Page MenuHomeFreeBSD

bhyve: add backend rx backpressure to virtio-net
ClosedPublic

Authored by vmaffione on Jul 18 2019, 9:18 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Feb 28, 5:16 PM
Unknown Object (File)
Feb 14 2024, 7:46 PM
Unknown Object (File)
Jan 31 2024, 5:24 AM
Unknown Object (File)
Jan 31 2024, 5:24 AM
Unknown Object (File)
Jan 31 2024, 5:24 AM
Unknown Object (File)
Jan 31 2024, 5:23 AM
Unknown Object (File)
Jan 29 2024, 8:01 PM
Unknown Object (File)
Jan 21 2024, 3:41 PM

Details

Summary

If a VM is flooded with more ingress packets than the guest OS can handle, the current virtio-net code will keep reading those packets and drop most of them as no space is available in the receive queue. This is an undesirable receive livelock, which is a waste of CPU and memory resources and potentially opens to DoS attacks.
With this change, virtio-net uses the new netbe_rx_disable() function to disable ingress operation in the backend while the guest is short on RX buffers. Once the guest makes more buffers available to the RX virtqueue, ingress operation is enabled again by calling netbe_rx_enable().

Note: this depends on https://reviews.freebsd.org/D20973

Test Plan

Experiments performed on a 12 CPUs i7-8700 @ 3.20 GHz.
I got a bhyve VM with 2 vCPUs, with virtio-net as a virtual device and a VALE port (vale:0) as a backend.
Use pkt-gen from the host to flood the VM VALE port (DoS attack), e.g.:

# pkt-gen -i vale:1 -f tx -H12

No process in the guest tries to receive the packets, which are then dropped at the UDP socket layer.

Without this patch, I observe the CPU utilization of the bhyve process to go up to 190%.
With this patch, CPU utilization stays ~100%, as expected.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This revision is now accepted and ready to land.Jul 19 2019, 3:28 AM
vmaffione edited the test plan for this revision. (Show Details)

I tested this path in our test lab. It’s works fine.

Any additional opinions on this patch?

Follow-up change after updating D20973.
Define mevent_add_disabled here.

This revision now requires review to proceed.Sep 15 2019, 2:35 PM

Note: this is the next patch to be reviewed. Thanks.

This revision is now accepted and ready to land.Nov 1 2019, 6:00 PM
This revision was automatically updated to reflect the committed changes.