| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Mar 2010 11:53:44 +0200 From: Timo Teräs <timo.teras@....fi> To: Herbert Xu <herbert@...dor.apana.org.au> CC: netdev@...r.kernel.org Subject: Re: [PATCH] xfrm: cache bundle lookup results in flow cache Herbert Xu wrote: > On Fri, Mar 19, 2010 at 11:12:21AM +0200, Timo Teräs wrote: >>> That would be better but it's still hacky. Proper reference >>> counting like we had before would be my preference. >> Well, the cache entry is still referenced only very shortly, >> I don't see why keeping bh disabled why doing it is considered >> a hack. Refcounting the cache entries is trickier. Though, >> it could be used to optimize the update process: we could safely >> update it instead of doing now lookup later. > > Well we had a nicely type-agnostic cache which is self-contained, > but your patch is bleeding generic code into xfrm_policy.c, that's > why I felt it to be hacky :) > > Anyway I see how your scheme works now as far as object life > is concerned, and I agree that it is safe. > > However, I wonder if we could do it while still leaving all the > object life-cycle management stuff (and the BH disabling bits) > in flow.c > > The crux of the issue is that you now have two objects to track > instead of one. As the direction is a key in the lookup, we're > really only worried about the outbound case here. > > So how about going back to what I suggested earlier, and keeping > a back-pointer from xfrm_dst to the policy? Of course xfrm_dst > would also hold a ref count on the policy. You'd only have to > do it for the top-level xfrm_dst. > > It does mean that you'll need to write a different resolver for > outbound vs. inbound/forward, but that makes sense because we > only use bundles for outbound policies. > > What do you think? When I first started reading the code, I got confused slightly on how the garbage collection is happening. What I did not like in current is the atomic_dec() in flow.c that does not check if it was turned to zero. Because on policy objects it means you need to delete it (which would a bug if it happened in flow.c; the policy gc calls flush before releasing it's own reference), but on xfrm_dst it's perfectly ok to do atomic_dec() and the dst core will garbage collect items. But now, thinking more, it would probably make more sense to just cache xfrm_dst's and keep ref to the policy on them. So in general I agree with your recommendation. The only immediate problem I can think now is that the resolved would need to atomically check if xfrm_dst is valid, if not, resolve new one. But creating new xfrm_dst involves taking locks and can sleep so it cannot be inside the main resolver. Alternatively, we'd need to: a) still expose flow cache entry structs and do locking or refcounting on them b) have two version of flow lookup: one that calls resolver with bh disabled and can atomically lookup and update entry and a second version that lookups, calls validation, if not-valid it calls resolver with bh enabled and does a new flow cache lookup to update cache Also, relatedly. Is there way to release xfrm_dst's child and route refs when xfrm_bundle_ok fails? This would improve GC collection of the ipv4 rtable entries they referenced. - Timo -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists