lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <65e098566b4c3_d40e329486@willemb.c.googlers.com.notmuch>
Date: Thu, 29 Feb 2024 09:44:38 -0500
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: Martin KaFai Lau <martin.lau@...ux.dev>, 
 Willem de Bruijn <willemdebruijn.kernel@...il.com>, 
 Abhishek Chauhan <quic_abchauha@...cinc.com>
Cc: kernel@...cinc.com, 
 "David S. Miller" <davem@...emloft.net>, 
 Eric Dumazet <edumazet@...gle.com>, 
 Jakub Kicinski <kuba@...nel.org>, 
 Paolo Abeni <pabeni@...hat.com>, 
 netdev@...r.kernel.org, 
 linux-kernel@...r.kernel.org, 
 Andrew Halaney <ahalaney@...hat.com>, 
 Martin KaFai Lau <martin.lau@...nel.org>
Subject: Re: [PATCH net-next v2] net: Modify mono_delivery_time with
 clockid_delivery_time

Martin KaFai Lau wrote:
> On 2/28/24 7:53 AM, Willem de Bruijn wrote:
> > Sidenote: with sk_clockid, FQ could detect when skb->tstamp is not
> > set in monotonic (i.e., set by SO_TXTIME) and drop the packet or
> > ignore the embedded timestamp, warn, etc.
> 
> Thanks for cc-ing me. Sorry for the late reply. I just catch up to this thread 
> and the v1.
> 
> I think it is needed to detect if skb->tstamp is monotonic or not in fq. The 
> container (with the veth setup) may use sch_etf while the host usually uses fq 
> at the physical NIC and expects monotonic skb->tstamp.
> 
> During forward (e.g. by bpf_redirect / ip[6]_forward from a veth to a physical 
> NIC), skb_clear_tstamp() only forwards the monotonic skb->tstamp now. While 
> sch_etf does check sk_clockid first before using skb->tstamp, fq does not check 
> that now.
> or fq_packet_beyond_horizon() is enough to catch this clock discrepancy?

Before your patch, I believe FQ had no such guard rails. An skb with
any clockid from SO_TXTIME can arrive at FQ.

With the new clockid field, we could add guard rails in fq_enqueue.
If the bit is set, look up sk_clockid.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ