| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Jan 2017 15:16:39 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: Jamal Hadi Salim <jhs@...atatu.com>, davem@...emloft.net
CC: netdev@...r.kernel.org, jiri@...lanox.com, paulb@...lanox.com,
john.fastabend@...il.com, simon.horman@...ronome.com,
mrv@...atatu.com, hadarh@...lanox.com, ogerlitz@...lanox.com,
roid@...lanox.com, xiyou.wangcong@...il.com
Subject: Re: [PATCH net-next v4 1/2] net sched actions: Add support for user
cookies
On 01/17/2017 12:11 PM, Jamal Hadi Salim wrote:
> From: Jamal Hadi Salim <jhs@...atatu.com>
>
> Introduce optional 128-bit action cookie.
> Like all other cookie schemes in the networking world (eg in protocols
> like http or existing kernel fib protocol field, etc) the idea is to save
> user state that when retrieved serves as a correlator. The kernel
> _should not_ intepret it. The user can store whatever they wish in the
> 128 bits.
[...]
Since it looks like you need a v5 anyway, few comments below.
> include/net/act_api.h | 1 +
> include/net/pkt_cls.h | 8 ++++++++
> include/uapi/linux/pkt_cls.h | 3 +++
> net/sched/act_api.c | 25 +++++++++++++++++++++++++
> 4 files changed, 37 insertions(+)
>
> diff --git a/include/net/act_api.h b/include/net/act_api.h
> index 1d71644..0692458 100644
> --- a/include/net/act_api.h
> +++ b/include/net/act_api.h
> @@ -41,6 +41,7 @@ struct tc_action {
> struct rcu_head tcfa_rcu;
> struct gnet_stats_basic_cpu __percpu *cpu_bstats;
> struct gnet_stats_queue __percpu *cpu_qstats;
> + struct tc_cookie *act_ck;
Since we know anyway that this is part of struct tc_action, can't
you just give this some real/readable name like ...
struct tc_cookie cookie;
... and then ...
> };
> #define tcf_head common.tcfa_head
> #define tcf_index common.tcfa_index
> diff --git a/include/net/pkt_cls.h b/include/net/pkt_cls.h
> index f0a0514..e0bc7e8 100644
> --- a/include/net/pkt_cls.h
> +++ b/include/net/pkt_cls.h
> @@ -515,4 +515,12 @@ struct tc_cls_bpf_offload {
> u32 gen_flags;
> };
>
> +
> +/* This structure holds cookie structure that is passed from user
> + * to the kernel for actions and classifiers
> + */
> +struct tc_cookie {
> + unsigned char ck[TC_COOKIE_MAX_SIZE];
> + unsigned char ck_len;
... embed and make this ...
struct tc_cookie {
u8 *data;
u32 len;
};
as act->act_ck->ck_len is rather funky, compare that to act->cookie->len.
> +};
> #endif
[...]
> @@ -575,6 +583,23 @@ struct tc_action *tcf_action_init_1(struct net *net, struct nlattr *nla,
> if (err < 0)
> goto err_mod;
>
> + if (tb[TCA_ACT_COOKIE]) {
> + if (nla_len(tb[TCA_ACT_COOKIE]) > TC_COOKIE_MAX_SIZE) {
> + err = -EINVAL;
> + goto err_mod;
> + }
> +
> + a->act_ck = kzalloc(sizeof(*a->act_ck), GFP_KERNEL);
> + if (unlikely(!a->act_ck)) {
> + err = -ENOMEM;
> + goto err_mod;
> + }
> +
> + memcpy(a->act_ck->ck, nla_data(tb[TCA_ACT_COOKIE]),
> + nla_len(tb[TCA_ACT_COOKIE]));
> + a->act_ck->ck_len = nla_len(tb[TCA_ACT_COOKIE]);
Then you can also simplify all this and use nla_memdup() here for
act->cookie->data.
> + }
> +
> /* module count goes up only when brand new policy is created
> * if it exists and is only bound to in a_o->init() then
> * ACT_P_CREATED is not returned (a zero is).
>
Powered by blists - more mailing lists