lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 11 Mar 2024 14:08:07 +0100
From: Richard Gobert <richardbgobert@...il.com>
To: Willem de Bruijn <willemdebruijn.kernel@...il.com>,
 Eric Dumazet <edumazet@...gle.com>
Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
 dsahern@...nel.org, xeb@...l.ru, shuah@...nel.org, idosch@...dia.com,
 razor@...ckwall.org, amcohen@...dia.com, petrm@...dia.com, jbenc@...hat.com,
 bpoirier@...dia.com, b.galvani@...il.com, gavinl@...dia.com,
 liujian56@...wei.com, horms@...nel.org, linyunsheng@...wei.com,
 therbert@...gle.com, netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
 linux-kselftest@...r.kernel.org
Subject: Re: [PATCH net-next v3 4/4] net: gro: move L3 flush checks to
 tcp_gro_receive

Willem de Bruijn wrote:
> Richard Gobert wrote:
>> Eric Dumazet wrote:
>>> On Sat, Mar 9, 2024 at 4:35 PM Richard Gobert <richardbgobert@...il.com> wrote:
>>>>
>>>> {inet,ipv6}_gro_receive functions perform flush checks (ttl, flags,
>>>> iph->id, ...) against all packets in a loop. These flush checks are
>>>> relevant only to tcp flows, and as such they're used to determine whether
>>>> the packets can be merged later in tcp_gro_receive.
>>>>
>>>> These checks are not relevant to UDP packets.
>>>
>>> I do not think this claim is true.
>>>
>>> Incoming packets  ->  GRO -> GSO -> forwarded packets
>>>
>>> The {GRO,GSO} step must be transparent, GRO is not LRO.
>>
>> Sorry, I should rephrase myself. The patch preserves the
>> current logic in GRO. These L3 checks (ttl, flags, etc.) are written to
>> NAPI_GRO_CB(p)->{flush,flush_id}, and NAPI_GRO_CB(skb)->is_atomic - and
>> all of these are currently used only in tcp_gro_receive.
> 
> That was perhaps an oversight when adding UDP GRO?
> 
> Simply because the flush is determined in the innermost callback.

It might have been an oversight. From what I have seen it's only relevant
to GRO's UDP fraglist path (it was added in 9fd1ff5d ("udp: Support UDP
fraglist GRO/GSO.")). That's the only UDP path that calls skb_gro_receive -
which may alter the forwarded packets and make GRO/GSO not transparent.

AFAIU NAPI_GRO_CB(p)->flush value is not overwritten in encapsulation - it
is determined by both outer and inner callbacks.

I tried to preserve the current behaviour in GRO - if we want to change
this behaviour I'll gladly do it, although I'd prefer to address it in a
different patch series. What do you think?

Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ