| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Dec 2016 17:16:26 -0800 From: Stephen Hemminger <stephen@...workplumber.org> To: Michał Mirosław <mirq-linux@...e.qmqm.pl> Cc: netdev@...r.kernel.org Subject: Re: [PATCH net-next 00/27] Remove VLAN CFI bit abuse On Tue, 13 Dec 2016 01:12:32 +0100 (CET) Michał Mirosław <mirq-linux@...e.qmqm.pl> wrote: > Dear NetDevs > > This series removes an abuse of VLAN CFI bit in Linux networking stack. > Currently Linux always clears the bit on outgoing traffic and presents > it cleared to userspace (even via AF_PACKET/tcpdump when hw-accelerated). > > This uses a new vlan_present bit in struct skbuff, and removes an assumption > that vlan_proto != 0 when VLAN tag is present. > > As I can't test most of the driver changes, please look at them carefully. > > The series is supposed to be bisect-friendly and that requires temporary > insertion of #define VLAN_TAG_PRESENT in BPF code to be able to split > JIT changes per architecture. > > Best Regards, > Michał Mirosław I wonder if CFI can every validly be non-zero in the modern world, on Hyper-V. There are no token ring devices and that seems to be the only use case where CFI would be non-zero. Unless someone is planning to reuse it a a protocol bit which seems like a really bad idea. Maybe the right thing is to keep hard coded as zero and not start adding more untestable code conditions. My recommendation would be get rid of VLAN_TAG_PRESENT, but don't preserve CFI bit.
Powered by blists - more mailing lists