lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 7 Nov 2008 18:08:50 +0100
From:	Thomas Graf <tgraf@...g.ch>
To:	Ranjit Manomohan <ranjitm@...gle.com>
Cc:	davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [RESEND] pkt_sched: Control group classifier

* Ranjit Manomohan <ranjitm@...gle.com> 2008-11-07 07:51
> > +static int cls_cgroup_classify(struct sk_buff *skb, struct tcf_proto *tp,
> > +                              struct tcf_result *res)
> > +{
> > +       struct cls_cgroup_head *head = tp->root;
> > +       struct cgroup_cls_state *cs;
> > +       int ret = 0;
> > +
> > +       /*
> > +        * Due to the nature of the classifier it is required to ignore all
> > +        * packets originating from softirq context as accessing `current'
> > +        * would lead to false results.
> > +        *
> > +        * This test assumes that all callers of dev_queue_xmit() explicitely
> > +        * disable bh. Knowing this, it is possible to detect softirq based
> > +        * calls by looking at the number of nested bh disable calls because
> > +        * softirqs always disables bh.
> > +        */
> > +       if (softirq_count() != SOFTIRQ_OFFSET)
> > +               return -1;
> > +
> 
>     How about caching the cs->classid in the socket here at this point
> (if there is a mismatch from the current cgroup value)  if we are in
> process context and using that value if we are in interrupt context.
> That should help account for the packets in interrupt context and work
> seamlessly if the task got moved between cgroups or if the cgroup
> identifier was changed.

I like the idea, the overhead is relatively small and the sk_buff struct
does not get polluted. There will still be cases where the skb has been
orphaned and is no longer connected to a socket but that case is pretty
rare.

Will you work on a follow-up patch?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ