| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Dec 2017 08:22:40 -0800
From: Shannon Nelson <shannon.nelson@...cle.com>
To: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
Cc: steffen.klassert@...unet.com, netdev@...r.kernel.org
Subject: Re: [PATCH v3 ipsec-next 3/3] xfrm: wrap xfrmdev_ops with offload
config
On 12/20/2017 8:03 AM, Marcelo Ricardo Leitner wrote:
> On Tue, Dec 19, 2017 at 03:35:49PM -0800, Shannon Nelson wrote:
>> There's no reason to define netdev->xfrmdev_ops if
>> the offload facility is not CONFIG'd in.
>>
>> Signed-off-by: Shannon Nelson <shannon.nelson@...cle.com>
>
> This one could use a Fixes tag perhaps:
> Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API")
>
> as in theory the build was broken since then, as it added:
> +#ifdef CONFIG_XFRM_OFFLOAD
> +struct xfrmdev_ops {
> ...
> +#ifdef CONFIG_XFRM
> + const struct xfrmdev_ops *xfrmdev_ops;
>
> So the pointer would have an undefined type
> if CONFIG_XFRM && !CONFIG_XFRM_OFFLOAD
> Though I couldn't reproduce this, not sure why.
Hmmm, I don't think this requires a "Fixes" tag, as the code all worked
just fine, I'm just doing a little cleaning.
Patch 2/3 adds a more intense look at the data structure, so I needed to
change it to the CONFIG_XFRM_OFFLOAD so as to not break the build.
Since the xfrmdev_ops field is now never used unless we have
CONFIG_XFRM_OFFLOAD, we can change the net_device definition to be just
a bit smaller without it.
>
> But.. is it buildable with this patch? I mine failed:
>
> obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_hash.o \
> xfrm_input.o xfrm_output.o \
> xfrm_sysctl.o xfrm_replay.o xfrm_device.o
>
> so xfrm_device is always in if CONFIG_XFRM is there,
> xfrm_dev_init(), via xfrm_dev_notifier -> xfrm_dev_event() ->
> xfrm_dev_register() and then:
>
> static int xfrm_dev_register(struct net_device *dev)
> {
> if ((dev->features & NETIF_F_HW_ESP) && !dev->xfrmdev_ops)
This looks like you haven't applied version 3 of the 2nd patch "xfrm:
check for xdo_dev_ops add and delete". I missed this in the earlier
version (not enough compile tests), but version 3 of patch 2/3 should
address it.
sln
> ^^^^^^^^^^^^^^^^
>
> We can't control CONFIG_XFRM_OFFLOAD directly, so unless you
> unselected other offloadings such as INET_ESP_OFFLOAD, it is still on.
>
> linux/net/xfrm/xfrm_device.c: In function ‘xfrm_dev_register’:
> linux/net/xfrm/xfrm_device.c:147:48: error: ‘struct net_device’ has no member named ‘xfrmdev_ops’; did you mean ‘netdev_ops’?
> if ((dev->features & NETIF_F_HW_ESP) && !dev->xfrmdev_ops)
> ^~~~~~~~~~~
> netdev_ops
>
>
>> ---
>> include/linux/netdevice.h | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
>> index 2eaac7d..145d0de 100644
>> --- a/include/linux/netdevice.h
>> +++ b/include/linux/netdevice.h
>> @@ -1697,7 +1697,7 @@ struct net_device {
>> const struct ndisc_ops *ndisc_ops;
>> #endif
>>
>> -#ifdef CONFIG_XFRM
>> +#ifdef CONFIG_XFRM_OFFLOAD
>> const struct xfrmdev_ops *xfrmdev_ops;
>> #endif
>>
>> --
>> 2.7.4
>>
Powered by blists - more mailing lists