lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1290708.1628244534@warthog.procyon.org.uk>
Date:   Fri, 06 Aug 2021 11:08:54 +0100
From:   David Howells <dhowells@...hat.com>
To:     Jeffrey E Altman <jaltman@...istor.com>,
        Marc Dionne <marc.dionne@...istor.com>
cc:     dhowells@...hat.com, Benjamin Kaduk <kaduk@....edu>,
        linux-afs@...ts.infradead.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: [RFC][PATCH] rxrpc: Support reception of extended-SACK ACK packet

    
The RxRPC ACK packet supports selective ACK of up to 255 DATA packets.  It
contains a variable length array with one octet allocated for each DATA
packet to be ACK'd.  Each octet is either 0 or 1 depending on whether it is
a negative or positive ACK.  7 bits in each octet are effectively unused
and, further, there are three reserved octets following the ACK array that
are all set to 0.

To extend the ACK window up to 2048 ACKs, it is proposed[1]:

 (1) that the ACKs for DATA packets first+0...first+254 in the Rx window
     are in bit 0 of the octets in the array, ie. acks[0...254], pretty
     much as now; and

 (2) that if the ACK count is >=256, the first reserved byte after the ACK
     table is annexed to the ACK table as acks[255] and contains the ACK
     for packet first+255 in bit 0; and

 (3) that if the ACK count is >256, horizontal striping be employed such
     that the ACK for packet first+256 in the window is then in bit 1 of
     acks[0], first+257 is in bit 1 of acks[1], up to first+511 being in
     bit 1 of the borrowed reserved byte (ie. acks[255]).

     first+512 is then in bit 2 of acks[0], going all the way up to
     first+2048 being in bit 7 of acks[255].

If extended SACK is employed in an ACK packet, it should have EXTENDED-SACK
(0x08) set in the RxRPC packet header.

Alter rxrpc_input_ack() to sanity check the ACK count.

Alter rxrpc_input_ack() to limit the number of bytes it extracts from the
packet for the ack array to 256.

Alter rxrpc_input_soft_acks() to handle an extended SACK table.

Signed-off-by: David Howells <dhowells@...hat.com>
Link: https://gerrit.openafs.org/#/c/14693/3 [1]
---
 net/rxrpc/input.c    |   21 ++++++++++++++-------
 net/rxrpc/protocol.h |    7 +++++--
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/net/rxrpc/input.c b/net/rxrpc/input.c
index dc201363f2c4..0a7f7462b617 100644
--- a/net/rxrpc/input.c
+++ b/net/rxrpc/input.c
@@ -767,15 +767,17 @@ static void rxrpc_input_soft_acks(struct rxrpc_call *call, u8 *acks,
 				  rxrpc_seq_t seq, int nr_acks,
 				  struct rxrpc_ack_summary *summary)
 {
-	int ix;
-	u8 annotation, anno_type;
+	int ix, i;
+	u8 annotation, anno_type, ack;
 
-	for (; nr_acks > 0; nr_acks--, seq++) {
+	for (i = 0; i < nr_acks; i++, seq++) {
 		ix = seq & RXRPC_RXTX_BUFF_MASK;
 		annotation = call->rxtx_annotations[ix];
 		anno_type = annotation & RXRPC_TX_ANNO_MASK;
 		annotation &= ~RXRPC_TX_ANNO_MASK;
-		switch (*acks++) {
+		ack = acks[i % RXRPC_EXTENDED_SACK_SIZE];
+		ack >>= i / RXRPC_EXTENDED_SACK_SIZE;
+		switch (ack) {
 		case RXRPC_ACK_TYPE_ACK:
 			summary->nr_acks++;
 			if (anno_type == RXRPC_TX_ANNO_ACK)
@@ -846,7 +848,7 @@ static void rxrpc_input_ack(struct rxrpc_call *call, struct sk_buff *skb)
 	union {
 		struct rxrpc_ackpacket ack;
 		struct rxrpc_ackinfo info;
-		u8 acks[RXRPC_MAXACKS];
+		u8 acks[RXRPC_EXTENDED_SACK_SIZE];
 	} buf;
 	rxrpc_serial_t ack_serial, acked_serial;
 	rxrpc_seq_t first_soft_ack, hard_ack, prev_pkt;
@@ -874,6 +876,10 @@ static void rxrpc_input_ack(struct rxrpc_call *call, struct sk_buff *skb)
 			   first_soft_ack, prev_pkt,
 			   summary.ack_reason, nr_acks);
 
+	if ((nr_acks > RXRPC_MAXACKS && !(sp->hdr.flags & RXRPC_EXTENDED_SACK)) ||
+	    (nr_acks > RXRPC_MAXACKS_EXTENDED))
+		return rxrpc_proto_abort("AKC", call, 0);
+	
 	switch (buf.ack.reason) {
 	case RXRPC_ACK_PING_RESPONSE:
 		rxrpc_input_ping_response(call, skb->tstamp, acked_serial,
@@ -912,7 +918,7 @@ static void rxrpc_input_ack(struct rxrpc_call *call, struct sk_buff *skb)
 	}
 
 	buf.info.rxMTU = 0;
-	ioffset = offset + nr_acks + 3;
+	ioffset = offset + min(nr_acks, RXRPC_MAXACKS) + 3;
 	if (skb->len >= ioffset + sizeof(buf.info) &&
 	    skb_copy_bits(skb, ioffset, &buf.info, sizeof(buf.info)) < 0)
 		return rxrpc_proto_abort("XAI", call, 0);
@@ -969,7 +975,8 @@ static void rxrpc_input_ack(struct rxrpc_call *call, struct sk_buff *skb)
 	}
 
 	if (nr_acks > 0) {
-		if (skb_copy_bits(skb, offset, buf.acks, nr_acks) < 0) {
+		if (skb_copy_bits(skb, offset, buf.acks,
+				  min_t(unsigned int, nr_acks, sizeof(buf.acks))) < 0) {
 			rxrpc_proto_abort("XSA", call, 0);
 			goto out;
 		}
diff --git a/net/rxrpc/protocol.h b/net/rxrpc/protocol.h
index 49bb972539aa..287986012cd9 100644
--- a/net/rxrpc/protocol.h
+++ b/net/rxrpc/protocol.h
@@ -51,7 +51,8 @@ struct rxrpc_wire_header {
 #define RXRPC_CLIENT_INITIATED	0x01		/* signifies a packet generated by a client */
 #define RXRPC_REQUEST_ACK	0x02		/* request an unconditional ACK of this packet */
 #define RXRPC_LAST_PACKET	0x04		/* the last packet from this side for this call */
-#define RXRPC_MORE_PACKETS	0x08		/* more packets to come */
+#define RXRPC_MORE_PACKETS	0x08		/* [DATA] More packets to come */
+#define RXRPC_EXTENDED_SACK	0x08		/* [ACK] Extended SACK table */
 #define RXRPC_JUMBO_PACKET	0x20		/* [DATA] this is a jumbo packet */
 #define RXRPC_SLOW_START_OK	0x20		/* [ACK] slow start supported */
 
@@ -124,7 +125,9 @@ struct rxrpc_ackpacket {
 #define RXRPC_ACK__INVALID		10	/* Representation of invalid ACK reason */
 
 	uint8_t		nAcks;		/* number of ACKs */
-#define RXRPC_MAXACKS	255
+#define RXRPC_MAXACKS	255		/* Normal maximum number of ACKs */
+#define RXRPC_EXTENDED_SACK_SIZE 256	/* Size of the extended SACK table */
+#define RXRPC_MAXACKS_EXTENDED	2048	/* Maximum number of ACKs in extended SACK table */
 
 	uint8_t		acks[0];	/* list of ACK/NAKs */
 #define RXRPC_ACK_TYPE_NACK		0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ