lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 31 Jul 2015 11:35:20 -0700
From:	Joe Stringer <joestringer@...ira.com>
To:	Hannes Frederic Sowa <hannes@...hat.com>
Cc:	Linux Netdev List <netdev@...r.kernel.org>,
	Linux Kernel <linux-kernel@...r.kernel.org>,
	Pablo Neira Ayuso <pablo@...filter.org>,
	Patrick McHardy <kaber@...sh.net>,
	Justin Pettit <jpettit@...ira.com>,
	Pravin Shelar <pshelar@...ira.com>,
	Andy Zhou <azhou@...ira.com>, Jesse Gross <jesse@...ira.com>,
	Florian Westphal <fwestpha@...hat.com>,
	Thomas Graf <tgraf@...ronetworks.com>
Subject: Re: [PATCH net-next 5/9] openvswitch: Add conntrack action

Thanks for review,

On 31 July 2015 at 07:52, Hannes Frederic Sowa <hannes@...hat.com> wrote:
> On Thu, 2015-07-30 at 11:12 -0700, Joe Stringer wrote:
>> +static void prepare_frag(struct vport *vport, struct sw_flow_key
>> *key,
>> +                      struct sk_buff *skb)
>> +{
>> +     unsigned int hlen = ETH_HLEN;
>> +     struct ovs_frag_data *data;
>> +
>> +     data = this_cpu_ptr(&ovs_frag_data_storage);
>> +     data->dst = skb_dst(skb);
>
>
> If data->dst is unsigned long, we could simply use an assignment:
>
> data->dst = skb->_skb_refdst;
>
> At this point we never leave rcu_read_lock section, so we are safe,
> maybe we can add a comment for that.

OK, it also may be helpful to highlight that prepare_frag() is done
once for an assembled frame, then ovs_vport_output() performs the
inverse for each fragment. I'll do this.

...
>> +             } else if (key->eth.type == htons(ETH_P_IP)) {
>> +                     struct dst_entry ovs_dst;
>> +
>> +                     prepare_frag(vport, key, skb);
>> +                     dst_init(&ovs_dst, &ovs_dst_ops, vport->dev,
>> +                              1, DST_OBSOLETE_NONE, DST_NOCOUNT);
>
> I don't think we should take a ref on the netdev here.
>
> dst_init(&ovs_dst, &ovs_dst_ops, NULL,
>          1, DST_OBSOLETE_NONE, DST_NOCOUNT);
> ovs_dst.dev = vport->dev;

Some of this was me being overly cautious: take a ref on the dev for
as long as the fragment dst exists; take a ref on the original (eg
tunnel_metadata) dst for the length of handling the output of this
frame.

>> +
>> +                     skb_dst_drop(skb);
>> +                     skb_dst_set_noref(skb, &ovs_dst);
>> +                     IPCB(skb)->frag_max_size = mru;
>> +
>> +                     ip_do_fragment(skb->sk, skb,
>> ovs_vport_output);
>> +                     dev_put(ovs_dst.dev);
>
> Can be removed then.
>
> It seems a little strange to leave the skb->dst attached to the skb but
> drop the reference from the netdevice here. Maybe a comment would make
> sense, otherwise it smells fishy.

For each fragment, ovs_vport_output() will revert the changes made
here - restoring the original dst. Either way, if we're not taking a
ref on the netdev then this should be fine.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ