lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5846F889.2010107@gmail.com>
Date:   Tue, 6 Dec 2016 09:42:33 -0800
From:   John Fastabend <john.fastabend@...il.com>
To:     Saeed Mahameed <saeedm@....mellanox.co.il>,
        Martin KaFai Lau <kafai@...com>
Cc:     Linux Netdev List <netdev@...r.kernel.org>,
        Alexei Starovoitov <ast@...com>,
        Brenden Blanco <bblanco@...mgrid.com>,
        Daniel Borkmann <daniel@...earbox.net>,
        David Miller <davem@...emloft.net>,
        Jesper Dangaard Brouer <brouer@...hat.com>,
        Saeed Mahameed <saeedm@...lanox.com>,
        Tariq Toukan <tariqt@...lanox.com>,
        Kernel Team <kernel-team@...com>
Subject: Re: [PATCH v2 net-next 3/4] mlx4: xdp: Reserve headroom for receiving
 packet when XDP prog is active

On 16-12-06 08:50 AM, Saeed Mahameed wrote:
> On Mon, Dec 5, 2016 at 9:55 PM, Martin KaFai Lau <kafai@...com> wrote:
>> On Mon, Dec 05, 2016 at 02:54:06AM +0200, Saeed Mahameed wrote:
>>> On Sun, Dec 4, 2016 at 5:17 AM, Martin KaFai Lau <kafai@...com> wrote:
>>>> Reserve XDP_PACKET_HEADROOM and honor bpf_xdp_adjust_head()
>>>> when XDP prog is active.  This patch only affects the code
>>>> path when XDP is active.
>>>>
>>>> Signed-off-by: Martin KaFai Lau <kafai@...com>
>>>> ---
>>>

[...]

>> FWD:
>> packet received from a port
>> => process by a XDP prog
>> => XDP_TX out to the same port.
>>
>> For example, if the received packet has 1500 payload and the XDP prog
>> encapsulates it in an IPv6 header (+40 bytes).  After testing, it cannot
>> be sent out due to the HW/wire MTU is 1500.
>>
>> Even the wire MTU info was passed to the XDP prog, there is not much a
>> XDP prog could do here other than dropping it.
>>
>> Hence, this patch gives guarantee to the XDP prog such that
>> it can always send out what it has received + XDP_PACKET_HEADROOM.
>>
> 
> Still i am not convinced ! this is against common sense,
> this means that the XDP prog can send packets larger than the  MTU
> seen on netdev!
> 
> anyway if a packet with the size (MTU + XDP_PACKET_HEADROOM) was sent
> from XDP ring and HW allowed it to exit somehow (with the code you
> provided :)), most likely it will be dropped
> at the other end.
> 
> I still think XDP prog should not be allowed to FW packets larger than
> the MTU seen on the netdev and you shouldn't modify the wire MTU just
> for this case.


I agree here it seems changing the MTU arbitrarily from XDP programs
just creates another side effect that can already be handled easily
by explicitly setting the MTU. This complicates the code and risks
confusing users IMO I would prefer to drop this patch and implement
this at the control plane if its really needed. Daniel's iproute xdp
tool could set this for example if its useful.

My $.02 at least.

Thanks,
John

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ