lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20171113001235.5d4f4262@cakuba>
Date:   Mon, 13 Nov 2017 00:12:35 -0800
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     Jiri Pirko <jiri@...nulli.us>
Cc:     netdev@...r.kernel.org, davem@...emloft.net, jhs@...atatu.com,
        xiyou.wangcong@...il.com, mlxsw@...lanox.com, andrew@...n.ch,
        vivien.didelot@...oirfairelinux.com, f.fainelli@...il.com,
        ast@...nel.org, daniel@...earbox.net, simon.horman@...ronome.com,
        pieter.jansenvanvuuren@...ronome.com, john.hurley@...ronome.com
Subject: Re: [patch net-next v2 01/10] cls_bpf: move prog offload->netdev
 check into drivers

On Mon, 13 Nov 2017 08:55:56 +0100, Jiri Pirko wrote:
> Mon, Nov 13, 2017 at 08:17:34AM CET, jakub.kicinski@...ronome.com wrote:
> >On Mon, 13 Nov 2017 07:25:38 +0100, Jiri Pirko wrote:  
> >> Mon, Nov 13, 2017 at 03:14:18AM CET, jakub.kicinski@...ronome.com wrote:  
> >> >On Sun, 12 Nov 2017 16:55:55 +0100, Jiri Pirko wrote:    
> >> >> From: Jiri Pirko <jiri@...lanox.com>
> >> >> 
> >> >> In order to remove tp->q usage in cls_bpf, the offload->netdev check
> >> >> needs to be moved to individual drivers as only they will have access
> >> >> to appropriate struct net_device.
> >> >> 
> >> >> Signed-off-by: Jiri Pirko <jiri@...lanox.com>    
> >> >
> >> >This seems not entirely correct and it adds unnecessary code.  I think    
> >> 
> >> What is not correct?  
> >
> >From quick reading it looks like you will allow to install the
> >dev-specific filter without skip_sw flag.  You haven't fixed what  
> 
> Right. I see it now.
> 
> 
> >your previous series broke in cls_bpf offload model and now you   
> 
> What do you mean exactly?

As explained elsewhere, cls_bpf used to track what's offloaded and
issue ADD/REPLACE/DESTORY accordingly.  Now drivers need to know what
they're offloading, but they still don't.  So if you add a filter that
offload successfully and then one that doesn't, the spurious DESTORY
will kill the wrong offload.

> >break it even further.
> >  
> >> >the XDP and cls_bpf handling could be unified, making way for binding
> >> >the same program to multiple ports of the same device.  Would you mind
> >> >waiting a day for me to send corrections to BPF offload?    
> >> 
> >> Well I'm trying to get this in before net-next closes...  
> >
> >Right, and I'm surprised by that.  I'd hope you'll understand my caution
> >here given recent history.  
> 
> Sure.

I looked through this series and I can't grasp all the details of how
things are supposed to work from the code here :(  Perhaps important
bits went in earlier and I missed them.

Starting from the most fundamental thing - if I have a shared block
full of skip_sw filters and then bind it to a device which doesn't even
have ndo_setup_tc - what prevents that from happening?

AFACT tcf_block_offload_cmd() is returning void.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ