lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 20 Dec 2017 15:20:27 -0200
From:   Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
To:     Shannon Nelson <shannon.nelson@...cle.com>
Cc:     steffen.klassert@...unet.com, netdev@...r.kernel.org
Subject: Re: [PATCH v3 ipsec-next 3/3] xfrm: wrap xfrmdev_ops with offload
 config

On Wed, Dec 20, 2017 at 08:22:40AM -0800, Shannon Nelson wrote:
> On 12/20/2017 8:03 AM, Marcelo Ricardo Leitner wrote:
> > On Tue, Dec 19, 2017 at 03:35:49PM -0800, Shannon Nelson wrote:
> > > There's no reason to define netdev->xfrmdev_ops if
> > > the offload facility is not CONFIG'd in.
> > > 
> > > Signed-off-by: Shannon Nelson <shannon.nelson@...cle.com>
> > 
> > This one could use a Fixes tag perhaps:
> > Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API")
> > 
> > as in theory the build was broken since then, as it added:
> > +#ifdef CONFIG_XFRM_OFFLOAD
> > +struct xfrmdev_ops {
> > ...
> > +#ifdef CONFIG_XFRM
> > +       const struct xfrmdev_ops *xfrmdev_ops;
> > 
> > So the pointer would have an undefined type
> >    if CONFIG_XFRM && !CONFIG_XFRM_OFFLOAD
> > Though I couldn't reproduce this, not sure why.
> 
> Hmmm, I don't think this requires a "Fixes" tag, as the code all worked just
> fine, I'm just doing a little cleaning.

I still don't get how it works, but okay.

> 
> Patch 2/3 adds a more intense look at the data structure, so I needed to
> change it to the CONFIG_XFRM_OFFLOAD so as to not break the build. Since the
> xfrmdev_ops field is now never used unless we have CONFIG_XFRM_OFFLOAD, we
> can change the net_device definition to be just a bit smaller without it.
> 
> > 
> > But.. is it buildable with this patch? I mine failed:
> > 
> > obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_hash.o \
> >                        xfrm_input.o xfrm_output.o \
> >                        xfrm_sysctl.o xfrm_replay.o xfrm_device.o
> > 
> > so xfrm_device is always in if CONFIG_XFRM is there,
> > xfrm_dev_init(), via xfrm_dev_notifier -> xfrm_dev_event() ->
> >    xfrm_dev_register() and then:
> > 
> > static int xfrm_dev_register(struct net_device *dev)
> > {
> >          if ((dev->features & NETIF_F_HW_ESP) && !dev->xfrmdev_ops)
> 
> This looks like you haven't applied version 3 of the 2nd patch "xfrm: check
> for xdo_dev_ops add and delete".  I missed this in the earlier version (not
> enough compile tests), but version 3 of patch 2/3  should address it.

Right you are, missed it here.

Thanks,
Marcelo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ