| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Sep 2016 09:38:42 -0700
From: Eric Dumazet <eric.dumazet@...il.com>
To: Arnd Bergmann <arnd@...db.de>
Cc: Pablo Neira Ayuso <pablo@...filter.org>,
Patrick McHardy <kaber@...sh.net>,
Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>,
"David S. Miller" <davem@...emloft.net>,
Joshua Hunt <johunt@...mai.com>,
Vishwanath Pai <vpai@...mai.com>,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/3] netfilter: xt_hashlimit: uses div_u64 for division
On Fri, 2016-09-30 at 18:05 +0200, Arnd Bergmann wrote:
> The newly added support for high-resolution pps rates introduced multiple 64-bit
> division operations in one function, which fails on all 32-bit architectures:
>
> net/netfilter/xt_hashlimit.o: In function `user2credits':
> xt_hashlimit.c:(.text.user2credits+0x3c): undefined reference to `__aeabi_uldivmod'
> xt_hashlimit.c:(.text.user2credits+0x68): undefined reference to `__aeabi_uldivmod'
> xt_hashlimit.c:(.text.user2credits+0x88): undefined reference to `__aeabi_uldivmod'
>
> This replaces the division with an explicit call to div_u64 for version 2
> to documents that this is a slow operation, and reverts back to 32-bit arguments
> for the version 1 data to restore the original faster 32-bit division.
>
> With both changes combined, we no longer get a link error.
>
> Fixes: 11d5f15723c9 ("netfilter: xt_hashlimit: Create revision 2 to support higher pps rates")
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> ---
> Vishwanath Pai already sent a patch for this, and I did my version independently.
> The difference is that his version also the more expensive division for the
> version 1 variant that doesn't need it.
>
> See also http://patchwork.ozlabs.org/patch/676713/
> ---
> net/netfilter/xt_hashlimit.c | 17 ++++++++++-------
> 1 file changed, 10 insertions(+), 7 deletions(-)
>
> diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
> index 44a095ecc7b7..3d5525df6eb3 100644
> --- a/net/netfilter/xt_hashlimit.c
> +++ b/net/netfilter/xt_hashlimit.c
> @@ -464,20 +464,23 @@ static u32 xt_hashlimit_len_to_chunks(u32 len)
> static u64 user2credits(u64 user, int revision)
> {
> if (revision == 1) {
> + u32 user32 = user; /* use 32-bit division */
> +
This looks dangerous to me. Have you really tried all possible cases ?
Caller (even if using revision == 1) does
user2credits(cfg->avg * cfg->burst, revision);
Since this is not a fast path, I would prefer to keep the 64bit divide.
Vishwanath version looks safer.
Powered by blists - more mailing lists