|
|
|
sizeof(extra));
|
|
|
|
if (unlikely(!extra.type ||
|
|
|
|
extra.type >= XEN_NETIF_EXTRA_TYPE_MAX)) {
|
|
|
|
vif->tx.req_cons = ++cons;
|
2013-02-07 07:41:35 +08:00
|
|
|
netdev_err(vif->dev,
|
2011-03-15 08:06:18 +08:00
|
|
|
"Invalid extra type: %d\n", extra.type);
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_fatal_tx_err(vif);
|
2011-03-15 08:06:18 +08:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
memcpy(&extras[extra.type - 1], &extra, sizeof(extra));
|
|
|
|
vif->tx.req_cons = ++cons;
|
|
|
|
} while (extra.flags & XEN_NETIF_EXTRA_FLAG_MORE);
|
|
|
|
|
|
|
|
return work_to_do;
|
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
static int xenvif_set_skb_gso(struct xenvif *vif,
|
|
|
|
struct sk_buff *skb,
|
|
|
|
struct xen_netif_extra_info *gso)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
if (!gso->u.gso.size) {
|
2013-02-07 07:41:35 +08:00
|
|
|
netdev_err(vif->dev, "GSO size must not be zero.\n");
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_fatal_tx_err(vif);
|
2011-03-15 08:06:18 +08:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2013-10-17 00:50:31 +08:00
|
|
|
switch (gso->u.gso.type) {
|
|
|
|
case XEN_NETIF_GSO_TYPE_TCPV4:
|
|
|
|
skb_shinfo(skb)->gso_type = SKB_GSO_TCPV4;
|
|
|
|
break;
|
|
|
|
case XEN_NETIF_GSO_TYPE_TCPV6:
|
|
|
|
skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6;
|
|
|
|
break;
|
|
|
|
default:
|
2013-02-07 07:41:35 +08:00
|
|
|
netdev_err(vif->dev, "Bad GSO type %d.\n", gso->u.gso.type);
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_fatal_tx_err(vif);
|
2011-03-15 08:06:18 +08:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
skb_shinfo(skb)->gso_size = gso->u.gso.size;
|
2013-12-17 19:44:35 +08:00
|
|
|
/* gso_segs will be calculated later */
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-10-17 00:50:29 +08:00
|
|
|
static int checksum_setup(struct xenvif *vif, struct sk_buff *skb)
|
|
|
|
{
|
2014-01-09 18:02:47 +08:00
|
|
|
bool recalculate_partial_csum = false;
|
2013-10-17 00:50:29 +08:00
|
|
|
|
|
|
|
/* A GSO SKB must be CHECKSUM_PARTIAL. However some buggy
|
|
|
|
* peers can fail to set NETRXF_csum_blank when sending a GSO
|
|
|
|
* frame. In this case force the SKB to CHECKSUM_PARTIAL and
|
|
|
|
* recalculate the partial checksum.
|
|
|
|
*/
|
|
|
|
if (skb->ip_summed != CHECKSUM_PARTIAL && skb_is_gso(skb)) {
|
|
|
|
vif->rx_gso_checksum_fixup++;
|
|
|
|
skb->ip_summed = CHECKSUM_PARTIAL;
|
2014-01-09 18:02:47 +08:00
|
|
|
recalculate_partial_csum = true;
|
2013-10-17 00:50:29 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* A non-CHECKSUM_PARTIAL SKB does not require setup. */
|
|
|
|
if (skb->ip_summed != CHECKSUM_PARTIAL)
|
|
|
|
return 0;
|
|
|
|
|
2014-01-09 18:02:47 +08:00
|
|
|
return skb_checksum_setup(skb, recalculate_partial_csum);
|
2013-10-17 00:50:29 +08:00
|
|
|
}
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
static bool tx_credit_exceeded(struct xenvif *vif, unsigned size)
|
|
|
|
{
|
2013-10-28 20:07:57 +08:00
|
|
|
u64 now = get_jiffies_64();
|
|
|
|
u64 next_credit = vif->credit_window_start +
|
2011-03-15 08:06:18 +08:00
|
|
|
msecs_to_jiffies(vif->credit_usec / 1000);
|
|
|
|
|
|
|
|
/* Timer could already be pending in rare cases. */
|
|
|
|
if (timer_pending(&vif->credit_timeout))
|
|
|
|
return true;
|
|
|
|
|
|
|
|
/* Passed the point where we can replenish credit? */
|
2013-10-28 20:07:57 +08:00
|
|
|
if (time_after_eq64(now, next_credit)) {
|
|
|
|
vif->credit_window_start = now;
|
2011-03-15 08:06:18 +08:00
|
|
|
tx_add_credit(vif);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Still too big to send right now? Set a callback. */
|
|
|
|
if (size > vif->remaining_credit) {
|
|
|
|
vif->credit_timeout.data =
|
|
|
|
(unsigned long)vif;
|
|
|
|
vif->credit_timeout.function =
|
|
|
|
tx_credit_callback;
|
|
|
|
mod_timer(&vif->credit_timeout,
|
|
|
|
next_credit);
|
2013-10-28 20:07:57 +08:00
|
|
|
vif->credit_window_start = next_credit;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2013-12-11 18:57:15 +08:00
|
|
|
static unsigned xenvif_tx_build_gops(struct xenvif *vif, int budget)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
2013-08-26 19:59:38 +08:00
|
|
|
struct gnttab_copy *gop = vif->tx_copy_ops, *request_gop;
|
2011-03-15 08:06:18 +08:00
|
|
|
struct sk_buff *skb;
|
|
|
|
int ret;
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
while ((nr_pending_reqs(vif) + XEN_NETBK_LEGACY_SLOTS_MAX
|
2013-12-11 18:57:15 +08:00
|
|
|
< MAX_PENDING_REQS) &&
|
|
|
|
(skb_queue_len(&vif->tx_queue) < budget)) {
|
2011-03-15 08:06:18 +08:00
|
|
|
struct xen_netif_tx_request txreq;
|
2013-05-02 08:43:59 +08:00
|
|
|
struct xen_netif_tx_request txfrags[XEN_NETBK_LEGACY_SLOTS_MAX];
|
2011-03-15 08:06:18 +08:00
|
|
|
struct page *page;
|
|
|
|
struct xen_netif_extra_info extras[XEN_NETIF_EXTRA_TYPE_MAX-1];
|
|
|
|
u16 pending_idx;
|
|
|
|
RING_IDX idx;
|
|
|
|
int work_to_do;
|
|
|
|
unsigned int data_len;
|
|
|
|
pending_ring_idx_t index;
|
|
|
|
|
2013-02-07 07:41:35 +08:00
|
|
|
if (vif->tx.sring->req_prod - vif->tx.req_cons >
|
|
|
|
XEN_NETIF_TX_RING_SIZE) {
|
|
|
|
netdev_err(vif->dev,
|
|
|
|
"Impossible number of requests. "
|
|
|
|
"req_prod %d, req_cons %d, size %ld\n",
|
|
|
|
vif->tx.sring->req_prod, vif->tx.req_cons,
|
|
|
|
XEN_NETIF_TX_RING_SIZE);
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_fatal_tx_err(vif);
|
2013-02-07 07:41:35 +08:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2013-12-11 18:57:16 +08:00
|
|
|
work_to_do = RING_HAS_UNCONSUMED_REQUESTS(&vif->tx);
|
2013-08-26 19:59:38 +08:00
|
|
|
if (!work_to_do)
|
|
|
|
break;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
idx = vif->tx.req_cons;
|
|
|
|
rmb(); /* Ensure that we see the request before we copy it. */
|
|
|
|
memcpy(&txreq, RING_GET_REQUEST(&vif->tx, idx), sizeof(txreq));
|
|
|
|
|
|
|
|
/* Credit-based scheduling. */
|
|
|
|
if (txreq.size > vif->remaining_credit &&
|
2013-08-26 19:59:38 +08:00
|
|
|
tx_credit_exceeded(vif, txreq.size))
|
|
|
|
break;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
vif->remaining_credit -= txreq.size;
|
|
|
|
|
|
|
|
work_to_do--;
|
|
|
|
vif->tx.req_cons = ++idx;
|
|
|
|
|
|
|
|
memset(extras, 0, sizeof(extras));
|
|
|
|
if (txreq.flags & XEN_NETTXF_extra_info) {
|
2013-08-26 19:59:39 +08:00
|
|
|
work_to_do = xenvif_get_extras(vif, extras,
|
|
|
|
work_to_do);
|
2011-03-15 08:06:18 +08:00
|
|
|
idx = vif->tx.req_cons;
|
2013-02-07 07:41:35 +08:00
|
|
|
if (unlikely(work_to_do < 0))
|
2013-08-26 19:59:38 +08:00
|
|
|
break;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
ret = xenvif_count_requests(vif, &txreq, txfrags, work_to_do);
|
2013-02-07 07:41:35 +08:00
|
|
|
if (unlikely(ret < 0))
|
2013-08-26 19:59:38 +08:00
|
|
|
break;
|
2013-02-07 07:41:35 +08:00
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
idx += ret;
|
|
|
|
|
|
|
|
if (unlikely(txreq.size < ETH_HLEN)) {
|
|
|
|
netdev_dbg(vif->dev,
|
|
|
|
"Bad packet size: %d\n", txreq.size);
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_tx_err(vif, &txreq, idx);
|
2013-08-26 19:59:38 +08:00
|
|
|
break;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* No crossing a page as the payload mustn't fragment. */
|
|
|
|
if (unlikely((txreq.offset + txreq.size) > PAGE_SIZE)) {
|
2013-02-07 07:41:35 +08:00
|
|
|
netdev_err(vif->dev,
|
2011-03-15 08:06:18 +08:00
|
|
|
"txreq.offset: %x, size: %u, end: %lu\n",
|
|
|
|
txreq.offset, txreq.size,
|
|
|
|
(txreq.offset&~PAGE_MASK) + txreq.size);
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_fatal_tx_err(vif);
|
2013-08-26 19:59:38 +08:00
|
|
|
break;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
index = pending_index(vif->pending_cons);
|
|
|
|
pending_idx = vif->pending_ring[index];
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
data_len = (txreq.size > PKT_PROT_LEN &&
|
2013-05-02 08:43:59 +08:00
|
|
|
ret < XEN_NETBK_LEGACY_SLOTS_MAX) ?
|
2011-03-15 08:06:18 +08:00
|
|
|
PKT_PROT_LEN : txreq.size;
|
|
|
|
|
|
|
|
skb = alloc_skb(data_len + NET_SKB_PAD + NET_IP_ALIGN,
|
|
|
|
GFP_ATOMIC | __GFP_NOWARN);
|
|
|
|
if (unlikely(skb == NULL)) {
|
|
|
|
netdev_dbg(vif->dev,
|
|
|
|
"Can't allocate a skb in start_xmit.\n");
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_tx_err(vif, &txreq, idx);
|
2011-03-15 08:06:18 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Packets passed to netif_rx() must have some headroom. */
|
|
|
|
skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN);
|
|
|
|
|
|
|
|
if (extras[XEN_NETIF_EXTRA_TYPE_GSO - 1].type) {
|
|
|
|
struct xen_netif_extra_info *gso;
|
|
|
|
gso = &extras[XEN_NETIF_EXTRA_TYPE_GSO - 1];
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
if (xenvif_set_skb_gso(vif, skb, gso)) {
|
|
|
|
/* Failure in xenvif_set_skb_gso is fatal. */
|
2011-03-15 08:06:18 +08:00
|
|
|
kfree_skb(skb);
|
2013-08-26 19:59:38 +08:00
|
|
|
break;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* XXX could copy straight to head */
|
2013-08-26 19:59:39 +08:00
|
|
|
page = xenvif_alloc_page(vif, pending_idx);
|
2011-03-15 08:06:18 +08:00
|
|
|
if (!page) {
|
|
|
|
kfree_skb(skb);
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_tx_err(vif, &txreq, idx);
|
2013-08-26 19:59:38 +08:00
|
|
|
break;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
gop->source.u.ref = txreq.gref;
|
|
|
|
gop->source.domid = vif->domid;
|
|
|
|
gop->source.offset = txreq.offset;
|
|
|
|
|
|
|
|
gop->dest.u.gmfn = virt_to_mfn(page_address(page));
|
|
|
|
gop->dest.domid = DOMID_SELF;
|
|
|
|
gop->dest.offset = txreq.offset;
|
|
|
|
|
|
|
|
gop->len = txreq.size;
|
|
|
|
gop->flags = GNTCOPY_source_gref;
|
|
|
|
|
|
|
|
gop++;
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
memcpy(&vif->pending_tx_info[pending_idx].req,
|
2011-03-15 08:06:18 +08:00
|
|
|
&txreq, sizeof(txreq));
|
2013-08-26 19:59:38 +08:00
|
|
|
vif->pending_tx_info[pending_idx].head = index;
|
2011-03-15 08:06:18 +08:00
|
|
|
*((u16 *)skb->data) = pending_idx;
|
|
|
|
|
|
|
|
__skb_put(skb, data_len);
|
|
|
|
|
|
|
|
skb_shinfo(skb)->nr_frags = ret;
|
|
|
|
if (data_len < txreq.size) {
|
|
|
|
skb_shinfo(skb)->nr_frags++;
|
2011-10-05 08:28:46 +08:00
|
|
|
frag_set_pending_idx(&skb_shinfo(skb)->frags[0],
|
|
|
|
pending_idx);
|
2011-03-15 08:06:18 +08:00
|
|
|
} else {
|
2011-10-05 08:28:46 +08:00
|
|
|
frag_set_pending_idx(&skb_shinfo(skb)->frags[0],
|
|
|
|
INVALID_PENDING_IDX);
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
vif->pending_cons++;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
request_gop = xenvif_get_requests(vif, skb, txfrags, gop);
|
2011-03-15 08:06:18 +08:00
|
|
|
if (request_gop == NULL) {
|
|
|
|
kfree_skb(skb);
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_tx_err(vif, &txreq, idx);
|
2013-08-26 19:59:38 +08:00
|
|
|
break;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
gop = request_gop;
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
__skb_queue_tail(&vif->tx_queue, skb);
|
2012-06-27 08:46:58 +08:00
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
vif->tx.req_cons = idx;
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
if ((gop-vif->tx_copy_ops) >= ARRAY_SIZE(vif->tx_copy_ops))
|
2011-03-15 08:06:18 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
return gop - vif->tx_copy_ops;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
|
2013-12-11 18:57:15 +08:00
|
|
|
static int xenvif_tx_submit(struct xenvif *vif)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
2013-08-26 19:59:38 +08:00
|
|
|
struct gnttab_copy *gop = vif->tx_copy_ops;
|
2011-03-15 08:06:18 +08:00
|
|
|
struct sk_buff *skb;
|
2013-08-26 19:59:38 +08:00
|
|
|
int work_done = 0;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-12-11 18:57:15 +08:00
|
|
|
while ((skb = __skb_dequeue(&vif->tx_queue)) != NULL) {
|
2011-03-15 08:06:18 +08:00
|
|
|
struct xen_netif_tx_request *txp;
|
|
|
|
u16 pending_idx;
|
|
|
|
unsigned data_len;
|
|
|
|
|
|
|
|
pending_idx = *((u16 *)skb->data);
|
2013-08-26 19:59:38 +08:00
|
|
|
txp = &vif->pending_tx_info[pending_idx].req;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
/* Check the remap error code. */
|
2013-08-26 19:59:39 +08:00
|
|
|
if (unlikely(xenvif_tx_check_gop(vif, skb, &gop))) {
|
2011-03-15 08:06:18 +08:00
|
|
|
netdev_dbg(vif->dev, "netback grant failed.\n");
|
|
|
|
skb_shinfo(skb)->nr_frags = 0;
|
|
|
|
kfree_skb(skb);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
data_len = skb->len;
|
|
|
|
memcpy(skb->data,
|
2013-08-26 19:59:38 +08:00
|
|
|
(void *)(idx_to_kaddr(vif, pending_idx)|txp->offset),
|
2011-03-15 08:06:18 +08:00
|
|
|
data_len);
|
|
|
|
if (data_len < txp->size) {
|
|
|
|
/* Append the packet payload as a fragment. */
|
|
|
|
txp->offset += data_len;
|
|
|
|
txp->size -= data_len;
|
|
|
|
} else {
|
|
|
|
/* Schedule a response immediately. */
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_idx_release(vif, pending_idx,
|
|
|
|
XEN_NETIF_RSP_OKAY);
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
if (txp->flags & XEN_NETTXF_csum_blank)
|
|
|
|
skb->ip_summed = CHECKSUM_PARTIAL;
|
|
|
|
else if (txp->flags & XEN_NETTXF_data_validated)
|
|
|
|
skb->ip_summed = CHECKSUM_UNNECESSARY;
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_fill_frags(vif, skb);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-10-17 00:50:29 +08:00
|
|
|
if (skb_is_nonlinear(skb) && skb_headlen(skb) < PKT_PROT_LEN) {
|
2011-03-15 08:06:18 +08:00
|
|
|
int target = min_t(int, skb->len, PKT_PROT_LEN);
|
|
|
|
__pskb_pull_tail(skb, target - skb_headlen(skb));
|
|
|
|
}
|
|
|
|
|
|
|
|
skb->dev = vif->dev;
|
|
|
|
skb->protocol = eth_type_trans(skb, skb->dev);
|
2013-03-26 04:19:58 +08:00
|
|
|
skb_reset_network_header(skb);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
if (checksum_setup(vif, skb)) {
|
|
|
|
netdev_dbg(vif->dev,
|
|
|
|
"Can't setup checksum in net_tx_action\n");
|
|
|
|
kfree_skb(skb);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2013-03-27 07:11:22 +08:00
|
|
|
skb_probe_transport_header(skb, 0);
|
2013-03-26 04:19:58 +08:00
|
|
|
|
2013-12-17 19:44:35 +08:00
|
|
|
/* If the packet is GSO then we will have just set up the
|
|
|
|
* transport header offset in checksum_setup so it's now
|
|
|
|
* straightforward to calculate gso_segs.
|
|
|
|
*/
|
|
|
|
if (skb_is_gso(skb)) {
|
|
|
|
int mss = skb_shinfo(skb)->gso_size;
|
|
|
|
int hdrlen = skb_transport_header(skb) -
|
|
|
|
skb_mac_header(skb) +
|
|
|
|
tcp_hdrlen(skb);
|
|
|
|
|
|
|
|
skb_shinfo(skb)->gso_segs =
|
|
|
|
DIV_ROUND_UP(skb->len - hdrlen, mss);
|
|
|
|
}
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
vif->dev->stats.rx_bytes += skb->len;
|
|
|
|
vif->dev->stats.rx_packets++;
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
work_done++;
|
|
|
|
|
|
|
|
netif_receive_skb(skb);
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
2013-08-26 19:59:38 +08:00
|
|
|
|
|
|
|
return work_done;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Called after netfront has transmitted */
|
2013-08-26 19:59:39 +08:00
|
|
|
int xenvif_tx_action(struct xenvif *vif, int budget)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
unsigned nr_gops;
|
2013-08-26 19:59:38 +08:00
|
|
|
int work_done;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
if (unlikely(!tx_work_todo(vif)))
|
|
|
|
return 0;
|
|
|
|
|
2013-12-11 18:57:15 +08:00
|
|
|
nr_gops = xenvif_tx_build_gops(vif, budget);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
if (nr_gops == 0)
|
2013-08-26 19:59:38 +08:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
gnttab_batch_copy(vif->tx_copy_ops, nr_gops);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-12-11 18:57:15 +08:00
|
|
|
work_done = xenvif_tx_submit(vif);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
return work_done;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
static void xenvif_idx_release(struct xenvif *vif, u16 pending_idx,
|
|
|
|
u8 status)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
struct pending_tx_info *pending_tx_info;
|
2013-04-22 10:20:42 +08:00
|
|
|
pending_ring_idx_t head;
|
|
|
|
u16 peek; /* peek into next tx request */
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
BUG_ON(vif->mmap_pages[pending_idx] == (void *)(~0UL));
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
/* Already complete? */
|
2013-08-26 19:59:38 +08:00
|
|
|
if (vif->mmap_pages[pending_idx] == NULL)
|
2011-03-15 08:06:18 +08:00
|
|
|
return;
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
pending_tx_info = &vif->pending_tx_info[pending_idx];
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-04-22 10:20:42 +08:00
|
|
|
head = pending_tx_info->head;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
BUG_ON(!pending_tx_is_head(vif, head));
|
|
|
|
BUG_ON(vif->pending_ring[pending_index(head)] != pending_idx);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-04-22 10:20:42 +08:00
|
|
|
do {
|
|
|
|
pending_ring_idx_t index;
|
|
|
|
pending_ring_idx_t idx = pending_index(head);
|
2013-08-26 19:59:38 +08:00
|
|
|
u16 info_idx = vif->pending_ring[idx];
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
pending_tx_info = &vif->pending_tx_info[info_idx];
|
2013-04-22 10:20:42 +08:00
|
|
|
make_tx_response(vif, &pending_tx_info->req, status);
|
|
|
|
|
|
|
|
/* Setting any number other than
|
|
|
|
* INVALID_PENDING_RING_IDX indicates this slot is
|
|
|
|
* starting a new packet / ending a previous packet.
|
|
|
|
*/
|
|
|
|
pending_tx_info->head = 0;
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
index = pending_index(vif->pending_prod++);
|
|
|
|
vif->pending_ring[index] = vif->pending_ring[info_idx];
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
peek = vif->pending_ring[pending_index(++head)];
|
2013-04-22 10:20:42 +08:00
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
} while (!pending_tx_is_head(vif, peek));
|
2013-04-22 10:20:42 +08:00
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
put_page(vif->mmap_pages[pending_idx]);
|
|
|
|
vif->mmap_pages[pending_idx] = NULL;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-04-22 10:20:42 +08:00
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
static void make_tx_response(struct xenvif *vif,
|
|
|
|
struct xen_netif_tx_request *txp,
|
|
|
|
s8 st)
|
|
|
|
{
|
|
|
|
RING_IDX i = vif->tx.rsp_prod_pvt;
|
|
|
|
struct xen_netif_tx_response *resp;
|
|
|
|
int notify;
|
|
|
|
|
|
|
|
resp = RING_GET_RESPONSE(&vif->tx, i);
|
|
|
|
resp->id = txp->id;
|
|
|
|
resp->status = st;
|
|
|
|
|
|
|
|
if (txp->flags & XEN_NETTXF_extra_info)
|
|
|
|
RING_GET_RESPONSE(&vif->tx, ++i)->status = XEN_NETIF_RSP_NULL;
|
|
|
|
|
|
|
|
vif->tx.rsp_prod_pvt = ++i;
|
|
|
|
RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&vif->tx, notify);
|
|
|
|
if (notify)
|
2013-05-22 14:34:45 +08:00
|
|
|
notify_remote_via_irq(vif->tx_irq);
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static struct xen_netif_rx_response *make_rx_response(struct xenvif *vif,
|
|
|
|
u16 id,
|
|
|
|
s8 st,
|
|
|
|
u16 offset,
|
|
|
|
u16 size,
|
|
|
|
u16 flags)
|
|
|
|
{
|
|
|
|
RING_IDX i = vif->rx.rsp_prod_pvt;
|
|
|
|
struct xen_netif_rx_response *resp;
|
|
|
|
|
|
|
|
resp = RING_GET_RESPONSE(&vif->rx, i);
|
|
|
|
resp->offset = offset;
|
|
|
|
resp->flags = flags;
|
|
|
|
resp->id = id;
|
|
|
|
resp->status = (s16)size;
|
|
|
|
if (st < 0)
|
|
|
|
resp->status = (s16)st;
|
|
|
|
|
|
|
|
vif->rx.rsp_prod_pvt = ++i;
|
|
|
|
|
|
|
|
return resp;
|
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
static inline int rx_work_todo(struct xenvif *vif)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
2014-02-05 03:54:37 +08:00
|
|
|
return !skb_queue_empty(&vif->rx_queue) &&
|
|
|
|
xenvif_rx_ring_slots_available(vif, vif->rx_last_skb_slots);
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
static inline int tx_work_todo(struct xenvif *vif)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
if (likely(RING_HAS_UNCONSUMED_REQUESTS(&vif->tx)) &&
|
|
|
|
(nr_pending_reqs(vif) + XEN_NETBK_LEGACY_SLOTS_MAX
|
|
|
|
< MAX_PENDING_REQS))
|
2011-03-15 08:06:18 +08:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
void xenvif_unmap_frontend_rings(struct xenvif *vif)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
2011-09-29 23:53:31 +08:00
|
|
|
if (vif->tx.sring)
|
|
|
|
xenbus_unmap_ring_vfree(xenvif_to_xenbus_device(vif),
|
|
|
|
vif->tx.sring);
|
|
|
|
if (vif->rx.sring)
|
|
|
|
xenbus_unmap_ring_vfree(xenvif_to_xenbus_device(vif),
|
|
|
|
vif->rx.sring);
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
int xenvif_map_frontend_rings(struct xenvif *vif,
|
|
|
|
grant_ref_t tx_ring_ref,
|
|
|
|
grant_ref_t rx_ring_ref)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
2011-09-29 23:53:31 +08:00
|
|
|
void *addr;
|
2011-03-15 08:06:18 +08:00
|
|
|
struct xen_netif_tx_sring *txs;
|
|
|
|
struct xen_netif_rx_sring *rxs;
|
|
|
|
|
|
|
|
int err = -ENOMEM;
|
|
|
|
|
2011-09-29 23:53:31 +08:00
|
|
|
err = xenbus_map_ring_valloc(xenvif_to_xenbus_device(vif),
|
|
|
|
tx_ring_ref, &addr);
|
|
|
|
if (err)
|
2011-03-15 08:06:18 +08:00
|
|
|
goto err;
|
|
|
|
|
2011-09-29 23:53:31 +08:00
|
|
|
txs = (struct xen_netif_tx_sring *)addr;
|
2011-03-15 08:06:18 +08:00
|
|
|
BACK_RING_INIT(&vif->tx, txs, PAGE_SIZE);
|
|
|
|
|
2011-09-29 23:53:31 +08:00
|
|
|
err = xenbus_map_ring_valloc(xenvif_to_xenbus_device(vif),
|
|
|
|
rx_ring_ref, &addr);
|
|
|
|
if (err)
|
2011-03-15 08:06:18 +08:00
|
|
|
goto err;
|
|
|
|
|
2011-09-29 23:53:31 +08:00
|
|
|
rxs = (struct xen_netif_rx_sring *)addr;
|
2011-03-15 08:06:18 +08:00
|
|
|
BACK_RING_INIT(&vif->rx, rxs, PAGE_SIZE);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
err:
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_unmap_frontend_rings(vif);
|
2011-03-15 08:06:18 +08:00
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
void xenvif_stop_queue(struct xenvif *vif)
|
|
|
|
{
|
|
|
|
if (!vif->can_queue)
|
|
|
|
return;
|
|
|
|
|
|
|
|
netif_stop_queue(vif->dev);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void xenvif_start_queue(struct xenvif *vif)
|
|
|
|
{
|
|
|
|
if (xenvif_schedulable(vif))
|
|
|
|
netif_wake_queue(vif->dev);
|
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
int xenvif_kthread(void *data)
|
2013-08-26 19:59:38 +08:00
|
|
|
{
|
|
|
|
struct xenvif *vif = data;
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
struct sk_buff *skb;
|
2013-08-26 19:59:38 +08:00
|
|
|
|
|
|
|
while (!kthread_should_stop()) {
|
|
|
|
wait_event_interruptible(vif->wq,
|
|
|
|
rx_work_todo(vif) ||
|
|
|
|
kthread_should_stop());
|
|
|
|
if (kthread_should_stop())
|
|
|
|
break;
|
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
if (!skb_queue_empty(&vif->rx_queue))
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_rx_action(vif);
|
2013-08-26 19:59:38 +08:00
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
if (skb_queue_empty(&vif->rx_queue) &&
|
|
|
|
netif_queue_stopped(vif->dev))
|
|
|
|
xenvif_start_queue(vif);
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
cond_resched();
|
|
|
|
}
|
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
/* Bin any remaining skbs */
|
|
|
|
while ((skb = skb_dequeue(&vif->rx_queue)) != NULL)
|
|
|
|
dev_kfree_skb(skb);
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
static int __init netback_init(void)
|
|
|
|
{
|
|
|
|
int rc = 0;
|
|
|
|
|
2011-12-15 04:12:13 +08:00
|
|
|
if (!xen_domain())
|
2011-03-15 08:06:18 +08:00
|
|
|
return -ENODEV;
|
|
|
|
|
2013-05-02 08:43:59 +08:00
|
|
|
if (fatal_skb_slots < XEN_NETBK_LEGACY_SLOTS_MAX) {
|
2013-06-28 12:57:49 +08:00
|
|
|
pr_info("fatal_skb_slots too small (%d), bump it to XEN_NETBK_LEGACY_SLOTS_MAX (%d)\n",
|
|
|
|
fatal_skb_slots, XEN_NETBK_LEGACY_SLOTS_MAX);
|
2013-05-02 08:43:59 +08:00
|
|
|
fatal_skb_slots = XEN_NETBK_LEGACY_SLOTS_MAX;
|
2013-04-22 10:20:42 +08:00
|
|
|
}
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
rc = xenvif_xenbus_init();
|
|
|
|
if (rc)
|
|
|
|
goto failed_init;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
failed_init:
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
|
|
|
module_init(netback_init);
|
|
|
|
|
2013-05-17 07:26:11 +08:00
|
|
|
static void __exit netback_fini(void)
|
|
|
|
{
|
|
|
|
xenvif_xenbus_fini();
|
|
|
|
}
|
|
|
|
module_exit(netback_fini);
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
MODULE_LICENSE("Dual BSD/GPL");
|
2011-07-01 02:19:09 +08:00
|
|
|
MODULE_ALIAS("xen-backend:vif");
|