From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202502 header.b=XjnVt2Tg;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id AD2635A0008
	for <passt-dev@passt.top>; Wed, 26 Feb 2025 10:05:38 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202502; t=1740560728;
	bh=mj0XewtctFuafCAZCTatJxjbpDLiotVvZxgpAEr/Rns=;
	h=Date:From:To:Cc:Subject:From;
	b=XjnVt2Tg6xG1qli2XSCZRQ4GaJtsKEMYsdE6pnIOIEW5S7nLFKOWqIiKxOB1f+ZSx
	 C2cHMt65wkpo75kKZG0g/K3f+zWCQTYekczBqo1ouuqVIFx5b1H5wzy9wgyhMe1Ek7
	 9tXGawg5rbuMM1YP0UzVHx71PrnbEsjTBA/ZPSYmSGESqGn4qhhXqkhBlV8K8ZvOh9
	 uVgfq/2Cyj+V6SydrrG9+35Y567/VF6oXwY0ShvK/TlmTMukV9D87ii6gx16uUIxfU
	 7mWJ4utEtgiaPX8EgzISMEMHBtkEbmPrWQLAWmzH22LCCao6W0PmBMb8Mar0BJ63Qa
	 nR9l6XFv1+nZw==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4Z2pTh1s9dz4x1V; Wed, 26 Feb 2025 20:05:28 +1100 (AEDT)
Date: Wed, 26 Feb 2025 20:05:25 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top
Subject: tcp_rst() complications
Message-ID: <Z77ZVSCEzbDwBw7L@zatzit>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="5ySENxfGd0BqbIs+"
Content-Disposition: inline
Message-ID-Hash: QOHHNLF6ZXQANAXAYJXOU3ATDDZVHNZS
X-Message-ID-Hash: QOHHNLF6ZXQANAXAYJXOU3ATDDZVHNZS
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Steafno Brivio <sbrivio@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/Z77ZVSCEzbDwBw7L@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/QOHHNLF6ZXQANAXAYJXOU3ATDDZVHNZS/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--5ySENxfGd0BqbIs+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Amongst other things, I spotted some additional complications using
tcp_rst() in the migration path (some of which might also have
implications in other contexts).  These might be things we can safely
ignore, at least for now, but I haven't thought through them enough to
be sure.

1) Sending RST to guest during migration

The first issue is that tcp_rst() will send an actual RST to the guest
on the tap interface.  During migration, that means we're sending to
the guest while it's suspended.  At the very least that means we
probably have a much higher that usual chance of getting a queue full
failure writing to the tap interface, which could hit problem (2).

But, beyond that, with vhost-user that means we're writing to guest
memory while the guest is suspended.  Kind of the whole point of the
suspended time is that the guest memory doesn't change during it, so
I'm not sure what the consequences will be.  Now, at the moment I
think all our tcp_rst() calls are either on the source during rollback
(i.e. we're committed to resuming only on the source) or on the target
past the point of no return (i.e. we're committed to resuming only on
the target).  I suspect that means we can get away with it, but I do
worry this could break something in qeme by violating that assumption.

2) tcp_rst() failures

tcp_rst() can fail if tcp_send_flag() fails.  In this case we *don't*
change the events to CLOSED.  I _think_ that's a bug: even if we
weren't able to send the RST to the guest, we've already closed the
socket so the flow is dead.  Moving to CLOSED state (and then removing
the flow entirely) should mean that we'll resend an RST if the guest
attempts to use the flow again later.

But.. I was worried there might be some subtle reason for not changing
the event state in that case.

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--5ySENxfGd0BqbIs+
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAme+2VQACgkQzQJF27ox
2GfCqw//WKbJhp3RDLpNpGNQw3vyrOzG5Oo3xF+9SC0PUdEPvaoLrNbmY/1QOw9T
858UJF6onPuvX9d/WXqaCuHWBgYvRTTwyiSsEll/M20BirD4XhQz3GT2Rl3Ted2/
mrxSKCWXX/l0rmneoYgHPqm1fzSmbt6GjEIEX6XA6ST5Surq3Vz+wuOtQYJtOdPN
TJM0B6HiuXRgTusDxFSfTfvLAeyl369OqEM/IPq16MI0Ewav858udwAOqELgswfw
HDnbK/vh0z72ht+RY6N7ZhATNOKXMnnnG9YYttdwuQq1vAs0rzsW+IkRGZr5i4PT
LC6O4GqBtoy5hzNefQM7rjrktr+JJ+7JLJhamwizeAyAxaiU9jZFLhpmsj7FkmiV
ODbzrbYj+EiZPo2s+M0VA9Tz5alkaLFyyG6rNXgeFzhO/DpJDhhGgEXRtGachPNp
W7/GVyKSP5MBuMQcLWdcXXRa3svE7TehNT0tC4S4Q7Wo5scGuReJirlqoe+GNUBe
hpOTbNerkuaQsFLUPVSQjHjuOrwFs5/NzjhJpZA1FIvPgFOKpv5WNWf5ox1ziNpS
3r/+nVmf/YVWWrmGYxOV3i8ULjpBcBBwvJXXUl3qHfap9ctKeWUM9qTOV33hqzoP
h8grlk4f4SU2pXjEzBfTVv8/oUQ4/90PxhMqfelWt7aeEpp47RA=
=MPVx
-----END PGP SIGNATURE-----

--5ySENxfGd0BqbIs+--