lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1395282376.9114.75.camel@edumazet-glaptop2.roam.corp.google.com>
Date:	Wed, 19 Mar 2014 19:26:16 -0700
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Florian Westphal <fw@...len.de>
Cc:	netdev@...r.kernel.org
Subject: Re: [PATCH] tcp: syncookies: do not use getnstimeofday()

On Wed, 2014-03-19 at 23:56 +0100, Florian Westphal wrote:
> Eric Dumazet <eric.dumazet@...il.com> wrote:
> > While it is true that getnstimeofday() uses about 40 cycles if TSC
> > is available, it can use 1600 cycles if hpet is the clocksource.
> 
> Ouch.  Why is secure_tcp_sequence_number also using
> ktime_get_real/getnstimeofday?
> 
> clock drift when other cpu is used?

Yeah, I guess we cant really avoid ktime_get() in this sequence
generation.

Alternative patch would be to use get_jiffies_64(), as it would
'solve' the issue you had on 32bit arches, and would be faster
than local_clock() :

diff --git a/include/net/tcp.h b/include/net/tcp.h
index bb253b9b2f06..06f948a3fad1 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -484,16 +484,14 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
  * This counter is used both as a hash input and partially encoded into
  * the cookie value.  A cookie is only validated further if the delta
  * between the current counter value and the encoded one is less than this,
- * i.e. a sent cookie is valid only at most for 128 seconds (or less if
+ * i.e. a sent cookie is valid only at most for 2*64 seconds (or less if
  * the counter advances immediately after a cookie is generated).
  */
 #define MAX_SYNCOOKIE_AGE 2
 
 static inline u32 tcp_cookie_time(void)
 {
-	struct timespec now;
-	getnstimeofday(&now);
-	return now.tv_sec >> 6; /* 64 seconds granularity */
+	return get_jiffies_64() / (64 * HZ);
 }
 
 u32 __cookie_v4_init_sequence(const struct iphdr *iph, const struct tcphdr *th,


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ